February 19, 2002 Jail sentences for warez gang A French group that sold illegal software have been fined, and sentenced to up to six months in jail. Members of a French group that sold illegally copied software were fined 40,000 euros and sentenced to prison terms of up to six months. The charges involved crimes dating back to 1996. Six French IT workers have been found guilty by a Parisian court of having organised the sale of pirated software over the Internet between 1996 and 2000, according to the AFP. They were ordered to pay a total fine of 40,000 euros to 19 software companies, in addition to being sentenced to prison terms. http://news.zdnet.co.uk/story/0,,t269-s2104575,00.html - - - - - - - - Alleged Hacker Charged In Australia After alleged break-ins to databases at Australia's No. 2 telco Optus, police raided a home in the Southeastern Sydney suburb of Kingsford, arrested a 21-year-old man and charged him with unauthorized access to a computer system and two counts of unauthorized modification of data with intent to cause impairment. The charges are brought under new legislation that only came into force last year. Police said a man has been bailed to appear at Waverley Court on Mar. 6. They also said they had seized a computer and other equipment and documents. Local media say the man is a former Optus employee and that Optus confirms this, although he cannot be named. http://www.securityfocus.com/news/333 - - - - - - - - Cop faces smut rap -- Officer arrested for child porn Winnipeg police have arrested one of their own on charges of possessing child pornography. Patrol Sgt. John Scott Allingham, a 21-year-veteran, also faces charges for careless storage of five handguns and two rifles. "It's shocking," a police source told The Sun on condition of anonymity. "Two days ago, I would've said he was a good cop and represented the service well." During their lengthy investigation, police did recovery searches on Allingham's personal computer. Winnipeg police spokesman Const. Bob Johnson said there is no evidence any Winnipeg police computers were involved. An unnamed police source said Allingham should go to jail if he's convicted of the charges. http://www.city.winnipeg.mb.ca/police/press/20020215.htm - - - - - - - - Chinese Web Sentencing Delayed China has postponed sentencing six students arrested for posting articles on the Internet about the banned Falun Gong movement, days before U.S. President George W. Bush is due in Beijing, a rights group said on Tuesday. A district court in the southern city of Zhuhai charged the students from Beijing's prestigious Tsinghua University last September with "using evil cult to undermine the enforcement of law," the Hong Kong-based Information Center for Human Rights and Democracy said. http://www.wired.com/news/politics/0,1283,50505,00.html - - - - - - - - Judges on trial for sex site access New Zealand Attorney general launches inquiry after judges are discovered to have accessed sex sites from work. The New Zealand government has ordered an inquiry after a routine computer scan found four judges appeared to have accessed Internet sex sites while at work. Attorney general Margaret Wilson said on Monday the inquiry would seek more information on the sites and whether accessing them could be deemed as misbehaviour, a mistake, or work-related research. http://news.zdnet.co.uk/story/0,,t269-s2104532,00.html http://www.theregister.co.uk/content/6/24106.html http://www.stuff.co.nz/inl/index/0,1008,1107057a1937,FF.html - - - - - - - - A spam attack is snarling e-mail delivery to AT&T WorldNet subscribers for a second day, AT&T said today. Technicians saw early Monday that several domain names were sending out heavy volumes of e-mail messages, AT&T spokeswoman Janet Wyles told Newsbytes. "We were able to shut down mail from those domains that resulted in a backlog of e-mail being delivered to customers," she said. "As the day went on, that backlog grew." http://www.newsbytes.com/news/02/174597.html - - - - - - - - eBay identity theft hits close to home Imagine Melissa Perenson's surprise when a Good Samaritan suggested by e-mail last week that she withdraw her recent eBay bid for a notebook because the seller appeared fraudulent. She hadn't placed a bid on the site since before Christmas. Turns out somebody commandeered her eBay identity and went on to win two separate bids for $1400 notebooks from a seller claiming to be in Romania. http://www.cnn.com/2002/TECH/internet/02/18/ebay.identity.theft.idg/index.html - - - - - - - - United Nations Software House Pays Out On Piracy An Australian educational software company has shelled out 40,000 Australian dollars ($20,692) to settle a claim that it had been illegally using Microsoft, Adobe and Symantec programs. BKW Investments, trading as Future School, is an educational content provider for the United Nations, and a major player in the global education marketplace. http://www.newsbytes.com/news/02/174605.html - - - - - - - - Kickme.to wins BSA court search battle The Business Software Alliance (BSA) is vowing to fight on after the Swedish courts denied its request to obtain a civil raid