23-year-old arrested in Emulex hoax
Federal law enforcement authorities today arrested a 23-year-old
Southern California student in the stock manipulation case of
technology company Emulex, which saw its stock plunge more than
50 percent last week as investors reacted to a fake news
announcement. Mark Simeon Jakob, a resident of El Segundo, Calif.,
and a student at El Camino Community College, is accused of wire
fraud, acting with intent to defraud, participating in a scheme
to defraud and securities fraud. Jakob worked at Internet Wire,
the corporate news service that distributed the faux press
release, until Aug. 18. He was known to openly talk about trading
stocks, authorities said. According to U.S. Attorney Alejandro
Mayorkas, Jakob sent an email from the library at El Camino
Community College to Internet Wire with a phony Emulex press
release that "reflected familiarity with the procedures used" by
the service. Mayorkas said Jakob had been a student at the college
and had been seen using the computers the night the email was sent
to Internet Wire.
Charges brought in Parametric extortion case
A federal grand jury has indicted a 39-year-old Florida man for
allegedly trying to extort more than $1 million from Parametric
Technology, a maker of computer-aided-design software, the office
of the U.S Attorney for Massachusetts said Thursday. Michael
Pitelis, of Tarpon Springs, Florida, was indicted on charges of
attempted computer extortion for allegedly threatening to release
the "keys" to operate Parametric's flagship design software,
Pro/Engineer, if he did not receive more than $1 million. The
passwords and codes would have given users free access to all
the functions of the 20th version of Pro/Engineer, which typically
costs more than $100,000. Pitelis will be arraigned on charges
Friday in the United States District Court in Boston. If he is
found guilty, Pitelis could receive a maximum sentence of 20 years
in prison and a $250,000 fine.
Security gaffe gores Bull's servers
A security flaw at Bull on Thursday briefly allowed anyone
access to the IT company's servers, offering up confidential
information on both the company and its high-profile customers.
Those customers include France Telecom, UK bank Barclays, the
British Royal Air Force, the Italian Army and A=E9rospatiale's
missile division, among others. The flaw was fixed about noon
local time on Thursday. Bull -- IBM's main competitor in France
-- told ZDNet France that the hole had appeared that morning.
The breach allowed any surfer access to highly sensitive
information -- including, for example: Which servers are
installed in the missile branch of A=E9rospatial; Details on the
type and location of servers used for the French national police
database of stolen vehicles; Information on current Barclays
projects; French bank Credit Agricole's security initiatives;
The phone number of the billing supervisor at France Telecom;
Information on the UK's Royal Air Force. Supposed to remain
confidential The information was available on a Web site that
contains an international database for Bull employees, with
real-time customer information.
Justice Dept. Urges Cops To Keep Up With Cybercrime
Criminals who perpetrate crimes using the latest gizmos and
Internet technology could soon outfox authorities unless law
enforcement agencies act quickly to control and contain
cybercrime, the US Justice Department said today. A report
issued today by the Justice Department's National Institute
of Justice urges state, local and regional law enforcement
agencies to increase and update training programs for officers
and investigators to enable them to keep up with would-be
cyber-criminals. The DOJ's report also calls for the creation
of regional electronic crime task forces. "Computer and
high-tech crime is one of the greatest challenges confronting
the law enforcement community around the world," said US
Attorney General Janet Reno. "Through the collaborative efforts
of both the public and private sector, we can make significant
progress toward developing the tools we need to fight cybercrime
and reduce its occurrence in our country."
Copies of the report can be information on NIJ's Website at;
Firm offers classes for hacker detectives
Computer security consultancy company Foundstone announced
Thursday classes designed to train IT professionals in the
art of investigating incidents of malicious hacking. The
new training will cover four major areas: "Incident Detection",
"Tracking Backdoor and Privilege Escalation Attacks",
"Incident Investigation", and "Evidence Collection".
