NewsBits for October 19, 2004 ************************************************************ Hacker hits UC-Berkeley computer Culprit accesses names, Social Security numbers A computer hacker accessed names and Social Security numbers of about 1.4 million Californians after breaking into a University of California, Berkeley, computer system in perhaps the worst attack of its kind ever suffered by the school, officials said Tuesday. http://www.msnbc.msn.com/id/6285759/ - - - - - - - - - - 419ers take Aussie financial advisor for AU$1m A Melbourne financial manager faces a hefty prison sentence after stealing AU$1m from his clients and handing it over to Nigerian advance fee fraudsters. Robert Andrew Street, 58, fell for a classic 419 scam after receiving an email from the Reverend Sam Kukah offering him a cool $65m in return for relocating cash held by Nigeria's Presidential Payment Debt Reconciliation Committee. Naturally, Street quickly learned that there were certain expenses he had to meet to oil the wheels of the illicit transfer. http://www.theregister.co.uk/2004/10/19/aussie_419_victim/ - - - - - - - - - - 13-Year-Old Charged In Child Porn Case A 13-year-old Lacey boy who posted pictures of himself on the Internet was charged with possessing and dealing in child pornography. A Thurston County deputy prosecutor, John Skinder, said the boy was charged Friday with possessing and dealing in depictions of a minor engaged in explicit behavior. He was released to his parents while the case is pending. If convicted he faces up to 60 days in juvenile detention. http://www.kirotv.com/news/2455821/detail.html - - - - - - - - - - Virus writers undeterred by Microsoft bounty Since the start of 2004, the people responsible for creating MyDoom and Netsky have released on average more than one new variant every week. The latest version includes a message warning antivirus researchers to expect more of the same. http://software.silicon.com/malware/0,3800003100,39125083,00.htm - - - - - - - - - - Watchdog issues porn dialler guidelines The body that regulates premium-rate telephone services has issued guidance telling users how to deal with porn diallers. The leaflet from ICSTIS explains how to distinguish legitimate dialler services from those that reroute dial- up connections by tricking consumers. It also explains how to make a complaint if you think you have been duped into downloading a dialler. http://www.vnunet.com/news/1158849 - - - - - - - - - - Study: Few use phishing to troll for data Phishing expeditionsthe use of legitimate-seeming e-mail to coax people into revealing personal and financial informationare relatively small in number but precisely targeted, a new study by a security company concludes. Less than 1 percent of e-mail messages passing through IronMail security appliances deployed by CipherTrust Inc. during the first half of October were phishing attacks, the Atlanta company found. http://www.gcn.com/vol1_no1/daily-updates/27647-1.html - - - - - - - - - - F-Secure breaks security gadgets F-Secure has been testing -- and breaking -- some physical security products this week. The Finnish company's marketing department asked laboratory staff to test out some security gadgets, including laptop locks, used to secure computers used at tradeshows and conventions. But the boys in the lab found some disastrous results. http://news.zdnet.co.uk/0,39020330,39170731,00.htm - - - - - - - - - - Symantec fires up firewall appliance for smaller firms Symantec plans to formally announce next week a new firewall security appliance, in a move to attract companies with remote users or branch offices. The Symantec Gateway Security 400 series is the third product to be added to the company's firewall appliance line in the past 13 months, as the security vendor looks to further expand its offerings beyond its consumer business and focus on corporate customers. http://news.zdnet.com/2100-1009_22-5417653.html - - - - - - - - - - Advanced protection Officials at TippingPoint Technologies Inc. have released a new intrusion-prevention system that includes advanced protection against denial-of- service attacks. UnityOne-100E, the latest addition to the security company's line of intrusion-prevention systems, performs at 100 megabits/sec. http://www.fcw.com/fcw/articles/2004/1018/tec-tipping-10-18-04.asp - - - - - - - - - - ID scheme? 