July 31, 2000 Internet scam lands man in prison for 18 months A man who admitted cheating a dozen people out of nearly $30,000 and a series of fraudulent bank transactions has been sentenced to a year and a half in prison. "I took advantage of the honest nature of people," Jeff David Stark told U.S. District Judge John C. Coughenour. "I accept full responsibility. I know that what I did was wrong. . . . (This) is the darkest period of my life.” Stark, 29, whose last known residence was Tacoma, pleaded guilty in May to one count of wire fraud. He admitted using auction sites maintained by eBay and Yahoo! to offer stereo receivers, computers, costly Barbie dolls and other merchandise for which he accepted payment but never sent the goods. http://www.king5.com/localnews/storydetail.html?StoryID=4395 - - - - - - - - - - - Barclays security breach forces online service to close UK bank Barclays was hit by an online security breach Monday morning which allowed at least four customers to access the bank details of other Barclays customers. The breach follows the introduction of new security infrastructure designed to strengthen the bank's defences Saturday evening and forced the company to close its online services. http://www.zdnet.co.uk/news/2000/30/ns-17002.html - - - - - - - - - - - Cyber-war? U.S. defense sites invaded by young hackers, not Iraqis Iraq was mistakenly suspected of sponsoring cyber attacks on hundreds of U.S. defense sites. U.S. officials said Iraq was believed to have employed hackers to break into at least 200 unclassified defense sites operated by the Pentagon and military during the United Nations crisis with Baghdad in 1998. At the time, President Saddam Hussein ordered the expulsion of UN inspectors. http://www.worldtribune.com/Archive-2000/ss-cyberterror-07-31.html - - - - - - - - - - - EU steps up cybercrime talks The European Union met informally Saturday to discuss new cross-border powers for law enforcement agencies to combat international Internet crime. Discussions centre around a new RIP-style approach across Europe. EU representatives said Internet crime was rapidly outpacing the implementation of necessary policing powers and that urgent action was required. http://www.zdnet.co.uk/news/2000/30/ns-16986.html - - - - - - - - - - - Motorola suing to stop software sales on eBay Motorola said today it filed lawsuits in several states to stop the sale of its radio service software on online auction site eBay. The radio software is a computer program used with PCs to program Motorola's two-way radios. Motorola licenses the software to its partners and customers on a restricted basis. The suits, which allege copyright infringement, were filed in federal courts in California, New Jersey, New York and Texas. Five defendants acquired Motorola's radio service software for many of its two-way radio models without the company's consent and advertised and sold the software via eBay, Motorola said. http://news.cnet.com/news/0-1007-200-2398187.html - - - - - - - - - - - Microsoft sues over theft ring A Federal Way woman skimmed at least $1.3 million from the accounts she managed for Microsoft, the software giant alleges in a civil lawsuit. As the software maker's accounts payable coordinator, Antina Campbell was supposed to investigate why a list of companies had not cashed checks that Microsoft had issued them. If a company had changed hands, Campbell was to replace the recipient's name and cut a new check. Instead, Campbell wrote about 100 checks to people who were involved in the scheme, Microsoft alleges in the suit, filed June 30 in King County Superior Court. http://www.tribnet.com/news/top_stories/0731b12.html - - - - - - - - - - - Commons security run by 'terrorist suspect' A SUDANESE businessman who has been linked by the American CIA to the world's most wanted terrorist is the leading shareholder in a company that provides security systems to the Houses of Parliament. Salah Idris, 48, whose pharmaceutical factory in Sudan was flattened by American cruise missiles after it was linked to Osama Bin Laden, the Saudi terrorist, owns 25% of IES, a company specialising in high-technology surveillance and security management. http://www.the-times.co.uk/news/pages/sti/2000/07/30/stinwenws01037.html - - - - - - - - - - - Microsoft cookie tool stirs controversy What began as an effort to give Web browser users more control over their privacy has put Microsoft