NewsBits for February 20, 2006 ************************************************************ Political hacking scandal hits Hungary A "Watergate-style" political scandal has broken in Hungary after the opposition party was forced to admit an over-zealous intern was responsible for hacking into the servers of the governing party. Fidesz said the hack against the systems of the ruling socialist party, ahead of the April general elections, was not sanctioned by the party's leadership but, nonetheless, conceded it was a serious breach of electoral etiquette. http://www.theregister.co.uk/2006/02/20/hungary_hack/ - - - - - - - - - - U.S. Navy Petty Officer Charged With Computer Pornography Investigators with the Florida Department of Law Enforcement's Computer Crime Section, the Tallahassee Police Department and the U.S. Department of Defense Criminal Investigative Service ended a two-month investigation Friday afternoon with the arrest of a U.S. Navy Petty Officer 1st Class. William Miles Clarke of Jacksonville, 41, was charged with one count of computer pornography -- a third-degree felony. http://www.news4jax.com/news/7167884/detail.html - - - - - - - - - - Worker suspended in computer probe At risk: Security of state credit card data A state Office of Information Technology worker was placed on paid leave yesterday in connection with the investigation of a potential security breach to a state computer server. http://www.concordmonitor.com/apps/pbcs.dll/article?AID=/20060218/REPOSITORY/602180349/1001/NEWS01 - - - - - - - - - - Authorities say many teens at risk on social Web sites On MySpace.com, teenagers can find kindred spirits who share their love of sports, their passion for photography or their crush on a Hollywood star. They can also find out where their online friends live, where they attend school, even what they look like. And so can adults. http://www.signonsandiego.com/news/computing/20060219-0916-myspace-dangers.html - - - - - - - - - - Cyber bank robbers threaten ecommerce Bank account plundering Trojans on the rise... Cyber criminals are surfing into online banks with you to steal your money. Password-stealing Trojan horses used to be all the rage. The software would nestle itself on a PC after opening a bad email attachment or visiting a malicious website. But in response to the increased adoption of stronger authentication, cyber criminals are changing their tactics, according to Alex Shipp, a senior antivirus technologist at MessageLabs. http://software.silicon.com/security/0,39024655,39156580,00.htm http://news.zdnet.co.uk/internet/security/0,39020375,39253433,00.htm Invasion of the Computer Snatchers http://www.washingtonpost.com/wp-dyn/content/article/2006/02/14/AR2006021401342.html - - - - - - - - - - US seeks to tighten web gambling laws US politicians have launched a fresh bid to stop overseas internet gambling websites reaching American web users, according to the BBC. The new bill being introduced in the House of Representatives aims to extend existing laws which ban interstate telephone gambling. http://www.vnunet.com/vnunet/news/2150623/ramps-fight-against-internet UK gambling firms say no to Italian ban http://www.theregister.co.uk/2006/02/20/remote_gambling_ban_challenge/ - - - - - - - - - - Google keeps up porn probe battle The search giant is refusing to hand over a week's worth of search terms, and accuses the US Justice Department of being both cavalier and uninformed. Google lashed out at the US Justice Department on Friday, saying that a high-profile request for a list of a week's worth of search terms must not be granted because it would disclose trade secrets and violate the privacy rights of its users. http://news.zdnet.co.uk/internet/0,39020369,39253431,00.htm Google rejects DOJ bid for search info http://computerworld.com/securitytopics/security/privacy/story/0,10801,108843,00.html - - - - - - - - - - OMB provides sample HSPD-12 privacy reports The Office of Management and Budget late last week reminded CIOs to complete privacy impact assessments and a number of other related documents before issuing credentials under Homeland Security Presidential Directive 12. http://www.gcn.com/vol1_no1/daily-updates/38313-1.html - - - - - - - - - - Hackers on the trail of Microsoft patches Hackers have released software that could be used to take over Windows PCs that lack the latest Microsoft security patches. But while this code is