High Tech "NewsBits" for 09/20/02

September 20, 2002 British police arrest 21-year-old alleged hacker Police have arrested a 21-year-old man suspected of writing a virus that attacks Linux computer systems, Scotland Yard said Friday. The suspected computer hacker was arrested Tuesday at his home in southwest London on suspicion of writing the T0rn virus that masquerades as legitimate software to enter computer systems. Police seized computer equipment, which is being analyzed by officers from Scotland Yard's computer crime unit, a spokesman for the force said. http://www.usatoday.com/tech/news/2002-09-20-alleged-hacker_x.htm http://zdnet.com.com/2110-1105-958818.html http://www.vnunet.com/News/1135207 - - - - - - - - Silicon Valley Concern Says It Thwarted Software Theft A Chinese software programmer was arrested Tuesday after a Silicon Valley company complained that he had tried to steal software used in seismic imaging of oil fields, company officials said today. The programmer, Shan Yanming, 32, has been in the United States since the end of April as part of a contract between the state-owned China National Petroleum Corporation and 3DGeo Development., a Mountain View, Calif., software company. Executives at the company said that the Chinese programmer, who had been training in the use of the company's software, was caught trying to use a company computer password to download company software to a portable computer last Thursday. http://www.nytimes.com/2002/09/20/technology/20SOFT.html - - - - - - - - Slapper worm slows to a crawl A Linux worm that started spreading a week ago has reached a plateau after infecting about 7,000 servers and turning the hosts into a peer-to-peer network that could be used to attack other computers. Known as Linux.Slapper.Worm, Slapper and Apache/mod_ssl, the worm's spread has fallen far short of the biggest attackers in recent times. For example, Code Red infected 400,000 servers last summer. And according to the National Strategy to Secure Cyberspace, the Nimda virus compromised 86,000 systems last fall. Perhaps most telling, security experts are already talking about Slapper in the past tense. http://zdnet.com.com/2100-1105-958758.html http://news.zdnet.co.uk/story/0,,t269-s2122610,00.html http://www.nytimes.com/2002/09/20/international/europe/20VIRU.html http://news.com.com/2100-1001-958758.html - - - - - - - - WorldCom ordered to shield Internet subscribers from child porn sites A judge's order requiring WorldCom to block five child-pornography Web sites is the first use of a Pennsylvania law that raises concerns about turning Internet service providers into government censors. The sites in question were not hosted by WorldCom but were accessible using WorldCom and other ISPs. According to an affidavit filed by an investigator, the sites showed nude males and females, believed to be under age 18, in sexual poses. http://www.nandotimes.com/technology/story/543842p-4297681c.html http://www.siliconvalley.com/mld/siliconvalley/news/editorial/4117448.htm - - - - - - - - Moussaoui's lawyers seek details on computer use Standby defense lawyers for Zacarias Moussaoui expressed skepticism Friday that government investigators thoroughly investigated the terrorist suspect's computer activity. The lawyers working on Moussaoui's behalf asked a federal judge to order the government to provide a more detailed account of its investigation and to look harder for evidence of an e-mail account apparently used by Moussaoui. http://online.securityfocus.com/news/744 - - - - - - - - Domain fraudsters in .eu con Don't be fooled by pre-registration charges, warns expert. Domain name registrar Internetters is warning people not be fooled into pre- registering for .eu domain names. It claims that internet fraudsters are already scamming people about the new .eu domain name, even though it has only just received endorsement from the European Parliament. Ken Sorrie, co-founder and director of Internetters, said that some registration companies are taking money for pre-registrations of .eu when there is not even a registry appointed, or rules defined. http://www.vnunet.com/News/1135196 - - - - - - - - Comms traffic snooping breaks EU laws Telcos and ISPs fear legal repercussions. The Home Office wants internet service providers (ISPs) and telcos to store customers' communications traffic data on a voluntary basis, but by doing this companies could be breaking the law. The UK has already tried to get telecoms traffic data retained for up to two years under the European Union Communications Data Protection Directive, but has met with stiff opposition from other countries. http://www.vnunet.com/News/1135228 - - - - - - - - Official: Cybersecurity not watered down A White House official is standing behind the administration's draft recommendations on cybersecurity, asserting that they have not been weakened by lobbying from technology companies. "The one (claim) I hear the most often is that it was watered down," Howard Schmidt, vice chairman of the White House's National Critical Infrastructure Protection Board, said here Thursday. "It is not watered down." On Wednesday, the White House formally introduced a 64-page draft proposal titled "National Strategy to Secure Cyberspace." http://zdnet.com.com/2100-1105-958775.html Week in review: Securing the Net The White House released a draft this week of its long-awaited plan for cyberspace security, but the plan garnered criticism as not doing enough. The Bush administration's plan, a 64-page document called the "National Strategy to Secure Cyberspace," outlines a mainly hands-off approach to securing the Net, giving primary responsibility to individuals and corporations rather than the government. The report was widely praised by technology companies, but the focus on voluntary measures drew a tart response from a handful of critics. http://zdnet.com.com/2100-1105-958727.html - - - - - - - - Calif. puts a lid on mobile phone spam California's mobile phones should soon be officially freed from unwanted text messages. On Thursday, Gov. Gray Davis signed a bill that would prohibit companies from spamming mobile phones and pagers with unwanted text messages. The law, sponsored by Assemblyman Tim Leslie, R-Tahoe City, goes into effect in January. Davis said he endorsed the plan because he didn't want unsolicited messages on mobile phones to reach the same level of mayhem that spam e-mails