29 December 2005 - The Year in Security
Data security breaches lead a run-down of the 2005's significant
security events; more than 130 data security breaches were reported,
exposing more than 55 million Americans to potential data theft. Other
issues include the arrests of "bot masters", the increased focus on
creating stealthy attack tools and narrowly targeted attacks, and Sony
BMG's problems with digital rights management (DRM) software on certain
CDs.
http://www.usatoday.com/tech/news/computersecurity/2005-12-28-computer-security_x.htm
29 December 2005 - UK Man's Spam Claim Successful
A UK Court found in favor of Nigel Roberts, a Channel Island man who
filed a claim against Media Logistics UK, an Internet marketing company,
after he received unsolicited commercial email from them on his personal
email account. A three-year-old EU spam law, the Directive on Privacy
and Telecommunications, allows individuals to claim damages from
offenders. Media Logistics acknowledged the claim but did not defend
it; Mr. Roberts will receive GBP270 (US$466) in compensation and GBP30
(US$52) in court fees.
http://technology.timesonline.co.uk/article/0,,19509-1960845,00.html
28 December 2005 - Marriott Acknowledges Missing Backup Tapes Contain Personal Data
More than 200,000 employees, owners and customers of Marriott Vacation
Club International are being notified that backup tapes containing their
personal data, including bank, credit card and Social Security numbers,
are missing from a Florida office. Club officials have reported the missing tapes to authorities and have begun their own investigation into
the tapes' disappearance.
http://www.informationweek.com/showArticle.jhtml?articleID=175700593
25 December 2005 - Iowa State University Acknowledges Data Security Breaches
Two computers at Iowa State University suffered security breaches this
month, possibly exposing the personal data of ISU employees and
university athletic department donors. University technology staff
investigating the breaches says credit card numbers were encrypted and
therefore unlikely to have been read by intruders. The breaches
affected more than 3,000 ISU employees and approximately 2,500 donors.
University officials say they do not plan to contact the police to help
them find the intruder's identity. ISU suffered a similar security
breach in June of this year.
http://desmoinesregister.com/apps/pbcs.dll/article?AID=/20051225/NEWS01/512250364/
1001&template=printart
15 December 2005 - Meth Users Turn to Internet Fraud to Fund Their Habit
A USA Today investigation revealed that methamphetamine users have
turned to the Internet to steal data and commit identity fraud to raise
money to feed their addictions. The meth users and traffickers have in
the past stolen information from mailboxes and wallets; now they are
trading that information on the Internet and conducting elaborate
schemes to steal funds and launder money. The investigations involved
interviews with more police officers, district attorneys, addicts and
Internet security experts.
http://www.usatoday.com/tech/news/internetprivacy/2005-12-14-meth-online-theft_x.htm
14 December 2005 - Owner-Operator of Pirated Software Website Pleads Guilty
Nathan Peterson has pleaded guilty to two counts of criminal copyright
infringement; Peterson owned and operated iBackups.net, a website that
offered pirated software. When he is sentenced in April 2006, Mr.
Peterson faces a prison sentence of up to 10 years and a fine of
US$500,000. He will also pay restitution of US$5.4 million. Customers
of the website were told the products they purchased on iBackups was "backup software" to protect their systems from crashes. Products were
sold via download or through the mail. The site was shut down in
February.
http://www.infoworld.com/article/05/12/14/HNpirateguilty_1.html
12 December 2005 - State of Information Security 2005 Report Finds Security-Related
Events on the Rise
The State of Information Security 2005 report from CIO Magazine and
PricewaterhouseCoopers found that security-related events have increased
22.4 percent since last year. Just 37 percent of the companies
responding to the survey have established a security plan; twenty-four
percent plan to implement one in the next year. The number of
organizations with a CISO or CIO rose from 31 percent last year to 40
percent this year. Among organizations with a chief information
security officer (CISO) or Chief Security Officer (CSO), 62 percent have
security plans in place. The study surveyed more than 8,200 IT security
executives in 63 countries around the world. http://www.enn.ie/frontpage/news-9658009.html
30 November 2005 - Top Ten Viruses and Hoaxes for November
2005
Sophos reports highest ever record of new malware in one month,
and new Sober worm shoots to number one in the prevalence chart.
Find out more in our analysis of the last 30 days. http://s466.link.sophos.com/topnov05?pl_id=9
30
November 2005 - Phishers send email posing as IRS tax refund
Sophos experts have warned internet users of a phishing email
which aims to steal from American taxpayers by posing as notification
of a refund from the Internal Revenue Service. The phishers are
taking advantage of a an apparent error on the real US Government
website which is allowing
phishers to redirect visitors to a bogus website. http://s466.link.sophos.com/irs?pl_id=9
28
November 2005 - Scottrade Informs Customers of Third-Party Data
Security Breach
Scottrade, an online trading company, has informed its customers
that the company's electronic checking provider, TROY Group, suffered
a security breach which compromised personal data including names,
driver's licenses, bank account and bank routing numbers and trading
account numbers. The TROY Group acknowledged the security breach
in an October 25 press release.
http://www.securityfocus.com/brief/63
25 November 2005 - ET could hack internet (Yes, this is
a real story)
Aliens could hack the internet and spread viruses if proper precautions
are not put in place, warned a top scientist. http://www.scmagazine.com/us/news/article/529846/?n=us
25
November 2005 - Verizon Wireless clamps down on wireless spam
US mobile operator Verizon Wireless has filed a lawsuit in New
Jersey, seeking an injunction against Passport Holidays of Ormond
Beach, Fla., for allegedly violating federal and state laws by
sending “tens of
thousands” of unsolicited text messages to its customers. http://www.scmagazine.com/us/news/article/529850/?n=us
24
November 2005 - Backup encryption failures leave data in peril
Potentially sensitive corporate data is being placed unnecessarily
at risk because less than a quarter of companies currently encrypt
their backup tapes, newly published research has claimed. http://www.scmagazine.com/us/news/article/529514/?n=us
24
November 2005 - IT security fears holding back US e-commerce
One in four U.S. consumers will not shop online this holiday season
due to internet security concerns, according to a new survey from
the Business Software Alliance (BSA). http://www.scmagazine.com/us/news/article/529512/?n=us
24
November 2005 - PC users underestimate malware threat
Ordinary PC users do not take computer security seriously
enough and are not prepared to pay for it, a BT chief has said. http://www.scmagazine.com/us/news/article/529809/?n=us
24
November 2005 - One third of Brits send fake emails
Nearly a third of people in the UK have admitted to impersonating
someone else when sending an email, according to new research. http://www.scmagazine.com/us/news/article/529517/?n=us
22
November 2005 - SANS Top 20 Internet Security Vulnerability Shows
Attackers Are Using
New Approaches For Which Users Are Not Prepared
The SANS Institute and the United Kingdom National Infrastructure
Security Coordination Centre today announced the 2005 Top 20 Internet
Security Vulnerabilities. The new report shows attackers are increasingly
attacking security software and back up software and network security
and communication devices that users (a) thought was keeping them
safe, and (b) do not patch. The new threat sets defenders
back six years in their fight against attackers.
