NewsBits for July 11, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Newport Man Guilty of 2001 Rape, Torture A 22-year-old former UC Irvine student could be sentenced to multiple life terms after being convicted Thursday of torturing and raping a 15-year-old Orange girl he met through the Internet. Brian Dance of Newport Beach cried as he was led from Orange County Superior Court in Santa Ana back to Orange County Jail, where he has been in custody since his arrest in December 2001. (LA Times article, free registration required) http://www.latimes.com/technology/la-me-dance11jul11,1,7905620.story - - - - - - - - - - Man arrested in United Kingdom in hacking at U.S. physics lab A man suspected of hacking into computers at a national physics lab last year was arrested in the United Kingdom, the U.S. Department of Energy said. The department did not release the suspect's name or other details. It said 17 desktop computers at Fermi National Accelerator Laboratory were accessed and used in June 2002 to store movies and other copyrighted material intended for illicit distribution over the Internet. http://www.securityfocus.com/news/6352 - - - - - - - - - - Rambus Says Fraud Lawsuit Is Dismissed Rambus Inc., a designer of high-speed computer memory chips, said a Delaware court dismissed a suit against the company, and that Toshiba Corp. will use a Rambus design in a new semiconductor. Its shares rose 4.2%. The dismissal of the lawsuit followed a decision by a U.S. appeals court in January to throw out a jury's finding that Rambus committed fraud while pursuing patents for high-speed memory chips that became an industry standard. (LA Times article, free registration required) http://www.latimes.com/technology/la-fi-rup11.6jul11,1,2877685.story - - - - - - - - - - Lucent loses court case over employee Web site In a controversial decision, a French court has held Lucent Technologies responsible for an illicit Web site created by one of its employees on company time. A French court has ruled that Lucent Technologies was liable for an illicit Internet site created by one of the company's employees, because the worker created the site on company time and with equipment provided by Lucent. http://news.zdnet.co.uk/story/0,,t269-s2137463,00.html - - - - - - - - - - Planned Parenthood sues over 'typo-piracy' Planned Parenthood sued four abortion foes for "typo-piracy" on Thursday, alleging they divert Internet users who misspell Planned Parenthood's domain names to grisly anti-abortion Web sites. The suit, which seeks unspecified damages, alleges that the defendants infringed on Planned Parenthood's trademarks, cyber-squatted and engaged in unfair competition. http://zdnet.com.com/2110-1104_2-1024969.html - - - - - - - - - - Judge: Violent-game law stifles speech A federal judge has temporarily blocked a Washington state law that would have prohibited selling some violent video games to minors, saying the measure appears to violate free-speech rights. The law, which was set to go into effect on July 27, would have fined retailers $500 for each game they sold to children under 17 that depicted violence against law-enforcement officials. In issuing a preliminary injunction that blocks the law on Thursday, U.S. District Judge Robert Lasnik said the law was both overly broad and too narrowly targeted. http://zdnet.com.com/2100-1104_2-1025032.html - - - - - - - - - - Woman sues Toys 'R' Us over hidden camera A woman who says she noticed a video camera in the ceiling of a suburban Atlanta Toys "R" Us bathroom is suing the retailer for invasion of privacy. Tamara Perez says she noticed a hole in the ceiling above the commode while visiting the store in Alpharetta, Ga., on March 21. According to her lawsuit, Perez quickly left the women's restroom and asked her husband to investigate. Walter Perez moved a ceiling tile and found a video camera with a transmittal device, according to the suit. http://www.usatoday.com/tech/news/2003-07-11-toyruss-spycam_x.htm - - - - - - - - - - Hijacked Windows PCs Spread Porn Close to 2,000 Windows-based PCs with high-speed Internet connections have been hijacked by a stealth program and are being used to send ads for pornography, computer security experts said on Friday. It is unknown exactly how the Trojan program is spreading to victim computers around the world, whose owners most likely have no idea what is happening, said Richard M. Smith, a security consultant in Boston. Security provider Network Associates rated the Trojan a low risk since it did not appear to be more widespread and was not harming the victim computers. http://www.wired.com/news/infostructure/0,1377,59608,00.html http://www.usatoday.com/tech/news/computersecurity/2003-07-11-hijacked-porn-spammers_x.htm http://www.nytimes.com/2003/07/11/technology/11HACK.html http://www.smh.com.au/articles/2003/07/11/1057783339267.html - - - - - - - - - - Australian business rates high on fraud hit list On a global scale Australian enterprises are among those hardest hit by fraud attacks, according to the PricewaterhouseCoopers' 2003 Global Economic Crime Survey. An estimated 47 per cent of businesses in Australia experienced some form of economic crime in the last two years. In the Asia-Pacific region the figure was 39 per cent. Sectors most vulnerable in Australia to white collar crime were companies in the manufacturing and industrial products sectors. As a result 37 per cent of organisations surveyed in Australia saw cybercrime as a threat in the next five years. http://www.arnnet.com.au/index.php?id=356905559&fp=2&fpid=1 - - - - - - - - - - Police work to stay on top of 'Net scams Like the Energizer Bunny, Internet scams just keep going and