High Tech "NewsBits" for 03/20/02

March 20, 2002 Web Porn Crackdown Widens The United States and 10 other countries began seizing computers and videos and making arrests Wednesday in raids aimed at breaking up an Internet child-pornography ring. In this country, the targets of the investigation included a U.S. military pilot, a registered nurse, a network administrator for a publishing company and an artist, the Customs Service said. Search warrants involving eight people were executed in New York, Pennsylvania, Ohio, Tennessee, Nevada, Oregon and Alaska. http://my.aol.com/news/news_story.psp?type=1&cat=0100&id=0203201637272144 http://www.usatoday.com/life/cyber/tech/2002/03/20/porn-crackdown.htm http://www.nandotimes.com/technology/story/314320p-2698450c.html http://www.theregister.co.uk/content/6/24512.html Customs Service Serves Warrants In Net Kid-Porn Sweep The U.S. Customs Service said it served almost 40 search warrants early this morning on suspected Internet child-pornography fencers, including a registered nurse and a U.S. military pilot. The agency's action follows a Monday sting by the FBI on suspected online child-porn purveyors and customers as part of its "Candyman" operation, which netted clergy members, police officers, business-people and other "established members of the community." http://www.newsbytes.com/news/02/175340.html Twelve arrested in Net porn raid Twelve suspects were arrested in dawn raids Wednesday in a worldwide swoop on an "elite" child pornography ring. Thousands of pictures and videos of children being sexually abused were found on computers seized during the raids, said Mick Deats, detective superintendent at the National Hi-Tech Criminal Unit in London. "We are very concerned about the children in these images and are making a big effort to try and identify who they are," he said. http://news.com.com/2100-1023-864657.html - - - - - - - - Police nick knicker pic pedlars Changing room webcam shocker. A shop in Germany which broadcast live pictures of its customers trying on clothes has been shut down by the police. The Kleidermarkt second hand shop in Hamburg had a lucrative side line offering changing room camera footage live on the web. When this was discovered by a 29 year-old woman trying on skirts who complained to the police, the operation was shut down. "I felt humiliated. I wouldn't dream of undressing on the internet," the victim told the Morgenpost newspaper. Police investigating the shop explained that a sign warned customers about the cameras. http://www.vnunet.com/News/1130253 - - - - - - - - Hackers Deface Thousands Of Domains Parked At Verisign A security breach Tuesday involving Verisign's Network Solutions unit disrupted potentially thousands of domain customers, company officials confirmed today. Attackers compromised a system that hosted thousands of "parked" domains that had been registered through Network Solutions and were still under construction, according to a Verisign representative. Web surfers who typed in the address of any of the affected domains were sent to a black page which featured an image of a mutilated rag doll and the words, "Did Web Pirates domain your domain?" http://online.securityfocus.com/news/357 http://www.newsbytes.com/news/02/175343.html - - - - - - - - E-Mail-Deleting Governor Sued Four news organizations have sued Gov. Mike Leavitt, contending he is illegally destroying his e-mail. Leavitt's deletion of electronic documents amounts to destroying public records, the lawsuit filed Tuesday contends. The governor is "depriving the public of its constitutional right of access to information concerning the conduct of the public's business," The Salt Lake Tribune, Salt Lake City Weekly and television stations KUTV and KTVX said. http://www.wired.com/news/politics/0,1283,51195,00.html http://www.usatoday.com/life/cyber/2002/03/20/email-governor.htm http://www.nandotimes.com/technology/story/314262p-2698243c.html - - - - - - - - Symantec spills email addresses of list subscribers Subscribers to a Symantec digest have alerted us after receiving an administrative message that divulged user email details. Symantec sent out a message on Monday seeking to delete people from the list, which provided the addresses of 74 subscribers to its monthly Security Response newsletter. http://www.theregister.co.uk/content/55/24502.html - - - - - - - - FBI: Global police struggling with cybercrime Global law enforcement cannot cope with savvy cybercriminals, who are quick to exploit technology to create havoc, top officials at the U.S.'s Federal Bureau of Investigation said on Wednesday. "Technology permits cybercrimes to occur at the speed of light and law enforcement must become more sophisticated in uncovering them," FBI assistant director Ronald Eldon told a conference on fighting organized crime in Hong Kong. http://www.cnn.com/2002/TECH/internet/03/20/cybercrime.reut/index.html - - - - - - - - 4-1-9 Fraud Reaches Out via E-Mail Each unforeseen emergency, fee, tax or bribe is said to be the last but is inevitably followed by another, and victims can be strung along for months. There is an e-mail spam scam sleazing around the Internet, and