NewsBits for June 6, 2005 ************************************************************ Citi notifies 3.9 million customers of lost data CitiFinancial, the consumer finance division of Citigroup Inc., said Monday it has begun notifying some 3.9 million U.S. customers that computer tapes containing information about their accounts including Social Security numbers and payment histories have been lost. Citigroup, which is based in New York, said the tapes were lost by the courier UPS Inc. in transit to a credit bureau.,1848,67766,00.html,10801,102296,00.html - - - - - - - - - - Hacker hits Duke system A hacker broke into the Duke University Medical Center computer system last week, stealing thousands of passwords and fragments of Social Security numbers, Duke officials said Friday. Duke is notifying about 14,000 people, roughly 10,000 of whom are medical center employees, that their information may have been compromised and is advising people to change passwords if they use the same one for multiple purposes. - - - - - - - - - - Hacker for July sentencing A Dunedin academic who admitted hacking into his ex-employer's system in the US caused $8290 worth of damage, not the $US441,122.50 ($NZ627,396) claimed by the victim, a district court judge ruled last week. In March 2004 the man became the first New Zealander charged by police under anti-hacking legislation.,2106,3304699a28,00.html - - - - - - - - - - Online gamers targeted in Korean MSN hack attack More details have emerged about a hacking attack that left MSN's South Korean portal booby trapped with password-pinching malware. The attack targeted subscribers to Lineage, an online game with 4m users, largely in Asia. It's unclear how many users were clobbered by the assault. Police and Microsoft specialists have begun an investigation into the attack. Microsoft Forgets To Patch Korean Web Server, Hackers Swipe Passwords - - - - - - - - - - Child porn: Russian man sentenced A man of Ekaterinburg, Russia, was tried and sentenced in charges of distribution of child porn. The accused was condemned to three-years conditional sentence plus 2 years of probation. According to Interfax, main investigation department of Sverdlovsk together with English High-Tech Crime Unit revealed distributors of child porn involving images of 7-14 year-old children in Ekaterinburg. - - - - - - - - - - Role Reversal: Audit Uncovers Gaps in SEC's IT Controls The shoe is on the other foot at the U.S. Securities and Exchange Commission after an audit of the agency's 2004 financial statements revealed that the chief enforcer of the Sarbanes-Oxley Act had "numerous" information security control weaknesses of its own.,10801,102235,00.html - - - - - - - - - - State to promote cybersecurity awareness You may think its just another June, but in fact this month will be the State Departments Cybersecurity Awareness Month. Between June 7 and June 29, the Diplomatic Security Bureaus Computer Security Office and the Information Resources Management Bureaus Information Assurance Office will sponsor the project to improve employees understanding of proper security procedures. - - - - - - - - - - Mytob Morphs Again, Targets Windows The latest Mytob virus employs some of the same techniques used by its predecessors to get e-mail recipients to open the attachment and thus launch the malware. Subject lines of the bogus e-mails appear to be security warnings themselves. - - - - - - - - - - Phishers hit 79 brands in April A report into April's phishing activity by the Anti-Phishing Working Group (APWG) showed that 79 companies were targeted in April 2005. The bulk were financial institutions but ISPs made up over 10 per cent of targets for the first time, and phishing attacks against retail companies rose sharply during the month. Phishers get smarter,39020375,39202003,00.htm - - - - - - - - - - Hackers plot to create massive botnet Computer Associates has warned of a co-ordinated malware attack (CMA) described as among the most sophisticated yet unleashed on the net. The attack involves three different Trojans Glieder, Fantibag and Mitglieder in a co-ordinated assault designed to establish a huge botnet under the control of hackers. - - - - - - - - - - Computer crime: bluetooth vulnerable to hacker attacks Cryptographers have discovered a way to hack Bluetooth-enabled devices even when security features are switched on. The discovery may make it even easier for hackers to eavesdrop on conversations and charge their own calls to someone elses cellphone. - - - - - - - - - - An Internet resource for fighting mortgage fraud To combat the rising number of mortgage fraud cases nationwide, the Mortgage Bankers Assn. has launched an online anti-fraud resource center. The website, which features fraud alerts and mortgage-industry news, aims to help lenders "prevent, investigate, and combat mortgage fraud," according to the site. (LA Times article, free registration required),1,4693323.story - - - - - - - - - - Tools Help Keep Bugs Out From The Beginning Troubleshooting security problems in software that runs the business is a high priority for IT staffs. But there's a growing recognition that catching vulnerabilities during development should be an even higher one. - - - - - - - - - - Using Corporate Logos to Beat ID Theft When it comes to identity theft, a picture is worth a thousand words, according to executives at e-mail authentication startup Iconix Inc., which launched last week. The Mountain View, Calif., company's technology uses corporate logos to distinguish legitimate e-mail messages from those that fake, or spoof, their origin. Iconix is preparing to announce its first product next quarter, said company officials.,1759,1822978,00.asp - - - - - - - - - - McAfee Shifts Its Focus to Intrusion Prevention On the eve of McAfee Inc.'s annual meeting with financial analysts last week, Gene Hodges, president of the Santa Clara, Calif.