High Tech "NewsBits" for 09/12/03

NewsBits for September 12, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Heathrow Express conspirators jailed A 26-year-old former IT engineer has been sentenced to nine years in jail after he helped mastermind a PS2m credit card fraud operation. The case highlights a major issue for IT managers: even if transaction systems are secure, appropriate processes are needed to ensure that customer details are kept safe from unscrupulous employees. http://www.vnunet.com/News/1143550 - - - - - - - - - - Chong gets 9 months in prison, fine Tommy Chong, who played half of the dope-smoking duo in the Cheech and Chong movies, was sentenced to nine months in federal prison and fined $20,000 Thursday in Pittsburgh for selling bongs and other drug paraphernalia over the Internet. The 65-year-old performer was allowed to remain free until federal prison officials tell him in a few weeks where he must report to prison. http://www.latimes.com/technology/la-et-quick12sep12,1,935839.story - - - - - - - - - - Wi-Fi whistle blower faces criminal charges A North Carolina man faces criminal charges after his attempt to expose the insecurity of his local medical facility's wireless network landed him in hot water with the authorities. Clayton Taylor Dillard, 29, an information security consultant, is accused of breaking into Wake Internal Medicine Consultants' computer system and illegally accessing information of hundreds of patients. Dillard is charged with one felony count of computer trespass, one felony count of unlawful computer access and one misdemeanor count of computer trespass, according to a report by local TV station WRAL. http://www.theregister.co.uk/content/55/32799.html - - - - - - - - - - 'Homeless hacker' free till court date A hacker accused of breaching The New York Times' internal network has been flown to New York to face charges. Adrian Lamo, who won notoriety for his public claims of electronic intrusions, was jailed here on Thursday afternoon and then released to face federal hacking charges on Friday. http://news.zdnet.co.uk/internet/security/0,39020375,39116313,00.htm - - - - - - - - - - Independence ex-councilman on probation Former Independence Councilman Otis Ketron can't go into computer chat rooms or look at online pornography, a judge ordered Wednesday when sentencing him on a charge of using the Internet to solicit sex. Hamilton County Common Pleas Judge David Davis also put Ketron, 48, of Independence, on four years probation, fined him $2,500 and designated him a sexually oriented offender, meaning he must register with the sheriff's office in the county where he lives for the next 10 years. The father of four used his work computer at Procter & Gamble to solicit sex on the Internet from what he thought was a 15-year-old girl. The teen was actually Hamilton County Sheriff's Deputy Ricky Sweeney working undercover. http://www.enquirer.com/editions/2003/09/11/loc_ketron110.html - - - - - - - - - - Church Deacon Arrested For Child Pornography A Will County school district groundskeeper and church deacon was arrested after officials allegedly found thousands of child pornography images stored on his office computer. A fellow employee reported to school officials that he had observed "inappropriate" images on the computer Larry Heagle, 56, was using in the groundskeeper's building in Braidwood. Jeff Tomczak, the Will County State's Attorney, said at a Thursday afternoon news conference that his investigative unit uncovered "between 500 and up to, potentially, 10,000 pornographic images of children." Heagle downloaded those images on a computer at a maintanence facility just steps away from a school, authorities said, although they emphasize that he had no direct contact with children in his job. http://www.nbc5.com/news/2475834/detail.html?z=dp&dpswid=2265994&dppid=65194 - - - - - - - - - - E-mail fraudsters target Barclays Scam emails which attempts to fool Barclays Bank customers into handing over sensitive account information has been sent to thousands of Web users this week. The fake emails, which appear to have been spammed at users at random, purport to be part of a security check. Barclays customers receiving the emails are been encouraged to enter their details to fraudulent sites. As is common with such scams, the URL used in the emails is cleverly encoded to disguise the true location of the sites. http://www.theregister.co.uk/content/55/32796.html - - - - - - - - - - California man sues recording industry over music download amnesty In legal lockstep, a Novato, Calif., man has sued the recording industry, claiming it's misleading consumers with promises of amnesty for music downloads. Eric Parke, 37, sued the Recording Industry Association of America in Marin County Superior Court Tuesday, one day after the trade group sued 261 people around the country for illegally sharing music on the Internet and offered an amnesty program for others. http://www.usatoday.com/tech/news/techpolicy/2003-09-12-amnesty-suit-ca_x.htm http://computerworld.com/managementtopics/ebusiness/story/0,10801,84845,00.html - - - - - - - - - - Viruses hit school computers Students throughout much of the Toronto area have started the school year without access to computers because of a series of viruses that attacked computers across North America last month. The York Region District School Board