NewsBits for August 5, 2005 ************************************************************ Security Breach May Affect 31,000 at Cal Poly Cal Poly Pomona officials are notifying more than 31,000 current and former students and employees, as well as a number of student applicants, that hackers may have gained access to files containing Social Security numbers and other information. Ron Fremont, Cal Poly's associate vice president for university relations, said authorities have no evidence of misuse of any data in the June 29 incident. The main student database was not affected, he said. (LA Times article, free registration required) http://www.latimes.com/technology/la-me-briefs5.3aug05,1,5664872.story - - - - - - - - - - Cisco says Web site was compromised Internet computer gear maker Cisco Systems Inc., which last week went to court to keep a security flaw in its routers under wraps, on Thursday said its Web site had been "compromised" and users' passwords changed as a precaution. http://today.reuters.com/news/newsArticle.aspx?storyID=2005-08-05T025954Z_01_N04178951_RTRIDST_0_NET-TECH-CISCO-DC.XML - - - - - - - - - - Miss. attorney disbarred after child porn conviction An Ashland attorney has been disbarred by the Mississippi Supreme Court after his conviction on possession of child pornography. David L. Robinson pleaded guilty in February in federal court to one count of possession of child pornography, according to court records. He was sentenced to five years' probation. http://www.sunherald.com/mld/thesunherald/12312575.htm - - - - - - - - - - Wife flees with kids after husband's child-porn arrest A BRISBANE design engineer was arrested for downloading graphic Internet images of children engaged in explicit sex acts after a tip-off from US authorities. They had monitored him making contact with a US-based child pornography distributor, a court was told yesterday. The District Court in Brisbane was told Robert John Millar was arrested shortly after officers from Queensland's police Taskforce Argos raided his Zillmere home, in Brisbane's north, and seized two computers and a cache of compact discs on May 8, 2002. http://www.thecouriermail.news.com.au/common/story_page/0,5936,16161271%5E3102,00.html - - - - - - - - - - Ex-IT Director Admits Trying to Sell Stolen Tapes The former IT director of an optical components company pleaded guilty this week to trying to sell trade secrets contained on backup tapes he stole from his employer. Brent Woodward admitted that he stole the tapes and then tried to sell the data contained on them to the chief technology officer of JDS Uniphase, a competitor of Woodward's former employer, Lightwave Microsystems. The CTO contacted the FBI, which had agents monitor the communications between the two sides. http://www.eweek.com/article2/0,1759,1844335,00.asp - - - - - - - - - - Police appeal for witnesses to Vodafone theft Police are appealing for witnesses in connection with a burglary at Vodafone's offices in Welwyn Garden City earlier this week. The suspects stole IT kit that led to Vodafone's paging network falling over leaving 180,000 subscribers - including hospital staff - without access to the service. http://www.theregister.co.uk/2005/08/05/vodafone_theft/ Ofcom cracks down on phone bandits http://www.vnunet.com/vnunet/news/2140820/ofcom-cracks-phone-bandits - - - - - - - - - - Dateline tracks down a porn spammer On the hunt for a man who sent a vulgar e-mail to a Texas housewife. What if every day in your neighborhood, this happens: The doorbell rings, you go to answer it, but theres no one there. Yet on the doorstep you find X-rated leaflets. You didnt order it, didnt pay for it, or subscribe to it. Still there it is every day, week after week. http://www.msnbc.msn.com/id/8841299/ Spammers go droopy on porn http://www.vnunet.com/vnunet/news/2140843/spammers-droopy-porn - - - - - - - - - - Antispyware firm warns of massive ID theft ring Officials at Sunbelt Software, a Clearwater, Fla.-based vendor of antispyware tools, said the company stumbled upon a massive ID theft ring that is using a well-known spyware program to break into and systematically steal confidential information from an unknown number of computers worldwide. http://computerworld.com/securitytopics/security/story/0,10801,103737,00.html - - - - - - - - - - Government computers top target for cyberattacks Cyberattacks on computer systems escalated in the first half of 2005 and government agencies were targeted more than any other business sector, according to a new report. Attacks on the government, financial services, manufacturing and health care industries have risen 50 percent since the beginning of the year, according to IBM's Global Business Security Index Report. http://www.govexec.com/story_page.cfm?articleid=31928 - - - - - - - - - - A Corporate Minefield: FTC Demands 'Reasonable" Recent ruling against a leading wholesale club chain obliges industry to understand and adopt a complex range of information security best practices. RSA Security launches initiative to clear a path through the fog; help businesses safeguard their customers, data -- and reputation. http://www.forbes.com/prnewswire/feeds/prnewswire/2005/08/04/prnewswire200508040830PR_NEWS_B_NET_NE_NETH006.html - - - - - - - - - - NASS Should Pass Cybercrime Law The Ecowas Secretariat, Abuja played host to the 2005 edition of the e-Nigeria, annual International IT Conference, organized by the National Information Technology Development Agency (Nitda), a parastatal under the Federal Ministry of Science and Technology, from June 