NewsBits for February 17, 2006 ************************************************************ New twist in Nasa hacker hearing Issue of US military law could block extradition... Gary McKinnon, the UK citizen accused of hacking into computer systems run by Nasa and the US military, will not be extradited across the Atlantic to face trial unless the US can guarantee he won't be treated as a terrorist. http://software.silicon.com/security/0,39024655,39156543,00.htm British hacker fights US extradition http://smh.com.au/news/breaking/british-hacker-fights-us-extradition/2006/02/15/1139890794694.html - - - - - - - - - - Blue Cross contractor under investigation Blue Cross Blue Shield of Florida recently determined that a contractor inappropriately transferred corporate data to his home computer, possibly compromising the identities of 27,000 people. The contractor was not named, due to an ongoing criminal investigation. The data included the names and Social Security numbers of current and former employees, contractors and vendors, says Lisa Acheson Luther, Blue Cross spokeswoman. http://orlando.bizjournals.com/orlando/stories/2006/02/13/daily24.html - - - - - - - - - - Net pharmacy conviction overturned What: Owners of an Internet pharmacy appeal their conviction on charges including mail fraud and illegally offering prescription drugs. When: Decided Feb. 13 by the United States Court of Appeals, 11th Circuit. Outcome: Conviction overturned and new trial granted. http://news.zdnet.com/2100-9595_22-6040904.html - - - - - - - - - - China denies Internet controls lead to arrests China says they blocked only "a very few" foreign sites which have pornographic or terrorist-linked content. Chinese people can freely access the Internet and the government has never arrested anyone for expressing an opinion on the Web, an official state newspaper said on Wednesday. http://www.ciol.com/content/news/2006/106021503.asp - - - - - - - - - - Middle school teacher charged with posting child porn A preliminary hearing was set for a Mequon man accused of uploading pornographic pictures of boys to an Internet site. Twenty-six-year-old Christopher Ernest was charged with ten counts of possessing child pornography. Ernest taught seventh grade at Steffen Middle School in Mequon for three years, according to school superintendent Robert Slotterback. Ernest resigned from the district at the end of the 2004-'05 school year. http://www.wbay.com/Global/story.asp?S=4517069 - - - - - - - - - - Colleges say cyber crime suspects not students Men were targets of sweep for online predators Officials at two East Texas Christian colleges say two suspects arrested in an Internet crime sweep run by the Texas attorney general's office were not enrolled at their schools as state officials said they were. http://www.news-journal.com/news/content/news/stories/02172006ag_online.html - - - - - - - - - - Two Mac user sites shut down for possible copyright violation Two busy Web sites that focus on Apple Computer Inc.'s Mac OS X operating system went silent Friday just days after they featured links to information on how to hack the software and run it on non-Apple PCs. The OSx86 Project Web site stated Apple had served it with a notice on Thursday citing violations of the 1998 Digital Millennium Copyright Act, and the site was reviewing all of its discussion forum postings as a result. The site has always aimed to adhere to copyright laws and is working with Apple to ensure no violations exist, according to a statement by the site administrator. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/13900819.htm http://news.zdnet.com/2100-9590_22-6040983.html - - - - - - - - - - $10,000 Bug Bounty Offered iDefense announced that it will pay $10,000 to anyone who discovers a bug in a Microsoft product that results in a new Microsoft Security Bulletin with a severity rating of critical. But there's one slight catch: You must report your discovery by midnight March 31, 2006, Eastern Standard Time. http://www.windowsitpro.com/windowspaulthurrott/Article/ArticleID/49416/windowspaulthurrott_49416.html - - - - - - - - - - New Trojans plunder bank accounts Cybercriminals are surfing into online banks with you to steal your money. Password-stealing Trojan horses used to be all the rage. The software would nestle itself on a PC after opening a bad e-mail attachment or visiting a malicious Web site. But in response to the increased adoption of stronger authentication, cybercriminals are changing their tactics, according to Alex Shipp, a senior antivirus technologist at MessageLabs. http://news.zdnet.com/2100-1009_22-6041173.html - - - - - - - - - - Lawsuit filed against Verizon alleges wiretapping cooperation An attorney and entrepreneur has filed a lawsuit against Verizon Communications Inc. alleging it has illegally collaborated with the National Security Agency's wiretapping operations. The suit by Michael Pascazi of Fishkill, N.Y., seeks to represent millions of Verizon customers in a class action. It seeks $20 billion in damages for alleged violations of customer privacy by a warrantless government wiretapping program. