NewsBits for March 13, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Police arrest 43 in child porn raids Officers working on Operation Ore, the UK's Internet child pornography initiative, have arrested another 43 suspects in the London area. British police said on Thursday they had arrested 43 men on suspicion of having downloaded and distributed images of child abuse on the Internet. The men are suspected of having accessed pay-per-view child porn Web sites and exchanged images of children being abused, a police spokesman said. http://news.zdnet.co.uk/story/0,,t269-s2131873,00.html http://www.cnn.com/2003/TECH/internet/03/13/britain.porn.reut/index.html - - - - - - - - - - Watered-down Code Red returns Security experts said Wednesday there was little cause for alarm from a minor new variant of the destructive Code Red worm that began circulating this week. Code Red.F, which differs from the original Code Red by only two bytes, began spreading Tuesday, according to reports from security software makers Symantec, McAfee and F-Secure. The new variant is detected by existing virus signatures for Code Red, according to the companies, and is blocked by patches for Microsoft's Internet Information Server (IIS), which most administrators installed before or during the original Code Red outbreak. http://zdnet.com.com/2100-1105-992361.html http://news.zdnet.co.uk/story/0,,t269-s2131857,00.html http://www.vnunet.com/News/1139439 http://www.newsfactor.com/perl/story/20990.html - - - - - - - - - - Yaha Virus Uses Netizens as Pawns An e-mail worm that appears to be yet another salvo in a yearlong war between opposing groups of virus writers and hackers hit the Net Wednesday. According to the Indian Snakes, authors of the worm known as Yaha, the latest worm was written to retaliate against Pakistani hackers who, the Snakes charge, are defacing websites based in India. http://www.wired.com/news/infostructure/0,1377,58026,00.html - - - - - - - - - - Password-stealing e-mails spread Beware any e-mail, however professional in tone, that asks for personal account information. Internet users continue to be flooded with legitimate-looking e-mails that ask recipients to enter account numbers, passwords, and other data. A new con aimed at Discover Card holders is just the latest in a long line of scam e-mails sent by con artists trying to hijack accounts at AOL, PayPal, eBay and other online firms. http://www.msnbc.com/news/884810.asp - - - - - - - - - - Securing cyberspace against attacks The National Infrastructure Protection Center (NIPC) in February issued a public advisory to heighten awareness of an increase in global hacking activities resulting from the growing tensions between the United States and Iraq. According to NIPC, during times of increased international tension, illegal Internet activities escalate. http://www.usatoday.com/tech/columnist/ericjsinrod/2003-03-13-sinrod.htm - - - - - - - - - - Pakistan sets up cyber crime wing A Pakistani security agency has launched a special wing to combat cyber crimes in part because the country had to rely on U.S. investigators to trace e-mails sent by the kidnappers of American journalist Daniel Pearl a year ago. "The purpose of establishing the National Response Center for Cyber Crimes is to stop misuse of the Internet and trace those involved in cyber-related crimes," Iftikhar Ahmad, spokesman for Pakistan's Interior Ministry, told The Associated Press on Wednesday. http://www.cnn.com/2003/TECH/internet/03/13/pakistan.cyber.ap/index.html http://www.wired.com/news/conflict/0,2100,58033,00.html - - - - - - - - - - Anti-Terror Pioneer Turns In the Badge On Feb. 21, the last day of an 11-year White House marathon, Richard A. Clarke walked into his office and turned in a gear bag fit for a Hollywood spook. From pockets and cases he shed an encrypted mobile phone, a satellite phone, a "priority service" mobile phone, a secure home phone and still another government cell phone. Then came a .357 Magnum SIG-Sauer semiautomatic with jacketed hollow-points, and the special deputy U.S. marshal's badge that went with it. http://www.washingtonpost.com/wp-dyn/articles/A17694-2003Mar12.html - - - - - - - - - - Database links some 'virtual' child porn to real victims Investigators whose ability to crack down on "virtual" child porn was limited by the courts have turned to a network of computer databases to prove that kids depicted in online images actually exist. Using programs that compare digital pictures like an analyst compares fingerprints, agents are able to automatically scan images seized from suspects and see whether the same photograph has turned up in a previous investigation. http://www.usatoday.com/tech/news/techpolicy/2003-03-13-porn-database_x.htm - - - - - - - - - - Pornography Prevalent on File-Sharing Services Popular Internet services that allow computer users to swap music and video clips also are an easy and free-flowing conduit for pornography, including images of minors, according to two congressional reports to be released today. Teenagers -- who are among the heaviest users of sharing services -- might accidentally be exposed to pornographic files because they often have innocuous labels that users often seek, the reports say. And parents might not realize how much pornography is available on the services, according to the studies produced by the General Accounting Office and the House Committee on Government Reform. http://www.securityfocus.com/news/3107 http://zdnet.com.com/2100-1105-992471.html http://news.com.com/2100-1025-992471.html