August 22, 2002 FBI raids San Diego firm that hacked into U.S. military computers The FBI raided the offices of a consulting firm after a newspaper trumpeted the company's claims that it found security loopholes in U.S. military computers. In demonstrating how easy it was to penetrate sensitive military computers, four-month- old ForensicTec Solutions may have violated federal law prohibiting unauthorized intrusions. The FBI raided the offices of the San Diego firm over the weekend. - - - - - - - - Web phones tied to sex crimes in Japan The popularity of Internet-enabled mobile phones in Japan, particularly among teenagers, has spurred a huge rise in sex crimes involving minors, the National Police Agency said on Thursday. In the first six months of this year, 793 crimes were reported in which victims were contacted through online dating sites, compared with 888 for all of last year. Nearly four out of five of the crimes involved minors. Child prostitution accounted for some 400 cases, while 213 others violated child protection laws. - - - - - - - - Entrepreneur files suit over junk faxes When Silicon Valley entrepreneur and philanthropist Steve Kirsch gets a pet peeve, beware. Tired of his fax machine whirring at 3 a.m. with unsolicited faxes, Kirsch plans today to file two suits against, the country's largest fax-broadcasting company. Kirsch, who rarely does anything on a small scale, is seeking an astronomical $500 billion in statutory damages -- an unprecedented amount that may garner media attention but likely would never be awarded. - - - - - - - - Ford settles lawsuit for rights to Web name Ford Motor Co. and a local entrepreneur have reached a settlement over two Internet domain names -- and In 1999 and 2000, Michael Ouellette secured the Internet addresses as well as the corporation name Ford Field Inc. for his small T-shirt and grass seed business in Troy. Now with the $350 million Detroit Lions stadium named Ford Field set to open Saturday, the automaker has paid Ouellette for the Web addresses and corporation name. Neither side would disclose terms of the deal, which ends a nearly yearlong dispute between Ford and Ouellette. - - - - - - - - Apher worm: From Russia with problems Why would Microsoft send you an announcement of a new antivirus product from Russia? It wouldn't. Yet the author of the Apher worm (w32.apher@mm) is willing to bet someone will fall for it. Unfortunately, Apher includes a known Trojan horse, Backdoor.Death.25, which provides an attacker access to the compromised computer. Because Apher sends e-mail but doesn't directly damage computer files, the worm ranks a 4 on the ZDNet Virus Meter. - - - - - - - - Worm spreads through KaZaA network, again Virus watchers have discovered the latest in a line of viruses targeted at file sharing networks. The Duload worm is spreading across the KaZaA file-exchange network, antivirus firm Kaspersky Labs warns today based on reports of infections from Italian internet users. Duload appears as a Windows executable written in Visual Basic either 18432 bytes or, in its compressed form, 7680 bytes in size. - - - - - - - - School Office XP attracting pirates A deal to offer students a cheaper version of Microsoft's Office XP software may be part of a larger plan for the software maker: Increasing sales of the productivity suite to consumers by slashing prices. Microsoft's aggressive pricing of the academic version of Office XP has made the software one of the biggest sellers with students and teachers--and it's becoming increasingly popular among nonstudents, who are technically ineligible for the discount. In some cases, the software is priced $330 less than the same nonacademic version of Office XP. - - - - - - - - White House debates cyberwar rules The Bush administration is stepping up an internal debate on the rules of engagement for cyberwarfare as evidence mounts that foreign governments are surreptitiously exploring our digital infrastructure, a top official said yesterday. RICHARD A. CLARKE, head of the Office of Cyberspace Security, said the government has begun to regard nation-states rather than terrorist groups as the most dangerous threat to this countrys computer security after several suspicious break-ins involving federal networks. - - - - - - - - Secret Service expands cybersecurity task forces Businesses in large cities across the U.S. soon will have a chance to send their IT specialists to quarterly government-sponsored meetings to compare notes with their peers on cybersecurity. Companies need not worry that they might risk exposing secrets about their systems or about successful attacks against their systems, say members of the government organization facilitating the meetings. That organization is the U.S. Secret Service, and it prides itself on secrecy.,10801,73696,00.html - - - - - - - - Prevention, not arrests, is key to cybersecurity In its efforts to combat cybercrime, the Secret Service is learning from law enforcement mistakes made in the war on drugs. Enforcement controlled the agenda, and prevention was a small part of it, said Special Agent John Frazzini, who is helping to organize a nationwide electronic crimes task force. That approach did not work very well against drugs and will not work against hackers, Frazzini said during a panel discussion on cyberterrorism at the Sector5 cybersecurity conference in Washington. Experts see ounce of prevention key to cyber cure The increasing number of attacks on business computer networks means that organizations and government agencies should change their cybersecurity mindset to one of prevention, a panel of experts warned Thursday. "Security is getting worse faster than it will ever be fixed," said Jeff Moss, the CEO of Black Hat, a Seattle-based cybersecurity training firm. "That fundamental view isn't going away." But Moss and other panelists, speaking before a cybersecurity conference in Washington, noted that while there may never be a silver bullet for information