NewsBits for April 3, 2006 ************************************************************ Identity theft hit 3.6M U.S. families in six months of '04 Wondering how likely you are to have your credit card number stolen? Well, according to a comprehensive survey conducted by the U.S. Department of Justice, identity theft is affecting millions of households in the U.S each year and costing an estimated $6.4 billion per year. http://www.computerworld.com/securitytopics/security/cybercrime/story/0,10801,110139,00.html Study: Fewer ID theft victims than first thought http://www.msnbc.msn.com/id/12121574/ Survey: Identity theft hits 3 percent http://www.securityfocus.com/brief/177 - - - - - - - - - - Trend Micro data revealed due to virus The failure of a Trend Micro Inc. employee to install his company's own antivirus software led to the uploading of some company reports to a popular Japanese peer-to-peer file-sharing network, the company said today. http://www.computerworld.com/securitytopics/security/holes/story/0,10801,110142,00.html - - - - - - - - - - State Workers Warned of Florida Data Leak Personal information of state employees in Florida may have been compromised after work on the state's People First payroll and human resources system was improperly subcontracted to one or more firms in India. About 108,000 current and former employees who worked for the state between Jan. 1, 2003, and June 30, 2004, may be affected by the breach, according to an e-mail warning that was sent last week to everyone who was employed by the state during that period. All state workers were warned of the breach in a March 16 e-mail. http://www.computerworld.com/securitytopics/security/story/0,10801,110090,00.html - - - - - - - - - - Attacks Target DNS Servers in U.S., Germany Network Solutions, Joker.com fend off denial- of-service hits. In similar incidents separated by only a few days, Domain Name System (DNS) servers at Network Solutions Inc. and a domain name registrar in Germany were hit by denial- of-service attacks that temporarily disrupted their systems. http://www.computerworld.com/securitytopics/security/story/0,10801,110124,00.html US takes interest in DDoS attacks http://www.it-observer.com/news/6003/us_takes_interest_ddos_attacks/ - - - - - - - - - - Child porn investigators raid NASA NASA's Washington headquarters was raided last week by investigators searching for evidence of child pornography. James Robinson, a NASA manager, came to the Feds attention when he responded to online ads for child pornography last year, Smoking Gun reports. http://www.theregister.co.uk/2006/04/03/nasa_raided/ http://www.gcn.com/online/vol1_no1/40316-1.html - - - - - - - - - - Man pleads to molestation charges; child porn charges dropped Charges of possession of child pornography will be dropped as part of a plea deal with a man who agreed to plead guilty to two molestation counts. David Eugene Hubbard, 45, pleaded guilty Wednesday in district court in Laramie to third-degree sexual assault and immodest, immoral or indecent acts. No agreement was made about sentencing, but Hubbard will be required to register as a sex offender. http://www.casperstartribune.net/articles/2006/04/01/news/wyoming/c41bf06fbf3860e887257141005e2057.txt - - - - - - - - - - Visalia woman pleads guilty to possessing child pornography A Visalia woman who pleaded guilty to possessing child pornography will likely be sentenced to six years in federal prison as part of a plea agreement. Roberta Sue Rigsbee, 46, entered the plea Friday in federal court in Fresno. A second charge was dropped as part of the agreement with federal prosecutors. http://sfgate.com/cgi-bin/article.cgi?f=/n/a/2006/04/01/state/n151611S41.DTL - - - - - - - - - - Bond remains at $30,000 cash for photographer After a Friday court hearing, the bond for an Aberdeen man accused of sexual contact with a minor and creating child pornography was not changed from $30,000 cash. Roger A. Delzer, 39, remained in jail Friday night. http://www.aberdeennews.com/mld/aberdeennews/news/14242097.htm - - - - - - - - - - Man Charged with Possession of Child Porn Theodore Wenden, a student in the Walt Disney World College Program, has been arrested for the possession of child pornography. Police said that Wenden left his computer on with a picture of child porn on the screen at his Orange County home. His roommates called the police and he was arrested. http://www.shortnews.com/shownews.cfm?id=53644&CFID=1323727&CFTOKEN=83745455 - - - - - - - - - - Cyber crime crackdown operation An ongoing undercover operation has been announced by the U.S. Secret Service to target people who steal personal information. Operation Rolling Stone has already made several arrests related to alleged offenders using the internet to commit credit card fraud. A recent nationwide rash of fraudulent debit card withdrawals has also come under the spotlight of the operation. http://www.techspot.com/news/21064-cyber-crime-crackdown-operation.html - - - - - - - - - - China Cracks Down on Gaming Theft Despite limited laws, disputes about virtual property are increasing in China, and intellectual- property lawyers there are calling for more action. The recent ruling in the Guangdong case could cause even more disputes to reach courtrooms and make the government create clearly defined rules about online assets and avatars. http://www.newsfactor.com/story.xhtml?story_id=003000002QH9 Chinese communists protect virtual property http://www.theregister.co.uk/2006/04/03/man_fined_online_theft/ - - - - - - - - - - U.S. Seeks Data From at Least 34 