Broadband Planet Security News

ARCHIVES

In FBI shift, cybercrime is a priority
The director of the FBI announced Wednesday that a major reorganization of the agency would include a new focus on cybercrime and technology. Protecting the United States against "cyber-based attacks and high-technology crimes" is one of the FBI's top 10 priorities, Director Robert Mueller said at a news conference detailing a major reorganization of the agency. Preventing high-tech crime "is a protection of our infrastructure," he said. Cyberterrorism and cybercrime can happen anywhere, and "you need the overarching responsibility in an agency such as the FBI."
Go to article by Margaret Kane at C|Net

WHOIS Inaccuracies Hampering FTC
The Federal Trade Commission (FTC) needs better WHOIS information to track down Internet scams, one of its top directors told the House Judiciary Subcommittee on Courts, the Internet and Intellectual Property Wednesday. But finding a solution is a conundrum registrars and registries won't be able to resolve for some time, if ever, said Internet Corporation for Assigned Names and Numbers (ICANN) Director of Communications Mary Hewitt. WHOIS is a database containing the contact information of every domain owner on the Internet (example here for www.internetnews.com). The information includes domain name owner, phone number and mailing address of the person in charge of the Web site.
Go to article by Jim Wagner at InternetNews

FTC to Widen Anti-Spam Efforts
After a string of high-profile successes against fraudulent e-mail marketers, the U.S. Federal Trade Commission is preparing to take its efforts to limit spam further. The agency is looking into cracking down on enforcement on three new groups: senders of e-mail with a misleading subject line, distributors of mail that lacks a valid unsubscribe option, and sellers of "millions" of e-mail addresses on CD. A formal announcement on FTC action on the matter is expected within coming months. By doing so, the federal agency will be broadening the scope of its efforts beyond targeting pushers of fraudulent offers -- an area in which it's had a considerable amount of success, recently bringing successful, multi-million dollar claims against a host of e-mail marketers.
Go to article by Christopher Saunders at InternetNews

Hackers siphon Ford credit records - Ford Motor's credit arm has warned 13,000 people that their credit reports, full of information that could be used for identity theft or fraud, were illegally downloaded.
Ford sent letters this week to the 13,000 people, all but 400 of whom were not Ford Credit customers, warning them that Social Security numbers, bank and credit card account information, and other data may have been copied. - Ford Credit said that a person or group posing as its Grand Rapids, Mich., office accessed the reports between April 2001 and February of this year in databases run by Experian, an arm of British retail and financial conglomerate GUS.
Go to article by Reuters at ZDNet

Credit Card Theft Thrives Online as Global Market
Tens of thousands of stolen credit-card numbers are being offered for sale each week on the Internet in a handful of thriving, membership-only cyberbazaars, operated largely by residents of the former Soviet Union, who have become central players in credit-card and identity theft. - The marketplaces - where credit card prices fluctuate with supply and demand in a sort of black stock market - offer a window into a crime that costs the financial system $1 billion or more a year. They also show how readily personal information is being stolen and traded in the computer age. - But the same Internet technology that has enabled the theft and sale of credit cards also provides a veritable transcript of the criminal activity, and a real-time peephole into the attitudes, ethic - and sometimes honor - among the thieves. The chat forums indicate as well that several dozen of the top participants recently have discussed gathering at a credit-card reseller's conference in Odessa, Ukraine, at the end of this month. - "It's straight out of Capitalism 101 - it's become a big industry," said one high-technology executive who surreptitiously monitors the Internet card markets, and who noted that the market price of credit cards fluctuates daily based on supply - which, he said, is copious. "There appears to be an endless supply of cards out there," he said.
Go to article by Matt Richtel at NY Times

Protecting the WLAN
A WLAN standards debate is pitting security against performance and leaving users operating wireless systems having to choose between one or the other. So far, most are opting for performance at their own risk. The standards delay is also pushing wireless system developers, such as Atheros Communications Inc., Symbol Technologies Inc. and Cisco Systems Inc., to create a confusing mix of interim security solutions. - The IEEE has been working for months on 802.11i, a new protocol designed to fix security holes in WEP (Wired Equivalent Privacy)—the only security included in current wireless LAN standards. But disputes over authentication protocols have ensured that the debate, already months old, will drag on until at least September, according to IEEE officials in Piscataway, N.J. - "This is the biggest issue in the industry, and we can't get past the petty infighting to figure this out?" said Rich Redelfs, president and CEO of Atheros, in Sunnyvale, Calif., the only company shipping 802.11a chip sets. "Give me a break."
Go to article by Dennis Fisher and Carmen Nobel at eWeek.com

AOL Follows Trillian's Lead In Encrypted Messaging
Imitating a competitor it has attempted to block customers from using, America Online said it will soon add a new security feature to its AOL Instant Messenger (AIM) product. - The feature will enable encryption of the messages sent between users of a new premium AOL service called "Enterprise AIM," a test version of which will be rolled out soon, according to AOL officials. Go to article by Brian McWilliams at Newsbytes

Error in MS Protocol Could Compromise Security
Microsoft Corp. has already identified at least one protocol and two APIs that it plans to withhold from public disclosure under a security exemption in the federal antitrust settlement proposal agreed to in November, according to Jim Allchin, Microsoft's group vice president for Platforms, who testified in the antitrust case in court Tuesday. - The protocol, which is part of Message Queuing, contains a coding mistake that would threaten the security of enterprise systems using it if it were disclosed, Allchin said.
Go to article by Caron Carlson at eWeek.com

New Way to Nab Hackers
As the threats to corporate networks continue to mount and attackers' methods evolve, security vendors are turning to technologies that detect not just what attackers are doing but how they're doing it. - Okena Inc. and IntruVert Networks Inc. this week will announce IDS (intrusion detection system) products that eschew the traditional signature-based approach to intrusion detection in favor of behavior monitoring and anomaly detection. - Okena's StormWatch 3.0 focuses on the behavior of applications and systems instead of relying on signatures from a database that needs constant updates. StormWatch intercepts function calls at the operating system level and is able to make real-time decisions about whether to allow or reject the application's behavior.
Go to article by Dennis Fisher at eWeek.com

Spam throws on a disguise - Spam's newest pitches are coming to you courtesy of friends and co-workers--or so it might seem.
In one of the latest marketing gimmicks circulating the Net, the sender comes disguised as a corporate network administrator with the subject line: "Your mailbox is over its size limit." Once opened, however, the e-mail's message lewdly invites the recipient to view adult material. - Such spam tricks are designed to make spam harder to ignore--an increasingly difficult task with skeptical consumers battling e-mail overload. As a result, commercial messages with familiar-looking origins and subject lines are becoming the norm.
Go to article by Stefanie Olsen at C|Net

Virus Warning: Navidad back in the wild - This time it's personal...
The Christmas worm which wreaked havoc two years ago is back - this time in a re-formatted file which remains undetectable by anti-virus software. - According to anti-virus experts MessageLabs, the Navidad worm is now the most active virus of the last 24 hours, with almost 2,000 instances spotted in the past 24 hours. - Security experts are warning users to update their anti-virus software today as the old software can no-longer detect it.
Go to article at Silicon.com

In a Blinking Modem, a Code of Betrayal
8 years ago, while working late in a seemed to be relaying information about the long file transfer he had started, and he wondered exactly how much information the tiny light-emitting diodes were transmitting. - Using a process called optical emanations detection, similar to the technology used in fiber optic networking, Mr. Loughry, then a graduate student in software engineering, and his thesis adviser, David Umphress, tested 39 different communications devices, like modems and the routers that shuttle data across networks. They wanted to see if they could recreate some or all of the data passed through them just by detecting variations in their light emitting diodes, or L.E.D.'s. - Ultimately, 14 of the common devices they tested blinked their secrets in a kind of high-speed Morse code, and with light detectors the two researchers could capture data up to 100 feet away. The information intercepted included passwords, Web addresses and text files.
Go to article by John Biggs at NY Times

