NewsBits for March 25, 2003 sponsored by,
Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu
************************************************************
Alleged virus creator detained in Sweden
Swedish police said Tuesday they detained the creator
of a computer virus that had tried to trick recipients
into opening and spreading it by offering war-related
messages. Police said the virus, dubbed Ganda, clogged
thousands of computers worldwide last week, reproducing
itself by sending out e-mail messages offering screen
savers with names like "Spy pics" and "Go USA."
A message hidden in the virus helped Swedish
investigators trace the suspect to Haernoesand,
250 miles north of the capital, Stockholm,
police spokesman Torbjoern Ull said.
http://www.siliconvalley.com/mld/siliconvalley/5478937.htm
http://www.theregister.co.uk/content/56/29936.html
- - - - - - - - - -
Al-Jazeera Web Site Enduring Hack Attack
Hackers attacked the Web site of Arab satellite
television network Al-Jazeera on Tuesday, rendering
it intermittently unavailable, the site's host said.
The newly launched English-language page, which went
live Monday and posted images of the corpses of U.S.
soldiers killed in Iraq, was hardest hit in a bombardment
of data packets known as a denial-of-service attack.
Ayman Arrashid, Internet system administrator at the
Horizons Media and Information Services, the site's
Web host, said the attack began Tuesday morning local
time.
http://www.siliconvalley.com/mld/siliconvalley/5478404.htm
- - - - - - - - - -
BSO says Davie man, 34, arrested at rendezvous with 16-year-old girl
A 34-year-old Davie man was arrested in Manatee County
over the weekend on a child porn charge after he arrived
for a sexual rendezvous with a 16-year-old girl he'd
met over the Internet, the Broward Sheriff's Office
said on Monday. David Charles Budina remains in custody
in Bradenton in lieu of $126,000 bond after his arrest
on three counts of sexual activity with a minor, two
counts of transmission of harmful material to a minor
by electronic device, and one count of computer pornography.
BSO spokeswoman Veda Coleman-Wright said Budina met
his 16-year-old victim in an AOL online chat room
using the screen name "Flyfedave."
http://www.sun-sentinel.com/news/local/southflorida/sfl-324childporn,0,4118870.story
- - - - - - - - - -
Former Police Chief Convicted On Porn Charges
A former Radcliff police chief has been found guilty
of receiving child pornography by a federal jury in
Louisville. The U.S. attorney's office said today that
59-year-old John Patrick Farrelly was found guilty after
a three-day trial in U.S. District Court. Farrelly was
the former police chief at Radcliff and coordinator
of the Hardin County 911 Center. Federal agents seized
Farrelly's work computer from the Hardin County 911
Center and conducted a review of the history and memory
of the computer. The investigation revealed that Farrelly
had received images of child pornography and accessed
child pornography Web sites as far back as 1999.
http://www.wave3.com/Global/story.asp?S=1196309&nav=0RZFEnLB
- - - - - - - - - -
Former Iowa State Coach Pleads Innocent To Porn Charges
A former Iowa State assistant basketball coach pleaded
innocent Monday to child pornography charges. Randall
Brown made his plea in U.S. District Court and remains
free on his own recognizance. His trial was tentatively
set for mid-May. According to an affidavit, U.S. Postal
Inspection Service investigators seized computers from
Brown's home and office Jan. 24. On the computers were
pictures of minors engaged in sexually explicit conduct.
Brown also is accused of destroying disks containing
additional images, even though he had been warned not
to destroy evidence, the affidavit said. Linda Jensen,
a U.S. Postal Inspection Service spokeswoman, declined
to say what led authorities to Brown.
http://www.sportsline.com/collegebasketball/story/6274610
- - - - - - - - - -
Program targets Windows 2000 flaw
A Venezuelan security consultant has released a small
program designed to compromise Microsoft Internet
Information Service servers that haven't had a recent
security hole patched. Monday's public release of the
program's source code--known in security parlance as
an exploit--will allow less technically knowledgeable
system administrators to test for the existence of
the vulnerability or allow less skillful miscreants
to attack servers. "I released (the code) to enlighten
the public and to promote system security for
administrators unfamiliar with these exploits,"
said Rafael Nunez, information security consultant
for Scientech de Venezuela and a former hacker who
used the handle "RaFa."
