High Tech "NewsBits" for 03/04/03

NewsBits for March 4, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Man Pleads Guilty in Killing of Girl, 13, in Internet Sex Case A 25-year-old man pleaded guilty today to manslaughter and sexual assault charges in the death of a 13-year- old girl he met on the Internet. The man, Saul Dos Reis, of Greenwich, entered a plea under the Alford doctrine in the May 2002 killing of Christina Long. Under the plea, he did not admit guilt, but conceded that the state had enough evidence to convict him if his case went to trial. http://www.nytimes.com/2003/03/04/nyregion/04ABUS.html?th - - - - - - - - - - 7 arrested in Internet sex sting A Fayetteville man was among seven men arrested by investigators from the state Attorney General's office as part of an ongoing undercover "child sex sting" operation. Attorney General Mike Fisher and Dauphin County District Attorney Edward M. Marsico Jr. on Friday announced the arrest of Bob Pope, 40, of 11380 South Mountain Road. Fisher said the arrests are the result of an ongoing undercover Internet investigation initiated by agents with the Child Sexual Exploitation Task Force, part of Fisher's Bureau of Criminal Investigation. Fisher noted that since March 2001, the task force has made 32 arrests. http://www.publicopiniononline.com/news/stories/20030303/localnews/1098738.html - - - - - - - - - - Man arrested on Internet sex complaint A Broken Arrow man was arrested Friday on a federal complaint of using the Internet to entice a minor to engage in sex, the FBI said. Zachary Wayne Clark, 24, was arrested in Tulsa after he arranged to meet a 13-year-old girl he had been corresponding with on the Internet since October, FBI Special Agent Gary Johnson said. The "girl" was actually an undercover FBI agent, Johnson said. Clark was arrested about 2:45 p.m. by members of the Northeastern Oklahoma Innocent Images Task Force, which has been fighting child pornography and computer exploitation of minors since 2001. http://www.newsok.com/cgi-bin/show_article?ID=993267&pic=none&TP=getarticle - - - - - - - - - - Teacher pleads guilty to Internet child porn charge A teacher at a suburban Philadelphia high school pleaded guilty Monday to charges that he e-mailed child pornography to an FBI agent posing as a 12- year-old girl. Robert Lester, a social studies teacher at Upper Merion High School, faces up to five years in jail when he is sentenced in May, a prosecutor said. FBI agents arrested Lester in December after spending several months using America Online records to identify him as the person who sent a series of electronic messages to the agent, who was stationed in Cleveland. In one of the notes, authorities said, Lester boasted that he had had sex at his Havertown home with three teenage girls. Authorities later said they doubted the validity of Lester's claim, but charged him with e-mailing the agent photographs of children who appeared to be as young as 4 or 5 years old. http://www.zwire.com/site/news.cfm?newsid=7246976&BRD=2212&PAG=461&dept_id=465812&rfi=6 - - - - - - - - - - Calling time on mobile crime The mobile phone industry and police have teamed up in an initiative designed to clamp down on mobile phone crime. With all UK mobile phone networks now sharing information on a single database, once reported stolen or lost, mobile phones are blocked across all UK networks making them useless even if the SIM card has been changed. O2, for example, reported today that it has disabled just under 100,000 stolen mobile phones since the introduction of a comprehensive database last summer. There are now nearly half a million stolen handsets on the database, according to O2. http://www.theregister.co.uk/content/59/29571.html Phone thefts near half-million mark http://news.zdnet.co.uk/story/0,,t269-s2131406,00.html - - - - - - - - - - Security board swept out A new executive order that addresses some reorganization details for the Homeland Security Department completely eliminates the group responsible for overseeing the government's critical infrastructure protection efforts. The Feb. 28 executive order is mostly housekeeping, inserting the Homeland Security secretary into some old orders and eliminating or changing officials in others as functions transfer to the new department. http://www.fcw.com/fcw/articles/2003/0303/web-order-03-04-03.asp - - - - - - - - - - ACLU Defends Net Discussion Anonymity Messages about public figures in Internet chat rooms are akin to anonymous pamphlets like Thomas Paine's "Common Sense" and their authors should have the same right to keep their identities secret, advocates told Pennsylvania's highest court. The American Civil Liberties Union and a number of Internet companies have lined up to protect the identity of a person who alleged in a political online chat room that a state court judge behaved unethically. