Early Sunday morning, a suspected pipe bomb exploded at the entrance of the Edward J. Schwartz Federal Courthouse at 940 Front Street in San Diego, California. The explosion shattered a glass door, damaged the lobby, and punched a hole in a building window across the street. No one was injured.
For more details, see: http://www.fbi.gov/page2/may08/sandiego_050408.html
Interesting use of PDAs:
SAP, RIM to let BlackBerry users access ERP apps http://cwflyris.computerworld.com/t/3210885/6339517/111888/2/
Windows XP SP3 still officially AWOL, but can be found on BitTorrent, Microsoft servers http://cwflyris.computerworld.com/t/3210885/6339517/111883/2/
--US Court Says Making Music Available is Not Copyright Infringement (April 29 & 30, 2008) A US District Court judge in Arizona has denied the Recording Industry Association of America's (RIAA) request for a summary judgment against Pamela and Jeffrey Howell for making music files on their computer available to filesharers. The Howells copied music files from CDs they owned onto their computer and downloaded peer-to-peer file sharing software onto the same machine. Judge Neil V. Wake said that merely making music files available is not tantamount to distribution or primary copyright infringement. Even if the Howells had placed the files in a shared folder, which they maintain they did not, they would be responsible only for contributing to copyright infringement if someone copied the file. The RIAA maintains the couple is guilty of piracy and offered screenshots that show the music files as publicly available. Jeffrey Howell said that Kazaa copied content from folders that were not public. The Electronic Frontier Foundation (EFF) has filed an amicus brief on behalf of the Howells. The suit will now go to trial.
http://www.informationweek.com/news/personal_tech/music/showArticle.jhtml;?articleID=207403664
http://www.news.com/8301-10784_3-9932004-7.html?part=rss&subj=news&tag=2547-1_3-0-20
[Editor's Note (Shpantzer): In a separate federal court decision, the songwriters and publishers are owed untold millions by online music streaming companies, including RealNetworks, Yahoo! and AOL in this recent case:
http://www.news.com/8301-10784_3-9933626-7.html?tag=nefd.top ]
--Court Ruling on Electronic Border Searches (April 23, 30 & May 1, 2008) The Association of Corporate Travel Executives (ACTE) is warning members "and all business travelers to limit proprietary information on laptop computers when crossing US borders." ACTE issued the warning after an April 21 federal appeals court decision that "gives customs officials the unfettered authority to examine, copy, and seize traveler's laptops
- - without reasonable suspicion." The decision covers a range of electronic devices; in addition to seizing data from laptops, US Customs and Border protection officials can seize data from cell pones, handheld computers, digital cameras and USB drives. The EFF, the American Civil Liberties Union (ACLU), and the Business Travel Coalition have written a letter asking that the House Committee on Homeland Security "consider legislation to prevent abusive search practices by border agents and protect all Americans against suspicionless digital border inspections."
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9081358&source=rss_topic17
http://www.acte.org/resources/press_release.php?id=284
http://www.theregister.co.uk/2008/05/01/electronic_searches_at_us_borders/print.html
[Editor's Note (Ranum): It's as if someone in the administration mistook his copy of "1984" for a road-map not a novel.
(Schultz): Customs officials' ability to seize any kind of property without reasonable suspicion lamentably once again shows the current level of disregard for individual rights in the United States. Big brother is not only watching; big brother is being totalitarian.
(Honan) A number of organisations outside the US have banned staff from travelling to the US with laptops or other electronic devices.]
--Man Draws 18-Month Sentence for Infecting NASA Employee's Computer (May 1, 2008) A Nigerian man has received an 18-month prison sentence for tricking a NASA employee into installing spyware on her computer. Posing as a man from Texas, Akeem Adejumo met the woman on an online dating site. He sent a phony photograph to the woman at her work email address; when she opened it, her computer was infected with spyware. While it did not spread to other NASA computers, it did capture her email, passwords, Social Security number (SSN) and other sensitive information, including 25,000 screen shots. Some NASA information was taken as well, but the woman did not have access to sensitive data. NASA IT security team sensors detected the screenshots being sent from the network and began an investigation. Through analysis of traffic logs, and email account information obtained through warrants and subpoenas, investigators determined the attacker's IP address and contacted law enforcement officials in Nigeria.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9081838&source=rss_topic17
[Editor's Note (Northcutt): A key point is that he did the online dating scam from Nigeria pretending to be in Texas and tried this on several hundred women with more than a few successes. According to the DOJ press release NASA Office of Inspector General worked pretty hard on this one.
But the big key is that NASA detected the information being sent out. A lot of organizations that blindly trust in their IPS would not detect the bad event:
http://www.usdoj.gov/usao/dc/Press_Releases/2008%20Archives/April/08-099.html ]
--Former UCLA Medical Center Employee Indicted For Allegedly Selling Celebrity Medical Info (April 30, 2008) A federal grand jury has indicted Lawanda Jackson for allegedly using her position as an administrative specialist at UCLA Medical Center to access celebrities' health records and selling the information to tabloids. Lawanda Jackson could receive a prison sentence of up to 10 years if she is convicted. Additional defendants may be charged in the case. Jackson allegedly accessed information about Farrah Fawcett, Maria Shriver, and 60 other well-known people, and allegedly leaked medical information about Fawcett to a tabloid. The charges against Jackson were brought under the Health Insurance Portability and Accountability Act (HIPAA). Jackson resigned from UCLA Medical Center last summer.
http://www.latimes.com/news/local/la-me-ucla30apr30,0,6169637,full.story
[Editor's Note (Ranum): Ultimately, all computer security problems resolve down to trust. The broader question is "why did an administrative specialist" have unfettered read access to a patient database?"
(Paller): Databases can lock down access as Marcus points out. The counter question is whether medical service will be substantively damaged by limiting access to information. This is one of a series of tough issues medical facilities are facing as organized crime groups increasingly target them for data theft/extortion schemes. ]
--Israeli PIs Sentenced for Using Trojan to Steal Data (April 28 & 29, 2008) Four Israeli private investigators have been sentenced for using Trojan horse programs to steal sensitive data. All four worked at the Modi'in Ezrahi private investigation firm. Three of the four were given jail terms of between nine and 18 months; the other was fined 250,000 Israeli shekels (US $72,565) and given 10 months of probation. Three other defendants were also fined and had their private investigator's licenses revoked. The malware used in the case was developed by Michael and Ruth Haephrati and sold to the agency; the Haephratis were sentenced to jail in 2006.
http://www.theregister.co.uk/2008/04/29/spyware-for-hire/print.html
http://www.jpost.com/servlet/Satellite?cid=1208870514347&pagename=JPost%2FJPArticle%2FShowFull
http://www.techworld.com/security/news/index.cfm?newsID=12121&pagtype=all
http://www.vnunet.com/vnunet/news/2215484/gumshoes-come-unstuck-trojan
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment