February 6, 2002 Man accused of running pedophile website arrested Sergei Levinson, a 37-year-old Haifa resident, was arrested Wednesday under charges of filming children, some of them five-years-old, and spreading the pictures on the internet. Levinson admitted to some of the accusations against him. After information regarding Levinson was received by the police, detectives from the fraud unit's computer department raided his house and found pictures and computer accessories which connect him to the charges. http://www.haaretzdaily.com/hasen/pages/ShArt.jhtml?itemNo=126836 - - - - - - - - E-mail yields clues to reporter's whereabouts The e-mail messages sent by kidnappers of Wall Street Journal reporter Daniel Pearl carry clues about their origins, but tracking down their senders is far from simple. On Tuesday, sources close to the investigation told The Associated Press that Karachi police had arrested three men believed to have sent two e-mails that included pictures of Pearl. No information was available on how investigators may have tracked down the suspects. http://www.usatoday.com/life/cyber/tech/2002/02/06/email-pearl.htm Investigators draw clues from kidnappers' e-mails http://www.nandotimes.com/technology/story/241819p-2297847c.html - - - - - - - - Fake HP goods seized in China Last quarter, over 87,000 counterfeit HP cartridges and accessories were seized in China, with 14 police raids conducted in Beijing, Shanghai, Guangzhou and Shenzhen, the company said in a statement Tuesday. A total of 10 retail shops, three warehouses and 16 manufacturers' premises were raided, including Beijing's Silicon Valley Computer Market and Zhonghai Computer Market. The authorities also confiscated over 13,300 toner cartridges, 4,200 ink cartridges, and 70,000 labels, brochures and packages, HP said. http://news.zdnet.co.uk/story/0,,t269-s2103795,00.html - - - - - - - - Interior Dept. Web site still offline Government officials said Wednesday they did not know when computer systems that provide everthing from oil and gas royalty payments to information on wildlife management programs would be up and running again. Interior Department officials said at a congressional hearing that they were working long hours to bring their computers back online, but had no idea when a court-appointed investigator would give them the green light. http://www.usatoday.com/life/cyber/tech/2002/02/06/interior-dept-site.htm - - - - - - - - Child porn cases on the rise in Ireland Reports of indecent images of children on the Web are steadily increasing in Ireland, with 2001 set to have double the number of 2000. An incident of child pornography on the Internet is reported in Ireland every day, on average, according to new figures released by the Internet Advisory Board. http://news.zdnet.co.uk/story/0,,t269-s2103846,00.html - - - - - - - - Fake Ebay E-Mail Snares The Unwary The e-mail began, "Dear eBay Customer." The sender -- eBay CustomerHELP@eBay.com -- appeared to be eBay's customer service department. "Your purchase will be shipped to your current billing address within the next 2-3 business days," the message read. If your suspicious-spam guard wasn't up, you might mistake this for a bona fide administrative notice from the world's largest online auction company. Your first thought then would be something like: "This must be a mistake. I didn't buy anything on eBay." http://www.newsbytes.com/news/02/174269.html - - - - - - - - U.S. National Lab Bans Wireless Networks 'It's easy to take a Palm PDA or laptop PC with wireless networking capability from a non-classified area into a classified area inadvertently,' Livermore Lab spokesperson David Schwoeglen told Wireless NewsFactor. 'That creates a serious security violation.' Citing security concerns associated with the pervasive nature of, and potential flaws in, wireless LANs (local area networks), the Lawrence Livermore National Laboratory has banned their use in its facilities. http://www.newsfactor.com/perl/story/16206.html - - - - - - - - U.S.: Critical Government Computers Under Threat Analysts are less worried about the vulnerability risks from the average hacker than about international espionage and fraud on a global scale. Government computers responsible for doling out Social Security, tax refunds and other payments were found to have significant security flaws, a government agency reported on Monday, leaving the systems vulnerable to hackers, cyber-terrorists and internal