October 4, 2002 Russian hacker gets 3 years in jail Man was lured to U.S. by FBI under ruse of job interview. A Russian hacker, lured to the United States by the FBI under the ruse of a job interview in a case that prompted a sharp rebuke from Moscow, was sentenced on Friday to three years in prison for computer crime. http://www.msnbc.com/news/817266.asp - - - - - - - - Malaysia questions origin of Bugbear computer virus Malaysian cyber detectives tracking a new computer worm that disables security software said on Friday there was no proof it came from Malaysia, as some reports suggest, or that it was being used for credit card fraud. Anti-virus firms warned computer users on Monday that the 'Bugbear' worm opens up a backdoor in the computers and logs keystrokes. A British-based technology news website, vnunet.com, reported earlier this week that the worm was first detected in Malaysia, and had the ability to steal password and credit card details. The infamous ``Love Bug'' and ``Nimda'' worms both originated in the neighbouring Philippines. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/4210162.htm http://zdnet.com.com/2110-1105-960875.html http://www.vnunet.com/News/1135675 http://www.usatoday.com/tech/news/computersecurity/2002-10-04-malaysia-worm_x.htm 'Bugbear' worms in, opens doors to hackers http://www.cnn.com/2002/TECH/internet/10/04/virus.bugbear/index.html - - - - - - - - Virus writers get Slapper happy Internet vandals have continued to modify the recent Slapper worm and have sent at least four new variants of the hostile Linux program into the electronic wilds. The newest variant, dubbed "Mighty," exploits the same Linux Web server flaw that other versions of the Slapper worm have used to slice through the security on vulnerable servers. Russian antivirus company Kaspersky Labs said in a release Friday that more than 1,600 servers had been infected by this latest variant as of Friday morning and are now controlled by the worm via special channels on the Internet relay chat system. http://zdnet.com.com/2100-1105-960887.html http://news.com.com/2100-1001-960887.html - - - - - - - - Hackers in Russia defaced State Department Web site Hackers in Russia were behind obscenities scrawled on a State Department Web site, a senior State Department official said Friday. The obscenities appeared Wednesday on the Web site www.usinfo.state.gov, which is designed to provide information to computer users outside the United States. The State Department closed the site down for a time but it was up and running again Friday afternoon. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/4214112.htm http://www.cnn.com/2002/TECH/internet/10/04/tech.state.reut/index.html - - - - - - - - Verizon resists request to identify alleged music pirate Music companies tried to persuade a judge Friday to let them obtain names of Internet file-swappers without going to court first, a move that could dictate how copyright holders deal with Internet piracy in the future. Internet service provider Verizon is resisting the music industry's subpoena, saying that it could turn Internet providers into a turnstile for piracy suits and put innocent customers at risk. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/4213631.htm http://zdnet.com.com/2100-1106-960838.html http://news.com.com/2100-1023-960838.html http://www.msnbc.com/news/817138.asp http://www.cnn.com/2002/TECH/ptech/10/04/internetswapping.ap/index.html http://www.wired.com/news/business/0,1367,55579,00.html http://www.usatoday.com/tech/news/techpolicy/2002-10-04-music-court_x.htm http://www.nandotimes.com/technology/story/561610p-4421765c.html - - - - - - - - Satellites at Risk of Hacks Want to find the most-ignored cybersecurity hole in America's critical infrastructure? Congressional investigators say, Look up! Critical commercial satellite systems relied upon by federal agencies, civilians and the Pentagon are potentially vulnerable to a variety of sophisticated hack attacks that could cause service disruptions, or even send a satellite spinning out of control, according to a new report by the General Accounting Office, the investigative arm of Congress. http://online.securityfocus.com/news/942 - - - - - - - - Hackware Author Arrested -- Maybe When Scotland Yard jubilantly announced the arrest of a London-based malware author nicknamed Torner last month, most Internet users probably drew a blank. After all, Torner's Linux-based Tornkit hacking program was hardly in the same league as Melissa or Love Bug, the mainstream Windows worms created by David Smith and Onel de Guzman, respectively. But to Teresa Hall and a group of other system administrators and Internet users, Torner was public enemy No. 1. "He was a cyberterrorist ... an abuser and a low human," said Hall, a Tennessee grandmother of three who volunteers as an operator for IRCnet, an Internet relay chat network where Torner and his crew ran wild for much of 2000 and 2001, according to Hall. http://www.wired.com/news/technology/0,1282,55515,00.html - - - - - - - - Sex email rebounds on city banker The dangers of sending sensitive personal information by email are vividly exhibited once again. A city banker has been suspended from work after an email he wrote describing his sexual exploits was