April 18, 2002 FBI Sting Nabs Trade Secret Thief Offering to Sell Information The United States Attorneys Office for the Northern District of California announced that a federal grand jury returned an indictment this afternoon against Tse Thow Sun, age 31, and a resident of Chicago, Il, for theft of trade secrets and interstate transportation of stolen property. The indictment against Tse Thow Sun, a Singapore national, alleges one count of theft of trade secrets in violation of 18 U.S.C. SS 1832 and one count of interstate transportation of stolen property in violation of 18 U.S.C. SS 2314. Mr. Sun was arrested on March 29, 2002, as the culmination of a sting operation conducted by the FBI based on a criminal complaint filed with the Court. http://www.cybercrime.gov/sunIndict.htm - - - - - - - - Cisco Systems vice president declared fugitive A once-promising Cisco Systems vice president has vanished -- and federal prosecutors have declared him a fugitive. Robert S. Gordon, 42, appeared close to a deal that could have resolved federal fraud charges against him when he went on the lam. Now, prosecutors want to seize his Palo Alto home and his $5 million bail. http://www.siliconvalley.com/mld/siliconvalley/3085782.htm http://www.bayarea.com/mld/mercurynews/3086069.htm http://www.theregister.co.uk/content/5/24918.html - - - - - - - - Florida Bank Suffers Online Security Breach A large commercial bank in Florida said Wednesday that "an Internet hacker" penetrated the security of its systems earlier this month and made off with a file containing 3,600 online-banking customer names and addresses. Officials of Republic Bank said the attacker managed to get past the bank's security firewalls but did not access account balances or transactions of its online banking customers. http://www.newsbytes.com/news/02/175977.html - - - - - - - - Palestinian Sites Knocked Offline By Mideast Conflict Contrary to recent reports, Israeli Web sites have not born the brunt of the escalating violence in the Middle East, security experts said today. Indeed, the pace of attacks on Israeli Web sites has slowed sharply this year, even as numerous Palestinian government sites have been unreachable due to the conflict in the region. http://www.newsbytes.com/news/02/175980.html - - - - - - - - ISP forced to pull 'sabotage' site German railway company wins court battle. A Dutch court has upheld a request from German railway company Deutsche Bahn to order internet service provider XS4All to remove documents published by dissident group Radikal. The group advocates disrupting nuclear waste shipments by cutting overhead power lines on train tracks. An XS4All spokesman said that Deutsche Bahn wanted to block the home page of one of its users because it contained two 'sabotage' articles from 1996. http://www.vnunet.com/News/1131036 - - - - - - - - HP worker fired for leaking memo HP has fired an employee who admitted leaking two company memos to the media, Carly Fiorina, the company's chief executive, said Wednesday. In a message to employees that was released publicly, Fiorina also said the company is making progress in its investigation of an internal voice-mail message sent to the Mercury News last week. http://www.siliconvalley.com/mld/siliconvalley/business/companies/hewlett_packard/3085847.htm - - - - - - - - Rep. Goodlatte Calls For 'War' Against Digital Piracy At a digital music conference today, Rep. Bob Goodlatte, R-Va., said that legislators and law enforcers would have to fight and win a "war" against online piracy in order for the digital marketplace to have any chance of realizing its full potential. "This war against piracy must be waged on several different fronts, including the commitment of adequate resources to law enforcement, the cooperation of various industry players, and the education of consumers," Goodlatte said in prepared remarks. http://www.newsbytes.com/news/02/175995.html - - - - - - - - Biting further into 'Carnivore' The Electronic Privacy Information Center (EPIC) has won another round in its effort to obtain further information regarding "Carnivore," the FBI's Internet surveillance system. In an order dated March 25, a federal trial court in Washington, D.C., commanded the FBI to search for further records relating to Carnivore within 60 days. In tandem with records already produced, EPIC may soon get to the heart of Carnivore. The Carnivore Internet monitoring system raises questions about the appropriate balance between privacy and national security/law enforcement interests. http://www.usatoday.com/life/cyber/ccarch/2002/04/18/sinrod.htm http://www.wired.com/news/privacy/0,1848,51917,00.html - - - - - - - - Microsoft's top cop battles software pirates What's the world's largest software company to do when it's losing billions of dollars a year to software pirates, the pirates keep getting more sophisticated, and the feds are too busy fighting other battles to pay much attention? Microsoft's answer: Hire your own cop. The company found its top anti-piracy enforcer in Rich LaMagna, a 27-year veteran of the Drug Enforcement Agency who spent most of his career busting drug lords before joining Microsoft in 1999. http://www.siliconvalley.com/mld/siliconvalley/3085682.htm - - - - - - - - The Security Sentinels Here are the tales of three trailblazers whose work in computer security and forensics have helped shape modern practices. As far back as the 1970s, three women began preparing the world for the havoc about to be unleashed by networked computing. From their humble origins in law enforcement and academia, their influence on computer security practices has spread to government