dangerous, security experts said Friday that it had yet to be used by attackers in any widespread way. http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5406 Microsoft's February security bulletins http://news.zdnet.co.uk/software/windows/0,39020396,39253557,00.htm Microsoft reveals piracy battle plan for the UK http://www.theregister.co.uk/2006/02/20/microsoft_piracy_clampdown/ - - - - - - - - - - Another OS X worm unearthed A second piece of Mac OS X malware has emerged within a week - albeit a worm that poses a very limited threat. Security software maker F-Secure describes Inqtana.A, a Java- based "proof of concept" worm that exploits a vulnerability in Bluetooth on some Macs that haven't been updated with Panther and Tiger security patches. http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5409 - - - - - - - - - - Google admits Desktop security risk Businesses have been warned by research company Gartner that the latest Google Desktop Beta has an "unacceptable security risk". Google Desktop allows indexing and searching of PCs' hard drives, and sharing of information through a feature called Search Across Computers. This enables users to search for information within a network such as an intranet. http://news.zdnet.co.uk/0,39020330,39253447,00.htm Gartner warns firms to lock down Google Search http://www.vnunet.com/vnunet/news/2150626/gartner-warns-firms-lock-google - - - - - - - - - - Linux worm turns on Mambo and PHP Security experts today warned of a Linux network worm that exploits holes in the Mambo content management system and the PHP XML-RPC library. Dubbed Mare.D, the worm leaves multiple backdoors on infected systems. Two of these are connect back shell backdoors that link to a remote host, while a third allows the malware's writer to access and control infected systems via IRC. http://www.vnunet.com/vnunet/news/2150647/linux-worm-loose Linux worm targets PHP flaw http://www.theregister.co.uk/2006/02/20/linux_worm/ - - - - - - - - - - Apple recruits karma to stop OS X 'theft' Apple has embedded a special message to hackers in the latest version of its operating system in an effort to stop the platform being ported to non-Apple computers. Developers have been trying to break into Apple's OS X ever since the company released a version of the software that runs on Intel processors. Previous versions ran only on Power processors made by IBM and Freescale. http://www.vnunet.com/vnunet/news/2150566/apple-recruits-karma-battle - - - - - - - - - - Spammers adopt stealth tactics Botnet controllers are switching to stealth tactics in a bid to avoid detection. Instead of mass mail-outs of spam and malicious code, they are adopting slower distribution tactics in a bid to avoid appearing on corporate security radars. http://www.theregister.co.uk/2006/02/20/stealth_spam/ - - - - - - - - - - London Oyster card - a tool for spouse stalkers? Marriages down the tubes...Transport for London's (TfL) 'ID card lite', the Oyster travelcard, is already being illicitly used to snoop on people's movements, according to the Independent on Sunday. The problem stems from the fact that TfL records the journeys made using the card, and gives owners easy internet access to their personal audit trail. But it's perhaps too easy. http://www.theregister.co.uk/2006/02/20/oyster_security_flaws/ - - - - - - - - - - LE and Government Officials Join BSA In a town hall meeting last week by the Business Software Alliance (BSA), top law enforcement officials from the United States and Europe said that combating cybercrime requires industry coordination with law enforcement officials on both sides of the Atlantic. In addition, a new survey released by BSA showed the positive impact of industry-led initiatives in fighting organized cybercrime. http://www.linuxelectrons.com/article.php/2006021818014873 - - - - - - - - - - Yahoo!Mail bans Allah and Dirty Harry handles Yahoo! is banning the use of allah in email names - even if the letters are included within another name. This was uncovered by Reg reader Ed Callahan whose mother Linda Callahan was trying to sign up for a Verizon email address. She could not get it to accept her surname. http://www.theregister.co.uk/2006/02/20/yahoo_upsets_religious/ - - - - - - - - - - Plan for ID Cards Drawing Criticism The new technology, required by law, hikes costs and raises risks of identity theft, some say. When Congress rushed passage of the Real