robl writes "140,000 credit card numbers were tested for validity yielding about 62,000 valid credit card numbers and $300,000 of fraudulent charges. A good quote: --- "There wasn't a system in place to say, 'you've generated 140,000 charges, that's more than your normal volume.'" --- As Schneier-heads would say, it's a brittle system -- when the security fails, it fails badly."

MS-NBC - Massive credit card heist suspected. Over 140,000 transactions run through tiny Net firm

Sept. 13 -- A Los Angeles-based Internet company said that 140,000 fake credit card charges, worth $5.07 each, were processed through its transaction system Thursday, in a computer scam that may have affected as many as 25 companies. The apparent fraud suggests that a computer criminal may have obtained a sizable list of stolen credit card numbers and was testing them for validity, credit card fraud expert Dan Clements said.

ZDNet |UK| - Netscape and Mozilla leak Web surfing data.

A newly publicised flaw in Mozilla-based Web browsers allows servers to discover where visitors go after they leave the site

Netscape and other Web browsers based on the Mozilla development project contain a bug that leaks users' Web surfing data, according to a new report.

The bug reveals the URL of the page a user is viewing to the Web server of the site visited last. This allows a Web server to track where users go after they leave the site, even if the next Web address comes from a bookmark or is manually typed into the browser.

Researcher Sven Neuhaus, who published a security alert about the issue to the Bugtraq mailing list on Wednesday, said he had confirmed the bug in Mozilla 1.0, 1.0.1 and 1.1, though it probably also exists in older Mozilla versions. It also appears in browsers based on Mozilla's technology, including Netscape 7 and Galeon, a Linux application, he said.

Slashdot | Privacy Leak in Mozilla and Mozilla-Based Browsers.

Mike S. writes "Mozillazine has pointed users to this story at ZDNet UK which breaks the news about a privacy bug discovered in in all Mozilla builds up to and including 1.2a as well as browsers based on Mozilla such as Netscape 6/7, Chimera and Galeon. The bug allows a web site to track where you're going when leaving the site whether you use a link, a bookmark or type a URL into the address field. This page has a demonstration of the bug and instructions on patching it via a user.js file."

Slashdot | Enigmail Standard In Mandrake 9.0.

AxelTorvalds writes "The Mozilla 1.1 RPMs in Mandrake 9.0 contain the enigmail plugin. It seemlessly encrypts, signs, decrypts and authenticate email with GPG or PGP in the Mozilla Mail client. This is the first major distributor I know of to support enigmail. With this and Evolution and Kmail both supporting GPG and PGP are we at the dawn of that golden age when encrypted email will be commonplace?" --- Update: 09/15 17:26 GMT by T: Borked link fixed.

European Voice - DATA PRIVACY - Data protection at the crossroads This link is an indirect one via Moreover.com - Paid subscription required and I don't have a subscription so I can't provide any interesting pull quotes from the article. Not sure about how long the delay is but supposedly the archive access is free, but registration is still required.

European Voice - DATA PRIVACY - Consumer confidence must be preserved This link is an indirect one via Moreover.com - Paid subscription required and I don't have a subscription so I can't provide any interesting pull quotes from the article. Not sure about how long the delay is but supposedly the archive access is free, but registration is still required.

European Voice - DATA PRIVACY - Parliament U-turn threatens safeguards This link is an indirect one via Moreover.com - Paid subscription required and I don't have a subscription so I can't provide any interesting pull quotes from the article. Not sure about how long the delay is but supposedly the archive access is free, but registration is still required.

European Voice - DATA PRIVACY - Privacy eroded post-11 September, rights group claims This link is an indirect one via Moreover.com - Paid subscription required and I don't have a subscription so I can't provide any interesting pull quotes from the article. Not sure about how long the delay is but supposedly the archive access is free, but registration is still required.

Personal Data Protection Center - Korea. Its in Korean

Digital Chosunilbo (English Edition - Korea) : Personal Information Misuse in Cyber Space Rising .

Personal information crimes in cyberspace reported to the Personal Data Protection Center (www.cyberprivacy.or.kr) totaled 14,181 during last year, up 6.2 times the 2,297 in 2000, according to the Ministry of Information and Communication Sunday. Cases regarding misuse of private information as of July this year totaled 30,975, exceeding two times the total number of reports last year.

By type, misappropriating residents' registration card number and Internet site ID took up 20 percent or 10,299 cases of total from January to May 2002. The ministry said the personal data misusers stole or counterfeited registration numbers and usually surfed pay-per-view games or porn sites, and used credit cards to commit a crime.

The seriousness of personal information related crime was fully exposed through National Assembly's inspection materials presented to its Science Technology Information and Communication Committee members Kim Jin-jae and Kang Jae-seob and inside surveys.

CNET NEWS.COM - Linux worm creating P2P attack network.

A new worm that attacks Linux Web servers has compromised more than 3,500 machines, creating a rogue peer-to-peer network that has been used to attack other computers with a flood of data, security experts said Saturday.

The worm seems to spreading fairly rapidly, according to security firm Symantec, which early Friday detected about 2,000 infected computers actively attacking, a number that climbed to 3,500 late Friday. The company's security personnel could not be contacted for comment Saturday.

"It is confirmed through various sources that this worm is in the wild and actively attacking other servers," the firm warned its newest advisory Saturday.

The worm targets Apache Web server installations on a variety of Linux systems, including those from Red Hat, SuSE, Debian, Mandrake and Slackware. By exploiting a security hole in the Apache OpenSSL module that enables a widely used encrypted communications service known as the secure socket layer, the worm can copy itself to new servers.

The advisory includes an analysis of the so-called Linux.Slapper.Worm's code, revealing some details of the attack network created from servers compromised by the worm.

"(Slapper) also includes a number of peer-to-peer capabilities, which allow it to communicate with other clients, and participate in a distributed denial-of-service (DDoS) network," stated the advisory.

New York Times - free registration required A Simple Click Stirs a Lot of Outrage.

For some time, travelers browsing the "State Department" Web site for helpful tips about Guadalajara, Mexico, found much more than they bargained for when they clicked on a photograph of President Bush.

The click transported them to a partisan playground, where they were told how to get involved with the Republican Party and even how to donate money to it.

The State Department site, it turns out, had been providing a link to a Web site run by the Republican National Committee despite federal laws prohibiting government resources from being used for partisan purposes.

The link was not removed until late this afternoon, after a reporter asked about it. State Department officials said they were not sure how long the link had been operating. But one person who noticed it said it was operating as early as Sept. 5.

The Republican Party Web site made no bones about its aims, recounting President Bush's record and even offering Republican memorabilia, including mugs, ties, scarves and ballpoint pens, for sale.

The site, which had a red, white and blue Republican National Committee logo, also gave visitors an opportunity to register to vote, sign up as a party volunteer and donate money, all with a click of the mouse.

"Help the R.N.C. support the Republican Party and win elections nationwide," the Web site said. "Help us give President Bush a stronger working majority in Congress."