NewsBits for June 28, 2004 ************************************************************ Latest ID theft victim? A law firm This woman basically stole the identity of this law firm, Westchester County District Attorney Jeanine Pirro said. The law firm was Fish & Neave of Manhattan; the account was set up in the name Fish Neave. Phoebe Nicholson, 39, worked for Honeywell International at the time. The company had done work with Fish & Neave in the past. Nicholson allegedly forged her boss signature on seven phony bills from the firm, then persuaded Honeywell to send the checks to her for delivery instead of mailing them to Fish & Neave. http://www.msnbc.msn.com/id/5319626/ - - - - - - - - - - Hackers seed Web sites to infiltrate PCs In a new type of Web attack that could begin to spread, security experts estimate hundreds of thousands of Internet users unwittingly got their PCs compromised last week simply by clicking on a favorite Web page. Profit-minded intruders stealthily seeded Web pages with contagions to help them steal personal information and turn compromised PCs into spam relays. http://www.usatoday.com/tech/news/2004-06-27-web-attack_x.htm http://www.fcw.com/fcw/articles/2004/0628/web-netattax-06-28-04.asp - - - - - - - - - - Senate backs piracy plan to sink file sharers The US entertainment industry received a boost in its fight against copyright infringement and file swappers last week with the passing of two proposed bills through the US Senate. The Artists' Rights and Theft (Art) Prevention Act and the Pirate Act include stiffer penalties for pirates, and make it easier for federal authorities to prosecute copyright cases. http://www.vnunet.com/news/1156269 http://www.crime-research.org/news/26.06.2004/449/ - - - - - - - - - - First Online Data Privacy Law Looms in California The nation's first privacy law that specifically targets online businesses will go into effect in California on July 1. But it's unlikely to cause many problems for companies, because most of the privacy requirements stipulated by the law are already in place at commercial Web sites. The Online Privacy Act of 2003 (Calif. AB 68) was authored by Joseph Simitian, a member of the California State Assembly. http://computerworld.com/securitytopics/security/privacy/story/0,10801,94128,00.html - - - - - - - - - - European betting sites brace for attack European soccer betting sites are increasingly targeted by cyber extortionists, German computer magazine c't reports. Sites are flooded with spurious requests (distributed denial of service (DDoS) attack) in an attempt to force online bookmakers to cough up or face shutdown. Criminals may turn up the heat in preparation for the Euro 2004 semi-finals and finals later this week. Betting site Betfair, dubbed the eBay of gambling, estimates that wagers on its website for the Euro 2004 tournament alone will hit $200m. http://www.theregister.co.uk/2004/06/28/betting_sites_attack/ - - - - - - - - - - MPs slam premium-rate 'criminal scams' MPs have warned that some premium rate phone services are little more than a "criminal scam" designed to rip off innocent people. What's more, they're concerned that premium rate regulator, ICSTIS, might not be up to the task of regulating an industry that continues to allow people to be conned. http://www.theregister.co.uk/2004/06/28/mps_icstis/ - - - - - - - - - - Beastie Boys claim no virus on crippled CD The Beastie Boys website claims that the copy- control mechanism on the DRM-crippled CD "To the 5 Boroughs" does not install any files on the victim's computer. According to the notice, the disks use "Macrovision's CDS-200 technology, the same technology being used for the past several months around the world for all of EMI's releases in those territories. http://www.theregister.co.uk/2004/06/28/wee_timorous_beastie/ - - - - - - - - - - Fishing for 'phishers' Almost 95 percent of e-mail fraud and "phishing" reported in May emanated from forged addresses, according to new research from the Anti-Phishing Working Group, which argued that emerging e-mail authentication standards could take the sting out of such nasty attacks. Phishing attacks trick people into parting with personal information by luring them to bogus corporate Web sites. Almost 5 percent of recipients of such deceitful e-mails disclosed vital information such as credit card numbers, account user names and passwords, leading to identity theft and financial loss, the report said. http://zdnet.com.com/2100-1105_2-5250454.html - - - - - - - - - - Middle East not immune to cyber-crime, security experts warn According to AME Info, investment in fighting cyber-crime remains critically low, and a general ignorance of its consequences is leaving businesses across the Middle East vulnerable to attack, network security experts Stonesoft have warned. Research from Gartner showed that just $20 million was spent on investigating cyber-crime in 2002, a large under- investment given the scale and potential of the problem. http://www.crime-research.org/news/28.06.2004/453/ - - - - - - - - - - Ethical Hacking Is No Oxymoron Sporting long sideburns, a bushy goatee and black baseball cap, instructor Ralph Echemendia has a class of 15 buttoned-down corporate, academic and military leaders spellbound. The lesson: hacking. The students huddled over laptops at a Los Angeles -area college have paid nearly $4,000 to attend "hacker college," a computer boot camp designed to show how people will try to break into network systems -- and how they will succeed. http://www.wired.com/news/infostructure/0,1377,64008,00.html http://www.msnbc.msn.com/id/5318002/ http://www.cnn.com/2004/TECH/06/28/school.hackers.reut/index.html http://www.wired.com/news/infostructure/0,1377,64008,00.html - - - - - - - - - - Lawmaker seeks biometric ID cards for aviation security workers Frustrated by the lack of progress to control access to sensitive areas at the nation's airports, a House lawmaker plans to introduce a bill after the July Fourth recess that aims to push the Homeland Security Department to act swiftly. http://www.govexec.com/dailyfed/0604/062804tdpm1.htm - - - - - - - - - - German labour eyes online authentication Germany's pensions administrator and labour department are implementing online authentication systems in a deal worth almost 10m (PS6.7m). The Federal Insurance Institution for Salaried Employees in Berlin has signed a deal, announced on 25 June, 2004, to provide electronic smartcards for its staff and set up a trust centre to verify online transactions for Germany's statutory pension insurance scheme. The centre will also be used by the Regional Insurance Institution of the province of Rhenania and the other 22 German regional insurance bodies. http://news.zdnet.co.uk/hardware/emergingtech/0,39020357,39158869,00.htm - - - - - - - - - - Google feels spyware strains For Google users like Tim Yu, the threat of spyware isn't so easy to stare down. Yu, a Stanford University student, recently found that one of his family's computers was infected with a program called "BrowserAid/Featured Results," which was delivering additional and unwanted pop- up ads atop Google results. He managed to rid the computer of that application, but a similar, unidentifiable program could not be eliminated. http://zdnet.com.com/2100-1104_2-5250383.html Spyware support costs run into millions Spyware is to blame for half of all PC crashes and is putting a strain on support helplines, according to industry analysts. It is estimated that 90 per cent of all PCs are harbouring 30 or more pieces of spyware. http://www.vnunet.com/news/1156261 Spyware-killers get going online http://news.com.com/Spyware-killers+get+going+online/2100-1032_3-5250738.html - - - - - - - - - - HP merges security into desktop Hewlett-Packard plans to unveil a set of PC-related products on Monday, including a new desktop computer with security technology. The company also intends to announce software for printing from wireless devices; data back-up and recovery software; and workstations, which are powerful desktop machines for uses such as creating digital content. http://news.zdnet.co.uk/software/applications/0,39020384,39158860,00.htm - - - - - - - - - - Redmond's Butterfly Effect Criminals are benefiting from an Internet Explorer that's so complex even Microsoft can't predict its behavior. Most of you have heard of a reportedly widespread compromise of an unknown number of clients through an unpatched vulnerability in Internet Explorer. The clients were owned by visiting commercial web sites that had previously been compromised by a yet undetermined method; the attackers dropping code onto those servers that customers would then launch when the site was visited. http://www.securityfocus.com/columnists/251 CERT recommends anything but IE http://www.theregister.co.uk/2004/06/28/cert_ditch_explorer/ IE flaw may boost rival browsers http://zdnet.com.com/2100-1105_2-5250697.html Gates Defends Microsoft Patch Efforts Microsoft chairman Bill Gates defended the company's handling of security patches Monday following widespread attacks on the Internet by suspected Russian organized crime gangs. Last week's attacks used unpatched vulnerabilities in Internet Explorer to deploy a Trojan horse program on the victim's machine, which could capture the user's Internet banking passwords. http://www.securityfocus.com/news/9004 http://www.cnn.com/2004/TECH/06/28/microsoft.gates.reut/index.html Windows XP update could cause support chaos http://computerworld.com/softwaretopics/os/windows/story/0,10801,94184,00.html 'Windows' toughest competitor is pirates' - Gates http://news.zdnet.co.uk/software/windows/0,39020396,39158862,00.htm - - - - - - - - - - Cryptographic Protection of Computer Information Cryptooperation is a process of replacement and/or rearrangement of some or another symbols (bytes, bits) of an initial message using a special algorithm in accordance with the given key (a kind of a password). There are two types of cryptooperation in cryptology: symmetrical and asymmetrical. The first is sometimes called a one-key cipher or a cipher with a secret key. http://www.crime-research.org/articles/Akhtyrskaya0604/ - - - - - - - - - - Packet Crafting for Firewall & IDS Audits (Part 1 of 2) With the current threat environment that home and corporate users face today, having a firewall and IDS is no longer a luxury, but rather a necessity. Yet many people do not really take the time to make sure though that these lines of defense are indeed working properly. After all, it is very easy to invalidate your router's entire ACL list by making a single misconfigured entry. The same can be said for your firewall, whereby one poor entry into your iptables script, for example, could leave you vulnerable. http://www.securityfocus.com/infocus/1787 - - - - - - - - - - Pursuing the Libido's Dark Side Lord Foucault is an admitted rapist. He does it on impulse -- for the thrill of it and for the feeling of control he has over his female victims. But he's not attacking women in real life. Instead, Lord Foucault is a character in Sociolotron, an online virtual world that gives players a platform where they can act out a wide range of fantasies. http://www.wired.com/news/games/0,2101,63997,00.html - - - - - - - - - - Internet's many layers give terrorists room to post, then hide Terrorists are increasingly using the Internet to spread shocking images and state their demands. In the past month, video and photos of the beheadings of American Paul Johnson Jr. and South Korean Kim Sun Il were posted on Web sites sympathetic to Islamic terrorists. Last week, a Saudi Web site posted a statement from alleged terrorist leader Abu Musab al-Zarqawi claiming responsibility for attacks across Iraq. http://www.usatoday.com/tech/news/2004-06-27-terrorweb-usat_x.htm - - - - - - - - - - Virtual Case File again delayed The FBI's case management system has been delayed again and will not be deployed by the end of the year, FBI officials said. FBI officials did not immediately comment on the cause of the latest delay of the Virtual Case File System, which is now more than a year behind the original schedule. In May, the FBI's chief information officer Zalmai Azmi said some capabilities of the new system would be in place by the end of the year, several months after the previous mid-summer deadline. http://www.fcw.com/fcw/articles/2004/0628/web-fbi-06-28-04.asp http://www.cnn.com/2004/US/06/26/fbi.terror.computer/index.html Justice watch center plans system upgrade http://www.gcn.com/vol1_no1/daily-updates/26411-1.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.