February 21, 2002 Small MS DVD privacy invasion, not many dead Windows Media Player 'phones home' when you're watching DVDs, but whether or not this is either a surprise or a serious privacy issues kind of depends on your point of view. Security consultant Richard Smith thinks it is, and documents what WMP does, and the data it sends. It contacts a Microsoft server to get title and chapter information about the DVD, which is snooping if you look at it one way, and a mechanism for delivering handy context-based services if you look at it another. http://www.theregister.co.uk/content/4/24152.html http://www.siliconvalley.com/mld/siliconvalley/news/editorial/2711824.htm http://zdnet.com.com/2100-1105-841843.html http://www.newsbytes.com/news/02/174673.html http://www.wired.com/news/privacy/0,1848,50567,00.html http://www.vnunet.com/News/1129399 http://www.newsfactor.com/perl/story/16455.html http://www.usatoday.com/life/cyber/tech/2002/02/21/microsoft-privacy.htm http://www.nandotimes.com/technology/story/262326p-2436274c.html - - - - - - - - Judge's Porn Case Hinges on Hacker Defense attacks the credibility of the Canadian man who says he accessed images on the Orange County jurist's computer. A mysterious Canadian computer hacker who allegedly stole an electronic diary purporting to detail the sexual fantasies of an Orange County judge admitted to authorities that he's hacked into thousands of other computers, according to a police affidavit made public this week. http://www.latimes.com/news/local/la-000013280feb21.story - - - - - - - - Mass ICQ 'hack' baffles world+dog We have received evidence which suggests a mass hack of ICQ has taken place - but neither AOL or security experts can come up with an explanation. A Register reader last week discovered that both of his accounts had suddenly become disconnected and the passwords no longer work. The email addresses for both accounts were changed to 'uin@deathrow.com'. http://www.theregister.co.uk/content/55/24161.html - - - - - - - - Treasury Steps Up Investigation Into Bogus Web Auction Bids The U.S. Treasury Department on Wednesday said it had gained new leads in its investigation into bidding violations at a recent online treasury bill and notes auction that left more than $900 million in bids unpaid. The Secret Service confirms that it is pursuing an active, aggressive investigation into the bids that were not paid for, the Treasury Department said in a statement issued Wednesday. http://www.newsbytes.com/news/02/174651.html - - - - - - - - Nigerian Money Scams Thrive On The Internet The arrival of Internet cafes in Nigeria a few years ago has given new life to an old scam that's been bleeding millions of dollars annually from gullible Americans and Europeans, experts say. But some believe the Net may also help to drum the so-called "Nigerian 419" con artists out of business for good. The fraud, which gained its name from the relevant section of Nigeria's penal code, has lately become a way of life for many people in cities such as Lagos, where economic opportunities are severely limited, according to the U.S. Secret Service. http://www.newsbytes.com/news/02/174646.html - - - - - - - - Research called key to staying ahead of tech-savvy terrorists A robust federal investment in science and technology research is crucial to the Defense Department's ability to stay one step ahead of the nation's technology-savvy enemies, officials from the Pentagon and the defense industry said Wednesday. "We live in a different world today," Assistant Defense Secretary Dale Klein said during a conference sponsored by the American Institute of Aeronautics and Astronautics. Klein said defense related technologies must be deployed more quickly now than they were during the Cold War, "when we only had one enemy and we knew who it was." http://www.govexec.com/dailyfed/0202/022102td1.htm - - - - - - - - U.N. announces music piracy pact A groundbreaking international pact to protect musicians and the multibillion-dollar recording industry from Internet piracy will finally go into effect in May, a United Nations agency announced Thursday. Over five years after the treaty was signed, the needed number of ratifications for it to be enforced was achieved Feb. 20 when Honduras became the thirtieth country formally to join, the World Intellectual Property Organization (WIPO) said. http://news.com.com/2100-1023-842169.html - - - - - - - - Disclosure Guidelines For Bug-Spotters Proposed A pair of computer security researchers are seeking comments on a proposal to bring order to the reporting and fixing of security holes in software, a process that frequently takes place in adversarial arenas. In a document known as an Internet Draft submitted to the Internet Engineering Task Force (IETF), Steve Christey of MITRE and Chris Wysopal of @stake outline what could become standard procedures for both bug hunters and software vendors when dealing with newly discovered vulnerabilities. http://www.newsbytes.com/news/02/174683.html - - - - - - - - Spam taking a toll on business systems Raymond Huff doesn't do much to block spam from invading servers and e-mail in-boxes at his company, Trans Pacific Stores Ltd. He doesn't have to. But he's paying a fairly high price for that luxury. Huff is keeping Trans Pacific's e-mail addresses under wraps, thereby limiting potential customer contact. http://www.cnn.com/2002/TECH/internet/02/21/spam.damages.idg/index.html - - - - - - - - Microsoft hammers Windows security kit As part of a push to regain the public trust, Microsoft plans to release a wizardlike program to help home software users and network administrators protect their computer systems from outside attack. Called the Baseline Security Advisor, the program will scan Windows computers for unpatched programs, weak passwords and vulnerabilities in the operating system and in several Microsoft products. http://zdnet.com.com/2100-1104-841814.html - - - - - - - - Review: WebAgain undoes hacker's damage Lockstep Systems Tuesday announced a new version of its WebAgain automated Web site repair software, with the new version adding detection and removal of Trojan horses and backdoor programs, better support for VPNs, expanded protocol support, and international language editions. http://www.cnn.com/2002/TECH/internet/02/20/webagain.restoration.idg/index.html - - - - - - - - Online Casinos Casting A Wider Net To Lure Gamblers Gambling Web sites are just like brick-and-mortar casinos - they need players in order to make money. According to a new study, online casinos are sparing no expense to attract Web surfers looking for a windfall online. The study by AdRelevance, a unit of Jupiter Media Metrix that monitors online advertising, said virtual casinos increased their advertising impressions 170 percent from 911 