NewsBits for November 7, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Canadian Net fraud suspect arrested A Canadian man has been arrested for advanced fee fraud following a sting operation instigated by a Connecticut woman fed up with receiving scam emails. Like many other people, Heide Evans was constantly barraged with dubious emails purporting to offer millions in exchange for helping to transfer vast funds from Africa. Instead of deleting these emails, she strung the fraudsters along. http://www.securityfocus.com/news/7392 - - - - - - - - - - Hundreds Of Identities Stolen At N.J. Job Fair Hundreds of people looking for work at a state- organized job fair last month unknowingly provided personal financial information to a fraudulent company. The job applicants gave ELS Locators a $42 fee along with social security numbers, bank account numbers and credit card information. The three-day fair was organized by state Department of Labor officials after the company requested a list of all New Jersey residents who had filed for unemployment benefits, NewsChannel 4 reported on Thursday. Jersey City Police Chief Ronald Buonocore said he has since been notified by federal authorities that the company was part of a multistate scheme to steal personal information. http://www.wnbc.com/news/2618945/detail.html - - - - - - - - - - Ex-Miracle batboy gets six years A man who was once a popular Fort Myers Miracle batboy was sentenced Thursday to nearly six years in prison on child pornography charges. Alan Robert Johnson, 24, of North Fort Myers - who was nicknamed "The A Train" as a batboy because of his size - was indicted by a federal grand jury in May after FBI agents connected him with a New York man he'd traded child pornography with over the Internet. Johnson pleaded guilty to possession of child pornography and transmitting it over the Internet, crimes that are punishable by up to 20 years in prison. http://www.news-press.com/news/local_state/031106johnson.html http://www.wtev.com/news/state/story.aspx?content_id=1642701A-0378-434E-A516-D957696426F6 - - - - - - - - - - Judge refuses to drop gun charge in child sex case A judge has refused to dismiss a secondary weapons count that could add five years to a man's prison term if he is convicted in a child sex case. Jonathan James Munro, 21, was arrested in Salt Lake City after allegedly arranging to meet a 13-year-old girl over the Internet for a sexual encounter. Prosecutors say the tryst was arranged late Sept. 10 in the parking lot of Lincoln Elementary School. However, the teenage girl chatting online as ''shantel3101'' turned out to be an agent with the Utah Internet Crimes Against Children Task Force, and Munro was arrested after agents posed a decoy in the parking lot. http://www.trib.com/AP/wire_detail.php?wire_num=315671 - - - - - - - - - - The Guardia di Finanza neutralized computer virus The author of a dangerous and unknown worm (Marque) was discovered and neutralized by Guardia di Finanza (Italian Economic Police). The worm used the popularity of a famous Italian TV show called Zelig to fraudulently alter the telephone connection of thousand of users. The police operation, distinguished by effective international cooperation with the United States Secret Service, lead to the arrest of a man, living between Venezuela and Italy. He was charged with spreading a virus and for IT fraud over 100,000 Euro in 3 days. The money obtained by the fraud was to be transferred first to New York and then to Aruba. http://www.crime-research.org/news/2003/11/Mess0704.html - - - - - - - - - - Thwarted Linux backdoor hints at smarter hacks Software developers on Wednesday detected and thwarted a hacker's scheme to submerge a slick backdoor in the next version of the Linux kernel, but security experts say the abortive caper proves that extremely subtle source code tampering is more than just the stuff of paranoid speculation. http://www.theregister.co.uk/content/55/33855.html http://computerworld.com/securitytopics/security/story/0,10801,86946,00.html Attacker attempts to plant Trojan in Linux http://news.zdnet.co.uk/software/applications/0,39020384,39117696,00.htm - - - - - - - - - - Kansas auditors crack 1,000 passwords The Kansas Health and Environment Department has serious IT security and disaster recovery problems, the states legislative auditor has found. The auditors said they used password-cracking software to decipher more than 1,000 of the departments passwordsincluding several administrative passwords or 60 percent of the total, in three minutes. The department began fixing the security weaknesses and other problems found in its systems as soon as it learned of them, department secretary Roderick L. Bremby said in response to the report. http://www.gcn.com/vol1_no1/daily-updates/24132-1.html - - - - - - - - - - Ashcroft takes on foreign government hackers How seriously does the U.S. government take computer intrusion? Seriously enough for the threat of foreign hacking to take a prominent role in new rules governing the FBI's national security investigations issued by U.S. Attorney General John Ashcroft this week. http://www.securityfocus.com/news/7398 - - - - - - - - - - White House rewriting core