http://news.ft.com/cms/s/28a9a968-5abd-11da-8628-0000779e2340.html
21
November 2005 - Survey: IT Execs Say Security Will Top IT Spending
List in 2006
A survey by Goldman Sachs & Co. of 100 IT executives found
that security software and enterprise IT upgrades are expected
to top their IT spending lists in 2006. Fifty two percent of those
surveyed said they expected IT spending levels to be unchanged,
while forty percent said they were considering reducing their
IT budgets for 2006. http://www.computerworld.com/printthis/2005/0,4814,106422,00.html
19
November 2005 - Boeing Employee Data on Stolen Laptop
Boeing has acknowledged that a recently stolen laptop computer
contained sensitive data belonging to more than 160,000 current
and former employees. The laptop was stolen from an off-site location.
Among the data on the computer are Social Security numbers, banking
information and birth dates. Boeing is notifying everyone whose
data were on the computer and will pay for enrollment in credit
monitoring and fraud protection programs. Authorities have been
notified as well.
http://www.eweek.com/article2/0,1759,1889139,00.asp?kc=EWRSS03129TX1K0000614
17
November 2005 - Irish IT Security Awareness Campaign Survey Finds
Few Informed About Spyware and Phishing
A survey conducted on behalf of Ireland's Make IT Secure Initiative
found that 24 percent of those polled know what spyware is and
just 13 percent feel they have a good understanding of what phishing
is. However, 79 percent of home users and 75 percent of work users
use anti-virus software. The public awareness campaign focuses
on educating users about phishing, spyware, identity fraud and
online child safety. http://www.siliconrepublic.com/news/news.nv?storyid=single5699
17
November 2005 - Spammer Sentenced to One Year in Prison
Peter Moshou, sometimes known as the "Timeshare Spammer",
was sentenced to one year in federal prison and ordered to pay
US$120,000 in restitution for sending millions of spam messages
in 2004 and 2005. Mr. Moshou was convicted in June of violating
the CAN-SPAM Act; he had been named in a lawsuit filed by EarthLink.
EarthLink also said that it has won a US$15.4 million judgment
against Craig Brockwell and BC Alliance Inc. in a suit that claimed
Mr. Brockwell and his company sent hundreds of thousands of unsolicited
email messages.
http://news.com.com/2102-7348_3-5959367.html?tag=st.util.print
10
November 2005 - Trojan horse exploits Sony DRM copy-protection
vulnerability
Sophos experts warn of the Stinx Trojan horses that can hide under
the cloak of Sony's controversial CD copy-protection software,
and have been spammed across the internet in an email claiming
to come from a business magazine. Also, find out about the free
Sophos tool which can detect if Sony's cloaking technology has
been installed on your PC and disable it if you wish. http://s452.link.sophos.com/sonydrm?pl_id=9
10
November 2005 - Verizon Files to Stop FL Company From Gathering
Customer Information
A court has granted a temporary injunction in a suit brought by
Verizon against a Florida company called the Global Information
Group. The company allegedly impersonated Verizon employees and
attempted to gather confidential information from Verizon wireless
customers. The temporary injunction prohibits Global Information
from contacting Verizon customers and from sharing customer information
with third parties. In
addition, the court issued an order allowing Verizon to seize
the data the company had allegedly collected. Verizon has also
filed a civil suit against the Global information Group.
http://www.washingtonpost.com/wp-dyn/content/article/2005/11/09/AR2005110902133.html
9
November 2005 - Stolen Desktop PC Contained Credit History Data
on 3,600 Individuals
A desktop computer stolen in October from a regional office of
TransUnion LLC contains Social Security numbers and other personal
information belonging to more than 3,600 consumers. TransUnion
LLC is one of three companies in the US that keeps records of
individuals' credit histories. TransUnion sent out notices on
October 21 informing those affected by the theft and offering
a year of free credit report monitoring. TransUnion vice president
for corporate affairs Colleen Tunney said the company is investigating
why the data was stored on an individual computer and not on a
secure corporate network.
http://www.washingtonpost.com/wp-dyn/content/article/2005/11/08/AR2005110801573.html
9
November 2005 - Phishing Scam Pretends to be Cash Prize From Google
A new phishing campaign purports to be an announcement from Google
that the recipient has won US$400. The spam email with the message
also has a link to a phony Google site where users are asked to
supply their addresses and credit card information. The phishing
web site, which was hosted in the US, was shut down within 24
hours after the scam was detected.
http://news.com.com/2102-7349_3-5940682.html?tag=st.util.print
8
November 2005 - 'Live phishing' experiment nets consumers hook,
line, and sinker
Despite
the spiraling threat from identity theft, most consumers who were
recently approached by complete strangers on the streets of New
York freely gave up personal and sensitive data, which could be
used by cyber criminals to crack account passwords or to steal
identities outright.
http://www.scmagazine.com/us/news/article/526700/
8
November 2005 - Shoppers still wary of online market
Consumer
distrust of online commerce remains widespread, according to a
national study released last week. http://www.scmagazine.com/us/news/article/526709/
8
November 2005 - Italian organization calls for Sony spyware probe
An
advocacy group has asked the Italian government to investigate
whether Sony BMG Entertainment broke any of the country's laws
when it included what has been called a form of spyware on some
of its CD-Roms. http://www.scmagazine.com/us/news/article/526725/
8/7
November 2005 - Hong Kong Court Gives File Sharer a Three-Month
Sentence
A Hong Kong court sentenced Chan Nai-ming to three months in jail
for digital piracy; he uploaded three Hollywood movies to the
Internet with BitTorrent, allowing them to be shared in violation
of copyright laws.
http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=5191&sid=5366421&con_type=1
http://news.bbc.co.uk/2/hi/technology/4413540.stm
7
November 2005 - Australian Gov't Teams with ISPs to Track Down
Bot-Infected Computers
The Australian government is working with five Internet Service
Providers to track down computers that have been compromised and
made part of zombie networks that are used to send spam or launch
distributed denial-of-service attacks. The Australian Internet
Security Initiative will identify IP addresses of hosts that exhibit
behavior indicating they are zombies. The ISPs then can contact
their customers, let them know their computers have been compromised
and help them disinfect their machines. Steps may be taken to
disconnect from the Internet the computers of customers who do
not disinfect their computers."
http://www.zdnet.co.uk/print/?TYPE=story&AT=39235796-39020375t-10000025c
7
November 2005 - US Authorities Arrest Alleged Botnet Operator
in California
FBI agents have arrested Jeanson James Ancheta and charged him
with spreading a Trojan horse program that allowed him to create
a botnet of 400,000 computers. A botnet is a network of compromised
computers that can be controlled to send spam or launch distributed
denial-of-service attacks (DDoS). Among the zombie computers in
his network were some belonging to the US Department of Defense.