has shut down computers in all of its 137 elementary schools as officials begin cleaning out the bugs. Schools in Toronto and Hamilton have also been affected by the viruses mainly Blaster, Sobig and Welchia. http://www.globetechnology.com/servlet/story/RTGAM.20030912.uvirus0912/BNStory/National/ - - - - - - - - - - Sophos warns of new Internet worms and Trojans Two new security issues have emerged for Internet users - Backsm-A and Blaxe-A. Backsm-A is a backdoor Trojan that is already making its presence felt out in the wild. It leaves your PC vulnerable to remote, unauthorised control. Backsm-A will modify the Windows Registry, to ensure it is run at startup, and will then attempt to connect to a remote IRC server. This is in order to provide unauthorised access to the infected computer. http://www.pcpro.co.uk/?http://www.pcpro.co.uk/news/news_story.php?id=47208 Security experts warn of repeat of Blaster virus http://www.itweb.co.za/sections/software/2003/0309120806.asp Virus writers mark 11 September with batch of bugs http://www.itweb.co.za/sections/internet/2003/0309120804.asp http://www.wired.com/news/technology/0,1282,60397,00.html - - - - - - - - - - Virus writers difficult to find in cyberspace In the murky underworld of computer crime, this was as close as investigators ever get to a smoking gun. The hacker accused of releasing a variant of the Blaster worm that shut down computers around the world in August, left a calling card his online alias stitched into the code of the malicious program itself. http://www.usatoday.com/tech/news/computersecurity/2003-09-12-virus-guys-wily_x.htm - - - - - - - - - - Nigerian 419 scammer turns to telemarketing "Hello, this is a courtesy call on behalf of the widow of the late Sani Abacha..." Senders of the notorious 419 scam email appear to be changing tactics, following up their emails with a telephone call. The emails typically offer recipients a share of an unclaimed fortune in return for allowing the large sum to be processed through their bank account. Upon surrendering the bank account details the hapless recipient is then cleaned out. http://silicon.com/news/500013-500001/1/5989.html - - - - - - - - - - OPM emphasizes security training The Office of Personnel Management is asking agencies to make sure employees comply with computer security guidelines and training. In a proposed Federal Register rule last week, OPM director Kay Coles James proposed requiring employees to check a National Institute of Standards and Technology site, http://csrc.nist.gov, for the latest information about IT security and training standards. http://www.gcn.com/vol1_no1/daily-updates/23523-1.html - - - - - - - - - - Fur flies as Internet censorship debate continues Federal IT minister senator Richard Alston has accused opposition senator Brian Greig of promoting pornography after he accused the government of fear-mongering to promote its Internet regulation policy. Alston delivered the accusation against Greig during an attack on opposition parties' approach to Internet regulation in the Senate Wednesday. http://www.zdnet.com.au/newstech/security/story/0,2000048600,20278513,00.htm - - - - - - - - - - Copy-protected CDs take step forward For the first time in the United States, BMG Music will release a music CD loaded with anticopying protection, a move that opens a new round of technological experimentation for record labels. BMG division Arista Records will include "copy management" protections produced by SunnComm Technologies on soul artist Anthony Hamilton's new album, the company said Friday. Although the label has previously released promotional copies of various CDs with copy protection, this will be the first major test of consumers' reaction to the latest generation of the anticopying technology. http://zdnet.com.com/2100-1103_2-5075656.html - - - - - - - - - - UN hosts Global InfoSec forum Amid tight security and the pall of Manhattan's 9/11 remembrance ceremonies, 13 countries from the United Nations gathered here yesterday along with hundreds of U.S. high-tech executives in an effort to foster greater cooperation on the global information security war front. http://computerworld.com/securitytopics/security/story/0,10801,84846,00.html - - - - - - - - - - IT honchos call for better patching systems Agencies need to improve the way they patch their systems and networks to keep up with the shrinking cycle between the discovery of vulnerabilities and the exploitation of them, officials said this week. Discoveries of security vulnerabilities in software are increasing in number every month. In the last two years, the time period for attacks based on major vulnerabilities has shrunk from months to weeks, said Robert Dacey, director for information security issues at the General Accounting Office. http://www.fcw.com/fcw/articles/2003/0908/web-worm-09-11-03.asp Not all information-sharing and security problems are IT-related, experts say http://computerworld.com/securitytopics/security/story/0,10801,84849,00.html - - - - - - - - - - Symantec to unveil new security servers Symantec plans to come out with a new line of server appliances next week that are aimed at letting information technology managers better inoculate their networks from attacks. The Gateway Security 5400 line of firewall appliances can be thought of as Symantec-in-a-box. The servers come pre-bundled with the most commonly