although the indecent proposal might appear ludicrous, it's cost some people more than money, including one American's life. The scheme is called the "Nigerian Advance Fee Fraud" or "4-1-9" fraud, named after the section of the Nigerian penal code dealing with fraud. It's one of the most dangerous Internet scams ever, and it's growing in popularity, experts say. http://www.newsfactor.com/perl/story/16861.html - - - - - - - - Bill Would Create Online 'National Guard' Sen. Ron Wyden, D-Ore., introduced legislation today that would muster a technological equivalent to the National Guard designed to protect the nation's electronic assets. Wyden's Science and Technology Emergency Mobilization Act calls for the mobilization of volunteers from the high-tech community to be ready to respond, on the government's behalf, to attacks and other disasters that threaten the nation's technological infrastructure. http://www.newsbytes.com/news/02/175346.html - - - - - - - - House Judiciary OKs Public-Private Tech Worker Exchange Bill The House Judiciary Committee today approved legislation that would establish an information technology worker exchange program between the federal government and the private sector. The committee passed the bill, "The Digital Tech Corps Act" after adding an amendment to clarify that pay and benefits would be provided by the exchange workers original employer. http://www.newsbytes.com/news/02/175355.html - - - - - - - - Senate Panel Considers ID Theft Legislation Victims' advocates and law enforcers today urged a Senate panel to pass legislation that would strengthen federal protections against identity theft and make it easier for victims of identity crimes to clear their names. The Senate Judiciary Subcommittee on Technology, Terrorism and Government, held a hearing today to address two separate bills that combat identity theft. http://www.newsbytes.com/news/02/175351.html - - - - - - - - US, South Korea Launch Pads For Most Cyber-Attacks More cyber-attacks originated from the United States than any other country during the last three months of 2001, but South Korea leads a group of countries in the Asia-Pacific region that account for a significant number of malicious attacks, according to a new study. http://www.newsbytes.com/news/02/175319.html - - - - - - - - TERROR.NET: AL QAEDA USED WEB IN HIGH-TECH CAVES The al Qaeda forces routed in a recent bloody battle were so well organized, they used the Internet and laptop computers to communicate as they dashed from cave to cave. The ultrasophisticated communications system used by the terrorists was reported by U.S. forces after searches of the cave network abandoned during Operation Anaconda. U.S. forces said a search of 30 caves in the high mountains in eastern Afghanistan revealed that hundreds of fighters were able to live for months in giant caverns that were furnished with beds, stoves, medical supplies, video monitors, high-tech weapons and large amounts of cash. http://www.nypost.com/news/worldnews/44008.htm - - - - - - - - CIA removes forbidden Web tracking software after complaint The CIA got caught with a hand in the Internet cookie jar. The agency removed software from one of its Web sites this week after a private group discovered that the CIA was using banned Internet tracking technology called ``cookies,'' said Mike Stepp, who manages the CIA's public Web site. ``It was a mistake on our part. It was not intentional,'' Stepp said Tuesday. ``The public does not need to be concerned that the CIA is tracking them. We're a bit busy to be doing that.'' http://www.bayarea.com/mld/mercurynews/2898879.htm http://www.washtech.com/news/govtit/15714-1.html http://www.siliconvalley.com/mld/siliconvalley/news/editorial/2894100.htm http://www.msnbc.com/news/726923.asp http://www.vnunet.com/News/1130252 http://www.usatoday.com/life/cyber/tech/2002/03/20/cia-tracking.htm http://www.cnn.com/2002/TECH/internet/03/20/cia.web.privacy.ap/index.html - - - - - - - - Brazil on Piracy: Just Say No Frustrated by a government that either can't or won't address epidemic levels of commercial piracy, a broad coalition of Brazilian industry created an advertising campaign it hopes will appeal to Brazilians' sense of fair play and economic self-interest. The industries of software, music, clothes, toys, cable TV and movies have mounted a $1.5 million national campaign that will include ads in television, newspapers and online outlets. The message is that piracy that hurts Brazilian companies, in turn, hurts Brazilians in their own pocket books, both in higher prices and loss of jobs. http://www.wired.com/news/business/0,1367,51135,00.html - - - - - - - - Morpheus users tagged with tracker StreamCast Networks, distributor of the popular Morpheus software, is quietly counting the number of times its file swappers visit high-profile shopping sites. The company on Tuesday said it has begun installing a Web browser add-on that sends some Morpheus users on an invisible Web detour aimed at capturing data about file swappers' surfing habits. http://zdnet.com.com/2100-1106-864300.html http://news.zdnet.co.uk/story/0,,t269-s2106955,00.html - - - - - - - - CERT