NewsBits for September 24, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Computer virus disrupts U.S. visa-checking system A computer virus disrupted systems at the State Department for checking every visa applicant for terrorist or criminal history, leaving the U.S. government unable to issue visas for roughly nine hours. The virus crippled the department's Consular Lookout and Support System, known as CLASS, which contains more than 15 million records from the FBI, the State Department and U.S. immigration, drug- enforcement and intelligence agencies. Among the names are those of at least 78,000 suspected terrorists. http://www.bayarea.com/mld/mercurynews/6849537.htm http://www.nytimes.com/aponline/technology/AP-State-Computer-Virus.html http://www.cnn.com/2003/TECH/internet/09/24/state.dept.virus/index.html http://computerworld.com/securitytopics/security/virus/story/0,10801,85290,00.html http://www.fcw.com/fcw/articles/2003/0922/web-state-09-24-03.asp http://www.washingtonpost.com/wp-dyn/articles/A57227-2003Sep24.html http://www.msnbc.com/news/971031.asp http://www.cnn.com/2003/TECH/internet/09/24/state.dept.virus/index.html http://www.usatoday.com/tech/news/computersecurity/2003-09-24-virus-visas_x.htm http://www.theregister.co.uk/content/56/33018.html - - - - - - - - - - Alabama banks try to solve Internet-based scam A new scam combining counterfeiting and Internet fraud on auction sites is taking hundreds of thousands of dollars from bank customers in Birmingham, a bank security chief said. The scam originates on Internet auction sites such as eBay and includes a "buyer" who sends the seller a stolen or fake cashier's check for more than the item's purchase price, said Bill Burch, security chief at AmSouth Bancorp. http://www.usatoday.com/tech/news/2003-09-24-ebay-scam-alabama_x.htm - - - - - - - - - - Music industry drops piracy suit against baffled woman In a possible case of mistaken identity, the recording industry has withdrawn a lawsuit against a 66-year-old sculptor who claims never to have even downloaded song-sharing software, let alone used it. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/6851285.htm http://www.cnn.com/2003/LAW/09/24/tech.lawsuit.ap/index.html http://www.wired.com/news/digiwood/0,1412,60581,00.html http://www.boston.com/business/globe/articles/2003/09/24/recording_industry_withdraws_suit/ http://www.usatoday.com/tech/news/2003-09-24-riaa-drops-suit_x.htm http://www.theregister.co.uk/content/6/33007.html Songwriters Lobby Congress to Stop Piracy http://www.washingtonpost.com/wp-dyn/articles/A53944-2003Sep23.html A Wireless iPod Can Torpedo the Pirates http://www.businessweek.com/technology/content/sep2003/tc20030924_0544_tc056.htm - - - - - - - - - - Kazaa maker files copyright suit agains music, movie companies Makers of the most popular online file-sharing network are suing entertainment companies for copyright infringement, alleging the companies used unauthorized versions of its software to snoop on users in their efforts to battle piracy. Sharman Networks, the company behind the Kazaa file-sharing software, filed a federal lawsuit Monday, accusing the movie studios and the Recording Industry of America of using ``Kazaa Lite,'' a replica of its software without advertising, to get onto the network. Sharman claims its copyright was violated because Kazaa Lite is an unauthorized version of its free software. http://www.bayarea.com/mld/mercurynews/6849510.htm http://www.latimes.com/technology/la-fi-kazaa24sep24223418,1,2962798.story http://www.securityfocus.com/infocus/1728 http://www.washingtonpost.com/wp-dyn/articles/A57694-2003Sep24.html http://www.cnn.com/2003/TECH/biztech/09/24/kazaa.sues.ap/index.html http://www.wired.com/news/digiwood/0,1412,60574,00.html http://www.theregister.co.uk/content/6/33019.html RIAA pushes ahead with suits, sues iMesh, stirs up Senate http://www.theregister.co.uk/content/6/32997.html Lawmakers target P2P http://www.fcw.com/fcw/articles/2003/0922/web-netw-09-24-03.asp - - - - - - - - - - AMD-hosted WLAN used to infect security hack's PC AMD would like you to know that its mobile Athlon 64 goes very nicely with 802.11 wireless networking. And in a bid to get hacks assembled at its Cannes launch event this week to think 'wireless', the chip maker thoughtfully laid on a WLAN for them to use to quickly file column inches for their respective rags. http://www.theregister.co.uk/content/28/33026.html - - - - - - - - - - Californian anti-spam bill charges $1000 per email A new Californian law targeting spam will be the toughest in the US, with spam campaigns liable for penalties of up to $1m. California Governor Gray Davis said on Tuesday he would sign into law the toughest measure in the United States to crack down on "spam,'' the unsolicited email this is increasingly clogging electronic mail boxes. http://news.zdnet.co.uk/internet/security/0,39020375,39116626,00.htm http://computerworld.com/softwaretopics/software/groupware/story/0,10801,85308,00.html