security policy document The Bush administration is rewriting the document that signaled the beginning of the federal government's efforts to deal with critical-infrastructure protection and cybersecurity to take into account post-Sept. 11 homeland security requirements. http://computerworld.com/governmenttopics/government/policy/story/0,10801,86956,00.html - - - - - - - - - - US-listed firms face IT security audits Companies publicly traded in the US would have to conduct annual computer security audits, according to a draft of forthcoming legislation. Publicly traded US corporations would have to certify that they have conducted an annual computer security audit, according to a draft of long-awaited legislation the US House of Representatives is preparing. http://news.zdnet.co.uk/internet/security/0,39020375,39117721,00.htm - - - - - - - - - - Cryptography takes a quantum leap Magiq Technologies' cryptography system is designed to provide a completely secure VPN. A four-year-old start-up has begun shipments of what it says are the world's first commercial data-scrambling devices that use the radically new technology of quantum encryption. http://news.zdnet.co.uk/communications/networks/0,39020345,39117701,00.htm - - - - - - - - - - Military to use Alphatech to stop denial-of-service attack The Air Force awarded a $12.9 million contract to Alphatech Inc. to develop a quarantine defense for military networks against large-scale, denial-of- service attacks, a Defense Department contract statement said. http://www.fcw.com/fcw/articles/2003/1103/web-alpha-11-07-03.asp - - - - - - - - - - Poor Wi-Fi passwords 'invite attack' Administrators must choose long, random passwords or risk their Wi-Fi connection being compromised. A security expert has warned users of the latest wireless network security standard, Wi-Fi Protected Access, to pick good passwords or risk being compromised. http://news.zdnet.co.uk/communications/0,39020336,39117697,00.htm http://zdnet.com.com/2100-1105_2-5103908.html - - - - - - - - - - Bad day for WLAN security Just when we all thought wireless security was getting more stable, up pop two old weaknesses in wireless security which could make WPA worse than WEP. With WPA on the way, as an interim to the IEEE's all-singing, all-dancing security update, 802.11i, the Wi-Fi industry is ready to settle back and worry about other things than security. However, two experts independently chose this week to remind us that old weaknesses can make the continued gaps in Wi-Fi security more serious than they might otherwise be. http://www.techworld.com/news/index.cfm?fuseaction=displaynews&NewsID=628 As security concerns ease, businesses warm to Wi-Fi http://news.com.com/2100-7351_3-5103911.html Microsoft Offers XP Wireless Security Rollup http://www.internetweek.com/breakingNews/showArticle.jhtml%3Bjsessionid=DUKOJVH3PQU0AQSNDBGCKHQ?articleID=16000564 - - - - - - - - - - At Microsoft, security flaws emerge as business shortcomings Microsoft Corp.'s offer this week of cash bounties for informants who help it collar virus-writers reflects more than just an escalation of the war on those who would exploit the dominant power in software. The campaign reveals just how much of a threat to Microsoft's bottom line security flaws now represent. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/7208986.htm http://www.wired.com/news/technology/0,1282,61138,00.html Virus writers dismiss Microsoft's bounty http://www.techworld.com/news/index.cfm?fuseaction=displaynews&NewsID=631 AV vendors shun MS bounty hunters http://www.theregister.co.uk/content/56/33866.html MS releases Office 2003 bug fix http://www.theregister.co.uk/content/4/33863.html - - - - - - - - - - Oracle Row Level Security: Part 1 In this short paper I want to explore the rather interesting row level security feature added to Oracle 8i and above, starting with version 8.1.5. This functionality has been described as fine grained access control or row level security or virtual private databases but they all essentially mean the same thing. We will come back to this shortly but before we do that lets get to what this paper is about. http://www.securityfocus.com/infocus/1743 - - - - - - - - - - DHS still working on info-sharing plans Homeland Security Department officials want local government to help form the information-sharing portions of the department's enterprise architecture, but they haven't figured out yet how to efficiently work with so many jurisdictions at once. http://www.fcw.com/geb/articles/2003/1103/web-dhs-11-07-03.asp - - - - - - - - - - Palm-Print ID System Lends Big Hand to Detectives A new L.A. County database, which includes fingerprints, gives law enforcement agencies a fast new tool to identify suspects. For decades, detectives have known that the answer to solving a crime can lie in the palm of someone's hand. Palm prints make up about one-third of all prints technicians lift from crime scenes, according to estimates. But until this year, unlike fingerprints, there was no easy way to compare them. (LA Times article, free registration required) http://www.latimes.com/technology/la-me-onthelaw7nov07,1,4111694.story *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.