NewsBits for August 17, 2004 ************************************************************ Single 419er faces Dutch porridge Of the fifty 419ers arrested earlier this year during an extensive raid at 23 locations in Amsterdam, only one has finally been sentenced - to 12 months. Earlier this year 52 suspects, all of West African origin, were detained in a joint action involving Dutch cable operator UPC and the Ministry of Justice. The suspects had sent more than 100,000 advance fee fraud or 419 emails to Japan and the USA. http://www.theregister.co.uk/2004/08/17/one_419er_jailed/ - - - - - - - - - - Australian fined for child porn AN Australian man living in Hong Kong was sentenced today to a suspended three-month jail term and fined $HK10,000 ($1787) for possession of child pornography. Air traffic controller Peter Colin Bower pleaded guilty earlier to possession of child pornography after police arrested him for having compact discs containing objectionable material at his home on May 17. http://www.crime-research.org/news/17.08.2004/571/ - - - - - - - - - - New Mydoom virus is not a pretty picture Latest variant poses as collection of humorous photos Security experts are warning internet users to update their antivirus systems to protect against yet another version of the Mydoom worm. W32/Mydoom.s@MM, also known as Mydoom.s, has emerged as a new variant of the mass- mailing worm, and comes in the form of the .exe attachment, 'photos_arc.exe'. http://www.vnunet.com/news/1157388 - - - - - - - - - - California Assembly approves employee e-mail protection Employers will be required to inform employees if job site e-mail and Internet activities are being monitored, under legislation approved Monday by the state Assembly. The measure, from Sen. Debra Bowen, D-Marina del Rey, requires employers to give employees a one-time written notice if they plan to read e-mail, track Internet use, or use other electronic devices to monitor employees on or off the job. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9424741.htm - - - - - - - - - - Canadian police back snooping tax Canadians may soon be faced with a 25 cent surcharge on their monthly telephone and Internet bills to cover the growing cost of telephone taps. The snooping tax has been proposed by at least one police chief as a way of settling a row between police and telcos over who should pay for electronic surveillance. Canadian cops say they shouldn't have to pay for court-approved wiretaps. From our perspective, it's a very slippery slope to start paying for the execution of search warrants or any kind of a court order, Superintendent Tom Grue, a member of the law amendments committee of the Canadian Association of Chiefs of Police, told the Globe and Mail. http://www.theregister.co.uk/2004/08/17/canadian_snoop_tax/ - - - - - - - - - - Piracy in India bites Autodesk American design software developer Autodesk Inc. said Tuesday it is losing US$367 million (euros 297 million) in potential revenues each year because of software piracy in India. ``For every two companies that buy our software here, there are eight who steal,'' said Andre Pravaz, vice president of Autodesk's Asia-Pacific operations. The company, based in San Rafael, California, sells software that helps design anything from cartoon characters to skyscrapers. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9423635.htm - - - - - - - - - - Hackers Take Aim at GOP Online protests targeting GOP websites could turn out to be more than symbolic during this month's Republican National Convention, possibly blocking a critical communications tool for the party. In the past, activists have been able to shut down the website of, say, the World Economic Forum for a few hours. But the impact of such a takedown was nebulous at best: It's hard to argue the organization really suffered from a few-hour lag in posting its press releases online. http://www.wired.com/news/politics/0,1283,64602,00.html - - - - - - - - - - Spam, viruses challenge CIOs Spam, and the bandwidth it wastes, is the most pressing problem IT managers face. Not only does it slow down production and clog the network, but according to Paul Ducklin, head of technology for Sophos PLC, the real case for clamping down on spam is the huge amount of useless traffic it creates in unwanted replies, which doubles the flow on a network. http://security.itworld.com/4774/040817ciochallenge/page_1.html Huge increase in virus-infected spam http://www.vnunet.com/news/1157397 Summer spammers get raunchy http://www.theregister.co.uk/2004/08/17/porn_spam_up_350/ Spammers and virus writers join forces to create dangerous email attacks http://www.vnunet.com/news/1157396 Spam is born in the U.S.A. http://zdnet.com.com/2100-1105_2-5312848.html Arming against viruses http://www.fcw.com/fcw/articles/2004/0816/feat-arming-08-16-04.asp - - - - - - - - - - Auditors critical of DHS's initial IT strategy The Homeland Security Department's draft plan for upgrading and merging computer systems from the 22 agencies forming the department isn't well thought out, government auditors cautioned in a new report. A preliminary version of the department's strategy for integrating technology, called the "enterprise architecture," is missing "key elements," the Government Accountability Office stated in the report (GAO-04-777). For example, the plan fails to rank the relative importance of the department's various computer systems, and lacks comprehensive procedures for securing information during transfers. http://www.govexec.com/dailyfed/0804/081704a1.htm - - - - - - - - - - Arkansas center will train in cyberterrorism On a visit to his home state, Homeland Security Undersecretary Asa Hutchinson announced a $34 million grant program that will be shared among 14 groups nationwide to counter terrorism. The former congressman from Arkansas announced Sunday that the National Center for Rural Law Enforcement in Little Rock was among the 14 groups that will share in the $33.6 million competitive training grant program. http://www.usatoday.com/news/nation/2004-08-16-cyberterror-grants-ark_x.htm - - - - - - - - - - Study: Unpatched PCs compromised in 20 minutes Don't connect that new PC to the Internet before taking security