|
[networknewsletters]
||
[Date Prev]
[03-2005 Date Index]
[Date Next]
||
[Thread Prev]
[03-2005 Thread Index]
[Thread Next]
[Security-News] March 30, 2005 update
- From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
- To: NetworkNewsletters@xxxxxxxxxxxxx
- Date: Thu, 31 Mar 2005 12:48:48 -0500
**************************************************************
-- Educational CyberPlayGround Community
http://www.edu-cyberpg.com/
-- Network Newsletters Mailing List ©1994
-- Subscribe - Unsubscribe - Email Preferences
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
-- Advertise on Network Newsletters Mailing List
http://www.edu-cyberpg.com/Community/Subguidelines.html
-- Mailing Lists
http://www.edu-cyberpg.com/Community/
**************************************************************
SECURITY IN THE NEWS
HOMELAND SECURITY & INFRASTRUCTURE PROTECTION
Most of EU will miss biometric passport deadline:
Government Computer News, 2005-03-29
CYBERCRIME-HACKING
Over 2500 phishing sites active:
Sydney Morning Herald, 2005-03-30
Phone hackers tap into hospital:
news.com.au, 2005-03-30
Stolen UC Berkeley Laptop Exposes Personal Data of Nearly 100,000:
Washington Post, 2005-03-28
Microsoft develops cybercrime-fighting tools:
ZDNet Australia, 2005-03-30
POLITICS-LEGISLATION
Analysts slam hacker law changes:
The Register, 2005-03-30
MALWARE
Microsoft drops MSBlast writer's $500,000 penalty:
C-Net News, 2005-03-30
Gartner: Beware of Mac OS spyware:
C-Net News, 2005-03-29
VULNERABILITIES & EXPLOITS
Symantec patches more Norton AntiVirus flaws:
ZDNet Australia, 2005-03-30
CIVIL & CONSUMER ISSUES
Ministry Details Punishment for SMS Spammers:
Chosun Ilbo, 2005-03-30
P2P raids clumsy, say ISPs:
Sydney Morning Herald, 2005-03-29
HOMELAND SECURITY & INFRASTRUCTURE PROTECTION
Title: Most of EU will miss biometric passport deadline
Source: Government Computer News
Date Written: 2005-03-29
Date Collected: 2005-03-30
Only six of the European countries that participate in the visa-
waiver program will be ready to meet the United States' October
26, 2005, deadline for biometric passports, according to the
Financial Times. Austria, Belgium, Finland, Germany, Luxembourg
and Sweden will likely be prepared for the deadline, but France,
Britain, most other European countries, and even the United
States will not. The European Commission plans to ask US Congress
for a one-year extension. The US passed a law requiring biometric
passports shortly after the September 11, 2001, terrorist
attacks. The deadline was originally October 2004, but Congress
extended the deadline for the Europeans by one year.
http://www.gcn.com/vol1_no1/daily-updates/35368-1.html
CYBERCRIME-HACKING
Title: Over 2500 phishing sites active
Source: Sydney Morning Herald
Date Written: 2005-03-30
Date Collected: 2005-03-30
The Anti-Phishing Working Group (APWG) found 2,625 active
phishing sites in February 2005, indicating an average monthly
growth rate of 26% since July 2004. Nine brands were hijacked in
February, bringing the total since APWG started keeping records
to 149. New, unique phishing e-mails climbed by 2% over the
previous month and new sites climbed 1.8%. Financial institutions
are still the most targeted at 78%. The United States hosted the
most phishing sites at 37%, a 6% increase over January. Phishers
are also shifting tactics toward instant messages and pharming.
http://www.smh.com.au/news/Breaking/Over-2500-phishing-sites-active/2005/03/30/1111862444309.html
Title: Phone hackers tap into hospital
Source: news.com.au
Date Written: 2005-03-30
Date Collected: 2005-03-30
Hackers managed to access the telephone system at John James
Hospital in Canberra, Australia, March 22, 2005, and make over
$4,000 AU ($6,716 US) in phone calls to South America and the
Asia Pacific region. Telstra monitored the sudden spike in phone
calls, and informed the hospital which then shut down the phone
network. If the spike had not been detected, the attackers could
have made between $50,000 and $100,000 AU over the Easter
weekend. Australian police investigated two similar attacks in
2004 and determined the attackers were likely based in another
country, but were unable to trace them. Telstra estimates that
the phone networks of 20 companies are attacked by phone
hackers, or "phreaks", every month. The hospital phreaks likely
exploited a feature that allows phone managers to dial outside
to check the system.
