NewsBits for September 1, 2005 ************************************************************ Expert charged in computer hacking A computer networking consultant hacked into a Beaver County school district's system to peek at a competitor's bids, but didn't escape without leaving tracks, police said Wednesday. Police charged Brooks M. Roy, 25, of Cranberry, with breaking into the e-mail system he helped design and install for the South Side Beaver School District. http://pittsburghlive.com/x/tribune-review/trib/pittsburgh/s_369618.html - - - - - - - - - - Scammers jump on hurricane Katrina Scammers have launched websites and are sending out spam emails to attract donations that are intended for the victims of the Hurricane Katrina that struck parts of the South East of America. http://www.vnunet.com/vnunet/news/2141705/scammers-jump-hurricane-katrina http://www.washingtonpost.com/wp-dyn/content/article/2005/08/31/AR2005083102574.html http://blogs.washingtonpost.com/securityfix/2005/08/katrina_phishin.html http://news.com.com/Online+scams+emerge+in+Katrinas+wake/2100-7349_3-5845695.html - - - - - - - - - - Woman pleads guilty to child porn charge An Independence woman on Wednesday became one of the few females to be convicted in western Missouri of possessing child pornography. Rose H. Beatty, 22, pleaded guilty to a single felony count of possession of child pornography before Senior U.S. District Judge Scott O. Wright. http://www.kansascity.com/mld/kansascity/news/local/12528622.htm - - - - - - - - - - Phone virus spreads through Scandinavian company A mobile phone virus recently hit a small company in Scandinavia and spread from one handset to another, according to security vendor F-Secure Corp. It was the first time F-Secure has seen a mobile virus make serious headway into an enterprise after showing up on an employee's phone, said Ero Carrera, an antivirus researcher at Helsinki, Finland-based F-Secure. The outbreak lasted about a day as dozens of employees received the virus and about 20 of them opened it on their phones, causing it to spread, according to a Web log entry on F-Secure's site. http://computerworld.com/securitytopics/security/virus/story/0,10801,104300,00.html http://www.infoworld.com/article/05/08/31/HNphonevirus_1.html - - - - - - - - - - Zotob author may be a mastermind of more than 20 viruses The teenager arrested on suspicion of writing and distributing the Zotob Windows 2000 worm may have authored more than 20 other viruses, it has emerged. The claim was made by anti-virus company Sophos, which has analysed a number of viruses incorporating the Diabl0 "handle or moniker used by the accused, 18-year-old Farid Essebar. http://www.crime-research.org/news/01.09.2005/1466/ http://www.techworld.com/security/news/index.cfm?RSS&NewsID=4311 MyTob and NetSky-P dominate August viral charts http://www.theregister.co.uk/2005/09/01/august_virus_chart/ - - - - - - - - - - Creative MP3 players ship with virus Creative Labs has instituted a partial product recall after discovering that it accidentally shipped approximately 3,700 MP3 players contaminated with a Windows virus. Filesystems of affected 5GB Zen Neeons players contain a file infected with the Wullik-B (AKA Rays-A) email worm. The worm won't infect PCs unless the user browses the player files and clicks on the infected file, security firm F-Secure reports. http://www.theregister.co.uk/2005/09/01/creative_mp3_player_virus_flap/ http://news.com.com/Virus-infected+Creative+Zen+MP3+players+found/2100-7349_3-5845499.html - - - - - - - - - - DOJ cybersecurity effort aims for Center of Excellence status The Justice Department will attempt to become a Center of Excellence for the Cybersecurity Line of Business initiative, a senior agency official said. Dennis Heretick, DOJs chief information security officer and director of the agencys IT security staff, said yesterday at a workshop in Washington that the department will submit a business case to the Office of Management and Budget outlining how its Cyber Security Risk and Assessment and Management program could become a standard for federal agencies. http://www.gcn.com/vol1_no1/daily-updates/36875-1.html - - - - - - - - - - BNBT EasyTracker Remote Denial Of Service Vulnerability BNBT EasyTracker contains a denial of service vulnerability in its HTTP parser code. This issue is due to a failure of the application to properly handle malformed HTTP requests. If an attacker sends a malformed HTTP request to the application, reports indicate that the affected application will terminate unexpectedly. http://www.securityfocus.com/bid/14700/discuss - - - - - - - - - - Theft You Don't Even See How's this for a one-two punch -- software that secretly alters your Google search results, then tries to drop nasty programs on your computer by luring you to a bogus eBay link? http://www.washingtonpost.com/wp-dyn/content/article/2005/08/31/AR2005083102486.html - - - - - - - - - - Never Forget Another Password Netizens are now collectors of secrets, whether they are good at keeping them or not. Web users are asked to keep track of secure passwords for everything from e-mail accounts to utility bills to music-subscription services, a tedious task that often leads to bad security habits. http://www.wired.com/news/privacy/0,1848,68694,00.html - - - - - - - - - - Are companies prepared for fallout from a security breach? There are some very positive trends in corporate privacy and data-protection practices, according to the Ponemon Institute's recently completed 2005 Benchmark Study of Corporate Privacy Practices. However, there are also gaps that could trip up the best-intentioned company when faced with a breach. http://computerworld.com/securitytopics/security/story/0,10801,104311,00.html - - - - - - - - - - CDP jackpot One of the questions I am asked most often is how I choose what to write about each week. Well, that question is rather difficult to answer, but let me try a metaphor: It's similar to playing a slot machine in Las Vegas -- to win big, you have to line up three good symbols, like three cherries or three bells. http://computerworld.com/securitytopics/security/recovery/story/0,10801,104301,00.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.