NewsBits for August 30, 2004 ************************************************************ Verizon wins injunction against text spammer A federal judge has granted Verizon Wireless a permanent injunction in its suit against a man accused of sending unsolicited text messages to its customers. The company announced Monday that it won its suit in U.S. District Court in New Jersey against Jacob Brown, a Rhode Island resident who allegedly barraged Verizon's wireless customers with large volumes of spam advertising home loans and adult Web sites. The ruling, which was officially handed down one week ago, bars Brown from sending further spam to Verizon's customers. http://zdnet.com.com/2100-1105_2-5329820.html http://www.msnbc.msn.com/id/5868108/ http://www.usatoday.com/tech/news/techpolicy/2004-08-30-cell-spammer_x.htm - - - - - - - - - - Trojan Automates Phishing Scam Online banking customers should be wary of a new series of Trojan horses out to filch financial information, said a security firm Monday. The Tolger line of Trojan horses, said U.K.-based Sophos, target online users of a slew of British- based banks, including users Barclays, HSBC, Lloyds, and Nationwide. http://www.techweb.com/wire/story/TWB20040830S0002 - - - - - - - - - - Security Lapses, Lost Equipment Expose Students to Possible ID Theft A missing hard drive containing personal information on 23,500 students, faculty and staff in the California State University system is only the latest example of how campus computers can expose individuals to identity theft. Although the hard drive was lost at Cal State San Marcos, 13,500 of those affected are linked to Cal Poly San Luis Obispo, Cal State officials said. The other state universities affected are Dominguez Hills, Fullerton, Monterey Bay, San Diego and Sonoma. http://www.latimes.com/technology/la-me-calpoly29aug29,1,4527839.story - - - - - - - - - - Agency cyberattack training backfires The National Intelligence Service, the nation's spy agency, has apologized to a civic group for using its name in a simulated "cyberattack" during last week's Eulchi security exercises. During the exercises, held annually to test the nation's crisis management measures, the National Cyber Security Center, the spy agency's cyberterrorism prevention arm, sent mass e-mails to public servants under the name of the civic group People's Solidarity for Participatory Democracy, with an attachment titled "list of corrupt public servants. http://joongangdaily.joins.com/200408/29/200408292323028139900090409041.html - - - - - - - - - - Top copyright violators International Federation of Fonographic Industry announced a regular report devoted to commercial piracy issues. Report claims that all taken measures to fight producers and distributors of illicit compact disks are not enough. Today the share of pirated CDs amounts to 35% and total damage brought to the industry is evaluated to be $4,5bn for the last year. http://www.crime-research.org/news/30.08.2004/592/ - - - - - - - - - - FBI/CSI 2004 cybercrime report For the past nine years the FBI and the Computer Security Institute have compiled cybercrime statistics. These statistics provide a good benchmark to compare the year-to-year changes in the kind of threats administrators need to focus on. To get the 2004 report, you have to go to the CSI Web site and enter some registration information in order to receive the document as a PDF download. http://techrepublic.com.com/5100-6268_11-5321040.html - - - - - - - - - - Microsoft Pushes SP2 to Home Users Corporate users are testing and evaluating whether to upgrade to SP2, but Microsoft is encouraging home users to take the leap. The company is giving away Edition 2005 of the TabletPC operating system as an enticement to users to update their PCs. Microsoft also has announced improved wireless functionality available through SP2. As corporate I.T. departments weigh the pros and cons of installing Microsoft's update for machines running the XP operating system -- Service Pack 2 -- the software maker continues its push to get home users to update immediately. http://www.newsfactor.com/story.xhtml?story_title=Microsoft-Pushes-SP--to-Home-Users&story_id=26617 http://zdnet.com.com/2100-1103-5330219.html Windows upgrade fixes security flaws, but it's not perfect http://www.usatoday.com/tech/products/software/2004-08-29-sp2-qanda_x.htm Microsoft plays down SP2 security glitches http://www.vnunet.com/news/1157698 App tests for Win XP SP2 burden users http://computerworld.com/softwaretopics/os/windows/story/0,10801,95540,00.html - - - - - - - - - - Dutch ISP experiments with e-mail encryption