going. According to Detective Tony Ford, who investigates frauds and identity theft for the New Smyrna Beach Police Department, he continually receives reports from residents contacted via their computer or by telephone by a person wanting to bilk them out of their money or personal information. "I have three on my desk right now," he said. The proposals range from offering a percentage of cash for assistance in transferring money from one county to another or offers of prizes. http://www.news-journalonline.com/NewsJournalOnline/News/Neighbors/DailyJournal/03AreaDJ04TECH071103.htm - - - - - - - - - - Amsterdam: home of the 419 lottery scam "Fortune Trust Finance & Securities opens a whole new world of opportunities providing you with that financial security you can count on," reads a brand new web site. Take a closer look and you understand why. Profiles of "our dedicated Executive Directors" make you laugh: the low res-pictures are noticeably copied from other websites. And the web site's visual effects are totally inappropriate for a trustworthy financial institution. http://www.theregister.co.uk/content/6/31679.html - - - - - - - - - - High-tech computer forensics lab opens in Kansas City A state-of-the-art computer forensics lab funded by the USA Patriot Act opened Wednesday in Kansas City. The Kansas City lab is the third facility to become operational of the five planned across the nation. The other two are in Dallas and San Diego, and similar labs are planned in San Francisco and Chicago. While the lab is intended to track down evidence of terrorist activity, it also will be used to investigate computer crimes that range from child pornography to online fraud. http://www.usatoday.com/tech/news/computersecurity/2003-07-11-forensics-lab_x.htm - - - - - - - - - - FBI training FIA officers on cyber crime Interior Minister Faisal Saleh Hayat said on Thursday that the US Federal Bureau of Investigation was training FIA officials in combating cyber crimes, including financial frauds. Speaking to journalists at a seminar on Cyber Security: Challenges and Solutions, held under the auspices of the Federal Investigation Agency (FIA) and Sindhs IT department, he said besides hacking for fun and various kinds of crime, a major threat to Pakistan was cyber attacks on its official websites. http://www.dailytimes.com.pk/default.asp?page=story_11-7-2003_pg7_26 - - - - - - - - - - Nearly two years after 9/11, corporate security focus still lacking After the terrorist attacks of Sept. 11, 2001, many CEOs were surprised to learn just how decentralized their security management structures were. But that surprise hasn't yet yielded much change, according to a new survey. The survey results, released this week by Alexandria, Va.-based American Society for Industrial Security International Inc., show that most companies have steered away from centralized management and strategic oversight of security, while spending more money on insurance as a protection. http://computerworld.com/securitytopics/security/story/0,10801,82966,00.html - - - - - - - - - - GSA drafts e-Authentication policy The General Services Administration today released a draft e-Authentication policy that outlines four levels of assurance against which agencies must align all federal transactions and services by Sept. 15, 2005. The draft policy, which is part of the e-Authentication e-government initiative, is based on the information risk factor, what person or organization the information is regarding and the amount of harm it may cause if that information is compromised. http://www.fcw.com/fcw/articles/2003/0707/web-eauth-07-11-03.asp - - - - - - - - - - Russians turn mobile phone security off Moscow residents were denied GSM privacy this week by government order as the authorities seek to crack down on crime. Russian security services disabled all mobile phone voice security for 24 hours in Moscow this week, according to a report in the Moscow Times. As a result, police and state authorities could monitor all calls -- as could anyone equipped with an appropriate receiver. Mobile phone users received a text alert telling them that their conversations could be intercepted, and some mobile phones also displayed an icon of an unlocked padlock. http://news.zdnet.co.uk/story/0,,t269-s2137460,00.html - - - - - - - - - - Security fears mean Wi-Fi won't star at the Olympics The International Olympic Committee doesn't believe wireless security is good enough for their IT set-up at Athens in 2004. The team designing and implementing the IT infrastructure for the 2004 Olympic Games will not be incorporating Wi-Fi into the networks they are building due to security concerns. http://news.zdnet.co.uk/story/0,,t269-s2137456,00.html - - - - - - - - - - Windows flaw remains A class of attacks that allows a user to take control of any PC or server could leave computer systems in corporations and Internet cafes vulnerable to attack, a researcher says. Dubbed "shatter" attacks by the original discoverer, the class of security hacks uses the Windows messaging system to request that insecure but privileged applications run malicious code. http://news.com.com/2100-1002_3-1025273.html - - - - - - - - - - A virtual Pandora's (X)box opened by hackers After a 31-year-old Manhattan financial executive received Microsoft's Xbox video game system as a gift in January, he walked to a store and bought a half-dozen game titles. The video game industry would have been pleased to hear it. After he played those games a few times against computer-controlled opponents, he got a bit bored and signed up for Microsoft's Xbox Live service, which enabled him to play against other people online. The video