NewsBits for June 14, 2005 ************************************************************ Man arrested for threats against handset maker A California man was arrested on Tuesday for making threats against employees of UTStarcom and posting messages on an Internet site intended to manipulate the stock price of the communications gear maker, the U.S. attorney's office said. The FBI arrested Jonathan Henry Wiegman, 41, on charges he sent several threats over the Internet starting in August 2004 to injure UTStarcom employees. - - - - - - - - - - Fraudsters use iPods to steal company information Apple iPods have become the tool of choice for some fraudsters who use them to download vast quantities of corporate information either to sell to rivals or to support their own start-up operations. Anti-fraud experts warned yesterday that the machines, along with other music players, that boast hard drives with up to 20Gbytes of memory, could become widely used by employees to fool security officials and breach data security rules.,12597,1505890,00.html - - - - - - - - - - Feds vulnerable to lots of Net threats Federal agencies are not prepared to deal with the triple Internet menaces of spam, phishing and spyware, government auditors have concluded. A survey of the largest federal agencies by the Government Accountability Office revealed that most agencies are suffering from junk e-mail and other online detritus--but not one has a plan in place to deal with the threat and all have received limited guidance on what to do. GAO: Agencies not adequately addressing emerging cybersecurity threats - - - - - - - - - - Nokia downplays mobile virus threat Nokia today downplayed the danger from mobile viruses, maintaining that it does not consider them a major threat. The denial comes in the wake of a report published last week by analyst firm Gartner identifying the threat from mobile viruses as one of the greatest security myths, and claiming that mobile antivirus software would be ineffective. Skulls Trojan takes aim at smartphones - - - - - - - - - - VXers love Britney Spears - official Spanish anti-virus firm Panda Software has produced a ranking of the famous people most often used to spread viruses on the internet. The listing follows the recent distribution of a Trojan horse malware using spam messages posing as information about a supposed suicide attempt by Michael Jackson.,10801,102478,00.html - - - - - - - - - - Stealthy Trojan horses, modular bot software dodging defenses Software attack tools that turn PCs into remotely controlled zombies are getting better, but defenses are not keeping up, say security experts. The latest threats are tailored to attack specific companies, foregoing rapid spread and avoiding notice. Others use modular components, such as an infector that can be changed to defeat the latest antivirus software and a second-stage component that turns off PC defenses. - - - - - - - - - - Java flaws open door to hackers Sun Microsystems has fixed a pair of security bugs in Java that could be exploited by attackers to take over computers running Windows, Linux and Solaris. The flaws are "highly critical," security monitoring company Secunia said in an advisory posted Tuesday. Flaws that get that ranking--one notch below Secunia's most severe "extremely critical" rating--are typically remotely exploitable and can lead to full system compromise.,1759,1827999,00.asp - - - - - - - - - - Adobe flaw puts PCs at risk A flaw in several of Adobe Systems' popular graphics design applications could expose users to hacker attacks, the software maker has warned. A security vulnerability in the Adobe License Management Service, a component used for product activation, "can lead to an unauthorized person gaining access to the user's computer," Adobe said in a security advisory posted to its Web site late last week. - - - - - - - - - - Hashing exploit threatens digital security Cryptographers have found a way to snip a digital signature from one document and attach it to a fraudulent document without invalidating the signature and giving the fraud away. The development means that attackers could potentially forge legal documents, load certified software with bogus code, or turn a digitally-signed letter of recommendation into one that authorises access to private information. - - - - - - - - - - Microsoft releases security patches for three `critical' flaws Microsoft Corp. released three security bulletins Tuesday to fix flaws that could let an attacker take complete control over a computer system. The ``critical'' security flaws, the company's highest threat level, affect Microsoft's Windows operating system.,10801,102485,00.html Fixes in for critical IE, Windows flaws MS Patch Train Drops Off 'Critical' IE Fix,1759,1828103,00.asp Adware-for-Hire Vector Underscores IE Holes,1759,1828161,00.asp - - - - - - - - - - Looking for zombies? Try AOL, report says Top ISPs serve as launching pads for Net attacks, company says. Internet zombie attacks that attempt to knock computer systems offline are more likely to come from users of America Online than any other source, according to a report released by a security company on Tuesday. - - - - - - - - - - Sysadmins urged to shop child abuse downloaders Sysadmins are urged to shop staff who download child pornography at work under a campaign due to host a free half-day conference in London on Wednesday (15 June). The 'Wipe it Out' event, backed by the Home Office and organised by the Internet Watch Foundation, aims to address the "practical, legal, ethical and corporate social responsibility" issues around the subject. - - - - - - - - - - Data leaks stunt e-commerce, survey suggests Nearly half of all Americans avoid shopping on the Internet because they are worried their personal information will be stolen, according to a survey released Wednesday by an industry group. The survey also found nearly all Americans think identity theft and spyware are serious problems, but only 28 percent think the government is doing enough to address the issues. About 70 percent said new laws are necessary to protect consumer privacy. - - - - - - - - - - Hackers atack on political purposes, Russia Hackers apparently acting on behalf of a radical nationalist group have targeted the web sites of Jewish, Communist Party and human rights organizations, and at least one retaliatory attack has been carried out in protest. - - - - - - - - - - Private Eyes Fear Limits On Information Access Private investigators are working to blunt legislation that cracks down on the active marketplace for Social Security numbers, telling Congress that restricting access to the numbers will hurt their business and hamper their investigations. Several bills are moving through the Capitol to prevent identity thieves from getting Social Security numbers to gain access to consumers' financial accounts. In the past year, the Social Security numbers of tens of millions of Americans have been exposed through personal data being lost, stolen or hacked. - - - - - - - - - - 'Trusted displays' suggested as online security boost The security of online transactions could be bolstered by adding a display and a set of buttons to a smart card reader or security token, a Microsoft researcher said Monday. Smart cards and security tokens, which are becoming more common for user authentication, already contain cryptography modules. These could also be used to confirm transactions ina secure way, Dave Steeves, a Microsoft security software engineer, said in a presentation at a TIPPI (Trustworthy Interfaces for Passwords and Personal Information) workshop at Stanford University. - - - - - - - - - - U.S. to ease biometric passport requirement for Europeans Officials in Europe expect the United States to ease its requirement that all 27 visa-waiver countries begin issuing biometric passports by Oct. 26. Only six of the 27 European Union countries and other allies that currently enjoy visa-free travel to the United States are expected to meet the deadline. But officials in the United Kingdom believe a compromise with the United States is imminent to avoid a serious disruption in trans- Atlantic travel, according to a June 9 report in the Financial Times of London. - - - - - - - - - - Staying out of the news It seems like every week now there's a story about another company losing control of digital identity data. The problem, of course, is that when your identity data is lost by some company, the chances that your identity will be stolen go up. The latest story was about Citigroup losing the records of 3.9 million customers. According to a Reuters report, the dataon tapesas lost while being transported by UPS to a credit bureau. Only 7% of businesses encrypt their backups *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2005,, Campbell, CA.