ICANN warns of domain dispute swindle
The Internet Corporation for Assigned Names and Numbers (ICANN) is warning of a swindle by an organization claiming to be an approved domain-name dispute solver. - ICANN, the organization that oversees the Internet's addressing system, said this week that it has received many reports of domain name registrants receiving mailings from an entity calling itself XChange Dispute Resolution and claiming to be an ICANN authorized arbitrator in domain name dispute cases. It is not.
Go to article by Joris Evers at ComputerWorld News

Microsoft, I.B.M. and VeriSign to Cooperate on Web Security
Microsoft (news/quote), I.B.M. and VeriSign plan to announce a new technical approach today that they hope will ensure greater security and thus stimulate commercial development of an emerging Internet technology called Web services. - Web services is the term used to describe clever software that in theory could bring a new level of automation and greater productivity to all kinds of online transactions among companies, suppliers and consumers. Yet the new, unproven technology — which uses the Web to find and share data in electronic databases of companies or individuals — has stirred concerns about data security and personal privacy.
Go to article by Steve Lohr at NY Times

Using the net to catch junk mail
Now there could be a better way to junk unwanted mail. - A Napster-like network might be able to stem the tide of spam mail messages flooding the internet. - By sharing information about unwanted commercial e-mails among a network of collaborating computers, two US software developers are hoping to swiftly spot and spread the word about the junk messages. - Tests of the system have shown that it can successfully spot and stop almost all unwanted e-mails, yet doesn't catch legitimate messages.
Go to article at BBC News

Secret Network Angers KaZaA Users - File-swapping site harnesses unused computing power from users' machines without their knowledge.
KaZaA users who like getting their music online are getting quite a bit extra with their downloads -- whether they want it or not. As "Tech Live" reports tonight, since late last year, distributed computing software has been bundled within the KaZaA file-sharing software, unbeknownst to users. - KaZaA users who like getting their music online are getting quite a bit extra with their downloads -- whether they want it or not. As "Tech Live" reports tonight, since late last year, distributed computing software has been bundled within the KaZaA file-sharing software, unbeknownst to users.
Go to article by David Stevenson at TechTV

Businesses That Abuse Consumer Privacy Will Pay - The FTC doesn't want new regulations to enforce consumer privacy on the Net, but it does want businesses to step up to the plate with responsible practices.
Orson Swindle, a commissioner for the Federal Trade Commission, made clear Thursday that the agency isn't looking for more regulations to ensure consumer privacy on the Internet, but warned businesses that government will act if companies infringe on customers' rights to control what's done with their private information. Consumers will act, too, he said, by refusing to do business with those companies that fail to protect their privacy.
Go to article by Antone Gonsalves at Information Week

FTC Cracks Down On Spam - The commission has settled charges against seven spammers for their part in a pyramid scheme and says it will prosecute others if necessary in an effort to stop illegal scams via E-mail.
The Federal Trade Commission launched a crackdown on junk E-mail Tuesday, promising to go after people who send deceptive spam and to prosecute those who engage in illegal scams via E-mail. - The FTC says it has settled charges against seven spammers who participated in a pyramid scheme, sending out unsolicited E-mail promising riches to anyone who sent in $5. Each of the defendants has agreed to drop out of the schemes, return any future money they receive, and submit to FTC oversight. The spammers were identified through the agency's unsolicited commercial E-mail database, which contains more than 8 million spam messages sent since 1998. Consumers forward more than 15,000 junk E-mail messages a day to the FTC database at uce@ftc.gov.
Go to article by David M. Ewalt at Information Week

A Child-Safe Site   

Back to Front Page

Contact Webmaster

Click "Ctrl" + "D" to add this page to your Bookmarks or Favorites.

© 1999-2004 Broadband Planet