May 29, 2002 Carnivore Glitches Botched Bin Laden Probe - FBI Memo The FBI mishandled a surveillance operation involving Osama bin Laden's terror network two years ago because of technical problems with the controversial Carnivore e-mail program, part of a "pattern" indicating that the FBI was unable to manage its intelligence wiretaps, according to an internal bureau memorandum released yesterday. http://online.securityfocus.com/news/448 http://zdnet.com.com/2100-1105-927416.html http://news.com.com/2100-1023-927252.html http://www.newsbytes.com/news/02/176790.html http://www.cnn.com/2002/US/05/28/attack.carnivore.reut/index.html http://www.wired.com/news/politics/0,1283,52842,00.html Memo: FBI destroyed terrorism e-mails http://www.usatoday.com/life/cyber/tech/2002/05/28/fbi-emails.htm FBI's Carnivore-lies may have blown bin Laden inquiry http://online.securityfocus.com/news/446 http://www.theregister.co.uk/content/6/25490.html FBI shake-up puts IT as a principal priority http://www.gcn.com/vol1_no1/daily-updates/18800-1.html Carnivore bites off too much. http://www.fcw.com/fcw/articles/2002/0527/web-carn-05-29-02.asp - - - - - - - - Web glitch exposes Fidelity customer accounts A design flaw at a Fidelity Investments online service accessible to 300,000 people allowed Canadian account holders to view other customers' account activity. The problem was discovered over the weekend by Ian Allen, a computer studies professor at Algonquin College in Ottawa. Fidelity said it had fixed the problem and was offering the 30 or so affected customers the option of changing account numbers. Allen accessed at least 30 account statements, which contained names, addresses, account numbers and transaction histories, then reported the flaw to Fidelity. http://www.nandotimes.com/technology/story/417879p-3331535c.html - - - - - - - - German Hacker Gets Probation Self-proclaimed hacker and "330-pound loudmouth "Kim "Kimble" Schmitz was found guilty of insider trading by a Munich court and sentenced to 20 months probation. He was also ordered to pay a 100,000 euro fine (roughly $93,000) for a stock trade that reportedly netted him $1 million. In late January, Schmitz was deported to his native Germany after being arrested in Thailand, where he had seemingly fled to avoid legal charges. He remained in a Munich jail until his sentencing Tuesday. http://www.wired.com/news/politics/0,1283,52845,00.html - - - - - - - - Hearing set on hacked state computers; employee groups complain State senators said Tuesday they would investigate why it took weeks for 260,000 government employees to be notified that a hacker accessed a computer system containing their personal financial information. ``There's a lot of people screaming,'' said Dennis Alexander of the Professional Engineers in California Government. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3355173.htm http://www.cnn.com/2002/TECH/internet/05/29/california.hackers.ap/index.html http://www.usatoday.com/life/cyber/tech/2002/05/29/calif-hack.htm - - - - - - - - State seeks $88.7 million in fines for Internet drugs California officials Tuesday said the state was seeking $88.7 million in fines against a Los Angeles pharmacy for allegedly filling thousands of prescriptions for ``lifestyle'' drugs such as Viagra over the Internet. The California State Board of Pharmacy alleges the pharmacy illegally filled 3,500 prescriptions for drugs that included Viagra for sexual potency, Propecia for hair loss and Xenical for weight loss using out-of state doctors who did not examine the patients, a violation of California law. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3353472.htm http://zdnet.com.com/2110-1106-927492.html http://news.com.com/2100-1017-927213.html - - - - - - - - NY sues spammer over 500 million e-mails New York Attorney General Eliot Spitzer has filed a suit against marketing firm MonsterHut Inc. and two of its top executives for sending millions of unsolicited commercial e-mails, known as spam, to consumers. The suit, filed on Tuesday, accuses the company, its Chief Executive Todd Pelow and its Chief Technical Officer Gary Hartl of fraudulently advertising and representing the company's e-mail service as "permission based." The suit alleges that since March 2001, MonsterHut has flooded consumers with more than 500 million e-mails advertising goods and services. http://zdnet.com.com/2110-1106-927518.html http://www.newsbytes.com/news/02/176784.html - - - - - - - - Geraldo Rivera Bests Anti-Abortion Webmaster In Libel Spat A notorious anti-abortion Webmaster who Geraldo Rivera described on TV as an accomplice to the murder of an abortion doctor has lost a libel suit against the talk show host. A panel of three federal judges for the 11th Circuit's Court of Appeals in Atlanta ruled Tuesday that Rivera was protected by the First Amendment when he called Neal Horsley an accomplice to murder for posting the crossed- out name of Dr. Bernard Slepian to an online abortionist "rogues gallery" that Horsley calls the Nuremberg Files. http://www.newsbytes.com/news/02/176798.html - - - - - - - - Xbox hacking not for amateurs The first Xbox add-ons that purportedly allow the console to play illegally copied game software have gone on sale, but analysts say they're unlikely to inspire a Napster-like wave of copy infringement. The Xtender, a "mod chip" intended to be added to the main circuit board of the Xbox, went on sale last weekend through retailers such as Hong Kong- based Lik Sang. Three