May 8, 2002 Judge: Elcomsoft Case Can Proceed A federal judge ruled on Wednesday that the copyright infringement case against the Russian software company Elcomsoft can go on, dismissing the defense's claim that key provisions of the Digital Millennium Copyright Act are unconstitutional. U.S. District Court Judge Ronald Whyte of San Jose said that the DMCA was neither vague nor did it violate the First Amendment, as Elcomsoft had argued. Although the judge agreed with Elcomsoft that computer code is speech, he said that the DMCA does not unconstitutionally ban that speech.,1283,52404,00.html - - - - - - - - Handsets key to Vivendi vote 'piracy' An alleged episode of vote 'piracy' at the Vivendi Universal general meeting is to be investigated by the Tribunal de Commerce de Paris, the body that presides over corporate legal disputes in France. The Tribunal authorized the investigation into the 'malfunctions' that occurred during the course of the general meeting held on April 24, which was intended to gain the seal of approval for corporate investments urged by chief executive Jean-Marie Messier but the result has been overshadowed by claims of vote hijacking.,,t269-s2109881,00.html Tribunal examines Vivendi piracy claim - - - - - - - - Xbox 'Emulator' Front For Online Money-Making Scam A new fraud by Internet scam artists attempts to tap into video game aficionados' burning desire to play Microsoft Xbox games on their personal computers. An "Xbox emulator" currently being offered for free on the Web is actually a Trojan horse designed to covertly rack up money for its authors using pay-for-click and other schemes, malicious code experts said. - - - - - - - - 'Cute' Trojan Could Take Over Your PC - Anti-Virus Companies A moderately dangerous Trojan horse that might let an outsider take over someone's computer is circulating by e-mail, two anti-virus companies warned today. According to Symantec and McAfee, the e-mail in question has the subject line: "Thoughts..." with a message that reads, "I just found this program, and, I don't know why...but it reminded me of you. Check it out." - - - - - - - - Virus Hoax Making The Rounds - 'JDBGMGR.EXE' A virus warning is making the rounds urging people to search for a purported virus on their hard drives - a file named JDBGMGR.EXE. Chances are, they will find it, because the "warning" is a hoax. According to several anti-virus companies, the hoax first appeared in April, but two new variants of the message have been spotted in the last three days. - - - - - - - - 'Nimda,' 'Code Red' still alive and crawling When computer security historians look back at 2001, the emergence of the "Nimda" and "Code Red" worms will likely sit close to the top of their significant events lists. Both worms were heralded as threats that could have brought down large sections of the Internet, but when this didn't happen the security spotlight quickly moved elsewhere. - - - - - - - - House OKs stiffer cybercrime penalties Computer criminals would face increased penalties, and Internet users would face greater surveillance by access providers, under a bill approved Wednesday by a House of Representatives panel. Spurred by worries about electronic terrorism, a dramatic increase in computer viruses and other Internet intrusions, the House Judiciary Committee unanimously approved a bill that seeks to better coordinate efforts to fight cybercrime while increasing recommended sentences for those found guilty. House Keeps Focus on Cybercrime,1283,52388,00.html - - - - - - - - Top Argentine court wants law against hackers Argentina's Supreme Court wants legislation to outlaw computer hacking after rights activists allegedly vandalized its own Web site but escaped punishment because no law covers digital attacks. A federal court threw out a case in April against a group of hackers, known as the ``X-Team,'' who were charged with defacing the site in 1998 with accusations the South American nation's top judges covered up the murder of a journalist. - - - - - - - - Long-awaited privacy bill unveiled Several U.S. lawmakers introduced a long-awaited privacy bill Wednesday that would allow U.S. businesses to share information about customers who have not explicitly forbidden them to do so. MORE THAN A YEAR in the making, the privacy bill unveiled in the House differs from a competing bill making its way through the Senate that would require businesses to get consumers explicit permission before sharing sensitive information such as income level, religious affiliation or political interests. - - - - - - - - Privacy Groups Want Tougher DoubleClick Settlement The Electronic Privacy Information Center (EPIC) and privacy advocacy firm Junkbusters have filed a formal objection to a proposed settlement of litigation against online advertising company DoubleClick. Several class-action suits against DoubleClick alleging privacy violations have been consolidated, and the matter is being heard in the U.S. District Court in the Southern District of New York. EPIC and Junkbusters filed their objections in advance of a hearing scheduled for May 21. - - - - - - - - When Kid Porn Isn't Kid Porn The photograph captures two boys, about 6 or 7 years old, cavorting naked on a beach. One of the boys looks coyly over his shoulder. The other has an erection. Child pornography or art? Definitely art, according to a growing number of websites charging up to $40 a month for subscribers to gain access to images of naked children as young as 4 years old.,1367,52345,00.html Behind the Kid 'Erotica' Scenes Sites that compile images of naked children and charge members to access them - otherwise known as "child erotica" sites - are a booming business. Type "boys cash" or "lolitas cash" into a search engine and you'll tap into a long list of child erotica sites looking for webmasters to carry their banner ads and drive traffic to their homepages. For every membership obtained through such an ad, the child erotica site typically pays webmasters 60 percent of the membership fee, which starts at $40 a month. More information about how the terms work is available here.,1284,52371,00.html - - - - - - - - Verisign To ID New Ebay Sellers, Auction Domain Names Individuals signing up to sell merchandise on Ebay will soon have to prove to e-commerce security company Verisign that they really are who they say they are. In a "multi-year services and marketing alliance" announced by the two