February 14, 2002 NASDA Says Data Illegally Accessed Incident is another embarrassment for National Space Development Agency of Japan. A worker at a Japanese satellite firm illegally accessed a computer at Japan's space agency to view classified data relating to a rival firm, the agency said. The incident is another embarrassment for the National Space Development Agency of Japan (NASDA) after its failure last week to put a test satellite into proper orbit. http://www.techtv.com/news/scitech/story/0,24195,3372293,00.html - - - - - - - - Compaq seizes bootleg components US marshals raided the premises of a Bow, New Hampshire computer parts wholesaler, and found a thriving counterfeiting operation. They seized large quantities of counterfeit Compaq memory parts and hard drives from Hardware 4 Less, as well as well as "counterfeit Compaq labels, packing materials, warranty booklets, and software licenses". Compaq says it will seek damages of 'several million dollars' from Hardware 4 Less, as punishment for making and distributing counterfeit Compaq goods. http://www.theregister.co.uk/content/51/24066.html - - - - - - - - ISP hackers making a clean getaway? The hackers that brought down UK Internet Service Provider (ISP) Cloud Nine look almost certain to avoid prosecution. Cloud Nine's chief executive, Emeric Miszti, has told ZDNet UK News that whoever carried out January's attacks managed to cover their tracks by deleting data that could have been used to trace them. This, according to Miszti, makes it very unlikely that those responsible will be found. http://zdnet.com.com/2100-1105-837412.html - - - - - - - - Kids' Web site to pay $10,000 for privacy violations A popcorn maker agreed to pay $10,000 to settle charges that it violated privacy laws when it collected children's' names and e-mail addresses on its Web site without parental consent, federal regulators said on Thursday. The Federal Trade Commission said American Pop Corn Co., of Sioux City, Iowa, collected names, e-mail addresses and home addresses of visitors to a children's section of its Web site. According to the Children's Online Privacy Protection Rule, companies must first get permission from a parent before collecting personal information from visitors under 13. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/2672336.htm http://www.usatoday.com/life/cyber/tech/2002/02/14/kids-site.htm - - - - - - - - French spammer to pay damages Setting a French legal precedent, a local court in Paris ordered an ISP subscriber to pay $1,000 (1,254 Euros) to his access provider, Free and Liberty Surf (now Tiscali). The subscriber was found to have carried out frequent spamming, or the sending of bulk unsolicited commercial e-mail. http://zdnet.com.com/2110-1106-837720.html - - - - - - - - Call for tougher action, in Samsung stolen phone wake In the wake of the theft of 26,000 Samsung mobile phones last weekend, questions have been raised about why networks are less efficient at blocking mobiles stolen from individuals. Following the theft, the A300 phones (which were marked with Orange or One2One logos) were blocked from connection based on a list of International Mobile Equipment Identity (IMEI) codes on the phones, passed on by Samsung. None of the phones, worth an estimated PS4.2 million in total, had a SIM card inside them. http://www.theregister.co.uk/content/7/24073.html - - - - - - - - Teens running Internet scams on the rise Like a typical teen-ager, Cole Bartiromo played baseball and listened to rap music. He was also a whiz when it came to the Internet, but that got him in trouble with the U.S. Securities and Exchange Commission. Law enforcement officials say the Orange County high school student is like a growing number of his peers -- teens who use the Internet to pull off everything from securities fraud to identity theft.``We have seen a rise in the crimes, with an increasing degree of sophistication by a younger demographic,'' said FBI agent Frank Harrill of the Los Angeles cybercrime squad. ``I think it's safe to say we are going to see more of it.'' http://www.siliconvalley.com/mld/siliconvalley/news/editorial/2674001.htm http://www.usatoday.com/life/cyber/tech/2002/02/14/net-scammers.htm http://www.nandotimes.com/technology/story/252303p-2372217c.html - - - - - - - - Only seven hackers jailed in two years Industry experts are calling for a revamp of the Computer Misuse Act after the government revealed that only seven hackers have been imprisoned in the past two years. At the same time an influential lobby group has warned that improvements in tackling e-crime are needed before its growth overwhelms the UK's ability to fight back. In August