August 15, 2002 Alleged HP forger arrested in China Chinese authorities have arrested the suspected leader of a counterfeiting group for allegedly producing and selling fake Hewlett-Packard goods. Although Chinese officials and HP have withheld the individual's identity, the arrest was a result of raids conducted in southern China. On April 19, China's Public Security Bureau raided several factories in the area and confiscated more than 308,000 illegal printer cartridges and related items. Then in June, more than 107,000 bogus ink cartridges and related items, including four production lines, were seized, HP said in a statement.,,t269-s2120887,00.html - - - - - - - - Thieves raid Taxan UK warehouse A gang of thieves stole more than PS175,000- worth of kit from Taxan UK last night. The 'highly professional' outfit disabled the alarm system and phone lines at the monitor maker's Bracknell, Berks warehouse, and helped themselves to 150 15in TFT monitors and more than 3,000 ATI graphics cards. The gang clearly knew their hardware, according to Hugh Chappell, MD of Taxan UK: "They took the latest ATI cards - they only stole Radeon 9000 and Radeon 9000 pro cards," he said. - - - - - - - - Microsoft sues Microsoft is suing online retailer for allegedly selling counterfeit or unauthorized software. Overstock, a featured store on Microsoft's MSN Shopping Bargain's section, disclosed the lawsuit in a filing with the Securities and Exchange Commission. According to the documents, Microsoft filed the suit in February in a federal court in California, alleging that Overstock "distributed counterfeit and otherwise unauthorized Microsoft software." The software giant is seeking damages and injunctive relief, the SEC documents, filed Wednesday, say. - - - - - - - - Intel case tests e-mail as free speech Former worker prosecuted for electronic trespassing When Ken Hamidi was fired from Intel Corp. in 1995 after a long workers compensation battle, he didnt go quietly. Mr. Hamidi, 55 years old, spent the next two years criticizing the company in e-mails sent to thousands of co-workers. Convinced he was a victim of age discrimination, Mr. Hamidi even publicized his campaign by dressing as a cowboy and going on horseback to distribute printed versions of his messages to employees entering Intels Folsom, Calif., facility, where he once worked. Now, the California Supreme Court will determine whether the former employees e-mail is a form of electronic trespassing, as Intel claims, or an expression of free speech. - - - - - - - - Vendors seek grey market whistleblowers The Anti-Gray Market Alliance, an association of mostly IT hardware vendors, has introduced a web drop for snitches, where "consumers and business customers can now quickly report incidences of suspected fraudulent sales, illegal brokering or counterfeit goods". - - - - - - - - ISPs win crucial legal protections A new e-commerce law protects UK ISPs and e-tailers from actions over content held on or passing through their networks. Internet service providers and network operators in the UK have won protection from legal action over content held on, or passing through, their networks. Measures providing the protection are contained in the Electronic Commerce (EC Directive) Regulations 2002, which were finally published by the government on Monday, less than two weeks before they are due to come into force.,,t269-s2120825,00.html - - - - - - - - Senator asks OMB to tackle problem of missing government computers A lawmaker urged the Office of Management and Budget Thursday to tackle the problem of missing computers at several federal agencies. Im worried that just as dryers have the knack of making socks disappear, the federal government has discovered a core competency of losing computers, Sen. Charles Grassley, R-Iowa, wrote in an Aug. 15 letter to OMB Director Mitch Daniels. - - - - - - - - Web security is hit-or-miss at local level More than half of local governments surveyed recently said they did not have policies and procedures in place for Web site security, according to the International City/County Management Association. ICMA reported that 55.8 percent of local government respondents lacked online security policies, and 44.2 percent of the governments did have policies. ICMAs survey of counties and municipalities with populations greater than 2,500 generated 4,123 responses. - - - - - - - - Security software tops must-buy list IT departments will divert spending from non- essential services such as consulting in order to make existing systems secure and efficient. Security software, web-based applications and virtual private networks (VPNs) top the list of must-have purchases for US and European IT departments says the latest NOP/ Technology Confidence Barometer. Outsourcing and consulting services are the least in demand.,,t269-s2120892,00.html - - - - - - - - Navy taps private industry for new defense technology As private companies take on more of the burden for developing new defense technologies their military customers are facing unfamiliar challenges of coordination, intellectual property rights and civilians unfamiliar with wartime needs, Navy officials said Tuesday at a Washington conference. In the face of a scattered terrorist threat with multiple capabilities, the U.S. military has to become just as adaptable, said Paul Schneider, principal deputy to the secretary of the Navy's research, development and acquisition programs. To do this the Navy is turning more and more to