NewsBits for July 20, 2005 ************************************************************ U.S. Immigration Makes 6,000 Arrests in Two-Year Operation More than 6,000 predators who target children have been arrested since the July 2003 launch of Operation Predator by U.S. Immigration and Customs Enforcement (ICE), the agency announced in a July 19 press release. The initiative has also led to the arrests of about 1,000 suspects overseas after U.S. officials shared information with foreign authorities about their investigations into international sex tourism, Internet child pornography and human trafficking.,1,4280482.story - - - - - - - - - - Hacker Gets Access To ISU Alumni Information The Iowa State University is sending out a warning to alumni Wednesday after a hacker had access to the alumnae association Web site. A computer at Iowa State University's Alumni Association was hacked into, allowing outside access to thousands of Social Security numbers and pages of credit card information. 270,000 records violated in California,39020375,39209851,00.htm Univ. of Southern Calif. Says Database Hacked,1759,1838675,00.asp - - - - - - - - - - FTC Cracks down on Illegal X-rated Spam In a crackdown on operations that illegally expose unwitting consumers to graphic sexual content, the Federal Trade Commission has charged seven companies with violating federal laws requiring warning labels on e-mail that contains sexually- explicit content. U.S. District Court suits filed against three operations seek civil penalties and a permanent bar on the illegal marketing.,1367,68273,00.html - - - - - - - - - - Hack attack left 'sexual grunts' on doctors' answering service A businessman allegedly hacked into a doctors' answering service run by a competitor so that patients heard either a busy signal or sexual grunts when they tried to leave a message, according to a criminal complaint. - - - - - - - - - - China attempts to sink MP3 pirates, China's answer to Google, has announced that it is to delete thousands of links to internet sites offering pirated music. The move is a response to requests from R2G, a Chinese digital rights management company, which is currently preparing for a US initial public offering expected to raise around $55m. - - - - - - - - - - Harry Potter hit by pesky pirates The latest Harry Potter tome was not released as an ebook because of fears over piracy - a plan as cunning as any of Baldrick's. Unfortunately some committed fans/pesky pirates immediately scanned the book on its release last weekend and used optical recognition software to digitise the text. Copies were then proof-read, not very well from the bits we've seen, before being released. Who'd have thought it? Podcasts, or audio versions, are also available. - - - - - - - - - - Bill Puts Spotlight Back On Data Theft Several prominent U.S. Senators, including the leaders of the Commerce Committee, have introduced another bill that takes on the growing online menace of identity and data theft. - - - - - - - - - - In Canada: Cache a page, go to jail? A bill before Canada's Parliament could make it illegal for search engines to cache Web pages, critics say, opening the door to unwarranted lawsuits and potentially hindering public access to information. The legislation in question, Bill C-60, is designed to amend Canada's Copyright Act by implementing parts of the 1996 World Intellectual Property Organization treaty, the treaty that led to the Digital Millennium Copyright Act in the U.S. - - - - - - - - - - Amendments to IT act for cyber crime: The amendments, which will be incorporated in the IT Act to deal tough with cyber criminals, are expected to be finalized in the next 3-4 weeks, NASSCOM President Kiran Karnik said here today. - - - - - - - - - - AusCERT threatened by anti-cyberterrorism plans The future of the Australian Computer Emergency Response Team (AusCERT) is uncertain after the government implemented plans to create a national computer emergency readiness team (GovCERT) to deal with cyberterrorism attacks. - - - - - - - - - - DHS to mount major IT security exercise The Homeland Security Department plans to conduct a major cybersecurity preparedness and response exercise to be called Cyber Storm in November, a department official said in congressional testimony yesterday. Andy Purdy, acting director of DHS National Cyber Security Division (NCSD), described Cyber Storm as a national exercise during a hearing that focused largely on the work yet to be done in the cybersecurity field. - - - - - - - - - - ITunes worm is Windows spyware threat An initial signal indicating that Apple's success with iTunes may soon attract hackers has emerged, according to security firm Trend Micro. A new worm, WORM_OPANKI.Y, is circulating online. It poses as an iTunes file and is spreading using AOL Instant Messenger. While it does not affect Mac users, it does affect most breeds of the Windows OS.,10801,103343,00.html - - - - - - - - - - Virus Bounties No Longer Effective Microsoft recently paid $250,000 to two individuals for information that led to the arrest and conviction of Jaschan. The German teenager wrote the Sasser and Netsky worms that caused billions of dollars worth of damage worldwide. - - - - - - - - - - Greasemonkey Flaw Prompts Critical Uninstall Warning A gaping security hole in a popular Firefox browser extension could allow malicious hackers to hijack files from a user's hard drive, developers warned Tuesday. The vulnerability was flagged in Greasemonkey, the Firefox add-on that allows users to load custom scripts that modify Web sites on the fly.,1759,1838702,00.asp - - - - - - - - - - Six Unpatched Flaws in Oracle Database Products A German database security outfit on Tuesday went public with information on six unpatched vulnerabilitiessome rated criticalin Oracle Forms and Oracle Reports, two widely deployed enterprise-facing products.,1759,1838810,00.asp?kc=EWRSS03129TX1K0000614 - - - - - - - - - - Company porn creates regulatory nightmare IT directors are putting businesses at financial risk by not enforcing regulation linked to porn prevention in the workplace. Two surveys of U.S. and U.K. businesses found that over half of those who responded were not aware lawyers use company internet records for evidence of sexual harassment, workplace harassment and hostile work environments. - - - - - - - - - - Lost Laptops Sink Data Lost backup tapes may be the IT security issue du jour, but stolen laptops are a bigger and more intractable problem. Critical business data walks out the door every day on notebook computers. Increasingly, those devices are going missing.,10801,103190,00.html - - - - - - - - - - Kerberos' Critical Crack Opinion: Cisco times out VOIP denial-of-service, while MIT melts down over "highly critical" Kerberos vulnerabilities. If you have Cisco's CallManager, ONS 15216 OADM and Security Agent, you really need to go get some patches from them. If the latest boatload of patches from Redmond and San Jose weren't enough for you (as well as anything important that had to run no matter what, patches be damned) this week, there was enough other stuff happening for other vendors to make things interesting.,1759,1838445,00.asp - - - - - - - - - - Criminal IT: Why following the pack puts your business at risk The 'cargo cult' comes to information security... Instead of mimicking the competition, organisations that create a culture of security have the best chance of turning users from their weakest link into their best form of protection, says Neil Barrett.,39024655,39150588,00.htm - - - - - - - - - - Top 5 Scams According to the Better Business Bureau, the international lotto scam that recently tricked an Ocala woman is No. 6 on the BBB's list of top 10 scams. Scam No. 5 is bogus health and wellness products -- miracle treatments and products that rob you of your money and can also rob you of your health. - - - - - - - - - - If it isn't broken... There's an old adage that goes something along the lines of, "if it ain't broke, don't fix it." This is a paradigm that's often ignored in the software industry. For better or for worse, a large portion of the software that we use is constantly being changed. Features are being added, code is being polished or optimized, bugs are being fixed, and as such many programs are in a continuous state of development. Naturally, this has security implications whenever something is changed or added. *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2005,, Campbell, CA.