NewsBits for February 4, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ FBI Details Computer Use of Alleged Spy Three FBI employees assigned to tail Brian Patrick Regan testified that the spy suspect used a computer at a public library to look up addresses for Iraqi and Libyan embassies. One of the employees following Regan in June 2001 said he saw the retired Air Force master sergeant type in search terms for such Internet sites as the Iraqi embassies in Switzerland, Germany and France. On cross-examination, the employees said they did not see Regan try to hide what he was doing. http://www.latimes.com/technology/la-na-briefs4.1feb04,0,5668226.story - - - - - - - - - - Mistake by FBI in case leads to plead guilty on lesser count A priest accused of possessing child pornography took advantage of an apparent error by the FBI to obtain a reduced sentence Monday, although he still must spend three months in confinement. His lawyer warned that the FBI's mistake may have an impact nationwide on the "Candyman" ring crackdown, although the top federal prosecutor here said many cases should escape the taint. http://www.stltoday.com/stltoday/news/stories.nsf/News/0FE5A699E6D23C7386256CC30022C815 - - - - - - - - - - Scouting master on child net porn charges A scout master was today appearing before Teesside magistrates accused of making indecent photographs of children. Kelvin Marshall, 33, from Meadowfield Drive, Eaglescliffe faces 20 counts of making indecent pictures between 1997 and 2002. And Peter Hindmarch, a 42-year-old plant operator, from Hartlepool was appearing at Hartlepool magistrates today charged with 17 counts of making indecent photographs of children, two counts of taking indecent photographs of children and one count of indecent assault. Both arrests came as part of the nationwide Operation Ore investigation into suspected Internet paedophiles. Operation Ore is Britain's largest ever crackdown on people suspected of viewing child pornography on the Internet. http://icteesside.icnetwork.co.uk/0100news/page.cfm?objectid=12604302&method=full&siteid=50080 - - - - - - - - - - College of Charleston Investigation raises privacy debate The seizure of a College of Charleston professor's office computer in a child-pornography investigation has led to a debate about faculty privacy and prompted a campus policy review. Psychology professor Robin Bowers unexpectedly returned to his office one afternoon last month to discover his computer was missing. Nothing else was disturbed. The door wasn't jimmied and the windows remained locked from the inside. http://www.heraldtribune.com/apps/pbcs.dll/article?Date=20030204&Category=APN&ArtNo=302040543 - - - - - - - - - - The Archers fans ploughed by email virus The latest twist in The Archers drama: a real- life computer worm. The BBC accidentally sent a mass-mailing worm to the subscribers of an email mailing list for fans of the radio soap opera The Archers last week, according to Sophos Anti-Virus. The broadcaster has confirmed that The Archers fans were sent the Sobig worm, which scans a hard drive for email addresses and attempts to send itself to any addresses it finds, according to Sophos. http://news.zdnet.co.uk/story/0,,t269-s2129841,00.html http://www.vnunet.com/News/1138475 http://212.100.234.54/content/56/29180.html - - - - - - - - - - Microsoft, CNN hit by Internet hoax A university student in the US managed to fool some video game industry watchers with a fake CNN report saying that Microsoft was buying Vivendi. Microsoft and news network CNN say they have been hit by a hoax after a faked Web page erroneously reported the software giant had agreed to buy the video game operations of French conglomerate Vivendi Universal. http://news.zdnet.co.uk/story/0,,t269-s2129818,00.html - - - - - - - - - - Cyberterror! Project Gutenberg URL swiped for Saddam A small hijacking will likely gladden the hearts of would-be cyberwarriors in the Pentagon. This morning, for reasons that are not entirely obvious, projectgutenberg.org seems to be pointing to the front page of the web site of the Mission of Iraq to the United Nations. Skulduggery by the Iraqi secret services, or fiendish cyberterrorists? http://212.100.234.54/content/6/29165.html - - - - - - - - - - Korean Net users blame MS for Slammer carnage Korean Net users are threatening Microsoft with legal action over the damage inflicted on the country's broadband infrastructure by the Slammer worm. Korea Times reports that the splendidly named People's Solidarity for Participatory Democracy (PSPD) group is considering filing a class action suit against the software giant. The civic rights group contends that Microsoft failed to do enough to help its customers fix a flaw in SQL Server, which was exploited by the prolific worm. http://212.100.234.54/content/56/29174.html Sizzling Slammer: Speediest Ever http://www.wired.com/news/business/0,1367,57544,00.html - - - - - - - - - - Civil servants blasted for PC misuse Three-hundred government staff discplined in 2002 The government has revealed that nearly 300 civil service staff were disciplined for misusing its computer systems last year. The bulk of cases came from the Inland Revenue (IR), where 205 