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/5312948.htm http://www.nandotimes.com/technology/story/791457p-5658032c.html http://www.cnn.com/2003/TECH/internet/03/04/email.flaw.reut/index.html - - - - - - - - - - Porn access debate hots up in Australia The Australian prime minister is looking at tightening legislation relating to underage access to online pornography, while ISPs argue that parents must take responsibility for their children's surfing. A think- tank whose new report has sparked a national outcry over underage access to pornographic Internet content has slammed Internet service providers' stance on filtering and blocking technologies as "irresponsible". http://news.zdnet.co.uk/story/0,,t269-s2131355,00.html - - - - - - - - - - Grokster exec: Lawsuit good for business The head of the online file-sharing network said on Tuesday that lawsuits by major record labels seeking to shut down the service helped raise its profile and attract millions of users and big-name advertisers. Grokster is one of three file-sharing services being sued by major music labels and Hollywood. Media executives have decried these outfits as piratical bazaars, claiming they let consumers trade all manners of copyright-protected materials for free, a phenomenon blamed for declining music sales. http://news.com.com/2100-1027-991013.html New legislation could amend DMCA http://zdnet.com.com/2110-1104-990989.html - - - - - - - - - - Study: Many companies lack disaster, continuity plans A U.S.-led war in Iraq that could spawn new terrorist attacks in the U.S. could be less than two weeks away, but that hasnt prompted many companies in the U.S. to invest adequately in disaster recovery, according to a new study released today by Dataquest Inc. The study, Investment Decisions: Preparing for Organizational Disasters, warns that unless companies invest immediately in disaster preparedness planning, as many as one in three could lose critical data or operational capability if a disaster occurred. http://www.computerworld.com/securitytopics/security/recovery/story/0,10801,79014,00.html - - - - - - - - - - Klez Won't Stop Making Net Rounds Like sleazy one-night stands, most e-mail viruses depart soon after they have had their way with their hosts. But Klez seems to have decided to establish a long-term relationship with Internet users. Klez, dubbed the world's most pervasive e-mail virus last May, is now also the most persistent Internet pest ever, according to representatives from antivirus firms Nod32, Sophos, Kaspersky, MessageLabs and Central Control. http://www.wired.com/news/infostructure/0,1377,57895,00.html - - - - - - - - - - Sendmail vuln. Patch now A serious flaw in Sendmail creates a way for attackers to take over email servers, security tools firm ISS warned yesterday. Sendmail has a buffer overflow vulnerability, enabling attacks (using maliciously- constructed emails) of servers. Sendmail technology is the transport mechanism for most of the Net's email traffic. http://www.theregister.co.uk/content/55/29557.html http://www.newsfactor.com/perl/story/20904.html http://www.cnn.com/2003/TECH/internet/03/04/email.flaw.reut/index.html http://news.zdnet.co.uk/story/0,,t269-s2131349,00.html http://www.computerworld.com/securitytopics/security/holes/story/0,10801,79021,00.html http://news.com.com/2100-1002-991041.html - - - - - - - - - - Flaw lets intruders sneak past defenses A popular open-source intrusion detection system known as Snort has a flaw that could allow an attacker to disable the software, a security company announced Monday. While for most companies the vulnerability isn't as serious as the Sendmail flaw unveiled Monday, the security hole could be used to take down the network alarm systems that might otherwise signal that a company is under attack, said Marty Roesch, creator of the open- source Snort program and president of Sourcefire, a company that sells security appliances based on the intrusion detection system. http://news.com.com/2100-1002-991012.html http://www.computerworld.com/securitytopics/security/holes/story/0,10801,79015,00.html - - - - - - - - - - Flaws in Apache 2.0 for Windows may hit takeup Widespread security holes in the latest Windows version of the Apache Web server may be hampering its success, according to a new study. Security problems may be hampering the adoption of Apache 2.0 for Windows, according to a new survey of Web servers. http://news.zdnet.co.uk/story/0,,t269-s2131405,00.html - - - - - - - - - - McAfee takes streamlined approach to security System administrators will be able to prioritise the scanning of applications and processes in Network