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/13899738.htm - - - - - - - - - - U.S. Judge Orders Response On Eavesdropping Records The Justice Department must provide a "checklist" guide used to determine whether an individual's phone or e-mail messages could be monitored and other documents related to President Bush's domestic eavesdropping program. http://www.informationweek.com/news/showArticle.jhtml;j?articleID=180203860 - - - - - - - - - - US government warning on rootkit legislation A US government official has warned software distributors that a repeat of the Sony rootkit incident could lead to legislation. "We need to think about how that situation could have been avoided in the first place," said Jonathan Frenkel, director of law enforcement policy with the Departmemt of Homeland Security (DHS)'s Border and Transportation Security Directorate. "Legislation or regulation may not be appropriate in all cases, but it may be warranted in some circumstances." http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5397 Homeland security urges DRM rootkit ban http://www.theregister.co.uk/2006/02/17/rootkit/ DHS official lays out cybersecurity responsibilities http://www.fcw.com/article92362-02-17-06-Web - - - - - - - - - - Google criticizes Bush administration in court documents Google Inc. on Friday criticized the Bush administration's demand to examine millions of its users' Internet search requests as a misguided fishing expedition that threatens to ruin the company's credibility and reveal its closely guarded secrets. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/13900823.htm http://news.zdnet.com/2100-9595_22-6041113.html Google rejects DOJ bid for search info http://computerworld.com/securitytopics/security/privacy/story/0,10801,108843,00.html - - - - - - - - - - Call for reform as unlicensed software use rises 'Couldn't care less' attitude needs to change There was a 25 per cent increase in the number of companies settling for unlicensed software use in the UK last year, according to the Business Software Alliance. But the sums paid go some way to showing how UK law provides little deterrent to such piracy. http://www.theregister.co.uk/2006/02/17/unlicensed_software_reform/ - - - - - - - - - - Experts: Don't shoot messenger to protect Internet Governments must not let debates over Internet content affect the underlying interoperability of the global networks infrastructure, a panel of Internet policy experts said yesterday. http://www.fcw.com/article92363-02-17-06-Web Panel: Industry crucial to fighting cybercrime http://www.fcw.com/article92364-02-17-06-Web FBI Director: Cyberthreats 'Fluid and Far-reaching' http://www.pcworld.com/news/article/0,aid,124741,00.asp - - - - - - - - - - Mac OS X malware latches onto Bluetooth vulnerability A second strain of malware targeting Mac OS X has been discovered days after a Mac OS X Trojan appeared on the scene. The latest malware, Inqtana-A, is a proof-of-concept worm that attempts to spread using a Bluetooth vulnerability. The worm is not spreading in the wild and uses an internal counter that means it will expire on February 24, so it's unlikely to ever be much of a problem. Nonetheless, Mac OS X 10.4 (Tiger) users are still advised to make sure they're patched up in order to guard against attack from any future worm that uses the same exploit. http://www.theregister.co.uk/2006/02/17/macosx_bluetooth_worm/ http://news.zdnet.com/2100-1009_22-6041091.html Second OS X worm appears http://www.securityfocus.com/brief/143 Basic Mac OS X Security http://www.it-observer.com/news/5741/basic_mac_os_x_security/ Mac OS X Trojan: Oompa-Loompa http://www.it-observer.com/news/5738/mac_os_x_trojan_oompa_loompa/ Apple users targeted by IM Trojan http://news.zdnet.co.uk/software/mac/0,39020393,39252972,00.htm - - - - - - - - - - Attack code targets Media Player flaw A French security firm has warned that a flaw in Microsoft's Windows Media Player could be exploited by hackers. The French Security Incident Response Team (FrSIRT) warned that an exploit code attacking the media player has been released into the wild. However, it said that users who had applied the latest round of patches from Microsoft should not be affected: patch MS06-006 repairs the flaw. http://zone-h.org/en/feeds/year=2006/month=02/ FSF: Microsoft's attack on EC is 'outrageous' http://news.zdnet.co.uk/software/windows/0,39020396,39252964,00.htm Exploit code out for Windows flaw http://news.zdnet.co.uk/software/windows/0,39020396,39252974,00.htm Hackers follow Microsoft patches with malware http://computerworld.com/securitytopics/security/story/0,10801,108825,00.html - - - - - - - - - - Windows USB flaw drains batteries Microsoft has publically admitted a flaw in the latest version of Windows XP that could drastically cut laptop battery life. Microsoft has confirmed the existence of a flaw in its USB 2.0 