fraud. http://www.newsfactor.com/perl/story/16171.html - - - - - - - - Budget a boost for valley High technology plays an important role in the three priorities President Bush has laid out for his 2003 budget -- the war on terrorism, homeland security and economic revitalization and significant increases in proposed spending for technology should be a boost to Silicon Valley's staggered economy. http://www.siliconvalley.com/docs/news/svtop/tech020602.htm - - - - - - - - Tracking Down Enron Computer experts to root out missing files. Arthur Andersen accountants may have worn out their delete buttons in an attempt to destroy Enron Corp. electronic documents amid the collapse of the energy giant, but that doesn't worry the computer forensics experts charged with bringing the documents back. To be sure, the amount of data they must sift through - estimated at 268 terabytes, roughly 10 times the amount of data stored by the Library of Congress - is unmatched by any computer crime investigation. http://www.newsday.com/business/local/newyork/ny-bzenro052576192feb05.story - - - - - - - - Global Net Crime Treaty Hurts Free Speech High-tech lobby groups and civil liberties associations today told Secretary of State Colin Powell and Attorney General John Ashcroft that an addition to the Council of Europe's proposal to ban "xenophobic" and "racist" speech on the Internet is a violation of the U.S. free speech principles. http://www.newsbytes.com/news/02/174285.html - - - - - - - - Search engine's display of copyright photos ruled infringement An Internet search engine violated a professional photographer's copyright by displaying full-sized images of his work through ``inline linking,'' a federal appeals court ruled Wednesday.The 9th U.S. Circuit Court of Appeals found that small, low-quality thumbnail images were covered by the ``fair use'' provision of the Copyright Act, but reversed a lower court opinion that found the display of larger high-quality images also was protected. http://www.siliconvalley.com/docs/news/tech/078264.htm - - - - - - - - Scientist Ends Crusade Against Copyright Law A Princeton University professor today announced that he would end his legal challenge of a controversial U.S. copyright law that he says was invoked to prevent him from publishing research that exposed holes in recording industry backed anti-piracy technology. Princeton professor Edward Felten and his team of scientists said they would not appeal a New Jersey federal court's decision to dismiss their case against the Recording Industry Association of America (RIAA). Felten announced the decision through the San Francisco-based Electronic Frontier Foundation (EFF), which has been representing his scientific team. http://www.newsbytes.com/news/02/174284.html http://www.wired.com/news/politics/0,1283,50272,00.html - - - - - - - - Morpheus security hole disputed StreamCast Networks, the company that created Morpheus, has categorically denied there is a "dangerous" hole in the software program. The Morpheus peer-to-peer enabling application is well known as the basis for MusicCity, a file sharing service that has sprung up in the vacuum created by the demise of Napster. Rising to recent reports of an alleged security breach, StreamCast stated in an e-mail to ZDNet Australia "there has never been a security breach in Morpheus since its introduction in April 2001". http://zdnet.com.com/2100-1106-830431.html http://news.zdnet.co.uk/story/0,,t269-s2103802,00.html - - - - - - - - Security Alerts Take Swing At Oracle's 'Unbreakable' Pitch Computer security researchers in Britain today released information on a handful of vulnerabilities in software from Oracle Corp. - an event that might have received a lot less attention if the database giant's current advertising campaign didn't describe its products as "unbreakable." http://www.newsbytes.com/news/02/174292.html - - - - - - - - BlackIce Firewalls Vulnerable To DOS Attack The popular BlackIce Defender and BlackIce Agent personal Internet firewall programs are vulnerable to a denial-of-service attack that could render many home users defenseless against further assaults, the products manufacturer said today. Internet Security Systems, which acquired the Network ICE security suite last year, issued an alert on Tuesday stating that all current versions of BlackIce running on Windows XP and Windows 2000 can be crashed using a modified ping-flood attack. http://www.newsbytes.com/news/02/174282.html - - - - - - - - MS .NET vulnerable to attack Microsoft ASP.NET is vulnerable to cross-site scripting (CSS), according to a recent post by Johannes Westerink to the BugTraq mailing list. CSS leverages JavaScript and makes it possible to place a malicious URL in an e-mail or on a Web site, which if followed will compromise the user's machine by various means, including exposing shares and/or retrieving data files such as cookies. http://www.theregister.co.uk/content/4/23967.html - - - - - - - - MS taunted with 'trustworthy computing' Web page Someone with a sense of humor has either registered or hijacked the domain TrustworthyComputing.com, and is using it to refer Web surfers to a vast archive of news stories covering Microsoft's dismal record in, well, trustworthy computing. We may recall Chairman Gates using the phrase with initial caps (as if preparing to trademark it) in a recent memo ordering the Redmond rank and file to begin taking security seriously. http://www.theregister.co.uk/content/4/23966.html Microsoft 'code scrub' ridiculed http://www.vnunet.com/News/1128986 - - - - - - - - Encryption Leaves DES Behind Nothing moves fast in the world of encryption, which may help explain why the U.S. is only now about to leave 56-bit DES behind for new encryption schemes. It's been a long time coming, almost 20 years, in fact. The Data Encryption Standard has long outlived its usefulness. But the new Advanced Encryption Standard sets out key lengths of 128, 192, and 256 bits. How much stronger is AES? The National Institutes of Standards and Technology says a machine that could crack DES in just one second would need 149 trillion years to do the same to a 128-bit AES key. http://www.techweb.com/tech/security/20020206_security - - - - - - - - Group to boost code review for Linux A government-funded initiative announced Tuesday aims to boost code review of open-source software to prevent security holes. Funded by the Defense Advanced Research Project Agency, the same organization to initially bankroll the predecessor to the Internet, the Sardonix Audit Portal aims to be the one-stop portal for organizing the efforts of critical code reviewers everywhere and boost the frequency with which programmers critique the code of others. http://zdnet.com.com/2100-1104-830255.html http://news.com.com/2100-1001-830130.html - - - - - - - - U.K. Launches 'Cybercourt' For Small Claims While it may lack the biting wit of U.S. TV's "Judge Judy," a new online service launched this week by Britain's Court Service may make it almost as easy for individuals and small businesses to collect money owed to them. The new service, a pilot project dubbed Money Claim Online, allows people making claims for amounts less than 100,000 pounds ($140,000) to file their paperwork using forms on a court service Web site. http://www.newsbytes.com/news/02/174270.html - - - - - - - - The Devil You Know: Responding to Interfacebased Insider Attacks. Carl made a mistake. In his repetitious data entry job he entered employee information every workday. He always was careful to input the correct job requisition number in the user screen's JRN field. "Without a correct JRN entered, the new employee input won't process," his supervisor told him the first day. This time instead of "34896KN" his fingers danced the wrong way with an input of "34896KL." The input processed. Carl was able to go into the EMP_DATA file and correct it. The procedure was a bit of a pain, but he learned a valuable lesson his employer never meant for him to know. He realized he could set up bogus new employees on the payroll using a dummy JRN. By entering the wrong input he won the sjackpot - his employer lost big time. http://www.securityfocus.com/infocus/1543 - - - - - - - - Valentines online costs employers As procrastinators hit the Web next week, wholl be working? Its only a week before Valentines Day, but in that great male tradition of planning ahead, theres still plenty of time. In fact, the Internet seems to make things even easier for procrastinating Casanovas. Last year, traffic at Godiva.com, and 1800Flowers.com soared on Feb. 13. But it didnt compare to the 200 million page views generated by electronic greeting cards on Feb. 14. Some single folks even flocked to online dating sites that day to ensure they werent alone that night. With so much love in the air, will anybody get any work done next week? http://www.msnbc.com/news/700836.asp *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.