http://zdnet.com.com/2100-1105-993946.html
http://www.computerworld.com/securitytopics/security/holes/story/0,10801,79701,00.html
Experts: Windows flaw is serious
http://zdnet.com.com/2100-1105-993983.html
- - - - - - - - - -
Writers of Viruses Get Politics Bug
The war hasn't spawned new viruses. Instead, the same
old viruses are being sent with new subject lines in
the e-mail, said Roger Thompson, director of malicious
code for Herndon, Va.-based anti-virus specialist
TruSecure. Computer viruses that a couple of weeks
ago promised photos of naked women as an enticement
may now claim to have a satellite photo of the war
scene in Iraq. If you get an e-mail that mentions
Iraq in the subject line, be doubly cautious. It
may contain a computer virus.
http://www.newsfactor.com/perl/story/21090.html
- - - - - - - - - -
Scam casts doubt on eBay's anti-fraud software
Robert Beck suspended his distrust of online auctions
last month and went for a top-of-the-line speaker system.
He cast a winning bid of $1,900, paid by credit card and
waited for his first eBay purchase. The speakers never
arrived. Last week, detectives confirmed to the 25-year-
old engineer that the sellers, an Arizona couple, had
cashed out their bank account and fled town. The couple
allegedly stole more than $100,000 from more than 500
bidders. The case has cast suspicion on eBay Inc.'s
anti-fraud software, which the San Jose-based company
installed nearly a year ago to counter complaints
about fly-by-night sellers.
http://www.siliconvalley.com/mld/siliconvalley/news/editorial/5475527.htm
- - - - - - - - - -
Huawei admits to a little copying
Huawei Technologies said in court papers filed this week
that it used some of Cisco Systems' source code in its
routers. But the Chinese manufacturer said the copying
was inadvertent and involved far less code than Cisco
claims. Huawei also said the offending code has since
been removed. Even so, Cisco said in a statement,
the admission is "further evidence that Huawei has
unlawfully acquired and used Cisco's intellectual
property."
http://news.com.com/2100-1035-994081.html
- - - - - - - - - -
House hearing offers clash over use of data mining
A coalition of privacy groups wants the U.S. Congress
to halt the creation of a federal database of airline-
passenger profiles until more details about who would
be included and how it would be operated are available.
Meanwhile, the White House's CIO questioned today at
a U.S. House of Representatives hearing whether that
data mining program would be effective. At that hearing,
a law professor and congressman disagreed over whether
Congress should regulate government data mining efforts,
while most witnesses praised the use of data analysis
for everything from reducing credit card abuse in
government to catching terrorists.
http://www.computerworld.com/securitytopics/security/privacy/story/0,10801,79702,00.html
- - - - - - - - - -
Expert wary about information misuse
As the government gears up its domestic security
program, the chief executive of a venture capital
firm founded by the CIA warns of the danger of
amassing a large, unified database that would be
available to government investigators--as some
technology executives have advocated. "I think
it's very dangerous to give the government total
access," said Gilman Louie, chief executive of
In-Q-Tel, a venture fund established by the CIA
in 1999.
http://news.com.com/2100-1009-994000.html
http://www.wired.com/news/business/0,1367,58191,00.html
- - - - - - - - - -
Two appointed to cybersecurity panel
The governor of Maryland and the CEO of Stanford Hospital
have been selected to join a national advisory panel
on cybersecurity. The White House on Monday announced
that Gov. Robert L. Ehrlich Jr. and Martha Marsh will
be appointed to the National Infrastructure Advisory
Council. President George W. Bush created the council
by executive order a month after the Sept. 11, 2001,
terrorist attacks. It is charged with providing advice
on "the security of information systems for critical
infrastructure" in areas such as banking, finance,
transportation, energy, manufacturing and emergency
government services.