permit on international redirect service, kickme.to. The Appellate Court in Skane, Sweden upheld Landskrona District Court's decision not to grant a civil raid permit (ex-parte) at the premises of Maximiliam Andersen, kickme.to's administrator. http://www.theregister.co.uk/content/4/24115.html - - - - - - - - Kids' Website Violates Privacy Laws American Pop Corn pays $10,000 fine for collecting kids' names without parental consent. A popcorn maker has agreed to pay a $10,000 fine for violating privacy laws when it collected children's names and email addresses on its website without parental consent, federal regulators said Thursday. The Federal Trade Commission said American Pop Corn, of Sioux City, Iowa, collected names, email addresses, and home addresses of visitors to a children's section of its website. http://www.techtv.com/news/politicsandlaw/story/0,24195,3372405,00.html - - - - - - - - Dangerous Yarner worm spells bad news A dangerous worm from Germany is loose on the Internet. Yarner appears to be a newsletter about Trojan horses from a legitimate security site, but is actually a dangerous worm. Yarner is a Windows PE EXE file about 434K in size, written in Delphi. It uses its own e-mail engine to send copies of itself to others. Once executed, the worm deletes the Windows directory on infected computers. At present, the infections are limited to Germany, however, a new variation could be produced in English or any other language. Because of the dangerous potential of this worm, Yarner ranks a 7 on the ZDNet Virus Meter. http://zdnet.com.com/2100-1105-840177.html http://news.zdnet.co.uk/story/0,,t269-s2104661,00.html http://www.newsbytes.com/news/02/174591.html http://www.vnunet.com/News/1129357 http://www.theregister.co.uk/content/56/24132.html - - - - - - - - High-tech security czar warns against complacency Much like the airline industry before Sept. 11, high-tech companies, customers and government agencies are well aware of security vulnerabilities but are reluctant to pay to fix them, President Bush's top computer security adviser said Tuesday. It's just a matter of time before terrorists use those flaws to launch a cyberspace equivalent of the Sept. 11 attacks on critical national infrastructure such as the electricity grid, said Richard Clarke, the Bush administration's cyber security czar. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/2704589.htm http://www.nandotimes.com/technology/story/259284p-2421519c.html http://www.securityfocus.com/news/336 http://zdnet.com.com/2100-1105-840476.html http://news.com.com/2100-1001-840335.html http://www.gcn.com/vol1_no1/daily-updates/18013-1.html http://www.msnbc.com/news/711232.asp - - - - - - - - Yet another bad grade for government security Government employees got a D for IT security awareness in a study by PentaSafe Security Technologies Inc. About 1,400 workers at 600 organizations scored an average 65 out of 100 on an awareness index developed by the Houston company. Government employees accounted for 20 percent of the respondents. The index, which will come out every six months, was released today at the RSA Conference 2002 in San Jose, Calif., hosted by RSA Security Inc. of Bedford, Mass. Seven of eight government and industry sectors identified in the survey received a D grade, and one critical sector the communications industryhad a failing grade of 45. http://www.gcn.com/vol1_no1/daily-updates/18014-1.html - - - - - - - - U.S. Security Holes: Don't Blame Technology Despite glaring weaknesses in the areas of people and processes, IT staff still gravitate toward technical solutions. In a report released late last week to Congress, the federal Office of Management and Budget (OMB) disclosed that the IT security frameworks of more than 50 government agencies suffer from similar weaknesses. http://www.newsfactor.com/perl/story/16402.html - - - - - - - - Application security 'in a grim state' Application security is "in a grim state", according to new research. Almost half of application security vulnerabilities are readily exploitable through entirely preventable defects. The typical ebusiness application is at serious risk of compromise because of security flaws introduced early in the design cycle, but these risks could easily be reduced by as much as 80 per cent, according to security firm @stake. http://www.vnunet.com/News/1129340 - - - - - - - - Supreme Court To Review Copyrights The U.S. Supreme Court today said that it would hear arguments in a case that pits the entertainment industry against a group of academic legal experts who argue that a law extending copyrights is unconstitutional. The court said that it would hear the Eldred vs. Ashcroft case, in which the Eldritch Press, Internet law expert Lawrence Lessig, Harvard Law School's Berkman Center for Law and others will argue to overturn the Copyright Term Extension Act of 1998 (CTEA). http://www.newsbytes.com/news/02/174602.html http://www.msnbc.com/news/710990.asp http://www.wired.com/news/politics/0,1283,50521,00.html http://www.nandotimes.com/technology/story/258764p-2418399c.html http://www.cnn.com/2002/TECH/industry/02/19/internet.library.ap/index.html - - - - - - - - Secrecy Bill Doesn't Go Far Enough An exemption from the Freedom of Information Act isn't enough. Companies needs a new legal privilege as an incentive for sharing cyber security details. Why is personal secrecy such a talisman, but corporate secrecy an anathema to privacy advocates? My fellow columnist David Banisar recently argued against passage of two bills pending before the Congress that would protect from disclosure under the Freedom of Information Act information shared by private industries with the government related to protection of the United States' critical infrastructure. http://www.securityfocus.com/columnists/61 http://news.zdnet.co.uk/story/0,,t269-s2104588,00.html - - - - - - - - DARPA boosts info awareness The events of Sept. 11, combined with the constantly evolving world of information technology, inspired the Defense Advanced Research Projects Agency to open a new office focused on providing informational awareness for national security. The new Information Awareness Office was formally established in mid- January. Its mission is to develop and demonstrate information technologies designed to counter "asymmetric threats," such as terrorist attacks. http://www.fcw.com/fcw/articles/2002/0218/web-darpa-02-18-02.asp - - - - - - - - Lawmakers Urge Russians To Drop E-Surveillance Plans On the first leg of its tour through Europe this week, a U.S. congressional delegation led by Rep. Bob Goodlatte, R-Va., spoke out against proposals in the Russian lower house of parliament that would allow the government to monitor online activity and require access to encrypted documents through the use of key-escrow accounts. At a conference in Moscow sponsored by the International Research and Exchange Council, members of the Russian administration and the Duma argued that the government must retain the ability to access computers and monitor the online activity of its citizens in order to ensure stability. http://www.newsbytes.com/news/02/174604.html - - - - - - - - Technology spurs rise in identity theft With a bit of persistence, and some help from the Web and the White Pages, those who once relied on sleight of hand to nab a wallet can now commandeer consumers' finances with just a few pieces of personal information. Thieves can use the data, usually a name and Social Security number, to open false credit and bank accounts, as well as obtain driver's licenses and passports. The criminals are then able to spend thousands of dollars posing as people they have probably never set eyes on. http://www.nandotimes.com/technology/story/258379p-2414429c.html - - - - - - - - No olive branch for Napster Napster and the Big Five record labels are headed back to court after a month of court-sanctioned settlement talks closed without agreement. The lapsed deadline opens the door for potentially uncomfortable scrutiny of the music industry's licensing practices even as it sets in motion once again legal proceedings that could result in billions of dollars of damages against the pioneering file-swapping service. http://news.com.com/2100-1023-840756.html The Pirates of Prime Time http://www.time.com/time/business/article/0,8599,203498,00.html - - - - - - - - Software snags crooks, sneaking spouses, but alarms privacy advocates Right now, your boss, your spouse or the government could secretly be reading all your typed words -- even the ones you deleted -- while surreptitiously snapping your picture. Sound alarming? The man who makes it possible is the first to agree. ``It's horrifying!'' said Richard Eaton, who develops, markets and even answers the technical help line for WinWhatWhere Corp. software.``I'm Mr. Guard-My-Privacy, so it's kind of ironic,'' said Eaton, a lanky 48-year-old with a diamond stud earring. ``Every time I add a feature into it, usually it's something that I've fought for a long time.'' http://www.siliconvalley.com/mld/siliconvalley/news/editorial/2693278.htm - - - - - - - - Censor-buster Peek-A-Booty goes public Peek-A-Booty, cDc's much vaunted anonymity app, is vaporware no more - it went public at the landmark CodeCon conference in San Francisco's DNA Lounge on Sunday. Peek-A-Booty is designed to let surfers access sites blocked by government restrictions, and is essentially, a distributed proxy network. It uses a peer-to-peer model, masking the identity of each node. So the user can route around censorship that blocks citizens' access to specific IP addresses, because the censor doesn't know they're going there. If you're a Peek-A-Booty node, you might be doing it on their behalf. So the software isn't itself a browser, but simply requires the user to use localhost in the proxy field of their preferred browser. http://www.theregister.co.uk/content/6/24099.html http://news.zdnet.co.uk/story/0,,t269-s2104605,00.html http://www.newscientist.com/news/news.jsp?id=ns99991948 http://www.theregister.co.uk/content/55/24116.html Long haul ahead for social hackers A software project that aims to allow oppressed people to view censored Web sites still has significant development ahead before it can deliver on its promise, the author said Sunday. In its