NewsBits for April 25, 2005 ************************************************************ Hushmail hit by DNS attack Surfers trying to visit the web site of popular secure email service Hushmail were redirected to a false site early Sunday following a hacking attack. Hush Communications said hackers changed Hushmail's DNS records after "compromising the security" of its domain registrar (Network Solutions). These changes were undone after a few hours on Sunday and normal Hushmail services have now been restored. - - - - - - - - - - Hackers attack IT conference Malicious hackers hit conference delegates last week with a new type of wireless attack based on a fake network log-in page. Hackers infiltrated an IT exhibition last week and attacked delegates' computers with a new type of wireless attack. Security experts attending the Wireless LAN Event in London last Wedesday found that anonymous hackers in the crowd had created a Web site that looked like a genuine log-in page for a Wi-Fi network, but which actually sent 45 random viruses to computers that accessed it.,39020330,39195956,00.htm - - - - - - - - - - 1S hacker sentenced Finally, a cracker of the 1S computer software products, Sergey Davydiyk, who is called "Sobol" or "Sable" in hacker circles, has sustained a conviction. He was given a 2 year suspended sentence after 6 months of hearings. Such cases are new to the court, probably due to this fact, the process was so long. 1S is a leading vendor of automated accounting and financial software solutions in the CIS countries. The most known product is "1S: Enterprise". - - - - - - - - - - Man's alleged Internet relationship ends in arrest A 32-year-old New Hampshire man was arrested over the weekend after his alleged Internet relationship with a 16-year-old Santa Fe boy resulted in their spending the night together at a local hotel, according to the Santa Fe County Sheriff's Department. David Goodnow of Rindge, N.H., was arrested Saturday and charged with two counts of criminal sexual penetration of a minor, two counts of criminal contact of a minor and one count of contributing to the delinquency of a minor. - - - - - - - - - - Kiddie porn collection will cost a house The Whangarei District Court has told a man convicted of possessing child pornography that he'll have to sell his house to pay the $$10,450 fine it imposed. Oakura beneficiary and gardener, Donald Trevor Callesen, 51, was discovered in possession of a collection that consisted of 2 movies of 14 year old girls and 227 pictures of girls aged from two to 12 being sexually abused by adult men. By internet standards, that's not a particularly large collection of pedophilic images but under the terms of laws amended in February, Mr Callesen could have faced a maximum penalty of up to five years jail for possession and up to 10 years if he had been found distributing the images. - - - - - - - - - - State looks to toughen up on cyber-crime After more than a year of planning, the states efforts to coordinate how law enforcement agencies large and small fight cyber-crime finally are paying off. And according to a University of New Hampshire study of Internet-based crime investigated by police departments around the state, that coordination cant come soon enough. States Take Spyware Action Into Their Own Hands - - - - - - - - - - Shopping for data Lawmakers have tough questions for largely unregulated data firms. FBI officials spent $75 million last year for information from data aggregators, a fast-growing and largely unregulated market. But congressional leaders appear ready to impose restrictions on the industry following a series of high-profile security breaches in recent weeks. The incidents revealed weak security and privacy controls at ChoicePoint and LexisNexis Group, two of the nations largest data aggregators. Lost Computer Data? No Need to Panic! Maine Company Comes to the Rescue - - - - - - - - - - Web server attacks 'growing fast' More than 2,500 web servers every day are being hacked, reveals a report. The survey by Zone-H revealed that web server attacks and website defacements grew by 36% during 2004 when almost 400,000 incidents were recorded. The attacks include 49 separate sorties against US military servers and huge numbers of website defacements carried out during organised hacking sprees. Many Web site hackers are schoolboys, watchdog group says Attacks on company and government Internet sites spike during school holidays when the main culprits -- schoolboys -- spend time in front of their computers rather than in the classroom, according to a report by Internet watchdog agency Zone-H. There were almost 400,000 attacks on Web sites around the world last year, a surge of 36% from 2003, said Zone-H, an organization that monitors Web site hacking. The report was released to coincide with a London information security exhibition.,10801,101331,00.html Web server hacks up by a third - - - - - - - - - - A common currency for online fraud Fake checks have been the stock in trade of online fraud artists for years. Now authorities are noting a surge in schemes involving sophisticated counterfeiting of a different form of payment: United States postal money orders. And the fleecing of victims often begins in an e-mail in-box. - - - - - - - - - - Apple patches Java problems Apple has released a new patch for its Mac OS X 10.3.9 operating system to clean up the way it handles Java. The flaw had been causing stability problems for some aspects of the operating system, most notably in its