NewsBits for June 23, 2005 ************************************************************ Phishers Target Compromised MasterCard Account Holders E-mail scam artists are trying to scare MasterCard users into giving up their personal and financial information at fake MasterCard Web sites, in what is likely an attempt to capitalize on consumer fears over reports that at least 13 million MasterCard and 22 million Visa accounts have been compromised by hackers. San Jose-based Secure Computing Corp said it has seen examples of the scam, which has taken the form of a "phishing" attack. Cardholders Kept in Dark After Breach CardSystems' Data Left Unsecured,1282,67980,00.html Internal security attacks affecting banks What Is Your Bank Doing to Protect Your Data?,1759,1831007,00.asp Data leaks denting Web shoppers' confidence ID theft concerns grow, tools lacking E-Commerce Hammered by Recent Hacks - - - - - - - - - - Utah bank says big breach put its data at risk A small bank in Utah is the latest company to become entangled in the controversy over a security breach that has put personal data on 40 million cardholders at risk for fraud. The Utah institution, Merrick Bank, began using CardSystems Solutions--the processor from which the information was stolen--when it bought a portion of Provident Bank's merchant business in November 2004. - - - - - - - - - - The Sun exposes UK ID theft racket at Indian call centre An undercover reporter was able to buy the details thousands of UK banking accounts, password particulars and credit cards numbers from crooked call centre workers in India, The Sun reports. The paper says one of its journalists bought details of 1,000 UK banking customers from an IT worker in Delhi for PS4.25 each. He was also able to buy the numbers of credit cards and account passwords. - - - - - - - - - - Fraud in Japan tied to data breach Losses are beginning to mount following a major security breach being blamed on an Atlanta-based payments processor that left 40 million credit card accounts vulnerable to fraud. Officials in Japan reported at least $1 million in fraudulent charges were made on Visa, MasterCard and JCB cards issued by Japanese banks. They link the fraud to a network security failure at CardSystems Solutions Inc. - - - - - - - - - - Confidential data from Japanese nuclear plants ends up on Internet Confidential data from Japanese nuclear plants was posted on the Internet when a worker's computer software was attacked by a virus, a company said Thursday. The Japanese government said it was investigating whether the data included sensitive information on nuclear materials. - - - - - - - - - - Family benefactor turned into molestation suspect Just hours after a San Jose mother told police her son probably was molested by Dean Schwartzmiller, a grandfatherly friend, investigators were inside the man's house, picking up photos of her son, ledgers of children's names, boxes of videotapes, and ``little boys' '' clothing, records released Wednesday show. Aftermath: Effect of sex abuse lingers, but many victims recover - - - - - - - - - - Oklahoma couple arrested in Michigan Two Oklahoma residents are welcomed back to Mid Michigan by a detective and arrested for sex crimes. The couple's Harrison-area home was searched by computer crime investigators in February. They left town a short time later, but now the couple is behind bars -- one for possession of child pornography charges, the other for a more unusual crime. - - - - - - - - - - RealPlayer Flaws Trigger PC Hijack Alert Digital-media delivery company RealNetworks on Thursday rolled out patches for four high-risk vulnerabilities in its flagship RealPlayer software, warning that the flaws put millions of users at risk of PC hijack attacks. The Seattle, Wash.- based RealNetworks Inc. said the flaws can be exploited by remote attackers to execute arbitrary commands with the privileges of the logged-in user.,1759,1831059,00.asp RealNetworks plugs security holes in player - - - - - - - - - - IE pop-up spoof won't get patch Microsoft does not plan to update Internet Explorer to prevent a spoofing attack that could trick users into giving out personal information to hackers. In the attack, JavaScript is used to display a pop-up window in front of a trusted Web site. The pop-up appears to be part of the legitimate site, but actually is linked to a different, malicious site. A user might be fooled into sending personal information to the scammers. - - - - - - - - - - World is safe from mobile viruses for a few more years A fast-spreading virus or worm wwill no affect mobile devices before the end of 2007 at the earliest, Gartner forecasts. The analyst firm reckons the conditions for the spread of mobile malware - high penetration of mobile devices and people routinely exchanging executable files by mobile phone - simply aren't there yet. - - - - - - - - - - Internal hackers pose the greatest threat Internal hackers pose the greatest threat to the IT systems of the world's largest financial institutions, according to the 2005 Global Security Survey released today by the financial services industry practices of Deloitte Touche Tohmatsu. - - - - - - - - - - Software piracy 'seen as normal' Counterfeit copies of films, software and games are readily available. Campaigns to persuade people to stop downloading pirated games or software from the internet are not working, a report suggests. Two UK university researchers found that people did not see downloading copyrighted material as theft. The findings are unwelcome news for the games industry, which says it loses more than PS2bn annually from piracy. - - - - - - - - - - Microsoft forces Sender ID on Hotmail users Microsoft has started pushing its Sender ID anti-spam technology by running it on Hotmail. The technology, developed by the software giant, has had a rough ride with companies questioning the terms and conditions attached to it. Many have pondered out loud whether the company is attempting to control the market by making the technology ubiquitous and then demanding licence fees. - - - - - - - - - - EU cross-border gambling restrictions seen ending European restrictions to cross-border gambling over the Internet will face a growing number of legal challenges and could fall away within the next three years, according to a lawyer who specializes in gambling. - - - - - - - - - - Iran tightens Web control The Iranian government has tightened its control over the Internet, increasingly blocking content in its national language of Farsi and restricting what citizens can publish through Web journals, Western researchers say. - - - - - - - - - - HP ships biometric laptop The nx6125 notebook PC includes a fingerprint sensor made by AuthenTec Inc., which says HP is the biggest computer maker to offer a biometric reader as standard equipment. The computer, aimed at the business market, sells for $1,000 and up. - - - - - - - - - - Committee: Fingerprint beats face The Homeland Security Department should use fingerprints, not facial recognition, as its primary biometric security measure in passports, House members told DHS and State Department officials today. - - - - - - - - - - Wireless Access: The Next Great Municipal Crisis Opinion: Municipal Wi-Fi plans like Philadelphia's are security disasters in the making. "We're from the government and we're here to help you" is a very old and sad joke, but there's a lot of truth to it. Municipal governments, especially in big cities, have a tragic history of policies with unintended consequences for their constituents and others.,1759,1830998,00.asp - - - - - - - - - - Moving ahead with data security How does your company enforce data security? I bet most of your answers will involve procedures based on host applications that have varying degrees of sophistication, depending on how much is at stake with a security breach. A different question, "Does your company have independent, storage-based data protection measures?" will probably just trigger blank stares, because data protection is mostly entrusted to host-residing applications and, at the moment, there are very few alternatives to that approach.,10801,102707,00.html - - - - - - - - - - There Is No Conspiracy Against BitTorrent In his recent column, The Scheme to Discredit BitTorrent, Dvorak gets so much wrong about BitTorrent, its security problems, Microsoft and Avalanche that's it hard to know where to begin.,1759,1831018,00.asp - - - - - - - - - - Pentagon Creating Student Database The Defense Department began working yesterday with a private marketing firm to create a database of high school students ages 16 to 18 and all college students to help the military identify potential recruits in a time of dwindling enlistment in some branches. The program is provoking a furor among privacy advocates. The new database will include personal information including birth dates, Social Security numbers, e-mail addresses, grade-point averages, ethnicity and what subjects the students are studying. *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2005,, Campbell, CA.