NewsBits for April 13, 2005 ************************************************************ Tufts warns 106,000 alumni, donors of security breach Personal data on a server used for fund raising may have been exposed. Alumni of Tufts University in Boston have been notified that personal information stored on a server used by the university for fund raising could have been exposed to intruders. The university detected a possible security breach in an alumni and donor database after noticing abnormal activity on the server in October and December. http://www.computerworld.com/securitytopics/security/privacy/story/0,10801,101043,00.html - - - - - - - - - - Senators promise crackdown on data broker firms In the wake of news that a breach at information broker LexisNexis may have exposed personal information of three times more consumers than initially reported, senators promised a tough new crackdown Wednesday on the loosely regulated commercial data-brokering business. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11384872.htm http://www.gcn.com/vol1_no1/daily-updates/35503-1.html http://www.msnbc.msn.com/id/7490854/ Credit freeze can halt ID theft http://www.siliconvalley.com/mld/siliconvalley/news/local/11383143.htm ID breaches weren't immediately reported http://money.cnn.com/2005/04/13/technology/personaltech/specter/index.htm http://computerworld.com/securitytopics/security/privacy/story/0,10801,101058,00.html Trust and online banking http://www.usatoday.com/tech/columnist/ericjsinrod/2005-04-13-online-banking_x.htm - - - - - - - - - - Hope spammer gets the slammer We e-mailers deserve a break. And maybe we'll get one now that Jeremy Jaynes faces a prison sentence. Jaynes, 30, of North Carolina, is the first spammer to be convicted of his crimes against us. Prosecutors were able to prove he sent out 53,000 e-mails with fake Internet addresses on three different days. Doesn't sound like much, I know. But that's just what they could prove. They believe he sent out 10 million e-mails a day peddling pornography, fake products and services -- and grossed more than $750,000 per month from his unsuspecting victims. http://www.suntimes.com/output/richards/cst-edt-cindy13.html - - - - - - - - - - Hackers attacked website of Ukrainian opposition Administrators of the official website of the Ukrainian opposition leader Victor Yanukovich informed about the hacker attack on their website. They claim that a group of hackers broke into the system that serves the current poll on the website. The poll questions whether Ukrainian citizens support the opposition's action "The List of the United". http://www.crime-research.org/news/13.04.2005/1139/ - - - - - - - - - - Florida wins injunction against spammers The state of Florida won its first victory against spam e-mail when a judge granted an injunction against two men accused of running mass e-mailing operations, the state prosecutor said yesterday. Florida Attorney General Charlie Crist said the injunction preventing the men from sending any more deceptive e-mails was part of his department's first prosecution under an antispam law passed by the state legislature last year. http://computerworld.com/governmenttopics/government/legalissues/story/0,10801,101051,00.html - - - - - - - - - - OpenOffice.org details vulnerability OpenOffice.org, an open-source software maker, has confirmed a buffer overflow issue that could allow remote attacks. The problem in its freely distributed productivity applications has been fixed, the organization said late Tuesday. Representatives said the group hopes to release a patch within the next 48 hours. http://news.zdnet.com/2100-1009_22-5669073.html - - - - - - - - - - Mobile botnet threat downplayed Could botnets - the scourge of consumer security - be on the verge of going mobile? The prospect seems some way off but even so mobile operators and security watchers are more than a little spooked. http://www.theregister.co.uk/2005/04/13/mobile_botnet/ - - - - - - - - - - Eight patches - five critical - in MS April patch batch Microsoft issued eight patches - five critical - to deal with 12 vulnerabilities on Tuesday. Fixes for Windows, Internet Explorer, Word, MSN Messenger and an update for Microsoft Exchange (2000 and 2003) all featured in Microsoft's latest patch batch. http://www.theregister.co.uk/2005/04/13/ms_april_patch_batch/ http://www.vnunet.com/news/1162435 Unpatched flaw found in Microsoft software http://news.zdnet.com/2100-1009_22-5668257.html - - - - - - - - - - Political cybersquatting rears ugly head Election 2005 Political shenanigans have spilled over onto the web after the Tory candidate for Winchester hijacked a domain for Lib Dem MP Mark Oaten. George Hollingbery has snaffled up markoaten.co.uk (Oaten's real site is