NewsBits for March 17, 2004 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Credit agency reports security breach More than 1,400 Canadians, primarily in the provinces of British Columbia and Alberta, have been notified of a major security breach at Equifax Canada Inc., a national consumer-credit reporting agency. Equifax confirmed yesterday that it discovered the breach in late February and has notified affected consumers via registered mail asking that they contact the agency to review the contents of their respected credit files. http://computerworld.com/securitytopics/security/story/0,10801,91319,00.html Craftier Web threats hit finance firms http://computerworld.com/securitytopics/security/story/0,10801,91315,00.html - - - - - - - - - - The largest bank of Estonia under hacker attack According to the Russian News Agency "Novosti", the press secretary of Hansapank bank experienced a powerful attack of hackers. Actions of perpetrators were so large-scale that it is possible to regard it the largest attack in Baltic countries. According to press secretary, thousands of automated requests were sent to the e-mail address of Hansapank during two days. This led to overload and temporary cessation of access to the "Internet-bank" system. http://www.crime-research.org/news/17.03.2004/137 - - - - - - - - - - FBI analyst faces trial for surfing law enforcement systems A former FBI investigative analyst is set to go on trial early next month in Dallas on felony charges related to his alleged misuse of law enforcement databases. Jeffrey D. Fudge of Lancaster, Texas, faces eight counts of exceeding authorized access to a government computer and two counts of making false statements. If he is convicted on all the charges, Fudge could be imprisoned for up to 50 years or fined up to $2.5 million. http://www.gcn.com/vol1_no1/daily-updates/25279-1.html - - - - - - - - - - UK Net paedo crackdown bags 600 More than 600 UK sex offenders have been convicted as a result of an ongoing probe into Internet child porn. UK police have - as part of Operation Ore - investigated 6,500 British people suspected of using a paedophile portal in the US. The operation has so far led to more than 1,200 prosecutions and 655 convictions, Home Office minister Baroness Scotland of Asthal said yesterday. The statistics came in a written response to a question table by a peer in the House of Lords. http://www.theregister.co.uk/content/6/36324.html - - - - - - - - - - Man arrested in Internet sting A traveling man from Valley Springs was arrested Tuesday afternoon by investigators from the Sacramento Valley Hi-Tech Crimes Task Force after arriving at a Turlock restaurant, allegedly to engage in a sexual act with a 13-year-old girl he had solicited over the Internet. Such men are sometimes termed travellers by members of law enforcement. The 56-year-old was taken into custody around 3:30 p.m. by the girl, Detective Ken Hedrick of the Stanislaus County Sheriffs Department, and other officers in the Hi-Tech task force. Hedrick often poses as an adolescent in chat rooms as a proactive measure against sexual predators. http://www.turlockjournal.com/news/newsview.asp?c=100339 - - - - - - - - - - Search for Internet Sex Suspect Philadelphia police are looking for a man who they say met an 11-year-old girl through the internet, then sexually assaulted her. Investigators have released a sketch of the suspect. They say the girl made contact with the man through a chat line. Police say the man took the girl from her house in the 1600 block of North Eighth Street, drove her with another man to a Southwest Philadelphia house, and assaulted her. http://abclocal.go.com/wpvi/news/03172004_nw_internetsex.html - - - - - - - - - - Online extortionists target Cheltenham Extortionists have launched a series of withering attacks against online bookies in the run up the tomorrows Cheltenham Gold Cup. Denial of service attacks on William Hill - Britain's second-biggest betting chain - were swiftly followed by email demands for $10,000. http://www.theregister.co.uk/content/55/36344.html - - - - - - - - - - Online vigilantes hunt down pedophiles Five minutes into his Internet chat with a 14-year- old girl, Ray Dooley's conversation turned from snowboarding to sex. Dooley, 23, drove 50 miles the next day, apparently expecting to see "Rachel." Instead, the Port Huron, Mich., man met a camera crew. He was caught not by police, but by representatives of the civilian-led vigilante Web site Perverted Justice, who posed in the chat room as Rachel and then posted Dooley's picture, phone number and chat details online. http://www.usatoday.com/tech/news/internetprivacy/2004-03-16-online-vigilantes_x.htm - - - - - - - - - - ChatNannies program scans for pedophiles A British computer programmer has created sophisticated new software that aims to detects pedophiles attempting to contact children in Internet chat rooms. The program works by giving a convincing impression of a young person taking part in a chat room conversation, while at the same time analyzing the behavior of the person it is chatting with. http://news.com.com/2100-1032_3-5174065.html - - - - - - - - - - Phishing still on the increase The growing threat of phishing attacks, which tempt unwary individuals into revealing personal information to scammers posing as legitimate firms, can be beaten by a combination of education and technology. According to a new White Paper, Anti- Phishing: Best Practices for