companies today, Ebay will use Verisign's Authentication Service Bureau (ASB) to identify Ebay sellers during the registration process on its site. Verisign says its ASB allows companies to outsource the task of validating individuals' identities and can also issue digital certificates that can be used to confirm those IDs. - - - - - - - - Microsoft Warns of Critical Instant Messaging Flaw A security flaw in Microsoft's instant messaging services could enable remote attackers to take control of users' computers, the company warned today. Microsoft has rated the vulnerability "critical" on client systems and advised customers using MSN Messenger and Exchange Instant Messenger to immediately upgrade to a new version released today. - - - - - - - - IBM report cites mobile phone hacking risks The majority of GSM phones can be cloned in just a minute or two, IBM says. IBM researchers released a report on Tuesday showing that some cell phones' security cards could be cloned in minutes, letting hackers make calls and route charges to the cloning victim's account. The hacking technique studied by the researchers, known as a partitioning attack, analyses power fluctuations in a phone's security identification module (SIM) card, allowing an attacker to divine the security codes stored inside.,,t269-s2109824,00.html - - - - - - - - Microsoft Witness Raises Windows Security Issues Hackers, software pirates and purveyors of computer viruses could cause more damage if antitrust sanctions sought by state prosecutors are imposed on Microsoft Corp., a top company official testified yesterday. James Allchin, the most senior Microsoft executive other than Chairman Bill Gates to appear at federal court hearings, laced his written testimony with national security concerns, noting that computers running the Windows operating system are used by the Defense Department and U.S. armed forces in Afghanistan and elsewhere.,1551,52373,00.html - - - - - - - - Hackers say holes exposed retail data White-hat hackers last week discovered vulnerabilities in the wireless networks of two major retailers -- holes that they claimed exposed data that appeared to include customer information. On May 1, an anonymous hacker posted a message on an online security mailing list stating that he had discovered holes in the wireless LANs operated by Best Buy. Later that day, Jonas Luster, co-founder of security consultancy D-fensive Networks Inc. in Campbell, California, told Computerworld that he had conducted a test of networks operated by a San Jose outlet of The Home Depot and found similar vulnerabilities. - - - - - - - - Sun burnt by second bug in a week Flaw affects default installation of cachefsd daemon Sun Microsystems' Solaris operating system has come a cropper for the second time in a week after the Computer Emergency Response Team (Cert) published another security advisory on Monday. Coincidentally, the new found vulnerability affects exactly the same version of the operating system as the flaw found in the Solaris rwall daemon last week - 2.5.1, 2.6, 7, and 8 on both Sparc and Intel architectures. - - - - - - - - 11 courts put criminal case files online Eleven federal courts are letting the public access criminal case files online. The effort is part of a pilot program by the Judicial Conference of the United States to study privacy and public access to electronic files in criminal cases. Users can access the files through the federal courts Public Access to Court Electronic Records system for seven cents per page, Judicial Conference officials said. - - - - - - - - McAfee unveils spam software Security company McAfee this week took the wraps off newly branded filtering software that helps consumers dodge unsolicited commercial e-mail, or spam. The Sunnyvale, Calif.-based company acquired the software, called SpamKiller, and related intellectual property from its creator, Norway-based Novasoft, for an undisclosed amount last month. The technology, which costs customers $29.95, works in conjunction with the e-mail client to scan all incoming messages for language and headers commonly found in junk mail. It then deletes the junk mail and gives consumers options to report the spammer to its Internet service provider, among other features. - - - - - - - - Wind River Seeks Wi-Fi Security "Wind River Systems is looking to quell one of the vexing worries over wireless -- WLAN security -- with new software that aims to let developers build more secure networks based on the increasingly popular Wi-Fi standard..." "'As it started to get popular ... so did the opportunities to break into the networks,' Gartner security analyst John Pescatore told Wireless NewsFactor. The most overlooked security challenge that WLANs face, he said, is from hackers pretending to be an access point on the network. It takes a good deal of security protocol to address that problem..." - - - - - - - - IT Security Experts Match Wits in Hacker Challenge Contestants in the Honeynet hacker intrusion contest will investigate and explain items such as the source of the hacker's binary code, its features, its encoding process, a detection method that would have identified it, and two tools similar tools that have been discovered in the past. - - - - - - - - Cable Modem Hacking Goes Mainstream An ambitious hackware project promises to bring illicit broadband "uncapping" to the masses, and with it the risks that come with high-speed hijinks. From a pitiable 56kbps AOL dial-up somewhere in suburban Colorado, 19-year-old Myko Hein would like to tap out this sad, regretful message to the powers- that-be at his former cable Internet provider, AT&T Broadband: I was wrong. It'll never happen again. Please take me back. - - - - - - - - Securing Exchange 2000, Part Two This is the second installment in the two-part series on securing Exchange 2000. The first article offered a brief overview of implementing Exchange 2000, along with some exploits that systems administrators need to be aware of. This installment will focus on secure configuration and administration of Exchange 2000, including locking down Exchange, and an analysis of some publicized vulnerabilities. Secure Administration. Now that we have covered some of the basics of implanting Exchange 2000, lets step away from the assessment side, and get into securing it. Securing Exchange 2000, Part One *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2002,, Campbell, CA.