Corp. in the cross-fire of Web advertisers and privacy advocates. With Internet Explorer 5.5, Microsoft is testing a cookie management feature that blocks certain kinds of cookies -- data records created by a browser that preserve information about Web sessions. The seemingly innocuous add-on has raised the ire of Web advertising services and e-commerce vendors that claim the feature unfairly excludes them from the benefits of cookies: driving traffic and ad dollars to a site and supplying key demographic data to e-businesses. http://www.zdnet.com/zdnn/stories/news/0,4586,2609257,00.html - - - - - - - - - - - Data Privacy Gains Ground The U.S. House of Representatives recently passed an amendment to an appropriations bill that would force federal agencies to show how they collect personal data from the Internet. The amendment, proposed by Rep. Jay Inslee (D-Wash.), calls for federal agencies to advise visitors to federal Web sites that their personal data is being collected and demonstrate how it's done. http://www.computerworld.com/cwi/story/frame/0,1213,NAV47_STO47652,00.html - - - - - - - - - - - Bankers to Offer Online IDs To help banks compete against start-ups in the field of online identity authentication, the American Bankers Association (ABA) in Washington earlier this month announced the launch of TrustID, an online identification system. According to e-strategies director Stephen Schutze, the ABA's TrustID system is an attempt to put banks back in charge of digital signature authentication. "Banks are trusted parties," Schutze said. "And banks know their customers." http://www.computerworld.com/cwi/story/frame/0,1213,NAV47_STO47637,00.html - - - - - - - - - - - Pentagon scrutinizes handheld security The Defense Department is conducting a top-down review of security concerning the use of personal electronic devices, including palmtop computers, certain pagers, cell phones and laptop computers. The review is part of a larger DOD effort to institute tougher security measures and to treat the Pentagon as a command center for the nation’s defense. http://www.fcw.com/fcw/articles/2000/0731/news-pda-07-31-00.asp - - - - - - - - - - - DOD top brass will outsource network management, security The Office of the Secretary of Defense plans to outsource all common applications and information security services for its 5,500 unclassified users. The contract "will give us one belly button to push" and make it easier to measure vendor performance, said Paul Brubaker, deputy chief information officer for the Defense Department. At least 15 contractors already manage some portion of OSD's systems enterprise, so the new contract would consolidate those services, he said. And, roughly 95 percent of the systems staff in the CIO's office are contract employees. http://www.gcn.com/vol1_no1/daily-updates/2496-1.html - - - - - - - - - - - Lotus E-Mail Security Problem: The Domino Effect Companies that rely on a version of Lotus Notes e-mail system called Domino could find their e-mail accounts and passwords jeopardized by a security weakness in the software, according to online security firm iDefense. The security flaw, found in many Lotus Domino Web-based user-authentication tools, is due in part to a password file that relies on "weak" encryption methods for the text password. According to an iDefense alert issued today, an attacker using a "brute-force" method on any Lotus client can access the HTTP password file and obtain permission levels identical to the "spoofed" account. http://www.newsbytes.com/pubNews/00/152989.html http://www.nwfusion.com/news/2000/0731lotushole.html - - - - - - - - - - - Defcon: The Hacker's Bacchanalia What do you get when you mix 6,000 hackers and hacker wannabees with booze, gambling and some of the hottest temperatures in the history of Sin City? Defcon, an annual gathering that holds the Alexis Park Hotel's all time record for the most alcohol consumed by one group in a weekend. http://www.wired.com/news/culture/0,1284,37896,00.html - - - - - - - - - - - Rave Against the Machine Defcon 2000: Hackers, Geeks, ‘Script Kiddies’ Party It’s not just about the machines. There are probably hundreds of people at Defcon, the world’s largest computer security convention, who could take down your company’s network with a few well-placed keystrokes. There are even some who are trying to explain how to avoid such attacks, if anyone’s willing to