NewsBits for May 25, 2004 ************************************************************ U.S Air Force Space Command Hacked Several computers of an army unit under the U.S Air Force Space Command (SPACECOM) were hacked by an individual in a third country via a Korean firms' computers in mid-February: Korean police and their U.S counterpart started a joint investigation as. The U.S. concluded that it was a serious case and hurriedly dispatched its investigators to Korea. The two countries began to find out a closely cooperative investigation system and have shared information to identify the hacker. - - - - - - - - - - Microsoft admit they were hacked Speaking exclusively to I.T. Vibe today, Microsoft admitted that a portion of their UK website was compromised by hackers and defaced. As can be seen from the screenshot below, the UK press site was replaced with text showing that the site was temporarily taken over by hackers calling themselves the "OutLaw Group". They also left a couple of books on the site, obviously as a dig at the site administrators, one on developing international software, and one on administrating - - - - - - - - - - Open season for phishing as attacks soar Phishing activity has been growing at the rate of 75 percent a month since December, according to the Anti-Phishing Working Group. The quantity and quality of phishing attacks grew at an alarming rate in April, according to the Anti-Phishing Working Group. Phishing is an Internet scam where official-looking emails attempt to fool users into disclosing online passwords, user names and other personal information. Victims are usually persuaded to click on a link in an email that directs them to a doctored version of an organisation's Web site.,39020375,39155697,00.htm The rising cost of protecting your identity - - - - - - - - - - Study: Online Crime Costs Rising Online criminals are attacking corporate and government networks more frequently, costing businesses an estimated $666 million in 2003, according to a survey of computer security executives released today. The survey was conducted by CSO [Chief Security Officer] magazine in cooperation with the U.S. Secret Service and the CERT cybersecurity center at Carnegie Mellon University in Pittsburgh. - - - - - - - - - - Cleansed agency data may still ID individuals Due to potential privacy concerns, the days of federal agencies offering large amounts of detailed statistical data may be quickly coming to an end, predicted Alan Karr, a researcher at the National Institute of Statistical Sciences of Research Triangle Park, N.C. The practice of the agencies being able to disclose mass micro-data is possibly on its way out, Karr said. Data sharing tops homeland security priorities Homeland Security's Missing Link Computers with state secret information won't be on the Web - - - - - - - - - - Singapore Vows to Fight E-Mail Spam Tightly-controlled Singapore on Tuesday vowed to fight e-mail spam, threatening to fine rogue Internet marketers millions of dollars. Officials claimed that more than half of all e-mail in the city-state was unsolicited. To try and curb the scourge, officials unveiled guidelines for legislation that would allow Internet service providers to take local online marketers to civil court if they flouted the rules. Email gateway products get smart with spam,39020375,39155822,00.htm Tech giants combine anti-spam standards Microsoft, combine anti-spam standards 'Spam and scam' firms fined PS450,000 - - - - - - - - - - Group wants input on vulnerability reporting guidelines The Organization for Internet Safety is soliciting comments on its guidelines for reporting and responding to software security vulnerabilities. OIS, a consortium of software vendors, researchers and security consultants, released the guidelines in July 2003, hoping to bring some order to the continual struggle between code makers and code breakers. The second version is expected to be available in mid-July. - - - - - - - - - - SQL Server getting security boosts Microsoft at its Tech Ed conference in San Diego on Tuesday will tout plans to add data encryption to its SQL Server database and seek federal government security certification for the platform as well. Microsoft tightens database security Microsoft to show off ID federation - - - - - - - - - - HP, Microsoft Partner on Security Microsoft is enlisting hardware vendors to push its Internet Security and Acceleration (ISA) Server 2004 software, and Hewlett-Packard says it will integrate the technology in its machines. HP said the company's ProLiant DL320 firewall server will run ISA Server 2004, and that it will offer the HP ProtectTools software suite for Microsoft products, such as Exchange Server, Outlook and Windows Mobile. - - - - - - - - - - Practice safe resets: secure your password solution Organisations are discovering an easy way to reduce the workload of IT and help desk administrators - password self-service. According to Gartner, password reset and user ID problems represent 15 to 35 per cent of helpdesk call volume, with a typical cost per call of $10 (PS5.54) to $31 (PS17.18). Even this humble author, looking through his recent trouble tickets, must sheepishly admit to four requests for resets over the last nine months. - - - - - - - - - - Security vendors ruining sysadmins' lives Competing computer security vendors racing against each other to find and publish new software vulnerabilities are pushing sysadmins to the brink. They need to grow up and start getting responsible about the way they release information into the community, AusCert director Graeme Ingram has warned. Ingram said that the sheer volume of vulnerabilities, exploits and patches being created on a daily basis had now reached the unworkable state where sysadmins are being forced to take unacceptable risks just to keep their networks up and running. - - - - - - - - - - Managing Security for Mobile Users (Part Two) Part one of Protecting the Road Warriors focused on the virus protection and firewall/IDS/IPS layers of mobile security. Part two completes the discussion and presents ways of providing additional layers of defense to help protect the valuable, mobile data. - - - - - - - - - - US plans $10bn computer dragnet The US is planning to build the most sophisticated computer-tracking system ever devised in order to keep tabs on foreigners entering the country. The project will also allow authorities to confirm that visitors deemed suspicious adhere to stated travel plans and leave the States before their visa expires. - - - - - - - - - - Cops get access to terror info, chance to fight back Beat cops patrolling streets in New York and Vermont will soon have near-instant access to federal counter- terrorism information as part of a pilot program touted as a breakthrough in the war on domestic terror. The program, to be announced Tuesday by New York Gov. George Pataki, Vermont Gov. James Douglas and FBI Director Robert Mueller, allows officers in both states to tap into federal resources and also lets tips flow the other way. - - - - - - - - - - Israeli spy agency recruits staff on Web Israel's normally secretive Mossad spy agency came in from the cold this week, launching a Web site aimed at recruiting staff ranging from computer security specialists to English-speaking waiters and agents for "special tasks." The site, which is available in both Hebrew and English, has a main page featuring a shadowy figure standing next to an Israeli flag and a link to a letter from Mossad Director Meir Dagan inviting "the best and most suitable to join us." *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2004,, Campbell, CA.