28 to 30, 2005. The three-day event was declared open by His Excellency the Vice-President of the Federal Republic of Nigeria, Alhaji. http://allafrica.com/stories/200507280686.html - - - - - - - - - - U.S. Passes the Buck on Identity Theft Critics of the federal legislation cite its largely unenforceable nature as the primary reason it will not work. The higher penalty is of little value, they say, if the identity thief cannot be caught. These malicious thefts often are committed by faceless criminals who are well hidden and distributed worldwide, said Varadarajan. http://www.newsfactor.com/story.xhtml?story_id=01300000AGLX - - - - - - - - - - 40,000 ID fraud cases recorded in 2005 Identity fraud has risen by 13 per cent with almost 40,000 cases recorded in the UK in the first half of 2005, according to new figures from fraud prevention service CIFAS. But while the CIFAS figures represent a significant increase on last year, the crime's growth rate has slowed from a 20 per cent increase in 2004. http://software.silicon.com/security/0,39024655,39151072,00.htm - - - - - - - - - - Can current laws police cybercrime? A young Alberta man who posted bomb-making instructions on the Internet has been cleared of criminal wrongdoing by the Supreme Court of Canada. But the man will be retried on a charge of counselling to commit credit card fraud, the court ruled in a 6-3 decision Friday. http://www.canada.com/national/story.html?id=78ebb165-96fe-4764-ae6f-a541e3c01871 - - - - - - - - - - Too many ATMs are exposed to fraudsters, warns Gartner Fraudsters can get cash from ATMs because some banks fail to scan security codes in the magnetic stripes on cards, according to Gartner. Counterfeit cards are made when consumers, tricked by phishing, disclose account numbers and PINs. According to the research firm, ATM fraud is on the rise, affecting an estimated three million US consumers in the year to May 2005, and generating losses of $2.75bn. The figures were based on a survey of 5,000 US adults. http://www.theregister.co.uk/2005/08/05/out-law_at_scams/ - - - - - - - - - - New regs target phone scammers New regulations are due to be introduced next month that should help protect punters from being ripped off by dodgy phone operators. From 15 September, telcos that lease lines to premium rate services will not be able to pass on any cash to service providers for at least 30 days, improving the chances of those hit by scams to get their money back. http://www.theregister.co.uk/2005/08/05/icstis_rules/ - - - - - - - - - - Gone phishing special report The volume and severity of phishing scams is rocketing as cyber-criminals become ever more cunning and sophisticated. The online scams attempt to trick unwary surfers into divulging sensitive and confidential information to bogus websites designed to appear as bona fide businesses such as internet banking sites. http://www.vnunet.com/vnunet/specials/2127679/gone-phishing July phishing emails break all records http://www.vnunet.com/vnunet/news/2140822/phishing-worse-ever - - - - - - - - - - Google snubs press in privacy fury Google has thrown a hissy fit and blacklisted tech news site CNET's News.com - vowing not to provide quotes or statements to the site for a year. "Google representatives have instituted a policy of not talking with CNET News.com reporters until July 2006 in response to privacy issues raised by a previous story," noted reporter Elinor Mills http://www.theregister.co.uk/2005/08/06/google_privacy_snub/ - - - - - - - - - - First Family of Windows Vista Viruses Unleashed An Austrian hacker has earned the dubious distinction of writing what are thought to be the first known viruses for Microsoft's Windows Vista operating system. Written in July, the viruses take advantage of a new command shell, code-named Monad, that is included in the Windows Vista beta code. http://www.pcworld.com/news/article/0,aid,122125,00.asp Microsoft: Virus target won't be in Vista http://news.zdnet.com/2100-1009_22-5820706.html Worm risk over Win2K flaw http://www.theregister.co.uk/2005/08/05/win2k_worm_flaw/ Six patches for MS August Patch Tuesday http://www.theregister.co.uk/2005/08/05/ms_patch_pre-alert/ Another way past Windows antipiracy found http://news.zdnet.com/2100-1009_22-5821113.html - - - - - - - - - - Worms dodge Internet sensors Internet sensor networks such as the SANS Internet Storm Center rely on their own invisibilty to be effective, but researchers now say it is possible to map their locations. Future worms could evade a network of early-warning sensors hidden across the Internet unless countermeasures are taken, according to new research. http://news.zdnet.co.uk/internet/0,39020369,39212171,00.htm - - - - - - - - - - Trojan poses as war death notice Iraq becomes the latest social engineering trick A new Trojan is spreading in an email purporting to be an alert about a major loss of life in Iraq. The emails were first detected last night and claim to contain a report from The Guardian on the death of 140 US Marines. The email contains a link to the 'full story' but leads users to a bogus web page with two Trojans built in. http://www.vnunet.com/vnunet/news/2140846/trojan-poses-war-death-notice - - - - - - - - - - Annual hacking game teaches security lessons The weekend-long Capture the Flag tournament stressed code auditing as a measure of hacking skill this year, a move that emphasized more real-world skills, but not without controversy. http://www.theregister.co.uk/2005/08/05/secfocus_defcon_game/ *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.