NewsBits for February 13, 2006 ************************************************************ U.S. charges man in botnet case A California man has been indicted on federal charges of creating a network of hijacked computers that helped him and two others bring in $100,000 for installing unwanted ad software. The indictment http://news.zdnet.com/2100-1009_22-6038478.html http://computerworld.com/securitytopics/security/story/0,10801,108643,00.html - - - - - - - - - - Web of intrigue widens in debit-card theft case An investigation into thousands of compromised debit cards that was widely reported this week appears to involve two of the nation's largest retailers, according to multiple law enforcement and banking sources. http://news.com.com/2100-1029_3-6038405.html FBI makes connections in data breach case http://news.zdnet.com/2100-1009_22-6038287.html Debit-card data stolen in breach of retailer http://www.securityfocus.com/brief/136 Debit card breach mystery deepens http://news.zdnet.co.uk/internet/security/0,39020375,39252117,00.htm Other banks caught in phishing net too http://timesofindia.indiatimes.com/articleshow/1411611.cms Leaks of hidden data cause concern http://zone-h.org/en/feeds/year=2006/month=02/ - - - - - - - - - - Man threatens to attack Olympic computers A would-be hacker was being investigated by police Monday after threatening to attack the internal computer network of the Turin Olympics organizing committee. The man -- a technical consultant for the TOROC committee -- illicitly gained access to off-limits sections of the network, police officer Fabiola Silvestri said. http://www.msnbc.msn.com/id/11324822/ - - - - - - - - - - FBI Probes Hacking Incident at Indiana Clinic Database changes made by intruder slowed system. A Fort Wayne, Ind.-based orthopedics clinic with more than a dozen facilities in the state has called in the FBI to investigate a hacking incident that highlights the dangers companies can face from the placement of hidden back doors in their software. The case involves Orthopaedics Northeast, which last month suddenly began experiencing serious performance slowdowns with Webchart, a clinical document management system supplied to the clinic by Medical Informatics Engineering Inc., a health care software developer that's also based in Fort Wayne. http://www.computerworld.com/securitytopics/security/hacking/story/0,10801,108639,00.html - - - - - - - - - - North Carolina Police Fight to Keep Up With Web Predators Cases Far Outnumber Available Officers Four times in the past three weeks, Charlotte-Mecklenburg police say, a man went on the Internet and propositioned a 14-year-old girl for sex. The girl turned out to be an undercover police officer, and authorities late Tuesday arrested Thomas Royster, 25, at his University area home. http://www.officer.com/article/article.jsp?id=28590 - - - - - - - - - - Norwood Man Arrested On Child Porn Charges Norwood police investigating sexual images of a teenage girl online late last year, uncovered disturbing images of children much younger. That's according to an indictment unsealed Friday in Hamilton County court. http://www.wcpo.com/news/2006/local/02/11/porn_arrest.html - - - - - - - - - - 2nd ID soldier given 10 months, discharged for child porn A U.S. soldier who pleaded guilty to child pornography charges was sentenced Wednesday to 10 months in prison, reduction to the militarys lowest pay grade, forfeiture of all pay and allowances and a bad-conduct discharge after pleading guilty to child pornography charges, officials at Camp Humphreys said Friday. http://www.estripes.com/article.asp?section=104&article=34979 - - - - - - - - - - Bill would keep servers out of China Free-speech advocates have blasted Google and other Internet companies for bowing to China's demands that they censor or fork over information the communist government deemed objectionable. Now, Congress is stepping in with proposed legislation that could hobble the companies as they plunge deeper into one of the world's hottest economies. http://www.usatoday.com/tech/news/techpolicy/2006-02-12-china-net_x.htm - - - - - - - - - - DHS evaluates global cybersecurity exercise Homeland Security Department officials offered no results or findings from a recently concluded, globally coordinated cybersecurity exercise, but they will begin examining data with the intent of issuing a report this summer. The full-scale exercise, Cyber Storm, was conducted from Feb. 6-10 and involved 115 public, private and international agencies. It examined the response, coordination, and recovery processes and procedures to a simulated cyberattack against critical infrastructures. The federal government has been involved in previous simulated cybersecurity exercises but not on this scale. http://www.it-observer.com/news/5705/dhs_evaluates_global_cybersecurity_exercise/ - - - - - - - - - - Brits losing a PS1bn to online scams The Office of Fair Trading (OFT) warned today that an estimated five million UK citizens lose up to PS1bn a year to