http://finance.news.com.au/story/0,10166,12699755-31037,00.html
Title: Stolen UC Berkeley Laptop Exposes Personal Data of Nearly 100,000
Source: Washington Post
Date Written: 2005-03-28
Date Collected: 2005-03-30
The University of California at Berkeley has announced that a
laptop containing sensitive data of 98,369 alumni, graduate
students, and former applicants was stolen March 11, 2005.
Sending notifications to those affected in compliance with
California law proved difficult in some cases, since some of the
affected alumni received their degrees thirty years ago. The
computer contained the Social Security numbers of all affected,
and the birthdates and addresses of about one third. Police
suspect the thief was merely interested in the laptop rather than
the data and have received no reports of identity theft.
http://www.washingtonpost.com/wp-dyn/articles/A7653-2005Mar28.html
Title: Microsoft develops cybercrime-fighting tools
Source: ZDNet Australia
Date Written: 2005-03-30
Date Collected: 2005-03-30
Microsoft announced a program to develop cyber forensics tools
for law enforcement during The Forensic Computing and Computer
Investigations Workshops for Australian police. The workshop is
designed to teach law enforcement techniques to track down the
culprits of child exploitation, phishing, and cyberattacks
against business and government. Microsoft is developing its own
internal tools, such as artificial intelligence and data mining
tools, for use by "extremely competent individuals."
http://www.zdnet.com.au/news/security/0,2000061744,39186469,00.htm
POLITICS-LEGISLATION
Title: Analysts slam hacker law changes
Source: The Register
Date Written: 2005-03-30
Date Collected: 2005-03-30
The Butler Group claims that Member of Parliament Derek Wyatt's
proposed changes to Britain's Computer Misuse Act are too light
to adequately address computer crimes. Mr. Wyatt, chair of the
All Party Parliamentary Internet Group, will argue for increasing
prison sentence for hackers from six months to two years and
adding a new offense for denial of service attacks during a ten-
minute "elevator pitch" before Parliament calls elections. The
Butler Group argues that the proposed changes will have little
effect on hackers. Mr. Wyatt argues that it is unlikely his
speech wil be enacted into law and that it's more important to
get the ideas into general discussion.
http://www.theregister.co.uk/2005/03/30/butler_wyatt_spat/
MALWARE
Title: Microsoft drops MSBlast writer's $500,000 penalty
Source: C-Net News
Date Written: 2005-03-30
Date Collected: 2005-03-30
Microsoft has dropped the $500,000 fine against Jeffrey Lee
Parson, writer of a Blaster variant, requesting 255 hours of
community service instead. Mr. Parson had been sentenced in
January 2005 to eighteen months in prison, one hundred hours of
community service, and three years supervised release. Mr.
Parson's Blaster variant infected an estimated 50,000 computers,
while the original Blaster infected 9.5 million computers.
Blaster organized infected computers into a distributed denial of
service attack against Microsoft.
http://news.com.com/Microsoft+drops+MSBlast+writers+500%2C000+penalty/2100-7350_3-5646709.html
Title: Gartner: Beware of Mac OS spyware
Source: C-Net News
Date Written: 2005-03-29
Date Collected: 2005-03-30
Gartner's Dataquest branch has warned companies using Apple's Mac
OS X to guard against spyware infections. While Mac OS X only
accounts for 3% of the user base and is a hard operating system
to exploit, one successful attack could have significant impact.
