NewsBits for July 15, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Runaway girl met US marine, 31, on the Internet Twelve-year-old Shevaun Pennington had been in contact with a former US marine via email and the Internet for some time before the pair ran away together. Police launched an international hunt on Tuesday for a 12- year old British girl who they believe has run away to France with a former US marine she met on the Internet. Schoolgirl Shevaun Pennington left home on Saturday to meet up with Toby Studabaker, 31, who had flown to Britain from the United States. http://news.zdnet.co.uk/story/0,,t269-s2137564,00.html http://www.nypost.com/news/worldnews/612.htm Avoiding dangers in chatrooms http://www.cnn.com/2003/TECH/internet/07/15/chatroom.warning/index.html - - - - - - - - - - Student hackers settle debit-card device lawsuit Two computer hackers admitted in a settlement Monday that they never completed a device that could cheat university campus debit card systems out of food, laundry machine use or sports tickets. Blackboard Inc., the maker of a vending system used by 223 colleges nationwide, agreed to drop its lawsuit against Georgia Tech student Billy Hoffman and University of Alabama student Virgil Griffith. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/6306303.htm http://www.securityfocus.com/news/6375 http://www.theregister.co.uk/content/55/31744.html - - - - - - - - - - Harry Potter and the Chinese hackers Chinese fans of Harry Potter are posting unauthorized translations of the latest book on the Internet, and the Chinese-language publisher says it has no right to stop them. Rough and often confusing, the translations cover the first four chapters of Harry Potter and the Order of the Phoenix, and give brief outlines of the remaining 34. They have been posted on electronic bulletin boards. http://www.globetechnology.com/servlet/story/RTGAM.20030715.gtnote15-3/BNStory/Technology/ - - - - - - - - - - Studios Stage Fight Against Internet Bill The Hollywood studios are fighting a behind-the-scenes battle in Sacramento to derail a bill they say would promote online piracy though the bill has little to do with downloading movies. Actually, the fight may have more to do with who's behind the legislation: the Electronic Frontier Foundation, a civil liberties and technology advocacy group that frequently opposes the studios' anti-piracy initiatives. (LA Times articles, free registration required) http://www.latimes.com/technology/la-fi-mpaa15jul15224420,1,4237837.story - - - - - - - - - - EU preps phase two of war on spam The European Commission today fleshed out plans to fight spam. Member States must implement the EU Directive on Privacy and Electronic Communications by putting a 'ban on spam' into national legislation before the end of October, 2003. http://www.theregister.co.uk/content/55/31750.html European Union wants U.S. to ban spam http://computerworld.com/softwaretopics/software/groupware/story/0,10801,83087,00.html - - - - - - - - - - File-swappers fear prosecution The record industry's plan to sue individuals who trade songs online has caused a precipitous drop in the use of file-swapping applications, according to one Internet ratings service. Nielsen/Netratings, a company that monitors Web traffic and desktop application use, said that use of top file-trading applications such as Kazaa and Morpheus have fallen by about 15 percent since the end of June. On June 25, the Recording Industry Association of America announced it was planning to file what could be thousands of lawsuits against individuals who trade copyrighted music online. http://zdnet.com.com/2100-1105_2-1025684.html http://www.cnn.com/2003/TECH/internet/07/14/filesharing.drop.reut/index.html http://news.com.com/2100-1027_3-1025684.html Supreme Court vs. The Supremes http://www.wired.com/news/technology/0,1282,59588,00.html - - - - - - - - - - 'Spoofing' uses e-mail for rip-offs Consumers should be wary of a new kind of spam that on the surface looks like it comes from a legitimate company. But in reality, the e-mail aims to gather information used for ripping off people. The e-mail messages appear to come from well-known and trusted companies that direct the recipient to a phony website - also possibly resembling a legitimate company site - that requests confidential financial information or a Social Security number. Criminals can use this personal information to drain bank accounts, ring up bad debts or commit other crimes. http://www.denverpost.com/Stories/0,1413,36~33~1512495,00.html - - - - - - - - - - Could your computer be a criminal? PCs hijacked to send spam, serve porn, steal credit cards. One thousand home computers hijacked and used to serve up pornography. Perhaps tens of thousands co-opted by the SoBig virus, many of them turned into spam machines. Hundreds of other home computers loaded with secret software used to process stolen credit cards. If your biggest computer crime fear was lost or stolen files, think again: Someone may be using your PC to commit crimes. http://www.msnbc.com/news/939227.asp - - - - - - - - - - 'Overwhelming' increase in hack attacks Hackers using well-known vulnerabilities are "overwhelming" companies and remote working will make matters worse, security vendor Internet Security Systems (ISS) has warned. The vendor's Internet Risk Impact Summary Report for the second half of this year predicts that hackers will target people using broadband access for home offices, wireless technologies, and file sharing and messaging applications. http://www.vnunet.com/News/1142300 