November 19, 2002 Police charge Columbia students in high-tech cheating scam Two Columbia University students were arrested on charges they used high-tech gadgets to try to cheat on a graduate school entrance exam. The students made two visits to a testing center, supposedly to take the Graduate Record Exam by computer, police said. Each time, one of the students allegedly attached a transmitter to the testing center computer and sent the questions to the other student with a laptop outside. http://www.nandotimes.com/technology/story/628295p-4810539c.html - - - - - - - - Heathrow thieves steal 1,400 SPV Orange smartphones Thieves made off with 1,400 Orange SPV (Sounds Picture Video) smartphones after raiding a warehouse in Heathrow last Friday. The theft has led to rumbles of discontent on Internet bulletin boards from small retailers who were due to take delivery of long-awaited Orange SPV phone, which is based on Microsoft's Stinger (Windows Smartphone 2002) platform. http://www.theregister.co.uk/content/59/28174.html - - - - - - - - Court OKs online search help under search warrant A federal appeals court on Monday overturned a lower-court ruling requiring police officers to be physically present when executing a search warrant at an Internet service provider. The 8th Circuit Court of Appeals in St. Louis overturned a district court ruling in a Minnesota case regarding a search warrant faxed to Yahoo's Santa Clara, California offices in a child pornography investigation. http://zdnet.com.com/2110-1106-966335.html http://www.vnunet.com/News/1136957 http://www.usatoday.com/tech/news/techpolicy/2002-11-19-isp-ruling_x.htm - - - - - - - - Using pirated software could close a UK business The UK police are to be given new powers to search and seize in the fight against illegal software use in British firms. Companies abusing the terms of their licences or using illegally copied software now face the threat of closure, as the police, working with copyright owners and enforcement agencies, receive new powers under radical changes to the 1988 Copyright, Designs and Patents Act which come into force on 20 November 2002. http://zdnet.com.com/2110-1106-966361.html http://news.zdnet.co.uk/story/0,,t269-s2126185,00.html - - - - - - - - Congress told U.S. Internet security suffers serious problems Some of the U.S. government's most important computer systems continue to suffer significant security lapses despite renewed focus protecting them against terrorist attacks, congressional investigators said Tuesday. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/4555878.htm http://online.securityfocus.com/news/1696 http://www.wired.com/news/politics/0,1283,56474,00.html U.S. Government Flunks Computer Security Tests http://online.securityfocus.com/news/1693 http://news.com.com/2100-1001-966444.html http://www.govexec.com/dailyfed/1102/111902h1.htm http://www.msnbc.com/news/837259.asp http://www.usatoday.com/tech/news/computersecurity/2002-11-19-net-security-report_x.htm - - - - - - - - Bill's secrecy provisions stick Last-minute efforts by Senate Democrats to strip objectionable secrecy provisions from the homeland security bill apparently failed Nov. 18. Language added to the bill by the House of Representatives would block the disclosure of information about technology vulnerabilities through the Freedom of Information Act. Attempts to remove the language seemed certain to fail even as the Democrats wrestled to remove other provisions they dislike. http://www.fcw.com/fcw/articles/2002/1118/web-foia-11-19-02.asp - - - - - - - - Experts: Don't dismiss cyberattack warning Security experts and two former CIA officials said today that warnings of cyberattacks by al-Qaeda against western economic targets should not be taken lightly. Vince Cannistraro, the former chief of counterterrorism at the CIA, said that a number of Islamists, some of them close to al-Qaeda, have developed expertise in computer science. http://computerworld.com/securitytopics/security/story/0,10801,76000,00.html - - - - - - - - Some Web Sites Are Posting a 'Keep Out' Sign to Law Enforcement Hundreds of Web sites offering pirated movies, games and other goodies have adopted a curious line of defense: a start-up page that tells law enforcement agents they're not allowed to look inside. With a few words changed here or there, the same "disclaimer" is popping up on Internet sites hawking items ranging from replicas of designer sunglasses to instructions for stealing satellite TV signals. It orders all police, government agents and anti-piracy officials to leave the site immediately -- and no peeking on the way out! (LA Times article, free registration required) http://www.latimes.com/technology/la-fi-dvd19nov19001441,0,2222295.story - - - - - - - - Accused Pentagon Hacker's Online Life Usenet posts show Gary McKinnon was a bit of a phone phreak, knew where to buy lock picks, and had an early interest in defense computers. A former employer says he was bored at work. The British man accused of the most ambitious hack attacks against Defense Department computers in years was also a fine network administrator, according to a former co-worker. http://www.theregister.co.uk/content/55/28186.html - - - - - - - - Hackers go public with prizes and glory, and jobs, on the line Openhack, an online hacking competition, ended last Saturday, with an US entrant winning a $US500 prize, but he and others missing even bigger jackpots for being able to break into a software application. Openhack was established in 1999 by eWeek, an