forwarded around the world. In an echo of the infamous "Claire Swire" email of 2000, 22-year old Trevor Luxton emailed five friends on Wednesday 2 October to describe how a friend's ex-girlfriend had performed a sex act on him the night before. http://news.zdnet.co.uk/story/0,,t269-s2123347,00.html - - - - - - - - Anti-scam tech takes on thieves U.S. retailers are increasingly turning to software to reduce the billions of dollars lost to theft and various scams each year. A typical heist goes like this: A customer walks up to a cash register with three items and is asked to write a check for the total, $17.59. The cashier scans all three items, but secretly voids the last item, which costs $7.59. The customer hands over a check for $17.59 and leaves with the items. Later, the cashier takes $7.59 out of the till and pockets it. http://news.com.com/2100-1017-960710.html - - - - - - - - FBI official: Biometrics not ready for large-scale uses Agencies are not yet ready to deploy biometrics on a large scale, an FBI IT official said, and projects like the agencys own U.S. Border Control Entry and Exit system have a long way to go. Biometric identification is not a technology that is applicable on an agencywide basis, Selena Hutchinson, the FBIs acting deputy CIO, said in an interview. The FBI has been using fingerprint indicia for the past decade to identify criminals and do background checks on its own employees with its Integrated Automated Fingerprint Identification System (IAFIS) system. The Defense Department can use biometrics for its Common Access Cards. http://www.gcn.com/vol1_no1/daily-updates/20215-1.html - - - - - - - - W3C proposes XML encryption methods The Web's leading standards group proposed two recommendations for encrypting XML data and documents, a key development in the organization's push to standardize technologies crucial to Web services. The World Wide Web Consortium (W3C) released proposed recommendations for XML Encryption Syntax and Processing and Decryption Transform for XML Signature. Together, the protocols will let Web sites and services send and receive sensitive data confidentially. http://news.com.com/2100-1023-960895.html - - - - - - - - Microsoft Discloses Security Flaws PCs with Outlook Express 6 or Outlook 2002 are not vulnerable to e-mail attack through this security hole. Additionally, users who have installed the Outlook E-Mail Security Update are also protected against e-mail attack due to this security flaw. Microsoft has warned that a security flaw in the help tool of most versions of the Windows operating system could allow a hacker to take control of a user's PC. In its security bulletin, the company rated the security flaw as "critical" and recommended that users install an available patch immediately. http://www.newsfactor.com/perl/story/19589.html http://www.usatoday.com/tech/news/computersecurity/2002-10-04-microsoft-flaws_x.htm - - - - - - - - Apache fixes scripting flaw Apache is vulnerable to a number of cross- site scripting attacks. According to a posting to BugTraq this week, the popular Web server platform is vulnerable due to "SSI error pages of the Web server not being properly sanitised of malicious HTML code". Because of this, attacker-constructed HTML pages or script code may be executed on a web client visiting the malicious link placed on sites run using Apache. Cookie-based authentication credentials might be stolen using the attack or, worse, a number of arbitrary actions might be taken on a victim's machine. http://online.securityfocus.com/news/943 - - - - - - - - Major comms to ground control Nasa uses virtual private networks in space. American space agency Nasa has taken the security of long-distance communications to a new level by using virtual private networks (VPNs) in space. Using VPN servers from Check Point Software, Nasa has been able to maintain secure and reliable communications from Earth to its orbiting space station. http://www.vnunet.com/News/1135674 - - - - - - - - Amber alerts expand to Internet As President Bush announced plans to help expand the Amber Alert system nationwide, America Online Inc. unveiled its service to send the text alerts about abducted children via the Internet. Beginning in November, Amber Alert texts as issued by law enforcement officials will be sent via an AOL Alerts and Reminders service that the company will launch later this month. The alerts will be targeted to members based on the states in which they reside. http://www.fcw.com/geb/articles/2002/0930/web-amber-10-04-02.asp - - - - - - - - Army awards secure phones BPA Defense Department officials will be able to exchange sensitive and classified information securely over a commercial network thanks to specially equipped wireless phones included in a blanket purchase agreement the Army awarded to T-Mobile USA Inc. The one-year BPA, which was awarded Sept. 19 and includes the entire DOD, is renewable indefinitely. It will facilitate the fielding of 10,000 units for the Army during a five-year period, said Kim Jackson, director of the telecommunications directorate at the Army's new Network Enterprise Technology Command, or Netcom. http://www.fcw.com/fcw/articles/2002/0930/web-phones-10-04-02.asp *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.