http://zdnet.com.com/2110-1105-994013.html
- - - - - - - - - -
States Seen As Lax on Database Security
An overwhelming majority of states have failed
to require insurance companies to protect their
computerized data from hacking and other attacks,
according to a study that raises questions about
how aggressively states are tackling cybersecurity
overall. Only 14 states, including Virginia,
comply with federal mandates to help ensure
the protection of computer systems that hold
confidential information about millions of
people, the study found.
http://www.washingtonpost.com/wp-dyn/articles/A28828-2003Mar25.html
- - - - - - - - - -
War on Warez
Managers of websites offering illegal business
software could face criminal proceedings under new
laws due to come into effect from the end of this
month, the Federation Against Software Theft (FAST)
warned yesterday. The new law, precipitated by the
EU's Information Society Directive, makes it an
offence to "communicate to the public" copyright
works, such as software, if the person knew or
had reason to believe that this would infringe
copyright.
http://www.theregister.co.uk/content/4/29919.html
- - - - - - - - - -
UK workers succumb to email paranoia
UK workers are becoming increasingly paranoid about
who exactly is reading their e-mail and also accidentally
forwarding personal mails. Findings from a survey
of office workers by Yahoo! Mail showed that close
to half believe that their colleagues are sifting
through their in-boxes for scandalous details,
while nearly a third are concerned about e-mails
with private and/or embarrassing content finding
their way into the wrong hands.
http://www.theregister.co.uk/content/6/29915.html
- - - - - - - - - -
University course to tackle hacking
UK's first undergraduate IT security module
will teach the finer points of writing secure code
Microsoft and the University of Leeds are to develop
what they say will be the UK's first undergraduate
computer security module. The course aims to provide
developers with the knowledge they need to identify
potential weaknesses that could be exploited
by hackers or virus writers. The final course,
provisionally entitled Secure Computing,
is about one year from completion.
http://www.vnunet.com/News/1139713
- - - - - - - - - -
Malicious impostors sow seeds of disinformation
Security testing outfit NTA Monitor has warned
of the increased likelihood of attacks against
news sites and corporate Web sites during the
current war in Iraq. News sites are especially
at risk, because attackers could use weaknesses
in sites or domain registration tricks to 'rewrite'
breaking news to try to create confusion and panic,
according to NTA.
http://www.theregister.co.uk/content/55/29931.html
- - - - - - - - - -
Scanning the future of privacy
Engineers who design biometric technologies and Internet
authentication mechanisms should take more aggressive
steps to preserve privacy, a new government report says.
The 177-page report released Tuesday afternoon by the
National Research Council suggests specific guidelines
for authentication technologies, such as passwords,
identification cards and key cards, and the use of
biometrics to verify physical characteristics like
the shape of a retina or fingerprint.
http://news.com.com/2100-1029-994080.html
- - - - - - - - - -
Face recognition gets lift, says U.S.
Spurred by two federal antiterrorism statutes,
the Commerce Department this month released
a study showing that face-recognition technology
is hitting its stride. The Face Recognition Vendor
Test 2002 (FRVT 2002) looked at 10 companies' work
on face recognition and said they had made
"significant advances" on the state of the art.
"The performance results...show an improvement
in the capabilities of the face-recognition systems
over the last two years," concludes the report.
"On comparable experiments in...2000, there has
been a 50 percent reduction in error rates."
http://news.com.com/2100-1028-994111.html
- - - - - - - - - -
Wi-Fi firewall gets U.S. approval
Cranite Systems, a 3-year-old start-up based in San Jose,
Calif., said its WirelessWall Software Suite, a firewall
for wireless networks, had earned the Federal Information
Processing Standards (FIPS) 140-2 certification from the
National Institute of Standards and Technology (NIST),
a division of the U.S. Department of Commerce. The
certification, granted March 21, makes Cranite eligible
to sell its wares to the U.S. government. Computer giant
Hewlett-Packard plans to resell Cranite's software to
government agencies.
