NewsBits for May 26, 2005 ************************************************************ Teen hacker goes down down under A 15 YEAR old Kiwi hacker has been sentenced to three months in a juvenile detention centre and his mum ordered to pay $1496.50 in reparations. The youth was charged with accessing a computer for a dishonest purpose, causing loss by deception, and theft. - - - - - - - - - - Federal Law Enforcement Announces Operation D-Elite, Crackdown on P2P Piracy Network. Acting Assistant Attorney General John C. Richter of the Criminal Division, Homeland Security Assistant Secretary for Immigration and Customs Enforcement Michael J. Garcia, and Assistant Director Louis M. Reigel of the FBI's Cyber Division today announced the first criminal enforcement action targeting individuals committing copyright infringement on peer-to-peer (P2P) networks using cutting edge file-sharing technology known as BitTorrent. - - - - - - - - - - Kids nurse charged with child porn A FORMER nurse at the only dedicated children's hospital in Perth has been charged with possessing child pornography. Following a raid on the Beaconsfield home of a 44-year-old man in February, forensic analysis of his computer led police to lay the charges this morning. If convicted, the man will have to provide his details to the state's pedophile register.,5478,15415739%5E1702,00.html - - - - - - - - - - TV exec arrested on suspicion of receiving, distributing child porn A 62-year-old television executive was arrested Wednesday on suspicion of receiving and distributing child pornography over the Internet, officials said. Agents with the Immigration and Customs Enforcement Agency served a search warrant at the Van Nuys apartment of Anthony Logan, a partner with Beverly Hills-based CineVision and the writer and director of the live art auction show "Fine Art Treasures.",1413,200~20954~2888685,00.html - - - - - - - - - - Police seize computer Investigators seized a computer from a Provo residence Wednesday and said they have identified a man they believe secretly recorded the online activities of Brigham Young University students who used four campus computers last month. The computer seized Wednesday morning does not belong to the man, who hasn't been contacted by police, campus police Lt. Arnie Lemmon said. "We have developed a suspect," Lemmon said. "We will be interviewing that suspect next week.",1249,600136721,00.html - - - - - - - - - - RIAA takes new shots at Internet2 swappers The Recording Industry Association of America filed lawsuits against people at 33 university campuses accused of using the high-speed Internet2 network to swap music files, the group said Thursday. The actions follow a first set of lawsuits focusing on this network last month. The group also said it had filed an additional 649 lawsuits against people making music files available on traditional file- swapping networks. - - - - - - - - - - Witty worm traced to Europe A year after the Witty worm infected over 12,000 servers worldwide in just 75 minutes, researchers say they have discovered where the worm started and that the attack might have been an inside job. Witty hit the Internet on March 19, 2004, taking 'advantage of a flaw in products from Internet Security Systems (ISS), including RealSecure and BlackIce. Its payload was malicious, corrupting the information on a system's hard drive. The worm crashed nearly half the systems it infected. - - - - - - - - - - GAO: DHS cybersecurity plans need more work The U.S. Department of Homeland Security must do more to protect the nation's critical information infrastructure, according to a report released today by the Government Accountability Office. While the agency has begun efforts to fulfill its cybersecurity duties, "it has not fully addressed any of the 13 [primary] responsibilities, and much needs to be done," the GAO said.,10801,102049,00.html - - - - - - - - - - Sweden's Parliament OKs Anti-Piracy Law Sweden's Parliament on Wednesday made it illegal to download copyright material from the Internet and approved measures to discourage people from burning copies of CDs and DVDs. The law, which takes effect July 1, also bans technology and software used to circumvent protections on copyright material, including music, movies and games. - - - - - - - - - - Hacker Hunters An elite force takes on the dark side of computing In an unmarked building in downtown Washington, Brian K. Nagel and 15 other Secret Service agents manned a high-tech command center, poised for the largest-ever roundup of a cybercrime gang. A huge map of the U.S., spread across 12 digital screens, gave them a view of their prey, from Arizona to New Jersey. It was Tuesday, Oct. 26, 2004, and Operation Firewall was about to be unleashed. The target: the ShadowCrew, a gang whose members were schooled in identity theft, bank account pillage, and the fencing of ill- gotten wares on the Web, police say. - - - - - - - - - - Microsoft's Own Tool May Impede Windows' Anti-Piracy Effort Microsoft's anti-piracy program, Windows Genuine Advantage, can be easily sidestepped, perhaps frustrating the Redmond, Wash.