NewsBits for August 6, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ Chennai's ATM hacker was wanted by the FBI The Chennai City Police have busted an international gang involved in cyber crime, with the arrest of Deepak Prem Manwani (22), who was caught red-handed while breaking into an ATM in the city in June last, it is reliably learnt. The dimensions of the city cops' achievement can be gauged from the fact that they have netted a man who is on the wanted list of the formidable FBI of the United States. - - - - - - - - - - Supreme Court oral arguments now available for file-swapping Getting audio recordings of landmark legal arguments is becoming as easy as downloading the latest Snoop Dogg single. For the first time, Internet users can download, edit and swap many of the U.S. Supreme Court's greatest hits. Oral arguments available include those for the Roe v. Wade abortion-rights case and the disputed 2000 U.S. presidential election. 'Golden Age of Free Music' vs 'Copying is Stealing' - - - - - - - - - - Legal action threatened against domain slammer The Dutch hosting provider Deinternetman and its American partner (no relation to El Reg), ponder legal action against Domain Registry of Europe (DRoE) for sending their customers letters urging them to renew their domain contracts. The two companies believe it is a deliberate attempt to deceive domain name owners into switching their domain registrations. - - - - - - - - - - Cops to crack down on cyber criminals The United States loses approximately $5,000 in bank robberies every year. But according to the recent reports, losses in cyber space are approximately 100 times more, averaging of $5 lakh every year, said Joint Commissioner of Police (Crime) Satya Pal Singh, while talking to the media about Cyber Safety Week. Cyber Safety Week, which begins August 18 and will be observed through August 23, is a joint effort by the seven key Information Technology associations in the city to help the Mumbai Police Cyber Crime Cell. - - - - - - - - - - Mimail virus hits the UK Antivirus firm Sophos has issued a warning to all UK businesses to be on the look out for an email worm masquerading as a message from network support. The worm, Mimail, modifies itself to display the administration address of the user's network, tricking the recipient into opening it. The message suggests the recipient's email account will soon expire - something which doesn't usually happen on business accounts - and urges the recipient to read the attached '' file. The HTML attachment contains the worm and as soon as it's opened it copies all of the user's contacts from their address book and passes the worm on to them. - - - - - - - - - - The Internet Security Demon That Won't Die "A traditional regulatory model applied to the Internet is doomed to failure. By the time it was regulated, you'd be dealing with an Internet that was two years older," says Larry Clinton, chief operating officer at the Internet Security Alliance. By some accounts, it has been a bad year for Internet security so far: The number of incidents reported in the first half of 2003 climbed to 76,404 -- just a little shy of the 82,094 reported for the entire year of 2002, according to the CERT Latest News about CERT Coordination Center of the Software Engineering Institute at Carnegie Mellon University. - - - - - - - - - - Hacking hit-list to highlight security flaws Security experts Qualys have put together a list of the top ten computer security priorities - vulnerabilities in computer systems that can be used by hackers. The list, which will be updated in real time, can be found at It was launched at the start of the month and is based on the company's QualysGuard Web Service Architecture. The RV10scan will be continually recompiled from - in the words of Qualys - 'a statistically representative sample, including thousands of networks'. - - - - - - - - - - Memory sticks are the latest security risk Memory sticks have been branded as the latest security risk by security firm SecureWave, whose intrusion prevention technology can be used to control the use of the popular devices in corporate environments. The alleged risk here is that "many organisations run the risk of viruses and unauthorised software entering the network, as well as confidential data being removed through these small, yet powerful desktop devices." - - - - - - - - - - Health group boosts mail security The Michigan Public Health Institute is expanding its use of software that encrypts e-mail. Officials from the institute downloaded ArticSoft FileAssurity onto eight computers in January and found the software so effective that they will install it on 100 additional machines. - - - - - - - - - - Defense group to get ID middleware A California company has been hired to provide software so the Defense Financing and Accounting Service can use the high-tech features of its identification cards. SSP-Litronic of Irvine, Calif., will provide the organization with 23,000 software licenses for so-called Common Access Cards (CAC), the Defense Department's new ID cards with smart card technology and biometric security. When DOD deploys the necessary software, the cards will not only provide access to installations, but workstations and networks as well. - - - - - - - - - - NIAP Certification Becoming a Priority The government's plan to pressure software vendors to build more secure products seems to be gathering a bit of momentum. A major part of the National Strategy to Secure Cyberspace, the idea involves using market pressures and the government's purchasing power to influence vendors' development practices. An important component of this plan is the National Information Assurance Partnership's Common Criteria testing program, which validates the security and reliability of a given product. The program is a partnership between the National Security Agency and the National Institute of Standards and Technology.,3959,1211299,00.asp Lack of Security at Wireless Conferences Security Guard Finding flaws helpful - MS security chief,39020387,39115516,00.htm - - - - - - - - - - Ticketmaster privacy policy slammed People buying tickets online through Ticketmaster may be surprised to find themselves receiving spam as an encore. The ticket service, which holds a lock on advance ticket sales for most major entertainment events, is taking heat from consumers for a privacy policy that does not let online ticket buyers opt out of receiving e-mail pitches from an event's producers and other businesses associated with it. - - - - - - - - - - Has the Spam Dam Really Burst About 14 billion spam are sent each day now two for every person on the planet, according to one study. Actually, two a day wouldnt be so bad. In reality, many Net users say they are drowning in the stuff. The unrelenting deluge of unsolicited e-mail makes finding real e-mail from mom or the boss harder every day. So some are throwing up their virtual hands, and dropping old, beloved e-mail addresses in a vain attempt to run away from the bursting dam that is their Internet service provider. Spam, some say, has gotten so bad that its on the verge of killing e-mail. But if the Internet sky really is falling, why doesnt someone do something? Swollen Orders Show Spam's Allure,1367,59907,00.html - - - - - - - - - - Hackers and vendors brawl over nothing The issue of security vulnerability disclosure has been a hot topic for a long time now, however recent efforts to bring in new disclosure guidelines are unlikely to change anything. It's hard not to chuckle just a little bit every time some group purporting to represent the best interests of the online community comes forward with its draft standard for disclosing vulnerabilities to software companies and the public. - - - - - - - - - - Blogs: Another Tool in the Security Pro's Toolkit (Part Two) In my last column, I introduced you to blogging and blogs, and some of the issues that security professionals should consider before starting their own blogs. In this column we continue the discussion, and focus on blogs that specialize in security. Blogs: Another Tool in the Security Pro's Toolkit (Part One) - - - - - - - - - - Consultant: Good theory behind DARPAs terrorism futures Maybe the Defense Advanced Research Projects Agencys malignedand now defunctPolicy Analysis Market wasn't such a bad idea after all, according to one privacy consultant and financial researcher. "I think it's an extremely intriguing tool, probably poorly implemented," said A.S. von Bernhardi. - - - - - - - - - - U.S. Backs Florida's New Counterterrorism Database 'Matrix' Offers Law Agencies Faster Access to Americans' Personal Records. Police in Florida are creating a counterterrorism database designed to give law enforcement agencies around the country a powerful new tool to analyze billions of records about both criminals and ordinary Americans. *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.