ID Act last spring, the idea was to foil terrorists. States would be required to replace their current drivers' licenses with forgery-proof identification cards embedded with private information that government agents anywhere in the country could quickly scan to verify a person's identity. (LA Times article, free registration required) http://www.latimes.com/technology/la-me-realid20feb20,1,2329413.story Government continues to stonewall over ID card costs http://news.zdnet.co.uk/business/legal/0,39020651,39253436,00.htm - - - - - - - - - - RSA: Companies pushed to bolster internal security efforts After spending years implementing controls to protect their network perimeters from external threats, companies are under growing pressure to do the same thing to guard against internal ones as well, security professionals at last weeks RSA conference here said. Driving the trend are concerns about accidental data leaks and theft resulting from internal lapses at a time when companies are increasingly opening up their networks and data to business partners, suppliers and customers. Also playing a role are regulations that require companies to exercise greater control over the data they handle. http://www.computerworld.com/securitytopics/security/story/0,10801,108849,00.html Is your company doing enough to protect itself... and you? http://software.silicon.com/security/0,39024655,39156605,00.htm Leader: Good news amid the gloom of insecurity? http://software.silicon.com/security/0,39024655,39156606,00.htm - - - - - - - - - - A Glimpse at Wiretap Device Central to the Case Pellicano allegedly had Telesleuth created to convert voice recordings into digital files. In a racketeering indictment issued last week, federal prosecutors contend that Hollywood private eye Anthony Pellicano helped develop a device called Telesleuth, which he then used in illegal wiretaps. (LA Times article, free registration required) http://www.latimes.com/technology/la-me-phonetap18feb18,1,7386148.story - - - - - - - - - - Preventing SSH Dictionary Attacks With DenyHosts In this HowTo I will show how to install and configure DenyHosts. DenyHosts is a tool that observes login attempts to SSH, and if it finds failed login attempts again and again from the same IP address, DenyHosts blocks further login attempts from that IP address by putting it into /etc/hosts.deny. DenyHosts can be run by cron or as a daemon. In this tutorial I will run DenyHosts as a daemon. http://www.it-observer.com/news/5747/preventing_ssh_dictionary_attacks_with_denyhosts/ - - - - - - - - - - Cheat Sheet: Security appliances A must-have box of tricks or just another in a long line of 'next big things'? A security appliance? What does this do? Well as you might imagine, it's an appliance - often a black or silver (techies may call it 'gun metal') box - which handles a lot of your security needs such as antivirus, anti-spam and content filtering. The various models work in different ways and address different issues in many cases - with varying degrees of integration and threat management - but the premise is basically the same. http://software.silicon.com/security/0,39024655,39156601,00.htm - - - - - - - - - - EU cops to get Europe-wide licence and vehicle database A European database of vehicle documentation, giving police access to driver and vehicle data from multiple European countries, goes live today. The Traffic Documentation System (TDS) is currently subscribed to by the UK, Belgium, France, Germany and the Netherlands, and has been developed by Dutch National Traffic Police on behalf of the European Traffic Police Network, TISPOL, with EU funding. Five more countries are due to join shortly. http://www.theregister.co.uk/2006/02/20/tispol_euro_vehicle_data/ - - - - - - - - - - Reference Tool On Web Finds Fans, Censors When access to Wikipedia, the online encyclopedia that anyone can edit, was disrupted across China last October, a lanky chemical engineer named Shi Zhao called his Internet service provider to complain. A technician confirmed what Shi already suspected: Someone in the government had ordered the site blocked again. http://www.washingtonpost.com/wp-dyn/content/article/2006/02/19/AR2006021901335.html The Click That Broke a Government's Grip http://www.washingtonpost.com/wp-dyn/content/article/2006/02/18/AR2006021801389.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2006, NewsBits.net, Campbell, CA.