Saturday, 25. January 2003
At least 50 Indian websites hacked by Pakistanis every month
ExpressIndia.com Jan 24 2003 10:05AM ET [moreover Computersecurity]
6.-8.5: Computer -- Expo
Reno, Nevada, US
Computer Crimes Expo will bring together leaders and decision makers
from the computer, telecommunications and security industries, along
with leaders from government, law enforcement and education, providing
a focus and single forum where the technology, content, partners and
strategic support allies discuss and create informational and business
opportunities. [Saver Internt - Events]
3.-6.6.: e-Society
Lisbon, Portuga
The IADIS e-Society 2003 conference aims to address the main issues
of concern within the Information Society. This conference covers both
the technical as well as the non-technical aspects of the Information
Society. Broad areas of interest are E-Commerce, E-Learning and E-Government.
[Saver Internt - Events]
Announcing PDF for Lawyers
- it is with great hope and little fanfare that I announce my new project: PDF for Lawyers. Right before the blog affliction took me I had been planning to write a book for lawyers on using PDF files. I never was able to write the book (too much blogging no doubt). Well, now that I understand how to use Radio better I have figured out how to host this at a different site and use Radio to post to it. So, that's it. If you are a lawyer interested in using Acrobat to make your office less paperful (going paperless is a dream) then tune in, drop comments, send me emails with tips and let's all learn more about using Adobe Acrobat. Oh, and of course it has an XML/RSS feed. [Ernie the Attorney]
Gericht: Meinungsfreiheit erlaubt auch im Internet keine Beleidigung
Das Recht auf freie Meinungsäußerung erlaubt auch im Internet keine Beleidigung. So brauche es niemand hinzunehmen, in einem Beitrag eines Online-Dienstes als "dämlich" oder "bescheuert" bezeichnet zu werden, heißt es in einem am Freitag veröffentlichten Urteil des Landgerichts Coburg . (Aktenzeichen: 21 O 595/02; rechtskräftig). Das Gericht gab damit einem Kläger Recht, der sich vom Herausgeber eines online erscheinenden Fachmagazins beleidigt gefühlt hatte. Das Magazin verkauft und vermittelt Fahrzeuge. [heise]
Dialer-Nummer aus Spam-Mail abgeschaltet
Hinter Kontaktangeboten in Massen-Mails verbergen sich meistens Downloads von kostenpflichtigen Dialern. So verschickte ein "Realkontakt Service" seit einigen Tagen die Aufforderung, eine vorgeblich private Nachricht herunterzuladen -- mit einem Dialer der Schweizer Firma IBS Clearing AG . Zwei der dafür geschalteten 0190-Nummern waren bei der Telekom gehostet. Das war nicht ganz einfach in Erfahrung zu bringen, weil weder der Ansagedienst der Telekom unter 08 00/3 30 19 00 noch die Internet-Seite der Regulierungsbehörde (RegTP) Informationen zum Betreiber gaben. Erst auf wiederholte Anfrage bei der RegTP und bei der Telekom konnte heise online Licht ins Dunkel bringen: Die Nummer war bei der Telekom geschaltet.
Die Telekom reagierte flott und zog die Nummer am gestrigen Donnerstag nachmittag aus dem Verkehr. Laut Pressesprecher Frank Domagala hatte das nichts mit der Anfrage von heise online zu tun, die Nummer sei aufgrund von Kundenbeschwerden abgeschaltet worden. Nicht zu klären war, wieso der Betreiber der Rufnummer nicht im Informations-System der Telekom vermerkt wurde. [heise]
Polizei Duisburg durchsucht Wohnungen nach raubkopierten Filmen
Das Kommissariat für Wirtschaftsstraftaten in Duisburg hat vergangene Woche mehrere Wohnungen nach Raubkopien durchsucht und ist dabei fündig geworden. Mehrere Personen stehen im Verdacht, mit raubkopierten Filmen gehandelt und damit gegen das Kunsturheberrecht verstoßen zu haben, teilt die Duisburger Polizei heute mit. Das Kommissariat habe die Ermittlungen aufgrund von "Hinweisen" eingeleitet.
Am 16. Januar habe die Polizei unter Beteiligung der Staatsanwaltschaft zunächst vier, im Anschluss drei weitere Wohnungen in Duisburg durchsucht. Dabei sei umfangreiches Beweismaterial entdeckt worden, darunter insbesondere PCs sowie in einem Fahrzeug etwa 500 Raubkopien auf CDs. In einer der Wohnungen haben die Ermittler laut Polizeibericht über 2000 illegal hergestellte Filmkopien festgestellt. Dabei soll es sich teilweise um Filme gehandelt haben, die hierzulande noch nicht in den Kinos liefen.
