June 3, 2002 MIT grad student hacks into Xbox Security circumvented, allowing use of competing software A graduate student at the Massachusetts Institute of Technology said he has found a way to circumvent the security system for Microsoft Corp.s Xbox video game console, opening the way for hackers to use it to run competing software, according to documents released over the weekend. http://www.msnbc.com/news/761330.asp http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3392662.htm http://zdnet.com.com/2100-1103-931364.html http://news.com.com/2100-1040-931296.html - - - - - - - - Download Sites Hacked, Source Code Backdoored The popular open-source security tool Fragroute is bugged in plain sight by unknown hackers, who may have struck before. When source code to a relatively obscure, Unix-based Internet relay chat (IRC) client was reported to be "backdoored" last month, security professionals collectively yawned. But last week, when three popular network security programs were reported to be similarly compromised, security experts sat up and took notice. Now, it appears that the two hacking incidents may have been related. http://online.securityfocus.com/news/462 - - - - - - - - Broadband users cut into cable When Noah A., an AT&T Broadband customer, dropped his subscription to DirecTV several months back, he joined a small but growing group of cable TV pirates who use their high-speed Internet connection to pilfer video signals. DRAWING ON old-school methods to splice cable TV lines for unauthorized use, hackers say they can buy a splitter at the local electronics store and easily run an additional line from the cable modem line for the computer into the television. Without a set-top box, the result is free, basic, analog cable; with an illegal converter or set-top, hackers say they have access to premium channels such as HBO and Showtime. http://zdnet.com.com/2100-1105-930410.html http://news.com.com/2100-1023-930356.html - - - - - - - - $100K hacking contest ends in free-for-all This is exactly what appears to have happened in a hacking competition that promised a first prize of $100,000 and which now seems to be losing its luster after hackers compromised the server that held registration details. The result is that what should have been a straightforward competition has turned into a convoluted tale of hackers attacking the wrong systems and organizers using a dubious server set-up in the first place. The episode raises a number of questions over how hacking competitions should be held in the future. http://zdnet.com.com/2100-1105-930689.html - - - - - - - - Sonicblue Freed From Monitoring A federal district judge in Los Angeles has handed the electronics maker Sonicblue a courtroom victory, ruling that the company does not have to monitor the TV-watching habits of thousands of people who use the company's ReplayTV 4000 personal video recorder. The ruling, issued late Friday by U.S. District Judge Florence-Marie Cooper in Los Angeles, reverses an April decision by Magistrate Charles Eick that required Sonicblue to gather "all available information" about what TV shows are copied, stored, viewed without commercials or traded using the ReplayTV 4000. http://www.wired.com/news/business/0,1367,52934,00.html http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3391705.htm http://zdnet.com.com/2100-1104-930694.html http://www.cnn.com/2002/TECH/ptech/06/03/sonicblue.reut/index.html - - - - - - - - Libel case turns on liability of material posted online A federal appeals court heard arguments Monday on whether newspapers that post stories on the Internet can be sued for libel in states outside their local market. A Virginia prison warden sued two Connecticut newspapers he says falsely depicted him as racist in articles about alleged mistreatment of Connecticut inmates who were sent to Virginia to relieve prison crowding. http://www.nandotimes.com/technology/story/423078p-3375608c.html - - - - - - - - FBI to build data warehouse Investigative data mining part of broad initiative to fight terrorism. The FBI has selected "investigative data warehousing" as a key technology to use in the war against terrorism. The technique uses data mining and analytical software to comb vast amounts of digital information to discover patterns and relationships that indicate criminal activity. The same technology is widely used in the commercial sector to track consumer activity and even predict consumer behavior. http://www.fcw.com/fcw/articles/2002/0603/news-fbi-06-03-02.asp Guidelines open data, Web to FBI http://www.fcw.com/fcw/articles/2002/0603/web-net-06-03-02.asp - - - - - - - - Downturn and Shift in Population Feed Boom in White-Collar Crime The bursting of the stock market bubble, combined with the changing face of the American population, has led to a surge in business fraud and corruption prosecutions and investigations. Even as the rate of murder, robbery, assault and other types of violent and property crimes has declined or flattened in the last decade, there has been a marked increase in accounting and corporate infractions, fraud in health care, government procurement and bankruptcy, identity theft, illegal corporate espionage and intellectual property piracy, federal and state officials say. (NY Times article, free registration required) http://www.nytimes.com/2002/06/02/business/02CRIM.html - - - - - - - - Fighting Web Fraud The Internet has made it easier for crooks to rip your company off. Heres how businesses can protect themselves and their customers. It was almost too easy. All the young woman had to do was pick a stolen credit card number and go online. ACCORDING TO U.S. postal inspectors, she then bought computers and other electronic gear. A measure of the extent: when police swooped down on her New York apartment two years ago, they found $20,000 worth of