NewsBits for June 8, 2005 ************************************************************ UK man accused of hacking Pentagon appears in court A British man the United States accuses of carrying out the world's "biggest military computer hack" appeared in court in London Wednesday at the start of extradition hearings. Gary Mckinnon was arrested Tuesday on charges of computer fraud issued in November 2002 by U.S. prosecutors claiming he illegally accessed 97 U.S. government computers -- including Pentagon and Nasa systems -- over a 12-month period from February 2002, causing $700,000 worth of damage. http://www.washingtonpost.com/wp-dyn/content/article/2005/06/08/AR2005060800780.html http://www.computerworld.com/securitytopics/security/hacking/story/0,10801,102321,00.html http://www.wired.com/news/politics/0,1283,67787,00.html Briton accused of hacking U.S. military computers released on bail http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11845106.htm British hacker up for extradition http://www.vnunet.com/vnunet/news/2137657/british-hacker-extradition - - - - - - - - - - Online gamer gets life sentence A Chinese online game player who stabbed a competitor to death for selling his cyber- sword has been given a suspended death sentence, which in effect means life imprisonment. The case had created a dilemma in China where no law exists for the ownership of virtual weapons. http://news.com.com/Online+gamer+gets+life+sentence/2100-1043_3-5737883.html http://www.msnbc.msn.com/id/8143073/ - - - - - - - - - - Bulletin board hoster loses postings in hacker attack Ezboard , a hosting service to hundreds of thousands of online bulletin boards, suffered a hacker attack on Memorial Day that permanently erased countless postings. Unlike a typical attack that aims to bring down a service for boasting rights or steal sensitive information to be used in identity theft, the goal of the Ezboard breach appears to have solely been to erase historical postings stored on the companys servers. http://www.computerworld.com/securitytopics/security/hacking/story/0,10801,102334,00.html - - - - - - - - - - U.S. calls Beijing on piracy As U.S. Commerce Secretary Carlos Gutierrez was here demanding that China strengthen its protection of intellectual property rights last week, two men stood in a corner of the parking lot outside the China World Hotel where he spoke, peddling pirated DVDs. http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2005/06/08/BUGKAD4U4A1.DTL - - - - - - - - - - Europe's data retention laws: dead or alive? The European Parliament has voted overwhelmingly to back calls for proposed laws on data retention to be scrapped. If it were passed, the law would require ISPs and telcos to retain at least three years of data about their customer's communications. But the proposal has been widely criticised for being unworkable, expensive to implement, invasive, and unnecessary. http://www.theregister.co.uk/2005/06/08/data_retention_quandry/ - - - - - - - - - - Air France wins 'sucks' domain name The domain name AirFranceSucks.com will be transferred to Air France. But the airline's victory at arbitration was not without controversy: panellists disagreed about what the word 'sucks' really means to internet users. The name was registered by Florida-based Virtual Dates Inc. in 1999. It was only in February 2005 that Air France took a claim before the World Intellectual Property Organisation (WIPO), alleging cybersquatting. The decision was made on 24th May and published today. http://www.theregister.co.uk/2005/06/08/air_france_wins_sucks_domain_name/ - - - - - - - - - - Man cleared of abusing NTL customers NTL is not known for its customer service. Actually that's not fair, it has a reputation for appalling customer service. But even its low standards were breached back in September when customers phoning one of its call centres were greeted with a rather rude recorded message. Callers were told: "Youre through to NTL customer services. We dont give a f*** about you. Were never here. Just f*** off and leave us alone. Get a life." The message was removed but not before several hundred customers heard it. http://www.theregister.co.uk/2005/06/08/ntl_swears/ - - - - - - - - - - Hotmail users exposed to cookie snaffling exploit The exploitable page - http://ilovemessenger.msn.com - has been updated to remove a cross site scripting flaw that was the subject of the exploit. But Alex de Vries, the Dutch security enthusiast who discovered the trick, warns that other portions of MSN's site are still vulnerable. http://www.theregister.co.uk/2005/06/08/hotmail_hack/ - - - - - - - - - - VXers