drivers for Windows XP Service Pack 2 that can cause a notebook to consume power at a faster-than-expected rate when using a peripheral device. http://news.zdnet.co.uk/software/windows/0,39020396,39252971,00.htm http://computerworld.com/securitytopics/security/story/0,10801,108826,00.html - - - - - - - - - - PandaLabs 2005 Annual Report Highlights New Malware Tendencies Targeted attacks with custom designed malware are among the most significant cybercrime developments of 2005 - the trend is set to continue in 2006. The report, created by the Surveillance Department at PandaLabs, highlights the increasing professionalization of the creators of security threats and their financial motivation. http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/02-15-2006/0004282978 - - - - - - - - - - Vista's encryption could vex investigators Digital rights management chips could thwart law enforcement. Encryption features in Microsoft Corp.'s upcoming operating system release, Windows Vista, could pose tricky challenges for criminal investigators, a Cambridge University professor told British lawmakers earlier this week. http://computerworld.com/securitytopics/security/story/0,10801,108810,00.html Panic spreads over Windows Vista 'back door' that never was http://www.theregister.co.uk/2006/02/17/vista_back_door_panic/ - - - - - - - - - - Stop Pod Slurping According to Gartner Group, pod-slurping is one of the most critical security breaches affecting personal and enterprise computing today. Companies are at risk of losing intellectual property and other critical corporate data. Portable storage devices are ideal for anyone intending to steal sensitive and valuable data. Employees may also be responsible for losing data if they inadvertently mislay these devices. http://www.it-observer.com/news/5745/stop_pod_slurping/ - - - - - - - - - - WiFi VoIP Security Just as vendors prepare the first generation of dualmode cellular and WiFi mobiles for launch later this year, the wireless security community is starting to turn up threats to 802.11 VOIP handsets in the field. The Wireless Vulnerabilities & Exploits site, a repository of -- surprise! -- wireless security threats, has posted a number of advisory notes about Hitachi Ltd.'s IP5000 unit and UTStarcom Inc.'s F1000 handset. http://www.it-observer.com/news/5742/wifi_voip_security/ - - - - - - - - - - IBM to unveil new security software IBM on Friday plans to unveil its Tivoli Identity Manager Express, security software designed for small and midsize businesses. The software aims to block companies' employees from using former workers' user names and accounts that they may have forgotten to cancel. http://news.com.com/2110-7355_3-6040717.html Tivoli Identity Manager slimmed down for small and midsize firms http://www.computerworld.com/securitytopics/security/story/0,10801,108796,00.html IBM preps patches for security flaw http://www.computerworld.com/securitytopics/security/story/0,10801,108813,00.html - - - - - - - - - - ID cards biometrics will not stop forgery Following the government's acceptance on Monday of the Lords' opposition to plans to make ID cards compulsory, we are a step closer to ID cards incorporating biometrics. These are designed to prevent forgery, but British ID specialists TSSI casts doubts today. http://www.it-observer.com/news/5746/id_cards_biometrics_not_stop_forgery/ Experts: National ID won't solve terrorism http://www.securityfocus.com/brief/144 - - - - - - - - - - Proof: Employees don't care about security Like we didn't already know... An experiment carried out within London's square mile has revealed that employees in some of the City's best known financial services companies don't care about basic security policy. CDs were handed out to commuters as they entered the City by employees of IT skills specialist The Training Camp and recipients were told the disks contained a special Valentine's Day promotion. http://software.silicon.com/security/0,39024655,39156503,00.htm - - - - - - - - - - Chertoff Says IT Weaknesses Hurt Katrina Response Homeland Security Secretary Michael Chertoff took responsibility for the poor response to Hurricane Katrina Wednesday, but he also blamed the department's inability to conduct surveillance, communicate efficiently, track shipments, and handle Web traffic. http://www.techweb.com/wire/security/180202527 - - - - - - - - - - Police warn telcos about phone fraud Network operators have been warned they might be committing offences if they continue to do business with premium rate service (PRS) operators suspected of ripping off punters. The warning came as officers from the City of London Police Economic Crime Department (COLP ECD) met with network operators at the offices of regulator ICSTIS earlier this month. The operators called for a meeting because of ongoing pressure on the industry to clean up its act. http://www.theregister.co.uk/2006/02/17/icstis_prs/ *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2006, NewsBits.net, Campbell, CA.