High Tech "NewsBits" for 08/21/03

NewsBits for August 21, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Sobig virus 'biggest epidemic yet' Sobig represents the largest worldwide virus infection to date, judging by the volume of email blocked by Internet service providers. The Sobig virus is aptly named. Recent data from email service providers pegs the infection caused by the latest variant of the Sobig virus as the largest epidemic of a mass-mailing computer program to date. http://news.zdnet.co.uk/internet/security/0,39020375,39115845,00.htm http://www.ctv.ca/servlet/ArticleNews/story/CTVNews/1061462179386_375///?hub=SciTech http://www.itweb.co.za/sections/internet/2003/0308211153.asp http://www.pcadvisor.co.uk/index.cfm?go=news.view&news=3494 http://www.msnbc.com/news/955498.asp http://money.cnn.com/2003/08/21/technology/sobig/index.htm http://www.newsfactor.com/perl/story/22142.html http://www.theregister.co.uk/content/56/32443.html OS X defies viruses Mac OS X remains untouched by the recent wave of viruses to have hit Windows systems, reports say. In the past ten days three viruses have struck Windows systems: the Blaster worm, the Sobig F virus and the Welchi virus, which tried to proof systems against Blaster but was flawed. The Blaster worm even affected the US Navy's multi-million-dollar Navy and /Marine Corps Intranet, with some reports claiming this was shut down by the assault, which the military denied. http://www.macworld.co.uk/news/main_news.cfm?NewsID=6773 Navy has nearly all of NMCI back online http://www.gcn.com/vol1_no1/daily-updates/23235-1.html SoBig a nuisance http://www.gcn.com/vol1_no1/daily-updates/23229-1.html 'Sobig' Virus Could Be Spam Ploy http://www.washingtonpost.com/wp-dyn/articles/A26198-2003Aug21.html http://computerworld.com/securitytopics/security/story/0,10801,84214,00.html E-Mail Virus Spreads Quickly http://www.latimes.com/technology/la-fi-worm21aug21,1,4047112.story http://www.globetechnology.com/servlet/story/RTGAM.20030821.gtviraug21/BNStory/Technology/ http://news.com.com/2100-1002_3-5066875.html - - - - - - - - - - Cop investigated in identity theft of Vikings players An Eden Prairie police officer is suspected of trying to steal the identities of five members of the Minnesota Vikings, court documents say. The officer, who had worked as a part-time security guard for the team, allegedly used information about Michael Bennett to get a credit card in the name of the running back, according to a search warrant filed Wednesday in Hennepin County District Court. http://www.usatoday.com/tech/news/computersecurity/2003-08-21-vikings-id-theft_x.htm - - - - - - - - - - Navy purchase cards hacked The Navy has canceled all its purchase card accounts after discovering that more than half of them may have been compromised by a hack attack. Defense Department officials this morning said that a system containing data for about 13,000 of the Navy's purchase cards had been hacked. In response, the Navy canceled all purchase card accounts, about 22,000, to "minimize unauthorized purchases," according to a statement released by the DOD Purchase Card Management Office. http://www.fcw.com/fcw/articles/2003/0818/web-navy-08-21-03.asp - - - - - - - - - - Police report doubling of child porn sites The National Criminal Intelligence Service's annual report has found that the number of child porn Web sites has increased dramatically, with around half based in the US. Web sites for child pornography have more than doubled worldwide in the past year and Internet pedophiles are devising more cunning ways to avoid detection, British police say. http://news.zdnet.co.uk/internet/0,39020369,39115863,00.htm http://news.com.com/2100-1025_3-5066553.html http://www.wired.com/news/politics/0,1283,60137,00.html - - - - - - - - - - Net anonymity service back-doored The popular Java Anonymous Proxy (JAP), used to anonymise one's comings and goings across the Internet, has been back-doored by court order. The service is currently logging access attempts to a particular, and unnamed, Web site and reporting the IP addys of those who attempt to contact it to the German police. We know this because the JAP operators immediately warned users that their IP traffic might be going straight to Big Brother, right? http://www.theregister.co.uk/content/55/32450.html - - - - - - - - - - Study: Threat of lawsuits is curbing online music piracy Music piracy over the Internet has declined since the record industry started threatening to sue individual users of popular but unauthorized file- sharing networks, a market research group said Thursday. