NewsBits for April 8, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Pyramid scheme shuts down Montana Internet provider An Internet attack sending 20,000 e-mails an hour shut down a local Internet provider last week. Detective Brian Fulford said the strike was part of an electronic pyramid scheme asking Internet users to send cash to someone on a list. The payment would put the sender on the list and, theoretically, entitle the sender to money from someone else later. http://www.usatoday.com/tech/news/computersecurity/2003-04-08-isp-attack_x.htm - - - - - - - - - - Software developer wins theft case An unnamed medical software company has been found guilty of distributing the work of an independent developer without a licence. The Federation Against Software Theft (Fast) is hailing a victory for a small software developer as evidence that it isn't just protecting the interests of the handful of software giants with major financial clout. http://news.zdnet.co.uk/story/0,,t269-s2133147,00.html - - - - - - - - - - Inmate claims he acquired personal info via a prison PC State prison officials say they want to know how an inmate got the Social Security numbers of several prison staffers, but say they don't think it was from the agency's own files. The numbers including that of the director of the state Correction Department, Larry Norris were provided to the Arkansas Democrat-Gazette newspaper in a letter from a person who said he was an inmate at the prison system's Tucker Unit. http://www.usatoday.com/tech/news/computersecurity/2003-04-08-inmate-hack_x.htm - - - - - - - - - - TASK FORCE ANNOUNCES INDICTMENT OF DEPUTY SHERIFF Attorney General Eliot Spitzer, State Police Superintendent James W. McMahon, and Director of Criminal Justice Services Chauncey G. Parker today announced that a Grand Jury has indicted a part-time Montgomery County Sheriff's deputy on three felony counts for attempting to lure a minor into a sexual relationship. The defendant, William D. Hanrahan, 53, of Tribes Hill, was arraigned today before Montgomery County Court Judge Felix Catena. According to the indictment, on August 27 and September 13, 2001, Hanrahan engaged in sexually graphic online chat with a person he believed to be a 14-year-old girl living in Tennessee. The child actually was an undercover police officer belonging to the Internet Crimes Against Children (ICAC) Task Force in Knoxville, Tennessee. http://www.oag.state.ny.us/press/2003/apr/apr08a_03.html - - - - - - - - - - Internet Porn Sting Police in Michigan say a Perrysburg Township volunteer firefighter is out on bond today after being arrested for allegedly trying to have sex with a 14-year-old boy. Also today the township suspended the firefighter from his duties. Greg Beach has been a volunteer firefighter with Perrysburg Township for the last 10 years. Last week he was caught in an internet sting run by the Sterling Heights police. Sterling Heights police say they lured Beach by posing as a 14-year-old boy in a chat room. http://www.13abc.com/index.cfm?Article=7118 - - - - - - - - - - Delray priest sentenced to prison for soliciting teen sex He spent hours online pretending to be a "youngish looking" social worker, bragging to a 14-year-old boy about previous sexual encounters with teenagers. The Rev. Elias Guimaraes used the cloak of that false identity to send message after message describing graphic sex acts with underage boys, all the while as he sat in a suburban Delray Beach church rectory. The 43-year-old Roman Catholic priest never imagined his prey also was lying about who he really was. Busted by an undercover Delray Beach police detective posing as a teenager on the Internet, Guimaraes was sentenced Monday to 51 months in federal prison. http://www.sun-sentinel.com/news/local/southflorida/sfl-cpguimaraes08apr08,0,3471504.story - - - - - - - - - - Charity worker admits computer porn charges A CHILDREN'S charity worker, arrested as part of a worldwide probe into child computer porn, was yesterday spared a jail sentence. William Holmes, 62, was placed on probation after pleading guilty at Liverpool Crown Court to 10 offences of making indecent images of children. Holmes, of Church Road, Upton, Wirral, was caught by police acting on information provided by the FBI in America, as part of Operation Ore. Neville Biddle, prosecuting, said police raided Holmes' house last May and found Holmes' computer contained 121 indecent images of children. http://iccheshireonline.icnetwork.co.uk/0100news/dailypost/page.cfm?objectid=12821858&method=full&siteid=50020 - - - - - - - - - - Sex pics student is caged AN immature and isolated student downloaded images of child abuse from the internet and then showed some of them to a young girl and a boy. Zhang Ning, 20, of Wel-ford Road, Shirley, was sentenced to two years detention by Judge Richard Griffith-Jones at Warwick Crown Court and ordered to register as a sex offender for ten years. But the Judge said that may be academic because he recommended that Zhang, who had admitted 18 charges of making indecent images of children and four of showing them, be deported after serving his