NewsBits for March 10, 2006 sponsored by Digital Investigation - The International Journal of Digital Forensics & Incident Response - www.digitalinvestigation.net ************************************************************ PIN Scandal "Worst Hack Ever;" Citibank Only The Start The unfolding debit card scam that rocked Citibank this week is far from over, an analyst said Thursday as she called this first-time-ever mass theft of PINs "the worst consumer scam to date." http://internetweek.cmp.com/showArticle.jhtml?articleID=181502508 Debit-card fraud continues http://www.securityfocus.com/brief/160 - - - - - - - - - - Adult payment firm denies customer records breach An online payments firm that specialises in processing payments to porn sites has denied that a supposed haul of consumer data originated from its databases. iBill says "records" of the email addresses of 17m plus net voyeurs recovered by two security companies do not match its own records. http://www.theregister.co.uk/2006/03/10/smut_database_mystery/ - - - - - - - - - - Fairfax County Man Indicted for Possession of Child Porn A Fairfax County man has been indicted for possession of child pornography. Doctor Charles Lynch of Clifton could face up to ten years in prison after agents seized more than 1,000 CD-Rom disks from his office at the Defense Information Systems Agency in Arlington. http://www.wjla.com/news/stories/0306/309417.html - - - - - - - - - - Therapist at Children's Hospital accused of child molestation, porn The victims were among the most vulnerable. Their plight brought one hospital official to tears and drew flashes of anger from another yesterday as they described a horrifying case of child molestation and pornography at Children's Convalescent Hospital. http://www.signonsandiego.com/news/metro/20060310-9999-1n10child.html - - - - - - - - - - Ex-employee faces suit over file deletion "Police blotter" is a weekly report on the intersection of technology and the law. What: International Airport Centers sues former employee, claiming use of a secure file deletion utility violated federal hacking laws. http://news.com.com/Police+blotter+Ex-employee+faces+suit+over+file+deletion/2100-1030_3-6048449.html - - - - - - - - - - Court OKs computer searches for child porn Police may search computer hard drives for child pornography if their owners subscribe to Web sites selling the images, a U.S. appeals court ruled on Thursday. There is a "fair probability" customers of child pornography Web sites receive or download the illegal images, opening the door for police searches, according to the ruling by the U.S. 9th Circuit Court of Appeals. http://news.zdnet.com/2100-9588_22-6048285.html - - - - - - - - - - Lawyer insists Microsoft infringed antipiracy patent A Texas lawyer named Kenneth Nash owns a patent on a method for detecting pirated software by assigning each program a unique ID and verifying it over the Internet. Nash sued Microsoft over its product activation program and lost when a judge in Houston ruled against him. http://news.com.com/2100-1030_3-6047985.html Microsoft Pushes New Piracy Initiative http://www.betanews.com/article/Microsoft_Pushes_New_Piracy_Initiative/1141927112 - - - - - - - - - - Political bloggers may get federal protection Bloggers would be largely immunized from hundreds of pages of confusing federal regulations dealing with election laws, according to a bill approved by a House of Representatives panel on Thursday. http://news.com.com/2100-1028_3-6047902.html - - - - - - - - - - Patchwork of Privacy Regulations Absolute privacy has never truly existed. Before the industrial revolution, mankind largely inhabited small villages where everyone knew everything about everyone else. The desire to remain isolated, or to maintain privacy regarding details of health and welfare, would have been regarded suspiciously. http://www.it-observer.com/news/5871/patchwork_privacy_regulations/ - - - - - - - - - - New IM Worms Delete Files, Hijack PCs An anti-virus vendor warned Tuesday that two new worms spreading on Microsoft's and America Online's instant messaging networks delete files and leave systems open to hijacking. http://www.securitypipeline.com/181501635 Virus names likely a lost cause http://www.securityfocus.com/news/11380 - - - - - - - - - - eEye Flags More iTunes, QuickTime Flaws Security flaws in Apple's popular digital media products are beginning to add up. Researchers at eEye Digital Security have pinpointed two high-risk vulnerabilities in iTunes and QuickTime that could put millions of Windows and Mac users at risk of code execution attacks. http://www.eweek.com/article2/0,1759,1936596,00.asp - - - - - - - - - - Hackers Targeting Mambo Security Holes Hackers are actively seeking out unpatched versions of the Mambo content management system, which recently repaired a serious security hole. The latest exploit attempts target a different vulnerability than the Mare.D worm, which grabbed headlines last month but apparently did limited damage to Mambo sites. http://www.it-observer.com/news/5865/hackers_targeting_mambo_security_holes/ - - - - - - - - - - Smart Redirection Attack Helps Phishers Dodge Site Shutdowns RSA Security announced this week that it has discovered that online fraudsters have developed a new phishing technique in response to increasingly aggressive moves to identify and shut down phishing sites. http://www.it-observer.com/news/5872/smart_redirection_attack_helps_phishers_dodge_site_shutdowns/ Phishing hits translators http://www.crime-research.org/news/03.10.2006/1874/ - - - - - - - - - - Lipstick hoax smacks inboxes worldwide A hoax email is circulating with the false warning that certain types of lipstick can cause cancer. http://www.vnunet.com/vnunet/news/2151707/lipsticks-cause-cancer - - - - - - - - - - Microsoft Plans Two Patches Next Week Microsoft on Thursday said it would release just two security patches next week, five fewer than last month. http://www.securitypipeline.com/news/181502638;j http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5541s http://news.zdnet.co.uk/software/windows/0,39020396,39256678,00.htm Microsoft Threat Analysis and Modeling