NewsBits for May 17, 2004 ************************************************************ Cisco investigates source code leak An unspecified amount of the proprietary source code that drives Cisco Systems' networking hardware has appeared on the Internet, the technology giant acknowledged early Monday. A representative could not confirm, however, that network intruders made off with 800MB of code, as reported by a Russian security group over the weekend. "Cisco is aware that a potential compromise of its proprietary information occurred and was reported on a public Web site just prior to the weekend," said Jim Brady, a spokesman for the company. http://zdnet.com.com/2100-1105_2-5213724.html http://zdnet.com.com/2100-1105_2-5214362.html http://msnbc.msn.com/id/4998837/ http://www.vnunet.com/News/1155228 http://www.newsfactor.com/story.xhtml?story_title=Cisco-Pursues-Investigation-of-Code-Theft&story_id=24084 http://www.theregister.co.uk/2004/05/17/cisco_code_leak/ http://computerworld.com/securitytopics/security/story/0,10801,93215,00.html - - - - - - - - - - Arrest of Japanese file-sharing developer is a threat A lawyer for a Japanese professor detained on copyright violations for his file-sharing technology called the arrest ``extremely dangerous'' Monday, saying the move threatened the freedom of software creators. Isamu Kaneko, a 33-year-old assistant professor at the prestigious University of Tokyo, was arrested May 10 on copyright-related charges for developing and offering the popular Winny software, which lets people swap movies and video games over the Internet. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/8687322.htm - - - - - - - - - - Judge replies after porn acquittal An Irish judge acquitted of having child pornography after the case against him collapsed is said to have given his version of events to the government. Judge Brian Curtin was asked by the Irish Government 10 days ago to explain his conduct after he was acquitted of having child pornography on his computer last month. He was found not guilty after it was revealed in court that the search warrant used by police had expired. http://news.bbc.co.uk/2/hi/uk_news/northern_ireland/3716995.stm - - - - - - - - - - Overseas porn investigation leads to Wyoming County A Wyoming County man whose arrest grew out of a child pornography investigation in Croatia is facing at least five years in prison for distribution of sexually explicit images of children. Grant Arthur Lasuer, 61, of RD 2, Box 363, Mehoopany, pleaded guilty Thursday before U.S. District Senior Judge Edwin Kosik to one count each of distribution of child pornography and possession of a firearm by a felon. According to FBI documents filed in the case, Croatian authorities alerted U.S. investigators last year that a man arrested for child pornography there had transmitted photos to e-mail addresses in the United States. http://www.zwire.com/site/news.cfm?newsid=11657032&BRD=2185&PAG=461&dept_id=4160\46&rfi=6 - - - - - - - - - - White power website shut Edmonton police have shut down the Internet site of a white power group which advertised last month it planned to expand into Manitoba. According to media reports in Alberta, officers confiscated computer hard drives, Nazi flags and jewelry -- as well as books promoting white domination -- from a home in a suburb of Edmonton on May 7. http://www.canoe.ca/NewsStand/WinnipegSun/News/2004/05/16/461984.html - - - - - - - - - - Sasser suspect fanclub launches appeal The German teenager fingered as the author of the Sasser and NetSky worms may not be popular among IT professionals, but fans of the accused miscreant have already sprung to his defense and, apparently, opened their wallets. On Wednesday an anonymous post to the Full Disclosure security mailing list announced a new website dedicated to raising money for 18-year- old Sven Jaschan. http://www.theregister.co.uk/2004/05/17/sasser_suspect_appeal/ Bringing Worm Writers to Justice Is No Easy Task http://computerworld.com/securitytopics/security/story/0,10801,93188,00.html - - - - - - - - - - Softbank customers sue over data leak Japanese outfit Softbank Corp faces being sued after confidential information regarding 4.6m of its punters leaked out in March, according to the Mainichi Daily News. Softbank - which together with Yahoo! operates broadband outfit "Yahoo! BB" in Japan - was the victim of a massive scam to extort billions of Yen from the company. http://www.theregister.co.uk/2004/05/17/yahoo_softbank/ - - - - - - - - - - Crime rings exploit Internet job sites Online job sites like Monster.com, CareerBuilder and HotJobs have given employers a better way to find workers, but it turns out that crime rings are targeting the sites, too. In a recent scam, for example, credit card thieves found unwitting money launderers through Monster.com, then left their "employees" on the hook for thousands of dollars in debts and possible criminal liability when the fraud was discovered. http://www.iht.com/articles/520225.html - - - - - - - - - - AOL: One billion viruses blocked America Online says it's blocked more than one virus-infected emails since launching a screening programme in April 2003. The Internet service provider, a subsidiary of Time Warner, says it protected each of the company's subscribers from an average of 30 virus attacks. http://news.zdnet.co.uk/internet/security/0,39020375,39154918,00.htm - - - - - - - - - - Survey: Web users ignore illegal content Surfers don't report illegal material when they come across it on the Net, which may leave ISPs in a difficult position. Internet users aren't up to much when it comes to reporting dodgy content on the Web, research has revealed -- surfers are failing to let the authorities know when they come across content that breaks the law. http://news.zdnet.co.uk/internet/0,39020369,39155002,00.htm - - - - - - - - - - Mac OS X hit with another serious security issue When it rains, it pours. Yet another "highly critical" hole has been found in Apple's Mac OS X operating system, which will allow remote system access by getting someone to visit a malicious website. Lixlpixel has reported a vulnerability dealing with how basic Internet elements are addressed in the OS' help facility that allow arbitrary local scripts to be executed on a user's machine. It is also possible to place files in a known location on a system by asking users to download a ".dmg" disk image file. http://www.techworld.com/security/news/index.cfm?newsid=1574 - - - - - - - - - - Windows XP SP2 poses firewall management test Business users could face complex management challenges to get the most out of the