NewsBits for October 2, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Official: crackers have broken into GPRS billing Some time today, the GPRS world will reveal that it has a security vulnerability which has seen an undisclosed number of its customers ripped off. They've been trapped into connecting to malicious content servers, by hackers penetrating the billing system. The first international phone company to admit that they have installed a solution - one offered by Check Point - will be the German phone provider, E-Plus. http://www.theregister.co.uk/content/59/33168.html - - - - - - - - - - ID theft undermining integrated terror watch lists Despite the government's recent efforts to integrate dozens of terrorist watch list databases, terrorists may still be slipping through major cracks in homeland defenses by stealing identities and using computers to create fraudulent travel documents, officials told Congress yesterday. http://www.computerworld.com/securitytopics/security/story/0,10801,85606,00.html - - - - - - - - - - Police crack pedophile's secret code Patient police work and a clever piece of computer programming have helped convict a pedophile who preyed upon his own daughter. The man, who cannot be identified to protect his young victim, was jailed for 6 1/2 years yesterday after a County Court jury convicted him last week of one count of incest and four counts of performing an indecent act with a child under 16. Police searched his home in August 2002 but were unable to find photographs or footage described by his daughter. Instead, they found a large encrypted file on the man's computer hard drive that could be opened only with a password. When the man refused to reveal the code, a police computer specialist set up a program to crack the password by cycling through endless combinations of letters. "After 19 weeks of continuous operation that password was found and access gained to the file," Judge Anderson said. http://www.theage.com.au/articles/2003/10/02/1064988349806.html - - - - - - - - - - Family man left child porn CD-ROM in car A DAD-OF-TWO employed as a manager at the top security mental hospital which houses Moors murderer Ian Brady has been convicted of downloading child porn images on his computer. Logistics manager Laurence Cassidy was found guilty of possessing 1,800 indecent images of children by a jury at Liverpool Crown Court. During his three-day trial, the jury, which took just one hour to reach their unanimous verdict, heard that Cassidy left a computer disc containing the images in a company car on January 8 last year. A colleague at the hospital found the CDROM, which had Cassidy's name on it and his codeword 'shod' for pornography. It was handed over to the computer department and Cassidy was arrested. http://iccheshireonline.icnetwork.co.uk/0100news/runcornandwidnesweeklynews/content_objectid=13471229_method=full_siteid=50020_headline=-Family-man-left-child-porn-CD-ROM-in-car-name_page.html - - - - - - - - - - Man faces child porn possession charges A 56-year-old registered sex offender was charged Wednesday with three counts of possessing child pornography that he allegedly downloaded from the Internet. Homer Daniel Hirst of Everett was being held in lieu of $50,000 bail. Snohomish County sheriff's detectives arrested him after he gave them permission to examine his computer and disks. http://www.heraldnet.com/Stories/03/10/2/17562482.cfm - - - - - - - - - - Romeoville Man Accused Of Child Porn On Web Lake County sheriff's police arrested a Romeoville man on child pornography charges this week. Chad Arnold, 30, allegedly used the Internet to send pornographic pictures of underage girls, mostly teens, to undercover officers. Arnold was identified through his e-mail address. With a search warrant, police confiscated a computer, scanner, digital printer and scanner from Arnold's home. http://www.nbc5.com/news/2526783/detail.html - - - - - - - - - - Lockheed Martin Employee Charged With Child Pornography A Lockheed Martin employee in Orlando, Fla., was arrested Thursday for allegedly possessing child pornography. Investigators said Johnny Oxendine, 54, brought his computer to work for repairs, but instead of finding problems, service technicians apparently found child pornography. Oxendine was later interviewed and confessed to the crime, according to authorities. http://www.local6.com/news/2527524/detail.html - - - - - - - - - - Two admit roles in teen porn e-mailed to Navy ship A Navy man and his sister-in-law admitted yesterday they took part in a scheme to e-mail pornographic pictures of underage girls to the aircraft carrier Constellation. A third person, also a sailor on the carrier, rejected a proposed plea agreement and was ordered to stand trial on molestation and child pornography charges. All three are from El Cajon, as are the two high school girls who appear in the pornographic pictures. http://www.signonsandiego.com/news/military/20031002-9999_6m2connie.html - - - - - - - - - - Man cleared of porn 'nightmare' A warehouse manager has been cleared of downloading child pornography from the internet. The prosecution dropped 13 charges of making an indecent photograph of a child against Arwel Jones, 31, from Llanfairfechan, Gwynedd, at Caernarfon Crown Court. Mr Jones said the images were already on the second-hand