NewsBits for March 15, 2005 ************************************************************ Man jailed for MSN TV hack A Louisiana man who wrote malicious emails that caused some computers to dial 911 - the US equivalent of 999 was sentenced on Monday to six months in prison. A US federal judge sentenced David Jeansonne, 44, to the prison term as well as six months' home detention after he admitted sending emails to about 20 subscribers of Microsoft's WebTV, a television Internet service since renamed MSN TV. http://news.zdnet.co.uk/internet/security/0,39020375,39191342,00.htm http://www.vnunet.com/news/1161941 http://computerworld.com/securitytopics/security/cybercrime/story/0,10801,100390,00.html http://www.theregister.co.uk/2005/03/15/webtv_vxer/ - - - - - - - - - - Queens Man Sentenced to 27 Months' Imprisonment on Cybercrime DAVID N. KELLEY, the United States Attorney for the Southern District of New York, announced that JUJU JIANG, 24, of Flushing, New York, was sentenced today to 27 months imprisonment, followed by three years supervised release, and $201,620 in restitution by United States District Judge RICHARD C. CASEY in Manhattan federal Court following his July 11, 2003 plea to a five count Information relating to computer fraud and software piracy. http://www.usdoj.gov/criminal/cybercrime/jiangSent.htm - - - - - - - - - - Sex solicitation results in arrest A 23-year-old Pueblo man is being held in Douglas County Jail after allegedly soliciting sex with children in an Internet chat room. Lenard James Brown was arrested March 4, according to a press release by the Pueblo County Sheriff's Office. In February, Brown allegedly posted a message in a chat room asking parents to arrange for him to meet privately with their children. The children ranged in age from 1 to 14. A person who saw the message notified authorities. http://www.chieftain.com/metro/1110898663/19 - - - - - - - - - - ChoicePoint: We're sorry for data leak The chairman of ChoicePoint, which disclosed the personal information of 145,000 Americans to identity thieves, publicly apologized on Tuesday for the data mishap. ChoicePoint's Derek Smith, also the chief executive, told a congressional committee he wanted to offer an "apology on behalf of our company," which he said would help anyone who suffered identity fraud as a result. The data disclosure has led to 750 known cases of identity fraud so far. http://news.zdnet.com/2100-1009_22-5618515.html http://www.wired.com/news/privacy/0,1848,66912,00.html ChoicePoint CEO grilled by Congress http://www.msnbc.msn.com/id/7189143/ Expert: Better ID checks won't beat fraud http://news.zdnet.com/2100-1009_22-5618486.html When it comes to security, ignorance is bliss at the top http://news.zdnet.co.uk/internet/security/0,39020375,39191336,00.htm - - - - - - - - - - Apple wins iTunes cybersquatting battle Apple Computer has won a legal dispute to force a U.K. company it accused of cybersquatting to hand over the domain ownership for the iTunes.co.uk Web address. Apple issued proceedings against CyberBritain in December of last year through domain registrar Nominet UK, claiming that ownership of the domain should be transferred to Apple because it holds the iTunes trademark. http://news.com.com/Apple+wins+iTunes+cybersquatting+battle/2100-1030_3-5618589.html - - - - - - - - - - Senator suggests targeting Net 'indecency' The U.S. Congress may be preparing for another round in the Internet "decency" wars. Sen. Ted Stevens, the influential chairman of the Senate Committee on Commerce, Science & Transportation, has indicated that Internet decency regulations could be inserted into legislation that was originally intended to boost fines for off- color radio and TV broadcasts. http://news.com.com/Senator+suggests+targeting+Net+indecency/2100-1028_3-5618332.html - - - - - - - - - - Internet security takes a hit The discovery of a crack in a commonly used Internet encryption technique raised concerns among government agencies and computer-code experts, according to a report by The Wall Street Journal. "Our heads have been spun around," Jon Callas, chief technology officer at encryption supplier PGP Corp., told the newspaper. http://money.cnn.com/2005/03/15/technology/encryption/index.htm - - - - - - - - - - Phishing hole 'left open' by banks Banks are increasing the risk of online fraud by not tackling the problem of cross-site scripting, according to a security firm. An easily remedied Web site loophole may be leaving banks and other companies that do business online more susceptible to phishing attacks, according to Netcraft. http://news.zdnet.co.uk/internet/security/0,39020375,39191331,00.htm - - - - - - - - - - LimeWire security flaw found, fixed Researchers at Cornell University said on Tuesday that they discovered a potentially dangerous security flaw in the popular LimeWire file-sharing software, but that the company has quickly released a fix. According to Emin Gun Sirer, an assistant professor of computer science, the flaw could allow an intruder to read any file on the hard drive of a person running LimeWire, whether or not it has been deliberately shared with others using the software. http://news.zdnet.com/2100-1009_22-5618949.html http://news.com.com/LimeWire+security+flaw+found%2C+fixed/2100-1002_3-5618949.html - - - - - - - - - - Zombie