January 7, 2003 Norwegian teen acquitted in DVD film cracking case A Norwegian teenager was acquitted in a key test case Tuesday of violating computer break-in laws with his program that circumvents security codes on Hollywood's DVD movies. Jon Lech Johansen was 15 when he developed and posted his program, called DeCSS, on the Internet in late 1999, enraging the film industry because it feared the software would allow illegal copying of its films. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/4891862.htm http://online.securityfocus.com/news/1990 http://news.zdnet.co.uk/story/0,,t269-s2128274,00.html http://news.com.com/2100-1023-979414.html http://www.washingtonpost.com/wp-dyn/articles/A20997-2003Jan7.html http://www.msnbc.com/news/856102.asp http://www.cnn.com/2003/TECH/01/07/dvd.johansen/index.htm http://www.wired.com/news/politics/0,1283,57107,00.html http://www.usatoday.com/tech/news/2003-01-07-dvd-case_x.htm http://www.theregister.co.uk/content/4/28749.html - - - - - - - - Teen Charged With Identity Theft A Queens teen was arraigned Tuesday on charges he stole the identities of over 100 America Online customers, got credit cards in their names and charged over $10,000 in purchases of electronic equipment and racing car parts. Shiva Sharma, 18, pleaded not guilty to a 12-count indictment filed in December that included charges of identity theft, grand larceny, and falsifying business records. The indictment accuses Sharma of using a software program to get e-mail addresses for thousands of AOL customers in September. After creating a Web site that appeared to be an AOL site, he e-mailed the customers, telling them their billing information had been lost and asking them to reply with their personal data, according to authorities. Over 100 customers responded, and Sharma allegedly started using that information to get credit and debit cards with a total value of $500,000. http://www.wnbc.com/news/1873974/detail.html - - - - - - - - Net porn policeman jailed for 18 months A Chester policeman found guilty of possessing child pornography of "the vilest possible nature" blamed media coverage for sparking his addiction to the material. Robert McInnes, a 46-year old police constable, was sentenced yesterday to 18 months jail, after pleading guilty to 14 counts relating to the possession of 15,000 indecent photographs of children. According to the court report, on icCheshire Online, pornographic images are graded by the police from one through to five in severity. McInnes had images in all five categories. http://www.theregister.co.uk/content/6/28750.html - - - - - - - - Lirva worm attaches to Avril Lavigne The popularity of singer Avril Lavigne has spread to the world of computer viruses. Lirva (w32.Lirva@mm), also known as Naith, is a mass-mailing worm that is UPX-compressed to a file size of 32,766 and arrives via e-mail either announcing a new Microsoft patch or offering fan access to Avril Lavigne. Once active, Lirva will attempt to e-mail copies of itself to all contacts on an infected system, shut down all antivirus and firewall programs, and launch a Web browser to open the Avril Lavigne Web site on an infected user's desktop. http://zdnet.com.com/2100-1105-979475.html - - - - - - - - Shell recovers slip after spilling applicants' details Shell has fixed a security hole on its recruitment Web site that left confidential private information of potential applications files open to world+dog. Yesterday a Reg reader, who'd also notified Shell, told us that URL manipulation of forms on the site allowed easy access to this confidential data. http://www.theregister.co.uk/content/55/28756.html - - - - - - - - Fake warning on OpenSSH exploit Security firm Global InterSec says a fake warning was issued recently on the BugTraq mailing lists about a method for root compromise in all versions of OpenSSH. The company said the fake advisory had apparently been posted to highlight several unclear statements made in its (the company's) own advisory about the same vulnerability in March last year. Global InterSec posted the advisory about a possible root compromise in OpenSSH in March last year. It said it was revising the same to correct a mistake which had led to the fake advisory. http://www.smh.com.au/articles/2003/01/07/1041566396529.html - - - - - - - - Group ditches bid to crack Xbox code A computing project has abandoned its effort to crack the main security code for Microsoft's Xbox video game console. An update on the home page for The Neo Project says the group is no longer working on the Xbox "due to legal reasons." Project founder Mike Curry said in an e-mail interview that he couldn't elaborate. "We cannot comment on anything that has happened in the last 24 hours; we can only say that we can no longer participate in the Xbox challenge," he said. http://news.com.com/2100-1040-979488.html - - - - - - - - Russia battles against CD piracy In spite of sub-zero temperatures, Maxim is feeling confident about his outdoor business on the frozen streets of Moscow. Several buyers are browsing his wares, displayed on a folding table just five minutes walk from the seat of the Russian government, in the centre of Moscow. http://news.bbc.co.uk/2/hi/business/2578989.stm - - - - - - - - Symantec to fund infosec student An Internet security corporation announced last month that it is launching a fellowship program for one student at Purdue University's Center for Education and Research in Information Assurance and Security (CERIAS). Symantec Corp. will provide up to $50,000 to cover the full tuition costs and a stipend for one student for two years. The student must be a degree-seeking student enrolled at Purdue, working with CERIAS and maintaining a grade point average of 3.0 in his or her field of study. In announcing the fellowship Dec. 9, 2002, Symantec said the application deadline is March 1. http://www.fcw.com/geb/articles/2003/0106/web-purdue-01-07-03.asp - - - - - - - - Same old song, different meaning for P2P A difference between American and European copyright law threatens to carve out a free- swapping zone for popular decades-old music, hampering record companies' antipiracy efforts online. European and Canadian copyright protections for sound recordings last just 50 years, compared with 95 years in the United States. As reported earlier in The New York Times, that means that a boomlet in sales of bootlegs of 1950s artists, ranging from Miles Davis to Elvis Presley, is becoming perfectly legal. http://news.com.com/2100-1023-979532.html - - - - - - - - Does ActiveX Deserve Its Bad Rep? Although it is possible to disable ActiveX controls in Internet Explorer altogether, Network Associates' Jimmy Kuo does not recommend doing so. Is ActiveX a help or a hazard? Although the words "Microsoft" and "security" are not exactly synonymous -- Windows and Internet Explorer have seen their share of security flaws -- some security experts say ActiveX does not deserve its bad reputation. http://www.newsfactor.com/perl/story/20390.html - - - - - - - - Closing the Floodgates: DDoS Mitigation Techniques To be on the receiving end of a distributed denial of service (DDoS) attack is a nightmare scenario for any network administrator, security specialist or access provider. It begins instantly, without warning, and continues relentlessly: machines down, jammed bandwidth, overloaded routers. An effective, immediate response is often difficult and may depend on third parties, such as ISPs. With these challenges in mind, this article will explore some techniques that systems administrators and security professionals can employ should they ever find themselves in this rather undesirable situation. http://online.securityfocus.com/infocus/1655 - - - - - - - - The Open and Shut Case of Corporate Data Security Perot Systems CIO Mike McClaskey noted that the balance point between information security and data integration varies by industry sector. Healthcare and financial services companies, for example, are more likely to err on the side of security. Few things are more precious to an enterprise than information. Using it effectively -- which oftens means sharing it efficiently -- can provide a competitive edge, helping separate winners from also-rans. http://www.newsfactor.com/perl/story/20388.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.