NewsBits for April 5, 2006 ************************************************************ Homeland Security official accused of seeking child sex A high-ranking public relations official in the US Department of Homeland Security was arrested Tuesday night at his home outside Washington for allegedly soliciting sex from a police officer posing over the internet as a 14-year-old girl. Deputy press secretary Brian Doyle, 55, faces charges of using a computer to seduce a child and transmitting harmful material to a minor, the Cable News Network (CNN) reported. http://news.monstersandcritics.com/northamerica/article_1152641.php/Homeland_Security_official_accus http://www.msnbc.msn.com/id/12165485/ http://www.newsfactor.com/story.xhtml?story_id=01100000A1QH - - - - - - - - - - Germany arrests ring of cyber identity thieves German police have arrested seven members of an international gang of so-called "phishers," who hacked into computers of internet banking customers and raided their accounts, authorities said on Tuesday. http://www.leadingthecharge.com/stories/news-00170666.html - - - - - - - - - - IRS Warning of Criminals Phishing for Your Tax Dollars The deadline to file your taxes is right around the corner. The IRS warns criminals are out there, looking to steal your important personal information online, by sending out emails pretending to be the IRS and asking for your information. http://www.klastv.com/Global/story.asp?S=4714918&nav=168Y Ways to Guard Against Data Theft http://www.latimes.com/technology/la-fi-smallbiz5apr05,1,5824805.column Cyber extortion - is your business at risk? http://www.it-observer.com/articles/1102/cyber_extortion_your_business_at_risk/ - - - - - - - - - - Web crime targeted by police When Belmont police received a tip last month about a San Carlos man trying to pick up teenage girls on the community Web site Craigslist they sprang into action, set up a sting operation and arrested the man. http://www.smdailyjournal.com/article_preview.php?id=56826 - - - - - - - - - - Man gets 161/2-year term in child porn case Expressing doubt that sexual offender treatment would be successful, a federal judge told a Tioga County man yesterday that he wanted him in prison until his "libido ratcheted down." http://www.pennlive.com/news/patriotnews/index.ssf?/base/news/1144229641221340.xml - - - - - - - - - - U.S. man jailed for bringing child porn into the country An American who pleaded guilty to importing child pornography into Canada received a 30-day jail sentence Tuesday. Dominick Sousa, 21, of Mastic, N.Y., will receive some credit for time served and will be ordered out of Canada upon his release from the correctional centre in Yarmouth, said investigator Paul MacDonald of the Canadian Border Services Agency. http://thechronicleherald.ca/NovaScotia/494848.html - - - - - - - - - - Flight attendant indicted on child-porn charge A federal grand jury in Charlotte has indicted Kenneth Mark Fisher, accusing the 45-year-old US Airways flight attendant of possession of child pornography. Fisher, who has been suspended from his job as a flight attendant while the airline conducts an investigation, will be allowed to remain free pending his trial. The child pornography charge is punishable by up to 10 years in prison. http://www.charlotte.com/mld/observer/news/local/14265974.htm - - - - - - - - - - Trojan-powered scam network dismantled Banks, telecos, hotels, airlines and international betting services were among those affected by the creation and sale of Briz Trojans, a malware-creation-for- hire scam recently uncovered by security researchers. http://www.theregister.co.uk/2006/04/05/trojan_scam_network_dismantled/ - - - - - - - - - - Data Protection, the Federal Way Congress wants to protect your data and make sure you're notified when there's a problem. Will the latest bills do the job? Practically from the moment that ChoicePoint and its data breaches first hit the national consciousness last year, Congress has been trying to find the right way to protect the data handled by information brokers and to set standards for notification when a security breach occurs. http://www.pcworld.com/news/article/0,aid,125293,00.asp Agencies Not Protecting Privacy Rights, GAO Says http://www.washingtonpost.com/wp-dyn/content/article/2006/04/04/AR2006040401727.html - - - - - - - - - - Illegal music downloads hurting UK artists: industry The British music industry lost more than one billion pounds ($1.8 billion) in