Safari web browser. Users are being advised to patch their systems as needed. - - - - - - - - - - Trend Micro customers suffer weekend mayhem Trend Micro apologized Monday for distributing a faulty software update that caused IT workers around the world to spend the weekend fixing their systems. The Japan-based antivirus company has promised to compensate customers whose computers running Windows XP Service Pack 2 were disabled by the update. The company said the update was only available for 90 minutes, but IT workers are angry. - - - - - - - - - - EC warns on .eu scammers Companies should be wary of unscrupulous scammers offering bogus pre-registration services for the new pan-European domain. The countdown is on to the launch of the pan-European top level domain (TLD), .eu, and the European Commission is warning businesses not to be caught out by the domain name scammers hoping to cash in on firms' ignorance.,39020369,39196211,00.htm - - - - - - - - - - What tips pedophiles over the edge, study asks It may never be known how long Marc LeMaguer lived his secret life. But the top-notch credentials of the 65-year-old food scientist -- a former director- general of the food directorate at Health Canada and department chair of the University of Guelph -- had offered no hint of his criminal fantasies. Had a university computer technician not been called to repair his hard drive last August, Dr. LeMaguer might never have answered for his crime in a Guelph courtroom last week. - - - - - - - - - - Microsoft: 'Trusted Windows' still coming, trust us After nearly a decade, Microsoft's vision for how to protect especially sensitive information within Windows remains largely that--a vision. For years, the software giant has promised to deliver a secure way to shuttle around key bits of information. Once known as Palladium and more recently dubbed the Next Generation Secure Computing Base, or NGSCB, the approach was once a key part of Longhorn, the next version of Windows. - - - - - - - - - - McAfee: Vulnerabilities still worst threat Unpatched computers continue to represent the IT world's biggest security problem, keeping threats that target software vulnerabilities at the top of McAfee's latest industry analysis. In its report covering security threats during the first quarter, McAfee's Anti-virus and Vulnerability Emergency Response Team (AVERT) said Monday that more than 1,000 new attacks aimed at software vulnerabilities emerged in the first three months of this year. - - - - - - - - - - Is your personal data next? Another day, another massive data leak. Another 100,000 or so Americans exposed to identity theft. And still, we don't seem ready to talk about the real problem: Consumers are being forced to live in the personal data flood plain, often against their will. And the river keeps rising. What's more, however bad the news may sound now, the size of the problem has been generally underestimated. Companies have shown a tendency to lowball the size of the data theft flood in their initial disclosures. - - - - - - - - - - Watchdogs target Webs dark side A. Aaron Weisburd slogged up to his attic at 5 a.m. to begin another day combing through tips he had received about possible pro-terrorist activity on the Internet. It did not take long for one e-mail to catch his attention: was offering instructions on how to steal people's personal information off their computers. - - - - - - - - - - Symantec security: Never hire a hacker Like most information security professionals, Tim Mather focuses on keeping hackers out of his company's network and ensuring all systems are updated with the latest patch. And like most of his peers in the industry, he worries about the level of sophistication of the next security attack and looks at what his team needs to do to fend off the most vicious ones. - - - - - - - - - - Cupid Aims for Background Checks Privacy advocates decry a campaign to require criminal screenings by dating websites. Dating has always been a delicate dance of information swapping: What to reveal when? Now some lawmakers want to regulate it by requiring online dating services to conduct background checks on their clients. The push runs counter to the prevailing sentiment about privacy. In the wake of high- profile breaches at information brokers ChoicePoint Inc. and Reed Elsevier's LexisNexis, state and federal legislators called for tighter control of personal information, with less, rather than more, disclosure. (LA Times article, free registration required),1,1177302.story - - - - - - - - - - Bluetooth Security Review, Part 1 Bluetooth (BT) wireless technology provides an easy way for a wide range of devices to communicate with each other and connect to the Internet without the need for wires, cables and connectors. It is supported and used in products by over 3000 companies, including large corporations such as Sony Ericsson, Nokia, Motorola, Intel, IBM, Toshiba, Motorola, Apple, Microsoft, and even Toyota, Lexus and BMW. - - - - - - - - - - Florida Planning Son of Matrix Florida law officials are contemplating a sequel to the controversial Matrix database that may be even more comprehensive than the original. The Multistate Anti-Terrorism Information Exchange, or Matrix, contained billions of commercial and government records, and was intended to help police track down terrorists and kidnappers. But the system was shut down on April 15 when federal funds ran out.,1848,67313,00.html *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2005,, Campbell, CA.