Internet: hackers' activity grows http://www.crime-research.org/eng/news/2003/07/Mess1501.html - - - - - - - - - - Cybercrime as stealthy as a cat burglar According to a recent survey, half of all Dutch companiesthats some 345,000 businesses at the last official count could be victims of some form of computer-related crime annually, costing the business community around E185m. But who really knows for sure? Neither the Dutch police nor the CBS (Netherlands Bureau of Statistics) apparently recognise cybercrimesuch as spreading viruses, breaking into computers, or disabling or disrupting their operation for financial gain, fun or maliceas a distinct form of criminal activity, making it difficult to compile accurate statistics on this modern-day scourge, or track its progress. Moreover, only 19 per cent of victims report the crime to the police. http://www.europemedia.net/shownews.asp?ArticleID=17048 - - - - - - - - - - Sucks.com issue rears ugly head again Just when you thought commonsense had prevailed and ownership of "sucks" websites had been clarified, US mobile phone company Nextel and a media school in Florida have reopened the issue. Nextel has sent a legal letter to the owner of Nextelsucks.org, Ty Hiither of Michigan, threatening him over alleged trademark infringement. http://www.theregister.co.uk/content/6/31746.html - - - - - - - - - - Security worries drive hosting, data centre spending International market research and consulting firm Infonetics Research says corporate concerns about security are driving up spending on data centres and hosting services, with a significant increase expected over the next three years. Infonetics says in its latest market research study, User and Service Provider Plans for Data Centres and Hosting, that corporate security concerns are driving spending up across the board. http://www.itweb.co.za/sections/computing/2003/0307150900.asp - - - - - - - - - - UK government IT security body warns of Microsoft flaw Buffer overflow leaves users exposed to hackers just by viewing webpages. The UK government's cyber agency responsible for warning about security incidents and electronic attacks on critical national infrastructure has issued an alert about a Microsoft buffer overflow vulnerability. The Unified Incident Report and Alerting Scheme (UNIRAS), the UK's equivalent of CERT, has put out the warning following a Microsoft security bulletin last week. http://www.silicon.com/news/500019/1/5149.html - - - - - - - - - - Symantec 'security scan' distributes rootkit "Symantec Security Check is a free web-based tool that enables users to test their computer's exposure to a wide range of on-line threats," the press release begins. Unfortunately, Symantec Security Check has also been installing an on-line threat of its own in the form of a dangerous ActiveX control. http://www.theregister.co.uk/content/55/31752.html - - - - - - - - - - Microsoft bolsters Web services security Microsoft released on Tuesday a toolkit designed to help software programmers tighten security in Web services applications. The toolkit, called Web Services Enhancements (WSE) version 2, will let companies use the latest security capabilities from Microsoft and other software giants like IBM and Sun Microsystems. The software makers are bolstering security in an effort to drive adoption of Web services software. http://zdnet.com.com/2100-1105_2-1025441.html - - - - - - - - - - The Story So Far: IT Security An all-too-successful computer experiment eventually spawns the antivirus software industry. Fred Cohen already knew about worms, Trojan horses and hackers in November 1983. But as a graduate student participating in a weekly seminar on computer security, Cohen was interested in a new class of security threats: a program that reproduced itself by attaching to other programs. It took eight hours for Cohen to create his virus and nearly a week to get permission to test it on a large Unix computer at the University of Southern California. http://computerworld.com/securitytopics/security/story/0,10801,82923,00.html - - - - - - - - - - Who is really responsible for hacker attacks? Hackers are often targeting human weakness rather than software vulnerabilities. Good con artists are rarely spontaneous. They take time to observe their victims' behaviour, then find subtle ways to exploit the predictable foibles of human nature. And, while the resulting scams may seem elaborate, once they're explained, you see how simple they really are. The same is true with criminal hackers online. The best hacks have been accomplished without special tools or technology. What hackers need is time -- to map target networks and then locate convenient ways in. http://comment.zdnet.co.uk/story/0,,t479-s2137531,00.html - - - - - - - - - - Wireless has its pros, but is not without security implications Wireless local area networks (WLANs) bring true mobility to the business arena. It allows users to move from area to area while maintaining connectivity and offers a variety of business benefits driven by this user convenience. Other significant drivers of the technology include increased ability to transact business and immediacy of information. Organisations that have so far embraced wireless technology and applied it to their business, have seen tangible results such as increased sales, improved customer service, a strong competitive advantage and, important for the financials, rapid return on investment. http://www.itweb.co.za/sections/techforum/2003/0307150739.asp *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.