'Nah, it'll never fly', says UK eGov head The Register's department of bizarre coincidence notes with some concern Sainsburys' squeal of 'It was Accenture!' with reference to its sad IT disaster, together with the arrival at uk.gov of Ian Watmore, formerly UK MD of, er, Accenture. Watmore's role as head of e-government has been differentiated from that of his predecessor, e-envoy Andrew Pinder, as being an enabler rather than an evangelist. http://www.theregister.co.uk/2004/10/19/weird_watmore_interview/ UK preps major security awareness campaign http://www.theregister.co.uk/2004/10/19/it_sec_education/ - - - - - - - - - - Let's Get Serious About Cybersecurity Last week, there were two stories that indicated how complacency is abroad and well in both the business and Government environments. The SysAdmin, Audit, Network Security (SANS) Institute specializes in information security training and certification. Last week in London, it unveiled its SANS Top-20 2004 on the most critical Internet threats facing organizations at a conference held at the Department of Trade and Industry, noting that on-line extortion was widespread. http://www.crime-research.org/news/19.10.2004/725/ - - - - - - - - - - Blueprints for terrorists? When David Lochbaum perused a government Web site one day last summer, he came across documents he thought would be of limited value to the public -- but a potential bonanza for terrorists. http://www.cnn.com/2004/US/10/19/terror.nrc/index.html Cyber-terrorists, who are they? http://www.crime-research.org/news/19.10.2004/724/ - - - - - - - - - - Hacks in tizz over Google search facility THE GENTLEWOMEN and gentlemen at Associated Press seem to have got their knickers in a twistabout Google's new search tool which indexes a PC's contents to help to quickly find stuff. In a story, Anick Jesdanun said that the whole thing is a big security risk because "if it's installed on computers at libraries and Internet cafes, users could unwittingly allow people who follow them on the PCs, for example, to see sensitive information in e-mails they've exchanged". http://www.theinquirer.net/?article=19158 - - - - - - - - - - Securing Exchange With ISA Server 2004 You might be thinking that running Exchange Server 2003 on the Internet itself is tempting, however you should be concerned with the security issues in doing so -- there are many attacks and automated scripts in the hands of hackers that pound on Exchange machines and attempt to compromise them. http://www.securityfocus.com/infocus/1807 - - - - - - - - - - Tussling over victims' privacy Department of Housing and Urban Development officials have amended standards for collecting data about the nation's homeless population after social activists and privacy advocates complained that the information could be used to create a national system for tracking domestic violence victims in shelters. http://www.fcw.com/fcw/articles/2004/1018/web-domes-10-19-04.asp - - - - - - - - - - Webcams at day care ease parents' concerns Like millions who scroll through personal e-mail, book flight reservations online or browse daily headlines, Ashley Hickman admits to a habit of checking on her 17-month-old daughter, Sydney, while sitting at her office computer. http://www.usatoday.com/tech/news/2004-10-18-daycare-webcams_x.htm - - - - - - - - - - 2-Fingerprint Border ID System Called Inadequate Terrorists who alter their fingerprints have about an even chance of slipping past U.S. border watch- list checks because the government is using a two- fingerprint system instead of one that relies on all 10 prints, a lawmaker said in a letter he made public yesterday to Homeland Security Secretary Tom Ridge. Rep. Jim Turner (D-Tex.) wrote that a study by researchers at Stanford University concluded the two-finger system "is no more than 53 percent effective in matching fingerprints with poor image quality against the government's biometric terrorist watch-list." Turner said the system falls far short of keeping the country secure. http://www.washingtonpost.com/wp-dyn/articles/A43276-2004Oct18.html - - - - - - - - - - Toon porn pushes erotic envelope online Reality has always been an insubstantial constraint for pornographers, but never has it been as trifling as it is in the thriving Internet niche of toon porn a world where impossible couplings among cartoon characters are as routine as bad plots and fake orgasms in the flesh and blood arena. Its impossible to definitively gauge the appetite for cartoon copulation on the Internet, but anecdotal evidence indicates it is strong and growing. http://www.msnbc.msn.com/id/6227619/ *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.