precautions, researchers at the Internet Storm Center warned Tuesday. According to the researchers, an unpatched Windows PC connected to the Internet will last for only about 20 minutes before it's compromised by malware, on average. That figure is down from around 40 minutes, the group's estimate in 2003. http://zdnet.com.com/2100-1105_2-5313402.html http://news.com.com/Study%3A+Unpatched+PCs+compromised+in+20+minutes/2100-7349_3-5313402.html http://www.gcn.com/vol1_no1/daily-updates/26967-1.html - - - - - - - - - - Crypto researchers abuzz over flaws Encryption circles are buzzing this week with news that mathematical functions embedded in common security applications might have previously-unknown weaknesses. The excitement began last Thursday with an announcement that French computer scientist Antoine Joux had unearthed a flaw in a popular digital signature algorithm called MD5. Then four Chinese researchers released a paper that reported a way to circumvent a second algorithm, SHA-0. http://news.com.com/Crypto+researchers+abuzz+over+flaws/2100-1002_3-5313655.html - - - - - - - - - - Sue a Spoofer Today Spoofers forge e-mail headers to make spam look respectable. ISIPP wants to make them pay. The Institute for Spam and Internet Public Policy (ISIPP) launched a new service to help businesses whose domain names have been highjacked by spammers. ISIPP helps them evaluate and take charge of suing spoofers for trademark infringement. Spoofing is the practice of forging an e-mail header so that it appears that the e-mail comes from somewhere other than the actual source. http://www.internetnews.com/xSP/article.php/3395771 - - - - - - - - - - Microsoft unveils add-on to protect kids online Microsoft has unveiled a free add-on for its FrontPage 2003 web authoring application, which it hopes will make the internet safer for children. The add-on is designed to allow website authors to add Internet Content Rating Association (ICRA) content labels to their web pages. http://www.vnunet.com/news/1157386 - - - - - - - - - - Symantec to reinforce data protection Symantec plans on Tuesday to announce several security upgrades, with a particular focus on protecting personal information from online thieves. The 2005 upgrades apply to versions of the company's products for consumers and small businesses: Norton AntiVirus, Norton Personal Firewall, Norton AntiSpam and Norton Internet Security. http://zdnet.com.com/2100-1105-5313005.html Improving defenses http://www.fcw.com/fcw/articles/2004/0816/feat-arming2-08-16-04.asp Catching 'phishers' a WholeSecurity sport http://zdnet.com.com/2100-1105_2-5312105.html http://news.zdnet.co.uk/internet/security/0,39020375,39163688,00.htm - - - - - - - - - - Vidius e-mail monitor adds pattern recognition Vidius has announced PortAuthority 3.0, which looks for internal security breaches and leaks caused by employees and temporary workers. Using identification algorithms to create digital "fingerprints" of protected content, PortAuthority both monitors and blocks e-mails containing sensitive information. http://zdnet.com.com/2110-1105_2-5313009.html - - - - - - - - - - Agencies express interest in Windows sealant Amid the growing understanding of the importance of information technology, officials at a number of small but influential agencies such as the Executive Office of the President are considering using a new automated technology that developers say can lock down most if not all of the vulnerabilities in Microsoft Corp.'s Windows operating system. ImmuneEngine, developed by BBX Technologies Inc. of Nashville, Tenn., was designed to eliminate many of the Windows security vulnerabilities that have plagued agencies in recent years. http://fcw.com/fcw/articles/2004/0816/news-agencies-08-16-04.asp - - - - - - - - - - 200 apps clash with XP SP2 Consumers will be offered a major upgrade of Windows XP after Microsoft releases Service Pack 2 through Windows Update later this week. The 272MB enterprise version of SP2 was released earlier this month and a smaller consumer version - weighing in at around 80MB - was due to be released via Windows Update yesterday (16 August), the BBC reports. This automatic delivery has now been put back until tomorrow (18 August). SP2 was due to debut last year so a couple of extra days wait is hardly going to make much difference. http://www.theregister.co.uk/2004/08/17/xp_sp2_glitches/ - - - - - - - - - - Stealing password? What could be easier? Almost all internet and online banking users leave themselves open to fraudsters by using predictable passwords and ingnoring elementary requirements of computer security. The research claims that 21% of people used their own or their partner's nicknames for their passwords, 15% used their birthdays or anniversaries and 15% used names of their pets. About 14% had a family members' name as their password, 7% relied on a memorable date, and 2% even unimaginatively used the word password. http://www.crime-research.org/news/17.08.2004/567/ - - - - - - - - - - Border Security System's Limits Assailed A new government computer program that tries to identify terrorists and criminals from among millions of foreign visitors was built from antiquated components that cannot easily exchange information, limiting its effectiveness in the war on terrorism, a senior Democratic lawmaker charged Monday. "You are going down a dead-end road here, and sooner or later, it is going to be apparent," said Rep. Jim Turner of Texas, the ranking Democrat on the House Select Committee on Homeland Security. (LA Times article, free registration required) http://www.latimes.com/technology/la-na-border17aug17,1,3832178.story - - - - - - - - - - Cops test handheld fingerprint reader Several Minnesota police departments are field testing a handheld device that scans a suspect's fingerprint and digitally checks it against Minnesota's criminal history and fingerprint database. Police and the device maker say it's helping law enforcement officers identify suspicious persons quickly when they don't have a driver's license, but defense attorneys and civil liberties advocates are wary. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9417805.htm *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.