ya think? -

NEW YORK (Reuters) — Researchers at a Swiss university have cracked the
technology used to keep people from eavesdropping on e-mail sent over the Web,
but U.S. experts said on Thursday that the impact would likely be minimal.

Professor Serge Vaudenay of the Swiss Federal Institute of Technology in
Lausanne found a way to unlock a message encrypted using Secure Socket Layer
protocol technology, according to a posting on the research institute’s Web
site.

However, U.S. cryptography experts said it was not the version of security that
most consumers use to shop online.

Rather, it is a version that only affects e-mail, is limited in scope and not
widely used, said Professor Avi Rubin, who is technical director of the
Information Security Institute at Maryland’s Johns Hopkins University.

‘Limited applicability’ As a cryptographer, I am impressed. That’s really nice
work. — Bruce Schneier, Counterpane Internet Security

In addition, an attacker would have to be in control of a network computer
located in the middle of the two people communicating over which the messages
were flowing, he said. “It’s possible, but it has limited applicability,” he
said.

He said patches are already available to fix the hole, which affects one
particular mode of OpenSSL. Like all co-called “open source” software, OpenSSL
is free software created by developers who can modify it at any time.

“This is not something that anybody really needs to worry about,” Rubin said.

Work impresses expert Bruce Schneier, chief technical officer at network
monitoring firm Counterpane Internet Security, agreed.

“As a cryptographer, I am impressed. That’s really nice work,” he said of the
research. “As a guy who wants to protect my secrets tomorrow, I don’t care.”

Besides the mitigating circumstances which lessen the likelihood that attackers
would be successful, Schneier said SSL is irrelevant to security because
attackers can more easily get at secret information while it is stored on
computers and servers at the sending and receiving ends.

“SSL protects the communications link between you and the Web” server, he said.
“Nobody bothers eavesdropping on the communications while it is in transit.”

“Courier-Mail”, Brisbane Queensland, 31.10.03

Police make arrest over lottery scam
————————————————

Graeme Webber

POLICE claim to have cracked a multimillion-dollar Internet scam based in
Australia after the arrest of a 39-year-old man yesterday.

The Nigerian or West African scam involved fraudsters sending out a flood of
spam e-mails conning people into believing they could claim millions of
dollars through lottery winnings, an inheritance or business opportunity –
if they first sent off money for “expenses”.

Police said the arrest followed a four-month investigation and was the first
capture of a key Australian figure involved in the global scam. State Crime
Command Assets Con-fiscation Unit detectives in NSW arrested the Sydney man
during a search of a property in Nyngan in the state’s central west. Raids
were conducted at two homes in Cecil Hills and Lurnea, in Sydney’s
southwest, where computers and numerous documents were seized.

ACU commander Jennifer Thommeny said the Sydney-based inter-national
syndicate had targeted hundreds of victims in Australia and overseas. “In
the last six months, we’ve probably tracked about $1.5 million,” Insp
Thommeny said. “This is really significant – we believe that this is the
first arrest of its kind in the world relating to an Australian connection.
We have identified victims who have been approached in New South Wales,
South Australia, Victoria, Cyprus, Malaysia, Japan, Norway, Greece,
Indonesia, Hong Kong and Britain and in many cases have been conned into
handing over hundreds of thousands of dollars.”

The man arrested yesterday morn-ing had not yet been charged, police said
last night. Insp Thommeny said it was a relatively simple racket to set up
and authorities had had trouble catching the culprits because the victims
usually lived overseas.
“It’s difficult to say whether we’ll see an end to it because it’s all about
people’s gullibility – it’s all about whether or not they think they can win
the lottery,” she said.

But in the case of Nigerian frauds, it is a lottery in which the victims
have not even purchased a ticket. Most people ignore such e-mails as “too
good to be true” – which they are – but others become entangled. Many
victims – who range from the needy to the greedy – were so embarrassed about
being fooled that they never reported the crimes.

“Sometimes you will get someone that’s really ill and down on their luck and
they think ‘oh, my God, it’s a gift from heaven’,” Insp Thommeny said. “It
takes a very greedy, ruthless person to set up this scam, because it’s very
simple.”

Authorities issued freeze orders on nine Sydney properties, a British
property, and five vehicles – meaning that they cannot be sold and may even
be confiscated if prosecution is successful.