March 2006

Sites represent a growing movement to fight back against growing security problem
InfoWorld
By Robert McMillan, IDG News Service
March 27, 2006

Security vendors are launching two Web sites aimed at helping people report and avoid phishing attacks. The Phishing Incident Reporting and Termination Squad (PIRT) is as a volunteer effort designed to take down phishing sites; CipherTrust’s PhishRegistry.org site, due to be launched Tuesday, will be a service designed to warn legitimate Web sites when they are being spoofed by phishers.

Last week, Microsoft pledged to bring about 100 legal actions against phishers in Europe, the Middle East and Africa (EMEA) over the next few months. Organizations such as the Anti-Phishing Working Group and Digital PhishNet already have been formed to combat this growing problem.

Better Website Identification and Extended Validation Certificates in IE7 and Other Browsers.
IEBlog

Berkeley researchers propose a Mozilla extension to stop phishing. (pdf)

MIT spam conference focuses on phishing.
By Cara Garretson
NetworkWorld.com
03/29/06

Large well-respected companies are helping to fund the virulent spread of unwanted and potentially harmful “adware” by paying for advertisements generated by those programs,

Centre for Democracy and Technology.

Following the Money: How Advertising Dollars Encourage Nuisance and Harmful Adware and What Can be Done to Reverse the Trend

CDT Adware Report (Updated 3/21/06) [PDF]
Press Release March 20, 2006 [PDF]

If you cannot connect to AOL after running LiveUpdate on March 15, 2006

A Symantec Intrusion Detection signature that was included in the March 15 LiveUpdate caused this problem.

Symantec has updated the signature to fix this problem.

Follow the steps for the product that you use.

If you are unable to go online because of the issue, you may have to disable the Norton software, connect to the Internet and immediately download updated definition files.
Then re-enable the software.

USA TODAY

Twenty-seven people from nine U.S. states and Canada, Australia and Britain have been charged with possession, receipt, distribution and manufacture of child pornography

“This (bust) is a very significant event. The multinational approach was really important,” said Ernie Allen, president of the National Center for Missing & Exploited Children.

Eighteen prominent banks, credit card companies and Internet service providers joined Allen Wednesday in launching the new Financial Coalition Against Child Pornography. Among them: American Express, Chase, Citigroup, MasterCard, Visa, Bank of America, Microsoft, PayPal and Yahoo.

“If people were purchasing heroin or cocaine and using their credit cards, we would be outraged and do something about it. This is worse, ” said Sen. Richard Shelby, R-Ala., chairman of the Senate’s banking committee and a founding organizer of the coalition.

An Article from October 3, 2004
The Age
A US operation tracks web porn from Russian crime groups to Australia, writes Max Blenkin.

It all started in the French city of Lyons eight months ago. Stunned Australian Federal Police were presented with computer disks with excruciating details of the internet child porn obsessions of up to 500 Australians.

The international headquarters of Interpol is in Lyons. It was there that US investigators revealed the fruits of their investigation into a lucrative racket run from the former Soviet republic of Belarus. By then the writing was on the wall for the international network of porn sites uncovered in the lead-up to this week’s crackdown on internet child abuse.

The previous month, US Attorney-General John Ashcroft had revealed the existence of Operation Falcon and the indictment of porn website company Regpay, a company operating from Belarus, and the US firm, Connections USA.

Regpay processed subscriptions for third-party internet websites, while Connections USA provided Regpay with credit card processing services for those subscriptions.

“Regpay allegedly processed nearly US$3 million ($A4.1 million) in subscription fees by persons seeking pornography - much of it being child pornography,” Mr Ashcroft said.

The beneficiaries were Russian organised crime groups.

Copywrite © original authors

European Commission launches public consultation on radio frequency ID tags.
09/03/2006

Radio Frequency Identification Devices (RFID), which will soon replace bar codes in your supermarket, offer tremendous opportunities for business and society. But their power to report their location, identity and history also raises serious concerns about personal privacy and security, as well as technical interoperability and international compatibility. To address these concerns - some of which may well require legislative responses -, the European Commission launched on 9 March a comprehensive public consultation with a high-level Conference on RFID at the CeBit 2006 trade fair in Hannover, Germany.

