NewsBits for February 19, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Hacker hits up to 8M credit cards Visa, MasterCard, Amex and Discover accounts are affected by security breach. Discover Financial Services and American Express joined the list Tuesday of credit card companies saying some of their cards had been affected by a hacker who breached the security system of a company that processes transactions on behalf of merchants. The other two companies affected are MasterCard and Visa. http://money.cnn.com/2003/02/18/technology/creditcards/index.htm http://www.latimes.com/technology/la-fi-hack19feb19,1,2558140.story http://www.washingtonpost.com/wp-dyn/articles/A27334-2003Feb18.html http://www.msnbc.com/news/874307.asp - - - - - - - - - - Dr. faces sex charges after Internet-organised meetings A young doctor met school-age girls through Internet chatrooms, arranged to meet them and later sexually attacked them, a court was told yesterday. Crown prosecutors made the claims against the doctor, who has name suppression, at the start of a depositions hearing in Wellington District Court yesterday. The man faces 13 charges of having sex with a 15-year- old, sexual violation, rape, indecent assault, sexual violation by unlawful sexual connection and stupefying with intent to commit a crime. Crown counsel Kate Feltham said there were nine female victims. The alleged offences took place in Dunedin, Waimate and Wellington. http://www.stuff.co.nz/stuff/0,2106,2270700a11,00.html - - - - - - - - - - Building executive held on teen sex charges A 52-year-old Wheaton man was ordered held on $50,000 bond Saturday after being accused of engaging in a sex act with a 14-year-old girl he met in an Internet chat room. Thomas Garling, a vice president at a suburban construction company who lives with his wife and two children at 209 White Oak Drive, is accused of driving the girl from her Norridge home to a nearby Cook County forest preserve and sexually abusing her there Jan. 20, authorities said. http://www.dailyherald.com/search/main_story.asp?intID=3766894 - - - - - - - - - - DoD mailing lists left wide open A semblance of order has been restored to US Department of Defence mailing lists after an automated attempt to inject the Klez virus onto two lists indirectly led to a message storm. Although the infectious attachment was stripped out, the message text (which as is common with Klez came from a spoofed email address) made its way onto the two supposedly moderated lists (including the DoD news list) on Friday morning (February 14). http://www.theregister.co.uk/content/56/29393.html - - - - - - - - - - Cyber-terror more than a mouse click Nothing much worse than the spotty service they already receive from their utilities and internet service providers, according to an expert who recently modelled the scenario with US Government war-game honchos and industry leaders. "The idea that the US collapses with one keystroke is clearly false and intended to frighten children," says Richard Hunter, vice-president and research director at Gartner, the Stamford, Connecticut, research company that conducted the high-tech war games. http://www.smh.com.au/articles/2003/02/18/1045330583568.html - - - - - - - - - - States take first step toward cyberthreat sharing Thirteen states, led by New York, last weekend conducted a communications exercise that could lead to a new, multistate information sharing and analysis center. The ISAC, which would pool cyberthreat data gathered by states, is led by William Pelgrin, director of the New York City Office of Cyber Security and Critical Infrastructure. http://www.gcn.com/vol1_no1/daily-updates/21169-1.html - - - - - - - - - - ACLU Challenges Wire-Tap Decision The American Civil Liberties Union and the National Association of Criminal Defense Lawyers, along with Arab-American groups, petitioned the Supreme Court on Tuesday to review the decision by a secret court to broaden the government's ability to conduct secret surveillance. The petition argues that Arab-American citizens are so wary of surveillance that "some have become reluctant to express their political views publicly for fear that doing so will provoke FBI surveillance." http://www.wired.com/news/privacy/0,1848,57725,00.html - - - - - - - - - - Bill could force Net pedophiles to pay out Rep. Lauri Clapp wanted to pass a law creating a felony for sending pornography to a child or soliciting sex from a person posing as a child on the Internet. But the new crimes would have cost $4.2 million over the next five years for new prisons, so Clapp decided to amend the bill to allow people who find Internet pedophiles to sue them in civil court. http://www.denverpost.com/Stories/0,1413,36%257E61%257E1186915,00.html - - - - - - - - - - Hollywood to pay informers to nab Asian pirates Hollywood is seeking informers to combat hi-tech and often heavily armed Asian pirate gangs, which are flooding the world with cheap DVDs and robbing U.S. cinema