February 26, 2002 Computer programmer sentenced in N.J. sabotage case A computer programmer was sentenced in federal court Tuesday to more than three years in prison for sabotaging his former company's computers, causing a loss of more than $10 million, in the first such case to be tried under a new federal law, prosecutors said. Timothy Lloyd, 39, of Wilmington, Delaware, also was ordered to pay $2 million in restitution to Omega Engineering Corp., a Bridgeport, New Jersey, defense contractor with offices in Stamford, Connecticut. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/2751259.htm - - - - - - - - New York Times Internal Network Hacked How open proxies and default passwords led to a hacker padding his rolodex with information on 3,000 op-ed writers, from William F. Buckley Jr. to Jimmy Carter. Security holes in the New York Times internal network left sensitive databases exposed to hackers, including a file containing social security numbers and home phone numbers for contributors to the Times op-ed page, SecurityFocusOnline has learned. http://online.securityfocus.com/news/340 http://www.newsbytes.com/news/02/174792.html - - - - - - - - Commerce Dept Fines Company For Illegal Crypto Exports The federal body that regulates exports has fined San Diego firm Neopoint Inc. $95,000 for exporting strong encryption software to Korean companies without the necessary government approval. The Commerce Department's Bureau of Export Administration imposed the fine after learning that Neopoint had exported 128-bit encryption software to two companies in South Korea without obtaining proper licenses. http://www.newsbytes.com/news/02/174789.html - - - - - - - - House Subcommittee OKs Cybersecurity Bill A House subcommittee today approved a bill that changes the way that judges would sentence people convicted of many crimes committed online. The House Judiciary Subcommittee On Crime today approved in a voice vote H.R. 3482, the Cyber Security Enhancement Act, which requires the U.S. Sentencing Commission to consider a number of new aspects of online crime in coming up with sentencing recommendations in criminal cases. http://www.newsbytes.com/news/02/174791.html - - - - - - - - E-Government Will Aid Anti-Terrorism Effort - Poll A majority of Americans believe e-government initiatives will help federal, state, and local governments track down criminals and terrorists and respond to threats, according to a new poll released today. In its latest e-government survey, To Connect, Protect, and Serve Us, the Council for Excellence in Government found that 90 percent of the public feels very or highly favorable toward e-government systems that would help federal, state and local law enforcement officials exchange information to help apprehend and prosecute criminals and terrorists. http://www.newsbytes.com/news/02/174759.html - - - - - - - - Music industry 'losing out' to Web pirates Music fans are increasingly turning to the Web rather than their local CD shop - and they're not just downloading music, they're making copies of it too. The music industry's worst nightmare may be coming true: Tech-savvy music fans use CD burners to pirate songs by their favourite artists rather than pay for a new CD at their local record store. http://news.zdnet.co.uk/story/0,,t269-s2105084,00.html Morpheus P2P goes to sleep StreamCast Networks' Morpheus--a file-swapping service that many have said would be impossible for courts to shut down-shut out most of its users Tuesday, citing "technical problems." Computer users trying to log on to the service were greeted with a message telling them to upgrade their software to connect, although no newer version of the software was available. The outage immediately sparked a huge increase in traffic on alternative file-swapping services, such as Gnutella. http://zdnet.com.com/2100-1105-845889.html http://news.com.com/2100-1023-845792.html - - - - - - - - Trafficking via Internet a growing threat Czech drug traffickers arrange deals at Internet cafes. Australians use courier Web sites to track illegal packages of pills. American dealers swap recipes for amphetamines in restricted-access chat rooms. Worldwide, drug traffickers increasingly are taking advantage of encrypted e-mail and other Internet technology to sell their stashes, launder money and trade tips and techniques, the U.N. International Narcotics Control Board warned Wednesday in a report. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/2751304.htm http://www.nandotimes.com/technology/story/271419p-2488444c.html http://www.msnbc.com/news/716496.asp - - - - - - - - Minnesota Legislature considers fines for junk e-mail Well, how'd you like a shot at collecting $500 from junk e-mailers who ignore your request to stop? You'd be entitled to such a reward under a bill moving through the state Legislature. Whether you could actually collect the money is another issue, of course. The anti-spam bill,which enjoys strong bipartisan support, would allow consumers and Internet Service Providers to collect damages from spammers who continue to send unsolicited e-mails after being told to cease. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/2751877.htm - - - - - - - - FAA seeks systems security support The Federal Aviation Administration has released a request for proposals for technical and planning support for IT security. The agencys Office of Information Systems Security will award a two-and- a-half-year contract to a vendor that can provide quality technical, engineering, analytical, planning, policy and program support, according to the RFP. The office is responsible for planning and implementing IT systems security agency wide. http://www.gcn.com/vol1_no1/daily-updates/18036-1.html - - - - - - - - Mouse Trapped Sex talk is notoriously cheap in internet chat rooms, but trolling for underage partners online got a lot more expensive when Westchester District Attorney Jeanine Pirro launched her pedophile sex sting. More than 50 arrests have been made -- and no one has walked. It was going down the same way it had gone down a dozen times before. Lydia, a criminal investigator attached to the Westchester district attorney's office, was waiting at a shopping mall in White Plains in her white blouse, plaid skirt, and Skips. This was the uniform she had described to Bruinbud43 in a chat room. http://www.nymag.com/page.cfm?page_id=5717 - - - - - - - - CIOs shift focus from e-government to security The federal government's chief information officers are less focused on e-government services because of the national emphasis on information security and the stability of critical infrastructures, according to a new study. Commissioned by the Information Technology Association of America, the study indicates that CIOs are more focused on database protection and ensuring the stability of the Internet and the telecommunications infrastructure than they are on unveiling e-government services. http://www.govexec.com/dailyfed/0202/022602td2.htm http://www.newsbytes.com/news/02/174793.html - - - - - - - - Experts warn of yet another IE flaw It's that buffer overflow chestnut again The Computer Emergency Response Team (Cert) today released an advisory warning of yet another vulnerability affecting Microsoft Internet Explorer and Outlook. A buffer overflow vulnerability in the way Explorer handles embedded objects in HTML documents could allow an attacker to execute arbitrary code on a victim's system. Explorer supports the ' <embed;> ' tags which can be used to include arbitrary objects such as multimedia files, Java applets and ActiveX controls in an HTML document. http://www.vnunet.com/News/1129492 - - - - - - - - Another Security Hole Found In Macromedia Flash A new technique for embedding malicious code in Flash files has been discovered, prompting Macromedia to patch its standalone Flash player. Using an undocumented feature in the Flash 5 authoring tool, a Macromedia customer found it was possible to create a "Trojaned" Flash movie that, when viewed using the standalone Flash player, would place a malicious script on the viewer's computer. http://www.newsbytes.com/news/02/174783.html - - - - - - - - RSA: Security in 2002 worse than 2001, exec says If you thought computer security was bad in 2001, you're not going to enjoy 2002. That was the message from SecurityFocus co-founder and CEO Arthur Wong in a presentation he gave at the RSA Conference 2002. Wong's message to attendees was sobering. Despite such major security incidents as the "Code Red" and "Nimda" worms, "2001 wasn't as bad as it could have been," he said in a presentation at the start of the show. http://www.cnn.com/2002/TECH/internet/02/25/2002.security.idg/index.html - - - - - - - - Agency raises the bar on tech security Virginia Tech's Randy Marchany used to think the network of 24,000 computers he manages for the state's largest university was adequately protected against cyberattacks. But that was before he got his hands on new software distributed free by an organization called the Center for Internet Security. The software quickly found vulnerabilities in Virginia Tech's network. The center also gave Marchany a simple program to find and close common security holes, improving the network's security threefold. "It raised the bar much higher," Marchany says. http://www.usatoday.com/life/cyber/tech/2002/02/27/security.htm - - - - - - - - Watchdogs rap eBay policy changes eBay is updating its privacy policy and user agreements, making it easier for the company to disclose members' personal information or to ban people from the site. The changes, which the online auction giant announced Monday, will go into effect March 19 for all consumers who register with the site after that date, and on April 19 for all other people. In statements to customers, eBay said the changes reflect the evolution of its Web site and are based in part on user feedback. http://news.com.com/2100-1017-845911.html - - - - - - - - Software helps agencies finger network intruders The Labor Department, Federal Bureau of Prisons and state of Oregon recently installed intrusion detection software that monitors systems enterprisewide and sends alerts in the event of external or internal breaches. The software, NetVision Policy Management Suite from NetVision Inc. of Orem, Utah, scrutinizes all network activity and notifies network administrators and agency officials of any malicious intrusion or tampering. In real time, the program detects changes made, who made them, and when and where they occurred, NetVision president Todd Lawson said. http://www.gcn.com/vol1_no1/daily-updates/18034-1.html - - - - - - - - Software That Asks 'Who Goes There?' Help-desk overload, high costs, and legal requirements are sparking a revolution in the art and science of managing employee passwords. It's enough to give any business a headache, let alone a health-insurance company. Tech-support staffers at Thousand Oaks (Calif.)