Mr. Ancheta allegedly took payment from companies whose adware
he surreptitiously loaded into their computers. He also allegedly
controlled the computers via an IRC channel and advertised their
use for sending spam or launching distributed denial-of-service
attacks. Mr. Ancheta was scheduled to be arraigned on Monday,
November 7, 2005. Two aspects make this case unique: (1) it is
the first time an alleged botnet operator will be prosecuted in
the United States, and (2) Mr. Ancheta is accused of using a botnet
to make a profit. In the past, people who have created botnets
have done so primarily for bragging rights.
http://www.eweek.com/print_article2/0,1217,a=164421,00.asp
7
November 2005 - Greek Police Arrest Swedish Programmer for Spamming
Greek police have arrested a Swedish computer programmer, Rick
Downes, on charges of sending spam. Mr. Downes, who retired to
Greece, has denied the charges and maintains the police have no
evidence against him. Mr. Downes' computer has been seized and
sent to police laboratories for examination; he says he has not
been asked for his administrative password. Mr. Downes is a member
of the Coalition Against Unsolicited Commercial Email and has
campaigned against spam in the past. Mr. Downes was suspected
of sending spam after a travel agent and two other people reported
receiving nearly identical spam email messages shortly after meeting
him. Mr. Downes's wife says they suspect that a travel agent's
computer was compromised and the addresses were being used by
a spammer; the police seemed ignorant of how spammers operate,
apparently believing they collect email addresses one at a
time.
http://www.silicon.com/research/specialreports/thespamreport/0,39025001,39153964,00.htm
4
November 2005 - Phishing Attack Targets PayPal Users
A new phishing attack is targeting people who use PayPal. The
users receive an email message telling them that someone has been
trying to access their accounts from a foreign country. The are
advised to click on a link that purports to be a PayPal Security
Tool executable, but is really a Trojan horse program that modifies
the local workstation's DNS settings and deletes itself; when
users try to visit PayPal in the future, they are directed to
a fraudulently crafted site where the thieves proceed to elicit
personal data by asking them to update their accounts. The data
requested includes names, Social Security numbers and bank account
and routing numbers.
http://www.vnunet.com/vnunet/news/2145545/phishing-attack-paypal
4
November 2005 - Australian Reseller to Pay Microsoft AU$1.3M for
Copyright Infringement
The Australian Federal Court has ordered New South Wales-based
reseller PC Club and its associates to pay Microsoft AU$1.3 million
(US$952,300) in damages and costs for selling pirated and illegal
software and counterfeit Certificate of Authenticity labels. The
charges included copyright and trademark infringement and breaches
of the Trade Practices Act.
http://www.itnews.com.au/print.aspx?CIID=25556&SIID=35
http://www.arnnet.com.au/index.php/id%3B428540004%3Bfp%3B2%3Bfpid%3B1
2
November 2005 - eBay Fraudster Sentenced to Four Years in Jail
David Levi has been sentenced to four years in jail for masterminding
a phishing scam that stole nearly 200,000 GBP (US$355,000) from
eBay customers. Mr. Levi headed a group that included six other
people who tricked eBay shoppers into disclosing their passwords
and other account information. His conviction is believed to be
the first in the UK for phishing fraud.
http://news.com.com/2102-7349_3-5926933.html?tag=st.util.print
3
November 2005 - SEC Releases Tips for Safeguarding Personal Information
and Money Online
The US Securities and Exchange Commission has released a guide
for investors recommending steps they can take to protect their
online brokerage accounts from data thieves. Among the SEC's recommendations
are checking the sites' security certificates, using security
tokens when available, not responding to email asking for personal
data, using strong password practices and logging out completely
from accounts. http://www.sec.gov/investor/pubs/onlinebrokerage.htm
20
October 2005 - Better Protection Possible With Lower Budgets,
Claims Gartner Organizations
that focus on security processes and not products will be able
to lower their total information security budgets while simultaneously
improving their overall level of protection, Gartner claimed today. http://www.scmagazine.com/us/news/article/523421/
20
October 2005 - Identity Theft Threatens 26.7 million Americans
There
are currently 26.7m Americans at risk from identity theft because
they are unwittingly transmitting sensitive personal data to international
hackers and criminals, a newly published report has claimed.
http://www.scmagazine.com/us/news/article/523149/
20 October 2005 - Study Finds Spyware Most Prevalent in PCs
in US, Thailand and UK
According to research from anti-spyware company Webroot, the countries
with the highest incidences of computers infected with spyware
in the most recent quarter are the US, Thailand and the UK. Nearly
55 percent of consumers' PCs are infected with spyware. The research
counts tracking cookies among the spyware. In the UK, the average
number of pieces of spyware on the consumers' PCs is 18; discounting
the cookies, that figure falls to just 4.5.
http://news.bbc.co.uk/2/hi/technology/4361594.stm
19
October 2005 - Sainsbury gift voucher chain letter makes way around
UK
An email chain letter which deludes people into thinking they
will be given £60 worth of supermarket gift vouchers has
spread amongst internet users in the United Kingdom.
http://www.sophos.com/spaminfo/articles/sainchain.html
19
October 2005 - Fear of identity theft holds back global e-commerce
Although
online transactions are increasing in both the U.S. and Europe,
a growing fear of identity theft and other online fraud is eroding
confidence in e-commerce, newly published research has warned.
http://www.scmagazine.com/us/news/article/522939/fear-identity-theft-holds-back-global-ecommerce/
18
October 2005 - Phishing and pharming set to soar, groups warn
U.S.
consumer groups have warned of a growing danger from phishing
and pharming attacks.
