[iwar] Cybercrime Arrests: Heralding a New Era?

Cybercrime Arrests: Heralding a New Era?
Posted Sunday, November 30, 2003 - 10:02pm by
<mailto:kirkhope@terrorism.com>kirkhope
As the Feds continue to build up their expertise, the cyber community can
expect to see even better enforcement and more savvy tactics in collecting
evidence and preparing for the prosecution of cases, predicts Paul
Robertson, director of risk at TruSecure. The good news about the Federal
Bureau of Investigation's high-profile mass roundup of accused
cybercriminals, in an operations fittingly called "Cyber Sweep," is that it
was an exercise of near-unprecedented cooperation in the annals of cyber
law enforcement. Participants included some 34 state attorney generals, the
U.S. Postal Service, the Secret Service and local law-enforcement agencies.
"It indicates a stepping up of federal agencies going after such crimes,"
Paul Robertson, director of risk at TruSecure, told NewsFactor. "They are
going after more people and getting better and better at it." Robertson
also noted that the feds are garnering better and more coordinated
cooperation from their international and foreign! counterparts. "That is a
huge accomplishment as well," he said. "So many of these crimes either
start or end overseas."
<http://www.newsfactor.com/perl/story/22746.html>Full Story
"

IT security increasingly a cash cow
Posted Sunday, November 30, 2003 - 9:48pm by
<mailto:kirkhope@terrorism.com>kirkhope
Overall budgets unchanged but security's slice of the pie still getting
bigger... Security spending continues to grow despite a capping of overall
IT budgets. Figures released by Meta Group show two-thirds of companies
increased their security spend this year. Security now accounts for 8.2 per
cent of the total IT budget, up from 7.6 per cent in 2002, according to
Meta's 2004 Worldwide IT Benchmark Report. This year there have been a
number of high-profile security threats and the renaissance of the computer
virus, with MS Blast, Slammer and SoBig dominating the headlines.
<http://www.silicon.com/software/security/0,39024655,39117006,00.htm>Full
Story

Security of handhelds far too lax, experts say
Posted Sunday, November 30, 2003 - 9:49pm by
<mailto:kirkhope@terrorism.com>kirkhope
Traversing the carpeted walkways of the Las Vegas Convention Center last
week, Caleb Sima looked like many other programmers at Comdex: young, lean,
laid-back and with a taste for earth tones. What was less apparent is that
he also has a penchant for uncovering new security threats. "I dabble in
cell phone security for fun," said the CTO and co-founder of Spi Dynamics,
an Atlanta company that makes software for uncovering vulnerabilities in
Web applications. Sima spoke on a panel about the growing handheld security
threat, a hot topic at a conference where dozens of mobile network products
were on display. What Sima said he has learned dabbling with cell phone
security is that no one - not software developers, carriers, corporate
network executives and certainly not end users - appears to have looked
seriously at this issue. This, despite the fact that millions of cell
phones are now in the hands of corporate employees.
<http://www.nwfusion.com/news/2003/1124comdex.html>Full Story

Exploit Code on Trial
Posted Sunday, November 30, 2003 - 9:50pm by
<mailto:kirkhope@terrorism.com>kirkhope
Security pros gathering at a Stanford University Law School conference on
responsible vulnerability disclosure Saturday harmonized on the principle
that vendors should be privately notified of holes in their products, and
given at least some time to produce a patch before any public disclosure is
made. But there was pronounced disagreement on the question of whether or
not researchers should publicly release proof-of-concept code to
demonstrate a vulnerability. UK-based security researcher David Litchfield,
of NGS Software, said he publicly swore off the practice after an exploit
he released to demonstrate a hole in Microsoft's SQL Server became the
template for January's grotesquely virulent Slammer worm. At Saturday's
conference, held by the university's Center for Internet and Society,
Litchfield said he wrestled with the moral issues for some time. "At the
end of the day, part of my stuff, which was intended to educate, did
something nefarious, and I don't want to be a p! art of that," said
Litchfield, a prolific bug-finder.
<http://www.securityfocus.com/news/7511>Full Story

Industry May Favor FTC for Reporting Cyber-Security Plans
Posted Sunday, November 30, 2003 - 9:57pm by
<mailto:kirkhope@terrorism.com>kirkhope
Corporate America is leery about filing cyber-security plans with the SEC
because of its lack of expertise. Corporate America managed to thwart
momentum this year for a law that would require public companies to report
cyber-security plans to the Securities and Exchange Commission. Eager to
mollify lawmakers who promised to bring the issue back up next year, the
industry is now working toward a viable alternative. The most aggressive
reporting proposal under way is a draft bill by Rep. Adam Putnam, R-Fla.
The bill would require public companies to file cyber-security plans with
the SEC. Companies are particularly leery of SEC involvement, however,
fearing that the agency lacks cyber-security expertise and that reporting
could be costly. <http://www.eweek.com/article2/0,3959,1394316,00.asp>Full
Story

Online fraud concerns on rise as holiday season nears
Posted Sunday, November 30, 2003 - 10:00pm by
<mailto:kirkhope@terrorism.com>kirkhope
The upcoming holiday shopping season promises to be a busy one not just for
Internet retailers, but for opportunistic online fraudsters and identity
thieves as well. As a result, Internet merchants -- especially smaller ones
-- will need to make sure they have adequate fraud- and theft-detection
processes in place before the rush begins, industry experts warned. "I
think the problem is going to be real bad," said Tom Mahoney, founder of
Merchant911.Org, a 1,600-member forum in which merchants can share
fraud-prevention information. "All the projections we're seeing are for a
significant increase in online sales. Because of this rush, there will be
less time for smaller merchants that do some or all of their own fraud
screening, to do it well," Mahoney said. Expect to see an increase in the
number of successful fraudulent transactions and lost dollars as a result,
he said.
<http://www.computerworld.com/managementtopics/ebusiness/story/0,10801,87443,00.html>Full
Story!
l

[Non-text portions of this message have been removed]

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Buy Ink Cartridges or Refill Kits for your HP, Epson, Canon or Lexmark
Printer at MyInks.com. Free s/h on orders $50 or more to the US & Canada.
http://www.c1tracking.com/l.asp?cid=5511
http://us.click.yahoo.com/mOAaAA/3exGAA/qnsNAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Received on Mon Dec 1 18:18:10 2003