High Tech "NewsBits" for 11/27/00

November 27, 2000 Ex-Cisco Worker Arrested Federal authorities have arrested a former Cisco Systems engineer and accused him of stealing some of the blueprints for a forthcoming optical networking product. Peter Morch, who left the San Jose computer networking giant in October to join rival Calix Networks in Petaluma, was released on $100,000 bond yesterday. He was charged with stealing trade secrets, a charge that could carry a penalty of 10 years in prison and a $250,000 fine. http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2000/11/23/BU66823.DTL&type=tech_article - - - - - - - - - Japan police inspect Yahoo office in child porn case Police Monday inspected the Tokyo office of Japan's top Internet portal Yahoo Japan Corp in connection with the alleged sale of child pornography videos by a man using the company's web site. The inspection was part of an effort to collect information to bring charges against 38-year-old Shinichi Hori, a dance school operator in Kurume on the southern island of Kyushu, arrested this month for allegedly selling the videos through Yahoo's auction site. Hori had allegedly used the web site to advertise the videos for three months starting from June, police said. http://www0.mercurycenter.com/svtech/news/breaking/internet/docs/677676l.htm - - - - - - - - - Delinquent hackers target games site Games developer Microprose - famous for such simulation titles as GrandPrix 3 - has had its Web site defaced. The Delinquent Hacking Organisation (dhc) - which already boasts some 390 scalps - has claimed responsibility for the act of vandalism. Curiously, instead of marking their effort with a grotesque picture or some inexplicable gibberish, the delinquents attempted a more literary sign-off, leaving behind a tale of angst. http://www.theregister.co.uk/content/6/15008.html - - - - - - - - - Net cops protect children Within seconds, men with twisted thoughts find a little girl who stumbled into a place she shouldn't be. An anonymous man claims to be a teacher and wants to know how the girl would be dressed in his classroom. Another wonders if her parents know she is there. They question her age and where she lives before their communique is cut off. These are dirty men in a dirty place on the Internet. Fortunately, this is not a little girl. Colorado Springs police detective Richard Hunt has posed as a child or an offender on the Internet for the past 21 months as part of the Internet Crimes Against Children Task Force. http://www.gazette.com/daily/loc2.html - - - - - - - - - Many victims of hacks clam up FBI fears word about cybercrime isn't getting out. Across Corporate America, the hacker attack is the crime that no one wants to talk about. According to the FBI and security consultants, only a few of the many companies that suffer Internet-related security breaches or whose databases are compromised by hackers ever approach law enforcement for help. As a result, awareness of Internet-related crime is much lower than it should be, industry professionals warn. ''The World Trade Center bombing woke companies up to the issue of physical security,'' says Ted Fraumann, an ex-FBI agent who works at Stroz Associates. ''It's going to take another event like the World Trade Center bombing to wake people up to the importance of Internet security.'' http://www.usatoday.com/life/cyber/tech/cti839.htm - - - - - - - - - Internet piracy hitsquad nets five cases in first year A special hit squad set up in Hong Kong to combat internet piracy has smashed five cases of cyber crime and arrested 12 suspects in its first year, customs officials revealed Monday. Assistant Commissioner of Customs and Excise, Vincent Poon Yeung-kwong announced the detection figures at the opening of a five-day computer forensic seminar in Hong Kong. Poon told participants the department's work was already acting as a deterrent and that piracy activities in Hong Kong were under control. "I am pleased to note that, since its establishment in December last year, our Anti-internet Piracy Team has effected five internet piracy cases and arrested 12 suspects," he said. http://www.antionline.org/2000/11/27/eca/0082-0143-HongKong-Piracy..html - - - - - - - - - Drug pushing linked to counterfeit software sales in Britain Counterfeit software has been linked with organised crime and drug pushing by the European Leisure Software Publishers' Association (Elspa) following a series of raids by drug investigators in the UK. Eighty percent of software counterfeiters are associated with organised crimes according to research carried out by the Elspa Crime Unit. "What people often do not realise is that often these people can be very serious and dangerous criminals, not the harmless Del Boy character that has come to be associated with counterfeiting. These people are using the profits they make from counterfeiting to fund much more sinister crime," comments chief investigator for the Elspa Crime Unit Terry Anslow in a statement. http://www.zdnet.co.uk/news/2000/46/ns-19239.html - - - - - - - - - Elton John, McCartney sing out against music piracy Elton John and Paul McCartney led a campaign Monday to warn that if people copy music for free via the