Security Web Digest: Auction Fraud, Security Trends, VPN Hardware... and More

Dissent and the Internet in Vietnam... Is intrusion detection oversold?... Is hardware security acceleration a good idea?... and more from around the web.


Robert Beck suspended his distrust of online auctions and went for a top-of-the-line speaker system. He cast a winning bid of $1,900, paid by credit card and waited for his first eBay purchase. The speakers never arrived. Last week, detectives confirmed to the 25-year-old engineer that the sellers, an Arizona couple, had cashed out their bank account and fled. The couple allegedly stole more than $100,000 from more than 500 bidders. The case has cast suspicion on eBay Inc.s anti-fraud software, which the San Jose-based company installed nearly a year ago to counter complaints about fly-by-night sellers. Beck and other victims say the software--which ostensibly gets better the longer its in use--should have alerted eBay to cancel the auction long before hundreds of people parted with their money. EBay maintains that less than one-one-hundredth of 1 percent of all listings are fraudulent.

One of Vietnams best-known dissidents was arrested recently for trying to post documents on the Internet, in a sign of the regimes growing fear of losing control of the Web. Pro-democracy activist Dr Nguyen Dan Que, a thorn in Hanois side for the past three decades who was released from nearly 20 years jail sentence in 1998, was arrested at his home in southern Ho Chi Minh City. The foreign affairs ministry confirmed that the veteran campaigner would be prosecuted. "Que was caught at an Internet cafe handing over documents criticizing the Socialist Republic of Vietnam to a US-based organization called High Tide humanist movement," the official Vietnam News (VNA) agency reported. About a million Vietnamese have regular access to the Internet, according to estimates by foreign agencies, but many sites are blocked.

Legislation that aims to provide prosecutors with the tools they need to win convictions against child pornographers passed the House of Representatives as an amendment to the Child Abduction Prevention Act of 2003 (H.R. 1104) Thursday afternoon by a 406-15 vote. The amendment, sponsored by Rep. Lamar Smith (R.-Tex.), hopes to address last years Supreme Court decision in Ashcroft v. the Free Speech Coalition that struck down a 1996 law written to combat computer-generated pornography. The Court rejected a Congressional ban on "morphed" or "virtual" child pornography on free speech grounds. Smiths amendment bans any digital image, computer image or computer-generated image that depicts child pornography.


Enterprise efforts to secure Web services and WLAN implementations will be among the top security initiatives for companies in 2003, according to Gartner research detailed Tuesday at its Symposium ITxpo 2003 conference. Although security remains a critical priority for most enterprises, previously over-hyped security technologies have led companies to be more cautious about future implementations, according to Victor Wheatman, vice president and research area director at Gartner, based in Stamford, Conn. Intrusion detection is one of those over-hyped technologies, Wheatman said. The area of intrusion-detection is now moving into firewall management in order to become intrusion protection, which would allow enterprises to do something about the alarms, Wheatman said.

Network Associates said Wednesday that the Department of Justice launched an investigation against the information-security software maker. The government scrutiny follows an ongoing Securities and Exchange Commission investigation involving how the company reported sales revenue for the years 1998 through 2000. As a result of the investigation, Network Associates will postpone the filing of its 2002 annual financial statement and restate financial results for 1998, 1999, and 2000. Company officials seem confident the years 2001 and beyond wont be affected. This isnt the first time Network Associates has had to restate its earnings for those three years. In June 2002, the company reduced revenue for 1998 by $4 million; stated that net revenue for 1999 was overstated by $28.2 million and operating costs and expenses were understated by $1.5 million; and that the companys net loss for 2000 was increased by $21.2 million.

Corrent, IBM and Check Point Software Technologies combined their respective processor and software expertise to realize a multifunctional security accelerator card that delivers up to 3-Gbit/s performance through virtual private networks (VPNs) and firewalls. The hardware and software solution comes on a PCI adapter card that off-loads firewall connection, handling and IPSec encryption for VPNs from the host-servers CPU.