staff were disciplined for misusing computers. http://www.vnunet.com/News/1138479 - - - - - - - - - - Microsoft punishes workers for reselling software Microsoft Corp. said this week it has disciplined an undisclosed number of workers suspected of buying its software and reselling it. Microsoft allows employees to buy software at cost for personal use, but prohibits resale. The company declined to say how many workers were disciplined or what actions it took. http://www.nandotimes.com/technology/story/750219p-5433393c.html - - - - - - - - - - IT overlooked in fraud investigations Nearly half of all companies in a new survey reported significant fraud, with managers being the most likely culprits. But IT remains underused in cracking down on the problem. If your boss has recently been promoted -- watch out. A global report by Ernst & Young surveying 400 companies found that half of all fraud is committed by managers who have been in management for less than one year. http://news.zdnet.co.uk/story/0,,t269-s2129780,00.html - - - - - - - - - - Blended attacks on the increase Vigilance is vital, as recent research finds that Friday lunchtime is the most common time for a cyberattack to be launched. Companies worldwide are experiencing a sharp rise in the severity of cyberattacks. According to Symantec's Internet Security Threat Report, blended threats, such as viruses, worms or Trojans which combine with an Internet or server vulnerability to affect an attack, pose the greatest cyberthreat to company security. http://news.zdnet.co.uk/story/0,,t269-s2129829,00.html http://www.cnn.com/2003/TECH/internet/02/04/symantec.report.reut/index.html - - - - - - - - - - Smallpot: Tracking the Slapper and Scalper Unix Worms Fueled by the old myth that "you can't get a virus in Unix" and by the increasing popularity of Linux and FreeBSD, Unix viruses passed an important milestone in 2001 and continued by receiving even more attention during 2002. It all begun with the Ramen worm, then continued with Adore, Lion, Cheese, RST.B and many, many more. Some of them even became widespread, culminating with the inclusion of OSF.8759 in the May 2002 Wildlist http://online.securityfocus.com/infocus/1662 - - - - - - - - - - Study: Work-surfing crackdowns backfire Maybe companies shouldn't be so quick to pull the plug on personal surfing at work. A new study finds that employees may waste time surfing on the job, but they tend to make up for it by working from home in their off hours. The National Technology Readiness Survey, conducted by the University of Maryland Robert H. Smith School of Business, along with marketing company Rockbridge Associates, surveyed 501 people in December 2002. http://zdnet.com.com/2100-1104-983305.html - - - - - - - - - - Phantom of the Opera Opera is racing to fix five vulnerabilities, three of which are said to be serious, involving the latest version of its popular Web browsing software. Israeli security outfit GreyMagic Software today published five security advisories, largely related to Opera 7's JavaScript Console feature. The three most severe vulnerabilities (here, here and here) might allow full read access to the user's file system, including the ability to list contents of directories, read files, access emails and more, GreyMagic says. http://www.theregister.co.uk/content/55/29177.html - - - - - - - - - - Security Patch Caused Windows Crashes Microsoft will replace security patch that wreaked havoc on Windows NT 4.0 systems. Microsoft has pulled a security patch for Windows NT 4.0 because installing it can cause the operating system to crash, the software maker said Monday. The patch, released on December 11 last year, is to fix a privilege elevation vulnerability deemed " important" http://www.pcworld.com/news/article/0,aid,109188,00.asp - - - - - - - - - - Web services group still seeking security A group working to ensure the compatibility of Web services software is preparing to tackle its biggest challenge yet: Security. The Web Services Interoperability organization (WS-I) was formed last year at the behest of companies including IBM and Microsoft to see to it that Web services products from different companies work together. The group now has approximately 160 members, including about 20 companies that are not information technology suppliers. http://zdnet.com.com/2100-1105-983170.html http://news.zdnet.co.uk/story/0,,t269-s2129863,00.html http://news.com.com/2100-1001-983170.html - - - - - - - - - - Blue Coat clamps down on rogue IM use Security outfit Blue Coat Systems yesterday announced technology designed to guard against the misuse of AOL, MSN and Yahoo! IM applications on corporate networks. Blue Coat's IM Traffic Control technology will ship in the Spring, as an additional feature of Web security appliances. These appliances are designed to combat the increasing number of Web- based threats targeting port 80 'holes' in corporate security infrastructures. Appliances such as the SG-800 already cover content filtering, Web anti- virus and proxy cacheing to which Blue Coat is adding the ability to handcuff rogue IM use. http://online.securityfocus.com/news/2241 *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.