NewsBits for March 31, 2006 sponsored by Digital
Investigation - The International Journal of Digital
Forensics & Incident Response - www.digitalinvestigation.net
************************************************************
Hacker hits Georgia state database via hole in security software
An unpatched flaw in a widely used security
program was exploited by an unknown hacker
to gain access to a Georgia Technology Authority
(GTA) database containing confidential information
on more than 570,000 members of the states pension
plans.
http://www.computerworld.com/securitytopics/security/story/0,10801,110094,00.html
- - - - - - - - - -
N.H. IT worker disputes state government security breach
A New Hampshire state IT employee who was placed
on paid leave last month after an alleged security
breach involving a government server is disputing
the states explanation of the incident. Douglas
A. Oliver, 44, a Web middleware engineer who says
he was placed on paid leave Feb. 17 in connection
with the incident, said he is speaking out because
the states account is incredibly skewed, in my
estimation.
http://www.computerworld.com/securitytopics/security/story/0,10801,110092,00.html
- - - - - - - - - -
NASA HQ Raided In Kiddie Porn Probe
The Washington headquarters of NASA was raided
this week as part of a kiddie porn probe targeting
an executive with the space agency, The Smoking
Gun has learned. On Wednesday morning, federal
investigators seized a laptop computer, a hard
drive, CDs, and other material from the office
of James R. Robinson, who was present when agents
with NASA's inspector general executed a search
warrant at his E Street office.
http://www.thesmokinggun.com/archive/0331061nasa1.html
- - - - - - - - - -
Fake E-Mail Topples Japan's Opposition Party
Japan's opposition party suffered a fresh humiliation
Friday when its leadership resigned en masse over
a fake e-mail scandal, handing Prime Minister
Junichiro Koizumi an uncontested grip on power
in his last six months in office.
http://news.aol.com/topnews/articles?id=n20060331113009990010&cid=774
- - - - - - - - - -
Cops hunt for counterfeiters
Investigators seeking evidence of a counterfeiting
operation at a Medford home seized computer equipment
and hand grenades, then arrested three people Wednesday.
Police across Southern Oregon and Northern California
have received a spate of reports of counterfeit cash
in the past several weeks, Medford police Lt. Mike
Moran said. Fake bills ranging from $1 to $100 have
been reported, he said.
http://www.mailtribune.com/archive/2006/0330/local/stories/06local.htm
- - - - - - - - - -
Seven arrested in online fraud crackdown
The U.S. Secret Service arrested seven people
across the nation this week as part of an
ongoing investigation that has turned up
links to the massive debit-card breaches
which have worried banks and consumers.
http://www.securityfocus.com/news/11385
- - - - - - - - - -
ID theft, child porn charges lodged
First, Flint Township police discovered he was
paying off credit cards issued to his dead brother
using another person's stolen identity. Police said
his brother died 10 years ago, but the credit cards
were opened four years ago. And when he was arrested,
police found child pornography in his truck.
http://www.mlive.com/news/fljournal/index.ssf?/base/news-35/1143818435120580.xml
- - - - - - - - - -
Ex-Rosenberg cop convicted on child porn charge
A Fort Bend County jury has found a former Rosenberg
police officer guilty of possession of child pornography.
The punishment phase of the trial of Gary Wayne Stone,
58, starts today in the 400th District Court. Stone
was convicted Thursday evening and faces a potental
sentence of 2 to 10 years in prison.
http://www.chron.com/disp/story.mpl/front/3761645.html
- - - - - - - - - -
Net luring charged
A 46-year-old city man faces Internet luring
and child-porn charges after city police raided
a north-end home. Last November, a 13-year-old
girl reported a man with whom she had been
communicating on the Internet was pressuring
her for sex, said police spokesman Jeff Wuite.
http://www.edmontonsun.com/News/Edmonton/2006/03/31/1513842-sun.html
- - - - - - - - - -
Lawmaker calls for additional staff to combat Internet child porn
On Tuesday, Sen. Bill Diamond, D-Windham, urged
Maine senators to back LD 2028, a bill that would
help the state's Computer Crimes Task Force fight
Internet child pornography.
http://www.keepmecurrent.com/Community/story.cfm?storyID=16901
- - - - - - - - - -
Law Directs Schools to Teach Cyber-Safety
Virginia public schools will be required to teach
students about Internet safety under a law passed
by the General Assembly and signed by Gov. Timothy
M. Kaine (D) last month. The law, which takes effect
July 1, is designed to ensure that tech-savvy children
understand the dangers lurking in cyberspace. The
measure's sponsor, Del. William H. Fralin Jr.