http://www.scmagazine.com/us/news/article/522640/phishing-pharming-set-soar-groups-warn/
18
October 2005 - Transportation IG Audit Finds Serious Security
Lapses
The Department of Transportation's inspector general was able
to penetrate and gain root control of a vulnerable server during
a recent audit. Because there is interconnectivity within DOT,
other departments could be put at risk by just one department's
security weaknesses. According to the audit report, there are
also previously noted security vulnerabilities that the agency
has not addressed. The audit is an annual event conducted in accordance
with the Federal Information Security Management Act (FISMA).
http://www.computerworld.com/printthis/2005/0,4814,105530,00.html
17
October 2005 - Anti-Phishing Working Group's August Report
According to the Anti-Phishing Working Group's August 2005 Phishing
report, phishing sites are remaining on line an average of 5.5
days. A year and a half ago, phishing web sites usually remained
on line for a week or more. The number of "phishing campaigns"
detected fell for the second month in a row, although the number
of new phishing web sites reached an all-time high of 5,259, up
from a reported 4,564 in July.
http://www.computerworld.com/printthis/2005/0,4814,105368,00.html
17
October 2005 - Spammer's Sentence is Under Seal
Anthony Greco was sentenced in a closed session for sending nine
million spam email messages through instant messages to members
of MySpace.com. The sentence is under seal. Earlier this year,
Mr. Greco reached a plea agreement with prosecutors wherein he
would serve a sentence of between 18 months and two years in prison
in return for his guilty plea. Mr. Greco had also threatened to
share his spamming techniques with others. Federal prosecutors
planned to ask the judge to make the sentence
public.
http://sfgate.com/cgi-bin/article.cgi?file=/n/a/2005/10/17/financial/f190259D40.DTL&type=printable
16
October 2005 - FBI Agents Seize Alleged Spammer's Computers and
Financial Records
Recently unsealed warrants reveal that FBI agents raided the Michigan
home of Alan M. Ralsky, allegedly one of the nation's most prolific
senders of bulk email, and seized his financial records, computers
and disks. The seizure has reportedly halted his operation. Mr.
Ralsky was sued by Verizon Communications in 2001 for shutting
down Verizon's network by sending millions of unsolicited email
messages; he settled the case for an undisclosed sum and promised
not to send spam on the company's networks any more.
http://www.usatoday.com/tech/news/techpolicy/2005-10-16-fbi-spammer_x.htm
14
October 2005 - MPAA Files Lawsuits Against Movie Download Web
Sites
The Motion Picture Association of America (MPAA) has filed lawsuits
in New York state courts against six web sites. The MPAA alleges
the sites are violating federal copyright laws by pretending to
be legitimate movie and music downloading web sites, but actually
charging people to redirect them to file sharing sites where they
have access to illegally copied content.
http://news.bbc.co.uk/2/hi/technology/4342910.stm
13
October 2005 - Three Indicted in Software and Music Piracy Scheme
Three California men have been indicted for their alleged roles
in a music and software piracy scheme; the three were allegedly
involved in illegally copying CDs. Charges in the indictments
include conspiracy to commit criminal copyright infringement and
traffic in counterfeit labels, criminal copyright infringement,
trafficking in counterfeit labels, and aiding and abetting. The
arrests and searches were part of the US Department of Justice's
"Operation Remaster" which focused on the replicators
in the chain of digital media piracy. http://www.computerworld.com/printthis/2005/0,4814,105374,00.html
10
October 2005 - British Malware Authors Jailed for Conspiracy to
Infect PCs
Two members of a hacking gang who wrote malware to remotely control
innocent people's computers have been sentenced to three months
and six months jail. Have your say on their sentence - do you
think it was too harsh or too soft? http://s431.link.sophos.com/threatkrew?pl_id=9
10
October 2005 - Suspected zombie kings who ran botnet of 100,000
PCs arrested
Dutch police have arrested three men alleged to have been involved
in a gang controlling a zombie network of more than 100,000 computers. http://s431.link.sophos.com/dutchbot?pl_id=9
7
October 2005 - Banks, Internet Companies Dealing with Phishing
Privately
Because law enforcement seems to give phishing a low priority,
banks and companies that conduct business on the Internet are
taking matters into their own hands. The organizations work with
ISPs, web hosting services and regional Internet authorities to
track down the servers the phishing email is coming from and work
with contacts to shut the sites down. They have also been setting
up phony accounts and working with banks and law enforcement organizations
to track the stolen data and ultimately arrest the thieves. http://www.newsfactor.com/story.xhtml?story_id=38544
6
October 2005 - Former White House Aide Allegedly Stole Intelligence
Documents
US federal investigators say an FBI analyst who had previously
worked as an aide in the office of the Vice President from 1999-2001
used his top-secret security clearance to steal classified intelligence
documents from White House computers. Leandro Aragoncillo was
allegedly spying for a group in the Philippines who was opposed
to the government there. A US District Court judge in Newark,
NJ has signed an order to continue the case in order that the
defendant's attorney may negotiate a plea agreement, indicating
that Mr. Aragoncillo is likely to be cooperating with federal
investigators.
http://www.app.com/apps/pbcs.dll/article?AID=/20051006/NEWS/510060478
6
October 2005 - City University of New York Notifies Those Affected
by Data Leak
City University of New York (CUNY) has informed more than 750
students and current and former employees that their personal
information, including Social Security numbers, may have been
compromised. A law student Googling her own name found among the
results documents that contained sensitive personal student data.
School administrators apparently posted the documents on the university's
central web site. Even after the school became aware of the situation
and removed the files, Google's caching feature made the information
available for a few more days.
http://www.columbiaspectator.com/vnews/display.v/ART/2005/10/05/434384081af2a
5
October 2005 - Phishers Target Swedish Bank
A
phishing attack has broken new ground by attacking a Scandinavian
bank operating a one-time password.
http://www.scmagazine.com/news/index.cfm?fuseaction=newsDetails&newsUID=baadadeb-0a19-4136-94d9-a4bfac09b237&newsType=Latest%20News&s=n
5
October 2005 - FTC Asks Court to Shut Down Alleged Spyware Company
The Federal Trade Commission has filed a complaint with a US court
in New Hampshire asking that a company in that state be shut down.
Odysseus Marketing maintains that its Kazanon software is anonymous
peer-to-peer file sharing software, but the FTC alleges that it
behaves as a Trojan horse, allowing other programs to infiltrate
users' computers and deliver pop-up advertisements and track their
web surfing activities. In addition, people's search results have
been meddles with to send them to look-alike search engines that
display Odysseus customers prominently in the search results.
