NewsBits for October 7, 2004 ************************************************************ Cybersecurity expert Howard Schmidt returning to DHS Howard Schmidt, a former Bush administration cybersecurity adviser, will return to government as a consultant to the Homeland Security Department. DHS officials briefed congressional staff members yesterday about their plans to use Schmidt as an IT security adviser. A DHS official familiar with the Capitol Hill briefing confirmed the plans. Schmidt will not be paid by DHS but by the Computer Emergency Readiness Team Coordination Center, a federally funded R&D center run by Carnegie Mellon University, the official said. http://www.gcn.com/vol1_no1/daily-updates/27548-1.html http://computerworld.com/securitytopics/security/story/0,10801,96470,00.html Interim cybersecurity chief named The Department of Homeland Security named an acting U.S. cybersecurity chief on Thursday as Congress weighed whether to give the position greater clout to fight hackers, viruses and other online threats. Andy Purdy was named interim U.S. cybersecurity director one week after Amit Yoran suddenly resigned from the post amid reports that he was frustrated with his lack of authority. Purdy was Yoran's deputy and had advised the White House on cybersecurity issues. http://www.cnn.com/2004/TECH/10/07/cyber.security.reut/index.html - - - - - - - - - - Hacker attempted to steal $ 1'000'000 Hacker was arrested when accessed to computer system of AVAL Bank and tried to steal about 5000000 Ukraine Hrivnas (about $1000000) from the account of Zaporozhye Custom-house. According to Chief of Investigation Departmentof Zaporozhye Office of Public Prosecutor Alexander Koshman, hacker accessed to Electronic Funds Transfer System and created fake payment order for 4914438 Ukraine Hrivnas (about $ 930000). This sum had to be transferred to account of Private Company in Dnepropetrovsk, Ukraine. http://www.crime-research.org/news/07.10.2004/694/ - - - - - - - - - - Trojan pretends to do good Security company Symantec is warning Internet users of a Trojan horse that removes adware but alters the settings in computers. While Downloader.Lunii eliminates a variety of adware programs--often known as spyware-- the Trojan also tries to maliciously change the security settings of Windows PCs and then downloads files from unknown Web sites, Symantec said. http://news.zdnet.com/2100-1009_22-5400982.html - - - - - - - - - - Noomy.A virus spreading via chat rooms IRC users hoodwinked with promise of software cracks and Kournikova screensavers. Security experts have warned internet users to update their antivirus systems to protect against a newly discovered worm dubbed Noomy.A, which "could represent a new trend in malicious code techniques". http://www.vnunet.com/news/1158607 - - - - - - - - - - Police solicitor child porn charge A NSW police solicitor was among hundreds of men charged with child pornography offences after a nationwide crackdown on Internet child porn, police said today. The 55-year-old man from Annandale was arrested in August after he was allegedly seen downloading child pornography in a Sydney Internet cafe. http://www.news.com.au/common/story_page/0,4057,10997994%255E1702,00.html - - - - - - - - - - Huge child-porn library seized POLICE believe they have seized the country's biggest child pornography library after 350,000 images of young girls were allegedly discovered at the suburban home of a Perth computer technician. Raymond John Belcher, 36, is alleged to have also amassed a collection of 6400 pornographic short videos of underage girls on a series of hard drives stored at his home in the northern Perth suburb of Woodvale. http://www.news.com.au/common/story_page/0,4057,10994325%255E15306,00.html - - - - - - - - - - Child-porn: Cop breakthrough A 46-year-old man was arrested on Friday in what Gauteng police have described as a major breakthrough in an investigation into the production and distribution of child pornography. Superintendent Lungelo Dlamini said the man was arrested at his home in Muldersdrift, west of Johannesburg, and his girlfriend taken in for questioning. It was believed the man produced and distributed pornographic material involving children, and also designed his own web pages. http://www.news24.com/News24/South_Africa/News/0,,2-7-1442_1598525,00.html http://www.news24.com/News24/South_Africa/News/0,,2-7-1442_1598632,00.html - - - - - - - - - - Paramedic accused of soliciting Internet sex A 40-year-old Citrus County Emergency Medical Services paramedic was arrested Tuesday when he was accused of soliciting sex to undercover detectives posing as a 14-year-old girl, authorities said Wednesday. Donald Joseph Hartley of Beverly Hills in Citrus County has since been fired from his job. He was released on a $5,000 bond and faces a charge of sexual solicitation of a minor via the Internet. http://www.hernandotoday.com/MGB75JT600E.html - - - - - - - - - - House passes bill imposing prison time over 'spyware' The House on Thursday passed the second bill in three days that would outlaw ``spyware,'' irritating software that quietly monitors the activities of Internet users. It would add penalties of up to five years in prison for people convicted of installing such programs without a computer user's permission. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9860491.htm - - - - - - - - - - Email privacy strikeout suspended Privacy groups have succeeded in persuading a First Circuit Appeals Court to reopen a case with some nasty unintended consequences for email users. A June ruling inadvertently opened the door for spooks and Feds to snoop on email without a court order, but that's now been suspended, pending the hearing in December. http://www.theregister.co.uk/2004/10/07/email_wiretap/ - - - - - - - - - - Child porn legal loophole closed A LEGAL time limit which has hampered police investigating child pornography crimes will be removed under changes to NSW laws. Reforms come as police yesterday said alleged offenders had slipped through their net because of the loophole. Investigators currently only have two years to lay charges against offenders under the statute of limitations on possessing child pornography. http://www.news.com.au/common/story_page/0,4057,10995359%255E421,00.html - - - - - - - - - - Senate talks fail on file-sharing software Entertainment groups and consumer organizations were unable Thursday to reach a compromise over a Senate proposal aimed at manufacturers of file-sharing software commonly used to steal electronic copies of music, movies and computer programs. The Induce Act, strongly supported by Senate Judiciary Committee Chairman Orrin Hatch, R-Utah, would make manufacturers of such software liable for inducing people to commit copyright infringement. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9861329.htm - - - - - - - - - - European file-swappers face litigation Users who make large numbers of files available for download -- rather than those who download files -- over peer-to-peer file sharing networks in Europe are the latest targets of the music industry. The piracy-battered music industry says it will sue British, French and Austrian music fans for the first time as it intensifies its legal crackdown on Internet song-swappers. http://news.zdnet.co.uk/business/legal/0,39020651,39169298,00.htm http://www.msnbc.msn.com/id/6197397/ D.C. showdown looms over file swapping http://news.com.com/D.C.+showdown+looms+over+file+swapping/2100-1025_3-5400128.html - - - - - - - - - - Feds plan crackdown on intellectual property theft The Justice Department will launch its most aggressive crackdown on intellectual property theft next week, Attorney General John Ashcroft said Wednesday. Ashcroft told a conference of prosecutors who specialize in computer crime that the Justice Department response to intellectual property theft ``must be as forceful and aggressive and successful as our response to terrorism and violent crime and drugs and corruption has been.'' http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9853099.htm - - - - - - - - - - Government backs IT security standard The government is introducing an accreditation scheme - similar to the familiar kitemark - to ensure IT security products meet quality standards. Computing has been calling for such a programme for the past two years as part of its Trust campaign. http://www.vnunet.com/news/1158606 Corporations too trusting of Indian security http://www.theinquirer.net/?article=18939 - - - - - - - - - - Fake companies, real money T-Data, a small New-York based software company, doesn't take credit cards -- never has in its 20- year history. But a few weeks ago, owner Jeff Duhl found himself looking over $15,000 worth of credit card charges seemingly accepted by his store. http://www.msnbc.msn.com/id/6175738/ - - - - - - - - - - Fraud warning for UK resellers A scammer is attempting to defraud UK resellers by passing themselves off as Nascent Technologies. The firm is warning that it has been contacted by several people who received orders apparently from Nascent Technologies and were about to send out kit. The police have been informed and are investigating. http://www.theregister.co.uk/2004/10/07/reseller_frauds/ - - - - - - - - - - Flaw found in older Office versions A security company warned Thursday that a flaw in Microsoft Office could allow a denial-of- service attack to be executed on systems running somewhat older versions of the popular productivity suite. Secunia issued an advisory saying a buffer overrun flaw has been found in Office 2000, and potentially also in Office XP, that could allow hackers to take over a user's system. The company rated the flaw as "highly critical." http://news.zdnet.com/2100-1009_22-5401814.html - - - - - - - - - - Microsoft delays IM beta over security concerns Microsoft confirmed on Thursday that it has suspended the beta release of MSN Messenger 7.0 because of a potential security hole affecting one of the program's features. The security concern stems from a feature called "winks," essentially Flash- based animated buddy icons with sound effects that users can send to one another. Apparently hackers can exploit the hole to send their own unauthorized winks to people, causing a "security problem" for the recipient, a Microsoft representative said. http://news.zdnet.com/2100-9588_22-5401516.html http://computerworld.com/securitytopics/security/story/0,10801,96475,00.html - - - - - - - - - - Market for IPv6 security is starting to grow IP Version 6, the next-generation Internet Protocol, is still in the early adoption phase, but commercial demand for tools to secure IPv6 networks is beginning to grow, according to one vendor. Check Point Software Technologies Ltd. of Redwood City, Calif., has installed 750 of its combination firewall and VPN products on IPv6 networks this year, said Andrew Singer, the companys manager of market intelligence. http://www.gcn.com/vol1_no1/daily-updates/27552-1.html - - - - - - - - - - Fueling the Fire The latest Symantec Threat Report can provide us with information, knowledge, and even a little bit of wisdom -- about what has truly become an epidemic and an avenue for organized crime. Being an intellectual dilettante, the fields of Systems Theory and Knowledge Management interest me greatly. One of the key principles of those fields is the DIKW Hierarchy first developed by Russell Ackoff, the idea that human minds (ideally) interact with the world and progress through what they find in a hierarchical process, from Data to Information to Knowledge to Wisdom (Ackoff also adds Understanding, but not everyone does). http://www.securityfocus.com/columnists/271 - - - - - - - - - - Nine questions to ask when evaluating a security threat You've just learned that a new worm from a former Soviet country is spreading fast because it doesn't rely on e-mail it automatically exploits a vulnerability in Microsoft's Internet Information Server. Now what? Do you cancel your evening plans and stay late testing patches, or can you safely ignore this worm? http://computerworld.com/securitytopics/security/story/0,10801,96425,00.html 'Do the right thing' for continuous protection and network safety http://computerworld.com/securitytopics/security/story/0,10801,96417,00.html - - - - - - - - - - Defeating Honeypots: Network Issues, Part 2 It is a difficult problem to deploy honeypots, technology used to track hackers, that cannot be detected. The value of a honeypot is in its ability to remain undetected. In part one of this article we introduced some of the issues related to discovering and fingerprinting honeypots, and then we discussed a few examples such as tarpits and virtual machines. Now we'll continue the discussion with more practical examples for detecting honeypots, including Sebek-based honeypots, snort_inline, Fake AP, and Bait and Switch honeypots. http://www.securityfocus.com/infocus/1805 Defeating Honeypots: Network Issues, Part 1 http://www.securityfocus.com/infocus/1803 *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.