“RFID tags are far cleverer than traditional bar codes. They are the precursors of a world in which billions of networked objects and sensors will report their location, identity, and history�? said Information Society and Media Commissioner Viviane Reding. “These networks and devices will link everyday objects into an ‘internet of things’ that will greatly enhance economic prosperity and the quality of life. But as with any breakthrough, there is a possible downside – in this case, the implications of RFID for privacy. This is why we need to build a society-wide consensus on the future of RFID, and the need for credible safeguards. We must harness the technology and create the right opportunities for its use for the wider public good.�?

Meanwhile:

Dutch researchers at The Department of Computer Science Vrije Universiteit Amsterdam have made Radio Frequency Identification (RFID) “malware” publicly available.

While we have some hesitation in giving the “bad guys” precise information on how to infect RFID tags, it has been our experience that when talking to people in charge of RFID systems, they often dismiss security concerns as academic, unrealistic, and unworthy of spending any money on countering, as these threats are merely “theoretical.” By making code for RFID “malware” publicly available, we hope to convince them that the problem is serious and had better be dealt with, and fast. It is a lot better to lock the barn door while the prize race horse is still inside than to deal with the consequences of not doing so afterwards.

Think supermarket RFID scans, subdermal pet ID tags, airport baggage handling and you get the possible scenario.

Irc is a great way to communicate and learn new stuff.
One of the networks I use is irc.wyldryde.org.

WyldRyde is home to many different types of chat rooms. Some chat specialize in one topic, while others welcome open discussion. We are also home to many official chats for popular web sites, computer user groups, open source projects, and anti-spyware projects. No matter what your interest, you’re likely to find a channel that fits your interests.

FAQ ( Frequently Asked Questions)

To start chatting on WyldRyde you can load their easy to use Web Chat.

If you are a more experienced computer user you could download an IRC Client and connect that way.

Do make sure you do your homework on which one is right for you and compatible with your operating system.

WyldRyde Active Channels

There is a HELP Channel where you can pose any questions you may have if you canot find the answer in the faqs; you will find the volunteer staff to be helpful and friendly.

IRC is huge and has thousands of users. If you have family members using the internet help them to stay safe.

As always, make sure you have updated security programs installed.

March 10, 2006
By Michael Santo
Contributing Writer, RealTechNews
Excel = Virus … At Least to McAfee

Because of an error in a virus definition update, McAfee’s antivirus product was, for a brief time today, quarantining or deleting, depending upon your settings, Excel and other applications from PCs.

McAfee update exterminates Excel
Published: March 10, 2006
By Joris Evers
Staff Writer, CNET News.com

McAfee has been able to pinpoint the cause of the problem and hopes it can avoid it in the future, Telafici said.

The problem occurred with virus definition file 4715, which was released at about 10:45 a.m. on Friday as part of McAfee’s daily update cycle. The repaired, emergency-definition file 4716 was pushed out at about 3:30 p.m.

McAfee Anti-Virus Causes Widespread File Damage
it.slashdot.org
Posted by Roblimo on Monday March 13, 2006

AJ Mexico writes, “[Friday] At my company, tens of thousands of files were deleted from dozens of servers and around 2000 user machines. Affected applications included MS Office, and products from IBM (Rational), GreenHills, MS Office, Ansys, Adobe, Autocad, Hyperion, Win MPM, MS Shared, MapInfo, Macromedia, MySQL, CA, Cold Fusion, ATI, FTP Voyager, Visual Studio, PTC, ADS, FEMAP, STAT, Rational.”

McAfee 4715 DAT False Positive Deletion Reports Follow-up

Copywrite © original authors

Microsoft TechNet
Updated: March 9, 2006

As part of the monthly security bulletin release cycle, Microsoft provides advance notification to our customers on the number of new security updates being released, the products affected, the aggregate maximum severity and information about detection tools relevant to the update. This is intended to help our customers plan for the deployment of these security updates more effectively.

US Citibank customer Jacob Appelbaum posted on the blog site Boing Boing details of the problems he had after using a Canadian ATM.
Full text of Jake’s account.