NewsBits for May 12, 2005 ************************************************************ Yahoo sued over child porn site A minor and his parents have filed a $10 million lawsuit against Yahoo and a man who once operated a Yahoo Groups site where members traded child pornography. The lawsuit, filed on Monday in U.S. District Court for the Eastern District of Texas, charged that Yahoo breached its duties by allowing co-defendant Mark Bates and others to share child pornography on a site, called Candyman, that Bates created and moderated via the Yahoo Groups service. http://news.com.com/Yahoo+sued+over+child+porn+site/2100-1030_3-5705625.html - - - - - - - - - - Hacker hits Telecom NZ's voice mail system New Zealand Ltd.s 027 voice mail system is vulnerable to the same hack that led to the theft of Paris Hiltons mobile phone book -- and it has been actively exploited in New Zealand. Users of Telecoms mobile phone network can protect themselves by disabling Optional PIN entry. Optional PIN entry is a feature that allows immediate access to voice mail when calling from the owners phone, but leaves voice mail vulnerable to callers who can forge their caller ID. http://computerworld.com/securitytopics/security/story/0,10801,101668,00.html - - - - - - - - - - Dutch anti-piracy unit targets ISPs The Dutch Protection Rights Entertainment Industry Netherlands (BREIN) has launched its largest round of lawsuits yet targeting 42 individuals suspected of illegally swapping copyrighted music. However, in order to identify the song swappers, BREIN will sue five Dutch ISPs who so far have rigorously refused to co-operate. Eight suspected file swappers have already settled with BREIN for 2100 each. But the five biggest Dutch ISPs - AtHome, Chello, Wanadoo, Planet Internet and Tiscali - have declined to hand over the names of the other 42 song swappers. BREIN only knows these individuals by their IP address. http://www.theregister.co.uk/2005/05/12/dutch_piracy_lawsuits/ - - - - - - - - - - National ID Battle Continues Legislation supporting a standardized national driver's license may have won unanimous approval in the Senate on Tuesday, but the bill's apparently smooth passage left some jagged edges in its wake. The Real ID Act appeared in take-it-or-leave-it spending legislation, which effectively forced lawmakers to sign on to the whole measure even if they disagreed with a portion of it. Several Republican and Democrat senators who cast favorable votes for the bill simultaneously railed against the provision authorizing the new driver's license rules. http://www.wired.com/news/privacy/0,1848,67498,00.html - - - - - - - - - - Massachusetts fires legal broadside at spam gang Massachusetts Attorney General Tom Reilly obtained an emergency court order on Wednesday shutting down dozens of websites allegedly operated by a sophisticated ring of Boston area spammers. The group are allegedly behind millions of unsolicited, deceptive email messages touting unapproved counterfeit drugs, pirated software, and pornography that have plagued email users for months. http://www.theregister.co.uk/2005/05/12/spam_lawsuit/ http://www.siliconvalley.com/mld/siliconvalley/news/local/11628584.htm http://www.eweek.com/article2/0,1759,1814997,00.asp - - - - - - - - - - Mobile phone virus hits New Zealand The Cabir mobile phone virus -- which spreads using Bluetooth -- has been reported in New Zealand for the first time, according to European anti-virus firm F-Secure. Cabir infects the Symbian operating system used in many of the most popular smart phones. There have been many different variants of the Cabir virus since the malware's source code was published on the Internet last year. http://www.zdnet.com.au/news/security/0,2000061744,39191309,00.htm - - - - - - - - - - Sober worm's success tied to antivirus weakness The longevity of the current Sober worm may be largely due to a new technique it uses to evade virus scans, according to antivirus firm Kaspersky Lab Ltd. The worm, variously labeled Sober.P, Sober.S, Sober.O and Sober.V by different companies, continues to circulate in large numbers; it made up 84% of all virus traffic as of Monday, according to Lynnfield, Mass.-based virus lab Sophos PLC. http://computerworld.com/securitytopics/security/virus/story/0,10801,101675,00.html - - - - - - - - - - Mozilla fixes 'extremely critical' Firefox bugs The Mozilla Foundation has patched two "extremely critical" security holes in its Firefox browser by releasing an updated version of the browser. Firefox 1.0.4 was posted to the Mozilla.org Web site late yesterday. http://computerworld.com/securitytopics/security/story/0,10801,101676,00.html http://www.newsfactor.com/story.xhtml?story_id=03100000N4C3 http://news.zdnet.com/2100-1009_22-5704684.html Firefox's security coming under scrutiny Mozilla developers say that the browser had security built into the design, but that has not stopped flaw finders from pinpointing problems with Firefox. The Mozilla Foundation's Firefox Web browser has made security a major part of its marketing, but a spate of vulnerabilities found over the last nine months had sullied that message. http://www.securityfocus.com/news/11155 - - - - - - - - - - Apple fixes critical iTunes bug Music fans were this week urged to update their iTunes software following the discovery of a serious security bug that creates a means for hackers to take over vulnerable systems. http://www.theregister.co.uk/2005/05/12/itunes_vuln/ - - - - - - - - - - UK.gov warns over VPN crypto flaw Firms using IPsec VPNs for remote access could be vulnerable to hacker attack because of cryptographic weaknesses in key sub-protocols, a UK government UNIRAS alert warns. The UK's National Infrastructure Security Coordination Centre (NISCC) describes weaknesses in the certain configurations of IPsec VPNs as "high risk". The issue is not product specific: instead it revolves around how systems are set up. Three attacks that apply to certain configurations of IPsec VPNs have been identified. http://www.theregister.co.uk/2005/05/12/ipsec_crypto_alert/ http://news.zdnet.com/2100-1009_22-5705185.html http://news.zdnet.co.uk/internet/security/0,39020375,39198102,00.htm Even lazy hackers could crack encrypted comms... http://software.silicon.com/security/0,39024655,39130357,00.htm - - - - - - - - - - MasterCard and Cyota: Anti-phishing trends MasterCard International Inc. said Tuesday that it has shut down nearly 1,400 phishing sites and more than 750 sites suspected of selling illegal credit-card information since launching an ID- theft-prevention program in June. The program also has led to the discovery and protection of more than 35,000 MasterCard account numbers that were in jeopardy of being compromised. http://www.crime-research.org/news/12.05.2005/1228/ http://www.techworld.com/news/index.cfm?RSS&NewsID=3646 - - - - - - - - - - 'Network effect' can cut identity theft Sharing information about online attacks is vital Nico Popp, chief technology officer and vice president for authentication services at Verisign, told delegates at the Digital Identity World conference in San Francisco that "networks are the answer". http://www.vnunet.com/news/1162993 - - - - - - - - - - Police tackle Companies House database scam The Metropolitan Police Service has launched a campaign to highlight the growing problem of "company hijacking" where criminals fraudulently change a companys official registration details with Companies House in order that they may impersonate it. The fraudsters can then use and abuse the targeted firms credit rating, leaving the victim struggling to clean up its record. http://www.theregister.co.uk/2005/05/12/met_tackle_hijackers/ - - - - - - - - - - Hacker alert to instant messagers Instant messaging has become a 'fertile new ground' for hackers, security experts are warning. And it could become a bigger threat to businesses and other organisations than e-mail viruses, it was claimed. The system, used by friends to chat online, is targeted by cyber criminals as a way to spread malicious software. But the number of potential new victims is soaring and a new breed of powerful viruses is also on the loose. http://www.it-observer.com/news.php?id=5067 - - - - - - - - - - Naval Academy knows its cybersecurity The United States Naval Academy beat out the four other service academies in the annual Cyber Defense Exercise, designed to equip students with the ability to protect the nations critical information systems. Sponsored by the National Security Agency, CDX challenges each academy team to design, build and configure a real-world computer network simulating a deployed joint service command. http://www.gcn.com/vol1_no1/daily-updates/35786-1.html - - - - - - - - - - Cisco's RFID privacy tracker Cisco, Intel and BT have announced a joint initiative focused on wireless security. In particular, they aim to ensure that equipment supports the new WPA2 standard the brand name for the 802.11i specification from the outset. They aim to boost confidence in wireless security, but the alliance can also be seen as an attempt by a few giants to sew up the most lucrative part of the Wi-Fi market under the guise of secure platforms. http://www.crime-research.org/news/12.05.2005/1222/ Defense taps Alien for RFID technology http://www.gcn.com/vol1_no1/daily-updates/35785-1.html Six win RFID reader deals http://www.fcw.com/article88847-05-12-05-Web - - - - - - - - - - New HP Notebooks Focus on Security Hewlett-Packard Co's latest series of notebooks for business security carries features that take into consideration what a business user wants in a laptop. "The HP notebooks are built around three core values of ease of use, reliability and security. These are what customers value in a laptop," said Philip Devlin, HP's product marketing manager, mobile business unit, imaging and personal systems group, Asia-Pacific and Japan. http://www.it-observer.com/news.php?id=5064 - - - - - - - - - - Survey: Nearly half have gotten 'phishing' lures Rebecca Tennille considered herself a savvy consumer, but when she got an e-mail that looked like it was from her bank, she followed its instructions to go to a Web site to verify some personal information. ``It struck me for about two seconds that I should do a little research, but I've got a toddler and I had so much to do,'' said Tennille, of Birmingham, Ala. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11629428.htm 'Phishing' e-mails widespread, survey finds http://www.msnbc.msn.com/id/7829153/ - - - - - - - - - - Security gripes? Microsoft feels your pain It's not news to Microsoft that many, if not most, average Windows users have gripes about their PC experiences. In response, the software company is unveiling on Friday a new subscription- based computer fix-it service, aimed at automatically patching security holes, blocking viruses and spyware, and generally automating the chores of maintaining a computer's health. http://news.zdnet.com/2100-1009_22-5705430.html - - - - - - - - - - Software makers ignoring anti-piracy technology in favour of sales Have software makers deliberately avoided stringent protection measures to avoid scaring customers away? In the aftermath of the conviction of four members of the DrinkorDie gang for conspiracy to defraud, security experts have hit out at software companies for not putting enough effort into protection methods. http://news.zdnet.co.uk/internet/security/0,39020375,39198236,00.htm US anti-spyware bill rises from the ashes http://news.zdnet.co.uk/internet/security/0,39020375,39198094,00.htm - - - - - - - - - - 419ers invade Skype chat Nigerian 419 stories are like London buses - you wait ages for one and then a whole rack of 'em turn up at once. And indeed the following has just rolled in from reader Paul Garnett, who received a very tempting offer via Skype chat: http://www.theregister.co.uk/2005/05/12/419ers_invade_skype/ - - - - - - - - - - SBC to Offer VOIP 911 Service SBC Communications Inc., the nation's second- largest telephone company, said Wednesday that it would offer a product to help Internet phone companies connect customers to 911 dispatchers. The service will let providers of calling based on voice over Internet protocol, or VOIP, give customers the same 911 services available to subscribers of landline phone companies, San Antonio-based SBC said in a statement. (LA Times article, free registration required) http://www.latimes.com/technology/la-fi-sbc12may12,1,1708442.story *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.