December 4, 2000 Poland's first convicted hacker A 22-year-old computer hacker received a one-year suspended jail term on Wednesday in one of Poland's first ever computer crime-related conviction, the PAP news agency reported. A court in the southern Polish city of Cracow found the hacker, identified only as Andrzej G., guilty of breaking into the system of a local business and destroying files worth US$1,000 (RM3,800). The cyber assailant maintained his innocence throughout the trial, but court officials said they had no doubt he had used a pirate program found on his computer to break into the firm's network. In a move to prevent any future misadventures in cyberspace, the court also ruled to confiscate the hacker's hard drive. The verdict is subject to appeal. http://thestar.com.my/tech/story.asp?file=/2000/11/30/technology/30polhack - - - - - - - - - Mounties launch probe into PlayStation 2 Net store Canadian police have launched an investigation into a Web store that customers say sold them Sony PlayStation 2 consoles but has yet to deliver them. Detective Barry Elliott of the Royal Canadian Mounted Police (RCMP) confirmed Monday that his office is investigating the company that runs Web sites PS2storecanada.com and PS2storeusa.com, but declined to give specifics. On Friday, the main branches of the Canadian and U.S. Better Business Bureaus issued a warning to consumers about Web sites that falsely advertise the availability of popular electronic games. The warning came after hundreds of customers from both countries complained they had paid for but did not receive a console. Scott Byers, the operator of the Web sites, told CNET News.com on Friday that he shipped consoles to every customer who paid for one. He said the problems stem from a different Web store that operated under the same name--PS2storecanda.com-- which ran off with its customers' money. Customers had mixed up the two companies, Byers said. http://news.cnet.com/news/0-1007-200-3987324.html - - - - - - - - - DOJ endorses European cybercrime pact Federal law enforcement officials have endorsed the gist of a controversial European drive to tighten cybercrime laws over the protests of privacy, civil liberties, and human rights advocates. The central provisions of the 41-nation Council of Europe's latest draft convention "are consistent with the existing framework of U.S. law and procedure," the Justice Department said in a Friday posting on its cybercrime Web site. At issue is the first multilateral pact drafted specifically to deal with the cross-border nature of much computer-related crime. When ready, the draft treaty would be opened for signature worldwide in an effort to slash the procedural and jurisdictional obstacles that law enforcers say play into the hands of criminals operating through the Internet. Targeted are such things as malicious code to disable Web sites as well as computer use for such garden-variety crimes as fraud, copyright infringement, and distribution of child pornography. http://www.zdnet.com/zdnn/stories/news/0,4586,2660971,00.html - - - - - - - - - Govt able to demand keys to encrypted data An obscure clause in the Crimes Amendment Bill could be used to force computer system owners to hand over the keys to encrypted data, says an Auckland security expert. Clause 19 of the Supplementary Order Paper 85 exempts Security Intelligence Service personnel with interception warrants from prosecution under the proposed crime of unauthorised access to a computer. This clause also exempts "a person, or member of a class of persons, requested to give any assistance that is specified in that warrant." Lech Janczewski, an Auckland University lecturer in management science and information systems and chairman of the New Zealand Information Security Forum, says the phrase "any assistance" could include handing over decryption keys. http://www.nzherald.co.nz/storydisplay.cfm?storyID=163152 - - - - - - - - - Report finds progress in cybersecurity in private sector Representatives from more than a dozen critical infrastructure sectors of the economy, including telecommunications, transportation and electric power, this week plan to deliver to the White House a status report on the private sector's progress in beefing up cybersecurity. Their findings: Many companies have made significant progress during the past year to protect their infrastructures from attack, but others still face an uphill battle. http://www.computerworld.com/cwi/story/0%2C1199%2CNAV47_STO54703%2C00.html - - - - - - - - - Hackers scare firms into unwise spending Spending on computer security is expected to more than triple in the next few years, thanks to hackers, viruses and other computer system maladies. But will that make computer systems three times safer? Not necessarily, says Frank Prince, a senior e-business analyst with Forrester Research in Cambridge, Mass. He says security decisions often are made in haste. "Why do people buy security? Because they are scared of something," says Mr. Prince. "But they can throw a lot of money away on security" and not be aware of it. http://www.bizjournals.com/sanjose/stories/2000/12/04/smallb3.html - - - - - - - - - The Confessions of A White Hat Hacker Using downloaded hacker utilities, Jude easily breaks into his company's Web site - and goes undetected.Last week, I spent most of my time installing Linux and a few white hat applications from hacker Web sites: Firewalk, Nmap, Sniffit, Swatch and Tripwire. This week, I've had a bit of a chance to play around with them. This "white hat" nomenclature confused me when I first heard it. White hat is a fairly common term