NewsBits for February 14, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Bush unveils final cybersecurity plan The Bush administration signed off Friday on the final version of the United States' strategy for protecting the Internet and securing information systems. The policy statement, called the National Strategy to Secure Cyberspace, calls for the government to work with private industry to create an emergency response system to cyberattacks and to reduce the nation's vulnerability to such threats. http://news.com.com/2100-1001-984697.html http://www.usatoday.com/tech/news/2003-02-14-cybersecurity_x.htm http://www.msnbc.com/news/873089.asp http://www.washingtonpost.com/wp-dyn/articles/A7970-2003Feb14.html http://www.fcw.com/fcw/articles/2003/0210/web-cyber-02-14-03.asp Industry will work with government on cyberspace plan http://www.gcn.com/vol1_no1/daily-updates/21156-1.html Bush details threat integration http://www.fcw.com/fcw/articles/2003/0210/web-threat-02-14-03.asp Threat center draws praise, questions http://www.fcw.com/fcw/articles/2003/0210/web-ttic-02-14-03.asp First responders in 'dire need' http://www.fcw.com/geb/articles/2003/0210/web-home-02-13-03.asp http://www.govexec.com/dailyfed/0203/021403cd1.htm - - - - - - - - - - FTD.com hole leaks personal information A security flaw at FTD.com left private information open to harvesting this week, one of the busiest of the year for the online florist. The flaw allowed a person to use a modified "cookie" to easily access customer information from the company's servers, said Gerald Quakenbush, an information security analyst for Internet and e-business consulting service Fusion Alliance. Cookies are snippets of data that reside on a person's computer, linking that PC to information and personalized sites on the Web. http://zdnet.com.com/2100-1105-984585.html http://news.zdnet.co.uk/story/0,,t269-s2130497,00.html - - - - - - - - - - Man Arrested in Internet Sex Tryst Sting A 28-year-old man who allegedly believed he was about to meet a 13-year-old girl for sex was arrested by undercover agents this week as he entered a Salt Lake City junior high school, expecting the illegal tryst, authorities said. The "13-year-old" he met online actually was an undercover agent, and on Wednesday Robbie Simpson was charged in U.S. District Court with coercion and enticement for illegal sexual activity with a minor. http://www.sltrib.com/2003/Feb/02142003/utah/29411.asp - - - - - - - - - - Kulpmont teen faces child porn charges A 19-year-old Penn State student from Kulpmont has been arrested on child pornography charges, police said. Kyle Joseph Snarski was arraigned last week on two counts of sexual abuse of children and one count of criminal use of a communication facility relating to incidents that occurred between Nov. 21 and Jan. 27 at his apartment on Vairo Boulevard in State College. According to state police, an officer located a chat-room user who was offering child pornography to download. The computer was tracked to a suspect in Texas, where a computer forensic analyst was able to trace users who allegedly uploaded those pornographic images, some featuring children who appeared as young as 8 years old. http://www.zwire.com/site/news.cfm?newsid=7050375&BRD=2311&PAG=461&dept_id=482260&rfi=6 - - - - - - - - - - Ex-professor sentenced on child porn charges A former UL Lafayette professor who was convicted of possessing child sex videos and thousands of computer images of child pornography has been sentenced to four years and nine months in prison. Anthony R. Venson, 42, of Youngsville, was a civil engineering professor at the university in fall 2000. It was during that time that prosecutors said he ordered videos of young girls involved in sex acts from an undercover agent posing as a pornography dealer. http://www.nola.com/newsflash/louisiana/index.ssf?/newsflash/get_story.ssf?/cgi-free/getstory_ssf.cgi?n3094_BC_LA--Professor-Porn - - - - - - - - - - Bogus Alerts Target PayPal Users PayPal users are under attack by an increasingly sophisticated series of e-mail worms. Since the beginning of the year, at least four e-mail messages disguised as security upgrade announcements from the financial service have hit users' inboxes. While some of the virus-bearing messages are riddled with typos and are relatively easy to spot as frauds, most use perfect grammar. All the recent attacks include links to legitimate PayPal URLs instead of to phony sites. http://www.wired.com/news/ebiz/0,1272,57673,00.html - - - - - - - - - - Former Orange person charged with voucher theft A man is to appear at Teesside Crown Court next month charged with fraudulently obtaining more than PS9,000 in mobile phone vouchers while working at Orange's call centre in Darlington. The man from Yorkshire was granted unconditional bail by magistrates in Darlington, according to a report by the Northern Echo. http://www.theregister.co.uk/content/59/29332.html - - - - - - - - - - Catherine Zeta-Jones lacks pulling power Promise of glamour pics fails to trick users into downloading malware. A canny virus writer has jumped on the current Catherine Zeta-Jones publicity bandwagon to spread a new worm. But internet users seem less than impressed. http://www.vnunet.com/News/1138788 http://www.usatoday.com/tech/news/2003-02-14-worm-jones_x.htm - - - - - - - - - - CIPA Porn Law Appeal Reaches Supreme Court Freedom of speech advocates have begun filing briefs in the Supreme Court seeking to uphold a Philadelphia federal appeals court ruling that the Children's Internet Protection Act (CIPA) was in violation of the First Amendment. Oral arguments in the U.S. Justice Department appeal to have the decision overturned is scheduled to begin in the Supreme Court on March 5 where a final decision will be made on the controversial law, which seeks to regulate inappropriate content and install content filtering technology in public libraries nationwide. http://www.internetnews.com/bus-news/article.php/1584251 - - - - - - - - - - Court Gives Cops a 'Do-Over' If