A software tool from Odysseus that is supposed to correct the
problem actually brings in more spyware, according to allegations.
The FTC asked court to permanently halt downloads from Odysseusmarketing.com.
http://www.computerworld.com/printthis/2005/0,4814,105164,00.html
4/3
October 2005 - China Expels American Convicted of Piracy to US
to Face More Charges
Randolph Hobson Guthrie, who has been convicted in China of trafficking
in pirated digital media, has been expelled from that country
to face additional charges in the US. Mr. Hobson was scheduled
to appear in US federal court for a bond hearing on October 4;
he will then be sent to Mississippi to face charges of copyright
infringement, trafficking and money laundering. Mr. Hobson was
sentenced to two years in prison in China in April. He and another
American convicted along with him were ordered deported after
completion of their sentences; it has not been made clear why
Mr. Guthrie was released early.
http://www.usatoday.com/tech/news/techpolicy/2005-10-03-dvd-piracy-china_x.htm
http://www.securitypronews.com/insiderreports/insider/spn-49-20051004ChinaTheUSAndDVDPiracy.html
4
October 2005 - Florida Man Arrested for Alleged Fraudulent Donation
Solicitation
A Florida man has been arrested and charged with four counts of
wire fraud for allegedly using a web site to solicit donations
for medical supplies and evacuation flights to hurricane-ravaged
Louisiana; Gary Kraser allegedly never made any of the flights,
though he wrote stories of having done so on the web site. Mr.
Kraser allegedly raised US$40,000 in just two days. According
to the indictment, he collected the money through PayPal accounts
and through direct wire transfers to his bank account.
http://www.theregister.co.uk/2005/10/04/katrina_fbi/print.html
4 October 2005 - Eight People Arrested in Scheme to Defraud
Red Cross
Eight people have been arrested and one more person is being sought
in connection with a scheme to defraud the American Red Cross.
Some of the people hired to work a Red Cross call center in Bakersfield,
California that was set up to provide hurricane evacuees with
PIN numbers they could use to obtain relief aid through Western
Union gave those numbers to friends and family. So far, US$25,000
has been documented as stolen, but a US attorney expects that
figure to increase. If convicted of the wire fraud charges against
them, the defendants could face up to 20 years in prison and fines
of US$250,000. Law enforcement officials say they expect to make
more arrests.
http://www.cnn.com/2005/LAW/10/04/redcross.scheme/
1 October 2005 - Governor Schwarzenegger Signs Anti-Phishing
Law
Phishing is now a civil offense in California. Governor Arnold
Schwarzenegger signed a bill on September 30, 2005, that allows
people to sue the senders of deceptive emails that attempt to
steal personal data; they can seek to recover actual damages or
US$500,000 for each violation, whichever is greater.
http://www.msnbc.msn.com/id/9547692/
30
September 2005 - Trojan Exploits Unpatched Microsoft Office Vulnerability
A Trojan horse program called Backdoor.Hesive exploits an unpatched
hole in Microsoft Office and could allow attackers to take control
of vulnerable machines. Machines become infected when users are
tricked into opening a specially crafted .mdb file in Microsoft
Access. All recent Windows releases are vulnerable. Backdoor.Hesive
exploits a flaw in Microsoft's Jet Database Engine. Microsoft
was alerted to the problem in April, 2005, but has not yet issued
a patch.
http://news.zdnet.com/2102-1009_22-5886543.html?tag=printthis
29
September 2005 - Gartner: Unattended PCs Pose Risk
Recent Gartner research indicates that organizations tend to overlook
the security threats posed by unattended PCs that are logged onto
corporate networks. The situation could allow people to access
and alter confidential information to commit fraud or to send
email from others' accounts. In addition, when network connected
PCs are left unattended, employees can offer the "someone
else used my machine" defense when faced with evidence that
their machine was improperly used. Some companies would benefit
from using timeouts, which make users of back on to the system
after specified periods of inactivity. another solution would
be to use proximity tokens, which disconnect users and log back
onto on the system based on their proximity to their PCs.
http://www.computerworld.com/printthis/2005/0,4814,105043,00.html
29
September 2005 - Software Pirate to Pay More Than US$1 Million
in Restitution
Li Chen has pleaded guilty to one count of copyright infringement
and will pay US$1.1 million in restitution to Symantec and Microsoft
for software piracy under the terms of his plea agreement. A Symantec
spokesperson said, "This guy was one of the largest distributors
of pirated software. He had direct ties to China, where the counterfeit
product was being produced."
http://www.zdnetasia.com/news/security/printfriendly.htm?AT=39270628-39000005c
28
September 2005 - IM Malware on the Rise
A recent report noted 25 IM viruses circulating in September and
47 in August, the highest monthly total recorded since they began
keeping track a year-and-a-half ago. The report also noted that
in the past, IM viruses have been variants of email viruses, but
they are increasingly seeing malware created specifically to spread
over IM systems. According to the report, attackers are using
IM malware to take control of computers and use them in zombie
attacks.
http://www.eweek.com/print_article2/0,1217,a=161315,00.asp
15
September 2005 - Sys Admins Believe Users Could Put Companies
at Risk
A Sophos survey has revealed that 79% of syadmins believe that
employees are putting their companies at risk by failing to act
safely online. Despite instructions from IT departments, many
employees continue to open unsolicited email attachments and download
malware from websites. Read more and find out about the 'sinful
seven' online activities that employees find hard to resist.
http://s420.link.sophos.com/riskpoll?pl_id=9
14 September 2005 - Malware time bomber banged to rights
A
Californian man has been convicted of planting a malware "time
bomb" in his former employer's computer.
http://www.scmagazine.com/news/index.cfm?fuseaction=newsDetails&newsUID=eff2b7fe-ecf0-44ac-afc4-ba4bb598f6f5&newsType=Latest%20News&s=n
13
September 2005 - Users likely to take more online risks at work
than home
Corporate
users are more apt to click on suspicious links or visit suspicious
web sites at work than home, according to a survey conducted by
anti-virus supplier Trend Micro.
http://www.scmagazine.com/news/index.cfm?fuseaction=newsDetails&newsUID=3eeb9714-30c9-4625-bf5c-2d0ae0bef358&newsType=Latest%20News&s=n
9
September 2005 - New Law Likely to Spur IT Security Spending at
Japanese SMBs
Small and medium sized businesses in Japan are likely to increase
their IT security spending to comply with the country's Personal
Information Protection Law, which took effect April 1, 2005. The
law requires organizations holding personal information of 5,000
or more people to take certain precautions to protect those data;
failing to protect the data could result in stiff penalties. AMI-Partners
predicts that small and medium businesses in Japan will spend
US$824 million on IT security in 2005; that figure is expected
to grow to US$1.5 billion in 2009.