networks implicated in ID theft According to researchers, the use of large networks of compromised machines to install spyware as well as send spam and carry out DoS attacks is increasing. Botnets otherwise known as zombie networks collections of compromised computers controlled by a single person or group, have become more pervasive and increasingly focused on identity theft and installing spyware, according to a Honeynet Project report. http://news.zdnet.co.uk/internet/security/0,39020375,39191333,00.htm - - - - - - - - - - Britain: a new record for card frauds According to the Association for Payment Clearing Services (Apacs), the clearing association, criminals stole almost GBP 500,000,000, despite the introduction of new protection technologies. Security experts believe that introduction of microchips and 4-digit personal identification numbers - PINs in retail outlets would have decreased the trend. However con artists began to steal even more cards that were often stolen on their way to owners. http://www.crime-research.org/news/15.03.2005/1040/ - - - - - - - - - - BT offers protection against rogue diallers UK dial-up Internet users are being offered tools to fight a notorious premium rate call scam, and the watchdog is delighted. BT is giving protection against fraudsters who hijack dial-up Internet connections and redirect them to premium rate telephone numbers. http://news.zdnet.co.uk/communications/0,39020336,39191497,00.htm - - - - - - - - - - Hackers can beat security tokens IT security expert Bruce Schneier has warned that plans to move to two-factor authentication will not solve online fraud. Schneier pointed out that the tokens will not stop the most common types of attacks. Tokens can work well in corporate environments but will be ineffective against much of today's crime since it relies on tricking users rather than beating passwords. http://www.vnunet.com/news/1161940 Banks 'wasting millions' on two-factor authentication Banks are spending millions on two-factor authentication for their customers but the approach no longer provides adequate protection against fraud or identity theft, according to Bruce Schneier, the encryption guru. http://www.theregister.co.uk/2005/03/15/2-factor_auth_is_pants/ - - - - - - - - - - 802.1x security hampered by cost concerns Essential upgrade dogged by hidden pitfalls, warns analyst. Companies looking to introduce the 802.1x security protocol may find the move more expensive than they thought, according to a newly published report by Forrester. http://www.vnunet.com/news/1161948 - - - - - - - - - - UK firms face 'spiralling threat' from email misuse Businesses in the UK face a "spiralling threat" from inappropriate employee use of corporate email systems, according to a YouGov survey unveiled today. The poll found that a relaxed attitude to email at work, a "banter culture", and employees taking advantage of free email and internet services are causing the danger to firms to rocket. http://www.vnunet.com/news/1161949 - - - - - - - - - - Delaware dons a Blue Coat to fight spyware Delaware operates networks for 35,000 state employees and all its 115,000 students, kindergarten through high school. Were small enough that we can provide that service, said Glenn Wright, senior telecom technologist in the Technology and Information Department. Every school has at least a T1 back to us. http://www.gcn.com/24_5/tech-report/35198-1.html - - - - - - - - - - Geekfathers: CyberCrime Mobs Revealed Crime is now organized on the Internet. Operating in the anonymity of cyberspace, Web mobs with names like Shadowcrew and stealthdivision are building networks that help crackers and phishers, money launderers and fences skim off some of the billions that travel through the Web every day. http://www.baselinemag.com/article2/0,1397,1775903,00.asp - - - - - - - - - - Windows Firewalls Lacking I have a problem: I can't seem to find a good host based firewall for my Windows servers. In fact, people constantly ask me what I recommend and I find myself with no good answer. Even though most of my servers are already behind firewalls, I like having additional protection on the server itself. Sometimes I use remotely co-located servers where I have no firewall, and that makes me completely dependent upon software on the server itself. http://www.securityfocus.com/columnists/307 - - - - - - - - - - DHS to use MetaCarta Homeland Security Department officials will use an application that mines data for geographic references that can be depicted on a map. Officials at the Information Analysis and Infrastructure Protection Directorate recently signed a one-year license to use a geographic information system application developed by MetaCarta, which is headquartered in Cambridge, Mass. http://www.fcw.com/article88302 - - - - - - - - - - National Intelligence IT system hit by delays The head of the inquiry into the Soham murders is worried about delays to key IT projects he advised the government to set up. Sir Michael Bichard, who led the official inquiry following the Soham murders, is concerned that delays are already hampering efforts to set up a national police intelligence computer system. http://news.zdnet.co.uk/software/applications/0,39020384,39191341,00.htm *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.