Windows XP Service Pack 2 update due for release in July. XP SP2 will, by default, switch on the Windows firewall, and Microsoft is recommending that users configure the Windows Firewall and use Active Directory to manage configurations of the firewall across large numbers of desktop PCs. http://www.computerweekly.com/articles/article.asp?liArticleID=130597&liArticleTypeID=1&liCategoryID=6&liChannelID=22&liFlavourID=1&sSearch=&nPage=1 Microsoft cracks pirates on Service Pack 2 http://www.vnunet.com/News/1155202 http://www.vnunet.com/News/1155215 - - - - - - - - - - Ex-cybersecurity czar blasts Bush's efforts Richard Clarke became a national celebrity in recent months for his criticisms of the Bush administration's handling of the 2001 terrorist attacks. Now the former White House official is extending that criticism to the administration's handling of cybersecurity. http://www.govexec.com/dailyfed/0504/051704tdpm1.htm - - - - - - - - - - South Korea's cat-and-mouse with piracy Koreans with pirated software have resorted to an old-fashioned method for skirting Microsoft and the authorities. They scram. Recently in a city near Seoul called Incheon, police investigators who were empowered to audit software on PCs snuck in through an office building's back exit, according to a source who worked for an Internet service provider inside the facility at the time. A receptionist immediately began to call all the businesses in the building. http://zdnet.com.com/2100-1104-5213786.html New way to combat online piracy http://news.com.com/2100-1027_3-5214174.html Ukraine fighting "pirates" http://www.crime-research.org/news/17.05.2004/269 - - - - - - - - - - NIST doing crypto key exchanges at the speed of light The National Institute of Standards and Technology is pushing the speed limit on cryptographic key exchanges on its new quantum communications test bed. The May 3 issue of Optics Express, the online journal of the Optical Society of America, described a demonstration of NISTs quantum key distribution system that delivered usable bits in the form of individual photons at the rate of 1Mbps. http://www.gcn.com/vol1_no1/daily-updates/25948-1.html EU seeks quantum cryptography response to Echelon http://computerworld.com/securitytopics/security/story/0,10801,93220,00.html - - - - - - - - - - Symantec takes bite off virus-ID spam Symantec has shown the way for other antivirus firms to finally end the proliferation of false virus notifications, which wrongly identify the source of an e-mail-borne virus and add to the general deluge swamping users' inboxes. http://zdnet.com.com/2100-1105_2-5213781.html - - - - - - - - - - U.S. passports to get ID chips In the near future, Americans returning from abroad will have their faces scanned by cameras at ports of entry, then compared by computer to digitized photos encoded on high-tech chips in their passports for verification. The goal is to prevent known terrorists from entering the country and to make the use of stolen passports virtually impossible. Because such biometric identification incorporates a person's unique physical characteristics, including fingerprint swirls or iris patterns, it is considered the best method yet invented of authenticating someone's identity. (Chicago Times article, free registration required) http://www.chicagotribune.com/technology/chi-0405150196may15,1,6776428.story - - - - - - - - - - Data Scant for Watchlist Usage Border-control officials, highway patrol officers and airline screeners all now have access to a centralized terrorist watchlist of 120,000 names. But the public knows little about how the list is compiled and used, or how individuals can remove their names if they're wrongfully targeted. The database, known as the Terrorist Screening Center, or TSC, is fed by foreign intelligence compiled by the CIA-run Terrorist Threat Information Center and by domestic intelligence from the FBI. http://www.wired.com/news/privacy/0,1848,63478,00.html - - - - - - - - - - Spy vs. Spy Like many small companies, J.B. Racing of Taveres, Fla., depends heavily on its local- area computer network to manage its operations. Earlier this year Dennis King, head of sales and marketing and de facto IT chief for the seven-employee maker of custom auto-racing components, noticed a disturbing problem: Speeds on the company network were dropping. http://www.fortune.com/fortune/smallbusiness/technology/articles/0,15114,614397,00.html - - - - - - - - - - Getting Naked for Big Brother Americans are willing to "get naked" for their government if they feel it will make them more secure. That's the conclusion Jeffrey Rosen reached in his new book The Naked Crowd, which explores the willingness of Americans to abandon privacy for perceived security. The book takes its title from the name Rosen gives a high-tech X-ray machine tested in airports after 9/11. http://www.wired.com/news/privacy/0,1848,63450,00.html - - - - - - - - - - Busted The arrest of Sasser's author proves bounties work to catch cyber vandals. Now, if the security industry would just stop egging them on ... When Microsoft first announced its "bounty" program late last year, many security experts condemned the initiative as a mere publicity stunt: a marketing tactic designed to distract gullible users from the "real issue" with Microsoft products. http://www.securityfocus.com/columnists/242 - - - - - - - - - - Stop skirting network security Network security has become the thing that keeps executives up at night. With each new security epidemic, such as the recent Sasser worm, the debate over the effectiveness of current security technologies and practices are called into serious question. Even though security is one of the biggest concerns for almost every organization the world over, the number of attacks increases year over year, with each one more devastating than the last. http://news.com.com/2010-7355_3-5213260.html?part=rss&tag=feed&subj=news Enterprises plagued by flawed data http://www.vnunet.com/News/1155223 - - - - - - - - - - TCP/IP Skills Required for Security Analysts Breaking into the network security industry, and finding a job as a computer security analyst can often be a daunting task. A great deal of us who work in the industry started down this path with nothing but an interest in computer security to begin with, and a desire to work in a field that we love. The question of how does one seek employment in this job sector, and more importantly what skills does one really need to have is a question I have been asked many, many times. http://www.securityfocus.com/infocus/1779 *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.