NewsBits for May 20, 2004 ************************************************************ 'Deceptive duo' hacker pleads guilty A Florida man pleaded guilty in federal court in Washington D.C. on Wednesday to charges stemming from his role as one half of the high-profile hacking team "The Deceptive Duo", responsible for obtaining sensitive information from government systems, and defacing dozens of governmental and private websites with patriotically-themed messages exhorting the U.S. to shore up cyber defenses. http://www.theregister.co.uk/2004/05/20/hacker_guilty_plea/ http://www.securityfocus.com/news/8717 - - - - - - - - - - Canadian online banking users fall victim to Trojan A Trojan horse may be responsible for an online banking scam that has cost at least two Winnipeg customers thousands of dollars. The Winnipeg Police Service this week is investigating two cases where money was transferred unknowingly from bank accounts. One family charges that $1,798 US has been taken from their account and a retired teacher in April reported $1,45 US removed from his account without his knowledge. The department also has information pertaining to five other individuals who lost money with the same scam. http://computerworld.com/securitytopics/security/story/0,10801,93281,00.html - - - - - - - - - - Jail terms for tourists buying pirate CDs in Greece? Holidaymakers in Greece could face a spell in jail if they're caught buying pirate CDs, the BBC reports. The International Federation of the Phonographic Industries (IFPI) has warned that it will be pushing for prosecution of buyers of pirate CDs, and stressed: "This is not a symbolic measure." http://www.theregister.co.uk/2004/05/20/ifpi_greece_warning/ Italy approves 'jail for P2P users' law http://www.theregister.co.uk/2004/05/20/italy_p2p_law/ New ban for DVD copying software http://zdnet.com.com/2110-1104_2-5217292.html - - - - - - - - - - Virus help fund gets closed down Supporters of the man who wrote the Sasser web worm have been forced to stop raising funds for him. The effort ended when the organisers of the fund raisers found it difficult to contact Sasser author Sven Jaschan to hand over the cash. Mr Jaschan was arrested in early May by German police following a tip-off. http://news.bbc.co.uk/1/hi/technology/3732697.stm - - - - - - - - - - Mac Hole Has Users, Hackers Abuzz For the latest developments in this story, including links to a free protection utility, see Leander Kahney's Cult of Mac Blog. Malicious script kiddies are reportedly rushing to exploit the first serious security hole discovered in Apple Computer's Mac OS X. First discovered in February by a German Web designer, but not reported publicly until Tuesday, a vulnerability in OS X opens systems to potential hijackings when users simply visit a website. http://www.wired.com/news/mac/0,2125,63528,00.html - - - - - - - - - - Outlook flaw hinders secure remote access Microsoft is preparing a patch for its Outlook email software to enable it to work with passwords and encryption while sending mail. Firms testing email security options should contact Microsoft for the update if they find Outlook fails to authenticate against their mail system. http://www.vnunet.com/News/1155304 - - - - - - - - - - Democrats push for privacy officers Democrats took a first step on Thursday toward requiring that all federal agencies have chief privacy officers in the future. Democratic members of the U.S. House of Representatives' homeland security panel introduced a bill called the Shield Privacy Act that would order presidentially appointed chief privacy officers to ensure that new technologies "sustain, and do not erode, privacy protections relating to the use, collection and disclosure of personally identifiable information." http://zdnet.com.com/2110-1105_2-5217285.html http://www.fcw.com/fcw/articles/2004/0517/web-privacy-05-20-04.asp http://www.govexec.com/dailyfed/0504/052004c1.htm Serious about privacy http://www.gcn.com/23_11/news/25917-1.html - - - - - - - - - - Business calls on tech companies to secure cyberspace The Business Roundtable (BRT), an association of CEOs of leading corporations, is calling on software companies and users to join together to secure cyberspace. The BRT released seven core principles that were calling our Securing Cyberspace: Business Roundtable's Framework for the Future, said Marian Hopkins, director of public policy at the Washington-based BRT. The objective of the principles is to lay out a balanced approach to attempt to deal with the cybersecurity issue. http://computerworld.com/securitytopics/security/story/0,10801,93277,00.html http://www.wired.com/news/business/0,1367,63526,00.html - - - - - - - - - - Expert: U.S. at risk of cyberterrorism Cyberterrorism expert Andy Cutts of Dartmouth's Institute for Security Technology Studies addressed the Dickey Center's War and Peace discussion panel Friday, briefing the group on Operation Livewire, a recent nationwide cyberterror simulation that tested America's preparedness in the event of a major cyber attack. Cutts spoke specifically about the possibility of a sustained, campaign- level attack on the United States' computing networks, such as banking, law enforcement, energy and