NewsBits for May 4, 2004 ************************************************************ Worm Brings Down PC's and Networks A new computer worm infected hundreds of thousands of computers over the weekend and yesterday, disrupting corporate networks and causing headaches for home PC users. The latest form of electronic vandalism, the Sasser worm, was unleashed late Friday, spreading first in Asia and Europe before hitting the United States.,1,4720828.story,1377,63325,00.html Patch now or suffer Sasser We've seen worse than Sasser - MS Sasser worm gets to work (Series of stories) Sasser worm creates havoc Netsky writers claim credit for Sasser worm,39020375,39153376,00.htm Sasser variants pose greater danger,39020375,39153379,00.htm Sasser infections hit Amex, others,10801,92892,00.html Viruses can be tamed - by upgrading user's brains,39020375,39153395,00.htm - - - - - - - - - - White House officials call for renewal of anti-terrorism law Bush administration officials on Tuesday pushed for renewal of the 2001 anti-terrorism law known as the USA PATRIOT Act and criticized the "misinformation" that has proliferated regarding its provisions. - - - - - - - - - - Illinois official wants tougher laws for wireless spying Illinois needs tougher laws against high-tech peeping Toms who use new technology to evade punishment, the state attorney general said. Current law on taking photos or video without a subject's consent requires proof that images were recorded. The law fails to address new technology like hidden wireless cameras and cell phones that enable people to watch live images often over the Internet without recording them, Illinois Attorney General Lisa Madigan said. - - - - - - - - - - Security funds dry up On May 3, federal civilian agencies were put on notice that they could have a harder time next year finding money for certifying their computer systems' security. Rep. Tom Davis (R-Va.) said the final federal budget for 2005 would probably offer slight increases for security spending for the Defense and Homeland Security departments. But civilian agencies most likely would have less money available for security improvements because of pay parity increases approved by Congress. - - - - - - - - - - House question Ridge on IT security Members of the House Select Committee on Homeland Security want more specifics on the administration's cybersecurity plans. Last week, four members sent a bipartisan letter to Homeland Security Department Secretary Tom Ridge asking what the agency was doing to carry out the President's National Strategy to Secure Cyber Space. Guidelines proposed for securing geospatial data - - - - - - - - - - Australian government: Proprietary software not a security risk The Australian federal government has rejected warnings from an open source lobby group that closed source proprietary software presents a serious risk to Australia's national security and ought to be chucked out in favor of more transparent software. - - - - - - - - - - Mac OS X riddled with security holes Apple has released a range of patches for security holes - both old and new - for its Mac OS X operating system, which it advises users to download immediately. The company is downplaying the issue but one security company at least is concerned that the vulnerabilities could be extremely serious. Secunia has given the five - yes, five - patches a "highly critical" rating and warned that they may allow hijacking, security bypass, data manipulation, privilege escalation, denial of service and system access. Linux has its own security holes - - - - - - - - - - Survey exposes holes in antispam armor Survey: Many firms deem spam defenses inadequate One in every three companies that have an antispam tool in place has not updated the software since installation, according to a survey released Tuesday. The study, conducted by antispam-software maker Clearswift and privacy group TRUSTe, found that more than 72 percent of organizations surveyed had some spam defense in place. But 55 percent of them felt those defenses were inadequate. - - - - - - - - - - Poor evidence taking lets off hackers Few companies have the proper audit trails in place to get convictions against hackers, according to security firm NTA Monitor. The company claims that its research shows firms failing to maintain log files adequately - and in some cases not bothering to switch the logs on at all. - - - - - - - - - - Does Gmail breach wiretap laws? Three nonprofit groups alleged this week that Google's forthcoming Gmail service violates California wiretapping laws--but lawyers who specialize in privacy law were skeptical of the claim. In a letter sent to California Attorney General Bill Lockyer on Monday, the Electronic Privacy Information Center argued that Gmail must be shut down because it "represents an unprecedented invasion into the sanctity of private communications." - - - - - - - - - - Microsoft signs security pact with Germany Microsoft signed a security-related agreement Monday with the federal government of Germany, where the software giant has seen numerous challenges involving open-source products. The agreement, signed by Microsoft CEO Steve Ballmer and Interior Minister Otto Schily, commits Microsoft to working with several security- related bodies and supporting a German standard for secure legal transactions. - - - - - - - - - - Pornographers to ring up more profit Amsterdam, home of one of Europe's most renowned red-light districts, is not a surprising location to exhibit X-rated products for sale. But there were some strange bedfellows at a conference there last month: executives from some of the world's largest and most respected mobile phone companies mingling with sex-shop owners, publishers of pornography and producers of hard-core videos. - - - - - - - - - - RSA teams with Oracle on security Online-security company RSA Security on Tuesday joined hands with Oracle to enhance the user-access protections in Oracle's business application server software. RSA's ClearTrust software will support Oracle Identity Management, a key component of Oracle Application Server 10 that allows for "single sign-on," letting workers enter one username and password to gain access to several applications. The RSA deal will let companies use the same authorization for Oracle applications and for applications protected by ClearTrust. - - - - - - - - - - We are all security customers National security is a hot political topic right now, as both presidential candidates are asking us to decide which one of them is better fit to secure the country. Many large and expensive government programs--the CAPPS II airline profiling system, the US-VISIT program that fingerprints foreigners entering our country, and the various data-mining programs in research and development --take as a given the need for more security. - - - - - - - - - - New security technology will get test at Maryland rail station Amtrak and commuter rail passengers at a station near Washington will have to walk through an explosives detection machine and have their bags screened in a new security experiment designed to frustrate terrorists. Asa Hutchinson, U.S. undersecretary for border and transportation security, was the first to walk Tuesday through the ``puffer'' machine, which blows small puffs of air onto a passenger to detect residue from explosives. Passenger screening was to begin later in the afternoon. *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2004,, Campbell, CA.