Die Polizei ermittelt bislang gegen acht Tatverdächtige im Alter zwischen 31 und 45 Jahren. Zwei Verdächtige hätten sich ins Ausland abgesetzt, zwei sollen gestanden haben, während vier weitere die Aussage verweigern. [heise]
12.-13.4.: Australian hackers launch security conference
A self-proclaimed "security conference for the Australian hacker community, organised by the Australian hacker community" has been set down for Sydney in April.
ccording to the conference organisers, Ruxcon focuses on "offensive" hacking techniques, as well as defensive security methodologies designed to combat them. The conference will allow attendees to refine their capabilities, potentially leading to an increase in the general skill-level of Australian hackers.
However the group organising the event claim that it's not just for "underground" hackers, but is "...an attempt to bring together the individual talents of the Australian computer security sector".
Kdz, one of the self-described "sometimes underground" hackers in charge of organising the conference, says for too long vendors have dominated security events. He said it was time to organise a conference that took the focus off products and put it back on disseminating technical information. [Help Net Security]
http://www.ruxcon.org/index.html
UK WHOIS service suspended after rogue attack
Nominet UK was forced to suspend its WHOIS service last night after a rogue attempt to copy the entire registry of .uk domains.
Spammers are thought to be behind attempts to copy the WHOIS database, which started last week. Last night, though, the attack was so severe that Nominet - the national Registry for all domain names ending .uk - had no choice but to suspend the service.
The service was suspended at 11.00pm and re-started at 7.45am this morning.
The attack appears to have originated from outside the UK and Nominet has already made attempts to try and stop those responsible from continuing with the action.
In a statement Nominet said: "Late yesterday evening, as a result of a distributed and high volume data mining attempt, we were forced to temporarily suspend our public WHOIS service. The service has since been re-started.
"We believe that there is a very persistent person/organisation attempting to gain a detailed copy of the .uk register. This attempt began last week, but increased efforts last night resulted in us needing to take more severe action than previously necessary.
"The data mining attempt operates by systematically querying the WHOIS server using whatever WHOIS proxies they can find. The queries normally take place overnight (GMT) with sometimes hundreds of proxies being commandeered simultaneously for this purpose.
"We apologise to anyone inconvenienced by these events, but trust that members will understand the importance of protecting the .uk register," it said.
Nominet is currently seeking legal advice but is prepared to suspend the WHOIS service again if attacks resume.
In a similar event in the late 1990s, Nominet obtained a High Court injunction to prevent someone form copying its registry of domain names. [The Register]
Net warfare is 'not just tech'
Joint Staff official says network-centric warfare has three equal parts: technology, organization and culture [FCW: Policy]
Ebay Seller Sues Over Libelous "Feedback"
An eBay Seller is taking the online auction giant to court over allegedly libelous statements made about the Seller in eBay's "feedback" mechanism, which allows buyers and sellers to leave comments about each other's performance that other users are then able to see. The Seller, who had auctioned some vintage radio magazines, was accused of shipping the goods late and in poor condition. After the Seller was unable to get eBay to remove the negative feedback, he brought suit in California Superior Court against both the Buyer and eBay.
The lawsuit aims at having eBay change its feedback policies, and of course a few million bucks for good measure. Yahoo News covers the Reuters release .[GrepLaw]
Judge Rules Against Spammer
A New York court ordered a spammer to stop telling customers they asked for their e-mail.
Manhattan Superior Court Justice Lottie Wilkins permanently enjoined MonsterHut from falsely representing that it had obtained permission to e-mail consumers, following a lawsuit by New York Attorney General Eliot Spitzer in May.
The suit charged that MonsterHut sent more than half a billion spam e-mails since March 2001, claiming recipients had opted in to receive them. More than 750,000 people asked to be removed from the e-mail lists.
The court rejected MonsterHut's argument that it was not liable for the misrepresentation since it purchased the e-mail addresses from third parties that MonsterHut believed acquired the names through an opt-in process. A hearing is scheudled for Feb. 11 to set civil penalites, damages and restitution.
In an earlier spam lawsuit, America Online was awarded $7 million in damages in a spam lawsuit. [TechWeb: Security]
Wife tracks hubby with secret GPS bug in his car
"Cops don't need warrants to bug vehicles, Nevada high court says" http://www.politechbot.com/p-03452.html
"U.K. plans to track all drivers with GPS, charge fees" http://www.politechbot.com/p-03178.html
Oregon's GPS Road toll plan: http://www.odot.state.or.us/ruftf/pdfs/VMTPreferred_Scenario_Nov1502.pdf (the same is just beeing deployed for trucks in germany)
Wife attaches GPS tracker to car to track husband http://www.theitem.com/CityDesk/030118a_news.cfm
[Politech]
The Art of Budgeting for IT Security Breaches
Siebel Systems CIO Mark Sunday told the E-Commerce Times that although corporate boards are more aware of security issues than ever before, they still do not fully understand them -- and most boards a... [Securitynewsportal]
Sprint DSL's Gaping Security Hole puts users at risk
Sprint DSL customers are at risk of having their e-mail addresses and passwords stolen -- even when their computers are powered off -- due to weak security controls on their DSL modems. Experts warn... [Securitynewsportal]
Courts says AOL not liable for idiot users sending 'hostile code'
IIn what legal experts describe as a first, a U.S. District Court has upheld a ruling that America Online and other Internet service providers are not liable for "hostile code" sent between subscribers. The U.S. Court of Appeals for the Third Circuit said last week that AOL could not be held accountable for a subscriber's sending of hostile code through its service. John Green, a 54-year-old electronics engineer and founder of JP Green Associates, in Edison, N.J., had accused AOL of failing to enforce its terms of service against a subscriber who sent Green a so-called punter, or malicious software instructions designed to temporarily kick someone off the service.
