High Tech "NewsBits" for 06/01/05

NewsBits for June 1, 2005 ************************************************************ FBI Probes Theft of Justice Dept. Data The FBI is investigating the theft of a laptop computer containing travel account information for as many as 80,000 Justice Department employees, but it is unclear how much personal data are at risk of falling into the wrong hands. Authorities think the computer was stolen between May 7 and May 9 from Omega World Travel of Fairfax, which is one of the largest travel companies in the Washington area and does extensive business with government agencies. http://www.washingtonpost.com/wp-dyn/content/article/2005/05/31/AR2005053101379.html - - - - - - - - - - Top Israeli firms implicated in corporate spyware scandal It started out as a family feud. But a small-time computer break-in has erupted into Israel's biggest business scandal in decades, reaching into some of the country's powerful corporate suites and jolting the cozy world of the industrial elite. Top Israeli blue chip companies, including a high-tech giant that trades in New York, are suspected of using illicit surveillance software to steal information from their rivals and enemies. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11789967.htm 'Trojan horse' scandal rocks Israel http://www.cnn.com/2005/TECH/06/01/israel.computer.breakin.ap/index.html - - - - - - - - - - Former nurse faces child porn charges A former Perth nurse has been released on bail after appearing in court on child pornography charges. It is alleged a computer at Eamon Albin Starrett's Fremantle home contained images of child pornography and obscene articles. Starrett, who worked at Princess Margaret Hospital, pleaded not guilty to the offences at the Fremantle Magistrates Court. He represented himself during the brief appearance and was remanded for legal advice before his next appearance in a week. http://www.abc.net.au/news/newsitems/200505/s1381230.htm - - - - - - - - - - New Mytob worm poses as IT administrator It warns recipients that their e-mail accounts are about to be suspended. Another variant of the Mytob worm began wiggling its way into in-boxes this week, enticing recipients to open an e-mail attachment that could allow a remote hacker to access and perform commands on an infected machine. http://www.computerworld.com/securitytopics/security/hacking/story/0,10801,102152,00.html http://www.newsfactor.com/story.xhtml?story_id=001000000ROP More Bagle, Mytob offshoots wriggle free http://news.zdnet.com/2100-1009_22-5726802.html Malware variant trend reflects police action http://news.zdnet.co.uk/internet/security/0,39020375,39201363,00.htm - - - - - - - - - - Virus Top 10: Sober return topples Zafi The return of Sober (variant N) has seen it rocket to the top of the current threat list, heading the chart of most prolific viruses during the past month. IT managers in their daily firefight against viruses saw a massive spike in the instances of Sober-N as it displaced Zafi-D atop the 'least wanted' list provided by antivirus firm Sophos. http://software.silicon.com/security/0,39024655,39130882,00.htm Sober worm tops May viral charts http://www.theregister.co.uk/2005/06/01/may_virus_chart/ http://www.vnunet.com/vnunet/news/2137384/sober-worm-storms-summer-charts - - - - - - - - - - Study: U.S. residents at risk for online exploitation Almost half couldn't identify 'phishing' e-mail scams U.S. Internet users are dangerously ignorant about the type of data that Web site owners collect from them and how that data is used, according to a new study by the University of Pennsylvania's Annenberg Public Policy Center. The lack of awareness makes U.S. Internet users vulnerable to online exploitation, such as misuse of personal information, fraud and overcharging, the study said. http://www.computerworld.com/securitytopics/security/story/0,10801,102155,00.html - - - - - - - - - - EU executive wants phone logs for up to a year A bill for mandatory logging of e-mails, phone calls and other electronic communications to combat terrorism and fraud will limit data storage to a year at most, the European Commission said on Wednesday. Viviane Reding, commissioner for information society and media, said a similar proposal put forward by four member states in 2004 wanted data to be stored for three to four years, which she said would impose a costly burden on phone and Internet companies. http://news.zdnet.com/2100-1009_22-5727670.html - - - - - - - - - - Hackers could force ransom victims to do 'dirty work' Hackers could try to ransom PC users' data in an attempt to draw then into their schemes and force them to do the thieves' 'dirty work' according to analyst house Gartner. Last week it was revealed that online extortionists are remotely encrypting users files on PCs and then demanding money for the key to decode the information. http://software.silicon.com/security/0,39024655,39130891,00.htm - - - - - - - - - - FBI warns of cell phones aloft The FBI and Department of Homeland Security are objecting to a proposal to permit the use of cellular telephones and other wireless devices on airplanes. Unless telecommunications providers follow a lengthy list of eavesdropping requirements for calls made aloft, the FBI and Homeland Security don't want cellular or wireless connections to be permitted. http://news.zdnet.com/2100-1035_22-5726850.html Mobile plane ban protects us from terrorists - FBI http://www.theregister.co.uk/2005/06/01/fbi_opposes_air_mobiles/ FCC told to hang up on midair cell phones http://www.msnbc.msn.com/id/8063420/ - - - - - - - - - - Employers must shred personal data Starting Wednesday, employers must destroy personal information about their employees before they throw it out if they got the information from a credit report. That means "shredding or burning" paper documents or "smashing or wiping" computer disks. All employers — even if they have only one worker — are covered by the new regulations, which are part of the Fair and Accurate Credit Transactions Act passed in December 2003. http://www.usatoday.com/tech/news/techpolicy/2005-05-31-id-theft-usat_x.htm Discarded Hard Drives Still Contain Data http://www.newsfactor.com/story.xhtml?story_id=001000000RPP States Keep Watchful Eye on Personal-Data Firms http://www.washingtonpost.com/wp-dyn/content/article/2005/06/01/AR2005060100359.html - - - - - - - - - - Security Patch Watch Network security vendor Symantec has released a patch to fix a security flaw in its enterprise- facing Brightmail AntiSpam software. In a published advisory, Symantec