May 6, 2002 Man Gets 10 Months For Ebay Explosives Auction A California man who used Ebay to auction off explosives online has been sentenced to 10 months in prison. Roger Ver, 22, of San Jose, Calif., received the sentence Friday after pleading guilty to several charges, including dealing in explosives without a license, illegally storing explosives and mailing dangerous explosive material in violation of postal regulations. - - - - - - - - 'Kournikova' virus writer appeals sentence Jan de Wit, the 21-year-old Dutchman who was sentenced last September to 150 hours of community service for creating and sending out the "Anna Kournikova" e-mail worm, is appealing the verdict, his lawyer said Friday. "My client does not agree with the conviction. We believe that he should be found not guilty," said Theo Jansen, De Wit's lawyer in Sneek, the Netherlands. "You could say that my client was clueless. But he disputes that his intent was to do damage and it has not been proven that great damage was done." - - - - - - - - 'Spidey' Already Being Swapped By Online Pirates While Columbia Picture's new "Spider-Man" movie was breaking box-office records over the weekend, Internet movie pirates were busily downloading free copies of the film on file-trading networks. By Saturday, pirated versions of the comic book inspired movie were showing up in "screener" format on the EDonkey, Kazaa, and Morpheus Internet file-swapping systems. - - - - - - - - Iowa Targets Online Herbal Remedy Shop For Pets The hunt for Internet fraudsters took a rural turn last week, when an investigation by Iowa's agriculture department became a lawsuit against a small company that uses the Web to sell herbal remedies for pets. But the operators of the Pet Medicine Chest of Woodbine, Iowa, told Newsbytes today that they wonder why state Attorney General Tom Miller is complaining if its 10,000 customers are not. - - - - - - - - ISP Can Finally Disconnect Spammer, Court Rules After more than a year of battling with bulk e-mailer MonsterHut, a Rochester-based Internet service provider (ISP) has been given permission by a New York State appeals court to disconnect the company it says is a notorious spammer. The decision Friday reversed lower court rulings last year that kept online even though PaeTec Communications of Fairport, N.Y., near Rochester, said MonsterHut had contravened its anti-spam policy. - - - - - - - - Anti-Piracy Group Nabs Mojo The Business Software Association of Australia (BSAA), an anti-piracy group, has tacked the skin of the flamboyant ad agency Mojo Australia to its trophy wall. Mojo, an arm of Publicis Communication, which claims to be Australia's leading advertising group, was found to be using unlicensed copies of Microsoft Office, Adobe Photoshop, Illustrator and Acrobat, according to the BSAA. - - - - - - - - Domain owners could face the slammer People who provide false data when registering a domain name on the Web could be thrown into jail for up to five years, if a recently introduced bill becomes law. Reps. Howard Berman, D-Calif., and Howard Coble, R-N.C., introduced the legislation Thursday, targeting Internet address registration procedures that make it easier for Web site publishers to stay anonymous. - - - - - - - - Chernobyl virus hitches a ride The Klez worm just keeps on giving. The persistent pest, which made a strong comeback last month in the form of the Klez.h variant, is now helping revive the Chernobyl virus, according to a new report from antivirus company Symantec. The report says that a virus known as W95.CIH.1049, a slight variation of the W95.CIH bug dubbed the Chernobyl virus when it began spreading four years ago, has been detected in recent infections of the Klez worm. The main difference with the new virus is that it's set to activate on Aug. 2 of every year, as opposed to the April 26 attack date of the original Chernobyl. - - - - - - - - Code Red remains a major threat Security researchers presented data on Friday indicating that Code Red version 2, a 9-month- old worm, continues to spread slowly across the Internet, compromising computers and leaving them easily accessible to malicious attackers. At present, more than 18,000 systems appear to be infected and, with a simple command, could be co-opted into an attack that could take down any Web site, said Dug Song, a hacker and security architect for network protection firm Arbor Networks. Song was speaking at the CanSecWest security conference here. - - - - - - - - Midwest Express hackers cause a stir The self-proclaimed Deceptive Duo that hacked into Midwest Express Airlines intranet say their goal was to embarrass the airline, which is part of the nations transportation infrastructure and therefore essential to homeland defense. - - - - - - - - Cyberspace Full of Terror Targets Officials are most concerned that a cyber attack could be coupled with a conventional terrorist attack, such as those on September 11th, and hinder rescue efforts. Government and private computer networks are facing new threats of terrorist attacks, ranging from an attempt to bring havoc to a major city to nationwide disruptions of finances, transportation and utilities. But people with knowledge of national intelligence briefings say little has been done to protect against a cyber attack. Some of the threats come from individuals who might have connections to Osama bin Laden's al-Qaeda network in Pakistan and elsewhere, those who have been briefed say. - - - - - - - - AIM security hole still threatens users AOL Time Warner failed to properly fix a security hole in its AOL Instant Messenger application, leaving its users vulnerable to a new way to exploit the same flaw, a security researcher said this weekend. The glitch's latest incarnation could have been just as dangerous as the previous version, publicized in January, opening the way for malicious AIM users to execute any program on a vulnerable user's computer, said Matt Conover, a hacker with a security research group known as "w00w00." - - - - - - - - Online banking: Web services may create vulnerabilities The increasing popularity of Web services is a potential security headache for users and banks alike, as software vulnerabilities may leave holes for hackers to enter through. Alec Wilder was livid when he realised that the only way to pay for Yahoo's email forwarding service was to sign up for the company's electronic payment system.,,t269-s2109660,00.html Online banking: A veil of safety Security incidents are 'definitely increasing' but financial institutions are loathe to reveal breaches that could have an impact on customer confidence. Late one recent Sunday night, an executive at a midsized financial services firm received the kind of call everyone in the industry dreads: a demand for $1m, or else the brokerage's network would crash the next day with a surreptitiously installed program.,,t269-s2109638,00.html - - - - - - - - Legal protection turns service providers into speech police A 1998 federal law meant to combat digital piracy is increasingly being used to challenge free speech online as well. In one recent case, the search engine Google removed links to a Norwegian site that criticizes the Church of Scientology International after the organization complained of copyright violations. - - - - - - - - China shuts unlicensed Internet cafes in Shanghai, report says Nearly 200 unlicensed Internet cafes were shut down recently in the eastern Chinese city of Shanghai, state-run media reported Monday. The city's Bureau of Commerce and Industry closed 122 establishments in early Monday and more than 75 others at the end of April, Xinhua news agency said. The latest campaign targeted Internet cafes in the Shanghai suburbs, it said.,1283,52330,00.html - - - - - - - - Cisco beefs up security software Cisco Systems has expanded its security for business-class networks with new intrusion- detection software. The networking company introduced three new products Monday that build on Cisco's current IDS (intrusion detection solutions) line of products used to protect virtual private networks. The Cisco IDS 4250, designed to protect high- bandwidth environments, is available now starting at $25,000. The Cisco IDS 4235, aimed at midsize businesses, retails for $12,500, while the Cisco IDS Device Manager and Event Viewer, which allows for remote management and improved analysis and data mining, is available free of charge for users of Cisco's IDS Software version 3.1. - - - - - - - - Absence of Virus-Rating Standard Another Headache for Computer Users Antivirus companies say one of the biggest obstacles to coming up with a universal rating system is that they tailor their ratings to their own customers. Here's a riddle for computer users: What's the difference between the W32/Klez.H virus and mailto:W32.Klez.G, Win32.Klez.I@mm and Klez.K? The answer, it turns out, is nothing. They're all names for the same bit of malicious software that's been crisscrossing the Internet for the past few weeks. There are no official standards for naming nasty computer bugs. So when this latest variation of the "Klez" worm emerged, anti-virus software makers each had their own idea of what it should be called. - - - - - - - - Wireless computer networks raise privacy concerns Wireless networks are appearing with increased frequency at coffee shops, colleges and even retail stores, and their popularity is raising concerns about privacy. Just this week, Best Buy suspended use of wireless cash registers over concerns that eavesdroppers could obtain credit card numbers and other customer data by sitting in the parking lot with the right equipment. - - - - - - - - Symbol adopts wireless VPN tech Encryption for wireless systems will save cash registers from drive-by hackers, promises Symbol and security vendor Columbitech Symbol Technologies, the leading vendor in so-called "blue collar" wireless applications such as warehousing, retail check-outs and delivery, will launch a secure component for its AirBeam wireless network management suite at Networld+Interop in Las Vegas on Monday.,,t269-s2109649,00.html - - - - - - - - Working in a network war zone Even before the CanSecWest security conference started on Wednesday, unknown hackers had given the hotel's high-speed network a case of the hiccups. By Wednesday evening, the system was laid out flat. The pros were peeved, and a call for an electronic posse went out. "We're forming a hunting party," Dragos Ruiu, independent security consultant and conference organizer, told the room of nearly 150 hackers and security experts late Thursday afternoon. "If anyone wants to help us find out who's...poisoning the hotel network, talk to me." But that evening, the vandal stayed offline and the hotel network was, for a little while, glitch free. - - - - - - - - Simplicity is the key to security The name of the security game these days is simplicity. Last week, Check Point introduced SmartDefense, a product designed to make configuring its firewalls easier. Meanwhile, McAfee kicked off its SecurityCenter, which makes it easier to check your security installations. Both products are designed to make security management easier. This is important because managing enterprise security has grown increasingly complex, and many companies don't do the job properly --not because they don't care, but because they don't know how. There's a shortage of skilled managers, and other factors present a challenge. - - - - - - - - IDS Evasion Techniques and Tactics Blackhats, security researchers and network intrusion detection system (NIDS) developers have continually played a game of point-counter- point when it comes to NIDS technology. The BlackHat community continually develops methods to evade or bypass NIDS sensors while NIDS vendors continually counter act these methods with patches and new releases. Due to he inherent complexities involved in capturing, analyzing and understanding network traffic there are several common techniques that can be used to exploit inherent weaknesses in NIDSs. - - - - - - - - Patch Management Done Right How good is Microsoft's might-maligned MBSA security tool? It even tells you about the patches Redmond tries to slip under the radar. There is no getting around the fact that the even the nominal use of Microsoft products requires regular compo- nent upgrades and patches. When you are a card- carrying Microsoft supporter like I am, and your infrastructure runs the gamut of their product offerings, updating servers and workstations can get downright ugly. Just maintaining the critical updates containing security rollups and patches can be taxing. - - - - - - - - 4 Million At DOD To Use Biometrics Within two years, all U.S. Defense Department workers will enter their facilities via fingerprint or iris authentication. The biometric technologies will become part of a redesigned Common Access smart card, said Linda Dean, chief of DOD?s Biometrics Management Office. Dean said DOD plans to issue the smart cards to all active- duty and civilian personnel, as well as military reservists and contractors working in secure DOD facilities. She also said the agency eventually would issue cards to retired employees and family members of active-duty personnel, bringing the total number of cards in circulation to about 4 million. - - - - - - - - Homeland security report will lack consensus, Ridge says A report due to the president by mid-year on the status of homeland security likely will not have consensus, White House Homeland Security Director Tom Ridge said Monday. "I already told the president, 'Do not expect a consensus document,'" Ridge said at the Council of the Americas annual conference at the State Department. "We do not have time to build consensus." *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2002,, Campbell, CA.