The court upheld a ruling by the U.S. District Court for the District of New Jersey, which had said an ISP's immunity from prosecution for a subscriber's actions covers not only the sending of actionable words, but also of hostile code. The court affirmed the lower court's definition of "information" under Section 230 of the Communications Decency Act. That definition includes not only communication of "knowledge or intelligence," but also the sending of an electronic "signal," both courts said. The decision is the latest in a long-running legal trend that has shielded ISPs--and AOL in particular--against the claims of subscribers who have demonstrated they were libeled or otherwise harmed while using an online service. [Securitynewsportal]
http://news.com.com/2100-1023-981800.html
Concerns Raised as Virus Writers Publish E-Zine
A group of hackers described as "prolific" virus writers by one analyst has published its first e-zine, raising concerns that the portal will fuel a new wave of malicious code and virus variants. According to security intelligence firm iDEFENSE, hackers who call themselves GEDZAC, or Zoneavirus, recently published the 'zine, titled Mitosis, which contains source code for a dozen viruses and tips, such as how to avoid detection by antivirus software. Ken Dunham, a senior intelligence analyst at iDEFENSE, says the fact that the group is organized enough to publish the 'zine is significant. "Most malicious coding groups fall apart or fail to progress to that level," Dunham says.
Dunham says the code will "invariably be used by a script-kiddie or individual learning how to create malicious code," likely resulting in faster development of new variants and "powerful blended threats." The new 'zine joins a growing list of publications, such as 2600 and Phrack, written for and by the hacker community. "The point to recognize is that the hacker community is more organized than most people realize," says Jon Ramsey, head of development at SecureWorks, a network intrusion detection and monitoring firm. Others see value for security professionals in the 'zines. "It's a classic tradeoff," says Ed Skoudis, VP of security strategy at consulting firm Predictive Systems. "They spread ideas among the bad guys and the not-so-elite bad guys, but they also let us good guys know what they're up to. All in all, it's kind of valuable." [Securitynewsportal]
http://www.infosecuritymag.com/2003/jan/digest23.shtml#news4
ADL describes e-gold as "terrorist tool"
Via Politech , the Anti Defamation League has issued a press release describing e-gold as a "possible terrorist tool".
The potential abuse by terrorists of e-gold, an Internet currency that enables deposits and transfers of precious metals using online trading accounts, "merits serious attention" by those government agencies who track sources of terrorist financing, said Abraham H. Foxman, ADL National Director.
"While we know of no links between e-gold... [zem]
Fighting terrorism means banning Internet gambling? from CEI
CEI C:\SPIN
This issue - Regulation Roulette: E-commerce and Terrorism.
This week's c:\spin is by Braden Cox, Technology Counsel, Project on Technology and Innovation, CEI, January 22, 2003.
On January 7, 2003, Rep. James Leach, R.-Iowa, introduced yet another internet gambling bill, the Unlawful Internet Gambling Funding Prohibition Act (H.R. 21 surely just a coincidence to the card game 21 or Blackjack ). The bill is the same text as H.R. 556, a bill passed by voice vote in the House last Congress that failed to move in the Senate before the end of session. The bill does not prohibit internet gambling outright. Rather, it indirectly shuts down online gambling by prohibiting banks from processing bank instrument transactions that involve unlawful internet gambling web sites. Those in the technology industry should follow the movements of this bill because it attempts to regulate electronic commerce in the name of fighting terrorism.
The means by which consumers and gambling site owners interact credit card payments and wire transfers also happens to be a medium open to abuse by those with criminal intentions. If you prohibit the credit card payments, then you negate the possibility that some of these payments will go to terrorists. According to Rep. Joseph Pitt, R-Pa, it may be impossible to keep illegal gambling sites off the World Wide Web, but it is entirely possible to prevent American credit card companies from completing these transactions that these crooks need to make their money. The text of the bill states that law enforcement has identified internet gambling as a significant money laundering vulnerability (emphasis added).
The bill s line of reasoning goes something like this: internet gambling
consumers pay by use of credit cards and wire transfers; credit cards and
wire transfers are payment mechanisms often utilized by criminal money
laundering operations; terrorists utilize money laundering schemes;
therefore, some consumers of internet gambling may in fact be criminals
laundering money to further terrorism. ... [Politech]
disLEXia, a research project by Maximillian Dornseif
 |  |  | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
   |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |  |  | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||