Xs4All, the Dutch ISP, has started a pilot service for securing incoming and outgoing e-mail between subscribers computers and the ISPs own mail servers, offering users three levels of security. http://www.dmeurope.com/default.asp?ArticleID=2862 - - - - - - - - - - McAfee releases VirusScan with intrusion prevention Antivirus software company McAfee Inc.said today that a new version of its VirusScan Enterprise software contains so-called intrusion-prevention features that can protect computers from attacks such as buffer overflows, which are often used by viruses and worms to compromise vulnerable Microsoft Corp. Windows machines. VirusScan Enterprise 8.0i integrates intrusion-prevention services (IPS) and firewall technology with antivirus software to protect PCs and file servers from new malicious code outbreaks automatically. http://computerworld.com/securitytopics/security/story/0,10801,95580,00.html - - - - - - - - - - Round-the-clock anti-virus sleuths F-Secure's new anti-virus computer lab in San Jose is starting up without the company's prized monkey or sauna. Those are two mainstays of the anti-virus software maker's main lab and headquarters in Helsinki, Finland. When a new Internet threat is discovered, researchers there hit a toy monkey, which lets out a scream warning everyone the rush is on to crack the malicious code. And the sauna is the traditional Finnish way to unwind from the workday. http://www.mercurynews.com/mld/mercurynews/business/technology/9534181.htm - - - - - - - - - - Priva adds picture ID to four-factor authentication Priva Technologies is adding support for a secured image of the enrolled user to its four-factor Cleared Security Platform. The digital picture is stored in the users ClearedKey biometric authentication token, along with fingerprints. Once the system has authenticated the user, it can release the picture for display so that the users identity can be further verified. http://zdnet.com.com/2110-1105_2-5330188.html - - - - - - - - - - Protecting Wireless Consumers Privacy Through GPS or cell tower triangulation, carriers have access to subscriber location on a continuous basis. Imagine having a car accident and feeling secure in the knowledge that an emergency unit will find you thanks to GPS technology in your cell phone. Then imagine that at the same time youre waiting for emergency services your phone rings and its a retail store manager calling to tell you that you are just down the road from a clearance sale. It is a scenario such as this, that is raising public concern. http://www.billingworld.com/archive-detail.cfm?archiveId=7601&hl - - - - - - - - - - Company Secrets Hit the Exits The other day, I found out that an executive in my company was leaving. Normally, that wouldn't be a big deal. After all, in a large company people come and go all the time. But this executive's employment contract included a clause that lets him keep his laptop. As a security manager, I find this alarming, but it's a common practice when hiring executives here. http://computerworld.com/securitytopics/security/story/0,10801,95551,00.html - - - - - - - - - - Don't regulate RFID--yet Not many people may remember this, but Phil Donahue was one of the digital age's first technophobes. In 1974, the TV talk show host denounced the Universal Product Code, better known as the bar code, as a dastardly plot that would let grocery stores trick consumers. Grocers would replace price tags with bar codes and confuse shoppers, Donahue informed his viewers repeatedly. http://zdnet.com.com/2100-1105-5329631.html Computer chips in uniforms: tracking inventory or wearers? http://www.usatoday.com/tech/news/surveillance/2004-08-30-rfid-uniforms_x.htm - - - - - - - - - - Deploying Network Access Quarantine Control, Part 2 In the last article, I stepped through how the process of network access quarantine control (NAQC) works and offered detailed deployment instructions. In this second and final installment, I'll continue the procedure by finishing the deployment, then discuss how ISA Server 2004's entrance to the marketplace changes the field of NAQC and how quarantining is implemented within ISA Server itself. http://www.securityfocus.com/infocus/1799 Previous installment: http://www.securityfocus.com/infocus/1794 - - - - - - - - - - DHS beams over SEVIS Homeland Security officials are touting the success of the 1-year-old Web-based system that tracks foreign students at U.S. universities and colleges and has led to 187 arrests for various violations. http://www.fcw.com/fcw/articles/2004/0823/web-sevis-08-27-04.asp *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.