President of Foundstone Stuart McClure believes that the new
classes will offer vital help to network administrators in
tracking down even the most advanced malicious computer
attackers. "Hackers and insiders have a growing number of
tools for stealing information, performing unlawful and
unauthorised activity, and covering their tracks," comments
McClure. "Security professionals are often overwhelmed,
causing attacks to be ignored or mistakenly diagnosed as
network problems. Our class will teach how to identify even
the most well hidden attacks."
Investors call for action to curb hacking
It could almost be a film script. The Federal Bureau of
Investigation (FBI) is attacked by hackers who wreck havoc
by flooding its website with false requests and bring it
to a standstill. Yet this is what happened earlier this
year. Tricks such as these, known as denial-of-service
attacks, have become a real threat to some of the world's
biggest online names. Between February 8 and 22, Yahoo,
the portal company, lost $ 17.2 billion in market value
after it ground to a halt during such an attack. In one
recent case, an 18-year-old hacker, Raphael Gray, used
the alias Curador to down-load 26,000 credit-card numbers
from financial companies. Then he posted 6,500 of them on
the internet. He said he did this to highlight how weak
information security is in Britain.
A new era for computer viruses?
Will catching a computer virus one day be just like catching
a cold? What if merely sitting next to the wrong person on
the bus could not only give you sniffles, but could erase all
your morning appointments or drain your cell phone=92s power?
For years, computer security experts have engaged in such
whimsical hypotheticals. But the recently discovered Palm
Pilot virus suggests that a frightening new era of computer
viruses =97 one where they spread more like biological viruses
=97 has begun.
No easy way to exterminate 'Web bugs'
Consumers worried about privacy won't get a good solution
to Internet "Web bugs" any time soon, privacy and security
experts said Thursday. Web bugs -- special HTML coding that
requests information over the Internet and returns
information about the user -- allow online marketers to track
consumers and corporations to protect proprietary data. "The
benefits of the feature outweigh the tracking risks," said
Richard Smith, chief technology officer for the Privacy
Foundation in Denver. On Wednesday, the foundation released
a report that put all Internet-enabled applications -- not
just Microsoft Corp.'s Word, Excel and PowerPoint -- in the
spotlight as new staging grounds from which marketers and
employers can track users. By embedding HTML code in a
document mailed to or downloaded by users, anyone can be
identified by their Internet address.
Microsoft adds cookie management to IE 5.5
Microsoft Corp. today said it's ready to ship a promised set
of cookie management features for Internet Explorer 5.5 that
give users of the Web browser the option of deleting cookies
as an added form of privacy. The new cookie controls were
released to about 2,000 users for beta testing last month.
Now, the controls are due to be made available later today
for downloading by all users from Microsoft's IE Web site,
according to officials at the software vendor.
No master keys for me, thank you
With last week's disclosure of a serious loophole in some
versions of the Pretty Good Privacy encryption software,
I'm fighting the temptation to say that I told you so.
I'm losing the fight. I haven't been warning people away
from using PGP. Quite the reverse: Here at eWEEK Labs, we
chose encryption technologies (with PGP a leading example)
as one of the 15 foundations of future IT in our special
15th anniversary report. Strong encryption, enabling
trusted transactions between previously unknown parties
using standards-based public networks, is the foundation
of all future growth in electronic commerce.
Is Anyone Accountable for Net Security Snafus?
The United States is the most litigious country in the world.
People sue McDonald's if their coffee is too hot. Prisoners
sue if their color TVs are taken away. Doctors, lawyers, big
corporations, mom-and-pop corner stores -- no one is immune
to being slapped with a contentious lawsuit. Except, apparently,
Microsoft and all the other high-tech companies who peddle
software with gaping security holes.
The Emotional Side of Cryptography
Encrypting data before storage or transmission involves
a bit of extra work. This often means that people who
ought to be using encryption, instead of relying on the
assumption that their data will not be intercepted, fail
to do so. But it is also true that some of the people who
use encryption are keenly aware of the importance of keeping
their information secret.