for people who hack legitimately - security staff, researchers and so on. By contrast, black hat hackers hack maliciously. Basically, white hats are the good guys; black hats are the bad guys. Gray hats are somewhere between the two, and nobody knows where Red Hat Linux fits in with all this. http://www.computerworld.com/cwi/stories/0,1199,NAV47-68-84-90_STO54616,00.html - - - - - - - - - Meet the Hackers Not all hackers are bad guys. But understanding what motivates them can make you less vulnerable to an attack. On the surface, the Web is a slick marketing and commerce tool. As you surf through sites like Yahoo and Amazon.com, the online world looks clean and orderly, the perfect place for your business to set up shop. But drill down a bit, beneath the special- interest sites and chat groups, and you'll unearth a colorful crew of subterranean Web dwellers known as hackers, crackers, phreakers and script kiddies. They travel covertly in and out of websites, looking in your shopping carts, reading your e-mails and occasionally announcing their presence by defacing a website, flooding servers (computers that host services on a network) or diverting credit card numbers for their personal use. While these folks are generally grouped under the generic umbrella of "hackers," they have very different agendas and skill sets http://www.darwinmag.com/read/120100/hackers_content.html - - - - - - - - - Mashing The Spammers Here's your opportunity to play posse member in the war against spam. SpamCop.net is a service that allows Web users to help Internet service providers catch up with spammers and shut them down. "Often, spammers lose their accounts and even get charged 'cleanup fees' by their Internet providers," says the service's Web site. SpamCop says it is the digital equipment of duct tape, though perhaps a High-Life Man might find it a little more daunting to use. http://www.newsbytes.com/news/00/158909.html - - - - - - - - - Merchants Squeezed E-tailers desperate for holiday profits are finding themselves squeezed between frauds and cybershoplifters on one side, and an antiquated, uncaring, financially punitive and often outright hostile credit-card system on the other. The problem, according to e-tailers, is a system that holds them completely liable for all Internet fraud and the disputed transactions known as chargebacks, while failing to provide adequate methods to verify the validity of transactions. At the same time, e-tailers say they're faced with apathetic credit card companies as they try to find justice, even when fraud is clear and provable. http://www.zdnet.com/zdnn/stories/news/0,4586,2660192-2,00.html - - - - - - - - - Uninvited Guests For Web companies, security means opening their doors without giving away the business. Not so long ago, we would have begun this issue of Build with an admonishment to put security higher on the agenda. But that point is now being made in the marketplace. This year the hacking and viruses that have always been a part of the Net landscape grew significantly worse. The infamous "I Love You" virus caused millions of dollars in damage. Microsoft recently reported that it was hacked, joining the thousands of other companies that have disclosed breaches. And with hacks being used as weapons in the recent Middle East clashes, many believe cyber-terrorism will be part of the near future. http://www.thestandard.com/article/display/0,1151,20459,00.html - - - - - - - - - Hard Lessons Knowing what to do before you get hacked is important. So is knowing what to do afterward. It's the early days the Web, and the U.S. Department of Justice, no less, is the victim of a brand-new crime. By the morning of Saturday, Aug. 17, all hell has broken loose at the DOJ's main office. The phone lines are surging with urgent calls from members of the press and panicked officials. Staff members, usually at home on weekends, are showing up in droves. And, word has it, the FBI is on its way. http://www.thestandard.com/article/display/0,1151,20478,00.html - - - - - - - - - Safe and Sound Companies need to think before sinking their money into security products. Security is beginning to receive a lot more attention from the corner office these days, thanks largely to a growing list of high-profile attacks. But are companies fighting a losing battle? Company spending on security increased 188 percent this year over last, with nearly a quarter of companies spending more than $1 million a year on the problem, according to a recent survey conducted by Information Security magazine. Yet the number of cyber attacks continues to rise. The survey reported that eight out of 10 companies in the United States were victims of security-related online crime. http://www.thestandard.com/article/display/0,1151,20470,00.html - - - - - - - - - Children must be aware of need for Net security I don't know about your family, but even though my kids are in their teens, I still have to remind them to lock the front door when they come home in the afternoon. The same is true when they use their PCs. Kids -- like adults -- can easily do things that make your home computers vulnerable to intruders. In general, the issue of hackers and viruses applies to anyone whose family members access the Internet, but it's especially important if you have a cable modem, DSL line or other ``always on'' connection to the Internet. And, even though we hear a lot more about attacks on Windows machines, Mac users are also vulnerable. http://www0.mercurycenter.com/svtech/news/indepth/docs/lm120300.htm *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000, NewsBits.net, Campbell, CA.