August 27, 2002 Pirate admits to $75m operation Counterfeit software seizure 'largest in US history' A woman has admitted that she and her associates imported nearly $75m worth of counterfeit software, the Los Angeles County District Attorney's Office has heard. Lisa Chen, 52, pleaded no contest to one count of failure to disclose the origin of a recording or product. She was arrested last November along with three other people after an 18-month investigation. - - - - - - - - Trojan Horse Poses as Antivirus Upgrade A Virus in Disguise Is on the Loose. An email claiming to be an antivirus program update instead contains a Trojan horse that automatically installs a virus. Kaspersky Labs is warning that an email that spoofs a corporate email account and claims to be an upgrade to the Kaspersky virus- fighting program, contains a Trojan horse. Once clicked, the attachment installs a backdoor Trojan called Apher. The program gives a remote user access to affected computers, then automatically installs a virus called Backdoor.Death.25. - - - - - - - - Experts warn of mobile viruses With 78 percent of Japanese mobile users accessing the Internet, analysts warn that the country is likely to be the first to experience mobile-phone attacks. Japanese mobile phone users have already had to contend with spam mail and technical glitches, but that could be nothing compared to the headaches they might get when computer hackers turn their attention to the wireless world.,,t269-s2121340,00.html - - - - - - - - Hackers rally round Deceptive Duo Defacers threaten action if pair are jailed. As two of the most notorious hackers of the past year await trial for their 'patriotic' website defacement spree, other members of the hacker underground have threatened action if the pair go down. Last week was contacted by a hacker known as Splurge, an ex-member of the notorious Sm0ked Crew website defacement group. - - - - - - - - Damning email haunts WorldCom Senior exec's mail reveals cover-up. A senior WorldCom executive tried to stop another member of staff discussing the company's books with auditors, according to a congressional committee. Investigators searching WorldCom's servers have found an email from former WorldCom controller David Myers, who was charged on 1 August with fraud for allegedly helping to hide billions in expenses. - - - - - - - - Virus writers 'obsessed with sex and computer games' Virus writers are sados obsessed with sex and computer games, not the evil geniuses Hollywood and fear-mongering Washington politicians portray them as. That's the view of Graham Cluley, senior technology consultant at Sophos, who said "virus writers are much more likely to be teenage males than crack cyberterrorists bent on the annihilation of the internet." - - - - - - - - EU Copyright Directive 'all bad news' Campaign for Digital Rights rips into new proposals UK digital rights activists last week published the first in-depth analysis of the proposed European Union Copyright Directive (EUCD) - and it's all bad news. The UK Patent Office published a consultation paper on what has been called the 'European Digital Millennium Copyright Act' on 7 August, responses to which must be submitted to the Patent Office by 31 October. - - - - - - - - Copy-protection software thwarts felt-tip hackers A new version of CD copy-protection software from Israel's Midbar claims to have fixed an embarrassing flaw Midbar, the Tel Aviv, Israel- based company that makes copy-protection technology for audio CDs, said on Monday that its products are now to be found in more than 30 million CDs worldwide, with 10 million of those in Japan. Separately, the company said it has fixed a glitch that allowed consumers to circumvent its copy protection using a felt-tip pen,,t269-s2121362,00.html - - - - - - - - E-terrorism: Liberty vs. security Earlier this year, a few California scuba divers found out just how far the long arm of the law can reach since Sept. 11. Federal agents concerned about scuba-related terrorist plans requested the entire database of the Professional Association of Diving Instructors. Unbeknownst to most of its members, the organization voluntarily handed over a list of more than 100,000 certified divers worldwide, explaining later that it wanted to avoid an FBI subpoena that would have required far more information to be disclosed.,,t269-s2121361,00.html E-terrorism - - - - - - - - Commerce OKs new hashing standard for message authentication The Commerce Department has approved a new secure hashing standard that adds three algorithms to produce longer hashesor message digestsfor digital signatures and message authentication. Federal Information Processing Standard 180-2 replaces FIPS 180-1 and will become mandatory for use with sensitive but unclassified information when it takes effect Feb. 1. The SHA-1 algorithm specified in FIPS 180-1, which produces a 160-bit message digest, is one of the algorithms included in