NewsBits for May 25, 2005 ************************************************************ FBI probes Stanford computer breach Personal data on nearly 10,000 people stolen. The FBI is investigating a computer security breach at Stanford University that resulted in the theft of personal data including letters of recommendation and Social Security numbers for nearly 10,000 people. - - - - - - - - - - Police: No evidence that money taken from compromised bank accounts Four large banks have not reported any money missing from the accounts of thousands of customers whose financial information may have been stolen by bank employees and sold to collection agencies, a police investigator said Wednesday. Since the case came to light nearly a month ago, Hackensack police have heard from several people regarding suspicious account or credit card activity, but have not yet found a connection, said Capt. Frank Lomia, commander of Hackensack's detectives. - - - - - - - - - - Italy investigating 186 over child torture site Italian police are investigating 186 people including three priests after uncovering an Internet pornography site for pedophiles that showed young children being tortured, an official said Tuesday. Police said the anonymous web site had been protected by a password and was only accessible for nine days last year in an apparent effort to avoid detection.,1413,203~21481~2885868,00.html - - - - - - - - - - Former Bus Driver Pleads Guilty To Child Porn Charges A former Burnsville, Minn. school bus driver was sentenced to 30 days in jail and fined $700 Tuesday after pleading guilty to possessing child pornography. Dakota County District Judge Leslie Metzen also placed Bryan W. Rein, 41, of Lakeville, Minn. on probation for up to five years. - - - - - - - - - - Authorities shut down Web site in piracy crackdown Federal raiders. Internet pirates. Intergalactic screen adventures. The government announced a crackdown Wednesday on the theft of movies and other copyrighted materials that has the elements of a movie plot. Federal agents shut down a Web site that they said allowed people to download the new Stars War movie even before it was shown in theaters. The Elite Torrents site was engaging in high-tech piracy by letting people download copies of movies and other copyright material for free, authorities said. - - - - - - - - - - Teen hacker goes too far A TEEN who tried to bump up his grades to an A by hacking into his schools computer system, accidentally revealed his cunning plan to officials. It seemed like a good idea; break into the schools network and change your grade to an A. However, due to a feature in the schools record keeping software, he actually managed to turn everyone elses grade into an A. - - - - - - - - - - PGP use ruled relevant in child abuse case A Minnesota appeal court has ruled that a trial judge was within his rights to allow police evidence about the presence of an encryption program on a defendant's computer to be admitted in a child abuse case. The ruling came as the Minnesota State Court of Appeals rejected an appeal by David Levie against his conviction for soliciting a nine-year- old girl into posing naked for digital pictures. - - - - - - - - - - Trojan attack takes files hostage Virus writers have taken to extortion with malicious code that can hold documents on infected PCs hostage. The attack attempts to extort money from victims by encoding files on their PCs using a Trojan horse before requesting payment for a decoder tool.,39020330,39199958,00.htm Hackers move into information kidnap - - - - - - - - - - Yahoo! phishing attack targets Star Wars fans Hackers are exploiting interest in the new Star Wars film to harvest Yahoo! login credentials. The attack is initiated when a user clicks on a malicious link sent to them from a user on their buddy list. Once at the website, the user is encouraged to enter their Yahoo credentials. Upon activation, a Trojan collects Yahoo! credentials and then sends messages out to a user's buddy list whether the IM client is logged in or not. - - - - - - - - - - Directors disqualified for PS3m internet scam Two businessmen behind a dodgy internet holiday scam that netted PS3m have been disqualified as directors. Nigel Moore of Liverpool Road, Chester, and Paul Charleston of Las Palmeiras, Spain, agreed not to run companies for the next ten years after fleecing PS3m from unwary punters over a two-year period, the DTI (Department of Trade and Industry) said today. - - - - - - - - - - FTC Would Kill the Messenger Home computer users who unwittingly send out spam e-mail should be disconnected from the internet until their machines are fixed, the Federal Trade Commission said on Tuesday. The FTC said it would ask 3,000 internet providers worldwide to make sure that their customers' computers haven't been hijacked by spammers who want to cover their tracks and pass bandwidth costs on to others.,1367,67640,00.html - - - - - - - - - - Homeland Security budget boosts cybersecurity Information security could get greater focus now that the House budget bill calls for creating a high-level cybersecurity position at the Homeland Security Department. DHS would get $34.2 billion in fiscal 2006 as the result of a bill that received almost unanimous approval in the House last week. It is the department's first complete reauthorization since the Homeland Security Act creating DHS was passed in 2002. - - - - - - - - - - Russian cybercrime statistics According to the Infiormation center of the Ministry of Internal Affairs of the Russian Federation, 13723 computer crimes were committed in Russia last year. It makes a twofold increase over the previous number of 7052 cyber crimes in 2003. These crimes were committed in violation of the following articles of the Russian criminal code. - - - - - - - - - - Aust computer crime impact down, says survey The impact of computer crime and security incidents on organisations has decreased over the past year, but the fight against malware and hackers is far from over, according to the Australian Computer Crime and Security Survey 2005.,2000061744,39193086,00.htm - - - - - - - - - - Private data left on retired computers State agencies failed to remove private information before retiring outdated state computers, risking public disclosure of Social Security and credit card numbers, medical records and income taxes, a new report discloses. The legislative audit, obtained Tuesday, blamed unclear state policy for the computer hard drives not being properly "scrubbed" before the machines