last year the Confederation of British Industry said that two thirds of its members had suffered serious cyber crime attacks. http://www.vnunet.com/News/1129242 - - - - - - - - Al Qaida using Internet, official says The White House's top cybersecurity adviser told Congress on Wednesday that there is evidence al Qaida terrorists have been using the Internet to gather information about possible U.S. targets. "If you put all the unclassified information together, sometimes it adds up to something that ought to be classified," said Richard Clarke, the head of the White House Office of Cyberdefenses. So far there is no evidence that al Qaida members have tried to launch an attack over the Internet itself, Clarke said. But he added that the Bush administration would not rule out direct military attacks in reaction if any terrorist group or foreign country launched a cyberattack. http://www.nandotimes.com/technology/story/252817p-2374789c.html - - - - - - - - White House to form cybersecurity center The White House plans to set up a central office to coordinate the government's response to cybersecurity attacks, said Richard Clarke, President Bush's cyberspace security adviser, speaking to Congress on Feb. 13. The Cybersecurity Information Coordination Center will be modeled on a similar operation that coordinated the government's response to the Year 2000 computer crisis two years ago. http://www.fcw.com/fcw/articles/2002/0211/web-clarke-02-13-02.asp - - - - - - - - OMB releases a report on federal IT security The Office of Management and Budget found across- the-board weaknesses in its first evaluation of federal information security for the past fiscal year. "Many agencies have significant deficiencies in every important area of security," OMB concluded in its report to Congress released Feb. 13. This is the first report required under the Government Information Security Reform Act and is based on data submitted by 24 major agencies for fiscal 2001. Individual agencies were not singled out for poor performance, but OMB found a general lack of accountability, awareness and training for IT security. http://www.gcn.com/vol1_no1/daily-updates/17955-1.html Most Federal Agencies Unable To Spot Cyber-Attacks - OMB Most federal agencies do not manage their information technology resources well enough to detect or defeat computer viruses and hacker attacks, the White House said in a report released Wednesday. Far too many agencies have virtually no meaningful system to test or monitor system activity and therefore are unable to detect intrusions, suspected intrusions, or virus infections, the OMB said. http://www.newsbytes.com/news/02/174514.html - - - - - - - - Scouts Survey Net Harassment A Girl Scouts study confirms what has long been common knowledge online: for teenage girls, hanging out in chat rooms can be lot creepier than gathering around the campfire. In a survey released Wednesday of over 1,000 girls aged 13 to 18, 30 percent of the teens said they've been sexually harassed in a chat room. The harassment included unsolicited naked pictures of men, demands for personal details like bra size and requests for "cyber sex." http://www.wired.com/news/culture/0,1284,50413,00.html - - - - - - - - The security risks of SNMP Enterprises must act quickly to head off the hacker attacks that will almost certainly result from the revelation that there are many more security holes in the Simple Network Management Protocol than previously realized. Researchers at Oulu University in Finland pretended to be hackers and issued commands to SNMP agents and management systems that a system doesn't usually expect. What they found was alarming. http://zdnet.com.com/2100-1107-837353.html - - - - - - - - MSN Messenger Worm Entices the Unwary The 'Cool Worm' relies on malicious Web sites and exclamation points to spread its message. A relatively benign but effective Internet worm attacked users of Microsoft's MSN Messenger service Wednesday by exploiting a bug in Internet Explorer that was reported last year, but was only recently patched by Microsoft. Dubbed the 'Cool Worm' by an early discoverer, the worm arrives as an MSN instant message that reads, "Go To http://www.masenko-media.net/cool.html NoW !!!" Clicking on the link opens a Web page with malicious Javascript code that rifles through the victim's MSN Contacts list, then messages every contact with the same "Go To..." invitation. The code also sends e-mail to the address mmargae@wanadoo.nl. http://www.securityfocus.com/news/331 http://zdnet.com.com/2100-1105-837525.html http://news.com.com/2100-1001-837556.html 'Warhol' porn worm warning A 'Warhol' worm is terrorising users of