NewsBits for January 31, 2006 ************************************************************ Israel holds couple in corporate espionage case An Israeli couple suspected of masterminding a computer virus that set off a major industrial espionage investigation was repatriated for trial on Tuesday under an extradition deal with Britain, police said. Michael and Ruth Haephrati were arrested in their London home last year over allegations that a "Trojan horse" program they had developed was bought by private investigators who helped top Israeli corporations spy on each other's computers. http://www.computerworld.com/securitytopics/security/story/0,10801,108225,00.html http://www.theregister.co.uk/2006/01/31/spyware_suspect_deportation/ - - - - - - - - - - Suspect In Child Porn Case Pleads Not Guilty Authorities said a man accused in a child pornography case pleaded not guilty. Charles Kinsinger, 47, was charged with rape of a minor, unlawful sexual conduct with a minor and importuning. Earlier this month, deputies took computers and other evidence of child pornography from Kinsingers home on Ridge Avenue in Kettering. Investigators said two young boys also accused the man of having sexual contact with them. The judge set Kinsingers bond at $200,000. http://www.whiotv.com/news/6624985/detail.html - - - - - - - - - - Judge hears case of teen punished for Web parody Skinny and unsure of himself, 17-year-old Justin Layshock of Hermitage took the stand yesterday to try to convince a federal judge to let him return to his classes at Hickory High School in Mercer County. Justin, a senior in the gifted program at the school, was suspended for 10 days earlier this month and then placed in the school's Alternative Education Program for creating an online profile of his school principal, Eric Trosch, on the popular Web site www.myspace.com on Dec. 10. http://www.post-gazette.com/pg/06031/646968.stm - - - - - - - - - - Honeywell probes posting of employee information on Internet Honeywell International is offering credit monitoring and identity theft insurance to approximately 19,000 current and former employees whose personal information -- including Social Security numbers and bank account information -- was posted on an Internet Web site. The company notified employees about the breach within a day of learning of it on Jan. 20, according to spokesman Robert C. Ferris. ``The company immediately contacted the relevant service provider, had the page removed from the Internet and is continuously monitoring the Internet to ensure that the Web page and any copies of it remain taken down,'' said Ferris. http://www.siliconvalley.com/mld/siliconvalley/news/13758380.htm - - - - - - - - - - Political party switches hosts after defacement Following the defacement of its Web site, the South Australian Liberal Party will terminate its contract with a Canberra-based hosting company on Friday, Feb. 3. The Liberal Party home page will now be hosted by Netspeed. The previous host could not be named. The defacement took place when an image of a Turkish warrior, complete with bow, replaced the normally gleaming banner of Prime Minister John Howard with South Australian Liberal honcho Rob Kerin. The warrior stood atop the words "We Are Your Nightmare". http://www.computerworld.com/securitytopics/security/hacking/story/0,10801,108236,00.html - - - - - - - - - - ISPs ordered to hand over file-sharer details The High Court has ordered 10 ISPs to hand over the customer details of 150 individuals accused of illegally sharing and downloading desktop software on the web. The illegal file-sharers were identified after a 12- month covert investigation by the Federation Against Software Theft (Fast), called Operation Tracker. http://software.silicon.com/security/0,39024888,39156076,00.htm - - - - - - - - - - Group Sues AT&T Over Alleged Surveillance A civil liberties group sued AT&T Inc. on Tuesday for its alleged role in helping the National Security Agency spy on the phone calls and other communications of U.S. citizens without warrants. The class-action lawsuit, filed in U.S. District Court in San Francisco by the Electronic Frontier Foundation, seeks to stop the surveillance program that started shortly after the 2001 terrorist attacks. It also seeks billions of dollars in damages. http://www.siliconvalley.com/mld/siliconvalley/news/13758652.htm http://news.zdnet.com/2100-1009_22-6033501.html http://www.wired.com/news/technology/0,70126-0.html - - - - - - - - - - FCC proposes to fine AT&T for missing privacy report The U.S. Federal Communications Commission yesterday