game industry, again, would have been pleased. After a few months on the Xbox Live network, in May, he got a bit bored again. This time, however, he opened his Xbox and soldered in a chip that allowed him to change the console's basic computer code and bypass its internal security technology. http://www.iht.com/articles/102517.html - - - - - - - - - - CA to hand over Open Security Exchange to IEEE Three months after launching a cross-industry group to develop standards for integrating physical and information technology security, Computer Associates will hand over the management of that group to the Industry Standards and Technology Organization (ISTO). The ISTO, which was spun off of the Institute for Electrical and Electronics Engineers (IEEE) in 1999, will assume administrative control of the Open Security Exchange (OSE), providing staff and resources to manage the finances and logistics of the group, according to Greg Kohn, director of industry programs at ISTO. http://www.computerweekly.com/articles/article.asp?liArticleID=123347 - - - - - - - - - - Survey sees tech divide on data disasters Business and information technology executives at U.S. companies have very different views about how prepared they are for a disaster, according to a survey to be released Monday. The survey, sponsored by data storage giant EMC, found that only 14 percent of senior business executives felt their important data is very vulnerable to being lost in the event of a disaster, compared to 52 percent of senior IT executives. http://news.com.com/2100-1009_3-1025121.html - - - - - - - - - - Identity management could backfire, analysts warn Companies committing too quickly to an identity- management framework risk being stuck on the losing side of a standards war. Companies deploying an identity-management infrastructure may save money in the short term, but analysts warn that they might find themselves on the wrong side of a standards war that would cancel their original gains. http://news.zdnet.co.uk/story/0,,t269-s2137372,00.html - - - - - - - - - - A holistic approach to security Time to swap medieval security policies for a more collaborative attitude. Each week vnunet.com asks a different expert to give their views on recent virus and security issues, with advice, warnings and information on the latest threats. http://www.vnunet.com/News/1142230 - - - - - - - - - - Secrets to the best passwords Variety makes them easy to remember, hard to guess. The use of good, hard-to-guess passwords can make it difficult for a malicious hacker to break into your computer account. Avoiding predictable keywords and using different methods to introduce variety into your passwords makes it easy for you to remember them but virtually impossible for others to guess them. Here are some tips on creating winning passwords. http://computerworld.com/securitytopics/security/story/0,10801,82883,00.html - - - - - - - - - - Privacy in peril Wal-Mart Stores shoppers can breathe easier knowing that an experimental wireless inventory control system won't be tracking them and their purchases from the store to their homes. Wal-Mart unexpectedly canceled testing for the system, ending one of the first and most closely watched efforts to bring controversial radio frequency identification technology to store shelves in the United States. http://zdnet.com.com/2100-1103_2-1024849.html - - - - - - - - - - Heat-seeking camera finds accused burglar in bayou Police said they used a heat-seeking camera to find a burglary suspect who dove into the darkness of Bayou Terrebonne to escape capture. "He was hiding in the water under a bunch of undergrowth," said Terrebonne Parish Sheriff Jerry Larpenter. "He had darkness on his side, but we found him with that camera." http://www.usatoday.com/tech/news/techinnovations/2003-07-11-bayou-burglar_x.htm - - - - - - - - - - Fingerprint systems integration lagging The integration of fingerprint databases has fallen behind schedule, creating continued risks to national security, according to a Justice Department Inspector General report released last month. For several years, Justice has been merging the IDENT system from the former Immigration and Naturalization Service and the FBI's Integrated Automated Fingerprint Identification System (IAFIS). In 1999, the Justice Management Division was assigned to lead the efforts. http://www.fcw.com/fcw/articles/2003/0707/web-doj-07-11-03.asp - - - - - - - - - - Homeland department would shield antiterror vendors The Homeland Security Department today proposed regulations to shield technology vendors from liability for domestic defense products that cause unintended damage, injury or death. The regulations would implement the Support Antiterrorism by Fostering Effective Technologies Act of 2002. That law, a subtitle of the Homeland Security Act of 2002, aims to spur development of antiterrorism technologies by protecting vendors. http://www.gcn.com/vol1_no1/daily-updates/22735-1.html http://www.fcw.com/fcw/articles/2003/0707/web-rule-07-11-03.asp - - - - - - - - - - Officials demo technology in emergency drill Federal and state officials on Friday demonstrated the use of technology in a coordinated emergency drill. Mark Forman, the e-government and information technology administrator at the White House Office of Management and Budget, joined Maryland officials, including Gov. Robert Ehrlich, in Laurel, Md., as regional experts showed how new software can be used to coordinate the work of police, fire and emergency medical personnel during a train derailment involving hazardous materials. http://www.govexec.com/dailyfed/0703/071103tdpm1.htm *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.