the past three years as a result of people illegally file sharing on the Internet rather than paying for music, its trade organization said on Tuesday. http://www.metronews.ca/reuters_entertainment.asp?id=141613 - - - - - - - - - - Child Porn Victim: Tips Not Followed Justin Berry, who for five years starred in his own Webcam child pornography business, told a House panel Tuesday that the Justice Department is moving too slowly to round up 1,500 pedophiles whose information he surrendered last year. http://cbs13.com/topstories/local_story_094235115.html - - - - - - - - - - Police Use National Database to Get Child Porn Convictions Action 2 News learned local police detectives are using the National Center for Exploited and Missing Children to help them identify children found in pornographic pictures and videos. http://www.wbay.com/Global/story.asp?S=4726241 - - - - - - - - - - Russia, China named top pirates of U.S. goods A group of legislators Wednesday named China and Russia as the worst pirates of American movies, music and software and said Moscow should be denied World Trade Organization membership until it does more to end the theft. http://www.msnbc.msn.com/id/12171238/ - - - - - - - - - - China wants U.S. tech firm to block Internet calls A U.S. maker of network management systems said Wednesday it had received an order from Shanghai Telecom Co. for a system that can detect and block telephone calls placed over the Internet. http://www.cnn.com/2006/TECH/internet/04/05/china.internet.calls.ap/index.html - - - - - - - - - - Virus writers at war Rival gangs and security industry both under attack. The confrontation between virus writers and the anti-virus industry is escalating, with malware authors also going after fellow VXers. http://www.theregister.co.uk/2006/04/05/vxers_at_war/ http://news.zdnet.com/2100-1009_22-6057654.html - - - - - - - - - - Infected Windows PC? Just nuke it The latest types of malware are so potent that organisations should forget about trying to cleanse infected systems, a top Microsoft security officer has advised. Mike Danseglio, a program manager in Microsoft's security group, said firms should think about establishing a process for backup and recovering rather than relying on anti-virus tools as a way of recovering from malware infection. http://www.theregister.co.uk/2006/04/05/ms_security_mea_culpa/ Microsoft security manager warns of the dangers of rootkits http://www.it-observer.com/news/6013/microsoft_security_manager_warns_dangers_rootkits/ - - - - - - - - - - Bug Is Nasty, Brutish, And Sneaky As a data security specialist, Jeremy Pickett sees all kinds of digital tricks. So on Mar. 20, when he was tracing the origins of a computer bug that had been blocked the night before from entering a client's computer network, Pickett wasn't too surprised that it tried to connect with four sleazy Web sites, most of them, he believes, in Russia. http://www.businessweek.com/magazine/content/06_15/b3979068.htm - - - - - - - - - - Open source bug hunters make short work of clean-up Developers have quickly fixed many bugs in popular open source packages that were flagged as part of a US government-sponsored bug hunt. More than 900 flaws were repaired in the two weeks after Coverity, which makes tools to analyse source code, announced the results of its first scan of 32 open source projects. As a result, some of the software is now entirely bug free, Coverity said in a statement. http://software.silicon.com/security/0,39024655,39157866,00.htm - - - - - - - - - - Phishers catch Internet Explorer again A new vulnerability in the way Internet Explorer deals with Macromedia Flash files could leave users open to phishing attacks. The vulnerability was discovered by a user called Hai Nam Luke and posted on security firm Secunia's list of advisories. http://www.vnunet.com/vnunet/news/2153492/internet-explorer-opens - - - - - - - - - - HP printer users warned of critical flaw HP has warned users of its Color LaserJet 2500 and 4600 printers of a flaw that could be exploited by hackers to gain remote admin control over PCs running the devices' control software. http://www.vnunet.com/vnunet/news/2153487/hp-printer-users-warned-upgrade - - - - - - - - - - New security features in Internet Explorer 7 Theres something about using the words security and Internet Explorer in the same sentence that tends to make administrators want to laugh. Perhaps its the fact that prior to Windows XP Service Pack 