January 25, 2002 ****** SPECIAL TRAINING ANNOUNCEMENT ****** Registration for the 2002 HTCIA International Training Conference & Labs, October 1-3 in Atlantic City, NJ, opens on Monday, 01/28 12 AM EST, 9 AM PST. Registration is first come - first served. For information and forms, please see; www.htcia2002.org *********************************************************** Former Los Alamos computer whiz to stay in custody A former Los Alamos National Laboratory computer expert awaiting trial on hacking charges violated his bond agreement by accessing the Internet, a prosecutor alleged Thursday. Jerome Heckenkamp, 22, has been in jail since Jan. 18, when he asked that his $50,000 bond be revoked and the money be returned to the friend who posted it. Heckenkamp said he didn't want the friend to be liable for his actions as he sought to represent himself at trial. http://www.siliconvalley.com/docs/news/tech/075299.htm http://www.securityfocus.com/news/316 - - - - - - - - CERT reports ICQ security hole A security hole that may allow an attacker to run malicious code on a victim's PC has been detected in AOL's ICQ chat program. All versions prior to AOL Mirabilis 2001B are vulnerable to the exploit, according to a report published on Thursday by the U.S.-based Internet security center CERT. Users who have the most recent build of the Mirabilis client are safe because vulnerable builds of the newest client will be automatically instructed by the server to disable the vulnerable plug-in. But all versions prior to 2001B do not have an external plug-in to disable, and so are vulnerable even after connecting to the server. http://zdnet.com.com/2100-1104-823247.html http://news.zdnet.co.uk/story/0,,t269-s2103189,00.html http://www.theregister.co.uk/content/55/23831.html http://www.vnunet.com/News/1128653 - - - - - - - - Holy Cow! Bowie Among Innocents Used In Ebay Scam A new identity-theft scam has corralled several high profile Web sites as unwitting co-conspirators, including sites associated with exclamatory sports broadcaster Harry Caray and rock chameleon David Bowie. The scam, designed to steal credit card information, Social Security numbers and other personal data from unwary Internet users, is built upon Internet resources owned by Bowie and Harry Caray Restaurant Group, a holding company named after the late Chicago-area baseball broadcaster renowned for bellowing "Holy Cow" after great plays. Also embroiled in the scam is America Online's personal home page service. http://www.newsbytes.com/news/02/173962.html - - - - - - - - SEC uses fake site to warn investors In a twist on recent investment hoaxes, the Securities and Exchange Commission on Friday issued a news release from a nonexistent company in an elaborate effort to educate investors on the dangers of casual investing. According to the fake release, biological defense systems manufacturer McWhortle Enterprises will go public Jan. 30, 2002. The statement was issued by the SEC via PRNewswire, which disseminates financial news releases. http://news.com.com/2100-1023-823578.html - - - - - - - - Turning Macs on Thievery Every year about 400,000 computers are stolen in the United States. Only 3 percent are ever recovered. But after his sister's iMac was taken during a burglary, a Houston man was able to get it back using remote- control software, expert help from friends on the Net, a large dose of luck and some incredible naivete on the thief's part. http://www.wired.com/news/mac/0,2125,50025,00.html - - - - - - - - OMB offers dim view of security The Office of Management and Budget's report on the first mandated agency security assessments supports the poor view of federal security outlined by auditors over the past few years, a top OMB official said Jan. 24. The OMB report will be submitted to Congress next month with President Bush's fiscal 2003 budget. http://www.fcw.com/fcw/articles/2002/0121/web-gisra-01-25-02.asp - - - - - - - - White House Cybersecurity 'Strategy' Due In June The White House will avoid calling for legislative edicts when it rolls out its sweeping national cybersecurity "strategy" later this year, a senior Bush administration official said today. Speaking at a technology conference here, White House Director of Critical Infrastructure Protection Paul Kurtz said that the cybersecurity strategy which is due out June - would include extensive input from private-sector contributors. http://www.newsbytes.com/news/02/173967.html White House official outlines cybersecurity initiatives A key White House official on Friday outlined the Bush administration's strategy for protecting the national critical infrastructure, including