NewsBits for May 13, 2004 ************************************************************ New Worm Exploits Sasser Flaw A new Internet worm is spreading by exploiting a flaw in the Sasser worm, according to an alert issued this week. The new worm is tentatively named Dabber. It takes advantage of a vulnerability in an FTP server component in the Sasser worm and may have infected thousands of computers infected with Sasser. Dabber is believed to be the first worm that spreads specifically by targeting a flaw in another worm's code, according to an advisory published by LURHQ, a Chicago-managed security services company.,aid,116133,00.asp Bugwatch: Worm wars Wallon worm uses Yahoo, MS to spread Worm feeds on Sasser-infected computers Security dominates XP Service Pack 2 - - - - - - - - - German police raid five homes in Sasser case German police have widened the hunt for the vandals responsible for the distribution of the infamous Sasser and NetSky worms by raiding the homes of five new suspects. All are close to the home of Sven Jaschan, the prime suspect. Last Friday, 18-year-old Jaschan was arrested in the village of Waffensen near Rotenburg, in northern Germany, in connection with writing and distributing the Sasser worm. He later confessed to police that he was both the author of Sasser and the original author of the NetSky worm. - - - - - - - - - - 'Net sleuth' tells court of hunt that snared Guardsman A Montana city judge who doubles as an Internet sleuth helped catch a National Guard member accused of trying to help al-Qaeda, according to testimony given Wednesday at a military hearing for the guardsman. Judge Shannen Rossmiller of Conrad, Mont., testified she was monitoring the Web for signs of extremist or terrorist activity last October when she came across a posting on a Muslim- oriented site by an "Amir Abdul Rashid." Through a string of Internet searches, she said, she linked the name and e-mail address to Spc. Ryan G. Anderson, a Muslim convert and Fort Lewis-based National Guardsman now charged with five counts of trying to provide the terrorist network with information about U.S. troop strength and tactics as well as methods for killing American soldiers. - - - - - - - - - - Con artists seize on new drug discount plan As if sorting through the 70 or so new Medicare- approved prescription drug discount programs wasn't confusing enough, senior citizens now have something else to worry about: con artists taking advantage of the mess. Scattered reports from around the United States indicate criminals are using this month's launch of the discount program to sell bogus cards or commit identity theft. - - - - - - - - - - Wallon worm uses Yahoo, IE flaw to spread Antivirus software companies issued warnings and software updates yesterday and Tuesday for a new worm, Wallon, that uses deceptive Web links to to trick users into downloading malicious programs. Wallon first appeared Friday and spreads in e-mail messages. However, antivirus companies reported increased instances of the worm on Tuesday and said users could be tricked by its e-mail messages, which don't contain virus-infected file attachments.,10801,93130,00.html - - - - - - - - - - 'Survivor' site contains malicious code Code embedded in a site likely to be surfed by fans of the 'Survivor' TV show takes advantage of known software flaws. A Web site likely to attract fans of the CBS-owned television series Survivor could contain a nasty surprise for its visitors. The site, owned by a party that has licensed the word "survivor" in a top-level US domain -- not linked to the television network -- today contained a smorgasbord of malicious code embedded in HTML scripts.,39020375,39154541,00.htm - - - - - - - - - - Security holes uncovered in Symantec, Norton products Almost the entire range of Symantec Corp. security software, from Norton Internet Security through to the Symantec Firewall, requires urgent updates, the company has warned, after four critical vulnerabilities were found by security company eEye Digital Security Inc. One of the holes remains open even with all ports filtered and intrusion rules set thanks to a separate design flaw, eEye has warned. This makes it an almost certain target for worm writers, one of which -- if history is any indication -- may be put out on the Internet within 24 hours.,10801,93120,00.htmls - - - - - - - - - - States Speed up Spyware Race State lawmakers' eagerness to crack down on Internet "spyware" could force the federal government to move sooner than expected to pass its own law, despite misgivings in the Bush administration and among technology executives. Only one state -- Utah -- has an anti-spyware law, but