listen. http://www.abcnews.go.com/sections/tech/DailyNews/defcon000728_old.html - - - - - - - - - - - Spot the Fed Hackers Play Games as Feds Appeal for Cooperation He’s a Fed. She snitched him out. Can they find love? Life started echoing reality TV at Defcon, the world’s largest hacker convention, when a 32-year-old system administrator named Tahkara picked an Air Force reserveman named Brian out of the crowd, pegged him as a "fed," and then convention organizers set them up on a date. "Spot the Fed" is one of the hackers’ favorite games at the annual convention, usually well-attended by federal agents looking for intelligence. Tahkara said she’d pegged Brian because, "how much normaler can you get looking?" http://www.abcnews.go.com/sections/tech/DailyNews/hacker000730.html - - - - - - - - - - - Hackers Seek Privacy: Seeking Ways to Cover Their Tracks Ever want to walk away from your life? You can change your identity, hide your tracks on the Internet, and cloak your e-mail in privacy. Battered wives can elude their painful pasts; harassers and criminals can hide from the law. But you probably can’t escape your boss. http://www.abcnews.go.com/sections/tech/DailyNews/hacker000729.html - - - - - - - - - - - cDc bores two thousand people at once The Cult of the Dead Cow -- authors of Back Orifice and BO2K and the undisputed glam rockers of the hacking underground -- amazed the crowds at Defcon with an hour of shallow meditations on site defacements, network security, and themselves. We knew we were in trouble at the opening, as member Tweety Fish kicked off the long anticipated festivities with the disclaimer, "Just to let you guys know, um, we were pretty much perfectly aware that, that, that, we were not going to top last year? So, we're not going to try? So, we're just going to talk to you a while." http://www.theregister.co.uk/content/1/12261.html - - - - - - - - - - - Mitnick prepares to take the security stage Notorious computer hacker Kevin Mitnick is set to speak at a Los Angeles conference on Internet security--his first keynote after challenging the conditions of his parole in a federal court. The Sept. 27 conference, given by Massachusetts-based Giga Information Group, is expected to draw 350 to 400 people. "I'd like to help organizations and entities better understand what risks and vulnerabilities that are out there," Mitnick said in an interview, adding that he hopes to provide insight into the mind-set of hackers and how persistent they can be. "I intend to inform the audience of risks and get people to think like a hacker," he added. http://news.cnet.com/news/0-1005-200-2401675.html - - - - - - - - - - - Computer Security Is No Sure Thing Two-thirds of the way through the process of writing his new book on computer security, cryptographer, mathematician and computer security guru Bruce Schneier made a horrifying discovery. He was writing the book to offer hope to his readers but he had no hope to offer. His vision of the practice of computer security, based mostly on beautiful models rooted in complex yet elegant mathematical algorithms, was breaking up on the rocky shores of reality. http://www.forbes.com/tool/html/00/jul/0731/feat.htm - - - - - - - - - - - What the "Love" bug teaches about business ethics For most computer users, any reference to the recent "I Love You" virus conjures only bad memories. But for many residents of the Philippines, where the virus reportedly originated, the publicity generated by the incident also served as a reminder of the thriving computer industry that exists in this Southeast Asian country of approximately 68 million people. At Wharton's seventh Asian Regional Alumni Meeting, held in Manila on June 10, Wharton alumnus and guest speaker Manuel V. Pangilinan opened his remarks with a reference to the "I Love You" virus. http://news.cnet.com/news/0-1007-200-2341560.html - - - - - - - - - - - How Do I Tighten Security on My System? In my last article, "Why do I have to harden?", I discussed how security exploits develop and why you must do more than just patch. Here, I explain what that "do more" bit means. "Hardening" a system is the practice of making that system much harder to crack. I like to think that this involves steps not only to prevent break-ins, but also to detect them when they happen. http://www.securityportal.com/cover/coverstory20000731.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000, NewsBits.net, Campbell, CA.