proposed fining AT&T Inc. $100,000 for failing to file an annual report detailing its compliance with the FCC's customer privacy-protection rules. AT&T Inc., formed when SBC Communications Inc. acquired AT&T Corp. in November, failed to file a report detailing its compliance with the FCC's Customer Proprietary Network Information (CPNI) rules, which prohibit telecommunications carriers from selling customer information to most third parties. http://www.computerworld.com/securitytopics/security/story/0,10801,108221,00.html FCC says AT&T, Alltel apparently violated phone privacy requirement http://www.siliconvalley.com/mld/siliconvalley/news/13758276.htm - - - - - - - - - - Tiffany Sues eBay for Selling Fakes "If the court finds in Tiffany's favor, this would set a precedent and would place additional pressure on eBay to ascertain the provenance of goods sold," said Aberdeen Group's Stacey Quandt. "Determining whether this would be a death blow depends on the damages and the number of fraudulent goods sold on eBay." http://www.newsfactor.com/story.xhtml?story_id=133000039SI5 - - - - - - - - - - Data leaks already inundating 2006 Data security for 2006 is not looking much better than last year's showing. In separate incidents this week, the government of Rhode Island reportedly said that Russian data thieves had nabbed tens of thousands of credit-card transactions from the state government's Web site, while Seattle-based Providence Home Services apparently acknowledged that backup tapes containing 365,000 patient records in the states of Washington and Oregon had been stolen from an employee's car. http://www.securityfocus.com/brief/123 - - - - - - - - - - Identity theft losses grow, Web a small factor U.S. consumers lost nearly $57 billion last year to criminals who stole their identities, but online fraud was the culprit in just one in 10 cases, according to a survey released on Tuesday. The study by the Council of Better Business Bureaus and Javelin Strategy & Research showed that identity theft cost U.S. consumers 4 percent more in 2005 than the $54.4 billion it cost in 2004. The average fraud rose to $6,383 from $5,885. http://www.usatoday.com/tech/news/internetprivacy/2006-01-31-id-theft-survey_x.htm - - - - - - - - - - Viruses cost UK consumers PS3bn a year Average cost of PS261 prompts many home users to ditch their PC and buy a new one. New research from Telewest suggests that UK consumers will spend a collective PS3bn dealing with virus attacks and their after effects. http://www.vnunet.com/vnunet/news/2149507/viruses-cost-uk-billion - - - - - - - - - - Researchers Warn of File-Destroying Worm If you have computer files you'd rather not lose, now is a good time to make sure your anti-virus software is up to date. A worm set to activate Friday will corrupt documents using the most common file types, including ".doc," ".pdf," and ".zip." Hundreds of thousands of machines are believed to be infected, mostly in India, Peru, Turkey and Italy, said Mikko Hypponen, chief research officer for Finnish security company F-Secure Corp. http://www.siliconvalley.com/mld/siliconvalley/news/13756531.htm http://www.usatoday.com/tech/news/computersecurity/2006-01-30-email-virus_x.htm http://www.thesun.co.uk/article/0,,2-2006050163,00.html Protected companies need not fear Blackmal worm Pest highlights need for consistency in identifying viruses. The Blackmal e-mail worm, which is programmed to delete certain files on infected machines this Friday, should pose little threat to organizations that have implemented basic security best practices, according to analysts. http://computerworld.com/securitytopics/security/virus/story/0,10801,108245,00.html New worm relies on old trick http://www.cnn.com/2006/TECH/internet/01/31/kamasutraworm/index.html - - - - - - - - - - Browsers face triple security threat Polish security researcher Michael Zalewski has highlighted three bugs in the handling of cookies that he says could be used to carry out attacks on commercial Web sites. The bugs, for which Zalewski has coined the term "cross site cooking," are fundamental to the design and implementation of cookies. One of the three was first disclosed eight years ago, but still hasn't been fixed in the major browsers. http://www.computerworld.com/securitytopics/security/hacking/story/0,10801,108216,00.html - - - - - - - - - - Major DHS cybersecurity exercise to take place in February The Homeland Security Department will test how well it works with other federal agencies and private IT companies to protect cybersecurity in a national exercise Feb. 6-10. The