Tech Firms The Justice Department is demanding internal files from dozens of Internet service providers and other technology firms as it seeks to defend a controversial Internet child protection law. http://www.latimes.com/technology/la-fi-internet31mar31,1,3646011.story - - - - - - - - - - U.S. court overrules restrictions on Web site in free-speech case Washington state's Supreme Court ruled a trial judge overreached his authority when he restricted a man from posting information on a Web site. Paul Trummel was jailed for more than three months in 2002 in his free-speech standoff with the judge over the Web site he used as a forum for attacking the Council House, a federally subsidized retirement home where he once lived. http://news.findlaw.com/ap/o/51/03-31-2006/aa4600092d7ed639.html - - - - - - - - - - Leader: Why we need data loss disclosure laws Wouldn't you want to know if your bank lost your data? It goes without saying that most people, in business at least, only admit a mistake for one reason because they realise they're going to get caught anyway. Nowhere is this more clear than with the issue of disclosing data loss. In California all companies are required by law to inform their customers when data has been breached or lost. http://software.silicon.com/security/0,39024655,39157791,00.htm - - - - - - - - - - Internet sites must act to protect consumer IDs Online banks and ecommerce sites should do more to safeguard their customer's personal details from identity theft, according to a report. Some 91 per cent of people feel that internet firms should do more to protect personal information such as bank account details and email addresses from hackers and other internet criminals. http://www.it-observer.com/news/5997/internet_sites_must_act_protect_consumer_ids/ - - - - - - - - - - Singapore warns political bloggers Political debate on the Internet could fuel "dangerous discourse" in Singapore, the city- state's government said on Monday, warning that Singaporeans who post political commentary on Web sites could face prosecution. http://news.com.com/Singapore+warns+political+bloggers/2100-1028_3-6057083.html - - - - - - - - - - IRS Still Puts Taxpayer Data at Risk, Says GAO The Internal Revenue Service continues to put taxpayers' personal data at risk by not strengthening its information security systems, according to a report by the U.S. Government Accountability Office. "Although [the] IRS has made progress [over the past year], controls over its key financial and tax processing systems located at two sites were ineffective," the GAO said in the report, which was released late last month. http://www.computerworld.com/securitytopics/security/story/0,10801,110087,00.html - - - - - - - - - - Experts: 'British FBI' won't stop e-crime The formation of the Serious and Organised Crime Agency (SOCA) will do little to combat the rising threat of cybercrime and could actually make the problem worse, experts have warned. http://news.zdnet.co.uk/0,39020330,39261003,00.htm UK FBI fights organised crime http://www.theregister.co.uk/2006/04/03/soca/ - - - - - - - - - - Asian police gather in Japan to fight child porn Some 100 police investigators from Asia and the Middle East gathered in Tokyo on April 3 for a three-day seminar on ways to fight Internet child pornography, police said. The event, organized by Interpol and the International Center for Missing and Exploited Children, a US nonprofit group, is aimed at improving skills and understanding to crack down on the crime. http://www.metimes.com/articles/normal.php?StoryID=20060403-074619-3879r - - - - - - - - - - Government creates ID card agency The drive to issue biometric identification cards to UK citizens is already underway, following the compromise hammered out last week The government wasted no time in starting work on the ID card scheme after the bill became law last week; a new agency that will be tasked with introducing ID cards has been set up. http://news.zdnet.co.uk/business/legal/0,39020651,39260994,00.htm - - - - - - - - - - New Peer-To-Peer Trojan Worm Attacks Enterprises A dangerous Trojan spying on your computer while connecting to a remote attacker is a threat big enough, in itself. What if the same malice has peer-to-peer creeping ability too?! Security experts at MicroWorld Technologies inform that Trojan.Win32.Inject.t or W32/Inject-H is a new peer-to peer worm with IRC backdoor Trojan capacities. http://www.theitshield.com/pr/6169 - - - - - - - - - - Surfers failing to spot phishing sites Encryption focus ignores the user, study shows Web users largely ignore the browser warning signals that could allow them to verify the authenticity and trustworthiness of a website, research has claimed. http://www.vnunet.com/vnunet/news/2153236/study-blasts-browser-security - - - - - - - - - - Virus alerts 'as bad as spam' Not so, says antivirus vendor Alerts generated by antivirus software. are as bad as the spam advertising messages that clog up users' email accounts, according to an industry analyst. http://www.vnunet.com/vnunet/news/2153258/virus-alerts-bad-spam - - - - - - - - - - Edgewise Media Website Now Certified as 'Hacker' Safe The Edgewise Media Website, a supplier of blank media and accessories to the TV and movie industries is now tested and certified daily to pass the FBI/SANS Internet Security Test. The "live" HACKER SAFE mark appears only when a web site's security meets the highest security scanning standards of the U.S. government, Visa, MasterCard, American Express, Discover and JCB. http://www.prweb.com/releases/2006/4/prweb366712.htm - - - - - - - - - - Symantec Makes New Bid to Secure IM Security software maker Symantec is hoping to cash in on enterprise customers' growing headaches around managing and protecting instant messaging applications, including the freely available IM clients so popular among today's users. http://www.eweek.com/article2/0,1759,1945492,00.asp Review: Symantec security gateways http://www.it-observer.com/news/6001/review_symantec_security_gateways/ Symantec unveils remote data backup software http://www.computerworld.com/securitytopics/security/story/0,10801,110148,00.html - - - - - - - - - - Vista Poses Danger To Security Product Vendors Microsoft can pull the consumer security software rug out from under its long-time partners and likely avoid antitrust charges by sprinkling security throughout Vista in bits and pieces, an analyst said this week. http://www.it-observer.com/news/5996/vista_poses_danger_security_product_vendors/ - - - - - - - - - - System Spyware Interrogator Trisnap Technologies has announced the release of System Spyware Interrogator 3.0 Tech Edition. System Spyware Interrogator (SSI) is a free tool that detects and removes malicious software from clients' computers. http://www.it-observer.com/news/5991/system_spyware_interrogator/ - - - - - - - - - - A Pretty Good Way to Foil the NSA How easy is it for the average internet user to make a phone call secure enough to frustrate the NSA's extrajudicial surveillance program? Wired News took Phil Zimmermann's newest encryption software, Zfone, for a test drive and found it's actually quite easy, even if the program is still in beta. http://www.wired.com/news/technology/0,70524-0.html - - - - - - - - - - Demonstration of Steganography Messages to Evade IDS Detection In response to a discussion with Taosecurity author Richard Bejtlich I had some time back in regards to botnet techniques used to evade detection, I have come up with a very simple technique that can be used to circumvent firewalls and IDS systems, and still allow bots to receive commands in a bot-net. http://www.it-observer.com/news/6000/demonstration_steganography_messages_evade_ids_detection/ - - - - - - - - - - 802.11w fills wireless security holes 802.11i, the standard behind Wi-Fi Protected Access and WPA 2, patched the holes in the original Wired Equivalent Privacy specification by introducing new cryptographic algorithms to protect data traveling across a wireless network. Now, the 802.11w task group is looking at extending the protection beyond data to management frames, which perform the core operations of a network. http://www.it-observer.com/news/6002/80211w_fills_wireless_security_holes/ - - - - - - - - - - Programming in GNU/Linux Systems This article is a first in series that deal with secure programming and related issues. Before we begin though, lets first define secure programming. A secure program is an application that sits on a security boundary, taking input from a source that does not have the same access rights as the program. http://www.it-observer.com/news/5999/programming_gnulinux_systems/ - - - - - - - - - - Can you do any thing against a hacker? We are an educational institution which provides LAN for access by students. Students of our institution are allowed to put as much material as they may want to, on the LAN in a folder called Students Corner. We have been providing this facility for the last few years. However, we recently got a complaint from a couple of students that the folder contains the faces of six girl students of the institute, pasted on six nude models. http://economictimes.indiatimes.com/articleshow/msid-1473502,curpg-5.cms - - - - - - - - - - HIDDEN COST OF ILLEGAL IMMIGRATION: ID THEFT In the noisy immigration debate raging in Washington, there is one voice NOT being heard. The voice of the identity victims. Behind many of the nation's undocumented workers are someone else's documents. http://redtape.msnbc.com/2006/03/hidden_cost_of_.html - - - - - - - - - - Company Touts Low-Cost Facial Recognition Security experts have long predicted that personal identification technologies such facial recognition software would someday replace passwords in the common business setting, and one firm is betting that the availability of cheap, effective hardware, along with its software, is making such systems more practical today. http://www.eweek.com/article2/0,1759,1945010,00.asp - - - - - - - - - - Outcry turns Office Massacre into a zombie Mobile game to be reworked after 'negative press' A games company is to change the title and content of a mobile phone game called Office Massacre following a media outcry. "After the recent headlines over the about-to-be-released Office Massacre phone game, we have decided to stop the game's release in that version," said Alten8, the company behind the controversial game. http://www.vnunet.com/vnunet/news/2153317/office-massacre-turns-zombie - - - - - - - - - - Girls attempt real-life version of video game Residents alarmed; teens could be charged Five teenage girls from Portage County face potential criminal charges after attempting to play a real-life version of Super Mario Bros. The Portage County Hazardous Materials Unit and Bomb Detection Unit were called in to downtown Ravenna on Friday morning after seventeen suspicious packages -- boxes wrapped in gold wrapping paper with question marks spray painted on them -- had alarmed residents. http://www.siliconvalley.com/mld/siliconvalley/news/local/14239923.htm *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2006, NewsBits.net, Campbell, CA.