NewsBits for August 25, 2005 ************************************************************ Hackers Attack Via Chinese Web Sites U.S. Agencies' Networks Are Among Targets Web sites in China are being used heavily to target computer networks in the Defense Department and other U.S. agencies, successfully breaching hundreds of unclassified networks, according to several U.S. officials. http://www.washingtonpost.com/wp-dyn/content/article/2005/08/24/AR2005082402318.html http://www.computerworld.com/securitytopics/security/hacking/story/0,10801,104150,00.html http://www.newsfactor.com/story.xhtml?story_id=12100002QDV4 http://www.msnbc.msn.com/id/9071131/ http://news.com.com/U.S.+defense+networks+attacked+via+China/2100-7349_3-5842897.html http://www.cnn.com/2005/TECH/internet/08/25/hackers.china/index.html http://www.siliconvalley.com/mld/siliconvalley/news/editorial/12475780.htm - - - - - - - - - - MSN Billing Phisher Arrested FBI agents and local police in Davenport, Iowa, arrested a man they believe responsible for a number of phishing attacks targeting MSN customers. Law enforcement officials said Jayson Harris, 22, was charged with 75 counts of wire fraud for allegedly stealing credit card numbers and personal information in a phishing scheme targeting Microsoft's MSN customers. http://internetnews.com/security/article.php/3529746 Explorer to get anti-phishing early http://www.techworld.com/security/news/index.cfm?RSS&NewsID=4284 http://www.usatoday.com/tech/products/services/2005-08-24-microsoft-phishing_x.htm http://news.zdnet.co.uk/internet/security/0,39020375,39215165,00.htm - - - - - - - - - - Child-porn trial set for Bayfield man A Bayfield man was scheduled for an October trial in federal court in Durango after pleading not guilty Wednesday to two charges related to child pornography. Kenneth J. Young, a petroleum engineer with the Bureau of Indian Affairs, appeared before U.S. Magistrate Judge David West in U.S. District Court in Durango on Wednesday. http://durangoherald.com/asp-bin/article_generation.asp?article_type=news&article_path=/news/05/news050825_9.htm - - - - - - - - - - Ex-coach facing child porn charges A former assistant baseball coach at a Vicksburg high school faces charges of possession of child pornography, authorities say. Jamie Trichell, 34, of 508 Olympic Drive in Flowood was arrested Tuesday by Warren County and Rankin County deputies as part of a federal investigation into child pornography downloaded off the Internet. http://www.clarionledger.com/apps/pbcs.dll/article?AID=/20050825/NEWS01/508250384/1002/NEWS01 - - - - - - - - - - Man Vanishes After Frantic Call to Friend Police search Topanga Canyon for clues to the fate of the music producer who told his former partner that people were after him. Search parties combed the dry hills of Topanga Canyon on Wednesday looking for a music producer whose mysterious flight from his home three days earlier might have been connected to a common Internet scam, according to friends and relatives. (LA Times article, free registration required) http://www.latimes.com/technology/la-me-topanga25aug25,1,6362829.story - - - - - - - - - - Studios mine P2P logs to sue swappers Hollywood studios filed a new round of lawsuits against file swappers on Thursday, for the first time using peer-to-peer companies' own data to track down individuals accused of trading movies online. The Motion Picture Association of America said it filed 286 lawsuits against people around the United States based on information acquired from file-trading sites shut down earlier in the year. Most of those sites were hubs connecting people using the BitTorrent technology, a peer- to-peer application designed for speeding downloads of large files. http://news.zdnet.com/2100-9588_22-5843082.html - - - - - - - - - - China imposes online gaming curbs Some 1.5 million people play World of Warcraft in China Gamers in China are facing new limits on how much time they can spend playing their favourite online game. The government in Beijing is reported to be introducing the controls to deter people from playing for longer than three consecutive hours. http://news.bbc.co.uk/2/hi/technology/4183340.stm http://www.theregister.co.uk/2005/08/25/online_gaming_time/ Spyware worm turns on gamers http://www.vnunet.com/vnunet/news/2141498/spyware-worm-turns-gamers - - - - - - - - - - Polyglot IM worm targets MSN A new worm spreading over IM networks is the first to check system settings in order to send a message in the appropriate language. The Kelvir-HI instant messaging worm is spreading over MSN Messenger's network, albeit modestly. IM security specialist Akonix classifies it as a low-risk threat. http://www.theregister.co.uk/2005/08/25/kelvir_im_worm/ http://news.zdnet.co.uk/internet/security/0,39020375,39214953,00.htm From Melissa to Zotob: 10 Years of Windows Worms http://www.it-observer.com/news.php?id=5426 Some XP machines vulnerable to Zotob worm http://www.techworld.com/security/news/index.cfm?RSS&NewsID=4275 - - - - - - - - - - New Cybersecurity Center To Warn Of Infrastructure Attacks Several businesses and organizations are testing a new process for anonymously sharing cyberthreat and attack data with their peers and government agencies without being subject to law-enforcement audits. http://informationweek.com/story/showArticle.jhtml?articleID=170000319 - - - - - - - - - - Thieves have new scam to rob your bank account It's one of the newest scams to hit the Tristate and, if you're not careful, there are several ways