NewsBits for April 7, 2005 ************************************************************ Maine man sentenced to 6 years for eBay scam A 21-year-old man was sentenced in U.S. District Court in Maine to more than six years in prison for perpetrating an extensive Internet fraud scheme, according to the U.S. attorney's office in Maine. Charles Stergios, of Brunswick, Maine, and also of Memphis, was ordered to pay nearly $118,000 in restitution to his victims, said Assistant U.S. Attorney Halsey Frank. http://computerworld.com/securitytopics/security/cybercrime/story/0,10801,100923,00.html - - - - - - - - - - Dating site hack suspect arrested Police last week arrested a 37-year-old man from Sheffield on suspicion of hacking into the website of London dating agency loveandfriends.com. The unnamed suspect allegedly hacked into the site, took control of members profiles, and made demands for payment in exchange for securing the site. http://www.theregister.co.uk/2005/04/07/dating_site_hack_arrest/ - - - - - - - - - - Indian call center workers charged with Citibank fraud Twelve arrested, including three ex-employees of outsourcing company. Former employees of a call center in Pune, India, were arrested this week on charges of defrauding four Citibank account holders in New York, to the tune of $300,000, a police official said. The three former employees of Mphasis BPO, the business process outsourcing operation of Bangalore software and services company Mphasis BFL Group, are charged with collecting and misusing account information from customers they dealt with as part of their work at the call center, according to Sanjay Jadhav, chief of the cybercrime cell of the Pune police. http://computerworld.com/securitytopics/security/cybercrime/story/0,10801,100900,00.html - - - - - - - - - - Police hard drive sold on eBay A computer hard drive, containing confidential data from the Brandenburg police in Germany, has been auctioned over eBay for 20, according to a report by Spiegel, a leading weekly German newspaper. It was bought by a student. The used 20GB hard drive capacity contained, according to Spiegel, internal alarm plans on how the Police should handle "specific incidences" such as hostage or kidnapping situations, gave contact names of who to contact in the crisis management group, and tactical orders and analysis of political security situations. http://www.theregister.co.uk/2005/04/07/hard_drive_with_police_info_sold_on_ebay/ - - - - - - - - - - U.S. Declares Victory over Internet Gambling The tiny country of Antigua alleged U.S. state and federal laws were breaking world trade rules by prohibiting the cross-border supply of gambling services by barring market access of Antigua-based Web sites to U.S. citizens. The United States claimed victory Thursday over a World Trade Organization decision that favors banning citizens from gambling in offshore Internet casinos. http://www.newsfactor.com/story.xhtml?story_title=U-S--Declares-Victory-over-Internet-Gambling&story_id=32498 - - - - - - - - - - Yahoo Is Cleared in Nazi Case Yahoo Inc.'s former chief executive, Timothy Koogle, was cleared by a Paris appeals court Wednesday of allegations by civil rights groups that the company illegally linked to an auction of Nazi memorabilia on one of its websites. "This judgment confirms that Koogle and Yahoo have always respected French law," said Koogle's lawyer, Olivier Metzner. (LA Times article, free registration required) http://www.latimes.com/technology/la-fi-yahoo7apr07,1,3120459.story - - - - - - - - - - Lotus flaw reported--but IBM's unfazed A flaw in IBM's Lotus Domino Server could be used to crash systems, a security company has warned, but Big Blue is disagreeing that a vulnerability exists. The denial-of-service flaw appears in versions 6.5.1 and 6.0.3 of the e-mail and calendar server software, security company iDefense said in an advisory released Wednesday. http://news.zdnet.com/2100-1009_22-5659009.html - - - - - - - - - - Symbian's security problems worsen Details of this week's second new piece of malware targeting the market-leading mobile OS have been released by F-Secure. A Trojan horse has been created that causes smartphones to crash, security software maker F-Secure has warned. http://news.zdnet.co.uk/0,39020330,39194158,00.htm http://www.crime-research.org/news/07.04.2005/1119/ - - - - - - - - - - Critical Windows patch on the way Microsoft will provide a variety of patches, some of them critical, when it delivers its monthly batch of security updates next Tuesday. In a notice posted to its Web site Thursday, Microsoft said to expect critical fixes for Windows, Office, MSN Messenger and Exchange. In all, the software maker said it is planning to release eight patches, five of them for Windows. http://news.zdnet.com/2100-1009_22-5659348.html - - - - - - - - - - Top twelve spammers revealed - US leads the pack The United States is still the world's largest spam generator, but other countries are catching up fast. Since the start of the year over 35 per