security, organizations can reduce cyber risks by creating a mindset of prevention. - - - - - - - - UK's DMCA: there ain't no sanity clause The UK's take on the "European DMCA" - the European Copyright Directive - will make criminals out of ordinary computer users, according to a new critique by the UK Campaign for Digital Rights. And it will also fail to protect researchers, says Julian Midgley who penned the report. "As it stands, the UK implementation of the European Copyright Directive will hinder research into cryptography (in contravention of the express intent of the Directive itself), make criminal current common practices of the music industry, give software companies unwarranted control over the creation of software products interoperable with their own, and provide an inadequate and entirely impractical mechanism for beneficiaries of the Directive's exceptions to obtain access to copyrighted works protected by technological measures," the report concludes. - - - - - - - - Denmark to push EU data-retention law Denmark, holder of the European Union's six-month rotating presidency, will try to push through a law that would force Internet and telecommunications service providers throughout the EU to store their customers' data traffic for more than a year. The Danish initiative will be discussed at the committee level with 14 other EU members next month, a European Commission spokesman said. It comes less than three months after the EU passed a controversial data-protection law that opened the door for prolonged data retention.,10801,73687,00.html - - - - - - - - Setting a trap for laptop thieves A spate of publicity in recent months over misplaced laptops at government agencies, such as those missing from the FBI, the Internal Revenue Service and the Pentagon, has drawn attention to the problem of notebook computer theft. "At one time, people stole televisions; then they stole VCRs. Now, laptops are the most stolen article of property in San Francisco," said Richard Leon, an inspector in the San Francisco Police Department burglary detail. "We get reports of hundreds of laptops stolen each month." Looking to stem that problem --and to gain some badly needed revenue--leading notebook makers IBM, Hewlett-Packard and Dell Computer are offering software with their new notebooks that's the PC industry's equivalent of the LoJack stolen car tracking system. - - - - - - - - Microsoft discloses flaws in business software, Web browser Microsoft Corp. disclosed security flaws in several software programs Thursday, with some of the flaws rated critical for computer users. The company said ``critical'' flaws in Internet Explorer 5.01, 5.5 and 6.0 could allow attackers to access and run unauthorized commands on users' computers. In addition, the company said ``moderate'' flaws in several of Microsoft's business software programs -- including Windows XP Professional and Microsoft Windows NT 4.0 -- could potentially allow attackers to purposely crash a computer system. - - - - - - - - Admins slow to tackle SSL security risks Web admins are faster at fixing flaws to conventional Web servers than SSL servers, figures from Netcraft latest Web site survey suggest. The study, released this Tuesday, found almost half of the 22 million Apache HTTP sites scrutinised are running Apache/1.3.26, whilst only around a quarter of the Apache SSL sites are running this version, which fixes a well publicised chunked encoding vulnerability. - - - - - - - - Political spam on your cell phone? In a decision that treats text messaging on mobile phones essentially the same as bumper stickers, the Federal Election Commission has declared that senders of text-based political ads don't have to disclose who funded them. In an advisory opinion issued Thursday, the FEC also suggested such messages include either a phone number or Web site link, so people could easily learn who paid for the message. However, the additional information won't be required. - - - - - - - - Project to test digital watermarks The Air Force Research Laboratory (AFRL) Information Directorate announced this week that it has selected Digimarc Corp. to collaborate on a research and development project using digital watermarking to combat fraud and enhance security. Digital watermarking ensures the security and authenticity of digital photographs by embedding an encrypted image over the photograph, similar to the watermarks used on the redesigned $20, $50 and $100 bills. - - - - - - - - AT&T braces FirstGov for e-gov New security services being provided to the federal Web portal, FirstGov, will be strong enough to permit secure online transactions between federal agencies and citizens, said officials from AT&T Government Solutions. AT&T was hired Aug. 14 to beef up security and provide Web hosting services to the government portal as a variety of government agencies prepare to launch a new generation of e-government services. FirstGov is expected to be the "Web host" for the services. - - - - - - - - Are you a WiFi pirate? Stopping for a bite to eat in a small New England town, was I ever surprised to find a Wi-Fi connection available at 1.2 megabits per second. Where was this bandwidth coming from? No idea. Who was paying for this bandwidth? Same answer. One thing, though, was very clear: The advent of Wi-Fi is about to change all of our lives in a major--and positive--way. I'll go further: Wi-Fi is one of those grassroots phenomena that will soon become as ubiquitous as the PC itself. - - - - - - - - An Open Letter to the CIO By understanding the needs of security admins, corporate executives can ensure the ongoing security of their crucial information systems. Dear Esteemed Corporate Leaders; By the time you read this, our summer vacations will be winding down, the long days of summer will be rapidly receding into memory, and, for those of us slaving away in the corporate trenches, work will begin to pick up again. *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2002,, Campbell, CA.