online and offline mass-marketing scams. The government agency said that some of the well documented frauds still taking in the public include lottery scams, 'miracle' health or slimming cures, and the ever-popular 419 con beloved of Nigerian fraudsters. http://www.vnunet.com/vnunet/news/2150223/419-scams-fool-thousands - - - - - - - - - - IIPA piracy petition criticizes Russia A coalition of U.S. trade associations representing copyright-based industries has called on the U.S. government to recognize serious copyright violations in Russia and to designate the country for possible sanctions. http://computerworld.com/securitytopics/security/cybercrime/story/0,10801,108644,00.html - - - - - - - - - - Drag-and-drop flaw in IE reported Vulnerability could allow malicious code to run on a PC, vendors say. Security analysts and vendors are reporting a flaw in Microsoft Corp.'s Internet Explorer browser that could allow malicious code to run and allow a hacker to take control of a user's computer. http://www.computerworld.com/securitytopics/security/holes/story/0,10801,108654,00.html Real world browser threats http://www.it-observer.com/news/5706/real_world_browser_threats/ F-Secure covers Windows Mobile 5.0 http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5363 - - - - - - - - - - AJAX Poses Security Risk Asynchronous JavaScript and XML, the method used by web application developers to allow the client communicate with the server without interrupting user from their activities, exposes applications to new security vulnerabilities, according to Forum Systems security advisory. http://www.it-observer.com/news/5703/ajax_poses_security_risk/ - - - - - - - - - - How secure is VoIP? The allure of Internet phone calling is understandable -- dirt-cheap calls to anywhere in the world, sound quality that's at times superior to the traditional land-line and the ability to take your phone number with you when you travel. But, buyer beware. These calls are just like any other form of digital communication, like e-mail, which can be hacked, spammed and saved on servers. http://www.mercurynews.com/mld/mercurynews/news/13859672.htm - - - - - - - - - - Wipe your iPod before selling it, RIAA warns If you sell your iPod and don't remove your music first, you could find yourself with the Recording Industry Ass. of America (RIAA) breathing down your back. The organisation last week told sellers in the US that doing so is a clear violation of copyright law and warned them that it's sniffing out for infringers. http://www.reghardware.co.uk/2006/02/13/riaa_ipod_warning/ - - - - - - - - - - Cisco readies security updates Cisco Systems unveiled on Monday several changes to its security lineup that are designed to bolster its management offerings and ability to secure applications that reside on the network. Cisco, as part of its adaptive security efforts to monitor and secure access to applications on the network, debuted its Content Security and Control Security Services Module. http://news.zdnet.com/2100-1009_22-6038418.html - - - - - - - - - - nCipher Classified Document Security nCipher has announces the availability of the Classified Document Security Appliance. Bringing together technology components from Adobe, Geotrust and nCipher, the appliance significantly simplifies document security. The appliance provides central signing, time stamping and encryption capabilities whilst allowing any recipient to validate a documents authenticity and be assured its contents are unaltered, all without any manual intervention or software plug-ins. http://www.it-observer.com/news/5704/ncipher_classified_document_security/ - - - - - - - - - - Startup tries to spin a safer Web File-sharing software that installs adware, Web sites that attempt to compromise a visitor's computer, and free downloads that install a host of other unwanted software -- the Web has become a confusing, and sometimes dangerous, place for the average home user. http://www.securityfocus.com/news/11376 Tool helps reduce search for bugs http://www.securityfocus.com/brief/135 - - - - - - - - - - Sun to unveil security offer Sun Microsystems is expected to announce two security initiatives Monday, one introducing a form of encryption for its next-generation Sun Java System Web Server and another that reslices the way it delivers security features for Solaris. http://news.zdnet.com/2100-1009_22-6038422.html - - - - - - - - - - 'Lawful interception' firm tapping into Europe, Asia Pacific 3GSM Lawful interception firm SS8 Networks is using the 3GSM show to set out its stall in Europe. The firm, which makes middleware that helps service providers manage the collection of data from wiretaps across multiple voice and data connections, also announced a resale agreement with Pen-Link, a firm whose software allows law enforcement agencies to make sense out of the data SS8 collects. http://www.theregister.co.uk/2006/02/13/ss8_expansion_3gsm/ - - - - - - - - - - RSA confab: Boom times for security The security industry converges at the