Associates' latest offering. Network Associates' McAfee Security division on Tuesday announced the latest version of its antivirus software geared to secure a company's computers while increasing its performance. http://news.zdnet.co.uk/story/0,,t269-s2131407,00.html http://zdnet.com.com/2100-1105-990957.html - - - - - - - - - - System blends smart-card and biometric access Two intelligence agencies are testing a network access system that integrates the biometric and smart-card technologies of three companies. AC Technology Inc. of Herndon, Va., Cross Match Technologies Inc. of Palm Beach Gardens, Fla., and Sun Microsystems Inc. announced the as-yet unnamed product today but would not reveal the federal intelligence agencies that are testing it. http://www.gcn.com/vol1_no1/daily-updates/21289-1.html - - - - - - - - - - Net Hacker Tool du Jour: Google Why bother pounding at a website in search of obscure holes when you can simply waltz in through the front door? Hackers have recently done just that, turning to Google to help simplify the task of honing in on their targets. "Google, properly leveraged, has more intrusion potential than any hacking tool," said hacker Adrian Lamo, who recently sounded the alarm. http://www.wired.com/news/infostructure/0,1377,57897,00.html - - - - - - - - - - An Analysis of Simile Virus writers have always tried to develop new methods to make malware detection more difficult. For instance, encryption was a natural step in virus evolution when scanners started to use databases with scan strings for detection. When scanners started to handle encryption patterns generically, first oligomorphism (a limited form of polymorphism - the polymorphic decryptor can have a strictly limited, relatively small number of shapes) and then polymorphism were introduced. Then, as emulation was used more and more by antivirus programs, it became clear that new methods must be developed to hide the viral code. http://www.securityfocus.com/infocus/1671 - - - - - - - - - - Trustworthy Computing: What's next? A viral one-two punch--the Code Red and Nimda worms--convinced Microsoft in mid-2001 that security needed to become its top priority. That decision led directly to the creation of the company's Trustworthy Computing initiative. Company Chairman Bill Gates laid the groundwork for the program with an ambitious memo in January 2002 to employees, challenging them to improve the privacy and security of Microsoft software. The company subsequently halted much of its product development while about 8,500 developers were trained in secure programming and then reviewed the majority of the Windows code for security errors. Microsoft says the entire effort cost some $100 million. http://zdnet.com.com/2100-1105-990919.html - - - - - - - - - - Bush's Cyberstrategery The administration's war against a bogus threat. Seemingly innocuous movies occasionally have nasty, unintended consequences. Jaws creator Peter Benchley, for example, believes his tale of underwater mayhem has driven mankind to hunt several lethal shark species to the brink of extinction. Jodie Foster's bawdy turn in Taxi Driver helped stir would-be Reagan assassin John Hinckley Jr. to violence. And the 1983 Matthew Broderick vehicle WarGames convinced everyone that a lone hacker can wipe out the West Coast as easily as booting up Excel. http://slate.msn.com/id/2079549/ - - - - - - - - - - FBI describes IT improvement The FBI has been working hard to upgrade its outdated and highly criticized information technology systems, and still has much to do, FBI Director Robert Mueller told lawmakers today. "Over the years, we have failed to develop a sufficient capacity to collect, store, search, retrieve, analyze and share information," Mueller testified at a Senate Judiciary Committee hearing about the war against terrorism. "The FBI has embarked on a comprehensive overhaul and revitalization of our information technology infrastructure." http://www.fcw.com/fcw/articles/2003/0303/web-jud-03-04-03.asp - - - - - - - - - - Agencies are overcoming data-sharing barriers, officials say Federal agencies are making progress in overcoming "cultural" barriers and turf wars that once prevented them from sharing key information or data related to homeland security, a panel of officials said on Tuesday. After recognizing that a lack of integration may have hampered the United States from preventing the Sept. 11, 2001, terrorist attacks, federal employees are showing more zeal and willingness to collaborate and share information, Coast Guard Chief Information Officer (CIO) Nathaniel Heiner said at the 2003 Information Processing Interagency Conference here. http://www.govexec.com/dailyfed/0303/030403td1.htm *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.