Microsoft's Instant Messenger, and directing them to a porn site featuring malicious script. A discussion thread on nerd news website Slashdot yesterday warned MSN Messenger users to beware of messages recommending them to go to the site at masenko-media.net/cool.html. Clicking on the link will open Internet Explorer and take the user to a porn site that features a malicious script which exploits a known hole in the browser and hijacks the viewer's MSN Messenger contact list, sending the link to all the addresses it finds. http://www.vnunet.com/News/1129244 MSN Messenger worm low risk http://www.msnbc.com/news/707267.asp MSN Messenger Worm Marks Troubling Trend http://www.newsfactor.com/perl/story/16355.html - - - - - - - - Flaw found in MS security patch A flaw in a software tool just released by Microsoft could lead software developers to inadvertently write programs that are vulnerable to attack, according to security specialists who discovered the flaw. The security problem is said to lie with the compiler that accompanies the new Visual C++.Net, just one of several tools included in Visual Studio.Net that Microsoft shipped Wednesday. Visual Studio.Net comprises new versions of the company's software development tools, including Visual Basic, Visual C++ and its new Java-like language, C#. http://zdnet.com.com/2100-1105-837426.html http://news.com.com/2009-1001-837821.html http://www.newsbytes.com/news/02/174512.html http://www.msnbc.com/news/707130.asp http://www.newsfactor.com/perl/story/16348.html http://www.usatoday.com/life/cyber/tech/2002/02/14/microsoft-flaw.htm Did MS bug alarm go off too early? http://zdnet.com.com/2100-1105-838219.html http://www.siliconvalley.com/mld/siliconvalley/news/local/2674210.htm http://news.com.com/2100-1001-838096.html Hey Bill, Not So Trustworthy http://www.wired.com/news/technology/0,1282,50438,00.html - - - - - - - - SafeWeb Promises Security Fix SafeWeb has pledged to repair security problems reported this week in its anonymous-surfing technology. The Emeryville, Calif. firm, which has received funding from the CIA, said late Wednesday it soon would release a patch to fix Javascript bugs that can decloak users by exposing their Internet addresses. "We have a responsibility to promptly resolve bugs in our technology," said SafeWeb CEO Jon Chun. "Security is a process, and we welcome this kind of in-depth critical review as an opportunity to improve and lead in this area." http://www.wired.com/news/ebiz/0,1272,50424,00.html - - - - - - - - Security reports get mixed reviews Agency self-assessments, released by the Office of Management and Budget in a Feb. 13 report to Congress, reveal that familiar information security challenges still exist and that throwing more money at the problem doesn't seem to help. Agencies submitted the self-assessments to OMB last October, as is required by the Government Information Security Reform Act (GISRA), signed into law in October 2000 as part of the fiscal 2001 Defense Authorization Act. The law also requires that OMB submit a report to Congress on the self-assessments. http://www.fcw.com/fcw/articles/2002/0211/web-gisra-02-14-02.asp - - - - - - - - Securing signatures for Web services The premier Web standards body on Thursday recommended a way of signing documents using XML, calling its new digital signature guidelines a key tool for Web services infrastructure. The World Wide Web Consortium's (W3C) XML Signature recommendation, developed in conjunction with the Internet Engineering Task Force (IETF), provides a standard way of signing XML documents so that recipients can verify the identity of the sender and the integrity of the data. http://news.com.com/2100-1023-837863.html - - - - - - - - U.S. Navy Wireless System Backs Up Security at Olympics 'If you look at the communications architecture, the mountains pose a lot of difficult problems for security, so we thought that was where we might be most useful,' Naval Research Laboratory project manager Chris Herndon told Wireless NewsFactor. The U.S. Navy is providing a satellite-link backup system at the Salt Lake 2002 Winter Olympic Games to allow emergency communications to function in the event of a crisis. http://www.newsfactor.com/perl/story/16337.html - - - - - - - - Security Chip Foils Mobile Device Thieves Xilinx senior manager Mark Halfman told NewsFactor the new chip could be used to disable the laptop's functionality, while an audio distress signal is sent out. Halfman said GPS technology could then be used to track and recover the laptop. Unlike victims of car theft, mobile phone users do not have the equivalent of a LoJack system to track their stolen device. But a new programmable