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/6586892.htm http://news.com.com/2100-1027_3-5066632.html http://www.washingtonpost.com/wp-dyn/articles/A26986-2003Aug21.html http://www.usatoday.com/tech/news/techpolicy/2003-08-21-riaa-study_x.htm http://www.theregister.co.uk/content/6/32456.html File swapper fights RIAA subpoena http://news.com.com/2100-1025_3-5066754.html - - - - - - - - - - Patriot Act II Resurrected? Congress may consider a bill that not only expands the government's wiretapping and investigative powers but also would link low-level drug dealing to terrorism and ban a traditional form of Middle Eastern banking. The draft legislation -- titled the Vital Interdiction of Criminal Terrorist Organizations Act of 2003, or Victory Act -- includes significant portions of the so-called Patriot Act II, which faced broad opposition from conservatives and liberals alike and embarrassed the Justice Department when it was leaked to the press in February. http://www.wired.com/news/politics/0,1283,60129,00.html - - - - - - - - - - Rules to control cyber cafes in offing Mumbai police are in the process of drafting rules aimed at guiding and controlling cyber cafes in the city with a view to minimising the misuse of internet for cyber offences. "The proposed rules would make it mandatory for cyber cafes to permit only those users having a photo-identity to access the internet from their cafes," a senior police official told reporters here today. http://www.hinduonnet.com/thehindu/holnus/02211210.htm - - - - - - - - - - Privacy advocates rip into ISP cybercrime code A draft cybercrime code of practice that would require member ISPs to log subscriber usage for up to 12 months is contrary to privacy principles, claims Electronic Frontiers Australia (EFA). The non-profit, national organisation for online civil liberties has submitted a damning review of the code to the Internet Industry Associations (IIA) public consultation phase. http://pcworld.idg.com.au/index.php?id=1555088125&fp=2&fpid=1 - - - - - - - - - - Serious data loss from missing PDAs poses threat The PDA Usage Survey for 2003, conducted for PointSec Mobile Technologies by ComputerWeekly and Reed Exhibitions, confirms that corporate employees frequently download all sorts of personal and business content onto personal digital assistants (PDAs) that lack password protection or encryption. This is problematic, given that the research group Gartner has concluded that PDAs are lost or stolen at an alarming rate. For example, in the U.S. in 2001, 350,000 laptops, 35,000 hand-held computer devices, and 232,000 mobile phones were lost or stolen. http://www.usatoday.com/tech/columnist/ericjsinrod/2003-08-21-sinrod_x.htm - - - - - - - - - - UK banks slammed for poor IT security Router vulnerabilities create a 'turkey shoot' for hackers, warns consultant. UK banks have been blasted for a "complacent" attitude towards some aspects of IT security. According to NTA Monitor, the financial sector has the worst record for router security compared to other sectors, and its use of firewalls is less effective than in other sectors. http://www.vnunet.com/News/1143138 http://www.techworld.com/news/index.cfm?fuseaction=displaynews&NewsID=385 http://news.zdnet.co.uk/internet/security/0,39020375,39115851,00.htm - - - - - - - - - - MS releases unholy trinity of security fixes Microsoft yesterday released another cumulative fix for Internet Explorer designed to address all the old flaws with the Swiss cheese browser and fix a set of fresh problems. Separately, Redmond also issued patches to correct less serious vulnerabilities with a ubiquitous Windows middleware package and a revision of a July advisory on a serious vulnerability involving MIDI files. http://www.theregister.co.uk/content/55/32451.html http://www.pcpro.co.uk/?http://www.pcpro.co.uk/news/news_story.php?id=46450 http://www.msnbc.com/news/955496.asp http://www.vnunet.com/News/1143146 http://www.usatoday.com/tech/news/computersecurity/2003-08-21-ms-patches_x.htm http://computerworld.com/securitytopics/security/story/0,10801,84211,00.html Yet another IE security flaw - and this time it's serious http://www.techworld.com/news/index.cfm?fuseaction=displaynews&newsid=384 http://www.newsfactor.com/perl/story/22135.html - - - - - - - - - - Oracle issues security alert Database giant Oracle warned of a flaw in its XML software that could open a door for denial-of-service attacks. In an alert posted Monday, Oracle said the flaw affects companies using the XML Database (XDB) component for the company's Oracle 9i software. XDB stores data based on Extensible Markup Language (XML), the growing standard for delivering Web services and uniting back-end software. http://zdnet.com.com/2110-1105_2-5066712.html http://computerworld.com/securitytopics/security/story/0,10801,84227,00.html - - - - - - - - - - Getting IT security to reach company goals Creating a line of sight to reach corporate goals and objectives can result in synergy such that the total effect is greater than the sum of the individual effects. We all get excited about different things. Imagine if we were all excited about the same thing; we could move in the same direction and possibly move mountains. http://computerworld.com/securitytopics/security/story/0,10801,84099,00.html - - - - - - - - - - Slow Down Internet Worms With Tarpits Worms, worms are everywhere! The recent and prolific spread of Internet worms has yet again demonstrated the vulnerability of network hosts, and it's clear that new approaches to worm containment need to be investigated. In this article, we'll discuss a new twist on an under-utilized technology: the tarpit. http://www.securityfocus.com/infocus/1723 *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.