gear. And she was identified only because of fraud-detection software. When she made an $800 purchase at the IKEA furniture and household- goods Web site, a program called eDective noticed that the shipping address she gave was in a different state from the billing address for her card. http://www.msnbc.com/news/758506.asp - - - - - - - - Net Fraud Is Tangled Web for Victims, Police As you read this, hundreds of crooks are trolling the Internet for victims. Their get-rich-quick schemes clog e-mail inboxes and online bulletin boards. Odds are they won't get caught. An FBI-led Internet fraud task force received 49,711 complaints last year. Of those, 93 ended in an arrest. Local police see most Internet fraud as outside their jurisdiction; federal authorities see most of it as too small to pursue. In the wide-open world between, online scammers are making fortunes -- and victims are losing more than $500 million a year. http://www.newsfactor.com/perl/story/18038.html - - - - - - - - In Terror War, Privacy vs. Security In the amorphous war on terrorism, government officials believe they have a new weapon: the growing number of financial institutions that use powerful technology to monitor confidential customer activity and report suspicious behavior to law enforcement and intelligence officials. Driven by little-known provisions of the USA Patriot Act, the anti-terror legislation that was approved after Sept. 11, banks, securities firms and other companies are deploying computer systems that draw together millions of transactions, sometimes automatically, in searches for money laundering, terrorist financing or other unusual patterns. http://www.washingtonpost.com/wp-dyn/articles/A49323-2002Jun2.html - - - - - - - - Online Film Piracy Booming The release of the summer's first blockbuster movies has sparked an unprecedented frenzy of film piracy, sending nearly 10 million people online to download bootleg copies of "Spider-Man" or "Star Wars: Episode II - Attack of the Clones." Even as box-office sales soar - with the top 12 movies grossing a record $193 million over the four-day Memorial Day weekend - Internet film piracy is growing even faster, according to a new report from Viant, a Boston-based researcher specializing in digital entertainment. As many as 400,000 to 600,000 illicit copies of films are downloaded every day - a 20 percent increase over a year ago. http://www.newsfactor.com/perl/story/18041.html - - - - - - - - ID theft rampant; options limited The State of California leaks the direct deposit records of 260,000 employees. A Bank One employee sells hundreds of customer records to a ring of identity thieves. Criminals gain access to Ford Motor companys credit reference firm and order 13,000 credit reports. An insurance company whose name still has not been disclosed gives information on patient illnesses to a marketing firm. Its been a bad month for personal privacy, a good one for identity thieves. And it has experts asking: Will all of us eventually be victims? http://www.msnbc.com/news/758896.asp - - - - - - - - Workplace e-mail is not your own Employers have legal right to snoop online. If you work on a personal computer, you'd better get used to it -- there's no such thing as private e-mail on a company system. Analysts say this high-tech monitoring is a growing trend for employers, particularly as the technology makes it increasingly easy to implement on a large scale. "Legally, they're not required to tell you if they're monitoring the e-mail," says Shari Steele of the Electronic Frontier Foundation. "Legally the equipment that you're using when at work belongs to your employer. And therefore the employer can do anything they want to with the equipment." http://www.cnn.com/2002/TECH/internet/06/03/e.mail.monitoring/index.html - - - - - - - - VeriSign to help telecoms with wiretap orders Security and Web address provider VeriSign Inc. Monday unveiled a new service to help U.S. telecommunications carriers comply with wiretapping regulations that have gained more prominence since the attacks of Sept. 11. Mountain View, California based VeriSign is testing its new ''NetDiscovery'' wiretapping services, which is expected to be commercially available in early July for land-line, wireless and cable carriers, said Terry Kremian, executive vice president of VeriSign's telecommunications services. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3391113.htm - - - - - - - - Tap, Tap, Tap Federal, state and local law enforcement agencies are still busily wiretapping people, but there are a few surprises in the latest surveillance stats. Last month, the Federal Communications Commission (FCC), after two years of deliberations, reissued their revised regulations on the implementation of the Communications Assistance for Law Enforcement Act (CALEA) for setting technical standards on wiretapping. The FCC had to issue the new regulations after a U.S. Court of Appeals ordered them to do a better job -- an FCC lawyer admitted in court that the extent of their analysis on privacy was a little "hand wringing." http://online.securityfocus.com/columnists/85 - - - - - - - - Where piracy and profits converge Are satellite TV hackers a tool in a global conspiracy? Its just a thin slice of plastic thats stuck into your satellite TV set-top box when you first bring it home. To viewers, the card is the key that unlocks pay-TV. To corporations, smart cards are much more 80 million of them currently unlock one of the worlds most influential and lucrative industries. But now, the plastic cards are at the center of a global conspiracy theory a cutthroat corporate battle, some say, to control the worlds living rooms through deception, cheating, and intimidation. http://www.msnbc.com/news/745312.asp - - - - - - - - Randomisation - IBM's answer to Web privacy IBM Corp's new Privacy