chip could provide the next best thing -- a way to make that phone totally useless to the thief. http://www.newsfactor.com/perl/story/16357.html - - - - - - - - Gateway to peddle security to masses PC maker Gateway on Thursday announced new services aimed at protecting the computers and computer networks of consumers and small businesses. Companies and individuals have been focusing more of their attention on security lately, and Gateway's new services, available now, are aimed at addressing those concerns. "These services are apropos given the environment," IDC analyst Roger Kay said. "Security is all the rage, and you can always sell against fear. It's a sign of the times." http://news.com.com/2100-1040-837635.html - - - - - - - - Cisco protects against IP telephony security risks Cisco is introducing a major refresh of its security product portfolio, adding new features to safeguard IP telephony. The new PIX 506E and 515E firewall platforms increase traffic throughput by a factor of two and a half, according to Cisco's internal tests. Select PIX 515E firewall models now come with an integrated hardware based VPN acceleration, offloading work from the devices central processor. http://www.theregister.co.uk/content/55/24064.html - - - - - - - - Bug Watch: Weathering the storm Each week vnunet.com asks a different expert from the IT security world to give their views on recent virus and security issues, with advice, warnings and information on the latest threats. As the UK battens down the hatches with the threat of turbulent weather ahead, Mark Read, professional services consultant at MIS Corporate Defence Solutions, looks at the latest forces battering the IT security world. He discusses the movers and shakers so far this year and provides some practical advice on how to calm the virus storm. http://www.vnunet.com/News/1129257 - - - - - - - - Iowa puts court records online Iowa's court system went to the Web at the end of January, and for the first time the state's judiciary system is providing online public access to basic court information from all of the state's 99 counties and its appellate courts. The site provides basic information on such things as child support payment histories, criminal and traffic records, and the disposition of cases that have come before the courts. Later this year, a $25 monthly subscription service will be introduced. Users will be able to get more detailed information, including trial and hearing dates, and judgment liens. http://www.fcw.com/geb/articles/2002/0211/web-iowa-02-14-02.asp - - - - - - - - Airport security measures will include biometrics Within six months, the Federal Aviation Administration will start 20 tests of new technologies, including biometric sensors, to increase airport security. A new transportation security law mandates the 20 pilot projects at a cost of $23 million, said Rick Lazarick, aviation security technology integration lead at FAAs William J. Hughes Technical Center in Egg Harbor Township, N.J. Tests of new ways to monitor employee access to secure sections of airports will focus on biometric technologies. Such devices include fingerprint scanners, hand-geometry readers and facial recognition systems. http://www.gcn.com/vol1_no1/daily-updates/17956-1.html Experts say biometric security needs tech standards http://www.nandotimes.com/technology/story/252706p-2374318c.html - - - - - - - - Security Cams Make the Grade California high school cuts suspension rate after installing cameras. First it was police officers making use of high tech video cameras to improve security. Now urban schools are using the same equipment. At Fremont High School in Oakland, California, newly installed cameras caught students getting high right next to campus. Assistant Principal Michael Moore says there has also been big trouble inside school. "[Our cameras have seen] kids running down the hall yelling [and] slamming doors, kids [having] tennis shoes taken off their feet [and] jewelry snatched off their neck, and fire alarms being rung," he said. http://www.techtv.com/news/culture/story/0,24195,3372235,00.html - - - - - - - - Weird escort/temp service 'cybersquats' UK estate agents Here's a blast from the past: a cybersquatter is leveraging off the names of other companies to generate online traffic for its own service. At least that's what we think temptations@work is trying to do. Temptations@work is a "brand new form of global staffing agency... a mix of traditional Secretarial & I.T temping agency with Escorts, Hosts, Translators creating our famous "SEXETARIES" http://www.theregister.co.uk/content/6/24070.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.