the new standard, so products certified as meeting FIPS 180-1 requirements still can be used after January. - - - - - - - - Microsoft: WinXP Update Could 'Bomb' Some Computers In an attempt to reduce piracy of its software, Microsoft has announced protective changes to its Windows Product Activation (WPA) service, beginning with WinXP Service Pack 1. As veteran Microsoft watchers have expected, SP1 will not install if either of what the company calls "two well-known pirated product keys" has ever been used to activate the system. Such systems will also be denied access to Microsoft's Windows Update feature. - - - - - - - - Chinas Internet war with dissidents Government crackdowns having impact, report says Chinese dissidents are doing their best to use the Internet to bring democratic change to their society, but government crackdowns and the nations rural demographics mean that more freedoms are unlikely to come soon, says a private study. THE REPORT, Youve Got Dissent, said that while dissidents use the Internet for liberation, the Chinese government uses the same tools to keep an eye on activists.,1283,54789,00.html In China, Web used for both social change, government surveillance - - - - - - - - Lamo Bumped from NBC After Hacking Them The helpful hacker demonstrates his techniques on camera for the NBC Nightly News, but lawyers kill the story when he cracks the broadcast network's own systems. How did a mediagenic hacker like Adrian Lamo get himself bumped last week from a scheduled appearance on the NBC Nightly News with Tom Brokaw? Perhaps with his impromptu on-camera intrusion into the peacock network's own computers. - - - - - - - - DoubleClick to Open Cookie Jar For years, ad-serving cookies have crept about the Web like silent, virtual stalkers -- tracking surfers as they hop from site to site in the name of targeted marketing. Now, Net users may finally get a glimpse of some of the data such tracking applications collect. As part of a settlement with regulators in 10 U.S. states, the Internet ad-serving firm DoubleClick said it will begin allowing Web users to view some of the records it compiles through the use of cookies.,1367,54769,00.html - - - - - - - - Security at your service WHILE OUTSOURCING even part of an IT security operation still draws qualms, organizations are being forced to recognize that the level of in-house security expertise needed to run a full-time business is too difficult and costly to acquire and maintain. As a result, many are placing more trust in MSSPs managed security service providers). "There certainly was a lot of hesitancy. I wasn't too comfortable about the whole idea of outsourcing [security]," said Daniel Kesl, information security officer for Denver-based Newmont Mining. "But as we went further with the processes and controls in place, it's not as terrifying as I once viewed it." - - - - - - - - Identity theft--get used to it One of the strengths of digital communications is the ability to momentarily borrow an insanely expensive computer network, such as using the Internet, to deliver a message, make a purchase or look up information. Ironically, this most freeing quality of the computer age has also become its most troublesome aspect. Since we share these services with many other people, we have to identify ourselves with digital "keys" each time we use one. And it's these same identification keys, which provide the convenience of use, that can invite misuse by identity thieves. - - - - - - - - Justifying the Expense of IDS, Part Two: Calculating ROI for IDS This article is the second of a two-part series exploring ways to justify the financial investment in IDS protection. In part one of this series we discussed general IDS types and expanded on the impact that the logical location of a company's critical networked assets could have on the risk equations. To this end we introduced the Cascading Threat Multiplier (CTM) to expand on the Single Loss Expectancy (SLE) equation. We also reviewed implementation and management costs based on various support profiles and reviewed the commonly accepted risk equations. Finally, we left off with the basic formula for calculating ROI for security, otherwise commonly known as Return on Security Investment (ROSI). Justifying the Expense of IDS, Part One: An Overview of ROI for IDS - - - - - - - - Air Force chief derides 'tribes' The Air Force must break down its "tribal" platforms and procedures and integrate them using information technology to speed its kill cycle and succeed in the war against terrorism, according to the service's chief of staff. "The problem with the Air Force is that we're all about tribes" and protecting individual programs and platforms, Gen. John Jumper said during his Aug. 26 keynote presentation at the Air Force IT Conference (AFITC) in Montgomery, Ala. "Too few of us are about integration." *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2002,, Campbell, CA.