emergency response networks, by an unknown adversary. Because of the anonymous nature of cyberterrorism, he said, such an attack could come from virtually any source, including an enemy state or a small terrorist group. http://www.thedartmouth.com/article.php?aid=2004041901010k/ - - - - - - - - - - Study: ID theft usually an inside job A soon-to-be-released study reveals what some identity theft experts have hinted at for years -- the crime is largely the work of insiders. In a study of more then 1,000 identity theft arrests in the United States, Michigan State professor Judith Collins has discovered that perhaps as much as 70 percent of all identity theft starts with theft of personal data from a company by an employee. http://msnbc.msn.com/id/5015565/ Want to charge it? Talk to your credit card http://news.com.com/Want+to+charge+it%3F+Talk+to+your+credit+card/2100-1029_3-5216685.html - - - - - - - - - - Spam Adversaries to Meet, Debate Two bitter adversaries in the spam wars said Thursday they have agreed to meet face-to-face in a public debate next month. The debate will be held at the upcoming Email Technology Conference in San Francisco. It will feature Internet marketer Scott Richter, who has been accused of being one of the world's most prolific spammers, and SpamCop founder Julian Haight. The two sides are currently embroiled in a legal battle involving SpamCop's spam blacklist service, which Richter says violates the rights of his online marketing firm, OptInRealBig.com. http://www.wired.com/news/business/0,1367,63537,00.html - - - - - - - - - - Defense changes tack in issuing smart cards Despite having a strong supply chain, the Defense Department missed its deadline last month for issuing smart cards to 3.4 million service members, civilian employees and contract workers, so the department is tweaking demand. DOD plans to use the cards to govern physical and electronic access, and, after a grace period, users who dont have them will be denied access. http://www.gcn.com/23_11/dodcomputing/25915-1.html Tories join ID card opponents http://news.zdnet.co.uk/business/legal/0,39020651,39155267,00.htm When Irish eyes are sharing... http://www.fcw.com/fcw/articles/2004/0517/web-irish-05-18-04.asp - - - - - - - - - - Old Economy Fed Up With Cyber-Security In the 1976 movie "Network," a television anchorman famously implores his viewers to yell, "I'm mad as hell and I'm not going to take this anymore!" Yesterday, in more measured tones, a high-powered business lobby said just that about computer security on the network of all networks, the Internet. http://www.washingtonpost.com/wp-dyn/articles/A40411-2004May19.html Board members warned over security shortfalls http://management.silicon.com/itdirector/0,39024673,39120822,00.htm http://www.fcw.com/fcw/articles/2004/0517/web-round-05-20-04.asp - - - - - - - - - - Peter Cochrane's Uncommon Sense: The ever-evolving virus The fight against viruses, worms, Trojan horses and other digital pests may seem futile. But Peter Cochrane has a plan for eradicating the latest computer security threat. The computer virus is, it seems, as unstoppable as its biological forebears - and possesses the same appetite for evolution. http://comment.silicon.com/0,39024711,39120807,00.htm - - - - - - - - - - The defense-in-depth approach to malware Ever try to hammer a nail with a pair of pliers? You might succeed, but it will take much longer and be more difficult than it would if you used a hammer. Having the right tools makes any job easier, and when it comes to protecting workstations and servers from malware, the same rule applies. When you're securing computer systems against threats from hackers and malicious code, a defense-in-depth strategy is the best option. http://computerworld.com/securitytopics/security/story/0,10801,93274,00.html Malware Analysis for Administrators http://www.securityfocus.com/infocus/1780 - - - - - - - - - - Early database project yielded 120,000 suspects Scoring system cited for Matrix project spurs privacy worries. Before helping to launch the criminal information project known as Matrix, a database contractor gave U.S. and Florida authorities the names of 120,000 people who showed a statistical likelihood of being terrorists -- sparking some investigations and arrests. http://www.cnn.com/2004/LAW/05/20/terror.database.ap/index.html http://www.siliconvalley.com/mld/siliconvalley/news/editorial/8715327.htm Are You a Potential Terrorist? http://www.wired.com/news/conflict/0,2100,63535,00.html FBI lauds watch list effort but still lacks access http://www.govexec.com/dailyfed/0504/052004tdpm1.htm - - - - - - - - - - On the Internet, no one's sure you're a terrorist A terrorism expert testified Wednesday that Internet postings attributed to a terrorism defendant were published to recruit and encourage financial support for terrorists. But under cross-examination, the prosecution witness, Reuven Paz, acknowledged that he published some of the same information on his own Web site without being prosecuted, pointing out the difficulty in labeling people and activities as terrorist. http://www.usatoday.com/tech/news/techpolicy/2004-05-20-hussayen_x.htm *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.