deployed security applications --such as intrusion detection software, antivirus applications, antispam software, virtual private networks and firewalls--along with management software for centralized control. http://zdnet.com.com/2100-1103_2-5075189.html http://news.zdnet.co.uk/internet/security/0,39020375,39116305,00.htm - - - - - - - - - - Outlook 2003 cracks down on spam Microsoft Outlook 2003, the e-mail client of the new Office suite slated for October release, cranks up the relatively weak antispam capability of its predecessors. The junk e-mail filter, which is set low by default, now will monitor received mail by time and content, and sort suspected spam into a junk folder. For example, Outlook would recognize as junk a message that arrived at 3 a.m. with a subject line containing your name or something similar. Likewise, e-mails containing HTML in the message body would be routed to the junk folder. http://www.gcn.com/vol1_no1/daily-updates/23519-1.html - - - - - - - - - - Smart card of a different stripe: optical Putting smart cards to work as governmentwide credentials as well as for building and system access is a long-term goaland a moving target. This week, the General Accounting Offices Joel C. Willemssen told a House Government Reform subcommittee that smart cards with laser-readable optical stripe memory, similar to compact disk technology, can store far more information than current smart cards. http://www.gcn.com/vol1_no1/daily-updates/23522-1.html USA moving toward wider smart-card use http://www.usatoday.com/tech/news/techinnovations/2003-09-11-smart-card-use_x.htm Cabinet stalls on ID cards, Blunkett says he'll win anyway http://www.theregister.co.uk/content/6/32815.html - - - - - - - - - - A day in the life of a Microsoft security patch On the heels of the Sobig.F and MSBlaster security breaches, I now find myself checking Microsoft's Windows Update site at least once a day. Perhaps I'm overreacting, but I want to make sure that I have that latest critical patch that keeps my system from riding the information highway with its hatchback wide open. A barrage of security patches have emerged from Microsoft over the past few months. For the most high profile of these --- called 03-026 within the company, but known to the rest of us as the patch for MSBlaster --- it took Microsoft only 17 days to turn the discovery of a vulnerability into a patch for it that was available through a variety of online channels. http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2914659,00.html Windows Server 2003 plagued by incompatibility http://news.zdnet.co.uk/software/windows/0,39020396,39116300,00.htm - - - - - - - - - - Playing "Hired Gun" in Computer Forensics Preparing forensic evidence for a court can be open to disaster, as we have all observed in recent weeks. Sooner or later playing the "hired gun" for prosecution or defence work will see you come unstuck - no matter how good you consider your skills to be, there will be people who are more thorough, more professional and a lot faster on the draw. http://www.vogon-computer-evidence.com/bulletin-00.htm - - - - - - - - - - License flaws run deep, officials say A recent congressional investigation revealing how easy it is to get a valid driver's license using fake names and counterfeit identification documents is just the tip of the iceberg, according to a spokesman of a national organization dedicated to strengthening the system. http://www.fcw.com/geb/articles/2003/0908/web-license-09-12-03.asp - - - - - - - - - - Satellite Tracking of Suspects Requires a Warrant, Court Rules The police cannot attach a Global Positioning System tracker to a suspect's vehicle without a warrant, the Washington Supreme Court said today in the first such ruling in the nation. The court refused, however, to overturn the murder conviction of the man who brought the appeal, William B. Jackson, who unknowingly led the police to the shallow grave of his 9-year-old daughter in 1999 after a G.P.S. device was attached to his vehicle. http://www.nytimes.com/2003/09/12/national/12GPS.html http://www.siliconvalley.com/mld/siliconvalley/news/editorial/6749034.htm http://www.usatoday.com/tech/news/techpolicy/2003-09-11-wash-tracking-gps_x.htm - - - - - - - - - - Bringing prison home in a box First, there was the digital home. Now, there is digital home incarceration. ShadowTrack Technologies in Louisiana aims to take the cost and inconvenience out of serving out the tail end of a custodial sentence at home. With ShadowTrack's service, parolees or others on restricted leave receive automated phone calls at random times of the day. During the call, they are asked to answer questions. The software, which uses voice authentication software from Nuance Communications, then compares the responses against a voiceprint in its records. http://zdnet.com.com/2100-1103_2-5075350.html - - - - - - - - - - Road-tax evaders targeted with new tech The DVLA may bring in more automatic number-plate- identification technology to reclaim some of the annual PS200m lost to evaders. The annual PS200m road tax evasion bill for the Driver and Vehicle Licensing Agency could be cut by the greater use of number plate reading technology, according to parliamentary watchdog the National Audit Office. http://news.zdnet.co.uk/business/legal/0,39020651,39116316,00.htm *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.