NewsBits for January 15, 2004 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Guilty plea in sale of counterfeit software A Singapore woman has pleaded guilty to importing and selling counterfeit Microsoft Corp. software from Asia to the United States, authorities said. Lay Eng Teo, 30, admitted Monday to selling the software from 1995 to 2000, when she was arrested in Hong Kong. A court there upheld her extradition to the United States. http://www.sfgate.com/cgi-bin/article.cgi?f=/chronicle/archive/2004/01/11/BAGJU47QTP1.DTL - - - - - - - - - - Credit card firm at center of child porn ring Federal officials on Thursday announced they had cracked an international child pornography ring with arrests in New Jersey, France, Spain and Belarus. The cases stem from an Internet processor of Web site subscriptions in Minsk, Belarus, which collected fees for memberships to child pornography Web sites that brought in millions of dollars, the U.S. Attorney's Office said. http://www.cnn.com/2004/LAW/01/15/child.porn.arrests.ap/index.html - - - - - - - - - - Lawyer sentenced for having child pornography Adna Underhill received 17 to 20 months on each of two counts for the crime. He was convicted of possessing child sexually abusive material and one count of using the Internet to commit a crime. He will be able to serve the sentences at the same time. Underhill was arrested after going into a chat room and chatting with an undercover officer that Underhill thought was a 14-year-old girl. The lawyer did have a previous criminal record dating back to 1975. http://www.woodtv.com/Global/story.asp?S=1602747&nav=0RceKDl3 - - - - - - - - - - Retired judge pleads innocent Retired Superior Court Judge Stephen W. Thompson pleaded innocent Monday to child pornography charges, including one count charging him with traveling to Russia to have sex with a teenage boy. Authorities learned Thompson used a laptop computer provided by the state judiciary to order or access child pornography, Assistant U.S. Attorney Diana Carrig said. http://www.southjerseynews.com/issues/january/m011304o.htm http://www.philly.com/mld/inquirer/news/local/7695379.htm http://www.wnbc.com/news/2760025/detail.html - - - - - - - - - - 'Predator Paedophile' given mobile and internet ban The judgement on Gary Geoffrey Thomas comes just days after concerns were raised over how paedophiles could possibly use new mobile phone technology to send images to one another. A man from Derbyshire who groomed young girls through internet chatrooms, eventually having sex with a 14-year-old girl, has been banned from using the web and mobile phones and was also given an 18 month jail sentence. http://www.itv.com/news/274466.html - - - - - - - - - - Oscar Copy Found on EBay The Academy of Motion Picture Arts and Sciences, scrambling to crack down on movie "screeners" that have popped up on the Internet in recent days, had a new incident to investigate Wednesday: how an academy screener copy of "House of Sand and Fog" came up for sale on EBay Inc. (LA Times article, free registration required) http://www.latimes.com/technology/la-fi-screeners15jan15,1,1392519.story Two new copies of movies sent to Oscar voters offered on Internet http://www.siliconvalley.com/mld/siliconvalley/news/editorial/7718157.htm http://www.cnn.com/2004/SHOWBIZ/Movies/01/15/oscar.screeners.copies.ap/index.html http://www.usatoday.com/tech/news/2004-01-15-two-more-screens-online_x.htm - - - - - - - - - - Online crime charges denied Last October, Richfield-based Best Buy received an e-mail from one "Jamie Weathersby," who notified the company of a security glitch on its Web site, www. bestbuy.com, authorities say. Perhaps, Weathersby wrote, he and the electronics giant could work something out. http://www.twincities.com/mld/pioneerpress/7648238.htm http://computerworld.com/securitytopics/security/story/0,10801,89102,00.html - - - - - - - - - - 419ers stun with blinding return to form It appears our report last week on the death of the great 419 email may have been somewhat premature. In fact, apologies are in order for the suggestion that advance fee fraudsters had lost the creative edge which had seemingly guaranteed them immortality in the pantheon of spammers. http://www.theregister.co.uk/content/28/34904.html - - - - - - - - - - MiMail: yet another one The saga of Mimail and PayPal continues with a new variant doing the rounds today. This is an email purporting to come from PayPal with the subject header "PAYPAL.COM NEW YEAR OFFER". Attached is a file "paypal.exe". Rather than containing the well-documented and well detected Mimail.P worm, the attachment actually contains a 2kb downloader which, if runs promptly, toddles off and downloads a copy of Mimail.P from a Russian web server. This latest iteration of Mimail plus PayPal only affects MS Windows machines only, and follows the infection routines and actions of older version. http://www.theregister.co.uk/content/56/34911.html http://www.vnunet.com/News/1152072 - - - - - - - - - - Suing grannies for MP3 swapping - will it start in the UK? Since the RIAA started suing children and senior citizens, the British music industry has been giving the impression that it was unlikely to do anything quite so reputation-threatening this side of the pond. But on the other hand... British Phonographic Industry (BPI) director general Andrew Yeates has been busy this week, trailing the prospect of a crackdown on file-swappers in the UK, and telling MPs that the US action has been successful in creating awareness about illegal downloading. http://www.theregister.co.uk/content/6/34906.html - - - - - - - - - - Lawsuit seeks to stop Web postings by convicted killer Mary Kate Gach wants to stop the man who killed her daughter from posting graphic details about the murder on the Internet. Gach filed a $40 million lawsuit in Montgomery Wednesday alleging that from his prison cell on death row at Holman Prison in Atmore, convicted murderer Jack Trawick published on the Internet "graphic descriptions" of his crimes and given advice on ways to commit rape and murder. The Web site has offered for sale "souvenirs" including pictures of Trawick and copies of letters he has written, the lawsuit says. http://www.usatoday.com/tech/news/2004-01-15-trawick-suit_x.htm Is Jack Trawick Still A ... Menace To Society? http://www.crime-research.org/news/2004/01/Mess1501.html - - - - - - - - - - Online gambling site tangled in Korean politics Kim Beom-hoon was hailed as a trailblazer when he went into the online gambling business with North Korea. It seemed the perfect way to bridge a 50-year divide and open up one of the world's most isolated countries. But two years later the South Korean businessman has run afoul of his country's gambling laws, as well as its ambivalence about whether to treat its communist neighbor as friend or foe. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/7719438.htm - - - - - - - - - - APD Introduces New Weapon Against Crime A growing number of Central Texas children are being cyber stalked and exploited by online predators. Now police and child advocates have a new, mobile weapon in their fight against predators that could increase safety for your kids and your community. http://www.kxan.com/Global/story.asp?S=1601533 - - - - - - - - - - Government slow to make Internet security improvements The government must still develop policies, secure funding and train its employees before agencies can use a security system designed to protect online transactions, congressional investigators said Thursday. The General Accounting Office said the security system goes beyond simply typing in a password to protect data and verify the identity of the person using the Internet to transact business with the federal government. The GAO said 20 agencies are trying to install the new system. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/7719472.htm - - - - - - - - - - Report: IP networks easy prey for cyberattackers The increasing use of Internet Protocol technology in power stations, railroads, banks and other critical infrastructure could spell big trouble, and soon, according to analysts. Although an actual act of cyberterrorism or cyberwarfare has never been recorded, the potential exists and is being facilitated by an increasingly connected world, according to a report released on Wednesday by market-research firm Gartner. http://news.com.com/2100-7349_3-5141386.html Cyberwarfare 'a reality in 12 months' The increasing reliance on IP networks in critical infrastructure organisations such as banks and power stations could mean trouble, Gartner claims. The increasing use of IP technology in power stations, railroads, banks and other financial institutions will make cyberwarfare a reality by 2005, according to analysts. http://news.zdnet.co.uk/internet/security/0,39020375,39119111,00.htm - - - - - - - - - - Adobe anti-counterfeiting code trips up kosher users Adobe's decision to add special code into its software to prevent currency counterfeiting prevents even authorised users from using the technology, according to Register readers. Currency detection code in Photoshop Creative Suite (CS) which prevents "unauthorized" processing of bank note images is proving a frustration even for authorised users of the technology. http://www.theregister.co.uk/content/4/34916.html - - - - - - - - - - Microsoft issues Jan security bulletin Microsoft has published its security bulletin for January with patches for three flaws, although it has yet to address the site-spoofing hole. The most serious of the three concerns its Internet Security and Acceleration Server 2000, and Small Business Server 2000 and 2003 (which contains the 2000 version). http://www.pcpro.co.uk/?http://www.pcpro.co.uk/news/news_story.php?id=52401 Security a work in progress for Microsoft http://zdnet.com.com/2100-1105_2-5141765.html - - - - - - - - - - Online security device wins SABS award The South African Bureau of Standards (SABS) has awarded RedPay and Ziliant systems an SABS Design Institute Prototype award for their new Zipad authentication device. The Zipad device is separate from the PC, so a hacker cannot simply load a Trojan to pick up the authentication. It uses 2048-bit encryption. The Zipad 600 is a transaction authentication device targeted at the financial and corporate markets. It supports a bi-directional USB interface for signing documents, and can also generate two-dimensional barcodes for digitally signing cheques and faxes. http://www.securityfocus.com/elsewhere - - - - - - - - - - Remote working heightens security Corporations are embracing a simpler, cheaper way of connecting remote workers to their networks, opening up new opportunities -- and competition -- for network security vendors. At stake are gateways allowing secure access to corporate networks based on a browser security technology known as Secure Sockets Layer (SSL) encryption. Analysts and makers of SSL-based networking equipment say that large numbers of corporate users are starting to implement virtual private networks (VPNs) using SSL technology. http://insight.zdnet.co.uk/0,39020415,39119106,00.htm - - - - - - - - - - Reliving Spam's Glorious Past Suitcases packed with pornography, bottles of penis-enlargement pills, bank statements detailing the failures of work-at-home schemes, pseudo love letters and dioramas of deposed dictators -- this is just some of the art on display at Reimagining the Ordovician Gothic: Fossils From the Golden Age of Spam. http://www.wired.com/news/culture/0,1284,61916,00.html - - - - - - - - - - Today is Personal Firewall Day Today is the first Personal Firewall Day, an event dedicated to educating consumers about protecting themselves from the online threats. Personalfirewallday.org features vendor-neutral advice on the benefits of personal firewalls to ward off hackers and virus writers. There are also discussions on the need to apply anti-virus updates and patches. http://www.theregister.co.uk/content/55/34899.html http://news.com.com/2100-7349_3-5141196.html http://www.smh.com.au/articles/2004/01/15/1073877951147.html - - - - - - - - - - US using EU airline data to 'test' CAPPS II snoop system Airline data on EU citizens is being used by the US Transport Security Administration for "testing" of the controversial CAPPS II (Computer Assisted Passenger Pre-Screening System). This is quite handy for the TSA, given that Congress won't let it use CAPPS II on US citizens yet, but is not quite what we understood from the deal the EU struck with the US last month. http://www.theregister.co.uk/content/6/34915.html Online visas 'gaping' security hole http://australianit.news.com.au/articles/0,7204,8383972%5E15321%5E%5Enbv%5E15306,00.html - - - - - - - - - - Home Office to review police IT The Home Office is to undertake a major review of the Police IT Organisation (Pito). Former BOC Group chief executive Robert McFarland is to lead a review of Pito's performance and structure, as well as its role in serving police forces across the country. http://www.vnunet.com/News/1152062 *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.