Security information, Articles, and discussion

Does Anti-Spamming law violate free speech?

jd4fox23 — Thu, 06 Mar 2008 21:28:39 GMT

Virginia's anti-spamming law does not violate free speech, court rules

By Larry O'Dell

updated 12:10 p.m. PT, Fri., Feb. 29, 2008

RICHMOND, Va. - A divided Virginia Supreme Court affirmed the nation's first felony conviction for illegal spamming on Friday, ruling that Virginia's anti-spamming law does not violate free-speech rights.

Jeremy Jaynes of Raleigh, N.C., considered among the world's top 10 spammers in 2003, was convicted of massive distribution of junk e-mail and sentenced to nine years in prison.

Almost all 50 states have anti-spamming laws. In the 4-3 ruling, the court rejected Jaynes' claim that the state law violates both the First Amendment and the interstate commerce clause of the U.S. Constitution.

"This is a historic victory in the fight against online crime," state Attorney General Bob McDonnell said in a written statement. "Spam not only clogs e-mail inboxes and destroys productivity; it also defrauds citizens and threatens the online revolution that is so critical to Virginia's economic prosperity."

Justice Elizabeth Lacy wrote in a dissent that the law is "unconstitutionally overbroad on its face because it prohibits the anonymous transmission of all unsolicited bulk e-mail including those containing political, religious or other speech protected by the First Amendment to the United States Constitution."

Jaynes allegedly used aliases and false Internet addresses to bombard Web users with junk e-mails peddling sham products and services. The court's majority said misleading commercial speech is not entitled to First Amendment protection.

"Unfortunately, the state that gave birth to the First Amendment has, with this ruling, diminished that freedom for all of us," Jaynes' lawyer, Thomas M. Wolf, said in a written statement. "As three justices pointed out in dissent, the majority's decision will have far reaching consequences. The statute criminalizes sending bulk anonymous e-mail, even for the purpose of petitioning the government or promoting religion."

Prosecutors presented evidence of 53,000 illegal e-mails Jaynes sent over three days in July 2003. But authorities believe he was responsible for spewing 10 million e-mails a day in an enterprise that grossed up to $750,000 per month.

Jaynes was charged in Virginia because the e-mails went through an AOL server in Loudoun County, where America Online is based.

The court rejected Jaynes' claim that Virginia's law violates the interstate commerce clause because it regulates activity outside Virginia. Justice Steven Agee wrote that "the effects of this statute on interstate commerce are incidental and do not impose an undue burden."

http://www.msnbc.msn.com/id/23411441/

Virus from China the gift that keeps on giving

jd4fox23 — Fri, 22 Feb 2008 19:08:34 GMT

An insidious computer virus recently discovered on digital photo frames has been identified as a powerful new Trojan Horse from China that collects passwords for online games - and its designers might have larger targets in mind.

"It is a nasty worm that has a great deal of intelligence," said Brian Grayek, who heads product development at Computer Associates, a security vendor that analyzed the Trojan Horse.

The virus, which Computer Associates calls Mocmex, recognizes and blocks antivirus protection from more than 100 security vendors, as well as the security and firewall built into Microsoft Windows. It downloads files from remote locations and hides files, which it names randomly, on any PC it infects, making itself very difficult to remove. It spreads by hiding itself on photo frames and any other portable storage device that happens to be plugged into an infected PC.

The authors of the new Trojan Horse are well-funded professionals whose malware has "specific designs to capture something and not leave traces," Grayek said. "This would be a nuclear bomb" of malware.

<more>

http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/02/15/BU47V0VOH.DTL

Web browsers on the front line of exploitation

jd4fox23 — Fri, 22 Feb 2008 18:48:41 GMT

Cybercriminals are stepping up their efforts to exploit vulnerabilities in web browsers to spread malware using drive-by download techniques.

Research by Google's anti-malware team on three million unique URLs on more than 180,000 websites automatically installed malware onto vulnerable PCs.A security report from IBM's X-Force division said cybercriminals are "stealing the identities and controlling the computers of consumers at a rate never before seen on the internet".

