Thread: Security News-23/09/05

Hilton hacker sentenced to juvenile hall

A Massachusetts teen who admitted to accessing T-Mobile USA's internal systems and posting data from Paris Hilton's cell phone on the Web will serve 11 months in a juvenile facility, CNET reports.

Having gained access to T-Mobile USA's systems, the teen found information Paris Hilton stored on her Sidekick, a mobile device that lets users make calls, surf the Web, take pictures, and send e-mail and instant messages.

The unnamed teen subsequently published the information, which included racy pictures and phone numbers of Hilton's celebrity contacts, on the Web. The numbers included those of rapper Eminem, actor Vin Diesel, singers Christina Aguilera and Ashlee Simpson, and tennis players Andy Roddick and Anna Kournikova.

The young man was sentenced to 11 months of detention in a juvenile facility, to be followed by two years of supervised release. During the entire period, he is barred from owning or using a PC, cell phone or any other device that can access the Internet.

The perpetrator's name is not being disclosed because he is a juvenile.

Read the full story:
http://news.com.com/Hilton+hacker+se...ml?tag=cd.lede


Hackers work to exploit latest Firefox flaw
Online September 14, 2005

Security researchers claim to have found ways to exploit a serious bug in Firefox and Mozilla Web browsers, a sign that attacks could be on the way, ZDNet UK reports.

Disclosure of a flaw typically starts a race in the security community to exploit it. In the past few days, at least two security researchers have posted messages to popular security mailing lists claiming they have found ways attackers could take advantage of the vulnerability.

The vulnerability, which could let attackers secretly run malicious software on PCs, was disclosed on Thursday. The Mozilla Foundation responded swiftly and released a temporary fix on Friday.

The problem also affects the latest Netscape Web browser, according to security experts. Netscape is investigating the issue, a company representative said on Tuesday.

Read the full story:
http://news.zdnet.co.uk/internet/sec...9218113,00.htm

Get the temporary fix for Firefox and Mozilla browsers:
https://addons.mozilla.org/messages/307259.html


FBI warns about fake Katrina charity Web sites
Online September 14, 2005

Many of the 4,000 Web sites advertising relief services for Hurricane Katrina could be fake and about 60 percent of them come from overseas -- a sign they may be bogus, the FBI said on Tuesday, according to a Reuters news article.

Senior FBI and Justice Department officials warned Americans who want to donate money to the relief effort to be cautious to avoid fraudulent charities, including those that pretend to be major organizations like the Red Cross.

U.S. Attorney General Alberto Gonzales said some of the bogus sites had been shut down but would not give details on the number or how many investigations had been launched.

The Red Cross' general counsel, Mary Elcano, said the organization had hired a security company to scan the Internet for fake e-mails that try to trick people into providing credit card numbers and personal information on a Web site that looks like the one run by the Red Cross.

Read the full story:
http://today.reuters.com/news/newsAr...A-FRAUD-DC.XML


Firefox flaw gets temporary fix
Online September 13, 2005

Mozilla is giving Firefox users the chance to protect themselves against a serious flaw that was publicised last week, ZDNet UK reports.

The temporary fix protects against attacks that take advantage of a new, unpatched flaw that could let attackers to secretly run malicious software on users' PCs. The flaw was disclosed late Thursday, sending Mozilla staff into damage-control mode.

The problem has to do with the way the Firefox and Mozilla browsers handle International Domain Names, or IDNs, said Mike Schroepfer, director of engineering at Mozilla. IDNs are domain names that use local language characters. The fix disables support for such Web addresses, he said.

Though there is no known attack that takes advantage of the flaw, Mozilla advises Firefox and Mozilla users to disable IDN. "Luckily we do not have any known use of this exploit, but it is fairly critical if there were to be (an attack), so this is a recommended download," Schroepfer said.

Mozilla expects to fix the vulnerability in beta 2 of Firefox 1.5, the next release of the open-source Web browser. Beta 2 is due October 5 and the final release of 1.5 is expected by year's end.

Read the full story:
http://news.zdnet.co.uk/internet/sec...9217813,00.htm

Download the temporary fix:
https://addons.mozilla.org/messages/307259.html


Read more news at http://www.bullguard.com/news
'till next week


The BullGuard Team
BullGuard Limited, 823 Salisbury House, 29 Finsbury Circus, EC2M 5QQ London, United Kingdom