online technology magazine. The idea was simple: put an application online and let everyone in the world hack away at it. The entrant who can best hack into the test system gets the biggest prize money. http://www.smh.com.au/articles/2002/11/16/1037080963204.html - - - - - - - - News Corp. exec puts piracy in spotlight A key executive from media giant News Corp. on Tuesday urged cooperation between media and technology companies in combating piracy. During his keynote speech at the Comdex Fall 2002 trade show, News Corp. Chief Operating Officer Peter Chernin said it was time for the "looting epidemic" to end, citing losses from copyright infringement that he estimated were in the $8 billion range. http://zdnet.com.com/2100-1105-966457.html - - - - - - - - Security holes aren't being filled System administrators are still not patching systems frequently enough, according to a recently published study of a software security flaw that allowed the Linux Slapper worm to spread. In fact, even after the Slapper worm highlighted the existence of a vulnerability in the Web security software known as OpenSSL, three out of 10 systems that had the flaw continue to be vulnerable even today, said Eric Rescorla, an independent security consultant. "Administrators aren't as responsive as they should be," he said. "Even after a relatively serious hole is found, administrators don't do the right things." http://zdnet.com.com/2100-1105-966398.html - - - - - - - - Microsoft to decipher security alerts Microsoft is promising customers that it will simplify the security alerts it routinely issues on problems affecting its products. The company notified customers of pending changes to security alert bulletins in an e-mail sent Tuesday to the Microsoft Security Notification Service mailing list. "Customer feedback tells us that, while technical professionals value our security bulletins, many end-users find them overly detailed and confusing," Steve Lipner, director of Microsoft Security Assurance, wrote in the e-mail. He also noted that many people receive notices that would be "of interest only to developers or system administrators." http://zdnet.com.com/2100-1105-966347.html - - - - - - - - Defender of your right to online privacy When Microsoft introduced version 6 of its Internet Explorer browser last year, many Webmasters were puzzled to find that their cookies were being blocked in increasing numbers. The culprit was IE's default implementation of the Platform for Privacy Preferences (P3P), and for that, the irate Webmasters had Lorrie Cranor to thank. Cranor, a principal technical staff member at AT&T Labs-Research, has become virtually synonymous with P3P. She is the chair of the World Wide Web Consortium's (W3C) P3P working group. She designed AT&T's "privacy bird," a software download that turns different colors based on a Web site's P3P settings. http://zdnet.com.com/2100-1105-966377.html http://news.com.com/2008-1082-966268.html http://www.newsfactor.com/perl/story/20035.html - - - - - - - - How Much Hack Info Is Too Much? To disclose or not disclose -- it's a question that's been under heavy discussion in the computer security industry over the past year. U.S. cybersecurity director Richard Clarke and virtually all software companies insist that software vendors should have a chance to fix problems before security researchers disclose them publicly. Researchers counter that without full disclosure, companies often fail to swiftly patch security holes. Full disclosure, in theory, also alerts computer users to problems that are already known to malicious hackers, who often exploit holes before patches become available. http://www.wired.com/news/infostructure/0,1377,56463,00.html - - - - - - - - Don't Be a Doormat for Viruses It's essential that anyone voyaging through cyberspace install a first-class antivirus program, such as Norton AntiVirus, and a decent firewall, which can be obtained free of charge from www.zonealarm.com. My endless battle in trying to keep nasty viruses from invading my computer has made me realize you can never be too safe. In fact, I'm often reluctant to boot up a computer if antivirus software and a firewall aren't installed. http://www.osopinion.com/perl/story/20018.html - - - - - - - - Complete Snort-based IDS Architecture, Part Two Many companies find it hard to justify acquiring the IDS systems due to their perceived high cost of ownership. However, not all IDS systems are prohibitively expensive. This is second part of a two-part article that will provide a set of detailed directions to build an affordable intrusion detection architecture from hardware and freely available software. In this installment we shall discuss Web interface configuration, summaries and daily reporting, automated attack response, sensor installation, installation of the central station, and big distributed IDS systems. http://online.securityfocus.com/infocus/1643 Complete Snort-based IDS Architecture, Part One http://online.securityfocus.com/infocus/1640 - - - - - - - - Brits Mull Chipping Sex Offenders The British government acknowledged Monday that it would consider using implanted ID chips to track sex offenders, raising the specter of forced chipping. The news was first reported on Sunday by the The Observer. The paper reprinted portions of a letter from Hilary Benn, the minister responsible for supervising sex offender programs, to Labour MP Andrew Mackinlay. http://www.wired.com/news/business/0,1367,56464,00.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.