and private sector alike - despite the fact that two of the women had virtually no IT or scientific backgrounds. http://www.computerworld.com/cwi/stories/0,1199,NAV47-81_STO69872,00.html - - - - - - - - eBay tightens rules, members cry foul eBay is tightening up the rules for its community discussion boards, sparking complaints that the rules are choking off the free flow of information among members. Under the new rules, eBay community members can't use the boards to warn others if they were ripped off by a buyer or a seller, they can't ask each other where to find a particular item to buy, they can't share private e-mail, and--if eBay decides to delete an offending post--the members aren't allowed to even discuss the post. http://zdnet.com.com/2100-1106-885783.html - - - - - - - - Privacy fears move closer to reality In a post-Sept. 11 world, the technical opportunities for surveillance seem endless: national identification cards, face-recognition systems and video cameras on street corners. But who will ensure that those technologies are not abused in the name of protecting citizens from terrorism? http://news.com.com/2100-1023-886157.html http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3092215.htm http://zdnet.com.com/2100-1105-886259.html Hollings pulls together Net privacy bill http://news.com.com/2100-1023-886679.html - - - - - - - - Microsoft defends Passport privacy What if technology that could track your every move was embedded in your cell phone, your smart card and your laptop? And what if that information were tied to a database that stored personal information about you? We're not there yet, but as we move toward an increasingly networked world, marketers are salivating over the possibility of linking that data--for example, tying your route home to your penchant for pizza, or your presence at a ball game to your work schedule. http://news.com.com/2100-1023-886552.html - - - - - - - - Another Big MS Browser Hole Found Internet Explorer users who click their browser's back button open the Windows operating system to a malicious hack attack. When users hit the back button on Explorer's toolbar, the browser's security settings for the "Internet" zone can be bypassed, and the browser will automatically execute malicious code embedded into a site's URL. http://www.wired.com/news/technology/0,1282,51899,00.html - - - - - - - - DoS attack storms port 445 Windows 2000 desktop and server versions affected Security experts have warned that default registry settings on Windows 2000 boxes could allow a malicious user to cause a denial of service (DoS) attack through port 445. Research from analyst KPMG Denmark found that default registry settings in the Windows 2000 Lanman network management service could allow a user with access to TCP port 445, also known as the Microsoft-ds port, to effect a DoS attack. Both desktop and server versions of Windows 2000 are vulnerable. http://www.vnunet.com/News/1131065 - - - - - - - - 3Com Nics to fight insider hacking Network Interface Cards have embedded firewalls. With insider attacks on networks becoming more common, 3Com has launched a range of Network Interface Cards (Nics) which contain embedded firewalls. A joint FBI/Computer Security Institute survey of 538 US companies last year found that 49 per cent reported incidents of unauthorised network access by insiders. "Perimeter firewalls are not very good at fighting malicious code on the inside," said Randy Smith, 3Com's product line manager. "You never know if hostile code has taken over a server." http://www.vnunet.com/News/1131060 - - - - - - - - Cookies Take A Bite Out Of Security As if IT managers didn't have enough security headaches, the rise of Web site-based intrusions has risen over the last year, with aggressive cookies and pop-up- spawned spyware leading the charge. Products like the Gator password manager utility are reported to include a Web-user monitoring component, which may even cause Web browsers to crash or behave erratically. Those aren't the only problems. Hackers also can take advantage of poorly coded Web site softwareincluding unencrypted cookies, shopping carts, or vulnerable CGI scriptsto invade users' computers. Over the horizon, peer-to-peer sharing products like Kazaa are looking to hijack users' CPUs. http://content.techweb.com/tech/security/20020417_security http://news.zdnet.co.uk/story/0,,t269-s2108712,00.html Kazaa Lite: No Spyware Aftertaste http://www.wired.com/news/mp3/0,1285,51916,00.html EU shifts stance on cookies http://news.com.com/2100-1023-886237.html http://news.zdnet.co.uk/story/0,,t269-s2108721,00.html - - - - - - - - Not just sci-fi: Uncrackable encryption When I first heard about the encryption technique developed by Dr. Richard Hughes, it sounded like science fiction. After he explained it to me in detail, it still sounded like science fiction. Imagine, if you will, a means of delivering encryption keys that is so secure that it's impossible to break because doing so would violate the laws of physics. In other words, the delivery method is so secure, it's protected by the very fabric of the universe. http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2861716,00.html - - - - - - - - Digital Rights Management -- the European debate begins The Copyright Directive must be in force by December - how well can the European system cope with digital rights? Digital Rights Management Systems ("DRMS") are technological measures which offer the potential for copyright owners to control the exploitation of their digital assets. At a workshop in Brussels in February last month, the European Commission kick- started a dialogue