cent of the world's spam has come from computers inside the US, according to figures from security specialists Sophos. South Korea is in second place with nearly 25 per cent and the UK is ranked ninth at 1.6 per cent. http://www.vnunet.com/news/1162356 http://www.newsfactor.com/story.xhtml?story_title=U-S--Still-Leads-Spam-Parade&story_id=32502 - - - - - - - - - - RFI released for cross-agency security An intra-agency task force released a request for information asking the private sector for help in investigating possible governmentwide solutions to cybersecurity. The cybersecurity line of business, jointly headed by the Homeland Security Department and the Office of Management and Budget, held its first meeting earlier this month. Federal officials hope that consolidation or standardization of common cybersecurity processes, services and technologies can improve government performance while lowering costs. http://www.fcw.com/article88510-04-07-05-Web - - - - - - - - - - Computer security could be tied to agencies' funding House Government Reform Chairman Tom Davis, R-Va., said Thursday that agencies could have their budgets cut if their information technology security does not improve. With several agencies struggling to meet requirements of the 2002 Federal Information Security Management Act, Davis said that compliance eventually has to be tied to funding. He also said that more time is needed for agencies to fall in line with the law. http://www.govexec.com/dailyfed/0405/040705p1.htm - - - - - - - - - - Microsoft, Canadian officials launch anti-child-porn system A computer system developed by Microsoft Corp. and Canadian police is providing a new weapon to fight Internet child pornography. Developed by Microsoft Canada at the request of a frustrated Toronto sex-crimes officer, the Child Exploitation Tracking System, was officially launched Thursday. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11336620.htm http://news.zdnet.com/2100-9595_22-5659336.html - - - - - - - - - - Government to certify security kit Security products could soon gain a stamp of assurance from the government. The government has started to test the effectiveness of commercial IT security products. A sub-division of the Cabinet Office, called the Central Sponsor for Information Assurance Group (CSIA), is leading the scheme to certify security products and services that could be bought by the public sector. http://news.zdnet.co.uk/0,39020330,39194160,00.htm - - - - - - - - - - Radio Silence on Internet Attacks? I was plotting with my editor last night about the best way to report what could be a very important and developing story, about a series of recent Internet attacks designed to give hackers complete control over what users on some computer networks are able to see and do online, a story that raised the spectre of a new wave of identity theft and other forms of online fraud. Scary stuff, right? http://blogs.washingtonpost.com/securityfix/ DNS attacks attempt to mislead consumers http://www.securityfocus.com/news/10841 Net Aids Access to Sensitive ID Data http://www.washingtonpost.com/wp-dyn/articles/A23686-2005Apr3.html - - - - - - - - - - ChoicePoint Top Big Brother Pick Two major data brokers, a California elementary school and Google's Gmail service are leading contenders for the Big Brother Awards -- a dubious prize spotlighting organizations with egregious privacy practices. Award recipients will receive a statue of a golden boot stomping on a human head. The nominees were among those on a list made public Wednesday by Privacy International, the British watchdog group that runs the annual U.S. Big Brother Awards. The group plans to announce winners on April 14. http://www.wired.com/news/culture/0,1284,67164,00.html - - - - - - - - - - Defeating Honeypots: System Issues, Part 2 This paper will explain how an attacker typically proceeds in order to attack a honeypot for fun and profit. In part one we compared honeypots to steganography and then looked at three common techniques for virtualizing honeypots. For each of these methods, which included User Mode Linux, VMware environments, and chroot/jail environments, we looked at weaknesses that lead to their detection. It was made clear that while each of these have their advantages, they can all be easily detected by an experienced hacker. http://www.securityfocus.com/infocus/1828 - - - - - - - - - - Joint Chiefs: Military networks must be linked The military of the future will have networks that are built jointly from the start, instead of relying on software built later to update and integrate legacy systems, said the chairman of the Joint Chiefs of Staff. The distinction can save lives on the battlefield by allowing the services, interagency organizations and coalition partners to communicate effectively, said Air Force Gen. Richard Myers during a keynote address at the Joint Forces Command Symposium 2005 held here. http://www.gcn.com/vol1_no1/daily-updates/35477-1.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.