Internet, it is the musicians who will suffer, not just unknown record industry executives. The phenomenal popularity of Napster, a system that lets ordinary Web surfers copy music from each other for free and often illegally, has alarmed the music industry worldwide. Forrester, an Internet research group, predicts that free music services and file swapping technologies such as this will make up a major part of the annual $3 billion in lost music sales expected globally by 2005. http://news.cnet.com/news/0-1005-200-3872271.html - - - - - - - - - Hewlett-Packard to pay German fees Computer giant Hewlett-Packard Corp. has become the first company to be snagged by a German law requiring firms to pay fees for making CD burners that are being used to illegally lift the latest hits off the World Wide Web. The case sets the stage for other European countries to possibly adopt similar rules to stem an epidemic that cost the music industry an estimated $5 billion last year. But analysts blasted the agreement reached Thursday as another example of Germany's notorious thatch of regulations. ``The manufacturers are scapegoats,'' said Robert Labatt, a new media analyst at research group Gartner. ``It's the individual works of art, books, songs, videos, that need to be protected.'' http://www0.mercurycenter.com/svtech/news/breaking/ap/docs/672002l.htm - - - - - - - - - Watchdog mauls rip-off UK porn site Telephone services watchdog ICSTIS has begun an investigation into a British porn site after it was found to be ripping off punters with its premium rate phone service, writes Andrew Smith. Visitors to UKPage3.com - which, despite its name, is not linked to British tabloid, The Sun - are told that they need to "download a small program to be able to access to (sic) our servers." When the 58Kb program is downloaded and run, it disconnects the visitor's modem and reconnects to a premium rate line charged at Ł1.50 per minute. http://www.theregister.co.uk/content/6/14957.html - - - - - - - - - Senate panel presses FBI for Carnivore data The Senate Judiciary Committee on Monday continued to press the FBI on Carnivore, the surveillance tool said capable of capturing and storing all electronic traffic moving through an Internet gateway. Committee Chairman Orrin Hatch, a Utah Republican, and ranking Democrat Patrick Leahy of Vermont asked FBI Director Louis Freeh to spell out Carnivore's reach and address concerns that it might trample on constitutional rights. http://www0.mercurycenter.com/svtech/news/breaking/reuters/docs/680628l.htm - - - - - - - - - Lawyers mud-wrestle over who owns sex.com domain In the great galaxy of Web addresses in cyberspace, sex.com is prime real estate, an easy place to find for click-happy pleasure seekers looking for the simplest way to locate prurience. But alas, even the path to a virtual Sodom and Gomorrah can be paved with potholes. Not surprisingly, sex.com is coveted. And in the ordinarily boring world of domain-name disputes, the quest for the right to sex.com has become a juicy, bitter and somewhat seamy affair, all of which has been unfolding the past two years in San Jose federal court. http://www0.mercurycenter.com/svtech/news/top/docs/sex112700.htm - - - - - - - - - His domain is driving Upper Darby insane Ian A. Murphy quit hacking years ago to start a computer-security firm. But he is still "Captain Zap" at heart. From 1,075 miles away, Murphy - one of the first people ever convicted of hacking into government and corporate computers - has been using the Internet's reach to even a score with Upper Darby Township. About seven months ago, he launched his expletive-laden Web site (www.upperdarbytownship.com), which ridicules township police, politicians and elected officials. http://inq.philly.com/content/inquirer/2000/11/19/front_page/WZAP19.htm - - - - - - - - - Yahoo probed for sale of 'Mein Kampf' in Germany German prosecutors said on Monday they were investigating U.S. Internet retailer Yahoo Inc for the suspected online auction of copies of Hitler's infamous ``Mein Kampf'' which is banned in the country. Manfred Wick, the senior prosecutor for the state court in Munich, told Reuters unnamed executives of the company were under investigation for the auction of the book on Yahoo's German Web site on February 1 and again on April 19. http://www0.mercurycenter.com/svtech/news/breaking/internet/docs/679235l.htm - - - - - - - - - Malicious Mail There were nearly 600 million email users worldwide at the close of 1999, with more than half of them in the U.S., according to industry estimates. Many market watchers expect the number of email accounts to top the 1 billion level by the end of 2001. If each mailbox receives just 20 or 30 messages a day, that's tens of billions of electronic missives flying over the Internet daily. That's a lot of information to digest and an easy way for bitter pills such as Melissa and I Love You messages to be swallowed. Those two innocent-sounding email subject lines caused havoc by spreading attached viruses throughout scores of unsuspecting corporations. http://enterprise.cnet.com/enterprise/0-9567-7-3780311.html - - - - - - - - - Credit Security Hurts E-Merchants As credit-card companies rush to