http://www.washingtonpost.com/wp-dyn/articles/A56503-2003Sep24.html http://www.msnbc.com/news/971143.asp http://www.cnn.com/2003/TECH/internet/09/24/california.spam.ap/index.html http://www.wired.com/news/business/0,1367,60570,00.html http://www.modbee.com/local/story/7491276p-8406812c.html http://www.newsfactor.com/perl/story/22361.html http://www.usatoday.com/tech/news/techpolicy/2003-09-24-calif-spam-law_x.htm - - - - - - - - - - Putting a Stop to Database Piracy The latest battle in the war against database piracy took place on Capitol Hill on Tuesday, as the Coalition Against Database Piracy testified before a joint House Judiciary and Energy and Commerce Subcommittee hearing on draft legislation to protect against database thievery. The legislation, named the Database and Collections of Information Misappropriation Act, is a narrowly scripted version of similar legislation that has kicked around for some seven years. A past incarnation was dubbed the Database Protection Act. http://www.eweek.com/article2/0,4149,1278233,00.asp - - - - - - - - - - FTC settles with VeriSign over domain transfers In a settlement with U.S. regulators, VeriSign Inc. has agreed to abstain from marketing practices that allegedly tricked consumers into transferring domain names to its Network Solutions business. In the settlement with the U.S. Federal Trade Commission, VeriSign also agreed to allow the FTC to monitor its compliance with the settlement and recommitted to providing refunds or free service to customers who responded to an allegedly deceptive marketing mailing from Network Solutions, according to court documents published by the FTC today. http://computerworld.com/developmenttopics/websitemgmt/story/0,10801,85305,00.html Domain name marketing mailing under fire http://www.vnunet.com/News/1143835 - - - - - - - - - - Microsoft chatroom closure is 'irresponsible' A Microsoft rival has criticised MSN's 'moral' stance on chatroom closure, and said that greater investment could lead to a safer online environment. By appearing to take the "moral high ground" and closing its chat rooms in the UK, MSN is acting irresponsibly and endangering children rather than helping them, according to Lycos. http://news.zdnet.co.uk/0,39020330,39116641,00.htm http://www.msnbc.com/news/970970.asp? http://www.cnn.com/2003/TECH/internet/09/24/microsoft.chat/index.html http://www.vnunet.com/News/1143837 http://www.theregister.co.uk/content/6/33015.html http://www.theregister.co.uk/content/6/33014.html So why is MSN Israel keeping its chatrooms open? http://www.theregister.co.uk/content/6/33013.html - - - - - - - - - - Kids targeted in mobile phone theft lesson The UK Government has launched a nation-wide campaign to help kids steer clear of mobile phone crime. Youngsters between 11 and 14 will be able to get their hands on a CD-ROM called "Out of Your Hands?" which provides information on how to help stop them becoming victims of mobile phone crime. http://www.theregister.co.uk/content/59/32996.html - - - - - - - - - - EBay thief reveals tricks of the trade He contacted me to brag, this e-mailer named Kenneth. Said he had seen a story Id done called True confessions of an eBay criminal, about a 15-year old who managed to steal a few thousand dollars online. And Kenneth was offended. Hes an insult to each and every one of us scam artists, Kenneth wrote. I could tell you stories. And so he did. Kenneth claims hes spent the past two years as one of eBays most notorious scammers. Heres how he does it. http://www.msnbc.com/news/957191.asp - - - - - - - - - - Pop-Up Scam Beats AOL Filter Advertisers aren't the only ones exploiting the Windows pop-up feature to broadcast messages to Internet users. Crooks have deployed the same technology to launch an identity-theft scheme aimed at America Online users on vulnerable Windows systems. In recent months, advertisers have broadcast a slew of messages to Internet users, many of the ads pitching software to block Windows Messenger spam. http://www.wired.com/news/technology/0,1282,60564,00.html - - - - - - - - - - Incessant hacking exposed Unprotected websites are attacked an average of 2,000 times a week, a new study has revealed. Security firm PanSec International and Internet service provider PSINet Europe set up two fake banking sites and monitored the number of times they were attacked over an eight-week period. One site was protected with a standard firewall the other was left unprotected. http://www.internet-magazine.com/news/view.asp?id=3722 - - - - - - - - - - Microsoft domination 'threatens US security' An industry group has issued a report warning that Microsoft's omnipresence creates a risk to US security. A computer industry group critical of Microsoft plans to release a report on Wednesday arguing that the software giant's dominance in key technologies threatens US infrastructure. http://news.zdnet.co.uk/business/0,39020645,39116632,00.htm http://www.gcn.com/vol1_no1/daily-updates/23664-1.html