(R-Roanoke), said he wrote the bill after his oldest
son turned 10 and started competing with his parents
for computer time.
http://www.washingtonpost.com/wp-dyn/content/article/2006/03/29/AR2006032900705.html
- - - - - - - - - -
Data-Breach Disclosure Bill Passes House Panel
Legislation forcing data brokers to disclose
security breaches to the public passed
the U.S. House Energy and Commerce
Committee today on a 41-0 vote.
http://www.internetnews.com/bus-news/article.php/3595291
- - - - - - - - - -
U.S. Senate Panel Backs Phone Record Privacy Bill
The proposed law would boost penalties
to as much as $30,000 per incident and
up to $3 million for continuing violations
by telephone companies that fail to
properly safeguard consumer information.
http://www.informationweek.com/news/showArticle.jhtml;?articleID=184417322
- - - - - - - - - -
Hong Kong lawmaker says Yahoo unit wasn't compelled
A Hong Kong lawmaker said Friday he has
complained to a government privacy commission
that Yahoo Inc.'s local affiliate provided
evidence to convict a Chinese reporter
sentenced to 10 years in prison for
leaking state secrets.
http://www.siliconvalley.com/mld/siliconvalley/news/editorial/14234722.htm
- - - - - - - - - -
Yahoo: We need effective cybercrime laws
Yahoo has called for "effective" legislation,
combined with industry self-regulation,
to deal with online fraud, child abuse and
other cybercrime. The Internet services
giant appealed on Thursday for policymakers
to concentrate on defining illegal use
of technology, rather than focus on how
an action breaks the law.
http://news.zdnet.com/2100-1009_22-6056523.html
- - - - - - - - - -
Computer security problems still afflict SEC, GAO says
Computer security problems continue to plague
the Securities and Exchange Commission,
according to a Government Accountability
Office report issued Friday.
http://www.siliconvalley.com/mld/siliconvalley/news/editorial/14235796.htm
- - - - - - - - - -
BBC stories used as bait for IE exploits
E-mail servers Security threats Microsoft
Cybercrooks are spamming e-mail messages
to trick people into visiting malicious
Web sites that exploit a recent Internet
Explorer flaw, experts warned Thursday.
http://news.zdnet.com/2100-1009_22-6056217.html
http://www.theregister.co.uk/2006/03/31/ie_exploit_bbc_bait/
http://www.eweek.com/article2/0,1759,1944579,00.asp
http://software.silicon.com/security/0,39024655,39157722,00.htm
- - - - - - - - - -
Weekly Report on Viruses and Intruders
Every week, Panda Software publishes a report
with information explaining the most notable
viruses and threats that have appeared during
the week. In this weeks report, PandaLabs
looks at two variants of the notorious Bagle
worm, IB and HZ, as well as a malicious code
that exploits a vulnerability in Internet
Explorer.
http://www.it-observer.com/news/5989/weekly_report_viruses_intruders_bagle_worm_ib_iz_variants/
- - - - - - - - - -
Spyware company denies software is malicious
The company selling spyware for mobiles has hit
back at the suggestion its program is malicious.
Thai company Vervata has hit back after security
firm, F-Secure, recently began blocking a commercial
application called FlexiSpy, a product that bills
itself as the world's first spy software built
for mobile phones.
http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5693
http://www.securityfocus.com/brief/175
Cell Phone Spy Program Raises Concerns
http://www.eweek.com/article2/0,1759,1944472,00.asp
- - - - - - - - - -
City to take aim at high-tech criminals
An increase in high-tech crime is forcing
police to undergo special training to
successfully investigate such cases.
To ensure there are enough trained
investigators the Thousand Oaks City
Council approved a $40,207 payment
last week to help fund three new computer
forensic examiner positions in the
Ventura County High-Tech Task Force.
http://www.toacorn.com/news/2006/0330/Front_Page/002.html
- - - - - - - - - -
Windows Help Heap Overflow
There is a heap based buffer overflow in the rendering
engine of .hlp files in winhlp32.exe which will allow
some attacker the possibility of modifying the internal
structure of the process with a means to execute
arbitrary and malicious code.
http://www.it-observer.com/news/5986/windows_help_heap_overflow/
- - - - - - - - - -
New spam technique delivers results for spammers
SoftScan announced today that in a bid to
beat detection and increase the likelihood
of their messages being read, spammers
are increasingly using a new twist on
joe-jobbing (forging the senders email
address) that may lead to organisations
abolishing the bounce back message.
http://www.it-observer.com/news/5990/new_spam_technique_delivers_results_spammers/
- - - - - - - - - -
Alcatel signs up to MS dewormer tech
Microsoft has signed up another network vendor
to its Network Access Protection (NAP) scheme
with the addition of Alcatel to the ranks of
supporters of the technology. NAP, due to ship
with Longhorn in 2007, provides a policy enforcement
bolt-on to Windows that allows admins to restrict
access to networks to machines without up-to-date
OS patches, properly installed firewalls or anti-
virus updates.
