May 28, 2002 Philippines' Landmark Hacking Case Goes To Trial The first hacking case to be filed under Philippine laws went to trial today, starting a ground breaking legal process that is being viewed as a test case for Internet-related crimes in the country. Charged with violating a provision of RA 8792, also known as the e-commerce act of 2000, was Leilani Garcia, a former employee of the complainant, Thames International Business School. - - - - - - - - Prosecution Concludes Case in U.S. Trial of Andersen The prosecution rested its case today in the obstruction of justice trial of Arthur Andersen, after a cross-examination in which the government's last witness was challenged by the defense about the significance of the accounting firm's deletion of thousands of e-mail notes last fall. The witness, Paula Schanzle, an agent for the Federal Bureau of Investigation, worked on the Andersen investigation. During the cross-examination, Rusty Hardin, the lead trial lawyer for the accounting firm, repeatedly questioned whether misleading information had been submitted to the jury about the e-mail deletions. - - - - - - - - Steffi Graf wins case against Microsoft Germany over fake photos Former tennis star Steffi Graf won a court case against Microsoft Germany on Tuesday over fake nude photos of her that were posted on a Web site run by the company. The state appeals court in Cologne upheld a ruling last October by a lower court, which had ruled that Microsoft Germany was responsible for the content of the site and must ensure that such pictures don't appear there. - - - - - - - - Justice officials to unveil plans for restructuring the FBI Attorney General John Ashcroft and FBI Director Robert Mueller will hold a press briefing Wednesday to detail their plans for restructuring the FBI, an agency spokeswoman confirmed Tuesday. Along with hiring new agents, the plan will call for 14 new sections to the counterterrorism division that will specialize in terrorism, technology, languages, intelligence gathering, cultures and other areas, according to news reports. Agents from the white-collar and anti-drug divisions may be reassigned to counter-terrorism operations. - - - - - - - - Net effect: Antiterror eavesdropping Privacy advocates worry civil rights may be trampled. In the seven months since the passage of a sweeping law to combat terrorism, Internet and telecommunications companies have seen a surge in law enforcement requests to snoop on subscribers. Privacy advocates fear that expanded police power under the Patriot Act -- combined with lax oversight and increased cooperation between the government and private sector phone network and Internet gatekeepers -- may be stomping on civil liberties. - - - - - - - - Lawsuit Seeks to End Spam Emails Sent by Niagra Falls Company. Spitzer Says Company Sent More than 500 Million Unsolicited Messages to Consumers Attorney General Eliot Spitzer today filed a lawsuit against a Niagara Falls-based "spammer" that sent hundreds of millions of emails to consumers whom it falsely claimed had requested the emails. "Every day New Yorkers are being inundated with unsolicited commercial emails, or spam," Spitzer said. "Some of the spam is a vehicle for fraud, some of the spam is inherently fraudulent, and much of it constitutes a real annoyance for email user. This lawsuit is the next battle in our continuing fight against online fraud, and an attempt to help consumers maintain control of their email in-boxes." - - - - - - - - Microsoft SQL Worm Crawls To Top Of Attack Charts An Internet worm that targets insecure Microsoft databases has quickly displaced forerunners Code Red and Nimda as the top source of computer attacks, experts said. Since May 20, the SQLsnake worm, also known as Spida and Digispid, has been probing port 1433 on thousands of Internet- connected systems in an attempt to locate machines running Microsoft SQL without proper password protection on the system administrator account. - - - - - - - - Klez surpasses SirCam in virus stakes Klez.h appears to be overtaking SirCam as the most virulent computer virus to date. According to antivirus outsourcing firm MessageLabs, which scans e-mails for corporate clients, Klez.h over- took SirCam on Sunday and continues to spread, with the company's servers blocking up to 20,000 copies every working day. To date, MessageLabs has stopped over 800,000 copies of Klez.h. This particular version of the virus, which surfaced in April, is also known as Klez.g and Klez.k, depending on the security advisory that is referring to it. - - - - - - - - MS privacy policies under EU probe The European Commission is checking whether Microsoft's system of collecting personal data from Internet users breaks privacy laws, compounding the software giant's antitrust probe headaches in Europe. The European Union's executive arm announced its investigation into Microsoft's free. Net Passport service in a written response to a question from Erik Meijer, a Dutch member of the European Parliament. - - - - - - - - Report: Hole found in Excel A security hole in Microsoft's Excel XP spreadsheet application could allow hackers to take over a user's PC by using specially formed XML stylesheets. According to security expert Georgi Guninski, the problem occurs when a user opens an Excel spreadsheet file and chooses to view it with an XML stylesheet. If the stylesheet contains specially formed code, said Guninski in a security note on his Web site, the PC will try to run that code. - - - - - - - - Intrusion-detection net revived The General Services Administration and Carnegie Mellon University this fall will start testing a new technology to analyze and report on patterns in the cyber intrusion information gathered across government, an idea that was first floated and eventually sunk two years ago. The data analysis capability (DAC) being developed by the CERT Coordination Center for GSA's Federal Computer Incident Response Center will analyze data already being collected by intrusion- detection systems at many agencies, said Sallie McDonald, assistant commissioner for information assurance and critical infrastructure protection at GSA. - - - - - - - - New Sophos Service Updates Virus Files Online British antivirus software vendor Sophos PLC is establishing an automated online service to update virus signature files. Users can schedule automatic updates from the Sophos server as often as eight times a day, or on request. "It's more of a pull technology than a push," Sophos technology consultant Chris Wraight said. The company's federal customers include the White House, the CIA and Fort Meade, Md., home of the National Security Agency. - - - - - - - - FAA employees to try smart cards The Federal Aviation Administration will run a trial program this summer issuing smart cards to its employees and some contract workers. The FAA will put out a request for proposal in the next week or two and hopes to begin issuing cards later this summer, said spokeswoman Tammy Jones. The cards will initially be used as ID badges, but the FAA plans to add biometric data and eventually use the cards to control access to locations and computers, she said. - - - - - - - - Head off hoaxes You've almost certainly received an e-mail warning you about a new virus. You know the type--one of those mass e-mails containing warnings of all sorts of dire things that can happen if the described virus or worm gets loose on your system. The e-mail goes on to list the name of the offending file, and tells you that all you need to do is delete the file, and the threat will be gone.,14179,2866829,00.html - - - - - - - - Big Brother is on your data trail The concept of Big Brother usually conjures up an invasive form of surveillance, like the manager who decides that it's OK to hide a video camera in the company locker room or bathroom. Our attention is most often drawn to such egregious transgressions, where devices or probes are secretly planted to watch us or monitor our digital behavior. Meanwhile, we're leaving a bread-crumb trail that advertises our whereabouts as blatantly as giant signs in fluorescent pink proclaiming "Kilroy was here.",14179,2867282,00.html - - - - - - - - Security Hole Striptease By letting the public catch a tantalizing peek at unannounced security holes, one prolific bug- finder turns up the heat on vendors to close them. The success of "SQLSpida," the worm that targets MS-SQL servers set upon the Net with a blank "SA" password, is testament to how badly basic security education is still needed. As always, I place primary blame on the administrators of these boxes-leaving the SA password blank on any installation is a rookie move. *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2002,, Campbell, CA.