warning: Oldest IM tricks work best Security experts have warned that a wave of hack attacks is striking tens of thousands of PCs via instant messenger (IM) or Internet Relay Chat (IRC) clients, using nothing more high-tech than old-fashioned social engineering. Hackers are using automated tools to send messages to random IM and IRC users, offering them a piece of software they might want or need, such as antivirus protection, improved music downloads or pornography, according to an advisory posted on Tuesday by CERT, a U.S. government-funded security research body. http://news.zdnet.co.uk/story/0,,t269-s2106955,00.html http://www.newsbytes.com/news/02/175330.html http://www.vnunet.com/News/1130264 http://www.newsfactor.com/perl/story/16870.html http://www.theregister.co.uk/content/55/24511.html - - - - - - - - MS warns of Java security hole in Windows Microsoft has released a bulletin advising of a second vulnerability in software that allows Windows users to run programs written in Java, a Microsoft program manager said on Tuesday. Microsoft and Sun Microsystems, creator of the Java programming language, released a joint bulletin about the first vulnerability affecting the Java Virtual Machine code on March 4. They released a subsequent bulletin on Monday, according to Christopher Budd, security program at the Microsoft Security Response Center. http://zdnet.com.com/2100-1104-864258.html http://www.usatoday.com/life/cyber/tech/2002/03/20/java-security.htm - - - - - - - - SGI warns of Web server vulnerability Apache Web server software running on Silicon Graphics machines may allow remote attackers to gain control of the system. Silicon Graphics (SGI) machines running the Apache Web server on SGI's IRIX operating system are vulnerable to attack by hackers, who may be able to gain administrator-level access, the company has warned. http://news.zdnet.co.uk/story/0,,t269-s2106972,00.html - - - - - - - - Agencies must undergo 'cultural change' to share data Many federal agencies must undergo a "cultural change" to create the types of information- sharing networks that are needed to defend the nation against terrorist attacks, a State Department technology expert said Tuesday. "Our job has not always been to share information, and sometimes it's very difficult for us to get into that culture," June Daniels, a senior systems analyst with the State Department's Foreign Affairs Systems Integration Office, said during a homeland security forum at the Library of Congress. http://www.govexec.com/dailyfed/0302/032002td1.htm - - - - - - - - As e-gov plans progress, questions arise over national security E-government can be a powerful tool to unite citizens and government, but terrorists and U.S. dissidents can wield it as a dangerous weapon if it is not adequately protected, experts said Wednesday. The Internet affords opportunities for government to create an "enlightened democratic electorate," and it could "change the world significantly," Rep. Paul Kanjorski, D-Penn., told attendees of an Adobe Systems e-government breakfast. Although the federal government has made progress on e-government initiatives during the past few years, since the Sept. 11 terrorist attacks, "I noticed we have a conflict...in the United States with security," Kanjorski said. http://www.govexec.com/dailyfed/0302/032002td2.htm - - - - - - - - INS details broken process When he became commissioner of the Immigration and Naturalization Service last August, James Ziglar said he quickly discovered that the troubled agency information technology systems "were big on information and small on technology." Among the worst of the systems was the one used to process requests for student visas, Ziglar told a House immigration subcommittee March 19. http://www.fcw.com/fcw/articles/2002/0318/web-ins-03-20-02.asp - - - - - - - - FBI record handling blamed The FBI's computer systems are "antiquated," but it was poor performance by personnel that led to the FBI's failure to disclose more than 1,000 documents to lawyers defending Oklahoma City bomber Timothy McVeigh, the Justice Department has concluded. An exhaustive investigation of the failure points to chaotic record handling, repeated failures by FBI field offices to respond to headquarters requests for documents and lax oversight by senior FBI managers. http://www.fcw.com/fcw/articles/2002/0318/web-fbi-03-20-02.asp - - - - - - - - Firms undergo NSA infosec rating The National Security Agency last week announced the first companies to undergo an appraisal of their information security practices in a program aimed at helping government and commercial organizations improve their systems security. According to the Infosec Assessment Training and Rating Program, organizations that need to assess their vulnerability can call on companies that are qualified to perform such assessments within NSA-defined guidelines and standards, according to NSA. http://www.fcw.com/fcw/articles/2002/0318/web-nsa-03-20-02.asp - - - - - - - - Let the script kiddies play in the sandbox The idea of simulating a computer within a computer is not new. An early operating system called CM/CMS created virtual machines on big