were donated to school districts, given to other state agencies or sold to the public. - - - - - - - - - - Database Hackers Reveal Tactics Three young hackers under investigation for unlawfully accessing personal information on thousands of people in a LexisNexis database have characterized their act as a cyberjoyride that got out of hand. The hackers, ages 16, 19 and 20, spoke with Wired News by phone Monday and said that in January and February they accessed LexisNexis data -- which included the Social Security number, birth date, home address and driver's license number of numerous celebrities and hacker friends -- to claim bragging rights, rather than to steal identities or sell the information to identity thieves, as some published reports have stated.,1367,67629,00.html - - - - - - - - - - Stealth virus warning sounded again Kaspersky Labs has warned that malware authors have worked out that there is more money to be made from causing many low-key virus infestations than single, massive outbreaks. Virus authors are choosing not to create global epidemics such as Melissa or Blaster because that distracts them from their core business of creating and selling botnets, according to antivirus experts.,39020369,39199961,00.htm - - - - - - - - - - NISCC warns on Cisco IP phone flaw A flaw in the way certain bits of Cisco's Internet telephony kit interpret DNS information could open them up to attack, according to the Government's cybersecurity group. A software flaw that could crash Cisco's IP phones has been discovered, and the networking company has issued a patch to fix the problem.,39020375,39199956,00.htm - - - - - - - - - - Ipswitch flaws leave 50 million e-mail users at risk Ipswitch has patched several security flaws in its widely used email and communications server software, the worst of which could allow an anonymous attacker to take over a system from the Internet. The flaws affect the latest version of the Ipswitch Collaboration Suite (ICS), which includes e-mail, calendaring, contact list sharing and other communications components, but earlier versions are also thought to be vulnerable. - - - - - - - - - - Apple fixes hole in Keynote Apple Computer on Wednesday released a security update for its Keynote presentation application. The Keynote 2.0.2 update fixes a flaw that could allow an attacker to access files on a Mac by crafting a malicious Keynote presentation, Apple said in a security advisory. - - - - - - - - - - Phishing flaw catches Xbox 360 site Microsoft patches after phishing attack warning. Microsoft has patched a potentially dangerous flaw on its website after security experts warned the software giant of a cross-site scripting vulnerability which could be exploited by hackers to launch phishing attacks. - - - - - - - - - - Russians Use Affiliate Model To Spread Spyware, An online business based in Russia will pay Web sites 6 cents for each machine they infect with adware and spyware, security researchers said Tuesday, calling the practice "awful." Senators urge international copyright crackdown - - - - - - - - - - CIA: Take That, Cyberterrorism! The CIA is conducting a war game this week to simulate an unprecedented, Sept. 11-like electronic assault against the United States. The three-day exercise, known as "Silent Horizon," is meant to test the ability of government and industry to respond to escalating internet disruptions over many months, according to participants. They spoke on condition of anonymity because the CIA asked them not to disclose details of the sensitive exercise taking place in Charlottesville, Virginia, about two hours southwest of Washington.,1283,67644,00.html - - - - - - - - - - Meet the teen whos teaching policemen how to be ethical hackers Neeraj Pattath (17) is quite the average teenager. Hes appeared for his SSC exams. He hates math. He loves surfing the Net. Theres just one major difference. For the last three months, Pattath has been helping teach policemen how to detect and solve cyber crimes at Worlis Mumbai Cyber Lab. A joint venture by the National Association of Software and Service Companies (Nasscom) and the Mumbai Police, the lab was initially meant exclusively for city police officers. - - - - - - - - - - Antiphishing toolbar for Firefox released Internet services company Netcraft has released a version of its toolbar for Firefox. The plug-in can help users of the Web browser avoid phishing scams, the company said. - - - - - - - - - - U.K. jumps back on the biometric ID-card bandwagon It reintroduced its plans while pledging to protect civil liberties. The U.K. government today reintroduced its high-tech plans for a national identity card program using biometric technology, this time promising to answer concerns raised by the opposition parties earlier in the year over civil liberties and the Home Office's ability to oversee large-scale IT projects.,10801,102011,00.html,39020645,39199973,00.htm ID card plans are back and 'more popular',39024677,39130699,00.htm UK ID scheme rides again, as biggest ID fraud of them all ID cards: Part II EU biometric visa trial opts for the tinfoil sleeve - - - - - - - - - - Doors opening for outsourced security Chris Hoff isn't ready to throw caution to the wind, but the CIO is defying the conventional mindset about outsourcing enterprise security. To keep operations safe at Western Corporate Federal Credit Union-- known to some as the "credit union to credit unions" --Hoff has a long list of security issues to consider. And for one important element of WesCorp's defense-- testing its IT systems for potential weak points--he signed on with an outside software provider, Qualys. - - - - - - - - - - IP v.6-capable? That depends on your definition of capable The first step in the Defense Departments policy of moving its IT systems to Version 6 of the Internet Protocols was to begin purchasing only IP v.6-capable products by October 2003. It turns out that this is easier said than done. - - - - - - - - - - FBI outlines new IT system The FBI has learnt a costly lesson from its disastrous attempt to upgrade its IT systems in the wake of the 9/11 attacks. The "Virtual Case File" system cost $170m and was abandoned in January 2005. It aimed to give access to all FBI files from any office. The federal commission which investigated the attacks was highly critical of FBI information systems after it emerged they had information which could have pointed to an attack. FBI: Computer upgrade cost still unknown *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2005,, Campbell, CA.