March 4, 2002 Worker Accused of Selling Colleagues' ID's Online A former employee of the Prudential Insurance Company was arrested yesterday and charged with stealing the identities of colleagues from a database containing 60,000 names and selling some of them over the Internet as part of a credit card scam, federal prosecutors in Brooklyn announced. While working in the tax department at Prudential, the former employee, Donald Matthew McNeese of Callahan, Fla., stole the database of personnel records, making it one of the largest potential identity-theft cases ever, said Jim Walden, the assistant United States attorney prosecuting the case for the Eastern District of New York. Mr. Walden would not specify how many people had money stolen in the scam. (NY Times article, free registration required) http://www.nytimes.com/2002/03/02/technology/02INTE.html - - - - - - - - Hacker claims Web worm meant to combat sexism A hacker claiming to be a 17-year-old girl says she wrote a new worm targeting Microsoft Corp.'s .NET Web services platform to prove women are capable of creating computer viruses and make a statement against sexism, a computer security company said Monday. Dubbed the ``Sharpei'' worm, it is believed to be the first virus written in C-sharp, the programming language which runs on .NET platforms, said UK-based Sophos, which received a copy of the virus from the programmer. ``She wrote the worm to make a social point'' and dispel the perception that there aren't female virus writers, said Chris Wraight, U.S.-based technology consultant for Sophos. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/2791744.htm http://www.vnunet.com/News/1129687 .Net virus hits C# note A virus written in the C# language has been released to antivirus companies, but is not yet loose in the wild. Virus writers have taken another shot at Microsoft's .Net vision. On Friday, antivirus companies received a copy of a worm called Sharpei, which is partially written in Microsoft's newest computer language, C#, and designed to infect computers loaded with the .Net framework. http://news.zdnet.co.uk/story/0,,t269-s2105445,00.html http://www.theregister.co.uk/content/56/24275.html - - - - - - - - Microsoft Moves Fast To Stop Hacking Rumor Acting quickly to squash rumors, Microsoft today said a strange text file at its site was not the work of hackers but instead was an internal test document. A link to the file, was posted Sunday night by an unidentified person to an encrypted Internet Relay Chat channel for discussing security topics. Before Microsoft changed its contents in response to inquiries today, the file was dated Jul. 24, 2001, and contained 25 short lines of what appeared to be characters randomly chosen from the "A" row of the computer keyboard. http://www.newsbytes.com/news/02/174943.html - - - - - - - - China Impounds Pirated CDs Chinese customs officers have seized the country's biggest haul of pirated CDs after a chase at sea, the Legal Daily newspaper reported on Monday. Four million CDs were impounded from a fishing boat on Saturday by customs officers from the southern city of Shenzhen, but the smugglers escaped in a high- speed boat in the direction of nearby Hong Kong. http://www.wired.com/news/business/0,1367,50805,00.html - - - - - - - - Interior Department Web Sites Back Online The U.S. Interior Department is slowly bringing its constellation of Web sites back online as a court appointed master certifies that the sites do not threaten the privacy of individuals who participate in a 100-year old Native American trust fund program, an Interior spokesman said today. On Dec. 5, U.S. District Court Judge Royce Lamberth ordered nearly all Interior Department Web sites and external e-mail access frozen, after hackers showed how easy it was to break into the agency's computers and set up arbitrary accounts. http://www.newsbytes.com/news/02/174945.html - - - - - - - - Online virus generator causes concern Instant Macro Virus Maker is 'idiot friendly' Antivirus experts have issued a warning over the discovery of an online virus generator. Taking the danger of idiot- friendly kits responsible for the likes of the Anna Kournikova virus one step further, vandals can now create a new virus in seconds without even downloading software. The Instant Macro Virus Maker v1.2 is a website capable of generating enter a name for the virus, some text to display as the payload, and a day of the month to activate. http://www.vnunet.com/News/1129673 http://www.theregister.co.uk/content/56/24272.html - - - - - - - - Experts: Worms will breed in PHP hole With a survey estimating that a million Web sites are vulnerable to a set of newly discovered scripting flaws, security experts are predicting that a worm that uses the software bugs to spread could be on the way. As previously reported by CNET News.com, the flaws occur in Web server modules using the Personal Homepage scripting language, more commonly known as PHP. The language is widely used among sites built on open-source software and allows such sites to create Web pages on the fly. http://zdnet.com.com/2100-1105-850769.html http://news.com.com/2100-1001-850752.html - - - - - - - - Canada's Hero Hacker B.C. Computer Whiz Stalks Pedophile Predators On Internet. U.S. Judge Ronald Kline, a Little League umpire, had contact with numerous boys at ball games, in a mall and at a private health club. A British Columbia hacker who retrieved an electronic sex diary and alleged child sex images from the computer of a senior California judge says he ignored "intimidating" orders by Canadian officials to drop the case, the Citizen has learned. Instead, the hacker, known as OmniPotent, pressed ahead because the judge's journal entries showed an apparent plot to sexually exploit young boys at a private health club. http://www.canada.com/national/story.asp?id={C68F1E4B-9C0E-41DA-BE9F-CBB7D1A 494A4} - - - - - - - - Study: Viruses plaguing corporations Viruses continue to swarm U.S. corporations, with roughly 1.2 million incidents occurring in a 20-month period, according to a new study. ICSA Labs, a division of security-services company TruSecure, surveyed 200 organizations between January 2000 and August 2001 as part of a regular survey sponsored by Gantz-Wiley Research, Network Associates, Panda Software and Symantec Corporation. The attacks work out to about 113 encounters per 1,000 machines per month. It's a figure that's been growing around 20 encounters per 1,000 machines per month since ICSA began taking the survey in 1996. http://news.com.com/2100-1001-850391.html http://www.newsbytes.com/news/02/174942.html - - - - - - - - E-commerce fraud takes a toll on sales Online sales are responsible for a higher percentage of fraudulent transactions than offline ones, according to recent research. Merchants lose a higher percentage of sales to fraud online than offline, according to a new report from GartnerG2. Merchants surveyed by GartnerG2, a service from research firm Gartner, reported that they lost 1.14 percent of all online sales to fraud in 2001, or about $700m. During that same time period, Visa International and MasterCard reported that about 0.06 percent of physical world sales were lost to fraud, said Avivah Litan, research director at GartnerG2. http://news.zdnet.co.uk/story/0,,t269-s2105504,00.html Online Fraud Loss 19 Times Offline's - Gartner More than 5 percent of online consumers last year were victims of credit card fraud, a crime that accounted for more than $1 out of every $100 spent on Internet sales, according to a report published today. Online crooks made off with more than $700 million, a figure that - dollar for dollar - is 19 times the year's offline fraud total, a GartnerG2 survey found. The e-fraud losses make up 1.14 percent of total annual online sales of $61.8 billion. http://www.newsbytes.com/news/02/174918.html http://www.newsfactor.com/perl/story/16599.html http://www.cnn.com/2002/TECH/internet/03/04/fraud.online.survey/index.html - - - - - - - - Technology Imitates Humans To Spot Network Intruders The number of computer break-ins is doubling every year, and the GAO estimates that only 1 percent to 4 percent of these attacks will be detected, and only about 1 percent will be reported, scientists said. Researchers from Penn State and Iowa State universities claim they have come up with data- mining techniques that uncover computer network intruders more accurately than current methods do. http://www.newsfactor.com/perl/story/16605.html Text mining seen as research, security tool Software is already available that can translate foreign languages, turn spoken voice into words on a page and understand e-mail well enough to automatically type customized replies. As programmers continue trying to mimic the human brain, the day may come when software can even read your e-mail and detect lies. In a few months, SAS Institute Inc., the world's largest private software company, will begin selling a package that could be adapted to compare word and grammar patterns to a writer's previous work and reveal inconsistencies. http://www.nandotimes.com/technology/story/282593p-2542675c.html - - - - - - - - Media honcho: Stamp out piracy now A top media executive Monday said 1 million movie files were downloaded illegally on the Internet each day and called for a renewed crackdown on online file services that promote digital piracy. "Our content must be protected from unencrypted, illegal file sharing," Peter Chernin, chief operating officer of News Corp., told an assembly of media executives at the FT New Media and Broadcasting Conference in London. "We're in the process of raising a generation to think that stealing is OK," he added. http://zdnet.com.com/2110-1106-850750.html http://www.wired.com/news/ebiz/0,1272,50798,00.html http://www.wired.com/news/mp3/0,1285,50810,00.html House Cool to Copy Protection http://www.wired.com/news/politics/0,1283,50784,00.html - - - - - - - - Lawyer for Moscow firm says Internet outside U.S. law The defense lawyer for a Moscow company accused of violating U.S. copyright law asked a judge Monday to dismiss charges against the company, arguing that the borderless Internet is outside the jurisdiction of United States law. ``It is a novel argument,'' said Joseph Burton, of the San Francisco firm of Duane Morris, who is representing ElcomSoft Co. Ltd. The software company faces charges of violating the Digital Millennium Copyright Act by selling and conspiring to sell a program that lets people using Adobe Systems Inc.'s eBook Reader copy and print digital books, transfer them to other computers and have them read aloud by the computer. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/2792579.htm http://news.com.com/2100-1001-851418.html http://www.wired.com/news/politics/0,1283,50797,00.html - - - - - - - - Judge puts file swappers in hot seat A federal judge on Monday ordered a trio of popular file-swapping services to stand trial on copyright infringement charges, ending a bid to bring a quick end to their legal troubles with the entertainment industry. Attorneys for defendants Kazaa, StreamCast Networks and Grokster had hoped to convince the judge that their products demonstrated sufficient legitimate uses to qualify for the "Betamax defense"--a copyright safe harbor set by the U.S. Supreme Court in the 1980s that cleared the way for home videotape recorders. http://news.com.com/2100-1023-851332.html http://www.wired.com/news/business/0,1367,50836,00.html Kazaa: A Copyright Conundrum http://www.wired.com/news/business/0,1367,50788,00.html Morpheus hacked in double whammy http://www.vnunet.com/News/1129676 http://www.theregister.co.uk/content/6/24281.html - - - - - - - - Ridge: Homeland security is no Y2K rollover Tom Ridge said he is taking on homeland security the way the government took on the year 2000 systems preparations. The only difference: This task wont end when the next new year begins, the director of homeland security said. Ridge was the keynote speaker at a Council for Excellence lunch in Washington last week where he explained how technology must be used to help keep the nation secure. We must define the mission first and build the technology around it, he said. Once we do that, we are using technology to achieve our goals. http://www.gcn.com/vol1_no1/daily-updates/18111-1.html - - - - - - - - Data-sharing projects gain momentum In what is part of a larger post Sept. 11 trend, the Environmental Protection Agency and other agencies have begun to promote electronic data sharing in the name of homeland security. During last year's anthrax scare, the EPA fielded scores of calls from vendors eager to push their detection and decontamination products. "No one actually had a clearinghouse of technologies for that," said Thomas De Kay, manager of international outreach programs for the EPA's Technology Innovation Office. "As often happens, there was immediate reaction to say, 'Where is this?' " http://www.fcw.com/fcw/articles/2002/0304/news-epa-03-04-02.asp U.S. Agencies Move To Share Online Terrorism Databases French Caldwell, vice president of Internet knowledge management at Gartner, told NewsFactor that the big challenge is going to be promoting collaboration between agencies. According to news sources, several federal agencies are moving to centralize their data in the wake of the September 11th terrorist attacks. In particular, the U.S. Environmental Protection Agency (EPA) has been pushing for electronic records sharing in order to promote homeland security. http://www.newsfactor.com/perl/story/16600.html - - - - - - - - Air Force looks to Web to connect multiple information systems A new Web-based portal connecting thousands of separate information systems will be the foundation for the Air Force's future military operations, the Air Force's chief information officer said Monday. "Information systems are really the backbone of where we're going in the future," John Gilligan said, adding that the military's transformation into the information age requires "very tight partnerships" with the high-tech industry. "We're bringing in industry consultants to help with the process changes and the cultural changes, which tend to be the biggest issues." http://www.govexec.com/dailyfed/0302/030402td1.htm - - - - - - - - Wanted: Evidence of MS security push Five weeks after Bill Gates rang an alarm over security lapses in his company's software, people are still waiting for real evidence that Microsoft has substantially refocused its priorities. Microsoft has released some tools to help developers and customers add more security to their systems and has made much ado about retraining its developers during a security crash course that lasted all of February. But customers are still waiting to see if the company has made a fundamental shift in philosophy, said Alan Paller, director of research for the Systems Administration Networking and Security Institute. http://zdnet.com.com/2100-1104-850236.html - - - - - - - - Chinese legislators slam Internet spam blocks Delegates to China's parliament hit out at Western Internet administrators for blocking e-mails from China in a growing fight over the cross-Pacific flow of junk e-mail, the official Xinhua news agency said Monday. Academics among the 2,987 provincial deputies attending the annual meeting of the National People's Congress also called for laws punishing the distribution of junk e-mail, or ``spam,'' it said. Marketing groups or ``spammers'' often relay junk e-mail through Chinese Internet service providers (ISPs), causing much of the junk e-mail filling screens in the United States to appear to come from China. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/2790683.htm http://www.nandotimes.com/technology/story/280373p-2529969c.html - - - - - - - - E-Mail: Killer App -- or Just a Killer? This indispensable tool for business has a huge dark side that can bring mail servers -- and workers' productivity -- to a halt Few observers have a better view of that ocean of gab called e-mail than Mark Sunner. The chief technology officer of e-mail management company MessageLabs, Sunner oversees a network that processes 4.5 million missives each day. Servers operated and maintained by MessageLabs manage mail delivery and routing for a number of companies, including Bank of England and Conde Nast Publications. http://www.businessweek.com/technology/content/mar2002/tc2002031_3760.htm - - - - - - - - Which CDs Are 'Corrupted'? Someone named "Fat Chuck" Heffner of Cincinnati thinks there are a lot more copy-protected CDs out on the market than have been widely reported, and he has opened space on a Web site devoted to allowing fans to reveal which of their CDs have been copy-protected. The site claims that Universal Music Group began stamping all CDs with copy-prevention code in October, a claim that runs counter to the company's contention that it has thus far only stamped a soundtrack CD. http://www.newsbytes.com/news/02/174932.html - - - - - - - - Curious employees are biggest security risk Forget about Internet crackers, employees are the biggest security problem for most businesses. That's the main conclusion of a survey of UK IT managers which suggests that most firms are prepared for the threats posed by viruses and hackers, but are still struggling to secure data on their own networks. http://www.theregister.co.uk/content/55/24282.html - - - - - - - - "'Hackers' Find No Barrier to Files for Indian Fund" Court-appointed investigator Alan Balaran has proven that the Bureau of Indian Affairs has mismanaged the enormous Indian trust fund accounts. After reading that Interior Department CIO Dominic Nessi admitted that his agency, which houses the bureau, had serious network security problems, Balaran looked into the matter. He found that the data center in Reston, Va., had gaping holes in its physical security, allowing him to walk into the building and retrieve sensitive information from the paper shredder. http://www.nytimes.com/2002/02/26/technology/26INDI.html - - - - - - - - Online Privacy Is Dead - Now What? Seventy percent of surveyed consumers were concerned their transactions might not be secure. Nearly the same percentage worried that hackers could steal their personal data. Your name, address, phone number and Social Security number all are items found on your driver's license -- and on the Web. Rapid commercialization of the Internet has fed a demand for more and more personal information about Internet users. http://www.newsfactor.com/perl/story/16592.html - - - - - - - - A declaration of interdependence Today's critical cyber-security issues can almost make the technology industry nostalgic for the Cold War. Although the Cold War was a time of terrible threat, it also marked an era of stability and prosperity. Security was the province of the military, and companies concentrated on the growth that led the West to decisive economic victory in the Cold War. Today, industry is the target, and the enemy lives among us. As much as 75 to 80 percent of the cyber-security crimes for business today are internal, not external. http://zdnet.com.com/2100-1107-850102.html - - - - - - - - Design the best security topology for your firewall With network security becoming such a hot topic, you may have come under the microscope about your firewall and network security configuration. You may have even been assigned to implement or reassess a firewall design. In either case, you need to be familiar with the most common firewall configurations and how they can increase security. In this article, I will introduce you to some common firewall configurations and some best practices for designing a secure network topology. http://www.techrepublic.com/article_guest.jhtml?id=r00220020227wrr01.htm&fromtm=e101-3 - - - - - - - - LAPD eyes PDAs to monitor racial profiling With a promise that the Los Angeles Police Department is open to innovative technology solutions, Captain Randal Quan, project manager for the Portable Officer Data Device System (POEDS) program, said the LAPD is about to publish its RFP (request for proposal) to use wireless PDAs and software to monitor racial profiling. The POEDS program is meant to be compliant with a civil rights consent decree, and is part of a larger agreement reached between the city of Los Angeles and the United States Justice Department in the Rampart Area Corruption Incident by the Los Angeles Police Department. In the Rampart case, the LAPD was accused of a pattern of excessive force, false arrests, and unreasonable search and seizure. http://www.cnn.com/2002/TECH/ptech/03/04/pda.profiling.idg/index.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.