Corp. warned that the flaw can be exploited by malicious hackers to bypass security restrictions. Affected software includes Symantec Brightmail AntiSpam 4.x through 6.x. http://www.eweek.com/article2/0,1759,1822529,00.asp Nortel issues patch for router VPN flaw http://www.computerworld.com/securitytopics/security/story/0,10801,102151,00.html - - - - - - - - - - Cameras to Scan for Bootleg DVD Sales Los Angeles police and movie industry officials unveiled new surveillance cameras in downtown Los Angeles aimed at stemming the city's thriving bootleg DVD business. The Motion Picture Assn. of America donated $186,000 for the 10 pole-mounted cameras, which will monitor movie piracy activity in the Fashion District. The cameras are similar to those installed around Hollywood Boulevard and MacArthur Park. (LA Times article, free registration required) http://www.latimes.com/technology/la-fi-rup1.3jun01,1,3082423.story - - - - - - - - - - ID cards plan faces increased hostility The government's plans for national identity cards are facing a series of setbacks after the legislation was reintroduced to parliament last week. Experts at the London School of Economics (LSE) say costs could rise as high as Ł300 per person, on top of infrastructure costs of Ł18bn, according to a report seen by The Observer. http://www.vnunet.com/computing/news/2137408/id-cards-plan-faces-increased-hostility - - - - - - - - - - Making Security Products Smarter Frost & Sullivan analyst Nitin Acharekar sees end-point security and identity management as two emerging industry strategies. "The first checks the integrity of the end-point before it is allowed access to the network, while the second checks the identity of the person trying to log in," Acharekar said. http://www.newsfactor.com/story.xhtml?story_id=001000000QWC - - - - - - - - - - Spam hurts developing countries most, OECD says Spam may be a global problem but it's hurting Net users in developing countries more than their counterparts in industrialized nations, according to a new report by the Organization for Economic Cooperation and Development (OECD) in Paris. http://www.it-observer.com/news.php?id=5156 - - - - - - - - - - NSA finds novel intel answers in Glass Box The National Security Agency is teasing intelligence information out of massive federal databases via a program that uses innovative methods to discover hidden results and improve analyst performance. The Glass Box program has been using unclassified, open-source information for three years to produce information used by the Novel Intelligence from Massive Data program, according to contractor Battelle Memorial Institute of Columbus, Ohio. http://www.gcn.com/vol1_no1/daily-updates/35953-1.html - - - - - - - - - - Military VoIP plans to benefit private sector The UK's Ministry of Defence is planning to deploy Internet telephony services. The companies providing it say security enhancements from the project will benefit all. BT has announced a partnership with Nortel to provide managed IP services to the Ministry of Defence (MoD) that could, they say, result in improved security around emerging VoIP technology. http://news.zdnet.co.uk/0,39020330,39201547,00.htm VoIP 'has reached the mainstream' http://news.zdnet.co.uk/communications/networks/0,39020345,39201365,00.htm - - - - - - - - - - Preserving Digital Evidence to Bring Hackers and Attackers to Justice Legislators have done their parts by strengthening computer crimes laws, but it's still more difficult to track down and prosecute those who intrude into our networks and steal our data than catching and punishing those who break into our homes or offices. One reason is the nature of digital evidence. To obtain a criminal conviction, you must present evidence in court, but in order to be admissible in court, evidence must be preserved and handled to ensure that it hasn't been changed. http://www.computerworld.com/securitytopics/security/story/0,10801,102157,00.html - - - - - - - - - - Employee Training & Education Can Mitigate Threats Security isn’t only about protecting your network from external threats; it’s also about protecting against threats from within. The first step to security is awareness; therefore, it’s important that all your employees know not only the potential threats but also how to recognize and prevent such threats. Education and awareness empowers each employee with the knowledge of his role in protecting the organization’s network. This, in turn, will go a long way toward mitigating risk. http://www.it-observer.com/news.php?id=5155 The Security Risks Of Desktop Searches http://computerworld.com/securitytopics/security/story/0,10801,102159,00.html - - - - - - - - - - Employer monitoring: It's a small world after all Banish the notion forever that you are alone at work when performing your various job functions. Indeed, as just one example of workplace monitoring, according to the 2005 Electronic Monitioring & Surveillance Survey by the American Management Association and the ePolicy Institute, 76% of employers monitor Web site connections of employees. The survey explains that monitoring takes various forms, with 36% of employers tracking content, keystrokes and time spent online. http://www.usatoday.com/tech/columnist/ericjsinrod/2005-06-01-employer-monitoring_x.htms - - - - - - - - - - Beware the crime lords of the internet The romantic, almost noble notion of the lone-gunman hacker popularised in films such as War Games and Hackers has been replaced by a crude reality - they are usually criminals and they are far better organised than we are. Organised crime syndicates with thousands of members are turning to hacking and spamming techniques to dupe innocent internet users out of millions of dollars annually, delegates to this year's AusCERT security conference were told. http://smh.com.au/articles/2005/05/30/1117305534401.html - - - - - - - - - - An open letter to the incoming cyberczar Editors' note: On May 18, the House of Representatives approved a reorganization of the Department of Homeland Security that would create an assistant secretary for cybersecurity. The Senate is expected to follow suit soon, and the post is likely to be filled by summer's end. http://news.zdnet.com/2100-1009_22-5727973.html - - - - - - - - - - Book Excerpt: Silence on the Wire This excerpt from Chapter 5 of Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks is posted with permission from No Starch Press (copyright 2005). http://www.computerworld.com/securitytopics/security/story/0,10801,102150,00.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.