first public unveiling, the Peekabooty project was shown to open-source programmers and social hackers at CodeCon in San Francisco. The demonstration made leader Paul Baranowski estimated he and programmer Joey De Villa have as much as six months of work ahead of them before the program is usable. http://zdnet.com.com/2100-1105-840652.html - - - - - - - - SafeWeb holes emerge, said fixed Late last week Boston University's David Martin and the Privacy Foundation's Andrew Schulman released a report demonstrating the ease with which the SafeWeb proxy could be defeated with Javascript. SafeWeb no longer offers its free anonymous Web proxy, but it is licensed to PrivaSec, which is offering the service. It's possible, the researchers found, to learn more about a SafeWeb user's browsing history than that of an ordinary Netizen. http://www.securityfocus.com/news/334 http://www.theregister.co.uk/content/6/24105.html - - - - - - - - Wireless network security shows cracks The 802.1X security standard for wireless LANs has two gaping holes that will give hackers a field day, according to researchers in the US A new set of security measures aimed at making 802.11-type wireless LANs safe from hackers is fundamentally flawed, according to researchers from the University of Maryland. http://news.zdnet.co.uk/story/0,,t269-s2104532,00.html http://www.nandotimes.com/technology/story/257467p-2409132c.html - - - - - - - - Liberty Alliance, Passport hold aloof Representatives from the two major initiatives to build a common infrastructure for verifying identity on the Internet said Tuesday that while a standard system is necessary, the sides may not be able to work together anytime soon. Microsoft would like to guarantee interoperability between its Passport services and the future Liberty Alliance specification within a year, Brian Arbogast, vice president of Microsoft's .Net core services platform group, said at the RSA Conference 2002 here. http://zdnet.com.com/2100-1106-840807.html EarthLink, Nextel join Liberty Alliance EarthLink, Nextel Communications and Visa International are among the latest recruits to join the Liberty Alliance Project, a coalition of technology companies that aims to create a universal online registration and identity system. With 11 new members, the Liberty Alliance Project --originally founded by Sun Microsystems--has 38 companies working to create a standard method for computer users to identify themselves on the Internet, through either passwords or more sophisticated authentication technology. http://news.com.com/2100-1001-840710.html - - - - - - - - Booted cybersquatters leave more .info room Internet users will get a chance in May to reserve domain names like hawaii.info and science.info, after domain manager Afilias finishes rousting thousands of cyber-squatting speculators from the new Web marketplace, Afilias said Monday. The company said it would release an expected 10,000 names back into the marketplace in May, after it recovers them from squatters who used false trademark claims or pure bluff to reserve them in a special "sunrise" preregistration period for trademark holders. http://zdnet.com.com/2110-1106-839956.html - - - - - - - - Domain Police Finger NY Rescue-Worker Collectible Sellers New York City police and firefighters have used an international dispute resolution system rooted in trademark law to shut down a Web site that was selling trinkets commemorating rescue workers killed in the Sept. 11 Word Trade Center disaster. Two community outreach organizations affiliated with the cops and firefighters, the New York City Police Foundation and the FDNY Fire Safety Education Fund, turned to the United Nations-backed World Intellectual Property Organization (WIPO) after they found an outfit calling itself Great Lakes Coins & Collectibles was selling items bearing the NYPD and FDNY logos at the Internet address FDNYandNYPD.com. http://www.newsbytes.com/news/02/174588.html - - - - - - - - Fingerprints mark tighter IBM security IBM is brushing up its computer security system to further protect its customers' data. The company on Tuesday said it will add a handful of new features to the software behind its Embedded Security System--a bundle of hardware and applications installed on most IBM PCs and used to encrypt files and passwords. PC security has long been a selling point for IBM in wooing corporate customers. Last year, for instance, IBM added a feature on select notebooks and desktops that allowed customers to keep a mirror image of their applications and data below a partition in the hard drive. With the duplicate data, consumers can more easily repair damages from computer viruses. The company, the fourth-largest PC seller in the world, according to IDC, can use the security package to set itself apart from competitors that do not offer similar products. http://zdnet.com.com/2100-1104-840531.html - - - - - - - - Symbian adds security, Java to mobile mix Symbian OS 7.0, announced at 3GSM, means we will soon be seeing mobile phones and wireless PDAs that mix 3G features with Java and some crucial security measures Symbian, the mobile phone industry-backed