Security Web Digest: Yahoo Updates Spam Filters, Student Database Breached ... and More

Yahoo introduces new spam filters ... University of Texas student database breached ... US Supreme Court to review the constitutionality of the Children's Internet Protection Act (CIPA) ... and more from around the web.


Yahoo! Inc. announced that a new version of their SpamGuard anti-spam protection for Yahoo! Mail. The company claims that in preliminary tests the new version decreases the amount of spam delivered to users by as much as 40%. SpamGuard is automatically available to all Yahoo! Mail users. The service also now blocks "web beacons" (also known as "web bugs") which are brief elements in an HTML email that alert a server that the message has been read and that the address is therefore live. Yahoo! Mail also allows the user to block all HTML graphics.

Reports indicated that there was a breach of the University of Texas student database. Local prosecutors in the Austin area were investigating, but it is not yet clear whether the names, email addresses and social security numbers of more than 55,000 students were used to any illicit goal. A university official acknowledged that basic precautions that may have prevented the theft, which appears to have taken place between February 26 and March 2, were not taken.The Houston Chronicle cited an internal University memo that warned of possible additional attacks.The US Supreme Court reviewed the constitutionality of the Childrens Internet Protection Act (CIPA), signed by President Bill Clinton in 2000. At issue is whether pornography-filtering decisions implemented in terminal access to the Internet in a public library is a violation of the first amendment.Earthlink discovered and thwarted an attempt to scam its users into providing personal information such as name, address, credit card and bank account numbers, as well as mothers maiden name and birth date. Earthlink and security experts warned users to beware of such requests. The actual source of the scam appears to be a shady foreign email address linked to similar previous attempts. A similar attempt to lure PayPal users was also discovered. For approximately the last week eBay users have been receiving emails that appear as official PayPal alerts and to come from The email includes a form and asks the users to enter credit card and other personal information.Incidents

new worm is targeting administrator accounts on Windows PCs. The worm, W32/Deloder-A, appeared Sunday and is considered a low risk for infection, according to F-Secure. The worm attempts to connect to other computers on a network through TCP Port 445, randomly generating IP addresses to locate vulnerable machines. When a vulnerable Windows machine is located, the worm attempts to log onto the machines administrator account by trying 50 likely passwords such as "admin," "password," "12345" and "administrator," F-Secure said. Machines running Windows 95, 98, NT, 2000, ME and XP are vulnerable to attack by Deloder, Symantec said.

Law Enforcement

U.S. District Court judges this week threw out warrants used in the FBIs breakup of the Candyman online child-porn group, saying that the agency misled magistrates to obtain the right to search homes. "The law enforcement agents acted recklessly in submitting an affidavit that contained the false information that all Candyman members automatically received all e-mails, including e-mails that forwarded images of child pornography, for the agents had serious doubt as to the truth of the statements," concluded Judge Denny Chin for the Southern District of New York. In reality, Yahoo, which had hosted the group until the service shut it down for illegal conduct, presented logs showing that only 413 members of a total of 3,213 members had opted to receive all e-mails. Operation Candyman, announced by the FBI a year ago, led to charges against almost 90 people in more than 20 states, according to a U.S. Department of Justice press release issued at the time.

To help uncover terrorists, globalization software company Basis Technology created the Rosette Arabic Language Analyzer. The tool can plug into data mining applications used by U.S. defense and security agencies that are involved in scouring the Internet for Web sites written in Arabic. By automating the search, information that can help investigators find new potential targets in the fight against terrorism can be gleaned quickly, according to the company. Basic Technology began working on the Arabic Language Analyzer shortly after the Sept. 11 terrorist attacks in the U.S., Carl Hoffman, CEO of Basis Technology, said. "A number of government agencies in the intelligence community strongly encouraged us to move in this direction," he said.