private sector firms for creative solutions. - - - - - - - - Severe Security Flaw Found in IE Microsoft acknowledges potential SSL vulnerability, uncovered by security researcher. A security flaw in Microsoft's Internet Explorer Web browser can completely undermine the supposedly watertight Secure Sockets Layer standard for securing online transactions and e-commerce, researchers said Tuesday. IE's implementation of SSL contains a vulnerability which allows what is described as an active, undetected, man-in-the-middle attack, where no dialogs are shown and no warnings are given.,aid,103892,00.asp - - - - - - - - Windows Apache security bug revealed Default installations of Apache on Windows are susceptible to a bug discovered by Italian researcher Luigi Auriemma, reports. According to a PivX advisory, non-Unix platforms like Windows OS2 and Netware are vulnerable, but Unix versions are not. Details are sketchy to discourage immediate exploitation, but the organization says it will post additional details 'in the coming weeks'. - - - - - - - - Center sets benchmarks for W2K Professional Windows 2000 Professional has been widely adopted as the desktop client of choice for both private-sector organizations and government agencies. In the two years since its release, Win2K Pro has proven to be a viable IT interface solution for even the most demanding environments. (TechRepublic article, free registration required) - - - - - - - - Win2k SP3, the 'snooper' licence, and the workaround We've had quite a few emails from Windows 2000 Service Pack refuseniks who propose not to go anywhere near SP3 on the grounds that the installation insists you agree to the new-look Microsoft 'snooper's charter' supplementary licence in order to apply it. The critical clausesseem to be becoming standard for Microsoft products, and although they can be presented as helpful/necessary for updates, they could also be used for DRM purposes, and provide cover for more widespread snooping. - - - - - - - - Wearable Security Locks Laptop Data If a user wearing the system's security token walks away from his or her laptop, the system senses it and begins securing the computer by encrypting all data. If the user then returns within range, the computer begins unlocking data so work can resume. A new wearable system aims to simplify computer security and put an end to data breaches that occur when laptops are lost. Zero-Interaction Authentication, or ZIA, relies on the advanced encryption standard (AES) to keep data on mobile computers available only to their rightful users, said University of Michigan professor Brian Noble, one of the engineers who created the system. - - - - - - - - A multilayered strategy for internal security threats How should IT managers go about safeguarding their network from internal security threats? IT security authority Jack McCullough, coauthor of Access Denied: The Complete Guide to Protecting Your Business Online, said using a layering strategy is the best protection. "Perhaps the most overlooked threat in a security program is the threat posed by employee behavior," said McCullough. As much as 80 percent of security compromises are the result of actions by an insider. (TechRepublic article, free registration required) - - - - - - - - The best defence is a fine offence Many computers have become fortresses, with virus software and firewalls keeping would-be intruders at bay. But Julie Huff, a systems architect at PRC, a division of the military contractor Northrop Grumman, thinks that in this age of information warfare computers should not simply close the gate when threatened. Rather, she says, they should take the offensive and give chase to intruders and begin counterattacks. - - - - - - - - Configuring IPsec/IKE on Solaris The IP Security Protocol (IPsec) and the Internet Key Exchange (IKE) protocol are designed to permit system and network administrators the capability to protect traffic between two systems. These systems can be network devices or individual hosts. With the release of Solaris 8, Sun added the ability to configure IPsec on Solaris hosts in order to construct a virtual private network (VPN) between the systems or to secure the traffic destined for a system. This article is the first of a three-part series that will examine IPsec and the key management protocol, IKE, and provide readers with an introduction on how to configure both protocols on a Solaris host. - - - - - - - - Taking a high-tech approach to child security In a time when there are 2,000 reports of missing children each day, and dozens of tragic cases like those of Destiny Wright, Samantha Runnion, and Danielle van Dam, many families wonder: How do you keep a child safe from abduction? And how do you find a missing child? For some, the answer is child security - high-tech and street-smart. - - - - - - - - ID scanners being used by bars to thwart underage sales Every weekend, thirsty patrons crowd into the cramped brick foyer of Brian Boru's, a smoky downtown pub, and wait for the doorman to swipe their driver's licenses through a small electronic device. The pub is one of a small but growing number of nightclubs, convenience stores and beer distributors that have begun using scanners to check patrons' ages and keep alcohol, tobacco and fake IDs out of minors' hands. The scanners read the magnetic strips or bar codes of information included on driver's licenses issued by all but nine states. *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2002,, Campbell, CA.