http://www.zdnetasia.com/news/security/printfriendly.htm?AT=39253182-39000005c
9
September 2005 - Softly softly scammers steal money on the sly
Internet
thieves are resorting to a "softly softly" approach
in order to steal money from users' accounts without arousing
suspicion.
http://www.scmagazine.com/news/index.cfm?fuseaction=newsDetails&newsUID=808e314f-c11f-495a-9152-7a1800164fdf&newsType=Latest%20News&s=n
8
September 2005 - Indian Call Center Employee Arrested for Alleged
Data Theft
Police in India have arrested a man who worked at the Saffron
Global call center for allegedly stealing customer data. Company
officials say the man was discovered copying data onto a CD; they
then alerted police. The suspect was booked under the Information
Technology Act and the Indian Penal Code and has been placed in
judicial custody for 14 days.
http://www.zdnetasia.com/news/security/printfriendly.htm?AT=39253172-39000005c
7
September 2005 - Ireland's First Spam Conviction
Ireland has seen its first conviction under its new anti-spam
law; a company called 4's A Fortune Limited was found guilty of
sending unsolicited commercial messages to five mobile telephones.
The company actually made 165,000 calls, but only five complaints
were registered. The law under which 4's A was found guilty took
force in November 2003. 4's A was fined 300 Euros for each call
and ordered to pay court costs of 1,000 Euros. The law allows
fines of as much as 3,000 Euros per message sent. There is presently
no provision for jail time in spam cases in Irish law, but that
may change in the future.
http://www.theregister.co.uk/2005/09/07/irish_spam_conviction/print.html
7 September 2005 - Former Student Sentenced for University Computer
Intrusion & Data Theft
Christopher Andrew Phillips, formerly a student at the University
of Texas at Austin, has been sentenced to five years of probation
for breaking into the school's computer system and stealing people's
personal data, including Social Security numbers. In addition,
Mr. Phillips has been ordered to pay more than US$170,000 in restitution
to the university. Mr. Phillips is prohibited from accessing the
Internet except with the approval and supervision of his parole
officer, and even then may use it only for school and work.
http://www.chron.com/cs/CDA/ssistory.mpl/metropolitan/3342919
7
September 2005 - Hackers, scammers and phishers exploit Hurricane
Katrina disaster
In the wake of the natural disaster in the United States, internet
criminals are expoiting the situation by distributing malware
and setting up bogus charity websites.
http://s417.link.sophos.com/katrina?pl_id=9
http://s417.link.sophos.com/redx?pl_id=9
7
September 2005 - Top ten viruses and hoaxes in August 2005
Which virus topped the chart in August 2005? Find out which viruses
and worms were spreading the most across internet email systems
in the last last month in this hall of shame.
http://s417.link.sophos.com/topaug05?pl_id=9
5
September 2005 - Consumer Reports: One Third Of Net Users Damaged
By Malware
In the 2005 Consumer Reports State of the Net survey, the team
led by Jeff Fox found that home users of the Internet have a 1-in-3
chance of sustaining computer damage and/or financial loss due
to malware. According to the survey, Americans spent over US$2.6
billion on software to protect their computers last year, but
also spent US$9 billion on repairs, parts and replacements due
to the damage caused by malware. Consumer Reports maintains that
on line threats are worse than they were a year ago due to "government
inertia and consumers' imprudent practices." In addition
the researchers discovered that major consumer products companies
are actually providing the economic sustenance for spyware by
buying advertising distributed using the scourge. The culprits
include computer companies that then make money when users find
their systems so overrun with spyware that they give up and buy
a new computer.
http://www.consumerreports.org/main/content/display.jsp?FOLDER%3C%3Efolder
_id=760009&bmUID=1126013586822
1
September 2005 - ChoicePoint hacker indicted
The
man who received 16 months jail time for dealing in personal information
taken from ChoicePoint has now also been indicted for fraudulently
accessing consumer financial records.
http://www.scmagazine.com/news/index.cfm?fuseaction=newsDetails&newsUID=922fedc9-d34d-40ea-94da-36594fc3f2f8&newsType=Latest%20News&s=n
31
August 2005 - Phony Yahoo Site Tries to Collect User Names and
Passwords
A web site pretending to be a free Yahoo game service actually
attempts to gather information that could be used to steal identities.
The site is being hosted on a Yahoo Geocities account; site visitors
are asked
to supply their Yahoo user IDs and passwords. Users are being
lured to the site by spam sent through Yahoo's instant messaging
service; the message, which urges the recipient to visit the malicious
site, appears to come from someone on the user's friends list.
http://www.zdnet.com.au/news/security/print.htm?TYPE=story&AT=39209468-2000061744t-10000005c
30
August 2005 - Man Pleads Guilty to Selling Windows Source Code
William P. Genovese, Jr. has pleaded guilty to one charge of unlawfully
distributing a trade secret; Mr. Genovese sold chunks of source
code from Microsoft's Windows NT 4.0 and Windows 2000. He apparently
obtained the code on the Internet after someone else stole it
and made it available. Mr. Genovese entered his guilty plea in
a federal court in Manhattan; he will be sentenced this fall.
Federal prosecutors have recommended a prison sentence of 10-30
months, although the maximum penalties for this crime are 10 years
in prison and a US$250,000 fine.
http://news.com.com/2102-1016_3-5844505.html?tag=st.util.print
29
August 2005 - MPAA Uses Data from Shuttered File-Sharing Sites
in New Lawsuits
The Motion Picture Association of (MPAA) America's latest round
of lawsuits was based on information the organization obtained
from file trading sites - largely BitTorrent hubs -- that were
shut down earlier this year. The MPAA filed suits against 286
individuals for illegal file sharing. The MPAA and those it represents
are hopeful that the action will discourage people from illegally
trading copyrighted digital content. The lawsuits at present are
filed against John Does along with Internet addresses; the MPAA
will seek their identities at a later date.
http://news.zdnet.com/2102-9588_22-5843082.html?tag=printthis
29
August 2005 - Legal Action Against File Sharing Sites Does Not
Deter Traders
A study has indicated that the legal action taken against BitTorrent
has not reduced the amount of file trading that takes place on
the Internet, but merely caused file traders to shift to a different
network.
http://today.reuters.com/news/NewsArticle.aspx?type=internetNews&storyID=200
27
August 2005 - Two Arrested in Connection with Zotob Worm
Authorities in Morocco and Turkey arrested two men in connection
with the Zotob worm that caused computer outages at organizations
around the world two weeks ago. Farid Essebar of Morocco allegedly
wrote both the Zotob worm and the Mytob worm in February. Atilla
Ekici of Turkey is alleged to have paid Essebar to write them.