http://www.theregister.co.uk/2006/03/30/alcatel_supports_ms_nap/
- - - - - - - - - -
IBM tightens up mainframe security
IBM is set to launch the System Z9 integrated
information processor (zIIP) to work with the
company's z9 mainframe. The product, which IBM
said will offer a greater degree of security,
will be aimed particularly at the financial
sector,
http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5687
- - - - - - - - - -
Netgear ProSafe VPN Firewall 50
Netgear is undoubtedly best know for its consumer
networking products but its ProSafe router lineup
aims to provide businesses with that little bit
more in terms of features and security options.
http://www.it-observer.com/news/5984/netgear_prosafe_vpn_firewall_50/
- - - - - - - - - -
Trusted Platform Module gets backing from Via
In a move to help users better secure the data
on their computers, Taiwanese chip vendor Via
Technologies Inc. said Thursday it will add
Trusted Platform Module (TPM) support to its
line of chip set products.
http://www.computerworld.com/securitytopics/security/story/0,10801,110099,00.html
- - - - - - - - - -
Would a Security Monopoly Really Be So Bad?
Opinion: It's just a thought experiment,
but you can make a good case that competition
has failed and that what the security market
needs is a monopoly. You could see it coming
for years: Microsoft's entry into the security
business will be treacherous for other security
vendors. It's been about to happen for years
and now it will take a little longer. But
eventually it should actually happen.
http://www.eweek.com/article2/0,1759,1944811,00.asp
Interpol demands secure PCs
http://software.silicon.com/security/0,39024655,39157721,00.htm
Computer specialist says superiors ignored securitywarnings
http://www.it-observer.com/news/5981/computer_specialist_says_superiors_ignored_securitywarnings/
- - - - - - - - - -
Why phishing works - university study
Researchers at Harvard University and UC Berkeley
have published a document explaining why phishing
works on general users. The ten-page document, by
Rachna Dhamija at Harvard and J.D. Tygar and Marti
Hearst at Berkeley, details a small study of 22
participants that looks at today's standard
security indicators used with websites.
http://www.securityfocus.com/brief/176
Phishers set hidden traps on eBay
http://news.zdnet.com/2100-1009_22-6056687.html
Fighting fraud by baiting phishers
http://news.zdnet.com/2100-1009_22-6056317.html
Why phishing reels punters in
http://www.theregister.co.uk/2006/03/31/phishing_study/
Anti-Phishing Tips You Should Not Follow
http://www.it-observer.com/news/5987/anti_phishing_tips_you_should_not_follow/
- - - - - - - - - -
Perverting Unix Processes
The address space of a UNIX process can be
used by an attacker to do as many evil actions
as possible. One of the most powerful techniques
is the execution of a new binary by using
a userland execve() implementation. The purpose
of this text is to present a tool based on SELF
and to explain which elements are involved in
its operation.
http://www.it-observer.com/news/5988/perverting_unix_processes/
- - - - - - - - - -
What Is Wireless Security
The new standard in wireless networks--802.11g
--offers speed, security, and performance.
It is also the most widely employed standard
in corporate internal wireless LAN networks.
You can transfer data at up to 54Mbps using
802.11g (which is five times the speed of
older 802.11b wireless networks).
http://www.it-observer.com/news/5985/what_wireless_security/
- - - - - - - - - -
iSafe: Store Personal Data Securely on Your Mac
As an Internet user, you need to keep track
of passwords, accounts information, names
and much more. One solution is to store
everything on your computer and take the
risk that anyone can gain access to your
valuable information. iSafe is a security
solution that will relieve you of the
password management chore, while offering
complete security and protection to your
assets.
http://www.it-observer.com/articles/1095/isafe_store_personal_data_securely_your_mac/
iSafe 1.6
http://www.it-observer.com/tools/18/isafe/
- - - - - - - - - -
'Kosher Cellphones' Draw Line at Objectionable Calls
It sounds like the setup for a punch line:
What do you get when you cross an ultra-
Orthodox rabbi with a mobile phone? But
the "kosher phone" is real and its
developers are serious about looking
beyond the religious enclaves of Israel.
Some Arab companies even have inquired
about the phone's main feature: keeping
out sex lines and other worldly temptations.
(LA Times article, free registration required)
http://www.latimes.com/technology/la-fi-kosherphone31mar31,1,7479397.story
************************************************************
Digital Investigation is the international journal of digital
forensics and incident response. To apply for a free sample
copy visit: http://www.digitalinvestigation.net
***********************************************************
Search the NewsBits.net Archive at:
http://www.newsbits.net/search.html
***********************************************************
The source material may be copyrighted and all rights are
retained by the original author/publisher. The information
is provided to you for non-profit research and educational
purposes. Reproduction of this text is encouraged; however
copies may not be sold, and NewsBits (www.newsbits.net)
should be cited as the source of the information.
Copyright 2000-2006, NewsBits.net, Campbell, CA.