markoaten.com) directing traffic to his own site. Oaten's got the hump over the political dirty trick and called on the Tory to stop messing about. http://www.theregister.co.uk/2005/04/13/political_cybersquatting/ - - - - - - - - - - Berkeley to lead $19m cybersecurity research gig The National Science Foundation (NSF) this week gave the University of California, Berkeley, the lead role in a $19m government-funded cybersecurity research project. Berkley heads a team of eight universities (including Carnegie Mellon University, Cornell University, Mills College, San Jose State University, Smith College, Stanford University and Vanderbilt University) from across the US forming the new Team for Research in Ubiquitous Secure Technology (TRUST). http://www.theregister.co.uk/2005/04/13/cybersecurity_research/ - - - - - - - - - - Anti-spyware group collapses An anti-spyware consortium has collapsed weeks after its decision to admit 180solutions, the controversial adware firm to its ranks. The final demise of the Consortium of Anti-Spyware Technology vendors (Coast) this week follows the exit of founding members CA, Alluria and Webroot in February. Each cited a lack of faith in Coast's ability to develop effective anti-spyware standards. http://www.theregister.co.uk/2005/04/13/coast_collapse/ Group cuts antipiracy software royalties http://news.zdnet.com/2100-1009_22-5668895.html - - - - - - - - - - Liberty Alliance strengthens ID-based web services The Liberty Alliance today published its latest interface specifications which have been expanded to support presence, contact book and geo-location web services. The global consortium for federated identity standards said that the specifications, which are deployable on its Identity Web Services Framework (ID-WSF), are designed to offer improved application functionality to enterprises and service providers as well as providing privacy, personalisation and security benefits to users. http://www.vnunet.com/news/1162436 - - - - - - - - - - Bigger phishes ready to spawn There's good news about phishing: The growth of new attacks has slowed. But that's only because attackers are building more sophisticated traps and using advanced technology to perpetrate online fraud, researchers say. Last week, the Anti-Phishing Working Group, an online fraud watchdog, reported that the number of phishing e-mails it tracked between January and February grew by only 2 percent. http://news.zdnet.com/2100-1009_22-5656070.html Reduce Phishing Risks With These 8 Tips From TRUSTe and Ernst & Young http://www.hostsearch.com/news/truste_news_2936.asp - - - - - - - - - - Firms urged to embrace email encryption Enterprises should make wider use of Transport Layer Security, according to one leading UK security campaigner. The head of security at pharmaceuticals giant ICI has called for more businesses to encrypt their emails. Paul Simmonds, one of the co-founders of security think tank The Jericho Forum, said that encryption would enable businesses to communicate with better levels of trust. http://news.zdnet.co.uk/0,39020330,39194884,00.htm - - - - - - - - - - Vatican mobilises anti-surveillance op If press reports are to be believed, then next Monday's gathering of cardinals in the Sistine Chapel will represent the biggest counter- surveillance operation since the Posh/Becks royal wedding. Indeed, so busy will the Vatican be blocking laser microphone assault, checking vases of flowers for nanobugs and setting the Swiss Guard on suspicious men using 3G mobes to communicate with circling black helicopters that we very much doubt whether there will be enough time to elect a new Pope between the stripsearches and electromagnetic sweeps. http://www.theregister.co.uk/2005/04/13/vatican_counter_surveillance/ - - - - - - - - - - Officials disagree over effectiveness of passport chip A government official on Wednesday downplayed the privacy implications of a new wireless chip technology that soon will be embedded into American passports, but a civil liberties advocate disagreed with his stance. The State Department is installing chips that can be read wirelessly by machines when Americans pass through U.S. immigration. The chips contain the information that American passports currently display, such as name, identification number and photograph, enhanced by facial- recognition technology. http://www.govexec.com/dailyfed/0405/041305tdpm2.htm - - - - - - - - - - Face-off Facial-recognition technology has improved significantly during the past few years, making it an effective tool for verifying access to buildings and computers. But it's less useful for identifying unknown individuals in a crowded stadium or airport. http://www.fcw.com/article88535-04-11-05-Print *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.