Authorities say the pair was interested in using the worms for
financial gain. The men will be prosecuted in their countries
of origin. The Washington Post also reported that these same criminals
were suspected of authoring and distributing Rbot, a family of
trojans that allow attackers to maintain access to many tens of
thousands of infected systems on the Internet.
http://www.washingtonpost.com/wp-dyn/content/article/2005/08/26/AR2005082601201_pf.html
26
August 2005 - Use USBs at your peril, survey warns
Employees
are putting their company's data at risk by not using encrypted
USB devices, a new survey has revealed.
http://www.scmagazine.com/news/index.cfm?fuseaction=newsDetails&newsUID=1c9536d9-80ff-49e6-b587-311f8e6101a3&newsType=Latest%20News&s=n
26
August 2005 - Three indicted in connection with spam operation
A federal
grand jury in Phoenix, Ariz. has indicted three people on charges
of violating the federal Can-Spam Act for operating a pornographic
spam business.
http://www.scmagazine.com/news/index.cfm?fuseaction=newsDetails&newsUID=58b22f8f-a565-4c2a-8d82-e26b338274bf&newsType=Latest%20News&s=n
26
August 2005 - Raid In Brazil Serves Up Arrests of 85 Alleged Cyber
Thieves
A four-month investigation into on-line banking theft in Brazil
culminated in a raid last week that netted Brazilian police 85
arrests. The raid, which was given the moniker "Operation
Pegasus," was carried out by 410 police in seven Brazilian
states. The suspects allegedly stole roughly 80 million BRL (approximately
US$33.5 million) by breaking into online bank accounts.
http://msnbc.msn.com/id/9085008/
24
August 2005 - Anti-Phishing Working Group Reports Phishers are
Honing Their Skills
According to the Anti-Phishing Working Group's July 2005 phishing
report, spammers are fine-tuning their techniques to evade conventional
spam detection and prevention technologies. APWG noted a significant
increase in screenscrapers, which send screenshots of users actions
to phishers' servers. In this case, shots of users clicking on
graphical keyboards were surreptitiously taken; graphical keyboards
are sometimes implemented as an anti-keystroke-logging mechanism.
In addition, as larger financial institutions implement stronger
safeguards against phishing, the phishers are starting to target
smaller financial institutions. The report also notes that the
total number of reported phishing campaigns in July was down slightly
from June numbers.
http://www.theregister.co.uk/2005/08/24/apwg_fraud_trends/print.html
19
August 2005 - Former University Employees Charged in Grade-Altering
Scheme
Ellis Peet and Clifton Franklin, both former Florida Memorial
University employees, have been charged in connection with a grade-altering
scheme. The men allegedly accepted money and favors in return
for changing students' grades. Mr. Peet was a computer technician
in the registrar's office and Mr. Franklin a data entry clerk.
Officials believe the pair changed their own grades while they
attended the school. According to Mr. Peet's attorney, his client
has pleaded not guilty to racketeering and violating intellectual
property and computer access laws. Mr. Franklin faces the same
charges. In addition, three of five students who allegedly acted
as middlemen in the scheme have been arrested and charged with
racketeering. http://www.local10.com/news/4868830/detail.html
18
August 2005 - Effective Spear Phishing Defense: Positive Social
Engineering
Although there is no technological defense against spear phishing,
New York State has discovered an alternative means of defending
against those targeted attacks: positive social engineering. New
York sent "safe" phishing emails to 10,000 employees
and told them more would be coming. When the second one arrived
the number of people who fell for the scam fell by 50%.
http://www.computerworld.com/securitytopics/security/story/0,10801,104087,00.html
16
August 2005 - Media organizations struck hard by new worm
Sophos has advised computer users not to panic, but to ensure
appropriate defenses are in place, following reports that a worm
has disrupted business at CNN, ABC, The Financial Times, and the
New York Times. The worm exploited the new Microsoft MS05-039
security vulnerability live on air in front of
millions of viewers.
http://s414.link.sophos.com/breakingnews?pl_id=9
16
August 2005 - Trespassing thief and fraudster convicted
A businessman
has been convicted of 120 counts of unauthorized access in what
is claimed to be the biggest "computer theft" case of
all time.
http://www.scmagazine.com/news/index.cfm?fuseaction=newsDetails&newsUID=b70a9b0d-aa9b-4ad9-82bb-1be63d8d9cfd&newsType=Latest%20News&s=n
14
August 2005 - Bulk eMailer Guilty of Data Theft
A Florida jury found Scott Levine guilty on 120 counts of unauthorized
access to data, two counts of access device fraud and one count
of obstruction of justice; Mr. Levine was found not guilty on
15 other counts, including conspiracy and unauthorized access
of a protected computer. Mr. Levine ran the now-defunct bulk email
company Snipermail.com. According to prosecutors, Mr. Levine and
Snipermail.com stole 1.6 billion customer records including names,
home addresses, email addresses and bank account and credit card
numbers from the Acxiom Corp. data management company. Mr. Levine
is to be sentenced on January 9, 2006. Six of Mr. Levine's Snipermail.com
employees pleaded guilty to conspiracy charges and testified against
him in this case.
http://www.usatoday.com/tech/news/computersecurity/2005-08-14-levine-conviction_x.htm
9
August 2005 - High School Students Charged with Felonies for School
Computer Misuse
13 Pennsylvania high school students have been charged with felony
computer trespass for breaking school rules regarding the use
of their school-issued laptop computers. The state defines the
offense "as
altering computer data, programs or software without permission."
The students discovered the administrative password that allowed
them to reconfigure their machines and bypass Internet filters.
