NewsBits for September 23, 2004 ************************************************************ Code to exploit Windows graphics flaw now public A sample program hit the Internet on Wednesday, showing by example how malicious coders could compromise Windows computers by using a flaw in the handling of a widespread graphics format by Microsoft's software. Security professionals expect the release of the program to herald a new round of attacks by viruses and Trojan horses incorporating the code to circumvent security on Windows computers that have not been updated.,39037064,39194791,00.htm - - - - - - - - - - US credit card firm fights DDoS attack US credit card processing firm Authorize.Net is fighting a sustained distributed denial of service (DDoS) attack that has left it struggling to stay online. In a statement to users posted yesterday, Authorize.Net said it "continues to experience intermittent distributed denial of service (DDoS) attacks. Our system engineers have successfully minimised the impact of each attack and have quickly restored services to affected merchants. Attacks disrupt some credit card transactions Credit card leaks continue at furious pace - - - - - - - - - - Laptop stolen at London security event Police are investigating a theft at the Gartner IT Security Summit after the laptop of one attendee was stolen from the exhibition in London. The portable computer belongs to identity management firm Netegrity and was taken from behind the firm's stand on the vendor floor of the Summit held at the Hilton Metropole on Edgware Road.,39024655,39124239,00.htm - - - - - - - - - - MPAA goes after 'parasitic' film Web sites The film industry is hunting down sites selling illegal copies of movies by download - 'the worst elements of the pirate community' The Motion Picture Association of America says it has sued a company that sells Internet downloads of current movies like "I, Robot" and "Spider-Man 2" without permission.,39020651,39167604,00.htm - - - - - - - - - - 14 knifed in Chinese cybercafe attack Fourteen people have been knifed in a Chinese internet cafe after two men ran amok in a terrifying 20 minute attack. Most of those hurt in the Beijing attack received knife wounds to the back and face. One woman is in a serious condition, according to the Beijing Times by way of AFP. The motive is not known although there's speculation it could be revenge. Police have detained a number of suspects in connection with the incident. - - - - - - - - - - Veterans warned against e-mail hoax Don't fall for an Internet hoax that tries to convince veterans that the National Personnel Records Center (NPRC) plans to destroy all paper military records. That's the message from Scott Levins, assistant director of military records at NPRC, a St. Louis- based division of the National Archives and Records Administration, who debunked the official-looking fake message circulating via e-mail and on veterans-related Web sites. - - - - - - - - - - Jail time for California file swappers? California Gov. Arnold Schwarzenegger signed a law Tuesday establishing fines and potential jail time for anonymous file swappers. The new law says that any California resident who sends copyrighted works without permission to at least 10 other people must include his or her e-mail address and the title of the work. Swappers who do not include this information will face fines of up to $2,500 and up to one year in prison. - - - - - - - - - - Senator calls for Patriot Act scale-back Under a provision of the 2001 USA Patriot Act intended to give system owners the ability to work with officials to combat intruders, the FBI and other agencies can surveil the communications of an electronic trespasser to, from or through a computer, provided the "owner or operator of the protected computer authorizes the interception." - - - - - - - - - - BSA now pushing 700 software piracy probes in the U.S. The Business Software Alliance, the chief watchdog for U.S. software publishers, rarely raids enterprise customers with federal marshals and court orders, according to Robert M. Kruger, chief enforcement officer for the Washington-based nonprofit organization. But that doesn't mean Kruger and other BSA piracy cops are easing up on their investigations. Even though the incidence of software piracy worldwide has dropped, the BSA still has 700 active investigations into software piracy across the U.S., Kruger said yesterday. The incidence of piracy has gone from roughly 50% of all software being used 10 years ago to about 33% today.,10801,96109,00.html - - - - - - - - - - House drops plans to move cybersecurity role to White House House Republican leaders backed away Thursday from a proposal to move important cybersecurity functions from the Homeland Security Department to the White House budget office. House to propose returning cybersecurity offices to White House Cybersecurity overhaul legislation DOA in Congress,10801,96126,00.html - - - - - - - - - - Virus-obsessed firms ignore insider risk Company chiefs are aware of the threats of information security breaches posed by their employees, but are failing to safeguard their assets against insider attack. Keeping control of security will only get more difficult as organisations move toward increasingly decentralised business models through outsourcing and other external partnerships, Ernst & Young's 2004 Information Security Survey warns. - - - - - - - - - - Microsoft: To secure IE, upgrade to XP If you're one of about 200 million people using older versions of Windows and you want the latest security enhancements to Internet Explorer, get