A complex underground economy has developed in services designed to make exploits more potent, involving tools to camouflage attacks on browsers.

"In 2006, only a small percentage of attackers employed camouflaging techniques, but this number soared to 80 per cent during the first half of 2007, and reached nearly 100 per cent by the end of the year. The X-Force believes the criminal element will contribute to a proliferation of attacks in 2008," IBM's security division said.

Miscreants are stealing online credentials from compromised machines or using them as a resource to send spam or mount hacking attacks, it adds. ®

http://www.theregister.co.uk/2008/02/15/browser_exploitation/

Theft of personal data more than triples

jd4fox23 — Fri, 22 Feb 2008 18:55:57 GMT

Thieves are systematically pilfering sensitive personal data from companies, government agencies, colleges and hospitals like never before.

More than 162 million records have been reported lost or stolen in 2007, triple the 49.7 million that went missing in 2006, according to USA TODAY's analysis of data losses reported over the past two years.

This year, news stories have been written about data losses disclosed by 98 companies, 85 schools, 80 government agencies and 39 hospitals and clinics, according to a database at tech security website Attrition.org.

Arrests or prosecutions have been reported in just 19 cases.

http://www.usatoday.com/money/industries/technology/2007-12-09-data-theft_N.htm

They're called "servers that lie."

jd4fox23 — Fri, 22 Feb 2008 19:06:22 GMT

They're called "servers that lie."

Mendacious machines controlled by hackers that reroute Internet traffic from infected computers to fraudulent Web sites are increasingly being used to launch attacks, according to a paper published this week by researchers with the Georgia Institute of Technology and Google Inc. (GOOG)

The paper estimates roughly 68,000 servers on the Internet are returning malicious Domain Name System results, which means people with compromised computers are sometimes being directed to the wrong Web sites - and often have no idea.

The peer-reviewed paper, which offers one of the broadest measurements yet of the number of rogue DNS servers, was presented at the Internet Society's Network and Distributed System Security Symposium in San Diego.

The fraud works like this: When a user with an affected computer tries to go to, for example, Google's Web site, they are redirected to a spoof site loaded with malicious code or to a wall of ads whose profits flow back to the hackers.

The hackers who hijack DNS queries are looking to steal personal information, from e-mail login credentials to credit data, and take over infected machines.

The spoof sites run the gamut. Some are stunningly convincing, others amusingly bogus with spelling errors and typos.
<more>

http://apnews.myway.com/article/20080213/D8UPLR9G0.html

Subverted search sites lead to massive malware attack in progress

jd4fox23 — Fri, 22 Feb 2008 18:57:43 GMT

A large-scale, coordinated campaign to steer users toward malware- spewing Web sites from Google and other Internet search engines is under way, security researchers said Tuesday.

Users searching Google, Yahoo, Microsoft Live Search and other engines with any of hundreds of legitimate phrases -- from the technical "how to cisco router vpn dial in" to the heart-tugging "how to teach a dog to play fetch" -- will see links near the top of the results listings that lead directly to malicious sites hosting a mountain of malware.

"This is huge," said Alex Eckelberry, Sunbelt Software's CEO. "So far we've found 27 different domains, each with up to 1,499 [malicious] pages. That's 40,000 possible pages."

Those pages have had their search site ranking boosted by crooked tactics that include "comment spam" and "blog spam," where bots inundate the comment areas of sites with links or mass large numbers of them as bogus blog posts. Attackers may be using bots to plug links into any Web form that requests a URL, added Sunbelt malware researcher Adam Thomas.

There's no evidence that the criminals bought search keywords, however, nor that they've compromised legitimate sites. Instead, they've gamed search site ranking systems and registered their own sites.

"They get themselves on to Google, then redirect people to their malware pages," said Eckelberry. Most users wouldn't suspect anything's amiss with the rogue results, although the ultra-wary might be suspicious because many of the malicious URLs are just a jumble of characters, with China's .cn top-level domain at their ends.