Institute has decided that randomization may be the key to protecting consumer privacy on the web while also providing e-businesses with informative metrics on their customers. Thursday last week, the company said it has developed software that ensures consumers' sensitive data never leaves their computers in an accurate form, but can be reassembled at the back end in aggregate. IBM is looking for partners to develop the software. http://www.theregister.co.uk/content/23/25551.html - - - - - - - - A Virus by Any Other Name: Virus Naming Practices When the "VBS/VBSWG.J" virus appeared, the media decided to call it by a more appealing name, "AnnaKournikova", which was derived from the JPEG file that the virus claimed to be. However, none of the anti-virus products included in the excellent virus names cross reference tool VGrep currently lists this virus as "AnnaKournikova", "Kournikova", or any other variation based on the name of the charismatic tennis player. On the other hand, a considerable number of AV programs detect it as "SST", while a very small number dont call it "VBSWG" or "SST". http://online.securityfocus.com/infocus/1587 Klez.h takes title as world's slimiest worm http://zdnet.com.com/2110-1105-930963.html Five years ago: Over 1,000 macro viruses - Dr. Solomon's http://news.zdnet.co.uk/story/0,,t269-s2111236,00.html - - - - - - - - Wild About Wi-Fi Pete Shipleys dimly lit Berkeley home has all the earmarks of a geek lair: scattered viscera of discarded computer systems, exotic pieces of electronic-surveillance equipment and videos of the BBC sci-fi Red Dwarf show. But among the hacker community, Shipley, a 36-year-old freelance security consultant, is best known for his excursions outside the homeas a pioneer of war driving. http://www.msnbc.com/news/760402.asp - - - - - - - - Retailers defend low-level security on wireless LANs More high-profile retail chains are being fingered for not fully securing wireless LANs installed in their stores. But several retailers said they're not exposing any sensitive data, and some security analysts agreed that the risks don't appear to be great. While retailers have quickly embraced wireless LAN technology to support applications such as inventory control and pricing management, officials at companies such as CVS Corp. and The Home Depot Inc. last week said bulletproof security isn't seen as a must-have item. http://www.idg.net/ic_869837_5055_1-2793.html - - - - - - - - Why Net filtering is an abomination The recent ruling by a Philadelphia court in response to a challenge by the American Library Association (ALA) and the American Civil Liberties Union (ACLU) to the Children's Internet Protection Act (CIPA) represents another setback for Congressional prudes and the filtering software lobby. Briefly, the CIPA would deny public funds to libraries which refuse to install expensive content-filtering software on their Net-connected computers, and the court ruled it unconstitutional. http://www.theregister.co.uk/content/4/25557.html http://www.usatoday.com/life/cyber/tech/2002/05/31/net-filtering.htm - - - - - - - - Tools provide new weapons in the war against DoS attacks Like intelligence officials discussing the ever- present terrorist threat, security experts say its not a question of whether another major denial of service (DoS) attack will happenit's when.DoS attacks are occurring with increasing frequency and virulence, and enterprises can no longer afford to base their defenses on shoring up networks by adding more bandwidth. http://www.techrepublic.com/article.jhtml?id=r00520020603rty01.htm - - - - - - - - Best practices for managing firewall logs Firewalls have become as common as Internet connections themselves. Regardless of the size of your business, if you are connected to the Internet, then you are inevitably running some type of firewall. In the process of filtering Internet traffic, all firewalls have some type of logging feature that documents how the firewall handled various types of traffic. These logs can provide valuable information, but they can also be difficult to monitor and manage on a consistent basis. http://www.techrepublic.com/article.jhtml?id=r00220020529mul01.htm HOW FTP PORT REQUESTS CHALLENGE FIREWALL SECURITY http://clickthru.online.com/Click?q=d8-XW73QWLEzgjVz7FmkYU8epmrVFcR DESIGN THE BEST SECURITY TOPOLOGY FOR YOUR FIREWALL http://clickthru.online.com/Click?q=ed-jLlvQgVCqJUsZacxvNH8MoIeG_dR - - - - - - - - INTERNET USAGE POLICY Excessive personal Internet and e-mail use can hog bandwidth and could jeopardize your enterprise network. Download these sample policies to establish an Internet use policy will let your users know what is, and isn't, acceptable. http://clickthru.online.com/Click?q=6b-8g5ZIHE-sAd9O5E80nVj-nPULaiR - - - - - - - - New Technology Spots Fingerprint Ploys Biometric security has taken a beating lately with reports that fingerprint sensors can be fooled by such simple means as breathing on the sensor to "lift" a latent print or spoofing with an easily crafted "gummy finger." A Milpitas, California-based company claims to have addressed these and other fingerprint fooling methods with a new technology that relies on a combination of algorithm and monitoring of physical changes to the optical sensor reading the print. http://www.newsfactor.com/perl/story/18029.html - - - - - - - - Consumers test fingerprint scanning program Christopher Conrad cuts off telemarketers on the phone, regularly reminds direct-mail associations to keep him off their lists and diligently opts out of mass e-mail lists. But the Seattle commercial photographer didn't hesitate to give his fingerprint, credit card information and phone number to a company he had never heard of. http://www.usatoday.com/life/cyber/tech/2002/06/03/fingerprint-technology.htm *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.