mainframes, so individual desktop users could have their own files and storage--the appearance of their own machines. Also, Java applets run inside their own Java Virtual Machines inside our desktops. Now a handful of security companies, including Norman ASA, have revitalized this idea to help stop computer viruses and other malicious code. http://zdnet.com.com/2100-1107-864316.html - - - - - - - - Too much trust in open source? In the past three months, the open-source community has been given a wake-up call. While Microsoft has concentrated on reviewing its flagship Windows source code as part of a new focus on security, Internet watchdogs have released the details of three widespread flaws in open-source applications usually shipped with the Linux operating system. The flaws could compromise the security of computers on which the applications are installed, prompting some developers to urge the open-source community to take another look at popular code. But most fear the majority of members won't bother. http://zdnet.com.com/2100-1104-864256.html http://www.msnbc.com/news/726924.asp - - - - - - - - How to Protect Your Business Computer System As more and more malicious codes make the rounds, the old safeguards don't seem very effective anymore. At AnciCare PPO, a Miramar, Fla., coordinator of medical imaging services, it was the Nimda virus that got through the company's defenses. "It caused us some heartache," said Lee Ratliff, vice president of management information services, after an employee opened an e-mail attachment soon after the virus made its appearance on the Internet, and hours before anti-virus companies had updates available. http://www.newsfactor.com/perl/story/16849.html - - - - - - - - Internal hacking: Stopping the mole within With e-commerce fraud constantly occurring, organisations need to have a greater holistic approach to stamping out unethical conduct. With e-commerce fraud costing AU$1.5m (PS551,0000) each quarter and 80 percent of it happening internally, Stuart King, director of KWS Consulting and a Victorian Police Inspector, outlines best practices to effectively manage your people and smother insider moles dealing in corporate theft. http://news.zdnet.co.uk/story/0,,t269-s2106959,00.html - - - - - - - - Preventing and Detecting Insider Attacks Using IDS A Typical Insider Attack - the Disgruntled Employee Shortly after lunch break, an employee angrily strides out of his supervisors office, down two rows of desks, and into a single cubicle. He slumps down into his chair and releases an exasperated sigh, as he runs his hands through his hair in disappointment. The raise he thought he was in for has been turned down. He slowly stands up, peering over the cubicle walls to survey the area for other employees. But the area is deserted as most people are out enjoying lunch. Sitting back down, he turns to his computer console, goes to the command line and brings nmap to life against the companys accounting systems. The console displays accountings SQL server. A few keystrokes later, the employee has edited a few columns in the database, giving himself the raise he had longed for. http://online.securityfocus.com/infocus/1558 - - - - - - - - Time to lock down cybersecurity These days, computer security sells itself. But that isn't stopping John W. Thompson, chairman and CEO of security software maker Symantec, from doing whatever he can to nudge the issue even higher up the corporate priority list. Even before Sept. 11, these were especially hectic times for Thompson, a charismatic executive who joined Symantec after 28 years at IBM. During his tenure at Big Blue, Thompson earned a reputation as an unflagging salesman. He was so good, in fact, that Lou Gerstner handed him the unenviable task of promoting OS/2 even when it was clear that IBM's operating system was losing the war against Microsoft Windows. http://techupdate.zdnet.com/techupdate/stories/main/0,14179,5104860,00.html - - - - - - - - Computerized system tracks convicts Network allows victims to keep tabs on offenders. Ronita Sutton, whose 17-year-old son was murdered in 1998, has something that gives her comfort: a toll-free number that she can use to reassure herself that her sons killer is securely behind bars. When she dials the number, a recording tells Sutton whether convicted murderer Michael Gill has been transferred to another prison and whether his legal status has changed. http://www.msnbc.com/news/726593.asp - - - - - - - - Drink-drive detector radios police A tiny fuel cell that detects the alcoholic breath of a drink-driver and calls the police has been developed by a team of engineers at Texas Christian University. The researchers will talk to General Motors next week about putting it in their cars. Ed Kolesar, leader of the project, explains that the detector is based on a fuel cell run on ethyl alcohol. A pump draws air in from the passenger cabin, a platinum catalyst converts any alcohol to acetic acid, which then produces a current proportional to the concentration of alcohol in the air. http://www.newscientist.com/news/print.jsp?id=ns99992069 *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.