NewsBits for August 9, 2004 ************************************************************ Price not right on Bagle variant A prolific new variant of the mass-mailing Bagle worm began flooding e-mail accounts Monday with bogus price quotes. Like previous versions of Bagle, the new Bagle.AQ worm spreads by sending out messages with an infected attachment compressed under the common Zip format. Both the name of the attachment and the body of the message are a variant on "price" or "new price." Unlike earlier Bagles, the new version also packs in a 3-year-old piece of JavaScript code that, once executed, attempts to send the infected PC to various Web sites to pick up more Bagle code, said Vincent Gullotto, vice president of the antivirus emergency response team for security specialist McAfee. http://zdnet.com.com/2100-1105_2-5302722.html http://www.msnbc.msn.com/id/5652313/ - - - - - - - - - - Man Charged With Sex Assault Of Girl He Met On Net A 27-year-old West Paterson man was charged with sexually assaulting a teen girl at a Bergen County motel after arranging a meeting with her on the Internet, officials said Monday. The 13-year-old girl was in the front seat of Jose Casallas' car when he was arrested Sunday, police said. He was being held Monday in the Bergen County Jail on $250,000 bail. The girl's mother reported her missing Saturday night and police found an Internet conversation with Casallas on her home computer, authorities said. http://www.wnbc.com/news/3633407/detail.html - - - - - - - - - - Teenager facing child pornography charges Alexander Charles Whitaker was being held in the Broward County Jail Friday on $300,000 bond. Police found hundreds of child pornography images stored on his computer. Many of the images showed children having sexual contact with other children or adults. http://www.miami.com/mld/miamiherald/news/local/states/florida/counties/broward_county/9341591.htm - - - - - - - - - - Russia: Department K against Udmurt hackers According to Valeri Korznikov, Deputy Chief of the Department K (unit fighting high tech crimes) in Udmurt Republic, hackers expanded heavy activities so that the topic of counteraction to computer crimes reached even the government. More than 400 cases of unauthorized intrusion into someone else's computers were registered only for the last year in Udmurtia. Special devices equipped by Department K allow to reveal hackers but only on condition that the victim appealed to police himself. http://www.crime-research.org/news/07.08.2004/550/ - - - - - - - - - - FBI probes beheading hoax on Web A San Francisco computer expert duped international media on Saturday into believing Islamist kidnappers had executed an American hostage in Iraq by staging his own mock beheading on the Internet. The FBI questioned Benjamin Vanderford, 22, shortly after the hoax became public. "We will pursue any and all legal avenues for prosecution," said FBI special agent LaRae Quy of the bureau's San Francisco office. "At this point the matter is still under investigation." http://zdnet.com.com/2100-1105-5301633.html - - - - - - - - - - Video Game Theft Cited in Six Beating Deaths Former convict Troy Victorino, who blamed a young woman for taking his Xbox video game system, recruited three teenagers to stab and beat her and five others to death, investigators said. The 22-year-old woman was singled out for an attack so vicious that dental records were useless in trying to identify her. Some of the victims were attacked in their sleep, authorities said. http://www.theregister.co.uk/2004/08/08/xbox_murder_florida/ http://www.latimes.com/technology/la-na-briefs9aug09,1,3244662.story - - - - - - - - - - Windows XP SP2 may stop the worms Service Pack 2, the long-awaited upgrade to Windows XP, will prevent the rapid spread of worms such as Sasser, according to a security company that has reverse-engineered some of the code. Windows XP SP2, which has finally been released for manufacturing, is designed to make the Windows operating more secure by offering a host of new features and functionality. Part of that increased security is protection against buffer overflows, which are a vulnerability that has been exploited to great effect by high-profile worm attacks such as Sasser, Slammer, and Blaster. http://news.zdnet.co.uk/0,39020330,39162970,00.htm Windows SP2 rolls out http://www.fcw.com/fcw/articles/2004/0809/web-xppatch-08-09-04.asp http://www.msnbc.msn.com/id/5610539/ http://www.vnunet.com/news/1157187 http://www.newsfactor.com/story.xhtml?story_title=XP-SP--Finally-Rolled-Out-to-Manufacturers&story_id=26214 SP2's new firewall: Better than nothing, but not good enough http://zdnet.com.com/2100-1105_2-5301625.html IBM stalls on XP upgrade http://news.zdnet.co.uk/software/windows/0,39020396,39162997,00.htm - - - - - - - - - - AOL IM 'Away' message flaw deemed critical All known versions of AIM for Microsoft Windows are affected. Computer security companies are warning users of America Online Inc.'s AOL Instant Messenger (AIM) software that a serious security hole in the product could allow remote attackers to execute malicious code on computers that run the popular instant messaging software. http://computerworld.com/securitytopics/security/holes/story/0,10801,95137,00.html - - - - - - - - - - Big-time ID theft symptom of database culture BJ's Wholesale Club Inc. attracts shoppers to its stores by putting thousands of discounted products under one roof. It wasn't hard to attract cyberthieves either, with databases that amass credit card numbers in huge numbers. The theft earlier this year of thousands of credit card records from the nation's third-largest warehouse club illustrates the potential for massive-scale identity theft whenever so much purchase-enabling information is stored in one place. It also illustrates how difficult the cleanup can be. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9357645.htm - - - - - - - - - - Cybersecurity research gets $7 million The Office of Naval Research has granted the National Center for Advanced Secure Systems Research (NCASSR) an additional $7 million in funding to conduct research on, among other topics, technology for deducing suspicious patterns in data and on ways to allow sensors to communicate in a secure fashion. The group will also examine methods of preventing unauthorized intrusion into energy grid systems and other highly sensitive networks. http://news.com.com/Briefly%3A+Cybersecurity+research+gets+%247+million/2009-1014_3-5219580.html - - - - - - - - - - AMD says its chips can boost PC security Advanced Micro Devices says it has one-upped rival Intel in computer security by moving more quickly to embrace new features provided by an update to Microsoft's Windows PC operating system. AMD on Monday trumpeted a chip feature called Enhanced Virus Protection, which works with an update of Microsoft's Windows XP operating system to thwart some viruses and worms--malicious software that devours data or clogs up e-mail servers. http://zdnet.com.com/2100-1103-5302628.html - - - - - - - - - - Is Sharing Wi-Fi Illegal? Answer Hazy; Try Again Later, Lawyer Says Borrowing a neighbor's unsecured Wi-Fi signal could be against the law. Or it might be legal. The law is unclear, said cyberlawyer Mark Rasch. "We have new technology and an old law. The law neither expressly prohibits it, nor expressly permits it," Rasch said. http://www.internetweek.com/allStories/showArticle.jhtml?articleID=26805988 - - - - - - - - - - Security: It's 'wise up' or 'sack all your staff' time Which is it going to be? The latter is impractical... but why should the former be proving so tricky? Many small companies in the UK are despairing at the part their employees are playing in security breaches - yet too few are taking appropriate action to stop them. Among small to medium-sized enterprises (SMEs), end-user error is still perceived as the highest risk to the business and while many have policies in place to crack down on this threat too few are enforcing them, according to research conducted by the IOD with its members. http://software.silicon.com/security/0,39024655,39123001,00.htm - - - - - - - - - - Fahrenheit FBI A new U.S. government decision extending wiretapping regulations to the Internet raises far more questions than it answers. The Federal Communications Commission voted 5-0 last week to prohibit businesses from offering broadband or Internet phone service unless they provide police with back doors for wiretapping access. Formal regulations are expected by early next year. http://zdnet.com.com/2100-1107-5302080.html - - - - - - - - - - Unprecedented electronic security net covers Olympics If you're planning on attending this month's Olympic Games, you'd best be careful what you say and do in public. Software will be watching and listening. Recent leaps in technology have paired highly sophisticated software with street surveillance cameras to create digital security guards with intelligence-gathering skills. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9357302.htm http://www.usatoday.com/tech/news/surveillance/2004-08-09-security-software_x.htm - - - - - - - - - - Brits banned from smiling in passport photos British passport holders have no reason to be cheerful in their photos - an open-mouthed smile is no longer allowed. The fight against terrorism has wiped the smile off the face of British passport holders. The UK Passport Service said on Friday it will forbid open-mouthed smiles on passport pictures, one of several rules introduced to comply with strict new US standards. Smiles are forbidden -- along with sunglasses and hair slanting across the eyes -- because they may confuse security cameras used to scan faces and to verify the passport is authentic. http://news.zdnet.co.uk/hardware/chips/0,39020354,39162962,00.htm - - - - - - - - - - N.M. courthouse, Calif. city pushing Wi-Fi networks City and county governments are embracing Wi-Fi technology to provide high-speed data service to public safety agencies and Internet access to citizens, and now Bernalillo County, N.M., has adopted the technology to support Internet access for judges, lawyers and jurors in its courthouse. The service, the first phase of which went into operation in February, also provides wireless voice-over-IP (VoIP) phone service for security personnel. http://computerworld.com/mobiletopics/mobile/wifi/story/0,10801,95139,00.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.