computer when he bought it. Andrew Jebb, prosecuting, said there was a fault with the computer's internal clock and it was impossible to prove when the images had been downloaded. http://news.bbc.co.uk/2/hi/uk_news/wales/north_west/3157782.stm - - - - - - - - - - Interpol fears child porn video boom on Web Internet paedophiles increasingly crave video images of children being abused and this could lead to live, pay-per-view child porn sessions using webcameras, a top Interpol officer said on Wednesday. In an interview with Reuters, the officer, Hamish McCulloch, also highlighted the rise of "virtual child pornography," using advanced computer graphics to create highly realistic electronic images, and urged countries to make it a crime. http://star-techcentral.com/tech/story.asp?file=/2003/10/2/technology/6405904 - - - - - - - - - - Mass. pair aids targets of music industry lawsuits Some of the people sued by the recording industry for downloading online music are again turning to the Web this time for help raising money to defend themselves or finance settlements. Two Worcester men have set up an online system called Downhill Battle that allows donors to contribute directly to those targeted in the suits. http://www.usatoday.com/tech/webguide/internetlife/2003-10-02-downhill-battle_x.htm Music biz slams Oz Net piracy plea bargain http://www.theregister.co.uk/content/6/33174.html - - - - - - - - - - Microsoft faces class action on security Microsoft faces a proposed class-action lawsuit in California based on the claim that market dominance and vulnerability to viruses in its software could lead to "massive, cascading failures" in global computer networks. The lawsuit, filed Tuesday in Los Angeles Superior Court, also claims that Microsoft's security warnings are too complex to be understood by the general public and serve instead to tip off "fast-moving" hackers on how to exploit flaws in its operating system. http://zdnet.com.com/2100-1105_2-5085730.html http://www.washingtonpost.com/wp-dyn/articles/A35053-2003Oct2.html http://money.cnn.com/2003/10/02/technology/microsoft_lawsuit.reut/index.htm http://www.usatoday.com/tech/news/computersecurity/2003-10-02-ms-security-suit_x.htm http://www.computerworld.com/governmenttopics/government/legalissues/story/0,10801,85631,00.html - - - - - - - - - - Reporters' Documents May be Subpoenaed in Hacker Case The FBI has notified 13 reporters that it might subpoena their records regarding a hacker charged with breaking into The New York Times' computer system. A Sept. 19 letter from the FBI directs Associated Press reporter Ted Bridis to preserve any documents pertaining to Adrian Lamo, stating that the request is in anticipation of an order requiring materials to be turned over to federal law enforcement authorities. The FBI said Wednesday that similar letters went to 12 other reporters or news organizations, which the agency did not identify. http://www.washingtonpost.com/wp-dyn/articles/A30245-2003Oct1.html http://www.usatoday.com/tech/news/2003-10-02-first-amendment_x.htm - - - - - - - - - - Hackers to Face Tougher Sentences Convicted hackers and virus writers soon will face significantly harsher penalties under new guidelines that dictate how the government punishes computer crimes. Starting in November, federal judges will begin handing out the expanded penalties, which were developed by the U.S. Sentencing Commission. Congress ordered the changes last year, saying that sentences for convicted computer criminals should reflect the seriousness of their crimes. http://www.washingtonpost.com/wp-dyn/articles/A35261-2003Oct2.html - - - - - - - - - - Swen trumps Sobig to top virus league Security fears play into virus writers' hands. The most commonly received virus for September is a new entry the Swen worm, which fools users into opening an attachment by masquerading as a Microsoft security update email. http://www.silicon.com/news/500013/1/6244.html Sobig worm September's worst virus http://www.itweb.co.za/sections/internet/2003/0310021027.asp Batten down the hatches, says Symantec http://www.itweb.co.za/sections/internet/2003/0310021057.asp http://www.newsfactor.com/perl/story/22408.html Flaws quickly turn into attacks http://news.zdnet.co.uk/internet/security/0,39020375,39116849,00.htm Trojan program uses Internet Explorer hole to hijack browsers http://www.computerworld.com/securitytopics/security/holes/story/0,10801,85630,00.html - - - - - - - - - - New Trojan may have VeriSign in crosshairs Sophos' anti-virus team has confirmed that it is in the preliminary stages of analysing a new Trojan that may be linked to an organised attack on VeriSign's domain name servers. Paul Ducklin, head of technology, Sophos Asia-Pacific, said the Trojan, dubbed Qhost1, seduces the user to go to a Web site that exploits a security vulnerability in Internet Explorer and inserts malicious code onto the victim's personal computer. http://www.zdnet.com.au/newstech/security/story/0,2000048600,20279284,00.htm - - - - - - - - - - Will California's tough anti-spam law fly? With the recall election in full-swing, and in perhaps one of his last acts as Governor, Gray Davis just signed into California law arguably the toughest anti-spam law in the United States. But will this new law work in combating spam, and will it pass constitutional muster? Only time