with industry, consumer rights groups and other interested parties on achieving workable legal and commercial solutions for the use of Digital Rights Management Systems (DRMS). http://techupdate.zdnet.co.uk/story/0,,t481-s2108729,00.html - - - - - - - - Bug Watch: All quiet on the virus front But is the next Melissa just around the corner? Each week vnunet.com asks a different expert from the antivirus world to give their views on recent virus and security issues, with advice, warnings and information on the latest threats. This week's expert is Jack Clark of Network Associates. http://www.vnunet.com/News/1131061 - - - - - - - - The Heart of a Killer Network Security System 'Of course, this risk and vulnerability assessment process is continual [because] the price of security is eternal vigilance,' IDC vice president Chris Christiansen told NewsFactor. When asked what he believes would be the ultimate network security system, Charles Kolodgy, Internet security group research manager at IDC, told NewsFactor that the ultimate network security system would be one with no connections. http://www.newsfactor.com/perl/story/17321.html - - - - - - - - Guess what's in your hard drive? Virginia Watson unwittingly authorized a company she'd never heard of to install software that would help turn her computer into part of a brand new network. The software, from Brilliant Digital Entertainment, came with the popular Kazaa file swapping program. But the 65-year-old Massachusetts resident--who has a law degree--didn't read Kazaa's 2,644-word "terms of service" contract, which stated that Brilliant might tap the "unused computing power and storage space" of Watson's computer. http://news.com.com/2009-1023-885144.html - - - - - - - - What are the Repercussions of a BSA Audit? Maintaining proper software licensing may be a challenge, but the consequences of noncompliance can be staggering. Find out what actions the Business Software Alliance takes to protect software companies' intellectual property rights. http://www.techrepublic.com/article_guest.jhtml?id=r00220020418rgi01.htm - - - - - - - - In depth: Securing data is a business issue Security isn't just for techies anymore. In the current business environment, marked by the dot-com down-turn, the threat of terrorism, and ever-present hackers, executives must understand security as a business issue. Michael J. Corby, in his Auerbach Publications article "Security is all about business, not technology," predicts that corporations will become more aware of security and more concerned with how security operations are financed, from the technology used to the people involved. http://www.techrepublic.com/article_guest.jhtml?id=r00520020416ern01.htm - - - - - - - - Will Microsoft cooperate on identity services? I always thought the "HailStorm" code name for Microsoft's .Net My Services was a little harsh --after all, no one wants to be caught in an icy downpour. Apparently, enterprises felt the same way and ran for cover when Microsoft suggested it would be happy to maintain their customers' identities for them. According to .Net product manager Adam Sohn, the message Microsoft got from enterprises was loud and clear: "We don't want this dependency. Ever." http://zdnet.com.com/2100-1107-885839.html - - - - - - - - Virus Protection Policy End users can be the weakest link in protecting your network from the spread of viruses. Download our policy template to help you create your own virus protection policy that spells out how viruses work and what to do if a user encounters one. http://www.techrepublic.com/download_item.jhtml?id=r00320020412wtn01.htm - - - - - - - - What You Need to Know for the MCSE Security Design Exam Every Win2K MCSE has to complete one of four design exams. These exams test your ability to put together IT solutions based on detailed case studies. This article looks at exam 70-220, Designing Security for a Microsoft Windows 2000 Network. http://www.techrepublic.com/article_guest.jhtml?id=r00220010924jsm01.htm - - - - - - - - Can search engines track down terrorists? Search companies are offering their services to government agencies, where crucial records may be being overlooked because of format or filing overload. Several search companies are offering technology to help government agencies organise their records. It could stop anti-terrorist information from falling through the cracks. http://news.zdnet.co.uk/story/0,,t269-s2108677,00.html - - - - - - - - National ID Plans Face Hurdles Distributing thousands of card readers, guarding against corrupt insiders, defending against fraudsters and hack attacks... Plans to create a national ID card are fraught with peril. The attacks of September 11 prompted several proposals for national identification cards, but such systems have not been adequately evaluated to determine their overall goals and prevent potential abuses, according to panelists at the Computers Freedom and Privacy Conference, which opened today in San Francisco. http://online.securityfocus.com/news/371 - - - - - - - - Lawmakers Will Move To Block Spectrum Auction A quartet of influential House lawmakers say they will attempt to block the Federal Communications Commission's (FCC) plan to auction off a valuable swath of airwave spectrum. "This auction is not ready for prime time," House Commerce Committee aide Ken Johnson said today. "The FCC has no (third-generation wireless) plan in place, they have no (high-definition television) plan in place and most importantly, they have no spectrum management plan in place." http://www.newsbytes.com/news/02/175991.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.