software company, has unveiled a significant update to its operating system for smartphones, adding better support for developers and improving security. http://news.zdnet.co.uk/story/0,,t269-s2104626,00.html - - - - - - - - Spat Over Microsoft Compiler Flaw Turns Ugly A public feud between Microsoft and Cigital took a nasty turn today, as Redmond retaliated against the software risk management firm by posting a bulletin noting flaws in Cigital's own software security tool. In a message to the Bugtraq security mailing list today, Microsoft senior security technologist David LeBlanc noted that ITS4, Cigital's tool for detecting potential security vulnerabilities in C and C++ source code, failed to identify buffer overruns in a piece of test code written by LeBlanc. http://www.newsbytes.com/news/02/174598.html - - - - - - - - 'Sneaky' software may be watching you Latest version can read your keystrokes and snap a pic. Right now, your boss, your spouse or the government could secretly be reading all your typed words -- even the ones you deleted -- while surreptitiously snapping your picture. Sound alarming? The man who makes it possible is the first to agree. "It's horrifying!" says Richard Eaton, who develops, markets and even answers the technical help line for WinWhatWhere software. http://www.cnn.com/2002/TECH/internet/02/18/sneaky.software.ap/index.html - - - - - - - - Not All Asian E-Mail Is Spam A new great wall is being built, this time across the Internet. Constructed by frustrated systems administrators and intended only to stop spam, the wall could eventually cut off much of the e-mail communications between the East and the West. Anti-spam activists confirm that a growing number of beleaguered systems administrators are now blocking all e-mail originating from Asia from their systems, in an attempt to choke off a flood of spam from China, Taiwan and Korea, an action that has upset non-spamming Asian e-mailers. http://www.wired.com/news/politics/0,1283,50455,00.html - - - - - - - - Is This a Good Time To Be a Hacker? Proposed legislation would require the U.S. Sentencing Commission to consider potential and actual loss, motives, level of sophistication and effect on users when punishing hackers. When a basic Internet protocol called SNMP (simple network management protocol) was revealed last week to contain massive security flaws that affect routers, switches, browsers, printers and fax machines, a new world of opportunity opened up for hackers. http://www.newsfactor.com/perl/story/16389.html - - - - - - - - Is the movie industry prepared for piracy? Exactly what can we expect when MPEG-4 becomes the standard for video compression, and what will come of future compression standards? More bootlegging, that's what. While the movie industry thinks it can forestall the inevitable, you can be certain that people will be freely trading movies the way they freely trade audio files now. Broadband, combined with advanced compression algorithms, will assure this future. There are a number of interesting aspects about this beginning to emerge. None of it bodes well for the movie industry. I am suggesting that they will bring it on themselves. http://zdnet.com.com/2100-1107-839950.html - - - - - - - - Virtual e-mail shredders add control The trouble with e-mail is its persistence. In the offline world, it can be quite a challenge to retrieve and destroy confidential documents from a business deal gone sour or a top-secret project that involved outside help. The options boil down to either trusting your former business partner -- or resorting to illegal breaking and entering. http://www.cnn.com/2002/TECH/ptech/02/17/self.shredding.email.ap/index.html - - - - - - - - Cupertino puts residents on alert The Santa Clara County Sheriff's Office is launching a program this month through which residents of Cupertino, Calif., can receive e-mail alerts about crimes in their neighborhood. A test run of the E-mail Community Alert Program (eCAP) during the last three months had an immediate impact, said Sgt. Skip Shervington, community resource officer for the Sheriff's Office. A test group of 100 people, recruited through Cupertino Neighborhood Watch programs, "just by word of mouth grew to 400 rather quickly, " Shervington said. The program has already sparked more interest in Neighborhood Watch programs, as people become more aware and concerned about the crimes occurring around them. "I get people saying, 'Oh my God, that's my street,' " he said. http://www.fcw.com/geb/articles/2002/0218/web-cuper-02-18-02.asp - - - - - - - - Tell Him to Marry Me A reader from Australia tells us this home page was defaced in the wee hours of the morning UK time. The site is now dead. Well done, we don't think. Some home pages are destined for greatness. This example, from Birmingham, England, Tell Him to Marry Me was published for the first time on Valentine's Day, and the link emailed to a couple of dozen people. The story was picked up by FHM.com, where lads hang out, on Friday and is fast heading for cult status. http://www.theregister.co.uk/content/28/24097.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.