Mistake Made in 1st Warrant The Utah Court of Appeals created a quick fix Thursday for police who seize evidence illegally by failing to knock before they execute a search warrant. In a decision that arms prosecutors in their child pornography case against a former Utah State University student, the appeals court held police can try again via a second search warrant. Prosecutors must show information gained from the illegal entry did not affect officers' decision to seek a second warrant or a judge's decision to grant it. The ruling came in the case of Tyler Zesiger, charged with 10 counts of sexual exploitation of minors for allegedly running a Web site out of his dormitory room that allowed access to child porn. http://www.sltrib.com/2003/Feb/02142003/utah/29396.asp - - - - - - - - - - NIPC to hackers: Dont try this at home While the Bush administration drafts its cyberwar rules, the FBIs National Infrastructure Protection Center is warning off volunteers who want to lend a hand by launching their own attacks against foreign enemies. The U.S. government does not condone so- called patriotic hacking on its behalf, the NIPC said in an advisory this week. Regardless of the motivation, the NIPC reiterates that such activity is illegal and punishable as a felony. http://www.gcn.com/vol1_no1/daily-updates/21154-1.html - - - - - - - - - - Hollywood targets corporations to fight illegal downloading Movie studios and record labels are taking their case against illegal Internet downloads directly to corporations, where much of the offending action allegedly occurs. The Recording Industry Association of America and the Motion Picture Association of America are sending a six-page brochure to Fortune 1000 corporations with suggested corporate policies and even a sample memo to employees warning them against using company computers to download songs and movies over the Web. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/5178283.htm http://www.wired.com/news/business/0,1367,57685,00.html http://www.nandotimes.com/technology/story/763743p-5506174c.html http://www.usatoday.com/tech/news/techpolicy/2003-02-14-anti-piracy_x.htm http://www.cnn.com/2003/TECH/industry/02/14/illegal.downloading.ap/index.html http://www.washingtonpost.com/wp-dyn/articles/A5015-2003Feb13.html - - - - - - - - - - What Symantec Knew But Didn't Say Security firm Symantec withheld information about at least one big cyberthreat for hours after spotting it, possibly harming millions of Internet users. Symantec claims to have identified the Slammer worm that ravaged the Internet during the last weekend of January hours before anyone else did. Symantec then shared the information only with select customers, leaving the rest of the global community to get slapped around by Slammer. http://www.wired.com/news/infostructure/0,1377,57676,00.html - - - - - - - - - - Hacker insurance set to rocket Value of hacker policies still unclear though, warn analysts. Company spending on hacker insurance is set to rocket from $100m (PS62m) to $2.5bn (PS1.55bn) by 2005 in the US, according to industry estimates. In January, the hacker insurance market increased as many existing commercial general liability policies expired and were replaced by policies containing explicit exclusions for hacker-related losses. http://www.vnunet.com/News/1138789 - - - - - - - - - - Use common sense when posting to Internet, officials say Recent advances in technology have Air Force officials urging airmen to use common sense and remember operations security when posting on the Internet. An item of special concern is the placement of photos of forward operating bases on personal Web sites. What has officials worried is the possibility of adversaries collecting those photos and using them to plan attacks against U.S. forces. http://www.af.mil/news/Feb2003/21403404.shtml - - - - - - - - - - Make Love To Your IT Manager on Valentine's Day Microsoft is appealing to computer users to save their IT Managers' heartache this Valentine's Day by...being vigilant and guarding against computer viruses. It does this through a press notice titled: Microsoft Launches Nationwide Appeal to UK Businesses: "Make Love To Your IT Manager this Valentine's Day". Unfortunately the attached notice fails to live up to this headline (how could it?). http://www.theregister.co.uk/content/56/29322.html - - - - - - - - - - Innocence Lost "Hello. This is Naomi. I hope you like my pictures." An innocent face, an innocent introduction. Innocence is Naomi's selling point, but it is as much commodity as it is artifice. Wearing a come-hither outfit and expression, Naomi models for money on the Internet, apparently with her parents' consent. The consent is vital. Naomi is just 14 years old. It's a growing industry called child erotica. Perhaps unsettling, it's perfectly legal, and profitable. http://www.wpmi.com/Global/story.asp?S=1130515&nav=3w5MDzL4 - - - - - - - - - - WLAN security still dismal - survey The security of London's wireless networks remains pitifully slack. The second annual survey of WLAN security revealed the number of wireless networks deployed in businesses across London has grown 300 per cent in the past year. However the increased popularity of wireless networks hasn't been matched by realisation of the importance of extending proper security policies to WLANs. http://www.theregister.co.uk/content/55/29337.html - - - - - - - - - - A Short History of Computer Viruses and Attacks 1945: Rear Admiral Grace Murray Hopper discovers a moth trapped between relays in a Navy computer. She calls it a "bug," a term used since the late 19th century to refer to problems with electrical devices. Murray Hopper also coined the term "debugging" to describe efforts to fix computer problems. 1949: Hungarian scientist John von Neumann (1903-1957) devises the theory of self- replicating programs, providing the theoretical foundation for computers that hold information in their "memory." http://www.securityfocus.com/news/2445 *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.