High Tech "NewsBits" for 01/30/06

NewsBits for January 30, 2006 ************************************************************ R.I. government site hacked, credit card numbers stolen Hackers broke into the official Rhode Island state government Web site, www.ri.gov late last month and stole 4,117 credit card numbers, according to New England Interactive Inc. (NEI), the company that manages the site. NEI is a subsidiary of Olathe, Kan.-based e-government provider NIC Inc. We discovered the breach on Dec. 28, said NIC spokesman Chris Neff. It was due to an error in a line of software code that our local office in Rhode Island that manages the states portal [NEI] had written. http://computerworld.com/securitytopics/security/holes/story/0,10801,108199,00.html - - - - - - - - - - MS source code fence jailed for two years 'Joke' backfires on illwill. A Connecticut man was jailed for two years on Friday (27 January) after pleading guilty to offering stolen copies of Windows' source code for sale online. William Genovese, 29, of Meriden, Connecticut, pleading guilty in August 2005 to trade secret offences over his attempts to sell purloined copies of the software blueprints for Windows 2000 and Windows NT 4. http://www.theregister.co.uk/2006/01/30/ms_source_code_fence_jailed/ http://news.zdnet.co.uk/business/legal/0,39020651,39249656,00.htm http://australianit.news.com.au/articles/0,7204,17980528%5E27317%5E%5Enbv%5E15306-15319,00.html - - - - - - - - - - Spain arrests six in net pervert crackdown Door closed on 62 child abuse forums. Six people have been arrested in Spain in a crackdown targeting the exchange of images of child abuse that has also led to the closure of 62 so-called "internet communities". The operation follows a year-long investigation that focused on 2,870 net users in 40 countries (including Spain) who were suspected of exchanging perverted photos and movie clips of under-age children and babies through various online forums, Reuters reports. http://www.theregister.co.uk/2006/01/30/child_abuse_crackdown_spain/ - - - - - - - - - - VIRGINIA MAN PLEADS GUILTY TO CHILD PORNOGRAPHY CHARGES Websites Featured Videos of Underage Boys Engaging in Explicit Sexual Conduct. A Virginia man has pleaded guilty to multiple charges involving the sexual exploitation of minor boys and the operation of child pornography websites, Assistant Attorney General Alice S Fisher of the Criminal Division and U.S. Attorney John L. Brownlee of the Western District of Virginia announced today. http://www.usdoj.gov/opa/pr/2006/January/06_crm_043.html - - - - - - - - - - Berkeley firefighter charged with having child porn at station A 49-year-old firefighter was charged with possession of child pornography after police found pictures in his locker and on a disc left in a fire station computer, authorities said. Luis Ponce, a 17-year veteran of the Berkeley Fire Department, was arrested near his home in Grass Valley on Thursday following an eight-week investigation that started with the discovery of the computer disc, said police Sgt. Mary Kusmiss. http://www.nctimes.com/articles/2006/01/30/news/state/12906200926.txt - - - - - - - - - - Student downloaded child-porn on college computer A Binghamton-area community college student faces more than a dozen felony charges for allegedly using school computers to download child pornography. Authorities say 18-year-old Christopher Cartagena of Binghamton was sent to Broome County Jail after his arrest. Investigators say Cartagena was charged with 16 counts of possessing a sexual performance by a child. http://www.wcax.com/Global/story.asp?S=4427434&nav=4QcS - - - - - - - - - - eBay attacker owns up to 2003 hack An eBay hacker has pled guilty of launching a distributed denial of service attack against the internet auction site. Anthony Clark (21) from Oregon in America compromised 20,000 computers using a worm program in 2003. He then instructed the zombie computers to strike eBay with a DDoS attack. http://www.infosecurity-magazine.com/news/060127_ebay_attack.htm - - - - - - - - - - Cellcos and senate vs social engineering New legislation proposed by Senator Chuck Schumer (D, NY) and backed by heavyweights from both major parties, seeks to criminalize both the practitioners and the dupes of "social engineering". http://www.theregister.co.uk/2006/01/27/schumer_phone_records/ - - - - - - - - - - Easynet sends warnings to virus victims A UK ISP is contacting customers who may be infected with the Nyxem virus, a move welcomed by F-Secure. A UK Internet Service Provider (ISP) is contacting customers it believes may be infected with the Nyxem virus. When a computer is infected by Nyxem, it visits an online Web counter that counts how many PCs have been infected. Easynet is monitoring traffic to this Web counter and sending a warning to every user that visits it, explaining that their machine could be infected. http://news.zdnet.co.uk/internet/security/0,39020375,39249660,00.htm Destructive worm activates on Friday Kiss goodbye to Word, Excel and PowerPoint files Antivirus firms are warning of a destructive Windows worm that will begin wiping files on infected PCs this Friday. 