your credit card ready. Microsoft this week reiterated that it would keep the new version of Microsoft's IE Web browser available only as part of the recently released Windows XP operating system, Service Pack 2.,39020375,39167607,00.htm - - - - - - - - - - Microsoft-backed antispam spec gets filtered out A Microsoft-backed proposal for verifying the source of e-mail has been shelved by the Internet engineers working to turn it from specification to standard, in a final blow for antispam technology Sender ID. - - - - - - - - - - US considers spammer bounties In an attempt to combat junk email, the US government is considering a scheme to reward whistleblowers in spam cases. If the reward scheme worked well, it could have a knock-on effect, reducing spam in the UK and elsewhere, given that most spam originates in the US. - - - - - - - - - - DOD relents on overseas voting site Pentagon officials have backed off of their decision to block access to a Web site providing voting information for Americans living overseas.Military officials had previously decided to block access to the Federal Voting Assistance Program Web site for Internet service providers in 25 countries, saying the move was necessary to protect the site from hackers. But the move was protested by the public and three Congressional Democrats. - - - - - - - - - - Nokia to secure its smartphones F-Secure has signed a deal with Nokia to provide antivirus software for its Symbian-based smartphones. Nokia is set to implement antivirus software on its mobile phones. Following a deal with its fellow Finns at antivirus firm F-Secure, Nokia intends to roll out the software on its 6670 smartphone next month.,39020330,39167600,00.htm - - - - - - - - - - Technology and the 9/11 Commission The 9/11 Commission report reaffirms the importance of protecting individual identities both from theft and from unauthorized use by criminals and terrorists --and the costs of failing to do so. In its report, released in July, the panel said: "Fraud in identification is no longer just a problem of theft... sources of identification are the last opportunity to ensure that people are who they say they are and to check whether they are terrorists." - - - - - - - - - - Three keys to a secure converged network Early, proprietary voice-over-IP systems delivered excellent voice quality, but they didn't address the new risks associated with a converged network. These first-generation systems also failed to open their protocols and interfaces to create truly converged networks. Addressing this barrier to creating the true converged communications system requires secure, predictable and efficient services for a wide range of diverse applications on a common network. To that end, the fundamental approach to networking design and architecture must be updated.,,96093,00.html - - - - - - - - - - Beware of the Web's voyeurs Software known as spyware can track your every keystroke. How dangerous is that? Sometimes very. In a hushed voice, a blushing co-worker asked for help with his computer. The embarrassed editor explained that immediately after launching his web browser, he turned off his monitor in panic. That's because a huge pornographic image commandeered the entire screen with no obvious way to get rid of it. (LA Times article, free registration required),1,2674452.story - - - - - - - - - - Online Theft Identity theft meets the global virus epidemic, enabling fraud that has finally started to get people's attention. Last year I was the victim of identity theft, a sobering reality in today's world. An unscrupulous criminal managed to social engineer his way past the formidable security checks and balances provided by my credit card company, my bank, and one of my investment accounts. - - - - - - - - - - Wireless tip: Don't hide from risk The best wireless network security is to not have a wireless network, according to Defense and intelligence experts who spoke today at a conference in Washington, D.C., sponsored by E-Gov, which is part of FCW Media Group. But because that is not always a practical solution, they offered other tips to keep intruders out of the network and to keep data safe. - - - - - - - - - - Fast ways to protect your IT infrastructure Each week asks a different expert to give their views on recent virus and security issues, with advice, warnings and information on the latest threats. This week Matthew Gingell, marketing director of TeleCity, suggests steps managers can take to their improve disaster recovery strategy that don't necessitate high- level and expensive business continuity plans. - - - - - - - - - - Detecting Worms and Abnormal Activities with NetFlow, Part 2 In the first part of this article series, we looked at what NetFlow is and how it can be used in the early detection of worms, spammers, and other abnormal network activity for large enterprise networks and Internet service providers. The article discussed some of the most common methods of flow-based analysis: Top N, Baseline and Pattern Matching techniques. - - - - - - - - - - Lawmakers seek diploma mill crackdown The FBI, Postal Service, Government Accountability Office and Federal Trade Commission should confront diploma mill operators with prosecution and enforcement, witnesses and lawmakers said at a congressional hearing today. A little law enforcement and publicity would go a long way toward stemming the diploma mill problem, said Michael Castle (R-De.) at a hearing of the House Education and Workforce Subcommittee on 21st Century Competitiveness. *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2004,, Campbell, CA.