http://www.it-observer.com/news/5869/microsoft_threat_analysis_modeling/ Microsoft Unwraps Ultra Mobile PC http://www.newsfactor.com/story.xhtml?story_id=02200000JT60 OneCare gets spyware shield http://news.zdnet.co.uk/software/applications/0,39020384,39256671,00.htm - - - - - - - - - - When your end user is a judge The vice president of records management at a large financial services firm once quipped that his end user was a judge. He should know,having been through a high-profile legal discovery process that required producing terabytes of electronic records along with truckloads of boxes filled with paper records. http://www.computerworld.com/securitytopics/security/story/0,10801,109400,00.html - - - - - - - - - - Staff happy to shop pirating employers Loyalty? They've heard of it. A survey of more than 2,000 UK adults by the Business Software Alliance has found that a third of employees would grass on an employer if they were using pirated software. http://www.vnunet.com/vnunet/news/2151760/staff-happy-shop-pirate - - - - - - - - - - IT staff fret over SSL insecurity Nine out of ten network professionals see the invisibility of encrypted Secure Sockets Layer (SSL) traffic as posing a significant risk to their companies, a new survey has claimed. http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5540 - - - - - - - - - - Doubly encrypted laptop unveiled Seagate Technology and Seagate Technology have combined to develop a fortified laptop that features full encryption of the hard drive and software for easier password management. http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5543 http://www.computerworld.com/securitytopics/security/story/0,10801,109429,00.html - - - - - - - - - - University researchers develop new digital rights technology Researchers at the University of Marylands A. James Clark School of Engineering have developed a new digital rights management technology that they said will help organizations better protect multimedia content from unauthorized copying and distribution. http://www.computerworld.com/securitytopics/security/story/0,10801,109449,00.html - - - - - - - - - - UK extends airport iris scan scheme Heathrow Airport has extended a pilot programme that allows registered passengers to pass through immigration checks using iris scans. http://www.theregister.co.uk/2006/03/10/project_iris/ http://chkpt.zdnet.com/chkpt/siliconfeed/http://software.silicon.com/security/0,39024655,39157104,00.htm - - - - - - - - - - UK plans to make driving licences biometric The British driving licence is to go biometric "at some stage" but, according to Transport Minister Alastair Darling, it will remain a distinct document from the planned UK identity card. http://www.theregister.co.uk/2006/03/10/uk_biometric_driving_licence/ - - - - - - - - - - Europe tagging along on RFID Viviane Reding yesterday reeled off a sheaf of figures on RFIDs expected growth over the coming years. The European Commissioner for Information Society and Media reckons 600m tags will ship this year, with that number jumping 450 times within ten years. http://www.theregister.co.uk/2006/03/10/reding_rfid_oinion/ - - - - - - - - - - Secure mobility Todays working environment is changing rapidly. A large number of companies are finding that meeting the demands of customers requires the workforce to be available anytime, anywhere. http://www.it-observer.com/news/5867/secure_mobility/ - - - - - - - - - - Build Physical Security into a Data Centre At information-intensive companies, data centres don't just hold the crown jewels; they are the crown jewels. Protecting them is a job for whiz- bang technologists, of course. But just as important, it's a job for those with expertise in physical security and business continuity. http://www.it-observer.com/news/5868/build_physical_security_into_data_centre/ - - - - - - - - - - Track Down Rogue Wireless Access Points Of all of the threats faced by your network security, few are as potentially dangerous as the rogue Access Point (AP). A rogue AP is a WiFi Access Point (define) that is set up by an attacker for the purpose of sniffing wireless network traffic in an effort to gain unauthorized access to your network environment. http://www.it-observer.com/news/5866/track_down_rogue_wireless_access_points/ - - - - - - - - - - Website Puts Crime Tracking on the Map Angelenos can play gumshoe. Philip Marlowe and track crime patterns in their neighborhoods and throughout the city, thanks to a new, high- tech initiative from the Los Angeles Police Department. (LA Times article, free registration required) http://www.latimes.com/technology/la-me-mapping10mar10,1,792262.story - - - - - - - - - - Osama bin Laden fan clubs build online communities Al-Qaeda sympathizers are using Orkut, a popular, worldwide Internet service owned by Google, to rally support for Osama bin Laden, share videos and Web links promoting terrorism and recruit non-Arabic-speaking Westerners, according to terrorism experts and a survey of the sites. http://www.usatoday.com/tech/news/2006-03-08-orkut-al-qaeda_x.htms - - - - - - - - - - EBay Yanks Listing for Gunman's Car A 1982 BMW advertised as once belonging to one of the gunmen in the Columbine High School killings was pulled from an online auction, a spokesman for eBay said. http://news.findlaw.com/ap/o/632/03-08-2006/9c4b000960c11a24.html - - - - - - - - - - NORAD orders Web deletion of transcript In an unusual follow-up to a public event, the Defense Department has ordered that a transcript of an open hearing on aviation restrictions be yanked from the Web. Maj. Gen. M. Scott Mayes, the head of the North American air defense command, ordered the internal review that flagged the hearing's transcript as problematic and led to its deletion from a government Web site, CNET News.com has learned. http://news.com.com/NORAD+orders+Web+deletion+of+transcript/2100-1028_3-6048254.html ************************************************************ Digital Investigation is the international journal of digital forensics and incident response. To apply for a free sample copy visit: http://www.digitalinvestigation.net *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2006, NewsBits.net, Campbell, CA.