of $640 million a year, an industry official said on Wednesday. Michael Ellis, Asia- Pacific anti-piracy head for the Motion Picture Association, said his organization had put aside $150,000 to reward informers whose tips lead to successful police raids on illegal DVD factories. http://zdnet.com.com/2110-1105-985140.html Maker of DVD-copying software offers anti-piracy reward DVD-copying software is offering $10,000 bounties for tips about people who are using the product to pirate movies -- but the company says the move is not directly related to its legal fight with Hollywood. In the first week after offering the rewards Feb. 11, 321 Studios did not field any tips of suspected piracy -- and does not expect that to change, said Robert Moore, 321's founder and president. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/5215875.htm http://www.wired.com/news/digiwood/0,1412,57730,00.html http://www.usatoday.com/tech/news/2003-02-19-dvd-software-reward_x.htm - - - - - - - - - - ISPs help government to sink pirates The UK government has turned to Internet service providers to help in its fight against pirate radio stations. As part of its move to widen the scope of its attack against illegal broadcasters, the Radiocommunications Agency (RA) is increasingly asking ISPs to close down the Web sites that promote these stations. http://news.zdnet.co.uk/story/0,,t269-s2130717,00.html - - - - - - - - - - Microsoft tries to cook Hotmail spammers Microsoft is turning up the heat on spam, filing a lawsuit to go after people it suspects of having harvested e-mail addresses from its Hotmail servers to spam subscribers. Microsoft on Thursday filed a so-called John Doe suit in the federal court for the northern district of California in San Jose. The suit doesn't name defendants, but allows the plaintiff the power to issue subpoenas as part of the investigative phase of the trial. http://zdnet.com.com/2100-1104-985018.html http://news.zdnet.co.uk/story/0,,t269-s2130689,00.html http://www.msnbc.com/news/874613.asp http://www.theregister.co.uk/content/6/29382.html - - - - - - - - - - Marketers to gather spam-filter complaints A group of e-mail marketers on Tuesday set up an Internet forum for people to air grievances about spam filters--which can swallow legitimate messages along with the targeted commercial come-ons. The Email Service Providers Coalition-- a group whose members are responsible for delivering billions of commercial messages to consumers-- designed a forum for people to report missing e-mail that is presumably caught in spam traps, or what are called "false positives." http://zdnet.com.com/2100-1105-985023.html http://news.zdnet.co.uk/story/0,,t269-s2130734,00.html How to Can the Spam http://www.msnbc.com/news/873092.asp Internet fridge plots spam diet http://www.vnunet.com/News/1138894 - - - - - - - - - - NHS builds fraud detection system The NHS hopes to slash its losses through fraud by up to 40 per cent over the next three years, using data analysis and visualisation software from business intelligence company SAS. The NHS Counter Fraud Service (CFS) will deploy a new fraud detection system that uses neural networking developed by SAS to predict where fraud is most likely to occur. http://www.vnunet.com/News/1138913 - - - - - - - - - - VoiceCon: Government voice, data are converging Despite continuing security concerns, the federal government is moving faster than the private sector into voice over IP technology, a security expert said yesterday at the VoiceCon 2003 conference in Washington. http://www.gcn.com/vol1_no1/daily-updates/21162-1.html - - - - - - - - - - Oracle patches half-dozen flaws Next-Generation Security Software, the British security firm that discovered the bug that allowed the Slammer worm to proliferate last month, has discovered a six-pack of flaws in Oracle's newest database product. Redwood Shores, Calif.-based Oracle released patches for the six vulnerabilities-- four deemed critical and two merely serious-- last week. http://zdnet.com.com/2100-1104-985012.html http://news.zdnet.co.uk/story/0,,t269-s2130688,00.html - - - - - - - - - - Antivirus Software Ships for LindowsOS The first antivirus software tuned specifically for Lindows.com's Linux-based desktop operating system is now available, the company says. The downloadable software, called VirusSafe, is based on Central Command's Vexira Antivirus for Linux Workstation software. Lindows.com adjusted it to integrate it with the LindowsOS operating system, says John Bromhead, Lindows.com's vice president of marketing. http://www.pcworld.com/news/article/0,aid,109428,00.asp - - - - - - - - - - New security device locks down 'Net connected apps Teros, formerly Stratum8 Networks Inc., on Tuesday announced version 2.0 of its Teros-100 Application Protection System (APS), a security appliance designed to protect applications connected to the Internet against cyberattacks. http://www.idg.net/ic_1185197_9716_1-5046.html - - - - - - - - - - Watch out for those malicious referrer links Bloggers were warned this week to raise their guard against posting potentially malicious referrer links into their Web logs. It's potentially easy to hijack blogs through mendacious JavaScript code, a posting on one Web log (kasia in a nutshell) notes. So the message is to double check referrers to make sure they link to a valid site, with links back to the blogger's site (if you will). http://www.theregister.co.uk/content/55/29396.html - - - - - - - - - - If the Supreme Court Holds That Public Libraries Cannot Require Software Filters, Are There Other Ways to Protect Children on the Web? On March 5, the Supreme Court will hear oral argument in a case involving the Children's Internet Protection Act (CIPA). CIPA mandates that public libraries cannot receive certain types of important federal funding unless they comply with a condition: They must install, on their publicly accessible computers, filtering software that attempts to block the user - whether an adult or a minor - from accessing obscenity or child pornography, both of which are illegal. http://writ.news.findlaw.com/hilden/20030218.html - - - - - - - - - - Remote Users Are The Weakest Link Say there's a remote worker who connects to the corporate net through a VPN, and to the Internet via broadband and a Wi-Fi hub. Is this user a threat to corporate data? You bet: That broadband link could be vulnerable to a hacker, who could then "piggyback" into the VPN. That's just one of the remote-security scenarios that keeps IT security pros awake at night. With more and more employees telecommuting, guarding the remote links is turning into a major challenge. http://www.techweb.com/tech/security/20030219_security - - - - - - - - - - Bill of Rights under a new assault The Bush administration's hostility to our fundamental liberties is unrelenting. Not content with ramming the contemptibly named ``USA Patriot Act'' through a sadly compliant Congress in the wake of the Sept. 11, 2001, attacks, the White House and its forces are lining up for another whack at the Bill of Rights. Draft legislation from Attorney General John Ashcroft's law-enforcement gnomes is making the rounds. It's apparently being called the ``Domestic Security Enhancement Act,'' but think of it as ``UnPatriot II.'' http://www.siliconvalley.com/mld/siliconvalley/5214082.htm - - - - - - - - - - Does London mayor's 'ring of steel' breach UK Data Act? London mayor Ken Livingstone's claims earlier this week that the capital's new charge zone cameras had a security aspect raised numerous questionmarks, not least of them being the one over Transport for London's registration under the Data Protection Act. Livingstone in the past few days has performed something of a somersault, to the extent that he now thinks the terrorist-stopping powers of the zone cameras are so great that they should and would be retained even if the original road- charging purpose turned out to be a complete failure. http://www.theregister.co.uk/content/6/29390.html - - - - - - - - - - DOD taps Harris for crypto work Defense Department officials soon will get their hands on the first advanced cryptographic software prototypes developed by Harris Corp. in support of the Joint Tactical Radio System (JTRS). JTRS uses software-centric radios that can be programmed to patch users into various radio frequencies. Radios in use today were designed to work in a specific frequency range, and each of the military services has used its own frequency. Joint tactical radios can be programmed for any waveform. http://www.fcw.com/fcw/articles/2003/0217/web-jtrs-02-19-03.asp - - - - - - - - - - Sheriff's Dept.'s Use of Database Criticized A sophisticated Los Angeles County Sheriff's Department computer database aimed at identifying and tracking problem deputies is becoming unreliable because much of the information logged into the system is incomplete, inaccurate and often too old to be of value, according to a report released Tuesday. In addition, many department administrators and managers do not use the "early warning" database because they are ignorant of its capabilities, according to Merrick Bobb, a special counsel to the county Board of Supervisors who has monitored the Sheriff's Department for the last 10 years. (LA Times article, free registration required) http://www.latimes.com/technology/la-me-sheriff19feb19011430,1,5051953.story - - - - - - - - - - Brother's pain over online 'suicide' The brother of 21-year-old Brandon Vedas, who killed himself in front of a webcam after being urged to take drugs in a internet chat room, has told the BBC of his campaign to make chatrooms safer. Vedas, known online as "Ripper," took a large quantity of prescription drugs while in at his computer in Southern California. His last message to other chatters was: "I told u I was hardcore." http://news.bbc.co.uk/2/hi/technology/2773547.stm *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.