-based company, spoke with Computerworld about McAfee's enterprise strategy and its plans to add new network access-control products next year.,10801,102237,00.html - - - - - - - - - - MCI, AT&T Beef Up Managed Service Security Responding to an increase in threats, as well as demands from its customers, MCI Inc. will announce a new service this week to protect its managed services customers from DDoS attacks, according to an MCI executive.,1759,1822986,00.asp Cisco Launches DDoS Protection Service,1759,1824608,00.asp Microsoft lets your IT manager wipe your phone,39024655,39130995,00.htm - - - - - - - - - - Tablus, PortAuthority Unveil Security Tools Updates aim to boost protection against data thefts. Two new content-monitoring tools to be released this week will add to the growing number of options for security managers looking to protect sensitive data against compromises and theft. Tablus Inc. in San Mateo, Calif., and PortAuthority Technologies Inc. (formerly Vidius Inc.) will both release updated versions of their respective technologies this week.,10801,102243,00.html - - - - - - - - - - Virtual Directories Corral IDs The next big thing in identity management is virtual directories. And we do mean big: big potential for big returns, with big questions still remaining. Virtual directories can significantly change the way identity information is used in midsize and large organizations and can reduce the technical and cost barriers of identity management. However, IT managers must commit to centralizing application access to authoritative data sourcesno small task in today's global work force.,1759,1823113,00.asp - - - - - - - - - - Anti-Spyware Efforts Trump the Law Congress is considering anti-spyware legislation, and while the intent of our legislators is laudable, it is doubtful that Congress can pass an effective, enforceable anti-spyware bill. Congress is considering anti-spyware legislation, and while the intent of our legislators is laudable, it is doubtful that Congress can pass an effective, enforceable anti-spyware bill.,1759,1822689,00.asp - - - - - - - - - - A DIY Project for Network Security With sparse resources, our security manager has to do things herself. But a call has her feeling like part of the team. The past few weeks have been frustrating and rewarding all at the same time.,10801,102194,00.html - - - - - - - - - - Evil Twins a Menace to Wireless Security Once the wireless victim has connected to the illegitimate WiFi hotspot, the Evil Twin attacker can gain access to the user's log-on details, along with personal and confidential information that aids the attacker in identity theft and other illegal activities. - - - - - - - - - - A Tale of Two Hackers Lapping up the sunshine outside a downtown cafe, Kevin Mitnick is apprehensive. He never asked to be the world's high-profile convicted computer criminal, he says, and he's sick of media interviews dwelling on his criminal past. "But ... that's how you make your money," says Alexis Kasperavicius, Mitnick's longtime friend, business partner and one-time co-conspirator.,1284,67521,00.html - - - - - - - - - - Keep your laptop from straying from your grasp You just spent big money on a laptop. You've loaded your important files on it. Before you take it on the road, remember to take some precautions to make sure it comes home with you. - - - - - - - - - - Fear will keep driving security sales Selling on fear is one way of getting an almost sure-fire sale. With our five-part How To Sell Security series drawing to a close this week, it is clear that the security market has ballooned into one of, if not the, most important sectors in our industry, and that opinions on what technology should rule the roost are continually diversifying. - - - - - - - - - - FBI Pushed Ahead With Troubled Software Some FBI officials began raising doubts about the bureau's attempts to create a computerized case management system as early as 2003, two years before the $170 million project was abandoned altogether, according to a confidential report to the House Appropriations Committee. By 2004, the report found, the FBI had identified 400 problems with early versions of the troubled software -- but never told the contractor. Report: FBI scrambling to launch case file system - - - - - - - - - - New Jersey expands data-gathering system New Jersey's law enforcement officials are rapidly expanding deployment of a statewide searchable system that collects, analyzes and disseminates information from disparate databases on possible terrorist and criminal activities. Bushs choice to run Information Sharing Environment draws criticism Bush directive clarifies information sharing responsibility DHS looks at interoperability using encryption software - - - - - - - - - - Hack your car Of course, there's no real reason to spend $70,000 turning a refined BMW M3 into a rolling boom box. And upholstering a Corvette with shredded money may show a certain lack of taste. But car enthusiasts are finding ways to do this -- and more -- to their vehicles and display them on TV shows such as 'Pimp My Ride" and ''Overhaulin'." Coast-to- coast car shows are another venue: festivals of big wheels, bikinis, and ground-rumbling bass. - - - - - - - - - - The Escapist - cybercrime, hackery and sex Breakneck story pacing, exotic locations, ancient mythology, a psychopathic computer - Check. The Escapist appears to tick all the right boxes for an enjoyable mystery-romp through the future. The novel may have some shortcomings, but it's hard to go wrong with those combinations. But first things first. *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2005,, Campbell, CA.