-based developer's plans to check the use of unlicensed copies of Windows. - - - - - - - - - - Phishing flaw catches Xbox 360 site Microsoft has patched a potentially dangerous flaw on its website after security experts warned the software giant of a cross-site scripting vulnerability which could be exploited by hackers to launch phishing attacks. - - - - - - - - - - ZoneLabs Multiple Products Vet Engine Heap Overflow Vulnerability A critical vulnerability was identified in multiple ZoneLabs products, which may be exploited by remote attackers to execute arbitrary commands. This flaw is due to a heap overflow error in the Vet Antivirus engine (VetE.dll) when analyzing the OLE stream and processing malformed VBA macro object headers, which may be exploited by remote attackers to execute arbitrary commands by sending a specially crafted VBA project name record to a vulnerable application. Net-SNMP Fixprox Insecure Temporary File Creation Vulnerability Computer Associates Vet Library Remote Heap Overflow Vulnerability IPswitch IMail Bugs Let Remote Users View Files and Execute Arbitrary Code Cisco ACNS Can Be Crashed With Specially Crafted Compressed DNS Data - - - - - - - - - - Photos to Fight Phishing? In a bid to stave off phishing attacks, Bank of America is offering a new service that allows online customers to verify that they are indeed at the bank's official site by displaying an image that the customer supplies in advance. The free service, called SiteKey and developed by Passmark Security of Redwood City, Calif., lets customers pick any image they have, then write a brief phrase and select three "challenge questions." Bank of America takes on cyberscams Bank of America takes on cyberscams Banks Alert Customers Of Data Theft Egg questions security plan - - - - - - - - - - Device drivers filled with flaws, threaten security The uneven skills of driver programmers have left a legion of holes in software that ships with Windows and Linux, security experts say. Operating system vendors and hardware makers should commit more resources toward systematically auditing Windows and Linux device-driver code for flaws, security researchers say. - - - - - - - - - - CIA war game simulates major Internet attack The CIA is conducting a cyber-war game this week geared to simulate a major Internet attack by enemy computer hackers, an intelligence official said today. Dubbed Silent Horizon, the three-day unclassified exercise is based on a scenario set five years in the future and involves participants from government and the private sector.,10801,102065,00.html - - - - - - - - - - IBM Transmits Info Under Cover IBM has created new software that helps companies share information without revealing its origin, a breakthrough at a time when protecting user identities remains a major challenge. DB2 Anonymous Resolution helps customers share records or documents with other organizations while protecting the identity of individuals involved in a data exchange. - - - - - - - - - - HP aims to help governments check IDs Hewlett-Packard launched a product on Friday that helps governments check the digital identity of citizens. The technology, called the HP National Identity System, is designed to be used in conjunction with a number of Microsoft products, including its .Net line of server, database and middleware programs. The companies plan to jointly develop, market and offer training for the authentication system. The product can be used to authenticate visitors to government Web sites, to control access to services and manage citizens' online identity, HP said. - - - - - - - - - - Technology's no protection against malcontents Hardware and perimeter defenses will not protect an organization from a vengeful or greedy hacker, according to Steven Branigan, former Bell Communications senior systems engineer and founding member of the New York City Electronic Crimes Task Force.,10801,102028,00.html - - - - - - - - - - Passwords are history as school rolls-out fingerprint registration A school in Stockholm has reduced the time students spend logging on to computer systems in class by up to 50 per cent, by introducing a fingerprint registration system. More than 450 students and teachers can access the school's computer network faster using the system, by reducing the amount of time lost during a 40- minute lesson by teachers having to find out children's passwords. Get used to biometrics, travelers told - - - - - - - - - - Honeynet traps the unwary Some people just won't learn, according to the University of Washington's David Dittrich, a speaker at this week's AusCERT security conference on the Gold Coast. In his 15 years with the university, Mr Dittrich has had a lot of experience with security incidents but didn't expect computer users to be so reticent to learn about the dark side of computing. - - - - - - - - - - Bluetooth Security Review, Part 2 In part 1 of this article, we introducted Bluetooth and some of its security and privacy issues, including how it is detected and some implementation issues from various mobile phone vendors. Now in part 2 we look at Bluetooth viruses, several unpublished vulnerabilities in Symbian based phones, and then moves on to discuss "Blue tag" tracking, positioning, and privacy issues. *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2005,, Campbell, CA.