go phishing with latest MyTob worms The latest MyTob email worms have adopted fresh tactics in an attempt to trick victims. Instead of appearing in emails with virus-contaminated attachments, newer versions of the worm include a faked web link pointing to malicious code, mimicking tricks more commonly used in phishing scams. http://www.theregister.co.uk/2005/06/08/mytob_phishing_worm/ - - - - - - - - - - Bluetooth hack shakes mobile security Cryptographers have discovered a security flaw in implementations of Bluetooth which allows hackers to pair their devices with prospective victims. The approach creates a means for hackers to hijack Bluetooth- enabled devices. It's not all just theory either, unlike most cryptographic attacks. http://www.theregister.co.uk/2005/06/08/bluetooth_mobo_attack/ - - - - - - - - - - Banks tighten net on laundering and fraud Two UK banks, Clydesdale and Yorkshire, have spent PS2m implementing a transaction monitoring system to detect potential money laundering and fraud. Increased regulatory pressures on banks to deal with money laundering and rising levels of fraud have driven the demand for more automated analysis to complement existing manual detection systems. http://www.vnunet.com/computing/news/2137661/banks-tighten-net-laundering-fraud - - - - - - - - - - Sports body locks down critical data The English Institute of Sport (EIS) has tightened IT security to ensure that sensitive medical details about famous athletes and their training programmes cannot be stolen by hackers. http://www.vnunet.com/computing/news/2137674/sports-body-locks-critical - - - - - - - - - - ID theft translates into revenue for some Worries about data security are translating into revenue opportunities for the nation's three biggest credit reporting agencies. Shares of Equifax are hovering near their 52-week high of $36.52. The company, with $1.3 billion in annual revenue, is notching double-digit profit gains. http://www.msnbc.msn.com/id/8145393/ Computer crime: card tricks http://www.crime-research.org/news/08.06.2005/1285/ - - - - - - - - - - Two-thirds of firms have insufficient password security More than two-thirds of organisations are using insecure methods to store administrative and user passwords, research shows. Some 19 per cent of IT professionals admit that IT staff and other company employees store computer passwords on post-it notes, according to the survey from information security firm Cyber-Ark. http://www.vnunet.com/computing/news/2137670/two-thirds-firms-insufficient-password-security - - - - - - - - - - Hotbar in Hot Water with Online Privacy Group Adware vendor Hotbar.com Inc. is feeling the heat this week over its pesky adware programs and spotty adherence to online privacy rules, eWEEK has learned. http://www.eweek.com/article2/0,1759,1825617,00.asp Paoga - an answer to the privacy problem? http://www.theregister.co.uk/2005/06/08/is_paoga_answer_to_the_privacy_problem/ - - - - - - - - - - Report on DHS cybersecurity initiatives expected next month The Homeland Security Department is crafting a cyber-security response plan and next month will provide an update to the National Cyber Response Coordination Group about how it is leveraging capabilities, a department official said Wednesday. Building the response plan and securing critical infrastructure are two of the cyber-security division's main goals, acting Director Andy Purdy said at a meeting of the National Information Security and Privacy Advisory Board held here. http://www.govexec.com/story_page.cfm?articleid=31456 - - - - - - - - - - Cybersecurity plagues Fort Hood The Army's biggest base has a cybersecurity problem to match its size. Fort Hood, Texas, the largest Army base in the world and home of the 4th Infantry Division the services first digitized force has a huge information security problem, said Maj. Gen. Dennis Moran, the Armys director of information operations, network and space in the Office of the Chief Information Officer. He spoke June 8 at the Army Information Technology Conference sponsored by the Army Small Computer Program. http://www.fcw.com/article89132-06-08-05-Web - - - - - - - - - - Seagate Introduces Hardware-Encrypted Notebook Hard Drive Citing the need for improved security on mobile computing devices, Seagate Technology LLC today introduced a hard drive with full disc encryption. Based on the Momentus 5400 family of notebook hard drives announced in April, the new version, dubbed the Momentus 5400 FDE, eventually will be inserted into notebook computers, tablet PCs and external storage products from various vendors. http://www.eweek.com/article2/0,1759,1825740,00.asp - - - - - - - - - - A Role Model for Security. Almost. Mark Burnett beat me to it. I was planning to write an article on the relationship between good security and paranoia in the not too distant future. However, it appears that at least one other SecurityFocus columnist shares some of my theories on good security. Either that, or he's somehow capable of reading my mind. Paranoia is generally a good thing to have. Regardless, Mark's article got me wondering about what other traits are valuable in the quest for good security. http://www.securityfocus.com/columnists/331 - - - - - - - - - - World's biggest hacker? Never trust a law-maker who says: "This law will only be used in certain circumstances." When it was first decided to pass laws against "hacking into" remote computers, some of us opposed the idea. I remember attending a debate at Imperial College with a (then Conservative) MP, Emma Nicholson - who made the case for a law: that it would be used only when people caused damage, and not as a way of putting experimenters in jail. http://www.theikew.co.uk/2005/06/worlds_biggest_.html - - - - - - - - - - Hanging out online can turn ugly Web sites are becoming the social hot spots for teenagers -- the places to see and be (virtually) seen. Parents, teachers and police are trying to catch up. Teenagers are using free sites like MySpace and Xanga to post blogs, make new friends and comment on the social ins and outs of school life. When parents discover this, many freak. They see their kids sharing names, ages, photographs, even streaming video. Not to mention the occasional foul language, name-calling and overt sexuality. And many parents worry that their kids' information-rich sites might invite predators. http://www.mercurynews.com/mld/mercurynews/news/local/11842051.htm - - - - - - - - - - Why simplifying network security is critical When Dave Nocera worked at AT&T as the chief infrastructure architect for customer care technologies, he supported plenty of customers and oversaw 35 call centers. Nocera, now president of Verifichi in Edison, N.J., simplified network complexity at AT&T by standardizing presentation servers and application servers, ensuring that they all "looked alike" so that, if a problem ever arose, he could simply unplug a faulty server and plug in a working one. http://www.it-observer.com/news.php?id=5195 Security claims asking for trouble http://www.it-observer.com/news.php?id=5193 Gartner: Relax about overhyped security threats http://www.it-observer.com/news.php?id=5194 Insecurity through obscurity http://www.computerworld.com/securitytopics/security/story/0,10801,102307,00.html What to ask when evaluating intrusion-prevention systems http://www.computerworld.com/securitytopics/security/story/0,10801,102309,00.html - - - - - - - - - - Is Your Boss Reading Your E-Mail? Be careful what you say in that work e-mail you're about to send -- an increasing percentage of companies are employing people and systems to pore over outbound e-mails for proprietary and sensitive corporate information, according to a new report from Proofpoint, an e-mail security company based in Cupertino, Calif. http://blogs.washingtonpost.com/securityfix/ - - - - - - - - - - Plan For Voluntary Biometric ID Gets First Taker Frequent travelers can get through security more easily with a new "Clear" card that will debut in the Orlando, Fla. airport on June 21. Since the federal government began letting select frequent fliers with new high-tech passes speed through airport security checkpoints, one of the biggest complaints has been that the year-old program is too limited to be of much use. http://informationweek.com/story/showArticle.jhtml;jsessionid=MIM2Q3X1TIAIQQSNDBGCKH0CJUMEKJVN?articleID=164301373 - - - - - - - - - - DOD moves to get Army, Navy, Air Force linked to WebEx project The Defense Department wants the enterprise portals of the Army, Navy and Air Force linked to a pilot project to test secure, browser-based collaboration tools from WebEx Communications Inc. of San Jose, Calif. http://www.gcn.com/vol1_no1/daily-updates/36029-1.html - - - - - - - - - - FBI counterpunches IT criticism Apparently stung by criticism of its IT projects old and new, the FBI today denied charges leveled in the press and by congressional investigators about the conduct of its Virtual Case File and Sentinel projects. http://www.gcn.com/vol1_no1/daily-updates/36030-1.html CIA official to run Sentinel http://www.fcw.com/article89130-06-08-05-Web Tech Vs. Terrorism http://www.informationweek.com/shared/printableArticle.jhtml *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.