http://zdnet.com.com/2100-1105-994038.html
- - - - - - - - - -
Companies review their IT security as war breaks out
Tom King, chief information security officer at investment
banking firm Lehman Bros., last week was taking a hard
second look at his company's IT security and business
continuity plans. As the countdown to war neared its
end, King said he remained fairly optimistic that the
conflict wouldn't provoke major cyberattacks against
U.S. corporate targets. The review, he said, was
a precautionary move to ensure that the company's
"high-value production systems," network entry points
and remote access processes are adequately shielded
against random attacks.
http://www.idg.net/ic_1251990_10319_1-5449.html
- - - - - - - - - -
Virus Hoaxes and the Real Dangers They Pose
Jerry Bryan immediately knew there was something wrong
at his church. He knew it the second he opened up the
email from the pastor. As a highly respected member
of his church and a known technophile, Jerry was often
consulted by the pastor concerning technical matters.
In this case, however, the pastor was passing along
a serious warning. A secretary at his church had
received an email from a friend that scared her.
http://www.securityfocus.com/infocus/1678
- - - - - - - - - -
How to prepare for the coming virus onslaught
At one time, virus writers were considered by fellow
hackers to be near the bottom of the heap. Not anymore.
With increased security in Microsoft Outlook 2002,
and better heuristics in today's antivirus software,
viruses must be more sophisticated in order to spread
--and those who can write them are gaining standing
among their peers. As a result, experienced hackers
who really know how to program are trying their
hand at viral code.
http://www.zdnet.com/anchordesk/stories/story/0,10738,2912994,00.html
- - - - - - - - - -
Are Wireless Networks Secure Yet?
Once vendors and standard-setters solve the encryption
and authentication problems facing WLANs, they will be
able to attack new areas of network management, such
as quality of service and network health. It is no
secret that wireless local area networks, or WLANs,
can be probed by anyone within range of their radio
signal, leaving them vulnerable to eavesdropping,
unauthorized access and even viruses. In short,
most WLANs have security loopholes large enough
to drive a truck through.
http://www.newsfactor.com/perl/story/21081.html
Wipe out your wireless worries
http://www.computerworld.com/securitytopics/security/story/0,10801,79699,00.html
- - - - - - - - - -
The Trouble With E-Mail
ISPs and Webmasters don't want to admit it, but some
of the most basic e-mail protocols and server software
tools are highly vulnerable to spam, worms, and other
malicious activity. The rise of spam and e-mail-borne
worms and viruses has shown that SMTP (Simple Mail
Transfer Protocol) is wide open to malicious use.
A few weeks ago, Sendmail was in the news because
of a critical vulnerability.
http://www.techweb.com/tech/software/20030325_software
- - - - - - - - - -
Ultrawideband of Brothers
A mobile network of high-powered radio transmitters
will track Marines in the field. Next up: firefighters
and schoolkids. Forget Wi-Fi, Bluetooth, and 3G. There's
already a form of wireless that offers blazing-fast data
rates, supports high-definition TV feeds, and - if given
the chance, say its most ardent supporters - could replace
the billion-dollar networks used by Sprint, T-Mobile, and
Verizon. It's the controversial, decades-old technology
known as ultrawideband.
http://www.wired.com/wired/archive/11.04/start.html
***********************************************************
Computer Forensics Training - Online. An intense, 150 hour,
instructor lead program that teaches you computer forensics
and helps prepare you for the Certified Computer Examiner
exam. For more information see; www.cybercrime.kennesaw.edu
***********************************************************
Search the NewsBits.net Archive at:
http://www.newsbits.net/search.html
***********************************************************
The source material may be copyrighted and all rights are
retained by the original author/publisher. The information
is provided to you for non-profit research and educational
purposes. Reproduction of this text is encouraged; however
copies may not be sold, and NewsBits (www.newsbits.net)
should be cited as the source of the information.
Copyright 2000-2003, NewsBits.net, Campbell, CA.