NewsBits for October 28, 2004 ************************************************************ Secret Service busts online organized crime ring The undercover operation nabbed 28 individuals involved in ID theft. In what it called an "Information Age undercover investigation," the U.S. Secret Service today announced that it has arrested 28 people from eight U.S. states and six countries allegedly involved in a global organized cybercrime ring. Charges filed against the suspects include identity theft, computer fraud, credit card fraud and conspiracy.,10801,97017,00.html - - - - - - - - - - Police arrest man for internet fraud Police have arrested an Emmet County man on charges that he defrauded several people out of thousands of dollars under the guise of fraudulent electronic equipment sales over the Internet. Cody Lee Mork, 20, of Petoskey was arraigned today, Wednesday, on charges of false pretenses $1,000-$20,000, a five-year felony; larceny by conversion $1,000- $20,000; a five-year felony; and using a computer to commit a crime, a seven-year felony. - - - - - - - - - - AOL Takes Spimmers and Spammers to Court America Online and other members of the Anti-Spam Technical Alliance have filed a new wave of lawsuits against senders of spam, including the first suits against senders of "spim" -- spam sent across instant messaging networks. America Online says it has filed two new lawsuits in Federal court against spammers, while its partners in the Anti-Spam Technical Alliance filed suits of their own.,39020651,39171919,00.htm - - - - - - - - - - File Sharers Win More Protection Alleged file sharers must be given a notice explaining their legal rights before their internet service provider hands over any personal information to the music labels, a Pennsylvania judge ruled, making it still harder for the music industry to use the courts to intimidate people suspected of piracy. Privacy advocates called the Oct. 12 order by U.S. District Judge Cynthia Rufe a positive step in protecting the privacy and due process rights of accused copyright infringers.,1412,65516,00.html RIAA targets students in new file-swapping suits - - - - - - - - - - Virus variant targets Google The latest variant of the Zafi worm, discovered Wednesday, is programmed to launch distributed denial-of-service attacks on Google, Microsoft and the Web site of the Hungarian Prime Minister. Mikko Hypponen, director of antivirus Research at F-Secure, said that if the new version, Zafi.C, is worse than Zafi.B, there could be trouble. But he was noncommittal about whether Zafi.C is much to worry about at this point.,39020375,39171748,00.htm - - - - - - - - - - Flaws found in Windows-based media players Microsoft Windows users need to watch out for several flaws in non-Microsoft media players, security experts said. Apple Computer and RealNetworks have both issued fixes for their Windows software to patch serious security vulnerabilities. Apple released Quicktime 6.5.2 on Wednesday to plug two holes in its Windows media player. On Tuesday RealNetworks advised users of its RealPlayer 10, RealPlayer 10.5 and RealOne Player software to use the "Check for Updates" feature to download the latest patch. - - - - - - - - - - Report: DHS has 'significant deficiency' in info security The Homeland Security Department's inspector general has completed an information security audit of the agency, which shows DHS officials are still struggling with internal cybersecurity issues. The report, released Oct. 27, highlights areas in which DHS officials have improved the department's information security practices and policies. But the overall tone of the report is negative. "We recommend that DHS continue to consider its information systems security program a significant deficiency for" fiscal 2004, the IG auditors state in the report's summary. - - - - - - - - - - Plan coming for DOD networks Officials in the new organization that oversees operation and protection of the military's computer networks will unveil a plan in early December that sets network priorities through 2006. The 500-day plan for the Joint Task Force- Global Network Operations coincides with another initiative that leaders of the new group are preparing. It identifies officials from the military services and Defense Department agencies to participate in the initiative to achieve structure and discipline. - - - - - - - - - - Website punts caller ID spoofing to the masses A new website offer subscribers a simple web interface to a caller ID spoofing system that lets them appear to be calling from any number they choose. Called "Camophone", the service functions much like the site that struggled with an abortive launch last month: a user types in their phone number, the number they wish to call, and the number they'd like to wear as a disguise. - - - - - - - - - - Army applet will help secure smart cards In January, the Army will begin offering an open-source, Java Applet interface to the Common Access Card to provide secure, encrypted communication and digital signature capabilities. The J-CAC software program, developed by the Army program manager for Secure Electronic Transactions-Devices and DODs Rapid Acquisition Incentive program, will be available in January to any developer across the Defense Department who wants to enable their cards with a public- key infrastructure. - - - - - - - - - - NIST releases new fingerprint image software The National Institute of Standards and Technology has released an updated version of a suite of tools for handling digital fingerprint images. NIST Fingerprint Image Software 2 was developed by NISTs Image Group for the FBI and Homeland Security Department and is available free to U.S. law enforcement agencies as well as to biometrics manufacturers and researchers. The CD contains source code for 56 utilities and a users guide. - - - - - - - - - - ID card bill changes praised The changes to the Home Office's ID card plans have been said to be 'a very significant move to address concerns'. A parliamentary committee has welcomed the news that the Home Office will take independent advice on biometrics from chief scientific officer. The Home Office has improved its plans for compulsory identity cards, according to Parliament's home affairs select committee.,39020651,39171916,00.htm Biometric passports win EU approval,39020651,39171741,00.htm - - - - - - - - - - Hacking--do the pros now rule? The chief scientist of security company Internet Security Systems believes 2004 could prove to be a watershed year for hacking. Robert Graham says that many hackers are graduating into the pro ranks, a development that carries worrisome implications for corporate security. - - - - - - - - - - Security highlights from around the Web Federal agencies have started releasing their security audit reports, which are used in the governments annual computer security report card, reports. Many agencies in the past havent scored well although the reports suggest some are doing better. The Social Security Administration, which earned a "B+" last year, reported that it suffered no security incidents at all in the 2004 fiscal year no root or user compromises, no defacements, no viruses and no DDoS attacks, the article says.,10801,80400,00.html - - - - - - - - - - Information security: How liable should vendors be? Information insecurity is costing us billions. We pay for it in theft: information theft, financial theft. We pay for it in productivity loss, both when networks stop working and in the dozens of minor security inconveniences we all have to endure. We pay for it when we have to buy security products and services to reduce those other two losses. We pay for security, year after year.,,96948,00.html - - - - - - - - - - A guide to buying extrusion-prevent products In my previous articles, I introduced the concept of extrusion, or the unauthorized network transfer of sensitive digital assets. Here are a few true examples: cc'ing a supplier by mistake on a classified RFP document. Production servers with anonymous file transfer protocol (FTP) turned on. Break-ins, bribes and double agents (workers who spy for other groups or companies). The actuary who went to work for the competition.,,96934,00.html Extrusion: The story of 'trusted' digital insider theft,10801,90952,00.html Extrusion Part 2: Insider theft of digital assets -- best (and not so best) practices,10801,92749,00.html Part III: Insider theft and the role of regulation,10801,93624,00.html *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2004,, Campbell, CA.