2, security in IE 6 was pretty much non existent. Windows XP Service Pack 2 took care of some of IEs security issues, but security was still mediocre at best. http://www.computerworld.com/securitytopics/security/story/0,10801,110236,00.html - - - - - - - - - - Security to the Core Blog Arbor Networks has unveiled its Security to the Core blog. Arbor Networks also announced today the formation of the Arbor Security Engineering & Response Team (ASERT), Arbor Networks' newly-formed security research group responsible for evaluating burgeoning Internet-scale threats that endanger the global cyber infrastructure. http://www.it-observer.com/news/6020/security_core_blog/ - - - - - - - - - - More accurate on the eye The Home Office identity cards team has reported progress in improving verification by iris scans, but problems with other biometrics apparently persist. http://www.theregister.co.uk/2006/04/05/iris_scan_tech_improving/ DHS to screen firms for worker ID card project http://www.gcn.com/online/vol1_no1/40328-1.html - - - - - - - - - - Trends in botnets: smaller, smarter Some recent statistics on e-mail traffic provide more evidence of the trend toward smarter, more targeted online attacks. We have observed that spam levels for the last few months have been fairly stable, said Paul Wood, chief information security analyst for MessageLabs Ltd. of London. http://www.gcn.com/online/vol1_no1/40334-1.html - - - - - - - - - - Honeypots - How to seek them out To study the proceedings and attacks from hackers, Honeypots are used. The idea thereby is, to put one or more special servers in a network . An aggressor; who cannot differentiate between genuine server/services and honeypots; sooner or later will be taken up the services offered by a Honeypot by his search for a safety gap. All his activities on the honeypot are loged thereby. http://www.it-observer.com/articles/1101/honeypots_how_seek_them_out/ - - - - - - - - - - Two attacks against VoIP VoIP is here to stay. In fact many incumbent telecommunication carriers have started offering VoIP service for sometime and several new VoIP service providers have emerged. Aside from issues such as quality of service, the aspect of security, or lack thereof, is misunderstood by some of the VoIP service providers. http://www.it-observer.com/news/6015/two_attacks_against_voip/ - - - - - - - - - - People - Greatest Asset and Biggest Vulnerability In an increasingly technological world it is easy to forget that social engineering attacks will always be bigger and more damaging than the latest 0-days. The best hacks are the ones that have significant people components. http://www.it-observer.com/news/6016/people_greatest_asset_biggest_vulnerability/ - - - - - - - - - - Is your application secure enough? We see it all around us, recently. Web applications get niftier by the day by utilising the various new techniques recently introduced in a few web-browsers, like I.E. and Firefox. One of those new techniques involves using Javascript. More specifically, the XmlHttpRequest-class, or object. http://www.it-observer.com/news/6012/ajax_your_application_secure_enough/ - - - - - - - - - - Pirana SMTP Content Exploitation Framework 0.2.1 Email has become an essential service for most people - who doesn't own an email address today? With time, it seemed obvious that numerous threats would come to light and propagate through this communication channel. http://www.it-observer.com/tools/34/pirana_smtp_content_exploitation_framework/ - - - - - - - - - - Wireless Security Guidelines Wireless PCs, laptops and devices are being increasingly used in both business and the home. The reason for this marked trend is that wireless computers are easy to deploy, cheap and are usually simpler to manage than standard wired connections. Using wireless, new PCs or laptops can be added without the difficulty and cost of wiring them in. http://www.it-observer.com/articles/1103/wireless_security_guidelines/ MIT researchers attack wireless shortcomings, phishing http://www.computerworld.com/securitytopics/security/story/0,10801,110225,00.html - - - - - - - - - - Terror suspect sings MP3 blues A passenger was pulled off a flight and questioned for three hours because a taxi driver believed that the songs on his MP3 player suggested that he was a terrorist. http://www.vnunet.com/vnunet/news/2153508/terror-suspect-sings-mp3-blues *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2006, NewsBits.net, Campbell, CA.