sentence. http://icbirmingham.icnetwork.co.uk/0100news/0100localnews/page.cfm?objectid=12819098&method=full&siteid=50002 - - - - - - - - - - Murray Convict Sued by Child-Porn Victim A woman filed a civil suit in 3rd District Court last week against a Murray man convicted of making pornographic material he placed online without her consent when she was a minor. The suit requests a jury trial and asks for damages totalling $1.4 million for breach of contract, emotional distress, defamation, invasion of privacy, negligence, misrepresentation and harming her ability to make money. http://www.sltrib.com/2003/Apr/04072003/utah/45678.asp - - - - - - - - - - 9th Circuit: Feds Can't Try Child Porn Case The 9th U.S. Circuit Court of Appeals struck down a federal child pornography law Thursday -- at least for those who don't intend to take the material across state lines. A divided panel overturned the conviction of a woman arrested after employees at a U.S. Navy photo-developing studio reported a single picture of Rhoda McCoy and her 10-year-old daughter with their genitals exposed. The court held that under the Supreme Court's recent Commerce Clause decisions, the federal government cannot prosecute McCoy. http://biz.yahoo.com/law/030321/592a2301f6d7079a3f7b43457f26467c_1.html - - - - - - - - - - Ruling Backs Anti-Spam Activist Judge Says Web Site Doesn't Have to Be Taken Down An Internet site that provides personal information about an alleged purveyor of mass e-mail is not harassment and does not need to be removed, a Maryland district court judge ruled yesterday. http://www.washingtonpost.com/wp-dyn/articles/A51721-2003Apr7.html http://news.com.com/2100-1029-996002.html - - - - - - - - - - Hacking Attacks Jump 37 Percent Only about 1 percent of the attacks so far this year have targeted federal and state government sites, according to the Internet Security Systems report. Computer hacking attacks and other Internet security breaches grew at an alarming rate in the first quarter of this year, in part because of sentiments over the war in Iraq. Atlanta-based Internet Security Systems Inc. Latest News about Internet Security Systems reported Monday that the number of hacking attacks increased by 37 percent from the fourth quarter of last year, the biggest quarterly spike the company has ever recorded. Over the past six months, the number of incidents rose by 84 percent. http://www.newsfactor.com/perl/story/21218.html - - - - - - - - - - Feds Falling Short on Cybersecurity Former Cybersecurity Adviser Urges More Resources to Battle Cyberterror. The new Department of Homeland Security lacks the resources and expertise to execute the core elements of the Bush administration's cybersecurity plan, the president's former cybersecurity adviser told Congress today. http://www.washingtonpost.com/wp-dyn/articles/A55783-2003Apr8.html http://www.gcn.com/vol1_no1/daily-updates/21652-1.html http://www.govexec.com/dailyfed/0403/040803td1.htm Jim Clark's Neoteris meets Fed's security standard http://zdnet.com.com/2110-1104-995999.html - - - - - - - - - - March sees more spam than ever March was another bumper month for spam, with the latest figures revealing a continued increase in the amount of unsolicited e-mail traffic. Anti-spam firm Brightmail recorded a 4-percent month-on-month increase in the amount of spam detected by its Probe Network. More alarmingly, compared to the same month last year, the amount of spam detected has almost doubled. http://zdnet.com.com/2100-1105-996003.html - - - - - - - - - - Spammers exploit conflict in Iraq War-related junk mail uses patriotism and fear to flog gas masks and water filters. Spam exploiting the conflict in Iraq amounted to more than 10 per cent of all junk email last month, a vendor study reported yesterday. http://www.vnunet.com/News/1140050 - - - - - - - - - - Libraries learn how to protect patrons from Patriot Act Six weeks after the Sept. 11, 2001, terrorist attacks, Congress passed the USA Patriot Act, which, among other things, granted authorities greater power to obtain records from libraries and bookstores. Now, in an effort to protect readers' privacy, libraries in New Jersey and across the nation are taking steps to limit the amount of information linking their patrons to specific books, Web sites or e-mails. http://www.nj.com/news/ledger/jersey/index.ssf?/base/news-3/1049695909282110.xml - - - - - - - - - - Windows code leak threatens piracy A key code for installing Microsofts Windows Server 2003 has leaked onto the Internet, a loss that could lead to rampant piracy of the software. A Microsoft spokeswoman confirmed the leak late Monday and said Microsoft was investigating the matter. She could offer not offer any specifics at this time. http://www.msnbc.com/news/897384.asp http://news.zdnet.co.uk/story/0,,t269-s2133092,00.html - - - - - - - - - - Samba hit by eight-year old flaw Samba, the widely used open source technology for sharing Windows files between Unix and Linux systems, has suffered its second security embarrassment of the last few weeks. And the situation was worsened when a security firm accidentally posted its internal advisory featuring an exploit to the