While a worm targeting only Apple machines is unlikely to spread
fast, a hybrid targeting Mac and Windows could have greater
success. There is also a danger that Mac spyware could infect
computers before anyone realizes it even exists. The Dataquest
comments come just a week after Symantec argued that hackers and
virus writers are increasingly targeting Mac OS X.
http://news.com.com/Gartner+Beware+of+Mac+OS+spyware/2100-7355_3-5645465.html
VULNERABILITIES & EXPLOITS
Title: Symantec patches more Norton AntiVirus flaws
Source: ZDNet Australia
Date Written: 2005-03-30
Date Collected: 2005-03-30
The Japan Computer Emergency Response Team (JCERT) and the Information-
Technology Promotion Agency-Japan (IPA) have reported two flaws
affecting the SmartScan and AutoProtect features of Symantec's
Norton AntiVirus that could crash a computer during scans of
certain file types. JCERT discovered that AutoProtect, which
scans files as they are accessed by users will crash on certain
types. IPA found that SmartScan-enabled systems will crash if
users rename a file stored in a shared network directory.
Symantec says patches for both these flaws are available through
LiveUpdate and that it has no reports of users being affected by
these flaws.
http://www.zdnet.com.au/news/security/0,2000061744,39186458,00.htm
CIVIL & CONSUMER ISSUES
Title: Ministry Details Punishment for SMS Spammers
Source: Chosun Ilbo
Date Written: 2005-03-30
Date Collected: 2005-03-30
South Korea's Ministry of Information and Communication has fined
operators of some premium telephone services a total of 720
million won ($703,540 US) for sending SMS (short message service)
spams and suspended fifty-six 060 call services, which typically
carry sexual content. The Ministry says fines ranged between 15
million and 30 million won ($14,650 and $29,312 US), the maximum
allowed by law, giving bigger fines to companies that ran more
services. The ministry is investigating 193 additional spam cases
and will ask operators to suspend 060 services that do not comply
with new regulations.
http://english.chosun.com/w21data/html/news/200503/200503300027.html
Title: P2P raids clumsy, say ISPs
Source: Sydney Morning Herald
Date Written: 2005-03-29
Date Collected: 2005-03-30
The directors of two Australian internet service providers, Simon
Hackett of Internode and Michael Malone of iiNet, have criticized
the Music Industry Piracy Investigations' (MIPI) raids of ISPs,
and argue for raids to be conducted by police under court orders.
Mr. Hackett says ISPs make easy targets for music industry
investigations and that an ISP cannot be liable for every packet
that crosses its network. Police in South Australia must file
requests for information under Section 282, protecting ISPs from
liability for disclosing customer data. MIPI has used Anton Pilar
orders to raid various ISPs, a process Mr. Malone says can be
disruptive and could drive ISPs out of business if abused.
http://www.smh.com.au/news/Breaking/P2P-raids-clumsy-say-ISPs/2005/03/29/1111862359875.html
The Institute for Information Infrastructure Protection (I3P)
accepts no responsibility for any error or omissions in this e-mail.
The information presented is a compilation of material from various
sources and has not been verified by staff of the I3P. Therefore,
the I3P cannot be made responsible for the factual accuracy of
the material presented. The I3P is not liable for any loss or
damage arising from or in connection with the information
contained in this report. It is the responsibility of the user to
evaluate the content and usefulness of this information.
References in this e-mail to any specific commercial products,
processes, or services by trade name, trademark, manufacturer, or
otherwise, does not constitute or imply endorsement,
recommendation, or favoring by the I3P. I3P is a research, not
operational, organization, and makes its Security in the News
e-mail available as a public service on a best-effort basis.
Security in the News will be sent out on most business days, but
not all.
The Institute for Information Infrastructure Protection
45 Lyme Road, Suite 300
Hanover, NH 03755
Tel: (603) 646 0700
E-mail: listmanager@xxxxxxxxxx
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
EDUCATIONAL CYBERPLAYGROUND
http://www.edu-cyberpg.com
Copyright statements to be included when reproducing
annotations from Network Newsletter.
The single phrase below is the copyright notice to be used when
reproducing any portion of this report, in any format.
> From Network Newsletter copyright
> Educational CyberPlayGround.
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
Net Happenings, K12 Newsletters, Network Newsletters
http://www.edu-cyberpg.com/Community/
FREE EDUCATION VENDOR DIRECTORY LISTING
http://www.edu-cyberpg.com/Directory/
HOT LIST REGISTRY OF K12 SCHOOLS ONLINE
http://www.edu-cyberpg.com/Schools/
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
|
|