'Nyxem.e' has been spreading via infected emails and network shares. On the third of each month the worm will activate 30 minutes after the computer is booted up and overwrite all files with the extensions DOC, XLS, MDB, MDE, PPT, PPS, ZIP, RAR, PDF, PSD and DMP. Corrupted files contain the text 'DATA Error [47 0F 94 93 F4 F5]'. http://www.vnunet.com/vnunet/news/2149414/destructive-worm-activates Security Experts Warn of Kama Sutra Worm http://www.cio-today.com/news/Experts-Warn-of-Kama-Sutra-Worm/story.xhtml?story_id=12100465ZLIH - - - - - - - - - - Trojan tests antivirus response time Quick burst of two million emails to test the waters Trojan writer has been testing the response times of antivirus companies with malware that has been spammed out to over two million web users. Managed security provider BlackSpider Technologies estimated that more than 2.4 million emails containing the Win32.small.cfg Trojan downloader were sent to UK businesses last night. http://www.vnunet.com/vnunet/news/2149409/trojans-tests-anti-virus - - - - - - - - - - Face and fingerprints swiped in Dutch biometric passport crack Dutch TV programme Nieuwslicht (Newslight) is claiming that the security of the Dutch biometric passport has already been cracked. As the programme reports here, the passport was read remotely and then the security cracked using flaws built into the system, whereupon all of the biometric data could be read. http://www.theregister.co.uk/2006/01/30/dutch_biometric_passport_crack/ - - - - - - - - - - Seeing Fakes, Angry Traders Confront EBay A year ago Jacqui Rogers, a retiree in southern Oregon who dabbles in vintage costume jewelry, went on eBay and bought 10 butterfly brooches made by Weiss, a well-known maker of high- quality costume jewelry in the 1950's and 1960's. At first, Ms. Rogers thought she had snagged a great deal. But when the jewelry arrived from a seller in Rhode Island, her well-trained eye told her that all of the pieces were knockoffs. http://www.nytimes.com/2006/01/29/technology/29ebay.html - - - - - - - - - - Winamp, Shoutcast exploits released same day An exploit for Winamp that allows remote code execution was released today, less than 24 hours after the release of an exploit for an old Shoutcast flaw. http://www.securityfocus.com/brief/122 Serious Winamp flaw gets fix http://news.zdnet.com/2100-1009_22-6032787.html - - - - - - - - - - AMD forums laid low by Windows exploit A discussion forum Web site for fans of Advanced Micro Devices' chips was closed Monday after the discovery there of an exploit for Microsoft's Windows Meta File flaw. Mikko Hypponen, chief research officer at F-Secure, posted an item on the company's blog Monday outlining a WMF exploit on the home page for AMD-sponsored discussion forums. The exploit has since been removed, AMD said. http://news.zdnet.com/2100-1009_22-6033068.html http://computerworld.com/securitytopics/security/hacking/story/0,10801,108195,00.html http://www.vnunet.com/vnunet/news/2149449/amd-forum-users-exposed-wmf - - - - - - - - - - Botnet Herders Hide Behind VoIP Internet telephone applications like Skype and Vonage could become hacker hideouts, a group of technologists and academics funded by MIT and Cambridge University said Thursday. According to the Communications Research Network (CRN), voice-over-Internet (VoIP) software could give perfect cover for launching denial-of-service (DoS) attacks. http://www.it-observer.com/news.php?id=5665 - - - - - - - - - - Harvard and Oxford Target Badware Harvard University's Berkman Center and the Oxford Internet Institute have launched a "Neighborhood Watch" initiative against spyware and other malicious software programs. The Berkman Center and the Oxford Internet Institute hope this initiative will serve as a deterrent by publishing names and reports of companies spreading badware, as also an educational tool for software developers by providing principles they can follow to provide a positive user experience. http://www.techtree.com/techtree/jsp/article.jsp?article_id=70873&cat_id=582 Internet brain trust aims to shame spyware makers http://www.dailytimes.com.pk/default.asp?page=2006%5C01%5C30%5Cstory_30-1-2006_pg6_7 - - - - - - - - - - Security vendors open another front against spyware The three biggest antivirus vendors have teamed up with testing labs to develop standards for spyware detection. Trend Micro, Symantec and McAfee are joining forces with ICSA Labs and Thompson Cyber Security Labs in a bid to standardise methods for sharing spyware samples and testing anti-spyware products and services. http://www.theregister.co.uk/2006/01/30/spyware_testing/ Security consortium forges guidelines http://news.zdnet.com/2100-1009_22-6033101.html - - - - - - - - - - Turin builds virtual fortress for Games