million in December 2000 to 2.5 billion in December 2001. http://www.newsbytes.com/news/02/174647.html - - - - - - - - Ads Play to Users' Privacy Fears It appears to be a routine browsing error, but instead of "Page not found," the message warns, "You are under investigation." "The material you have been viewing has triggered inquiries into your Internet records," it continues. "Click Here to stop this investigation." This is what Robin Hood Software refers to as the "hard sell." The company makes a "security application" called Evidence Eliminator that purports to hide every trace of your illicit Internet activities, and its fear-inducing spam has flooded the Internet. http://www.wired.com/news/business/0,1367,50555,00.html - - - - - - - - Security comes of age at RSA conference At the RSA Security Conference in San Jose, forensics software used to decrypt information on the computer belonging to Richard Reid gets an airing. An explanation of the computer forensics software used to decrypt Richard Reid's laptop, a version of which works across networks in real time. Are single-use passwords more secure? An investigation of gadgets that protect passwords. http://news.zdnet.co.uk/story/0,,t269-s2104767,00.html Terror talk stalks RSA Conference The official theme of the eleventh annual RSA Conference evokes the Elizabethan Era -- complete with costumed minstrels and acrobats wandering the San Jose, Calf. convention center. Unofficially, the security event opened Tuesday with a more serious theme, with U.S. cyber security czar Richard Clarke warning about the potential for terrorist hack attacks, and a panel of noted cryptographers fretting over lost liberties in the wake of the real terrorist attacks of September 11. http://www.theregister.co.uk/content/55/24164.html - - - - - - - - In Search of the World's Costliest Computer Virus Danger remains that a virus could seize control of millions of machines to launch an attack that could cripple the Web. A computer virus infection brings with it many costs, including the staff time required to eradicate it; expensive hardware, software and file damage; system downtime; and the most difficult cost to assess -- tarnished reputation. In terms of sheer expense, sources generally rate the same three worms -- Nimda, Code Red and SirCam -- as the heaviest hitters of 2001, though precise figures vary widely. http://www.newsfactor.com/perl/story/16407.html - - - - - - - - Technologies to Stop the Unknown Attack Current anti-virus software, combined with sensible filtering (such as quarantining all executable content from e-mail and Web traffic), firewalling, and religiously maintaining patches, serves as a reasonably good defense against the current classes of virus, worms, and script kiddies. This malware includes conventional file infectors, mail worms, people running attack scripts, and active worms based on old security holes. Unfortunately these techniques are not sufficient to stop a speed-optimized active worm based on a previously undiscovered security hole. http://online.securityfocus.com/infocus/1547 - - - - - - - - Famed hacker Mitnick greets former target A decade ago Kevin Mitnick tricked a Novell Inc. employee into giving him access to sensitive corporate data. This week the legendary hacker and his unsuspecting target met for the first time. ``This is ironic,'' Mitnick said as he and Shawn Nunley shook hands and greeted each other like old pals at the RSA Conference on computer security. The two laughed and swapped stories about the days when they were antagonists. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/2718380.htm http://zdnet.com.com/2100-1105-842318.html http://news.com.com/2100-1001-842450.html http://www.wired.com/news/culture/0,1284,50585,00.html - - - - - - - - With simplicity comes complacency SNMP is an essential part of normal network operations, but people everywhere have been lax in maintaining its security. Nobody can claim they weren't warned. As soon as the first network was invented, the network management came along for free. Like all management, it's remained a headache ever since -- nobody wants to spend more on running a system than the system justifies, but ever-increasing complexity brings with it ever-increasing management woes. http://news.zdnet.co.uk/story/0,,t269-s2104803,00.html - - - - - - - - Mining Web data--risky business Web publishers and advertisers are in a tug-of-war over consumer data gathered in online ad campaigns, a conflict that could muddy the future of interactive marketing on the Internet, television and emerging media. The fight is playing out in almost weekly meetings staged by the Interactive Advertising Bureau (IAB), the trade group of the roughly $7 billion online ad market. The IAB is hosting working groups to define new terms and conditions for interactive ad contracts, with the goal of simplifying the process for publishers and advertisers. http://zdnet.com.com/2100-1106-841498.html The battle over getting to know you http://news.com.com/2100-1023-841419.html - - - - - - - - What is information security? Information security is the process of protecting data from accidental or intentional misuse by persons inside or outside of an organization, including employees, consultants, and yes, the much-feared hacker. A security breach can involve anything from a website defacement to a computer virus, to an employee who inadvertently discloses his password, to a former employee who sabotages a customer database, to corporate spies who find out how many widgets your top customer bought last month. http://www.cio.com/security/edit/security_abc.html - - - - - - - - Cyberterrorists will be after you During the next few years, heightened security will change the Internet, and the office network on which many of you work. In fact, you'll probably see changes first at the office as companies try to "harden" their information assets against a wide variety of threats. Some of these efforts will be successful, some will be laughable, and most will tick you off. Many of you will come to see security as getting in the way of convenience. Since many companies will be tightening security on a learn-as-you-go basis, you and your colleagues will often have a point. http://zdnet.com.com/2100-1107-841889.html - - - - - - - - U.S. Charges Fraud over Mobile Phone 'Safety' Shields The lawsuits charge that the defendants did not disclose in their ads that the majority of electromagnetic energy emitted by cellular and cordless phones comes from the antenna and parts of the phone other than the earpiece. The two companies also failed to tell consumers that their products have no effect on this electromagnetic energy, the FTC said. http://www.newsfactor.com/perl/story/16451.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.