NewsBits for June 17, 2005 ************************************************************ MasterCard warns of massive credit-card breach Data thieves breached the systems of credit-card processor CardSystems Solutions and made off with data on as many as 40 million accounts affecting various credit-card brands, MasterCard International said on Friday. The credit-card giant's anti-fraud systems detected the breach and, after analyzing the data, MasterCard pinpointed the Atlanta, Georgia-based third-party processor as responsible, the company said in a statement released late Friday. Data protection watchdog targets businesses,39020375,39204146,00.htm Identity theft - the facts - - - - - - - - - - Identity theft of FDIC employees leads to bank fraud, union says Personal data including Social Security numbers on nearly 6,000 current and former Federal Deposit Insurance Corporation employees was stolen early last year, and some of the data has been used for fraudulent purposes. - - - - - - - - - - Hacking charges to be dropped against Palm Beach high student Charges will be dismissed against a 19-year-old Inlet Grove High student charged with hacking the Palm Beach County School District's computers if he completes parts of a deal agreed to in court on Thursday. Ryan Duncan, of Palm Beach Gardens, has agreed to pay $2,025 in investigative costs and complete 100 hours of community service. He also has to write a letter of apology to the district.,0,2819449.story - - - - - - - - - - Child porn church-goer escapes jail A COMPUTER technician whose work and church "were his life" has escaped jail at Worcester Crown Court for downloading child pornography. After hearing that 22-year-old Nathan McNab has never had any social contact with people of his own age, Recorder David Jones said that a prison sentence would have a devastating effect. He imposed a three-year community rehabilitation order on McNab, of Emperor Drive, St Peter's. Worcester,who pleaded guilty (admit) to 15 charges of making indecent images of children. - - - - - - - - - - Chain settles charges by FTC Retailer must start security program to prevent ID theft BJ's Wholesale Club Inc. yesterday settled charges with the Federal Trade Commission that it failed to take appropriate security measures to protect the credit card information of thousands of its customers. The settlement requires the Natick- based warehouse retailer to implement an information security program and obtain a third-party audit of the system every other year for 20 years. - - - - - - - - - - Britain's 'Critical Infrastructure' Under E-Mail Attack Cyber-security officials in Great Britain issued an unusually dire alert today, warning that hackers are targeting e-mail-borne viruses against U.K. government agencies and high-profile British corporations with the aim of stealing sensitive and lucrative data. UK trojan siege has been running over a year - - - - - - - - - - GAO gives D- for security US federal agencies are poorly prepared in withstanding spyware, spam or phishing attack, a government audit has concluded. A survey by the Government Accountability Office published this week reveals a lack of coherent security planning among as many as 20 federal agencies. - - - - - - - - - - Foreign spooks target UK techies Is that a PDA in your pocket or are you just pleased to see me? MI5 has issued a warning that spies are targeting people working in hi-tech companies. The advisory states that Britain's position at the forefront of technology, as well as its membership of the UN, Nato and the EU, makes it a top target for foreign espionage. - - - - - - - - - - Bluetooth flaw allows DoS attack A flaw has been identified in the Bluetooth stack which could allow a denial of service attack that destroys the ability to link devices. The flaw was reported on the Bugtraq mailing list by Spanish security consultant Hugo Vazquez Carames and details have been forwarded to the Bluetooth organising body. "The vulnerability is a simple denial of service that can be reproduced with the l2ping Linux tool," said Carames. - - - - - - - - - - Adware makers exploit BitTorrent A row has broken out after a marketing firm was caught hiding adware in files distributed on the BitTorrent file sharing network. P2P applications such as Kazaa have been bundled with various adware packages for some time, to say nothing of the increased use of P2P networks as a distribution network by virus writers, but BitTorrent has been a cleaner environment. Recent developments suggests that may be about to change. - - - - - - - - - - Opera fixes browser flaws Opera Software has updated its Web browser software to fix a handful of security flaws, including some that could be used by phishers and other attackers to spoof Web