vulnerability that had remained hidden in the code for eight years. http://www.vnunet.com/News/1140062 http://news.zdnet.co.uk/story/0,,t269-s2133095,00.html Security firm regrets Samba disclosure http://news.com.com/2100-1002-995939.html - - - - - - - - - - Tech giants put chips on security alliance Death to the Trusted Computing Platform Alliance, long live the Trusted Computing Group. A bevy of the biggest computer hardware and software companies, formerly members of the Trusted Computer Platform Alliance (TCPA), announced on Tuesday that they had reconstituted themselves under a new name: the Trusted Computing Group. The group will license and market security hardware and software technology that they intend to be integrated into every computing platforms, from PCs and PDAs to mobile phones. http://news.com.com/2100-1009-996032.html - - - - - - - - - - Hail to the Online Thieves Bands can't prevent bootlegging, but they can control it more than they have so far. Let's say you front a big-time rock 'n' roll band, and you've just spent the better part of a year sweating out your most recent record. It's more or less finished, and you're now in postproduction: approving art, planning a tour, getting ready to present the fruits of your labor to your large audience. Then you find out that your large audience has it already. http://www.business2.com/articles/web/0,1653,48598,00.html - - - - - - - - - - Inside the World of Secure Operating Systems On a normal system, if an attacker gains root or administrator access, he or she can run rampant. Not so on a trusted system -- at least so long as it is properly configured. Anyone who has been following the operating system market for long has probably heard about secure operating systems. But what exactly does this term mean? After all, security is purportedly a goal of most operating systems. http://www.newsfactor.com/perl/story/21212.html - - - - - - - - - - Don't Put All Your Data in One Basket Baghdad's telecommunications infrastructure fell silent during the first week of April under a rain of precision-guided bombs. U.S. and British planes targeted phone facilities and other critical pieces of the Iraqi communications infrastructure, mirroring campaigns in Afghanistan and the first Gulf War to isolate the leadership from the levers of power. CEOs in the U.S. needn't worry about an F-15 taking out their data connections. And it's also clear that firewalls, antivirus systems, and other digital protective gear all have their places in the best- laid plans to safeguard a business. http://www.securityfocus.com/news/3806 - - - - - - - - - - Specter: a Commercial Honeypot Solution for Windows This is the third installment in an ongoing series of articles looking at honeypots. In the first two papers, we discussed the OpenSource honeypot Honeyd, how it works, and a deployment in the wild. In this paper we will look at a different honeypot, the commercially supported solution Specter. http://www.securityfocus.com/infocus/1683 Open Source Honeypots: Learning with Honeyd http://www.securityfocus.com/infocus/1659 Open Source Honeypots, Part Two: Deploying Honeyd in the Wild http://www.securityfocus.com/infocus/1675 - - - - - - - - - - Benetton weighs privacy issues of 'smart tag' use After a barrage of concern from privacy advocates and financial analysts, Benetton says it is undecided on inserting microchip transmitters in garments that would allow clothes to be tracked from the factory to the store. Last month, Philips Semiconductors, a branch of the Dutch electronics giant, had announced it would deliver 15 million radio frequency smart labels to the Italian clothing retailer this year. http://www.wired.com/news/wireless/0,1382,58385,00.html http://www.siliconvalley.com/mld/siliconvalley/news/5587454.htm http://www.nandotimes.com/technology/story/845671p-5939088c.html - - - - - - - - - - Watching you, watching me in NYC Bill Brown stands in the middle of a crowded Manhattan sidewalk, gesturing obscenely toward the sky. Youve got no right to do this! I think youre a coward! he shouts at a video camera staring back at him from four stories up. Unusual behavior for a New York tour guide, but Brown is offering a view of the city that few visitors or natives see. His Video Surveillance Tour of Manhattan scans rooftops, storefronts and utility poles for some of the thousands of surveillance cameras perched across the city. http://www.msnbc.com/news/897400.asp - - - - - - - - - - Texas counties pilot online court filing system Two Texas counties are currently piloting a Web- based filing system for state and local courts that will be jointly developed by BearingPoint Inc. and Microsoft Inc. The companies are offering the product as a managed service so attorneys can file any type of case document, whether criminal or civil, simple or complex, said Frank Giebutowski, Microsoft's general manager for state and local government. Because it's a managed service, courts don't have to pay major capital investments for such a system, he said. http://www.fcw.com/geb/articles/2003/0407/web-texas-04-08-03.asp *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.