Information Technology Information-Sharing and Analysis Center will take part in the exercise, known as Cyber Storm, with DHS to test its draft concept of operations for responding to cybersecurity incidents. http://www.gcn.com/vol1_no1/daily-updates/38131-1.html http://www.fcw.com/article92160-01-31-06-Web http://www.washingtontechnology.com/news/1_1/daily_news/27877-1.html - - - - - - - - - - Financial crime fighter Fox resigns The Treasury Department today announced the resignation of Financial Crimes Enforcement Network director William Fox, who is leaving to accept a position with Bank of America. His last day at FinCEN is Feb. 3. Fox has been FinCEN director since December 2003. Deputy director William Baity will act as director effective Feb. 4. Under Foxs leadership, FinCEN strengthened its role in the federal effort to fight terrorist financing, money laundering and other financial crimes. http://www.gcn.com/vol1_no1/daily-updates/38126-1.html - - - - - - - - - - Microsoft Amends Blog Shutdown Policies Microsoft Corp. says it is setting new policies on shutting down Web journals after its much-publicized squelching of a well-known Chinese blogger at the request of Chinese officials. The Redmond software company, operator of a popular blogging technology called MSN Spaces, said Tuesday that it will endeavor to make blogs available to users elsewhere even if Microsoft decides it is legally obliged to block them in a particular country. http://www.siliconvalley.com/mld/siliconvalley/news/13758653.htm http://news.zdnet.com/2100-9595_22-6033343.html - - - - - - - - - - Antivirus vendors collaborate on spyware fight A group of security vendors yesterday announced an agreement under which they will work together to establish industry standards for identifying and evaluating antispyware products. The group, which includes McAfee Inc., Symantec Corp., Trend Micro Inc., ICSA Labs and Thompson Cyber Security Labs, wants to create standard metrics and common samples of spyware programs that third-party testers can use when evaluating antispyware tools. http://www.computerworld.com/securitytopics/security/story/0,10801,108223,00.html http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5272 http://www.redherring.com/Article.aspx?a=15521&hed=Security+Firms+Team+on+Spyware - - - - - - - - - - MessageLabs launches archiving service Web security firm MessageLabs has launched a message archiving service to complement its existing web and email filtering services. The MessageLabs Archiving Service will offer backups of both instant message and email traffic as a hosted service designed to help firms meet growing compliance and corporate governance requirements. http://www.theregister.co.uk/2006/01/31/messagelabs_archiving/ - - - - - - - - - - AOL patches serious Winamp bug Users of AOL's Winamp 5.12 media player are being told to upgrade their software following the release of malicious code that could be used to take over a Winamp user's system. A new version of the Winamp player was released Monday afternoon, one day after hackers posted exploit code on the milw0rm.com website that could be used to run unauthorised software on computers running Winamp 5.12 with Windows XP. http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5271 http://www.theregister.co.uk/2006/01/31/winamp_security_flap/ http://www.informationweek.com/news/showArticle.jhtml?articleID=177105373 - - - - - - - - - - Researcher says Cisco VPN hole isnt patched yet The security researcher who earlier this month reported a security hole in Cisco Systems Incs VPN 3000 series concentrators says that the Cisco patch released last week doesnt fix the problem. http://www.computerworld.com/securitytopics/security/holes/story/0,10801,108234,00.html - - - - - - - - - - Mirage extends NAC appliance Mirage Networks this week updated its network access control appliance, adding the ability to scan LAN- and WLAN-attached devices running banned network applications or protocols. The Mirage NAC device attaches to a LAN switch and inspects PCs and laptops by working with end-point security software vendors, such as FoundStone and NetForensics. The device then re-routes traffic from clients that contain dangerous software or settings, or client traffic that is suspicious or violates access policies. http://www.computerworld.com/securitytopics/security/story/0,10801,108218,00.html - - - - - - - - - - 3Com-Huawei Deal Yields New IPS Appliance 3Com unveiled a new IPS (intrusion prevention system) appliance for large enterprises and service providers on Jan. 30 called TippingPoint M60. The