Yet another Bagle comes around
McAfee's antivirus research team raised Bagle-AI to a medium threat Monday, based on reported infections among customers. The latest in a long line of variants is a mass-mailer that contains its own SMTP engine to send outgoing messages. It harvests addresses from local files and then sends out spoofed messages with an attachment boasting a password-protected zip file, only the password's in the message body. Bagle-AI also notifies its author when a machine's infected, while halting security programs and other worms. Users should be wary of unexpected messages and continually update AV software.
For more on how to protect your systems, click here.
Students hack their way into hot water
Patrick Foster and Roger Waite, first-year students at Oxford University, hacked their way into potential fines or a ban from university facilities when they attempted to expose shortcomings in the university's IT security. According to The Register, Foster and Waite could be fined £500 or be suspended for breaking into university systems and publishing details in the Oxford student paper. News reports said the two accessed systems containing student's e-mail passwords and other sensitive material within minutes. They face a hearing before the university's Court of Summary Jurisdiction in September.
Lamo no longer 'homeless' hacker
Adrian Lamo, 23, will spend the next six months living at his parents' home in Sacramento, Calif., for breaking into The New York Times' network and running up a huge Lexis-Nexis tab using a Times' account. Lamo, known informally as the "homeless hacker" for his itinerant lifestyle, also was given two years' probation and ordered to pay $64,900 in restitution, according to news reports. He could have received up to five years in prison and $250,000 in fines when he was sentenced last week in a New York federal courtroom. Lamo can leave home to attend college classes but must wear an electronic band and will have only limited use of computers and e-mail.
NIST fingers biometrics' accuracy
A recently released National Institute of Standards and Technology study of 34 commercial biometrics systems shows the most accurate were from Cogent, NEC Corp. and Sagem, according to Federal Computer Week. The best system boasted a 98.6% accuracy rate for single-finger tests, 99.6% two-finger tests and 99.9% when four or more fingers were used. The evaluation, done last fall, involved a database of more than 48,000 sets of prints and is believed to be among the most extensive government agency tests done on the technology. The tests on fingerprints, the most popular body part scanned, were mandated as part of the USA PATRIOT Act.
To view the Fingerprint Vendor Technology Evaluations online, click here.
'Deceptive Duo' has day in court
A California man believed behind "The Deceptive Duo" was due in court this week to answer to federal indictments that he broke into government networks and defaced Web sites. Robert Lyttle, 20, of Pleasant Hill is accused of illegally accessing computer systems in April 2002 belonging to the Defense Department's Logistic Information Service and Office of Health Affairs, as well as NASA's Ames Research Center, Reuters news agency reported. Lyttle now faces up to 16 years in prison and $600,000 in fines if convicted, according to another news account. At the time of the break-ins, the "Deceptive Duo" boasted he'd gained entry into systems using a default password to log into sites using Microsoft SQL servers and a NetBIOS brute force attack.