Some students turned off a remote monitoring function and some
used that function to view administrators' computer screens; some
students also downloaded instant messaging tools. There is no
evidence that the students altered grades, disabled the school's
network or otherwise acted maliciously. School district officials
maintain the students violated the code of conduct and acceptable
use policy that warned of legal repercussions. The school had
tried detentions and suspensions before turning the matter over
to police. A hearing is scheduled for August 24, 2005.
http://www.wired.com/news/print/0,1294,68480,00.html
9
August 2005 - Microsoft, Spammer Reach Settlement
Microsoft has settled a lawsuit against Scott Richter who was
known as a "spam king." As part of the settlement, Richer
will pay Microsoft US$7 million, $5 million of which Microsoft
will put toward expanding
technology and support available to law enforcement for investigating
cyber crime.
http://www.washingtonpost.com/wp-dyn/content/article/2005/08/09/AR2005080900153.html
8
August 2005 - University of Texas Server Breached; 39,000 People
Affected
School officials at the University of North Texas say a security
breach of a school server may have compromised data belonging
to about 39,000 current and former students as well as some applicants.
Although there is no evidence that any information was stolen,
the intruders may have had access to names, Social Security numbers
and some credit card numbers. The school says it has blocked access
to the server. University of Northern Texas has set up a web site
with more information.
http://www.kltv.com/Global/story.asp?S=3696978
8
August 2005 - Identity Thieves Using Browser Hijackers to Steal
Data
An identity theft ring is using CoolWebSearch browser hijacking
tools to steal information from people's computers; the researchers
who stumbled upon this fact say a great deal of information has
been uploaded to a remote server. The stolen information includes
chart sessions, usernames, passwords and banking data as well
as other personal details including eBay account information,
salary data and vacation plans. The FBI is reportedly involved
in the case.
http://www.computerworld.com/printthis/2005/0,4814,103737,00.html
8
August 2005 - Sonoma State University Security Breach Affects
Students and Applicants
Sonoma State University in California said that cyber intruders
gained access to the names and Social Security numbers of people
who attended or applied to the school between 1995 and 2002.
http://www.mercurynews.com/mld/mercurynews/news/12334677.htm
4 August 2005 - Cal Poly Pomona Notifies 30,000 of Security
Breach
Cal Poly Pomona has sent notices to more than 31,000 people notifying
them that their personal data may have been compromised when cyber
intruders accessed two of the school's servers earlier this summer.
The information compromised includes the names and Social Security
numbers of applicants and current and former students, faculty
and staff.
http://www.sgvtribune.com/cda/article/print/0,1674,205%257E12220%257E2996765,00.html
3 August 2005 - University of Colorado Hires Outside Auditor
After Third Breach
A third intrusion into University of Colorado computer over the
course of several weeks has prompted the school to hire an outside
auditor to examine its "security safeguards." The school
also plans to put firewalls on some of its systems. The most recent
breach involved a computer that holds information related to the
school's Buff OneCards, which allow students and staff to access
buildings after hours and to purchase food. The files contain
Social Security numbers, photographs and other personal information
belonging to 29,000 students and 7,000 staff members.
http://www.denverpost.com/portlet/article/html/fragments/print_article.jsp?article=2909173
2
August 2005 - Report Estimates US$2.75 Billion in Losses From
Phony ATM/Debit Cards
According to a recent Gartner report, phishing attacks are responsible
for US$2.75 billion in losses from ATM and debit cards over the
past year; based on a survey of 5,000 Americans Gartner estimates
that 3 million people have each lost an average of US$900. The
thieves obtain card information through phishing attacks and with
the aid of keystroke loggers; they then use the information to
create phony cards. Card-issuing banks should validate security
codes on the cards' magnetic strips, but not all are doing it.
http://news.com.com/2102-7349_3-5815141.html?tag=st.util.print
1
August 2005 - Phishers use little old lady to steal from eBay
Good Samaritans
Users of the eBay auction website have been warned about a new
phishing campaign which pretends to be a message from a wheelchair-bound
old lady. However, if recipients respond they risk passing their
confidential login details and password to a criminal gang.
http://s414.link.sophos.com/samaritan?pl_id=9
1
August 2005 - British Phonographic Industry Takes Five to Court
Over Alleged Illegal Music Downloading
The British Phonographic Industry is taking five alleged illegal
music downloaders to court. The five defendants allegedly made
nearly 9,000 songs available on line. More than 60 other people
in the UK who shared music illegally have already settled out
of court, paying fines of up to 6,500 GBP (US$11,507).
http://news.bbc.co.uk/2/hi/entertainment/4735821.stm
1
August 2005 - Darkmail growth is hidden bandwidth menace
Malevolent
mailers are increasingly hitting systems with email flooding attacks
never designed to appear in inboxes.
http://www.scmagazine.com/news/index.cfm?fuseaction=newsDetails&newsUID=c16c1995-a367-4b86-8cc9-1de81568b82f&newsType=Latest%20News&s=n
27
July 2005 - Woman held over spammer death
A woman is being held in connection with the violent death
of mega-spammer Vardan Kushnir.
http://www.scmagazine.com/news/index.cfm?fuseaction=newsDetails&newsUID=da4c1c2c-0644-47f8-adfe-62e2b676507e&newsType=Latest%20News&s=n
26 July 2005 - Identity Theft Woes Linger
A study from Nationwide Mutual Insurance Company found that 28%
of those who experienced identity theft were unable to completely
restore their good names even a year after the theft had been
discovered and efforts had been made to remediate the damage.
The average fraudulent charge made to accounts was nearly US$4,000;
16% of those answering the survey said they had to pay for some
or all of those charges. Only 17% of those surveyed said they
were notified of suspicious activity by their banks or creditors. http://www.techweb.com/wire/security/166402606
26
July 2005 - Microsoft Genuine Advantage Now Mandatory for Updates
Microsoft's Genuine Advantage program has now become mandatory.
As of July 26, 2005, users who want downloads from Windows Update,
Microsoft Update for Windows, or the Microsoft Download Center
must allow the program to verify that they are using a valid version
of the Windows operating system. If the OS is found to be counterfeit,
users have several options. Some will be eligible for free legitimate
copies of Windows; they need to provide Microsoft with the source
of the phony software, proof of purchase and the actual CD. Users
who do not have all the information can still file a report and
will be permitted to purchase a legitimate copy of Windows at
a discounted price. Security updates are exempt from Windows Advantage
and will be available to everyone.
http://www.techworld.com/security/news/index.cfm?RSS&NewsID=4102
22
July 2005 - Two Servers Breached at University of Colorado
The University of Colorado has hired a forensic investigator to
look into security breaches of two of the school's servers. A
server at the College of Architecture contains information on
approximately 900 students and faculty members, while a Health
Services server contains information on approximately 42,000 students
and university staff. No credit card information was stored on
either server and there is no
evidence that the information was stolen or has been misused.
The university is informing people whose information was stored
on the servers by letter and by email; in addition, the school
has established a web site and a hot line to answer questions
and
