August 1, 2002 Italian police shut down hacker rings Tipped off by American officials, Italian police shut down two rings of hackers who attacked Web sites belonging to the U.S. Army and NASA, as well as Internet pages in Italy, authorities said Thursday. Police said 14 people were arrested, including four teenagers and two network security managers. They were charged with computer fraud and face up to eight years in jail if convicted. - - - - - - - - MASSIVE ID THEFT RING BROKEN New York State Grand Jury Indicts Members of Statewide Identity Theft Ring. State Attorney General Eliot Spitzer, State Inspector General Roslynn Mauskopf and a team of law enforcement agencies led by New York State Police Superintendent James McMahon, today announced the indictment of the alleged leader and three members of a large identity theft ring. The ring victimized thousands of New Yorkers by obtaining their personal identification information from entities including the New York State Insurance Fund, the Social Security Administration, Empire State College, WNYC radio, Hollywood Video, Worldcom Wireless and American Express. - - - - - - - - Sprint Calls Audible in Spam Suit A lawsuit charging Sprint with sending illegal, unsolicited e-mail appears to be turning into a test case for how much evidence a company can recover when defending against allegations of wrongful spamming. The class-action suit, Terry Gillman v. Sprint Communications, claims that the phone company violated a recently enacted Utah statute that places restrictions on senders of unsolicited e-mail.,1367,54250,00.html - - - - - - - - Social Security number is password to theft After years of warnings by privacy advocates about the pitfalls of using Social Security numbers as online secure passwords, the practice is still common, even among respected institutions and firms. That became clear once again last week when a Princeton University official acknowledged using students' personal information to snoop into an online admissions database at rival Yale. The database required only students' names, birth dates and Social Security numbers to gain access. - - - - - - - - When Dreamcasts Attack White hat hackers use game consoles, handheld PCs to crack networks from the inside out. Cyberpunks will be toting cheap game consoles on their utility belts this fall if they follow the lead of a pair of white hat hackers who demonstrated Wednesday how to turn the defunct Sega Dreamcast into a disposable attack box designed to be dropped like a bug on corporate networks during covert black bag jobs. The "phone home" technique presented by Aaron Higbee of Foundstone and Chris Davis from RedSiren Technologies at the Black Hat Briefings here takes advantage of the fact that firewalls effective in blocking entry into a private network, are generally permissive in allowing connections the other way around. - - - - - - - - Vegas Braces for the Hackers Sin City is about to be packed with thousands of hackers, wannabe geeks and phreaks who envision the perfect world as the following: Computer networks would welcome curious exploration, all information would be openly shared, a lot of public toilets would be filled with concrete and no swimming pool would go unfilled with several blocks of dry ice.,1284,54260,00.html Bush adviser says hackers obligated to find security flaws - - - - - - - - Summer brings virus relief The number of virus attacks drops month-on- month from June to July for the first time this year, suggesting that users may be getting more security-conscious. Antivirus firm Central Command has reported that the number of virus attacks it tracks around the Internet fell in July, compared to June -- the first time this year that reported virus infections dropped month-on-month.,,t269-s2120178,00.html Klez remains atop virus lists Multiple virus scanning needed, says multiple scanning firm - - - - - - - - Insecure About Security? Where there is e-commerce, there will be security holes. Online bookseller knows this well -- just don't tell them when they have one. Or six. Half a dozen security holes that could allow a malicious hacker easy access to sensitive customer data riddled the bookseller's e-commerce site as of early this week. Some of the holes have been quietly closed over the past two days, but others remain wide open.,1848,54251,00.html - - - - - - - - Puzzling Trojan affects OpenSSH Geeks in a quandary over mystery infection Geeks have been sent scampering to solve the case of how the latest Open secure shell (SSH) package came to be Trojaned. The infected file was discovered on the OpenBSD website, but all mirrors should also be considered compromised. This afternoon, alerts started popping up on security websites that a Trojan horse was hidden in the most recent portable version of OpenSSH, v3.4p1. - - - - - - - - As Wi-Fi Spreads, Insecurity Mounts As Wi-Fi wireless local area networks (WLANs) proliferate, particularly among businesses seeking relatively cheap mobile network access, threats to security are being overlooked, says security intelligence firm iDefense. The company has released a wireless "insecurity" report identifying the top threats facing Wi-Fi users and offering better methods to protect them. - - - - - - - - 'Cambridge phenomenon' threatened by IP changes Academics argue that a proposal by Cambridge University to clamp down on intellectual property rights could mean the end of 'Silicon Fen'. Academics at Cambridge are warning that restrictive new intellectual property rules proposed by the university could mean an end to the high-tech boom that gave rise to the nickname "Silicon Fen".,,t269-s2120183,00.html - - - - - - - - Tracking People with Wireless Technology FCC mandates are pushing wireless carriers to adopt location-based technology. But at what cost? Violations of civil rights, bombardment by advertisers and potential stalking are all possible downsides. The push to adopt location-based wireless technology may be aimed at delivering services to consumers, but it could conceivably turn every cell phone or handheld unit into a tracking device. - - - - - - - - Car-tracking system raises hopes, concerns General Motors plans to begin installing new sensors and communications systems into vehicles next year in a move that could save lives but that also raises privacy concerns.,,t269-s2120194,00.html - - - - - - - - Advanced Log Processing One of Murphy's laws advises to "only look for those problems that you know how to solve." In security, this means to only monitor for those attacks that you plan to respond to. It is well known that any intrusion detection system is only as good as the analyst watching its output. Thus, having nobody watching the IDS is equivalent to having no IDS at all. But what should an IDS administrator do if he or she is drowning in a flood of alerts, logs, messages and other attention grabbers? *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2002,, Campbell, CA.