assure shoppers that they will be fully protected against scams when they are shopping online, some merchants say that it is they -- not their customers -- who are increasingly becoming the victims of fraud. And a recent survey found that merchants expect the problem to escalate. Nearly 83 percent of the survey's respondents said that fraud is an increasingly serious problem, up from the 75 percent who reported it as a problem in 1999. http://www.wired.com/news/business/0,1367,40343,00.html - - - - - - - - - WEB PRIVACY POLICIES FALLING SHORT OF PERSONAL INFORMATION PROTECTION If you assume your personal data are safe at a Web site with a fancy "privacy policy," then, privacy experts say, one thing about you is already exposed: You're gullible. "Privacy policies are not worth the pixels they're printed on," said Fred Davis, a privacy advocate whose California company, Lumeria Inc., is among many new firms offering services to shield computer users from online snoops. Many Web businesses have hoped that privacy policies --voluntary statements listing how their sites intend to use the information they collect about visitors--would prove that self-regulation, rather than government intervention, can ensure the safety of personal data online. http://www.chicagotribune.com/business/printedition/article/0,2669,SAV-0011270014,FF.html - - - - - - - - - Honeynet Project's 'honey pot' a sweet success in trapping hacker attacks WHEN LAST WE SPOKE of the Honeynet Project, lead by Lance Spitzner, it had successfully tracked a malicious Pakistani hacker group that was trying to knock off as many Internet systems as it could. Fresh off their success in monitoring the group and handing over the evidence to federal authorities, the Honeynet team took a deeper look at the traffic they were capturing and found something worth investigating further. http://www.infoworld.com/articles/op/xml/00/11/27/001127opswatch.xml - - - - - - - - - Forget passwords, what about pictures? We're drowning in passwords, and our brains are rebelling. Most of us have one of two strategies for remembering all these new strings of letters and numbers: use the exact same password across the board, or keep written reminders of the various secret phrases. Either way, the entire purpose of passwords -- security -- is undermined. Two researchers in the U.S. are suggesting a third way: scrap the character heavy password altogether. They're aiming to harness the acute visual memory all humans are born with, a memory far more powerful than our ability to recall precise sequences of symbols. Their prototype, dubbed Deja Vu, holds special relevance for Asia, where the foreign-ness of the Western alphabet makes it even less helpful in setting and recalling keywords. http://www.zdnet.com/zdnn/stories/news/0,4586,2657540,00.html - - - - - - - - - Porn filter on e-mail can be easily tricked Companies protecting their e-mail system from smut with PORNsweeper software from Content Technologies Holdings might have a false sense of security due to the fact that inventive mail-users can bypass the software blockade. Content Technologies, a subsidiary of Ireland-based online security consultant Baltimore Technologies, on Friday acknowledged that there are ways around its PORNsweeper. "If the image is messed with, PORNsweeper won't catch it," said Jonathan Tait, European product marketing manager for Content Technologies. "PORNsweeper works with color images. If you use image editing software to turn an image into a negative that will trick the software," Tait said. http://www.cnn.com/2000/TECH/computing/11/27/porn.filter.idg/index.html - - - - - - - - - (*** EDITOR'S NOTE *** The last item in this newsbrief should be of interest to those who do computer forensics RJL) Data security made simple Data Security is complex, but picking the right metaphor to depict how a product works can greatly simplify the process for enterprise users. Two new products fill that bill. They use simple metaphors to clarify the often technical and confusing discussion around security for the people signing the checks. Cyber-Ark Software Inc., of Boston, last week introduced its first product, Private Ark, which provides an online "vault" for documents that need to be stored securely. In addition, Gianus Technologies Inc., of New York, this month unveiled Phantom, a desktop security product that can hide a disk partition completely without encryption. http://www.zdnet.com/eweek/stories/general/0,11011,2657411,00.html - - - - - - - - - Any port is a hacker storm Last week we discussed SYN flood attacks, a devious way that miscreants can cause trouble. In essence, a source machine sends connection requests (usually from a false address so the requests are hard to trace) that the destination machine responds to. As the source machine never completes the connection request and sends many requests quickly, the destination machine can be overwhelmed. Central to this attack is the ability of the miscreant to find an "open" port - that is, a port on the destination machine that responds to connection requests. http://www.nwfusion.com/columnists/2000/1127gearhead.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000, NewsBits.net, Campbell, CA.