NewsBits for September 28, 2004 ************************************************************ Terrorists grow fat on email scams Organisations such as al-Qaeda, ETA en PKK are copying Nigerian scams to fund terrorism, two Dutch experts told Dutch daily De Telegraaf this week. Harald Koppe, head of the Dutch Unusual Transactions Reporting Office (MOT), and Harry Jongbloed of the Dutch criminal investigation department, say there is "strong evidence" from international crime fighting organisations such as the FBI that at least some of the terrorist funding is coming from advanced fee fraud (such as Nigerian-style scam emails) and the sale of pirated software, including CDs and DVDs. Using the internet to raise funds is fairly risk free, experts say. - - - - - - - - - - Hackers take advantage of Microsoft's JPEG flaw In a harbinger of security threats to come, hackers have exploited a newly announced flaw in Microsoft Corp. programs and begun circulating malicious code hidden in images that usethe popular JPEG format. Software tools to create the malicious images began appearing last month, and this week security experts saw images employing them posted on adult-oriented Usenet newsgroups.,1282,65116,00.html Windows image security hole breached,39020375,39168215,00.htm Security researchers say JPEG virus imminent Trojan horse exploits image flaw - - - - - - - - - - House votes to make video cameras in movie theaters a federal crime Using video cameras to record films in movie theaters would become a federal crime punishable by up to six years in prison under a bill passed Tuesday by the House. The legislation, called the Piracy Deterrence and Education Act, also would make it easier for the Justice Department to prosecute Internet users who illegally distribute large amounts of music and other copyrighted works. - - - - - - - - - - Law Sends Sharers to Slammer A new anti-piracy bill in California gives law enforcement another tool to crack down on copyright infringement, but critics say it will only divert resources away from fighting more important crimes. California Gov. Arnold Schwarzenegger signed a bill last week requiring file swappers to provide a legitimate e-mail address when they share music or movies online, or be charged with a misdemeanor. The law goes into effect in January.,1283,65062,00.html - - - - - - - - - - Schwarzenegger signs bill requiring e-vote paper trail Gov. Arnold Schwarzenegger signed legislation Monday that will bar the use of electronic voting machines that don't produce paper trails to verify votes. The requirement, which takes effect in 2006, is a response to concerns that the machines could be tampered with or produce incorrect results. - - - - - - - - - -, Microsoft Sue Phishers and Microsoft have filed suit in the U.S. District Court in Seattle against a Canadian based phisher that targets consumers by spoofing's well known Web site. This is just one of several recent proactive legal initiatives in the war against spam and online fraud. - - - - - - - - - - U.N. warns of nuclear cyber attack risk The United Nations' nuclear watchdog agency warned Friday of growing concern about cyber attacks against nuclear facilities. The International Atomic Energy Agency (IAEA) announced in a statement that it was developing new guidelines aimed at combating the danger of computerized attacks by outside intruders or corrupt insiders. - - - - - - - - - - Panelists call for more work on cybersecurity, no mandates Government and industry experts on Tuesday reinforced the industry mantra that regulation to improve cyber security would only do harm. But all agreed that more work needs to be done to adequately address computer- security problems. - - - - - - - - - - Cybersecurity measures not likely in intelligence reform After a week of at times acrimonious turf fighting about cybersecurity, it appears there will be only a small mention of the issue in a larger bill to reform the government's intelligence structure, congressional and private-sector sources said Tuesday. The bill being considered by various committees contains a provision that requires agencies to include cybersecurity in their planning, but two larger cyber-security measures will not be included. - - - - - - - - - - NSF announces latest round of cyber research funding The National Science Foundation is funding two research centers that will apply the techniques of life sciences to Internet security. A team at Carnegie Mellon University in Pittsburgh will use the tools of ecology to better understand interactions within and between networks to identify malicious anomalies. A team at the University of California at San Diego will borrow from epidemiology to examine how worms propagate. - - - - - - - - - - Anti-spam effort killed amid patent row The failure to reach consensus on the Microsoft- championed proposal known as Sender ID throws back to the free market a process many consider urgent in view of the unabating onslaught of spam. - - - - - - - - - - Oregon city tests intrusion detection tool Network administrators for Albany, Ore., are looking for an inexpensive way to nip network problems in the bud, before users start calling to complain. The city is testing the ReadyArm network security appliance from Avanton Inc. of Manhattan Beach, Calif., which uses intrusion detection and vulnerability scanning to monitor networks. The rack-mounted appliance comes loaded with security software and receives updates through the Internet. - - - - - - - - - - UK firm promises 'leak proof' secure email Normal email simply isn't secure, says jeftel, which sells its '.safe' email as totally watertight. Leeds-based company jeftel, which is backed by a local mysterymaire, has launched a 'leak proof' email system for a PS25 annual subscription.,39020375,39168211,00.htm - - - - - - - - - - McAfee updates target 'phishing McAfee has released updates to its spam prevention service and personal firewall software to help home users combat the growing form of online fraud known as "phishing." The new version of SpamKiller, released Tuesday, uses a multilayered filtering engine that's designed to keep in-boxes free of unsolicited, fraudulent and malicious e-mails, including those used as part of phishing scams, the company said. The filter is based on Bayesian technology, which learns from past examples to determine which kinds of e-mails should be blocked. - - - - - - - - - - Security problems 'can be conquered' IT Priorities Conference: Keynote speaker Martin Smith called for IT to be represented in the boardroom in order for companies to deal effectively with security issues,39020345,39168086,00.htm,39020375,39168216,00.htm Security leaders get bigger Linux on desktop will be 'cheaper and more secure', claim vendors,39020330,39168212,00.htm Securing wireless networks - it's the people, not the kit,39020375,39168096,00.htm E-business leaders say 'watch your customers',39020372,39168088,00.htm USB--short for 'ultimate security breakdown'? - - - - - - - - - - Defeating Honeypots: Network Issues, Part 1 To delude attackers and improve security within large computer networks, security researchers and engineers deploy honeypots. As this growing activity becomes a new trend in the whitehat community, the blackhats study how to defeat these same security tools. Though not everyone agrees on the power of honeypots, they are effective and are being deployed as tools -- and blackhats are already working to find ways to exploit and avoid them. The cyber battle continues. - - - - - - - - - - Technology and the 9/11 Commission The 9/11 Commission report reaffirms the importance of protecting individual identities both from theft and from unauthorized use by criminals and terrorists --and the costs of failing to do so. In its report, released in July, the panel said: "Fraud in identification is no longer just a problem of theft...sources of identification are the last opportunity to ensure that people are who they say they are and to check whether they are terrorists." House Homeland Security panel won't have say in 9/11 legislation - - - - - - - - - - Cell phone talker arrest refuels etiquette debate Can we talk about talking on cell phones? The matter has become more pressing in light of the way wireless gabbing happens in more and more settings and in view of the recent arrest of a woman in the Washington, D.C., are, reportedly accused of talking too loudly near a bus stop. *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2004,, Campbell, CA.