other Xbox mod chips are also in development. http://news.com.com/2100-1040-924666.html http://www.vnunet.com/News/1132219 - - - - - - - - American Internet Users Are Often Software Pirates A software industry trade group says that the majority of Internet users who have downloaded commercial software online have failed to pay for all the copies they later installed. The Business Software Alliance (BSA) said today that a new survey based on interviews with more than 1,000 Internet users suggests that nearly half of America's online population has downloaded commercial software, but as many as 81 percent have not always paid for every copy they made - perhaps installing software licensed for a single user on multiple office PCs. http://www.newsbytes.com/news/02/176800.html - - - - - - - - European Parliament poised to cave in on Internet privacy? A campaign has been launched to persuade Members of the European Parliament to reject proposals on data retention which critics believe will have grave civil liberties implications. A debate on general data retention of communications for law enforcement authorities, scheduled for tomorrow and Thursday in Brussels, is critical, as it constitutes the major step before the final adoption of the new EU Communications Data Protection Directive. http://online.securityfocus.com/news/447 EU may grant cops more online powers http://zdnet.com.com/2100-1106-927736.html http://news.com.com/2100-1023-927685.html EU Law Turns ISPs Into Spies? http://www.wired.com/news/politics/0,1283,52829,00.html - - - - - - - - Liberty Alliance expands membership The rival to Microsoft's Passport online identification system now has more than 40 members, despite not yet releasing its technology spec. The Liberty Alliance Project gained five new members on Wednesday, boosting Sun Microsystems' effort to outgun Microsoft's Passport online identification system. http://news.zdnet.co.uk/story/0,,t269-s2111082,00.html http://news.com.com/2100-1001-927232.html - - - - - - - - Yahoo! fills in Messenger hole A security hole in Yahoo!'s instant messaging software has now been fixed, and users are encouraged to download the latest version. A security vulnerability that could allow hackers to delete files on someone's computer has prompted Yahoo! to issue a fix for the latest version of its popular instant messaging software. http://news.zdnet.co.uk/story/0,,t269-s2111066,00.html http://news.com.com/2100-1023-923638.html - - - - - - - - Klez.h tops Aussie list of widespread worms With the Klez.h variant topping most-widespread e-mail worm lists both in Australia and worldwide, concern is mounting over the impact on businesses. Andrew Gordon, managed services architect at anti- virus software vendor, Trend Micro, said it had been seeing a real bounce-back of Klez.h and some of the other Klez variants. http://www.zdnet.com.au/newstech/ebusiness/story/0,2000024981,20265580,00.htm Klez Infection Persists - Anti-Virus Companies http://www.newsbytes.com/news/02/176801.html - - - - - - - - Ted Waitt: Defender of downloads If he finds himself dining at Spago anytime soon, Gateway CEO Ted Waitt isn't likely to receive any bear hugs from the Hollywood moguls who favor this perennial Los Angeles hot spot. That's because Gateway's chief executive officer finds himself on the other side of a bitter digital divide from the entertainment industry over the issue of digital music downloads. Throw in an opportunity for a grandstanding politician or two, and you have the makings of a grand donnybrook. http://zdnet.com.com/2100-1103-927533.html - - - - - - - - Whose laws rule on the Wild Wild Web? Former Yahoo CEO Tim Koogle could find himself cuffed if he sets foot on French soil. His alleged crime: Allowing the posting of Nazi collectibles on Yahoo's U.S.-based site--an action Holocaust survivors say violates France's war crimes laws. In another case, Russian software programmer Dmitry Sklyarov was jailed after entering the United States last year. The charges related to providing software that could be used to crack e-books, an action that is not a crime in his homeland but that violates U.S. copyright law, federal authorities say. http://zdnet.com.com/2100-1106-927370.html http://news.com.com/2100-1023-927316.html - - - - - - - - PDAs make easy pickings for data thieves A quarter of those who store their own passwords and PINs on their PDA do not bother to use a password to restrict access, according to the study. Of the people who store their bank account details on their PDA, 65 per cent do not bother to encrypt this information, with just under a quarter failing to password protect this information. Around one in 16 (6 per cent) of people have lost PDAs in the past, but almost a third (32 per cent) still continue to use them without a password. http://www.theregister.co.uk/content/54/25478.html - - - - - - - - PortSentry for Attack Detection - Part Two This is the second in a two-part series on PortSentry. The first article discussed how PortSentry works to identify attacks, as well as what types of attacks it identifies. This article will focus on building, installing, and operating PortSentry. The focus here will be on the various configuration options available for PortSentry, as well as some of the benefits and drawbacks of those options. http://online.securityfocus.com/infocus/1586 PortSentry for Attack Detection - Part One http://online.securityfocus.com/infocus/1580 *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.