NewsBits for August 11, 2004 ************************************************************ Teen pleads guilty in Internet worm attack A Minnesota high school senior pleaded guilty Wednesday in federal court to unleashing a variant of the ``Blaster'' Internet worm, which crippled more than a million computers last summer. Jeffrey Lee Parson, 19, of Hopkins, Minn., is likely to face 18 months to three years behind bars after pleading guilty to one count of intentionally causing or attempting to cause damage to a protected computer. He also could be ordered to pay millions of dollars in restitution, Assistant U.S. Attorney Annette Hayes said. - - - - - - - - - - Lawmaker warns about security lapses at Los Alamos lab Republican lawmakers are offering contrasting signals this week over the state of security at New Mexico's Los Alamos National Laboratory. House Energy and Water Appropriations Subcommittee Chairman David Hobson, R-Ohio, said at a National Academy of Science symposium today there are "more serious problems than you've been reading about" regarding security at the nuclear laboratory. - - - - - - - - - - Mosquitos smartphone 'Trojan' there by design The Mosquitos Symbian dialler Trojan is not really a Trojan horse after all. Many news outlets, including ourselves, reported that a "trojanised" version of Mosquitos game for Symbian Series 60 smartphones was circulating online and across P2P networks. Cracked versions of the game secretly sends SMS messages to premium rate numbers, according to reports on various online forums. Illegal copies of the game display the following message on start-up: "This version has been cracked by SODDOM BIN LOADER No rights reserved. Pirate copies are illegal and offenders will have lotz of phun!!!" Bugwatch: Trojan diallers on the loose - - - - - - - - - - Political rivals plant worm AN AUSTRALIAN politician has come the raw prawn and alleged rivals planted a worm on his website. Steven Ciobo, the Member for the Gold Coast electorate of Moncrieff has a nice bland site here, so imagine his disgust when he discovered that people who actually visited the place downloaded some kind of worm. - - - - - - - - - - MS plugs 'moderate' Exchange vuln Microsoft's patch train rolled into town last night with one solitary occupant. After the release of XP SP2 last Friday it's just as well that the only extra thing sysadmins have to contend with is a not-especially devastating vulnerability involving Exchange. Microsoft has issued a patch which aims to address a cross-site scripting and spoofing vulnerability in Outlook Web Access feature of Exchange Server 5.5. This flaw could be exploited to trick a user into running a malicious script, which would run in the security context of a user. It may also be possible to exploit the flaw to manipulate Web browser caches and intermediate proxy server caches, and put spoofed content in those caches. Redmond's Salvation SP2's new firewall: Better than nothing, but not good enough Microsoft fixes Exchange flaw,39020396,39163142,00.htm Microsoft lets companies block SP2 upgrade - - - - - - - - - - HP confirms Apache holes, offers patches The flaws could allow attackers to disable or take control of a server. Hewlett-Packard Co. has confirmed that its HP-UX Unix operating system contains several serious security flaws that could allow attackers to disable or take control of a server. Information from HP about the flaws is available online, although registration is required to access the security advisory.,10801,95170,00.html - - - - - - - - - - AOL AIMs to fix security flaw AOL has acknowledged a potentially serious security vulnerability affecting users of its popular AOL Instant Messenger (AIM) software. It has promised a fix within days. In the meantime, the media giant is advising concerned punters to try a beta version of its forthcoming update. - - - - - - - - - - London schoolkids drown in spam tsunami Figures released this week indicate that UK schoolkids receive more spam than actual email, with three quarters of messages arriving in inboxes coming from junk mailers. Just like the rest of the world, then. Also just like the rest of the world, most of the spam is trying to sell Viagra or Valium, pornography or suspiciously cheap software. - - - - - - - - - - Computer users still choosing obvious passwords Pet names and partner's nickname popular choices, says Visa research. Over three-quarters of internet users are persistently ignoring password best practice and use obvious passwords, research shows. Just 22 per cent of computer users chose a mixture of random letters and characters when selecting a password, according to figures from Visa. Is your cat a target for password-stealing hackers?,39024729,39123066,00.htm - - - - - - - - - - Computer crime hits taxes The emergence of electronic money and of the global system for electronic payments has formed a parallel banking system with an entire network of semi-legal financial institutions. The unique opportunities of quickly shaped infrastructure at once drew attention of criminal groups. It allowed anyone to transfer monetary funds to any country rapidly, anonymously, through tangled routes and circumvent governmental systems of financial control. Heretofore, electronic transfers interested criminals as the efficient tool to conceal the sources of money intakes, to launder illegally earned money and to conceal their incomes to evade taxes. - - - - - - - - - - Network Analysis a Public Exploit (Part 1 of 2) To many people, the world of computer security and intrusion detection can often be confusing to understand. As an instructor, many of the people who ask me about intrusion detection and packet analysis often ask the same questions, such as the following: What tools do you use? Can you practice and learn this at home? What kind of knowledge does one need to have? These and other questions figure predominantly. - - - - - - - - - - Al-Qaeda computer geek nearly overthrew US A White House with a clear determination to draw paranoid conclusions from ambiguous data has finally gone over the top. It has now implied that the al- Qaeda computer geek arrested last month in Pakistan was involved in a plot to destabilize the USA around election time. Two and two is five. As we reported here and here, so-called al-Qaeda "computer expert" Muhammad Naeem Noor Khan, a Pakistani, was arrested on 13 July in possession of detailed but rather old surveillance documents related to major financial institutions in New York, Newark, and Washington. - - - - - - - - - - Driver Watching DVD: Not Guilty A man was acquitted Tuesday of charges he caused a fatal crash by taking his eyes off the road while watching a movie on a DVD player mounted on his truck dashboard. Jurors acquitted Erwin Petterson Jr., 29, of two counts of second-degree murder and two counts of manslaughter. No law in Alaska prohibits operating a DVD player in view of a driver. Today's the Day. Petterson had been charged in the deaths of Robert Weiser, 60, and Donna Weiser, 56, when his truck collided with their vehicle on a highway in southern Alaska on October 12, 2002.,2554,64546,00.html *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2004,, Campbell, CA.