will tell. http://www.usatoday.com/tech/columnist/ericjsinrod/2003-10-02-sinrod_x.htm Doubts raised over MPs' anti-spam crusade http://www.theregister.co.uk/content/6/33175.html - - - - - - - - - - 'Unholy alliance' poses huge security threat An unholy alliance is developing between the peddlers of pornography and the hacking community that will pose the biggest threat to the security and integrity of the data held on this world's computer systems - large and small. Graham Vorster, chief technology officer at Duxbury Networking, takes a look at what awaits the world in the wake of the adult industry's liberalisation - and what information technology (IT) specialists can do to counter this growing threat. http://www.itweb.co.za/sections/techforum/2003/0310020843.asp - - - - - - - - - - 'Smart' bank card scheme goes nationwide After a successful trial in Nottingham, smart-card banking is spreading to the rest of the UK. The national rollout of new 'smart' bank cards as part of a PS1.1bn scheme to cut the UK's PS424m annual fraud bill by over half is to begin this week. http://news.zdnet.co.uk/hardware/chips/0,39020354,39116861,00.htm http://www.theregister.co.uk/content/55/33170.html - - - - - - - - - - Digital-rights group knocks 'trusted' PCs A high-profile digital civil liberties group is criticizing a component of the "trusted computing" technology promoted by Microsoft, IBM and other technology companies, calling the feature a threat to computer users. The paper, which was set to be released late Wednesday by the Electronic Frontier Foundation, analyzes the promised features of several different trusted computing initiatives. The efforts aim to develop next-generation hardware and software that can better protect data from attackers, viruses and digital pirates. http://rss.com.com/2100-7355_3-5085442.html OMB issues privacy guidance http://www.fcw.com/fcw/articles/2003/0929/web-omb-10-01-03.asp - - - - - - - - - - Cisco warns its WLAN security can be cracked The proprietary security system used by Cisco Systems Inc. to protect wireless LANs widely deployed by enterprises can be defeated by a "dictionary attack" designed to crack passwords. To counter the security threat, the company is warning customers to institute strong password policies. http://www.computerworld.com/securitytopics/security/story/0,10801,85637,00.html - - - - - - - - - - Linux vs. Windows Viruses To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it. We've all heard it many times when a new Microsoft virus comes out. In fact, I've heard it a couple of times this week already. Someone on a mailing list or discussion forum complains about the latest in a long line of Microsoft email viruses or worms and recommends others consider Mac OS X or Linux as a somewhat safer computing platform. http://www.securityfocus.com/columnists/188 - - - - - - - - - - Fraud danger drives compliance investment Business intelligence and analytics set to benefit. The growing danger of fraud is driving up investment in compliance, risk management projects, analytics and business intelligence software in the finance sector, according to a new report. http://www.vnunet.com/News/1144047 - - - - - - - - - - The New Security Risk of VoIP "This is the first time that a computer virus can stop your telephones from working," Mark Lobel, a senior manager at PricewaterhouseCoopers, told the E-Commerce Times. "There is a whole new class of attacks that can occur." http://www.ecommercetimes.com/perl/story/31731.html - - - - - - - - - - Wireless Network Policy Development (Part Two) Part One of this article explained the need for wireless policy, some of the inherent threats of wireless networks, and covered some of the essential components of a wireless policy. This second and final article will continue to discuss essential components for policy development, as well as address other considerations that one should be aware of. Taken together, this series of articles on wireless policy development will help create a framework for an organization's wireless policy, its active enforcement, and will allow a wireless network to be both secure and operate with limited risk. http://www.securityfocus.com/infocus/1735 Wireless Network Policy Development (Part One) http://www.securityfocus.com/infocus/1732 - - - - - - - - - - A Suspect Computer Program A secret computer program detected something suspicious about the middle-aged passenger heading to Eugene, Ore. He traveled often, usually taking one-way flights on short notice. In the months following the Sept. 11 attacks, every time he tried to board a flight in Portland, he was pulled out of line and searched as a possible terrorist threat. http://www.latimes.com/news/nationworld/nation/la-sci-capps2oct02002420,1,7687353.story - - - - - - - - - - Japanese city plans GPS tracking system for children Stunned by the kidnapping of a teenage girl, a rural Japanese city plans to use a satellite-linked tracking system to help parents find their children. The northern city of Murakami has asked two security companies to provide the service for the families of 2,700 elementary and junior high school students, said Kenkichi Kimura, an official on the city's Board of Education. http://www.usatoday.com/tech/news/2003-10-02-gps-kids-japan_x.htm *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.