http://www.washingtonpost.com/wp-dyn/articles/A54872-2003Sep23.html http://www.newsfactor.com/perl/story/22362.html - - - - - - - - - - New Windows holes, dangerous music Ever visited a Web site that suddenly started playing music through your computer speakers? It may be annoying, but you can always turn down the volume. And it's harmless, right? Maybe not. Researchers at EEye Digital Security Inc. recently discovered two big holes in Windows' music playback technology. The flaws, which Microsoft rates as "critical," could allow a hacker's code to run amok on your PC by exploiting a contaminated music file. http://computerworld.com/securitytopics/security/story/0,10801,85291,00.html - - - - - - - - - - OpenSSH patches second specialised flaw The open-source project for secure communications has released a patch for a security hole that affects only some installations varying from its default configuration. The open-source project for secure communications technology, known as OpenSSH, plugged a second security hole on Tuesday that affects only users who have turned off a critical security feature. http://news.zdnet.co.uk/software/linuxunix/0,39020390,39116635,00.htm - - - - - - - - - - Sophos buys ActiveState Sophos today announced the acquisition of anti-spam developer ActiveState in a $23 million all-cash deal. The British antivirus firm says the deal will allow it to diversify its product portfolio to offer "consolidated protection against security threats such as viruses, spam and policy breaches". The deal is part of a more generalised push by major AV firms to seize control of the nascent, but already crowded, anti-spam market. http://www.theregister.co.uk/content/39/33003.html - - - - - - - - - - Security with a human face The role of HR in helping to secure a business should not be underestimated. Each week vnunet.com asks a different expert to give their views on recent virus and security issues, with advice, warnings and information on the latest threats. This week Clifford May, principal consultant with Integralis, considers the importance to business security of the 'human firewall', the HR department. http://www.vnunet.com/News/1143827 - - - - - - - - - - Intrusion Detection Terminology (Part Two) The first part of this series discussed the concept of Alerts, Consoles, False Negatives, and many other terms that are important for Intrusion Detection Systems (IDS). This second and final terminology article will continue in the same vein, starting with an explanation of the many different types of IDSs that exist today. http://www.securityfocus.com/infocus/1733 Intrusion Detection Terminology (Part One) http://www.securityfocus.com/infocus/1728 - - - - - - - - - - Cameras Watching Students, Especially in Biloxi A digital camera hangs over every classroom here, silently recording students' and teachers' every move. The surveillance system is at the leading edge of a trend to outfit public schools with the same cameras used in Wal-Marts to catch thieves. Fearful of violence, particularly in light of the nation's experience with schoolhouse shootings, educators across the country are rushing to install ceiling-mounted cameras in hallways, libraries and cafeterias. But no other district has gone as far as this Gulf Coast community, which, flush with casino revenue, has hung the cameras not only in corridors and other common areas but also in all of its 500 classrooms. (NY Times article, free registration required) http://www.nytimes.com/2003/09/24/education/24VIDE.html?th - - - - - - - - - - Radio tags give guidance University of Rochester researchers have found a new use for the radio frequency identification tags that manufacturers are aiming to use to track products like cartons of milk and sweaters. These radio ID tags contain small radio transponders that broadcast unique identification numbers. Radio receivers can monitor the tags to track inventories in real time. The cheap tags make tracking from the factory to the consumer cost-effective; they have also become a source of concern because they could be used to record individuals' movements and purchasing habits. http://www.trnmag.com/Stories/2003/092403/Radio_tags_give_guidance_092403.html - - - - - - - - - - States Join in Building Terror Database While privacy worries are frustrating the Pentagon's plans for a far-reaching database to combat terrorism, a similar project is quietly taking shape with the participation of more than a dozen states -- and $12 million in federal funds. (NY Times article, free registration required) http://www.nytimes.com/aponline/technology/AP-Terror-Database.html - - - - - - - - - - A back door to Poindexter's Orwellian dream The perverse dream of integrating law enforcement, military intelligence and vast databases of virtually everything done by virtually every citizen is coming to fruition, only under state, not federal, auspices. http://www.theregister.co.uk/content/55/33006.html *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.