sites. The Opera 8.01 update comes two months after the Norwegian software company released Opera 8, touting ease of use and tighter security. Ssshhh! Opera slips out security update - - - - - - - - - - Netscape sends out another patch Netscape has released an updated version of its Netscape 8 browser to fix a bug that broke XML rendering in Microsoft's Internet Explorer. The update, version 8.0.2, addresses a problem highlighted in a Microsoft employee blog a few days after Netscape 8's May debut. In the posting, Dave Massy, a program manager on the IE team, warned that installing the Netscape browser would cause IE to render extensible markup language files, such as RSS feeds, as blank pages. - - - - - - - - - - Fresh Warning over Rise in Mobile Viruses The worst virus seen so far is called Commwarrior. It infects a handset through a Bluetooth connection during daytime, and sends itself to everyone in the address book via text messages at night. - - - - - - - - - - Liberty Alliance tackles ID theft Taskforce to concentrate on user education and better security policies. The Liberty Alliance has formed a special task force to focus on finding and preventing identity theft. The Identity Theft Prevention Group (ITPG) will not just look at technical ways to solve the problem, but will examine how user education and better security policies could prove effective against the growing problem of identity fraud. - - - - - - - - - - DHS to Require Digital Photos in Passports Travelers Department of Homeland Security (DHS) Secretary Michael Chertoff announced today that Visa Waiver Program (VWP) countries will be required to produce passports with digital photographs by October 26, 2005. On that date, all VWP countries must also present an acceptable plan to begin issuing integrated circuit chips, or e-passports, within one year. - - - - - - - - - - CA set to deliver defensive packages Computer Associates International is set to unveil on Monday five Protection Suite bundles aimed at small and midsized businesses. The packages pull together CA's eTrust Antivirus, eTrust PestPatrol Anti-Spyware and BrightStor ARCServe Backup products. They also contain Desktop DNA Migrator, a system restore and recovery tool not included in an earlier version of Protection Suite. - - - - - - - - - - Bosses on the prowl for risque pics Beware, those of you who sometimes sneak off in cyberspace to look at naughty pictures. Ninety percent of the largest U.S. companies have procedures in place in case inappropriate or illicit images are discovered in the work place, and 50 percent have had to use these procedures for incidents in the past year, according to a study released Friday. - - - - - - - - - - Not a Pretty Picture Imagine needing a legal document to get your photos printed ... because they're too good. It happened to Kacie Powell, a photographer for Centre College in Danville, Ky. Powell told the Associated Press that she tried to get some digital shots printed at Wal-Mart, but employees said they looked "too professional." She ended up signing an affidavit that included pictures of college employees who were authorized to print her pictures. - - - - - - - - - - Phighting phishers offers brief moments of phun I have this thing against Citigroup. It's not just because of my experience in Citibank in Westport, Conn., when I discovered they sent my new Visa debit card and statements to a different Andrew Kantor. In that case, I had to argue for more than an hour to get them to cancel my account. I was concerned that this other Andrew might go to a branch and take all my money. - - - - - - - - - - Will '.xxx' domain help parents curb online porn? A red-light district tentatively cleared for construction on the Internet -- the ".xxx" domain -- is being billed by backers as giving the $12 billion online porn industry a great opportunity to clean up its act. - - - - - - - - - - Net Aids Theft of Sensitive ID Data It's $35 at It's $45 at, where users can also sign up for a report containing an individual's credit- card charges, as well as an e-mail with other "tips, secrets & spy info!" The Web site promises that "if the information is out there, our licensed investigators can find it." - - - - - - - - - - 119 students who failed courses get group e-mail Due to an e-mail mistake by the University of Kansas, 119 students who failed all their classes during the last semester found out who shared their misfortune. The students were notified earlier this week that they were in jeopardy of having their financial aid revoked. The e-mail sent Monday by the Office of Student Financial Aid asked for additional information to determine if they were still eligible for aid. *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2005,, Campbell, CA.