expanding partnerships with the private sector and encouraging information sharing among companies to avoid cyberattacks. http://www.govexec.com/dailyfed/0102/012502td1.htm - - - - - - - - MP slams government e-security UK government computer systems have been targeted by hackers at least 85 times in the last five years, and over half of the attacks were made on the Ministry of Defence (MoD). MoD systems were hacked at least 48 times in that period, and 12 times in 2001. The Lord Chancellor's Department has confirmed evidence of 19 hacking incidents in the last five years, three by outsiders and 16 by internal staff. http://www.vnunet.com/News/1128637 - - - - - - - - DMA To Adopt New Rules On 'Spam,' Privacy Policies The Direct Marketing Association next week is expected to announce sweeping changes to its policy on unsolicited bulk e-mail or "spam," which would require the expulsion of member companies that do not adhere to the groups new standards. The DMA voted last weekend to adopt the new standards, which include strict conditions under which marketers will be allowed to send e-mail solicitations. http://www.newsbytes.com/news/02/173968.html - - - - - - - - Police forces rapped over data The Information Commission has warned that it will take action against police forces if they don't improve the quality of data in the Police National Computer. A report by Her Majesty's Inspectorate of Constabularies into the quality of data on the PNC has revealed massive delays in adding data about convictions to the system. PNC data will underpin the Criminal Records Bureau, set up to help employers identify offenders such as paedophiles trying to get work with children. A delay in adding information to the PNC means that previous offenders may go undetected. http://www.vnunet.com/News/1128642 - - - - - - - - Hackers' mirror shattered The hacker community received a blow today when deface- ment mirror Safemode.org closed its doors. Safemode was the last major site to record the web pages of the rich and famous after they had been defaced by hackers and before they were taken down and repaired. Last May the well known Attrition.org shut down its defacement mirror, and Alldas.de has been up and down in recent months following a bombardment of denial of service attacks effectively leaving Safemode as the only major defacement mirror. http://www.vnunet.com/News/1128648 - - - - - - - - FedCIRC preps free security tools Working with its second year of appropriated funding, the Federal Computer Incident Response Center is preparing a range of free security tools for agencies over the next year, a federal cybersecurity official said Jan. 23. Within the next two weeks, vendors will finish submitting proposals for an automatic patch dissemination system, which is intended to make it easier for security managers to handle the abundance of security patches available for commercial software, said Sallie McDonald, assistant commissioner for information assurance and critical infrastructure protection at the General Services Administration's Federal Technology Service. http://www.fcw.com/fcw/articles/2002/0121/web-circ-01-25-02.asp - - - - - - - - Canadian Authorities Condemn 'Hate-And-Run' Webmaster In what was billed as the first-ever human rights complaint involving a "hate" site on the Internet, Canadian authorities have ordered a Web ban on the country's most notorious Holocaust denier. But the ruling last week by the Canadian Human Rights Commission (CHRC) may be more symbolic than effective, since Germany-born Ernst Zundel moved from Canada to the U.S. after complaints over his Zundelsite.org Web site were first filed nearly six years ago. http://www.newsbytes.com/news/02/173972.html - - - - - - - - Germany evicts US Nazi propagandist from Web sites Germany successfully evicted on Friday a U.S.cyber- squatter from Web sites carrying the names of German government ministries which then directed surfers to banned neo-Nazi material. The Federal Republic of Germany had brought a case against Nebraska-based firm RJG Engineering Inc after the latter registered verfassungsschutz.org and bundesinnenministerium.com, .net and .org, which translate as ''Office for the Defense of the Constitution'' and ``Ministry of the Interior'' in English. http://www.siliconvalley.com/docs/news/reuters_wire/1743111l.htm http://zdnet.com.com/2110-1105-823516.html - - - - - - - - Network Solutions mishandled sex.com domain, owner says VeriSign's Network Solutions unit wrongly assigned the sex.com Internet address to a man claiming to work for the Web site and should contribute to a $65 million award in the case, the