New York and California both are considering proposals. If enough states pass similar laws, businesses say the resulting "patchwork" of conflicting statutes would be almost impossible to obey, adding further pressure on Congress to act. Search engines delete adware company Microsoft to Battle Spyware,1282,63440,00.html - - - - - - - - - - US to ban up-skirt voyeur photos The US moved closer today to banning so-called "up-skirt" photography, under the proposed Video Voyeurism Prevention Act. The bill specifically bans deliberately taking pictures of an unconsenting "individual's naked or undergarment clad genitals, pubic area, buttocks, or female breast...under circumstances in which that individual has a reasonable expectation of privacy regarding such body part or parts". - - - - - - - - - - Groups petition Congress for legal copying of DVDs Consumer advocates asked Congress on Wednesday to amend a landmark 1998 copyright law to permit film buffs to make personal copies of DVD movies and other digital content for limited purposes. Hollywood studios and the music industry said that would lead to more piracy and lost sales. Sponsors described the proposal as a consumers' rights bill for digital media that would allow consumers to bypass encryption locks built into DVD movies by Hollywood to prevent copying. Such encryption schemes are increasingly common in music and movies. - - - - - - - - - - SpamCop gets gagging order lifted A temporary restraining order against SpamCop which stops it from forwarding complaints to ISPs against bulk mailer OptInRealBig was lifted on Tuesday. Judge Saundra Brown Armstrong of the US District Court for the Northern District of California lifted an order she had imposed only the day before on the anti-spam service. - - - - - - - - - - ACLU Was Forced to Revise Release on Patriot Act Suit When a federal judge ruled two weeks ago that the American Civil Liberties Union could finally reveal the existence of a lawsuit challenging the USA Patriot Act, the group issued a news release. But the next day, according to new documents released yesterday, the ACLU was forced to remove two paragraphs from the release posted on its Web site, after the Justice Department complained that the group had violated court secrecy rules. - - - - - - - - - - Ukraine: new bill to regulate unauthorized access to information Ukrainian Parliament accepted a law on fines for unauthorized access to computer information related to restricted or being owned by the state. 235 people's deputies voted for this amendment in national legislation. The law envisages introduction of fines for violating of order of storing restricted information, acquisition or use of devices designed to obtain restricted information, and also for unauthorized intrusion into computer systems with the purpose to obtain such information. - - - - - - - - - - E-voting debate heats up The battle over electronic voting systems took an unexpected turn this week when election officials in San Bernardino County, Calif., announced plans to defy a state-imposed ban on the systems in the upcoming November presidential election. In a statement Tuesday, county officials said they plan to use touch-screen voting systems developed by Oakland, Calif.-based Sequoia Voting Systems, a subsidiary of De La Rue PLC. The decision is in direct defiance of an April 30 directive by the California Secretary of State that stripped the systems of their certification in 10 counties, pending security improvements.,10801,93131,00.html Losing companies contest voting project in S.C. - - - - - - - - - - A third of UK corporates open to hackers A third of UK companies and public sector organisations are 'wide open' to hackers because they are ignoring basic security flaws, industry experts have warned. According to security firm NTA Monitor, UK businesses are drowning under a rising tide of medium and low-level security vulnerabilities as they fight to deal with high- risk security flaws. - - - - - - - - - - Pirates pillage China's online game industry Software pirates are gouging China's red-hot online games industry, offering identical games for free and undermining planned Nasdaq listings by companies long thought immune to copyright abuse. A visit to any Internet cafe in Beijing, the strictest city in the country, reveals groups of glassy-eyed gamers hunched over computers fighting fantasy enemies, mostly without paying for the privilege. - - - - - - - - - - Vietnam to monitor its Internet users Web surfers in Vietnam must abide by a number of new policies and restrictions, which come following a crackdown on cyber dissidents who used the Internet to speak out against the