http://www.washingtonpost.com/wp-dyn/articles/A17695-2003Mar12.html http://www.msnbc.com/news/884671.asp Kazaa in child porn investigation http://news.zdnet.co.uk/story/0,,t269-s2131871,00.html - - - - - - - - - - Net Gambling:To Ban or Not to Ban A small bipartisan group of lawmakers wants to let states regulate and tax Internet gambling, even as others in Congress renew efforts to ban the burgeoning form of wagering. Rep. John Conyers (D-Mich.) introduced legislation that would pave the way to legalizing Internet gambling in states interested in licensing, overseeing and collecting taxes from the growing industry. http://www.wired.com/news/business/0,1367,58035,00.html http://www.nandotimes.com/technology/story/805304p-5732719c.html - - - - - - - - - - MS, Hollywood: Mob rules pirate world Hollywood and Microsoft are uniting to warn Congress that their intellectual property is being stolen and resold by organized-crime gangs around the globe. Software and movie DVD counterfeiting is an acute problem, with criminal gangs operating factories in Russia, Malaysia and other countries that have weak copyright laws, Microsoft and the Motion Picture Association of America (MPAA) said Thursday. http://zdnet.com.com/2100-1105-992468.html - - - - - - - - - - OMB honing privacy guidance Federal agencies should have new privacy guidance from the Office of Management and Budget by April, highlighting changes in requirements set out in the E-Government Act of 2002. In Section 208, the act sets out the first major changes to federal privacy policies since the Privacy Act of 1974. It updates requirements for agencies to perform privacy impact assessments on every information system and program, and it codifies OMB's policy for agencies to put clearly marked privacy policies on their Web sites. http://www.fcw.com/fcw/articles/2003/0310/web-guide-03-13-03.asp - - - - - - - - - - Opera in fresh browser security drama Opera today released a fix for a serious security flaw with its browser which could let crackers load and execute malicious code on victim's PCs. The vulnerability, which involves both version 6.x and 7.x of the browser, revolves around incorrect handling of very long filenames in the Opera's Download Dialog box. "This allows a malicious Web site to create a filename that causes a buffer overflow which can be exploited to execute arbitrary code," an advisory by security outfit Secunia explains. "Exploits are in the wild for Windows," it warns. A Download Dialog box can be spawned automatically, without user interaction, so the exploit is far more likely to trap unwary users. http://www.securityfocus.com/news/3104 - - - - - - - - - - GSA approves another PKI technology for bridge The General Services Administration today approved another vendors public key infrastructure technology as technically compatible with the Federal Bridge Certification Authority, opening the door for more agencies to join the authority. The approval will let agencies apply to the Federal Bridge and make their digital certificates compatible with those of other agencies. The Drug Enforcement Agency, with UniCERT PKIs developed by Baltimore Technologies Inc. of Needham, Mass., is one such agency. http://www.gcn.com/vol1_no1/daily-updates/21397-1.html - - - - - - - - - - Spam's Cost To Business Escalates The flood of unsolicited messages sent over the Internet is growing so fast that spam may soon account for half of all U.S. e-mail traffic, making it not only a hair-pulling annoyance but also an increasing drain on corporate budgets and possibly a threat to the continued usefulness of the most successful tool of the computer age. http://www.washingtonpost.com/wp-dyn/articles/A17754-2003Mar12.html - - - - - - - - - - Judge: Sheriff can't stream jailhouse images on the Internet Maricopa County Sheriff Joe Arpaio will not be able to feed jailhouse images to the Internet, a U.S. District Court judge has ruled. Judge Earl Carroll took 16 months to issue the preliminary injunction, which is in effect until a lawsuit involving Arpaio's defunct jailcam is resolved. Donna Hamm of Middle Ground Prison Reform, an inmate advocacy group, which brought the suit, hailed Tuesday's ruling, saying it puts her group in a good position to permanently black out the camera. http://www.usatoday.com/tech/news/techpolicy/2003-03-13-jail-cam_x.htm - - - - - - - - - - Senate panel votes for Hill oversight of passenger-screening system As defense and privacy experts prepared to debate the government's increased use of technologies to mine data for terrorist activity on Thursday, Sen. Ron Wyden, D-Ore., announced committee passage of his amendment to provide congressional oversight of an airline-passenger screening system. http://www.govexec.com/dailyfed/0303/031303td1.htm - - - - - - - - - - Internet parolee database goes online in Georgia Georgia unveiled an Internet database Thursday that allows people to see if parolees live in their neighborhood. The Web site has a complete database of more than 21,000 parolees and allows users to search by ZIP code, name or prison identification number. http://www.usatoday.com/tech/news/2003-03-13-parole-database_x.htm - - - - - - - - - - Police video ID parades go national Viper system rounds up the usual suspects in a fraction of the time. A Linux-based system which creates video identity parades for police forces is to be the core of a national video identity system. The Video Identity Parade Electronically Recorded (Viper) system was developed by West Yorkshire Police. http://www.vnunet.com/News/1139444 *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.