NewsBits for August 15, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Microsoft braces for Phase 2 of attack Microsoft Corp. may write flawed software, but it can take solace in the fact that the author of the ``blaster'' worm also makes mistakes. And that error may be Microsoft's biggest weapon in fending off part two of the Internet attack that started Friday and is expected to continue into Saturday. The worm, which so far has infected more than 350,000 computers around the world, now aims to bring down Microsoft's Web site for software patches by flooding it with traffic. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/6543177.htm http://www.computerworld.com/securitytopics/security/holes/story/0,10801,84066,00.html http://www.pcpro.co.uk/?http://www.pcpro.co.uk/news/news_story.php?id=45937 http://news.bbc.co.uk/2/hi/technology/3154117.stm http://www.vnunet.com/News/1143019 http://zdnet.com.com/2251-1110-5062637.html http://www.cnn.com/2003/TECH/internet/08/15/microsoft.blaster/index.html http://www.wired.com/news/infostructure/0,1377,60060,00.html Windows Update flaw 'left PCs open' to MSBlast http://news.zdnet.co.uk/0,39020330,39115732,00.htm http://news.com.com/2009-1002_3-5063226.html Microsoft Outlines Specific Steps to Help Ensure PC Security http://www.eetimes.com/pressreleases/prnewswire/93584 Microsoft kills Net address to foil worm http://news.com.com/2100-1002_3-5064433.html http://www.msnbc.com/news/952935.asp http://www.theregister.co.uk/content/7/32363.html Blaster Worm Racks Up Victims http://www.pcworld.com/news/article/0,aid,112047,00.asp http://news.com.com/2100-1002_3-5064590.html http://www.washingtonpost.com/wp-dyn/articles/A60273-2003Aug14.html MSBlast worm takes down major bank http://www.silicon.com/news/500013/1/5618.html Blaster shows IT departments the need for speed on patches http://computerworld.com/securitytopics/security/holes/story/0,10801,83968,00.html US govt organisations see off Blaster worm http://www.computerweekly.com/articles/article.asp?liArticleID=124188&liArticleTypeID=1&liCategoryID=2&liChannelID=28&liFlavourID=1&sSearch=&nPage=1 How to Clear the 'Blaster' Worm from a PC Running Windows XP Symantec's repair software is called Fixblast.exe for Windows XP. Earlier Windows operating systems -- 95, 98 and ME -- are not affected by the worm. Q. What can I do to get this nasty worm Relevant Products/Services from Captus Networks off my new PC running Windows XP? A. The "blaster" worm fix requires several steps that start with either downloading a repair program or asking a trusted friend to download it for you. Some infected computers are switching on and off every few minutes, making Web access impossible. Other victimized machines are quite sluggish but still useable. http://www.ecommercetimes.com/perl/story/31351.html - - - - - - - - - - Microsoft.com falls to DOS attack Microsoft Corp.'s main Web site was inaccessible for two hours late yesterday, the victim of an Internet- borne distributed denial-of-service (DDOS) attack, the company said. The company is cooperating with federal law enforcement officials investigating the attack, the second successful DOS attack against Microsoft.com this month. The attack occurred yesterday at 11:45 p.m. EDT and was directed at www.microsoft.com, the company's main Web address, according to Sean Sundwall, a Microsoft spokesman. Microsoft.com was completely inaccessible for two hours and experienced "off and on" disruptions for another two hours, Sundwall said. http://computerworld.com/securitytopics/security/holes/story/0,10801,84074,00.html - - - - - - - - - - Federal charge filed against Ohio man accused of hacking Acxiom An Ohio man accused of hacking into computer servers at Acxiom Corp., one of the largest database companies in the world, has been charged in federal court in his home state, federal officials said Friday. Daniel Baas, 24, of Milford, Ohio, was charged with computer fraud in U.S. District Court in Cincinnati. The charge, filed Thursday, was accompanied by an affidavit from a Hamilton County sheriff's detective, who said Baas copied information from the Little Rock-based company's servers onto CDs, which were found in Baas' home. http://www.securityfocus.com/news/6733 - - - - - - - - - - Woman kidnapped in PS0.5m IT theft IT companies are being urged to review their physical security after the financial director of a computer distributor was kidnapped and forced to help burglars steal computer equipment worth more then PS500,000. The kidnap of the 30-year-old woman and subsequent robbery, which are reminiscent of attacks normally carried out against bank staff, represent a disturbing new trend in crimes against IT companies. http://www.theregister.co.uk/content/7/32363.html - - - - - - - - - - GNU servers 'owned' by crackers since March Crackers owned the primary file servers of the GNU Project from mid-March until two weeks ago, the Free Software Foundation admitted this week. The attack raises concerns about whether malicious code could have been inserted in the software available for download, including some Linux applications. http://www.theregister.co.uk/content/55/32355.html - - - - - - - - - - Congress lowers funding for intelligence, cybersecurity The House and Senate showed a reluctance to fully fund the White House's budget request for Homeland Security Department's work on intelligence and infrastructure protection in legislation that would fund the department for fiscal 2004. http://www.govexec.com/dailyfed/0803/081503td2.htm - - - - - - - - - - Calif. Eyes Strong Privacy Policy Faced with the possibility of an expensive campaign to defeat a threatened ballot initiative, California's financial industry set aside its opposition to a comprehensive information privacy law Thursday and announced a last-minute compromise with privacy groups. The deal gives legislators a deadline of Tuesday evening to pass a version of a financial privacy law backed by California State Sen. Jackie Speier (D-San Francisco/San Mateo) which imposes restrictions on how banks and insurance companies can share information about their customers. http://www.wired.com/news/politics/0,1283,60037,00.html - - - - - - - - - - Software exposes California recall to tampering As if elections officials in California don't have enough to worry about as they prepare for a bewildering Oct. 7 recall vote, computer scientists say shoddy balloting software could bungle the results and expose the election to fraud. Their worst-case scenario is the accidental deletion or malicious falsification of ballots from the 1.42 million Californians voting electronically 9.3% of the state's 15.3 million registered voters. http://www.usatoday.com/tech/news/techinnovations/2003-08-14-calif-vote-software_x.htm - - - - - - - - - - Online document search reveals secrets Many documents published online may unintentionally reveal sensitive corporate or personal information, according to a US computer researcher. Simon Byers, at AT&T's research laboratory in the US, was able to unearth hidden information from many thousands of Microsoft Word documents posted online using a few freely available software tools and some basic programming techniques. http://www.newscientist.com/news/news.jsp?id=ns99994057 - - - - - - - - - - Software tool steals data via Bluetooth A UK researcher has developed a sniffing tool to demonstrate security holes in the wireless technology. The software tool could allow confidential information to be stolen from mobile communication devices over the air, according to science magazine New Scientist. The tool, Red Fang, was created by Ollie Whitehouse, a UK-based researcher with computer security firm @Stake, to stress the dangers of running badly configured Bluetooth devices. People are often unaware that Bluetooth is enabled on their devices, and the security features are often inactivated. http://zdnet.com.com/2100-1105_2-5064303.html - - - - - - - - - - Spam fuels boom in secure content market Junk mail is an increasing problem but the search for an effective cure remains fraught with difficulties. That's the message we take from a slew of recent surveys on the subject. http://www.theregister.co.uk/content/55/32362.html - - - - - - - - - - Post-9/11 steps help business computers in outage Disaster recovery preparations after the Sept. 11, 2001 attacks helped protect U.S. business computer systems during the biggest electrical blackout in North American history, data recovery experts said Friday. Data recovery companies said they were surprised by how few of their clients had issues the day after power supplies were wiped out across much of the Northeastern United States and nearby parts of Canada. http://www.usatoday.com/tech/news/computersecurity/2003-08-15-blackout-data-recovery_x.htm - - - - - - - - - - Will MSBlast finally teach us a lesson? Two years after the Code Red and Nimda worms spread across the Internet, home users and many companies still aren't doing enough to secure themselves against Internet threats, said security experts. "Software is still flawed, people are still not patching, and companies are still not making security a focus," said Marc Maiffret, chief hacking officer for security software maker eEye Digital Security. "They didn't after Code Red, they didn't after Nimda, and they didn't after Sapphire/Slammer. Mostly likely, they won't after this worm either." http://zdnet.com.com/2100-1105_2-5064208.html Why Computer Worms Never Die http://www.newsfactor.com/perl/story/22096.html - - - - - - - - - - Why Your ID Is Such Easy Picking With Social Security numbers so commonly used on insurance and health-care cards, a stolen wallet can easily lead to a much bigger headache. Identity theft skyrocketed 81% in 2002, a statistic so shocking that it seemed unreal -- until it happened to my sister. Last weekend, she had her wallet pinched. Within six hours, the thieves, clearly professionals, had charged $5,000 to each of her credit cards and wiped out much of her bank account by using her debit card to "purchase" limousine services from a nonexistent company. Worse, the thieves also obtained her Social Security number, which was printed on her health-insurance member card. http://www.businessweek.com/technology/content/aug2003/tc20030814_9611_tc073.htm *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.