site's owner said in papers filed with a federal appeals court. A U.S. judge in San Jose has ruled that Network Solutions, which is the largest registrar of Internet domain names, is immune from civil suits arising from the mishandling of the address. http://www.siliconvalley.com/docs/news/tech/030704.htm http://news.com.com/2100-1023-823122.html - - - - - - - - Data policies key to avoiding legal pitfalls There are many lessons to be learnt from the Enron collapse - not least that careful attention to data retention and destruction is vital. In the light of the recent collapse of US corporate giant Enron, lawyers and IT experts are advising UK firms to review the way they manage and store electronic data if they want to avoid legal problems, and as a safeguard in case they need records of business dealings. Good procedures can also help to eliminate unnecessary records and so reduce storage costs. http://news.zdnet.co.uk/story/0,,t269-s2103190,00.html - - - - - - - - Telework security risk causes conflict IT departments are nervous about plugging the corporate network into the Internet. The UK leads Europe in the number of employees who spend part of their working week at home, according to analyst group Datamonitor. But IT managers and analysts foresee growing areas of conflict for IT departments and home workers. Across the continent, Datamonitor estimates that 14.5 million people work from home at least one day a week. Of these, 6.5 million are UK workers, almost a quarter of the country's workforce. http://news.zdnet.co.uk/story/0,,t269-s2103171,00.html - - - - - - - - Set a hacker to catch a hacker Pimpshiz, the hacker who rose to notoriety in 2000 during a pro-Napster defacement spree, has gone straight. Although his case is still pending in the US judicial system, Robert Lyttle, as he is now known, is trying to make a break as a security expert. With a string of website defacements under his belt including military, FBI, and Nasa sites, Lyttle has started up a security company, Sub-Seven Software. He believes that the security industry could do with a word of advice from the dark side of the hat. http://www.vnunet.com/News/1128657 - - - - - - - - Wireless officesa hacker boon? Corporations across America are opening their doors to hackers when they set up wireless networks--or when their employees set them up behind their backs. "We came across a company with one of these networks. All their source code, everything was available," said Thubten Comberford of White Hat Technologies, a wireless security firm. "This network was beaconing, 'log onto me'...It basically had its Rolls-Royce parked in the driveway, engine running, with a sign saying 'steal me.'" http://zdnet.com.com/2100-1105-823253.html - - - - - - - - Responsible use urged on facial scans It may be comforting to think that facial-recognition cameras are scanning faces in airports, ever alert for terrorists, and watching over shopping centers to spot criminals. But what if the cameras also start checking on you? That possibility is increasing as law enforcement and safety agencies as well as the general public embrace surveillance technology as a way to increase security. Furthermore, little consideration has been given to the need for legal restrictions on how surveillance technology can be used, a privacy expert warns. http://www.fcw.com/fcw/articles/2002/0121/web-bio-01-25-02.asp Is biometric use by feds premature? http://www.gcn.com/vol1_no1/daily-updates/17834-1.html - - - - - - - - At CIA's In-Q-Tel, mundane tech better than Bond When it comes to tapping new technologies for the CIA, the mundane can have more value than the James Bond model, Gilman Louie, chief executive officer of In-Q-Tel, the agency's investment arm, said Thursday. In-Q-Tel -- where the Q stands for the fictional Bond's gadget master is a venture capital firm started by the CIA in late 1999 to find new technologies being developed in the private sector to keep the agency up to speed on innovation. http://www.siliconvalley.com/docs/news/tech/023248.htm http://www.cnn.com/2002/TECH/industry/01/25/cia.reut/index.html - - - - - - - - Kidnapped? GPS to the Rescue Foreign executives and other individuals who are frequent kidnapping targets in Latin America will soon be able to use implantable ID chips and personal GPS devices in an attempt to thwart their abductors. Applied Digital Solutions announced Thursday it had reached an agreement with a distributor to sell its VeriChip and Digital Angel products in three South American countries. http://www.wired.com/news/business/0,1367,50004,00.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.