NewsBits for January 11, 2005 ************************************************************ ID thief gets prison; losses may have totaled $100 million A computer technician who prosecutors say touched off the largest identity theft in U.S. history was sentenced to 14 years in prison Tuesday by a judge who said the damage he caused was ``almost unimaginable.'' Philip A. Cummings, 35, of Cartersville, Ga., a former help-desk worker for a Long Island software company, apologized before U.S. District Judge George B. Daniels imposed the sentence in Manhattan. - - - - - - - - - - Software pirate jailed A US court has sentenced a man to 18 months in prison after he pleaded guilty to software piracy. A man has been sentenced to 18 months in an American jail and had his computer equipment seized for distributing pirated software worth up to $120,000.,39020651,39183596,00.htm - - - - - - - - - - Man held on sex charges after being lured into sting A Fremont resident was booked into jail Friday after he was picked up in a sting operation when he allegedly showed up for a sexual encounter with someone who he thought was a 13-year-old girl he had befriended on the Internet. But the ``girl'' was Sgt. Tom Sims of the San Jose police Internet Crimes Against Children Task Force. - - - - - - - - - - Belarussian men face child porn charges Two men from Belarus have been extradited to the United States to face charges in a child pornography case spanning the globe, the U.S. Immigration and Customs Enforcement Bureau said on Tuesday. Yahor Zalatarou, 26, and Alexei Buchnev, 27, both of Minsk, provided Internet billing services to 50 child pornography Web sites and ran similar Web sites on their own, Customs said. - - - - - - - - - - Hacker penetrated T-Mobile systems A sophisticated computer hacker enjoyed access to servers at wireless giant T-Mobile for at least a year, which he used to monitor U.S. Secret Service e-mail, obtain customers' passwords and Social Security numbers, and download candid photos taken by Sidekick users, including Hollywood celebrities, SecurityFocus has learned. - - - - - - - - - - Vital Files Exposed In GMU Hacking A computer hacker apparently broke into a George Mason University database containing student and employee Social Security numbers, leaving 32,000 people uncertain whether their finances or identities might be compromised. - - - - - - - - - - Warrant issued for e-mails Working with the FBI, University Police have tracked down the man they say is responsible for sending racially offensive e-mails to two Yale students last March, University Police Chief James Perrotti said. - - - - - - - - - - Security researcher faces jail for finding bugs A researcher who demonstrated how to exploit bugs in the code of an antivirus application faces prosecution under French copyright law. A French security researcher who published exploit codes that could take advantage of bugs in an antivirus application could be imprisoned for violation of copyright laws.,39020369,39183601,00.htm - - - - - - - - - - FTC moves to stop X-rated spamming Claiming a victory against X-rated spam, the Federal Trade Commission said Tuesday it had won an order to shut down illegal Internet advertising for six companies accused of profiting from sexually explicit e-mail.,10801,98885,00.html - - - - - - - - - - Mobile phone virus doubles the danger The Lasco.A virus spreads in two different ways - increasing the chances that it can pose a danger to mobile handsets. Mobile phone viruses, largely considered a paper tiger in the digital security world, became a bit more dangerous this week with the release of a two-pronged program.,39020351,39183593,00.htm - - - - - - - - - - Bawdy holiday worm preys on prurience Antivirus software maker Sophos identified a new worm on Tuesday that is being hidden in an e-mail attachment that includes a nude photo. The virus, dubbed by Sophos as Wurmark-D worm (or W32/Wurmark-D), is being distributed via a mass e-mail campaign which offers a New Year's message in the form of an attached photograph of naked bodies. - - - - - - - - - - Malicious Trojan infects Windows Media Player Security experts have intercepted two malicious Trojans hidden in video files that download and install spyware, diallers and computer viruses when played in Microsoft Windows Media player. - - - - - - - - - - Microsoft releases two critical security fixes for Windows Microsoft Corp. released two security fixes Tuesday that carry its most severe threat rating, including one that applies even to computers that have downloaded the company's massive security update for the Windows XP operating system. Both flaws affect versions of the company's dominant operating system going back to Windows 98, and both could allow an attacker to take control of another person's computer. - - - - - - - - - - Ex-cybersecurity czar focuses on global coordination A former White House cybersecurity adviser is working to build an international cybersecurity partnership program under contract to the Homeland Security Department. The intent of the program is to coordinate global efforts on cybersecurity and cyber crime, identify gaps and develop "metrics" for measuring success. "It's almost like creating a NATO of the cyber security world," said Howard Schmidt, a former adviser to President Bush. - - - - - - - - - - DHS nominee a data-mining advocate Michael Chertoff, the appeals court judge who President Bush today nominated to become Homeland Security secretary, was an early advocate of data mining to pinpoint terrorists. Keeping it private at DHS - - - - - - - - - - Google hacking tool looks for security gaps McAfee's SiteDigger 2.0 aims to help make Webmasters aware of potential security holes in their sites - but it could open them up to attacks McAfee has released an update to its tool that uses Google to automatically search for security holes in Web sites.,39020369,39183591,00.htm - - - - - - - - - - Simple snoop-proof email launched Software that aims to make encrypted email communications simple enough for even computer novices to use was released on Tuesday. Encryption is the science of securing communications against eavesdropping by converting the content of a message into a code, or cipher, which can only be unlocked using a secret "key". But modern cryptography often involves using complex mathematical algorithms and convoluted key exchanges to protect messages against skilled code-crackers. - - - - - - - - - - Securing data from the threat within A companys biggest security threat isn't the sinister hacker trying to break into the corporate network, but employees and partners with easy access to company information. Just ask Apple Computer, which filed two lawsuits in December accusing insiders and partners of leaking proprietary information. In one case, Apple is suing two men it says distributed prerelease versions of Tiger, the next iteration of Mac OS X. - - - - - - - - - - Russia's cybercrime-fighting Bond villain Antivirus guru Eugene Kaspersky says criminals are responsible for an increasing amount of malware. Three large and weathered Russian women fiercely stand guard at the entrance to a former Soviet nuclear missile building. We show them our passports half wondering if they are as amused as we are, but they glare back coldly without hint of a smile and wave us through.,39020457,39183548,00.htm - - - - - - - - - - The Perils of Deep Packet Inspection This paper looks at the evolution of firewall technology towards Deep Packet Inspection, and then discusses some of the security issues with this evolving technology. Microsoft, Cisco, Checkpoint, Symantec, Nortel, SonicWall, NAI, Juniper/Netscreen, and others, have, in the past eighteen months started manufacturing firewall appliances that implement Deep Packet Inspection (DPI). In general, the DPI engine scrutinizes each packet (including the data payload) as it traverses the firewall, and rejects or allows the packet based upon a ruleset that is implemented by the firewall administrator. - - - - - - - - - - Security in the year of the 'BUT' The way businesses think about information security is about to undergo a fundamental change. We saw the trend take shape last year when security grew beyond being a low-level techno-geek concern to being an essential part of business strategy. Management started to get it and demanded new levels of risk assessment, protection and reporting from the nerds in IT. *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2005,, Campbell, CA.