new appliance is the product of a 2003 joint venture between 3Com and Chinese networking equipment maker Huawei. It can stop denial of service attacks and block communications from worms, viruses, Trojan horse programs and spyware. http://www.eweek.com/article2/0,1759,1917018,00.asp - - - - - - - - - - RFID subway pass? Sure, New York says Citigroup is planning to pilot the use of contactless payment systems in the New York subway. Selected customers of the Metropolitan Transportation Authority will be able to pay for a train ride at the subway entrance by tapping or waving a payment card at a turnstile reader, much like London's Oyster card scheme allows for the Tube. MTA riders currently pay their fares by sliding credit card-like MetroCards. http://news.zdnet.com/2100-1035_22-6033364.html - - - - - - - - - - 3 February virus: Are we ready for it? Antivirus companies are at odds over the severity of a time-bomb virus which is set to go off on 3 February. The so-called Nyxem virus has so far infected 300,000 computers around the world, most of which are outside the UK. http://software.silicon.com/security/0,39024655,39156086,00.htm Microsoft weighs in on Kama Sutra worm http://news.zdnet.com/2100-1009_22-6033269.html - - - - - - - - - - Move to Intel a Security Non-Issue for Apple I guess Black Hat just gets hackers excited and optimistic for more bad news. This leads them to believe, for example, that Apple's move to x86 for the Mac will make the platform less secure. http://www.eweek.com/article2/0,1759,1916535,00.asp - - - - - - - - - - Legal DVD downloads to hit U.S. shores? An ambitious experiment with selling big-studio movies over a file-swapping network in Germany may portend new kinds of online movie sales in the United States--and give Microsoft new allies in its battle with Apple Computer. Warner Bros. Home Entertainment said Monday that it would launch a peer-to-peer video download service in Germany beginning in March, using Bertelsmann- created file-swapping technology to sell movies online at the same time as they're released on DVD. http://news.zdnet.com/2100-1040_22-6033397.html - - - - - - - - - - Google's data minefield The US Government's broad subpoena to search engines effectively seeks to mine the data of the internet. While Google has resisted the subpoena, there may be little they can do to protect our privacy from many prying eyes. Moreover, the Government subpoena makes Google and other search engines or ISPs the source of first resort for any information about what people's preferences are, what they like or dislike, what they do and don't do, what they read and don't read. http://www.theregister.co.uk/2006/01/31/google_subpoena_us_government/ - - - - - - - - - - Mobile security: who's responsible? Reg Reader Studies The results of our probe into the dark heart of mobile security are in - and the conclusions are, well, here are some of the he fundamental points: Mobile security policies are described as "vital" but largely not well implemented. Users are recognised as a problem, with attitudes that are often irresponsible and careless. Many organisations are not setting the right examples. IT managers are cautious and pessimistic about the difficulties caused by mobile devices. http://www.theregister.co.uk/2006/01/31/mobile_security_survey_results/ - - - - - - - - - - Smoking out photo hoaxes with software Dartmouth College professor Hany Farid is no fan of Josef Stalin, but he acknowledges that the photo retouching done during the Soviet era was top notch. "That was impressive work. I've seen some of the originals," Farid said. The Soviets just didn't airbrush their victims out, he added. They painted in new backgrounds on the negatives. Farid's interest in photo retouching isn't just historical. The professor of computer science and applied mathematics runs the university's Image Science Group, which has emerged as one of the chief research centers in the U.S. for developing software to detect manipulation in digital photographs. http://news.zdnet.com/2100-3513_22-6033312.html - - - - - - - - - - BI Helps Police Predict, Prevent Crime Case Study: Data mining vendors SPSS and Information Builders help a Virginia police force take preventive action. What if IT could help law enforcement outmaneuver the criminal before the criminal got to the crime scene? If this scenario sounds like something right out of the science fiction film "Minority Report," it's not. http://www.eweek.com/article2/0,1759,1915556,00.asp *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2006, NewsBits.net, Campbell, CA.