communist government, state- controlled media reported. Many of the new requirements which went into effect in March and were publicized this week by Vietnamese media involve Internet cafes where many Vietnamese access the Web. Personal identification information must now be presented before logging on and will be stored for 30 days on computer servers, and all Internet activity will be tracked, according to the An Ninh The Gioi (World's Security) newspaper, the mouthpiece of the Ministry of Public Security. - - - - - - - - - - Child porn case highlights browser hijack risks Browser hijacking programs can redirect users to pornographic websites. But could these malicious programs also lead to false accusations of possession of child pornography? Malware such as CoolWebSearch (AKA CWS) can change browser start-up and search pages and generate pop-up pages - often punting illegal pornographic websites - on infected PCs. The program exploits IE vulnerabilities to slither onto unpatched PCs. - - - - - - - - - - New flaw takes WiFi off the air A newly-discovered vulnerability in the 802.11 wireless standard allows attackers to jam wireless networks within a radius of one kilometre using off-the-shelf equipment. Affecting various hardware implementations of the IEEE 802.11 wireless networking standard -- including widely used 802.11b devices -- the flaw was found in the collision avoidance routines used to prevent multiple devices from transmitting at the same moment.,39020348,39154656,00.htm - - - - - - - - - - 'Whispering keyboards' could be next attack trend Listen to this: Eavesdroppers can decipher what is typed by simply listening to the sound of a keystroke, according to a scientist at this week's IEEE Symposium of Security and Privacy in Oakland, Calif. Each key on computer keyboards, telephones and even ATM machines makes a unique sound as each key is depressed and released, according to a paper entitled "Keyboard Acoustic Emanations" presented Monday by IBM research scientist Dmitri Asonov.,289142,sid14_gci963348,00.html - - - - - - - - - - Why Are Virus Writers So Tough To Catch? The fight to rout Sasser and its ilk is fraught with ethical ambiguities. "Out of the 75,000 viruses that are written each year, all but 1,000 never infect anybody. So is it a crime to just write a virus?" asked David Perry of Trend Micro. "We are an open society. Do we give up all those [liberties] that make us Americans?" - - - - - - - - - - Secure by Default I'm not here to talk about some groundbreaking security technology or ideology that's going to change our lives -- if I had the solution to all of the security problems that have been plaguing the Internet lately, I'd be busy working on it. Instead, I'm here to talk about what I think is a basic and fundamental rule of good security practice: the OpenBSD concept of shipping an operating system "Secure by Default". - - - - - - - - - - Student uncovers US military secrets An Irish graduate student has uncovered words blacked-out of declassified US military documents using nothing more than a dictionary and text analysis software. Claire Whelan, a computer science student at Dublin City University was given the problems by her PhD supervisor as a diversion. David Naccache, a cryptographer with Gemplus, challenged her to discover the words missing from two documents: one was a memo to George Bush, and another concerned military modifications to civilian helicopters. - - - - - - - - - - FBI anti-terror network scares experts The FBI's Trilogy project - a plan to replace the Bureau's existing local and wide area networks - has been slammed by technology experts from the National Research Council. The NRC said the $600m project was "not on a path to success" and failed to adequately support the FBI's focus on terrorism since 9/11. The report calls on the bureau to build anti-terrorism systems from scratch. Congressmen want DHS to speed up anti-terrorism technology program - - - - - - - - - - Privacy jam on California highway The pictures show a driver peering angrily out his window at the photographer. In one, his middle finger is raised at the camera. In the last, his license plate is captured on digital film as he drives away. These are the kinds of photos that until a few weeks ago made up the front page of a Web site called, where a pair of frustrated San Jose, Calif., commuters posted photos of single drivers who they spotted using the carpool lanes. As highway vigilantism goes, it was mild. There were no legal repercussions for the drivers caught on film, and the state highway patrol, while aware of the site *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2004,, Campbell, CA.