you too could become a victim. It's something that can cost you thousands of dollars, as a Cleves man learned. http://www.communitypress.com/ForestParkOH/News.asp?pageType=Story&StoryID=17084 - - - - - - - - - - Internet sieges can cost businesses a bundle When the first extortion e-mail popped into Michael Alculumbre's in-box, he had no idea it was about to cost his business nearly $500,000. The note arrived in early November of last year, as Alculumbre's London-based transaction processing company, Protx was being hit by a nasty distributed denial-of-service (DDoS) attack. Zombie PCs from around the world were flooding, the company's Web site, Protx.com, and the transaction processing server that was the commercial heart of the business. http://computerworld.com/securitytopics/security/story/0,10801,104168,00.html - - - - - - - - - - The GIMP threatens PIN number security This must be a first: Linux image manipulation programme the GIMP has been fingered as a possible tool in uncovering people's PIN numbers as sent through the post. It's not all open source gloom, though, Photoshop can also be used to, in certain circumstances, enhance illicitly-obtained printed PIN numbers. http://www.theregister.co.uk/2005/08/25/pin_number_security/ - - - - - - - - - - Flaws found in CAs Message Queuing software Computer Associates (CA) has issued three patches for newly discovered flaws in its Message Queuing software. The bugs could be exploited by a malicious hacker to launch a denial of service attack against the software. Once breached, the flaws would give the attacker full administrator privileges. http://www.vnunet.com/vnunet/news/2141513/computer-associates-act-flaws - - - - - - - - - - Netquery Host Parameter Arbitrary Command Execution Vulnerability Netquery is affected a remote command execution vulnerability. An attacker can supply arbitrary commands through the 'host' parameter of the 'nquser.php' script. This can allow an attacker to execute commands in the context of an affected server and potentially gain unauthorized access. Netquery 3.11 is affected by this vulnerability. It is possible that prior versions are vulnerable as well. http://www.securityfocus.com/bid/14637/discuss - - - - - - - - - - SaveWebPortal Unauthorized Access Vulnerability SaveWebPortal is prone to an unauthorized access vulnerability. This issue is due to a failure in the application to limit access to administrative scripts. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access and further attacks on the affected site. http://www.securityfocus.com/bid/14639/discuss - - - - - - - - - - Bluetooth adverts spark virus fears A newly developed Bluetooth advertising scheme could make mobile phone viruses more commonplace by teaching users bad habits, IT security experts told vnunet.com today. The technique, known as Bluestreaming, has been pioneered by British firm Filter UK. http://www.vnunet.com/vnunet/news/2141514/bluetooth-sends-adverts-mobile - - - - - - - - - - Credit card makers forced to scrutinize security Inside Visa's operations center is a cool, white room about the size of a football field. There, more than a thousand giant computers, set up like hulking linemen, process cardholder information from across the United States. The servers hum with some 3,000 credit and debit card transactions swiped through its network every second; they will handle more than 35 billion transactions in the next year. http://news.com.com/Credit+card+makers+forced+to+scrutinize+security/2100-1029_3-5842959.html - - - - - - - - - - Microsoft vows to play nice with security chip Windows Vista will switch off certain features of the trusted platform module due to privacy concerns, Stephen Heil, technical evangelist for Microsoft's Core OS Division has said. "There are some operations that use public key information that could potentially be perceived as privacy risk areas," Heil told delegates in a session about Secure Startup at the Intel Developer Forum in San Francisco. http://www.pcw.co.uk/vnunet/news/2141489/microsoft-vowes-play-nice Microsoft outlines changes in Virtual Server plans http://www.computerworld.com/securitytopics/security/story/0,10801,104160,00.html - - - - - - - - - - Advice on Assessing your IT Security Posture Most people will agree that Information Technology (IT) is changing or altering business processes and work environments at a dizzying pace. Unfortunately for those responsible for maintaining the security posture of these processes and environments, security changes faster. http://www.it-observer.com/news.php?id=5428 - - - - - - - - - - Businesses should be mindful to avoid criminal email interception In the recent case United States v. Councilman, a full federal appellate court based in Boston recently concluded that the interception of an email message in temporary, transient electronic storage does state an offense under the Wiretap Act, as amended by the Electronic Communications Privacy Act. The court therefore reinstated a criminal indictment that had been dismissed by a federal trial court. http://www.usatoday.com/tech/columnist/ericjsinrod/2005-08-24-email-intercetion_x.htm - - - - - - - - - - Little Assurance From ID-Theft Insurance Identity thieves are the serial kidnappers of white-collar crime, and I'm convinced they will commit many more electronic snatchings before anyone figures out how to thwart them. http://www.washingtonpost.com/wp-dyn/content/article/2005/08/24/AR2005082402239.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.