annual RSA Conference this week, an event that's moved far beyond its origins as a get-together for cryptogeeks and other insiders. Though still organized by RSA Security, a company with its roots in cryptography, the confab has developed into a showcase for security companies and an annual gathering for IT professionals. This year is the 15th anniversary of the event. http://news.zdnet.com/2100-1009_22-6038135.html - - - - - - - - - - When Insider Threats Meet Sarbanes-Oxley Many security practitioners divide security into three distinct but related areas: external threats, internal threats and compliance. While it is fashionable to say that security doesnt equal compliance, and compliance doesnt equal security, one must acknowledge that there is a tremendous amount of overlap between the two. This is certainly the case when considering Sarbanes-Oxley compliance and insider threats. http://www.it-observer.com/news/5712/when_insider_threats_meet_sarbanes_oxley/ - - - - - - - - - - Identity Stolen... Now what? With the increase of the various forms of Malware and Phishing Scams there is also an increased threat of identity theft. Though the ways your personal information is be compromised may be different, one thing remains the same, it is a violation. It is a violation against you, against your family and against the creditors who think it is you they are extending credit to. http://www.it-observer.com/news/5707/identity_stolen_now_what/ - - - - - - - - - - A Day In The Life Of A Chinese Internet Police Officer Following the development of science and technology, the Internet has become a major tool for communication and information. At the same time, Internet crime has followed. Due to the special nature of the crimes, the Internet police needs to have computer- related professional knowledge and they must have experience dealing with Internet crimes. They may not have the experience of having to physically arrest someone, and they look like intellectuals at a scientific research institute, but their heads are filled with leading-edge technology and they know all about computers and networks. http://www.it-observer.com/news/5709/a_day_life_chinese_internet_police_officer/ - - - - - - - - - - Search warranted? Financial adviser Josh Cohen, 34, in his office in Chicago in January, said he identifies with those Internet users who see the loss of some privacy as the price they pay for being on the Web. He said that will help the government combat terrorists and those who prey on children. http://www.rockymountainnews.com/drmn/tech/article/0,2777,DRMN_23910_4461978,00.html - - - - - - - - - - Phishing for Security So my Dad calls me up last week to tell me that hes just got a call from his building society to say that his account has been completely emptied out. Great. At least Nationwide had the good sense to immediately realise that it was a fraudulent transaction and told him that hed be reimbursed in full the same day. Phew. http://www.trustedreviews.com/article.aspx?art=2481 - - - - - - - - - - Understanding and Working in Protected Mode Internet Explorer In Microsoft Windows Vista, Microsoft Internet Explorer 7 runs in Protected Mode, which helps protect users from attack by running the Internet Explorer process with greatly restricted privileges. Protected Mode significantly reduces the ability of an attack to write, alter or destroy data on the user's machine or to install malicious code. http://www.it-observer.com/news/5708/understanding_working_protected_mode_internet_explorer/ - - - - - - - - - - Police database fingers suspects British police have fingered some suspected scoundrels and nonces with a shared police database system, the Home Office said at the official launch of the system today. The IMPACT Nominal Index, which resulted from Sir Michael Bichard's investigation into failure of police to prevent the murders of Soham schoolgirls Jessica Chapman and Holly Wells, has been running in pilot since December. http://www.theregister.co.uk/2006/02/13/police_database_promise/ - - - - - - - - - - Alabama introduces court e-filing system Alabama court officials are introducing an e-filing system this year that would potentially allow thousands of state attorneys to securely file complaints, discoveries, proposed orders and other documents via the Internet. http://www.fcw.com/article92320-02-13-06-Web - - - - - - - - - - Road-Ready Night Vision At Last Driving at night down a dark and isolated stretch of road off the Autobahn, one could easily believe there isn't another soul within miles: The windshield view shows only a few yards of barren road lined with looming trees and dense shrubs. But a quick glance at the monitor in the center of the dashboard reveals the brightly illuminated image of a man moving out from behind a bush on the side of the road, beyond the ambit of the headlights, where I would never have seen him. http://www.wired.com/news/technology/0,70182-0.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2006, NewsBits.net, Campbell, CA.