Olympic organizers have tightened the screws on data processing security to prevent identity fraud and tampering with scores and times, a project director at Atos Origin, which manages the IT system for the Games, told Reuters. http://news.zdnet.com/2100-1009_22-6032947.html - - - - - - - - - - DHS Needs More Contact With State, Local IT Execs, Surveys Show Many respondents say they know little about federal cybersecurity programs. The results of two small surveys released last week suggest that more than three years after the federal government developed a national strategy to secure cyberspace, there is still a divide between the U.S. Department of Homeland Security and state and local governments on the handling of cyberthreats. http://www.computerworld.com/securitytopics/security/hacking/story/0,10801,108157,00.html - - - - - - - - - - NSA's Trailblazer loses way A program intended to mine the Internet and telecommunications for bits of data related to terrorism is still on the drawing board, despite costing an estimate $1.2 billion over the past six years, according to a Baltimore Sun investigation. http://www.securityfocus.com/brief/121 - - - - - - - - - - MS to omit anti-virus from Vista Microsoft will omit anti-virus protection in Vista, the next version of Windows, which it plans to ship late this year. As with previous versions of Windows dating back to Windows 2000 at least, Redmond is promoting Vista as a landmark improvement in Windows security. http://www.theregister.co.uk/2006/01/30/vista_security_allchin/ - - - - - - - - - - MessageLabs flags e-mail archiving service MessageLabs has launched its first e-mail archival product that company officials say will allow for fast access to messages that must be stored for regulatory and legal reasons. http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5264 - - - - - - - - - - 'RFID tag' - the rude words ID card ministers won't say Lengthy descriptions of duck, but no d-word. .. When it comes to RFID, is MP Andy Burnham lying or drowning? If it's lying, then in principle the Home Office Minister is no more lying than other people are - the US Department of Homeland Security, the EU's Justice & Home Affairs Committee and impressive numbers of RFID, sorry, contactless, proximity chip vendors. But if he's not, the drowning act is pretty convincing. http://www.theregister.co.uk/2006/01/30/burnham_rfid_evasions/ - - - - - - - - - - Army installs PKI security TKC Integration Services is overseeing the installation of public-key infrastructure (PKI) technologies throughout the Army to tighten security on the militarys unclassified network. http://www.fcw.com/article92141-01-30-06-Web - - - - - - - - - - 3-D face recognition technology guards GSA The Homeland Security Department has completed a successful pilot program that uses 3-D biometric facial recognition technology to control access to General Services Administration buildings. http://www.fcw.com/article92144-01-30-06-Web DHS taking second look at iris scans for Registered Traveler http://www.gcn.com/vol1_no1/daily-updates/38122-1.html - - - - - - - - - - Science Puts Enron E-Mail to Use In March 2001, just a few months before Enron CEO Jeffrey Skilling resigned, an employee e-mailed him a joke about a policeman pulling over a speeding driver, whose wife subsequently rats him out to the cop for other offenses, including being drunk. Skilling and Enron chairman Ken Lay, whose federal trial on multiple felony fraud charges starts Monday, might not see the irony that, like the driver's wife, their e-mails will soon be testifying against them, both in court and in public opinion. http://www.wired.com/news/technology/0,70100-0.html 'Electronic discovery' industry blooming http://www.msnbc.msn.com/id/11098427/ - - - - - - - - - - Outrageous Outrage It would be interesting to know how many Google searches were made last week for news about Google searches. Of course, you hardly needed Google to find it. It was everywhere. Even on the other side of the planet. When the news broke that Google is launching a search service in China that will block any results the Chinese government deems unsuitable for its citizens, the outrage seethed on countless Web sites, including our own. http://www.computerworld.com/securitytopics/security/story/0,10801,108102,00.html Google CEO on censoring: 'We did an evil scale' http://computerworld.com/securitytopics/security/privacy/story/0,10801,108152,00.html - - - - - - - - - - Brain scans detect lying, could replace polygraphs Picture this: your boss is threatening to fire you because he thinks you stole company property. He doesn't believe your denials. Your lawyer suggests you deny it one more time -- in a brain scanner that will show you're telling the truth. Wacky? Science fiction? It might happen this summer. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/13748426.htm *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2006, NewsBits.net, Campbell, CA.