have. http://zdnet.com.com/2100-1105-958789.html http://www.msnbc.com/news/810609.asp http://www.siliconvalley.com/mld/siliconvalley/4110927.htm - - - - - - - - Internet cafe fights back in piracy dispute EasyInternetCafe has been threatened with a gagging order as the ongoing piracy dispute between the company and the British music industry remains unresolved. Lawyers acting on behalf of the British Phonographic Industry (BPI) contacted EasyInternetCafe earlier this week, warning that they plan to apply for an injunction that would stop EasyInternetCafe talking to the press about the row. http://zdnet.com.com/2110-1106-958820.html - - - - - - - - Identity theft: Fact and fiction In Shakespeare's Othello, Iago laments that "he that filches from me my good name/Robs me of that which not enriches him/And makes me poor indeed." In the modern world, by contrast, filching someone else's good name through identity theft can significantly enrich the criminal and impoverish the victim. Some federal cases within the last year suggest why identity theft has become one of the fastest-growing forms of white-collar crime. http://news.com.com/2010-1075-958328.html - - - - - - - - Spam-fighter invades the inbox Users who install MailFrontier's anti-spam package are finding that it adds a line of advertising to every email they send. Free Web-based email services have long used customers as marketing mules, adding an unobtrusive tag line at the end of each message to tout their products. Now, an anti-spam company is drawing fire for using the same tactic. http://news.zdnet.co.uk/story/0,,t269-s2122607,00.html - - - - - - - - Sun donates cryptography tech to OpenSSL project The server company has given its latest elliptic curve technology to an open-source security project Sun Microsystems has donated new cryptography technology to an open-source project at the heart of many secure transactions on the Internet. Sun's "elliptic curve" technology is involved in the process of using keys to encrypt and decrypt information for electronic transactions. Such encryption lets people buy products online, for example, while shielding their credit card number from prying eyes. http://news.zdnet.co.uk/story/0,,t269-s2122616,00.html - - - - - - - - Transparent token is cryptographic key A transparent token the size of a postage stamp and costing just a penny to make can be used to generate an immensely powerful cryptographic key. Current cryptographic systems use mathematics to generate the numerical "keys" that lock up the protected data. These are produced using "one-way functions", formulas that take simple secret data and generate long keys. The trick is that it is extremely hard to reverse the process and work back to the secret data when given only the key. http://www.newscientist.com/news/print.jsp?id=ns99992828 - - - - - - - - The State of E-Commerce Security Gartner research director Richard Stiennon told NewsFactor that recent SSL vulnerabilities were neither serious nor frequent enough to tarnish the protocol. Most e-commerce transactions currently are secured by the SSL (secure sockets layer) protocol, which is designed to encrypt data exchanges over the Internet. While SSL is generally viewed as effective, an increasing number of vulnerabilities and other issues have spurred some e-commerce players to think about more secure standards. http://www.newsfactor.com/perl/story/19462.html - - - - - - - - Home LANs risk accidental hacks Small businesses and home networkers are at risk from hackers - but some intrusions into a wireless network may be unintended. You are at home late one night, upgrading some software on your wireless LAN. There is no one else in the house, and the neighbour's driveway is empty. You reboot your laptop and wait for it to come back to life. Suddenly the light on your wireless log begins flashing wildly with your laptop rebooting. There shouldn't be any traffic to register, yet it's blinking like Andromeda. http://news.zdnet.co.uk/story/0,,t269-s2122516,00.html - - - - - - - - Legal guru: We don't need cyberlaws For a law professor specializing in the Internet, David Sorkin takes a pretty dim view of cyberlaw. An associate professor at the John Marshall Law School in Chicago, David Sorkin in 1995 was one of the first academics to offer a course on cyberlaw. But when it comes to legislating our way to Internet nirvana, Sorkin remains a skeptic. In fact, he says the law governing the offline world is equipped to handle most online disputes, and cautions that attempts to address Internet problems such as spam are only going to make matters worse. http://zdnet.com.com/2100-1106-958783.html - - - - - - - - Are you ready? Find out. Hackers. Thieves. Cyberterrorists. Angry ex-employees. They're out there. And they want in--to steal your data, to sabotage your business, to turn your world upside down. They can unleash their havoc at anytime, from anywhere. Are you ready for them? Can you be better prepared? Where are your biggest vulnerabilities? What can you do to safeguard your most precious assets-- your systems, your databases, your trade secrets? How can you harden existing defenses? http://techupdate.zdnet.com/techupdate/filters/specialreport/0,14622,6023353,00.html - - - - - - - - UK firm creates GPS tracker for kids Parents in the UK will soon be able to track the whereabouts of their children using a GPS device that can be partly disguised as a badge. The product, called Kidcontact, is due to be released before Christmas and uses both GPS and mobile technology to monitor the location of the child wearing it. Kids can also alert their parents in an emergency with the click of a button, its makers have claimed. When released, it will cost PS495 plus VAT. http://www.theregister.co.uk/content/6/27214.html - - - - - - - - Emphasis on homeland security spurs high-tech sales pitches Companies hawking portable decontamination howers, technology to identify anthrax and plague, and 1,500-pound boulders to guard against truck bombs vied Thursday for a piece of the growing homeland security market. Law officers, military officials and federal security workers buzzed around some 300 exhibits at a trade fair catering to the government's increased security needs since the Sept. 11 attacks. http://www.usatoday.com/tech/news/techinnovations/2002-09-20-tech-security_x.htm http://www.cnn.com/2002/TECH/biztech/09/20/selling.security.ap/index.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.