Once shunted to a malware-hosting site, the user might face a fake codec installation dialog. If the user doesn't bite, the page's IFRAME will get him, said Thomas. "This is what's doing the most damage," he said. "It's loaded with every piece of malware you can think of, including fake toolbars, rogue software and scareware."

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9049269&intsrc=news_ts_head

Three year old worm accounts for almost a quarter of email-borne malware

jd4fox23 — Fri, 22 Feb 2008 18:54:05 GMT

IT security and control firm Sophos has revealed the most prevalent malware threats and countries causing problems for computer users around the world during November 2007.

The study, compiled by Sophos's global network of monitoring stations, has shown that old-timer, Traxg, has leapt to number two in the chart, accounting for nearly 25 percent of all recorded email-borne malware in November, despite first being detected more than three years ago in October 2004. Pushdo once again topped the chart in November, in a month that has seen the malware author continue to release a number of variants, including the latest offering - a naked video of Britney Spears - in an attempt to entice and dupe unwary users.

Details here:- http://www.sophos.com/pressoffice/news/articles/2007/12/toptennov07.html

THE THREAT OF COMPUTER CRIME AND IDENTITY THEFT

jd4fox23 — Fri, 22 Feb 2008 18:51:17 GMT

THE THREAT OF COMPUTER CRIME AND IDENTITY THEFT

As information technology increasingly pervades every aspect of our society, the opportunities for criminals to take advantage of it has commensurately increased. One of the most significant harms of this criminal exploitation of computers and computer networks has been the rise of identity theft. Identity theft is pervasive throughout the United States and around the world. Every day criminals hunt for our personal and financial data so that they can use the data to commit fraud or sell the data to other criminals.

So begins this Department of Justice ..........

STATEMENT OF
ANDREW LOURIE
ACTING PRINCIPAL DEPUTY ASSISTANT ATTORNEY GENERAL
AND CHIEF OF STAFF
CRIMINAL DIVISION
UNITED STATES DEPARTMENT OF JUSTICE
BEFORE THE
UNITED STATES HOUSE OF REPRESENTATIVES
COMMITTEE ON THE JUDICIARY
SUBCOMMITTEE ON CRIME,
TERRORISM, AND HOMELAND SECURITY
CONCERNING
“PRIVACY AND CYBERCRIME ENFORCEMENT ACT OF 2007””
PRESENTED
DECEMBER 18, 2007

http://www.cybercrime.gov/LourieTestimony121807.pdf

Disk Encryption Not Secure

jd4fox23 — Fri, 22 Feb 2008 18:50:07 GMT

A team including the Electronic Frontier Foundation (EFF), Princeton University, and other researchers have found a major security flaw in several popular disk encryption technologies that leaves encrypted data vulnerable to attack and exposure.

"People trust encryption to protect sensitive data when their computer is out of their immediate control," said EFF Staff Technologist Seth Schoen, a member of the research team. "But this new class of vulnerabilities shows it is not a sure thing. Whether your laptop is stolen, or you simply lose track of it for a few minutes at airport security, the information inside can still be read by a clever attacker."

The researchers cracked several widely used disk encryption technologies, including Microsoft's BitLocker, Apple's FileVault, TrueCrypt, and dm-crypt. These "secure" disk encryption systems are supposed to protect sensitive information if a computer is stolen or otherwise accessed. However, in a paper and video published on the Internet today, the researchers show that data is vulnerable because encryption keys and passwords stored in a computer's temporary memory -- or RAM -- do not disappear immediately after losing power.

"These types of attacks were often though to be in the realm of the NSA," said Jacob Appelbaum, an independent computer security researcher and member of the research team. "But we discovered that on most computers, even without power applied for several seconds, data stored in RAM seemed to remain when power was reapplied, We then wrote programs to collect the contents of memory after the computers were rebooted."

<more>

http://www.eff.org/press/archives/2008/02/21-0