-based insurer Wellpoint (WLP ) say they receive 14,000 calls every month from employees who have forgotten their computer-access passwords for the company's Intranet site and need a manual reset. Each reset can cost anywhere from $25 to as much as $200 for an employee using multiple systems or software programs. For Well point, such remedial efforts translate into a minimum annual cost of more than $4 million. http://online.securityfocus.com/news/339 - - - - - - - - E-posses patrol for auction fraud Carter Daniels once got scammed in an online auction to the tune of $240. Now he's working to help others avoid the same fate -- a task he says is necessary because Yahoo! Auctions isn't doing enough. Daniels, a retired Air Force veteran who lives in Kensington, Maryland, answers questions from frustrated users as an expert in Yahoo! Auction's Community section. He's also an active member of a fraud-related message board at the site, and has posted information about auctions and sellers he thinks might be fraudulent. http://www.cnn.com/2002/TECH/internet/02/26/auction.fraud.vigilantes.idg/index.html - - - - - - - - Can the World Be Copyrighted? Two treaties taking effect this spring would expand the reach of controversial American legislation designed to regulate the Internet. The World Intellectual Property Organization, an international body of government representatives that globalizes laws, announced new guidelines to crack down on digital piracy. The WIPO Copyright Treaty and the WIPO Performance and Phonograms Treaty, which go into effect over the next three months, extend copyright protection to computer programs, movies and music. http://www.wired.com/news/politics/0,1283,50658,00.html - - - - - - - - Biometrics Not Enough To Combat Identity Fraud - Study Biometrics and other technologies being crafted to combat identity fraud may not be completely effective unless verifiers are asked to provide information about something only they would know, such as an old phone number or a former address, according to a white paper released today by Lexis-Nexis. The white paper, cowritten by Lexis-Nexis' chief privacy officer Norm Willox, suggests that biometrics may only be part of the answer to the technological approach for fighting the growing problem of identity fraud. http://www.newsbytes.com/news/02/174790.html - - - - - - - - What harm could come from cyberterrorism? In the bygone flower-power days, peace activists asked: "What if we held a war and nobody came?" However, last week's RSA Security Conference showed that we won't need an invitation to cyberwar--it's as close as our Internet connections. In the first of a two-part series, my colleague David Coursey blocked out the major issues surrounding cybersecurity, or its lack, with reports of slim spending for protection. http://zdnet.com.com/2100-1107-845063.html - - - - - - - - Security suppliers compared to dodgy car mechanics Many anxious users are being duped by unscrupulous or clueless suppliers into buying security products they don't need. That's the view of security consultancy MIS Corporate Defence, which reckons almost 30 per cent of current security spend in Europe is misplaced or wasted on ad-hoc purchases. http://www.theregister.co.uk/content/55/24211.html - - - - - - - - PCCW-led group wins Hong Kong contract for `smart' ID cards The Hong Kong government awarded a HK$163 million (US$20.9 million) contract on Tuesday to a consortium led by Pacific Century CyberWorks to implement a ``smart card'' identity system in the territory. The initial order is for 1.2 million smart cards, as well as hardware, software and services for the city's planned new identity card system, which will be phased in over four years starting in July 2003 at a total cost of HK$3.1 billion, including new offices and staff costs. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/2748528.htm - - - - - - - - Data-sharing gap puts agencies at risk Members of Congress listened to testimony Tuesday on obstacles that government agencies face in sharing information with each other and with the private sector in the battle against terrorism. At a hearing held by the House Subcommittee on Technology and Procurement, chief information officers from federal agencies said turf wars and "stovepipes" of information created by incompatible computer programs are frustrating efforts to bolster homeland security. http://news.com.com/2100-1001-845824.html - - - - - - - - Cultural barriers, not technology, blamed for poor information sharing More than five months after the Sept. 11 attacks exposed critical weaknesses in how the federal government shares information internally and with state and local agencies, a panel of agency chief information officers and corporate technology executives testified Tuesday about what the government can learn from the private sector to prevent future acts of terrorism. Appearing before the House Government Reform Subcommittee on Technology and Procurement Policy, the CIOs agreed that political, cultural and regulatory barriers, not technological ones, are impeding the ability of agencies to share terrorism- related information. http://www.govexec.com/dailyfed/0202/022602h1.htm - - - - - - - - Feds urged to take lead vs. terror The federal government will have to invest billions to develop and expand the telecommunications infra- structure, purchase equipment, do more research and integrate government systems at all levels in order to prevent terrorist attacks, according to a new report. SEARCH, the National Consortium for Justice Information and Statistics, released the report, which is based on assessments by a focus group of more than 50 experts from local, state and federal governments and the private sector conducted Dec. 11 to 12. http://www.fcw.com/geb/articles/2002/0225/web-search-02-26-02.asp - - - - - - - - State Department will access FBI criminal records The State Department has adopted an interim regulation that will let it access FBI criminal history records when processing visa applications. In the new process, fingerprints of visa applicants are matched against prints in the National Criminal Information Center databases. The regulation, which took effect yesterday, calls for FBI criminal history record summaries to be placed in States Lookout database. State uses the database to screen people entering the country. Visa applicants names will be checked against the summaries to see if they have criminal histories, according to a department notice in the Feb. 25 Federal Register. http://www.gcn.com/vol1_no1/daily-updates/18037-1.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA. </embed;>