NewsBits for December 6, 2004 ************************************************************ Aussie jailed for flogging bogus Canon servers An Australian man has been jailed for ripping off millions of dollars by selling counterfeit computer equipment. John Michael Parker, as a director of a reseller called Matrix, had an exclusive distribution deal for Canon equipment in Toowoomba, Queensland. http://www.theregister.co.uk/2004/12/06/dodgy_aussie_reseller/ - - - - - - - - - - Internet fraud is easy, says judge... A judge has told a court in Leicester that it's a doddle to swindle people on the net. His remarks came as he sentenced Sara Hambridge, 28, from Leicester, who netted more than PS3,000 when she sold non-existent tickets to the Glastonbury festival via eBay. http://www.theregister.co.uk/2004/12/06/ebay_judge_glastonbury/ - - - - - - - - - - Hi-tech gamblers get away with PS1.3m Ritz Casino loses out as police clear roulette 'scammers'. Three Ritz Casino gamblers have been cleared of cheating by UK police and allowed to keep PS1.3m they won using a modified mobile phone to predict roulette results. http://www.vnunet.com/news/1159911 - - - - - - - - - - Lycos antispam campaign bites the dust The zombie army created by Lycos screen savers to attack spammers' Web sites has been dismantled. The controversial attempt to attack spammers by bombarding their web sites with traffic from thousands of individual PCs is over. http://news.zdnet.co.uk/0,39020330,39179157,00.htm Lycos goes straight After a week of well-deserved criticism, Lycos is abandoning its scheme to launch denial-of-service attacks against spammy websites. Did the company reform in time to avoid criminal prosecution? A short-lived project by Lycos's European subsidiary to give users a method to "attack" spammers was an overall bad idea, albeit motivated by a laudable goal. http://www.theregister.co.uk/2004/12/06/lycos_goes_straight/ - - - - - - - - - - Smartphone users offered free antivirus Smartphone users have today been offered free antivirus and anti-spam software for their handsets - but only for a limited period. The offer from security firm Trend Micro is only open to devices that use the Windows Mobile 2003 operating system, but a version for Symbian and Pocket PC devices will be out in January. http://www.vnunet.com/news/it/1159884 - - - - - - - - - - Wireless detectives secure the airwaves Sometimes, the best defense is a good offense. Although new specifications promise to boost security for wireless local-area networks, agency officials would be wise to deploy emerging monitoring solutions that alert administrators about cyberthreats and, in some cases, take action to block them. http://www.fcw.com/fcw/articles/2004/1206/feat-wireless-12-06-04.asp - - - - - - - - - - Who would you like to attack today? A massive rise in phishing attacks this year may lead on to customised email security attacks targeted specifically at individual or small groups of companies, according to email security firm MessageLabs. In September 2003 MessageLabs intercepted 279 phishing emails. In September 2004, it netted more than two million. So far this year, MessageLabs has intercepted more than 18 million phishing-related emails. http://www.theregister.co.uk/2004/12/06/messagelabs_2004_report/ - - - - - - - - - - SP5 U-turn hits Windows 2000 Microsoft has cancelled the long-awaited Service Pack 5 for Windows 2000, which it had said would contain important security updates. Windows 2000 SP5 would have brought the platform more in line with features in Windows XP. However, the software giant now says customers will find it easier to install a forthcoming security bundle instead. http://www.vnunet.com/news/1159870 Microsoft slips out database test release http://news.com.com/Microsoft+slips+out+database+test+release/2100-1012_3-5479227.html NT4 security support warning issued http://news.zdnet.co.uk/software/windows/0,39020396,39179159,00.htm - - - - - - - - - - India to work jointly with Russia to tackle cyber crime India's Cyber Emergency Response Team plans to jointly work with Russia to combat cyber crime, including virus and hacker attacks in their computer networks, a top IT department official said today. "We are trying to see how best our CERT can work with Russian authorities on Information Security and prevent attacks by virus, worms and hackers," Union IT Department Joint Secretary Madhavan Nambiar said here. http://www.ptinews.com/pti%5Cptisite.nsf/0/D464BC595DD4412365256F60003A7D05 - - - - - - - - - - New Jersey invests in security Officials in New Jersey's technology office are better prepared to respond to cyberattacks after deploying an advanced enterprise security appliance that detects and mitigates threats across the statewide network. http://www.fcw.com/fcw/articles/2004/1206/tec-nj-12-06-04.asp - - - - - - - - - - Ex-CIA Chief Gates Warns on Cyberterror Cyberterrorism could be the most devastating weapon of mass destruction yet and could cripple the U.S. economy, former CIA Director Robert Gates said at a terrorism conference Saturday. Gates, who became Texas A&M University's president in 2002 about a decade after he left the CIA, cited as an example the "love bug" virus that overwhelmed computer systems around the world in 2000. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/10346318.htm http://www.crime-research.org/news/05.12.2004/825/ - - - - - - - - - - NGA wants flight, sea data offline Officials at the National Geospatial-Intelligence Agency (NGA) will seek public comment through June on their proposal to remove from public access all of the agency's aeronautic and navigational data and publications. NGA officials want to take this action starting next October, according to a Dec. 2 agency statement. http://www.fcw.com/fcw/articles/2004/1206/web-nga-12-06-04.asp - - - - - - - - - - Cash crisis aids e-criminals Poor reporting of e-crime is leading to inadequate budgets for law enforcement. Patchy and inconsistent reporting of IT crime means the police are unable to secure funding proportionate to the problem, experts warned last week. As part of a range of proposals to tackle e-crime, IT lobby group Eurim called for a standard web-based form for reporting attacks. Eurim said such a mechanism would encourage firms to work with the police. http://www.vnunet.com/news/1159868 - - - - - - - - - - Phishing attacks skyrocket in 2004 The number of phishing attacks launched each month has increased nearly 10-fold this year, tech security company MessageLabs said Monday. The company, which has intercepted almost 20 million phishing e-mails throughout 2004, said in its annual report that the number of phishing attacks has soared from 337,050 in January to 4.5 million in November. The rate rose most sharply between June and July--from 264,254 to 2.5 million--which could be due to the widespread use of zombie networks. http://news.zdnet.com/2100-1009_22-5479145.html - - - - - - - - - - Gartner: Consumers dissatisfied with online security A survey conducted by Gartner Inc. shows that online consumers are growing frustrated with the lack of security provided by banks and online retailers and feel that passwords are no longer sufficient to secure their online transactions. http://computerworld.com/securitytopics/security/story/0,10801,98083,00.html - - - - - - - - - - Revised draft smart-card specs expected by March The Government Smart Card Interagency Advisory Board is reworking the National Institute of Standards and Technologys draft standard for governmentwide identification cards. The board will revise NIST Special Publication 800-73 as well as the proposed Federal Information Processing Standard 201 based on it. The goal is to accommodate agencies existing personal identity verification (PIV) cards, said NISTs Curt Barker, co-chairman of the PIV project. http://www.gcn.com/vol1_no1/daily-updates/28031-1.html - - - - - - - - - - Detecting Complex Viruses There are many metrics by which to measure the efficiency and effectiveness of an antivirus product and the response organization that is backing it. Some of the commonly used metrics today include the antivirus company's response time to new threats and well as the availability of proactive detection. But are these metrics enough? http://www.securityfocus.com/infocus/1813 - - - - - - - - - - Spyware on My Machine? So What? Not all web surfers think spyware is a problem. Some say the snoopy software is a fair trade-off for free applications, even with the intrusion into their computers and lives. "Typically the assumption has been that spyware sneaks onto computers, or users are unaware of what they have agreed to install," said Gregg Mastoras, a senior security analyst at antivirus vendor Sophos. "But some people actually do knowingly install adware because they want to use a particular application that comes bundled with it. Some just aren't particularly concerned by adware's presence on their computers." http://www.wired.com/news/technology/0,1282,65906,00.html - - - - - - - - - - Security highlights from around the Web Quit blaming users: Web usability expert Jakob Nielsen has an insightful column on why its unreasonable to place the burden for computer security on users. Rather than user education, he recommends changing the technology to make it simpler and more automated. Computer security is too complicated and the bad guys are too devious and inventive, Nielsen writes. http://computerworld.com/networkingtopics/networking/vpn/story/0,10801,80400,00.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.