Institutions and Consumers, education of users and automatic blocks on the sending of sensitive information are key. http://www.vnunet.com/News/1153549 - - - - - - - - - - New Calif. ID-theft bill would toughen earlier law Companies concerned about potential liability issues raised by California's identity-theft law may have a whole lot more to worry about if a recently proposed piece of similar legislation is passed. The proposed ID-theft law, which has managed to remain below the radar of many companies for some time now, is called Senate Bill 1279 and was introduced by California Sen. Debra Bowen on Feb. 13. The proposed bill seeks to toughen and broaden the scope of legislation already in place. http://computerworld.com/securitytopics/security/story/0,10801,91309,00.html - - - - - - - - - - Police offer 'stolen' mobe insurance fraud amnesty Punters who cheated on their insurance to get a new mobile are been offered an opportunity to come clean without getting nicked. South Yorkshire Police has established a month-long amnesty for people who falsely reported mobile phone thefts to 'fess up and thereby clear up non-existent crimes. http://www.theregister.co.uk/content/68/36334.html - - - - - - - - - - Government, industry debate cybersecurity remedies A congressional subcommittee took federal agencies to task Tuesday for their poor progress in securing their computer systems. The rebuke came two days before industry technology experts are expected to release reports on ways to fix the private sector's own security woes. http://news.com.com/2100-7348_3-5174112.html http://www.govexec.com/dailyfed/0304/031704d1.htm Security group to release reports http://www.fcw.com/fcw/articles/2004/0315/web-cybersec-03-17-04.asp - - - - - - - - - - Hackers Embrace P2P Concept Computer security experts in the private sector and U.S. government are monitoring the emergence of a new, highly sophisticated hacker tool that uses the same peer-to-peer (P2P) networking abilities that power controversial file-sharing networks like Kazaa and BearShare. http://www.washingtonpost.com/wp-dyn/articles/A444-2004Mar17.html More Legal Wrangling Around Kazaa http://www.wired.com/news/business/0,1367,62700,00.html - - - - - - - - - - The 12kb Bomb The average size of email-bourne viruses so far this year has been well under 20 kilobytes. A young virus writer, sitting in his underwear in his parent's dark basement, takes a hex editor and modifies a few bytes of the latest Netsky.M (16.5kb), Beagle.J (12kb) or Mydoom.G (20kb) mutation, spawns a new virus variant, and then releases it into the wild. http://www.securityfocus.com/columnists/228 Software security flaws hit plateau http://www.vnunet.com/News/1153574 Bugwatch: The virus avalanche http://www.vnunet.com/News/1153550 Hackers: interview with a "Ghost" http://www.crime-research.org/news/17.03.2004/138 Hacking insurance is a must http://www.vnunet.com/News/1153579 Q&A: Quality software means more secure software http://computerworld.com/securitytopics/security/story/0,10801,91316,00.html - - - - - - - - - - Setting a Trap for Net Pirates State Sen. Kevin Murray has a plan for fighting online piracy: just ask the pirates who they are. The Culver City Democrat is pushing a bill that would require California file sharers to attach their real names and addresses to the copyrighted goodies they let others download over networks like Kazaa and Morpheus. If they don't, Murray says, they should be jailed for up to a year and fined as much as $2,500. (LA Times article, free registration required) http://www.latimes.com/technology/la-fi-bill17mar17,1,4257498.story Red Bull pays $105,000 to settle software piracy claim http://computerworld.com/governmenttopics/government/legalissues/story/0,10801,91317,00.html - - - - - - - - - - Intel to join Liberty Alliance The Liberty Alliance Project, which creates security-related specifications, is expected to announce on Thursday that chipmaker Intel will join as its latest member, CNET News.com has learned. The Liberty Alliance was formed in 2001 to create specifications that allow people to sign on to multiple networks by entering user information--such as name and password--once. http://zdnet.com.com/2100-1105_2-5173759.html http://computerworld.com/developmenttopics/development/webservices/story/0,10801,91323,00.html CeBIT: Tight security, the Chancellor, and a mechanical man http://news.zdnet.co.uk/hardware/emergingtech/0,39020357,39149376,00.htm - - - - - - - - - - Admins need to get up to speed on forensic analysis The legal dangers of failing to protect your data are increasing daily, leading to a surge of interest in the field of forensic analysis. Administrators already possess some of the skills, tools, and knowledge needed for formal forensic analysis of a compromised system, but FA takes the usual problem- fixing routine to a whole new levelone you need to be aware of and plan for in advance if any of the data on your network is confidential or contains personal data of any sort. http://techrepublic.com.com/5100-6264-5168319-1-1.html - - - - - - - - - - Internet spawns plagiarism concerns Your research paper is due tomorrow and you haven't cracked a single book. No problem. Loads of reports from essays to thesis papers, on topics ranging from "Trade Relations between Salem, Massachusetts and China" to "Cuban Immigration 1950s to 1980" are floating around the Internet, available for free or on the cheap. http://www.usatoday.com/tech/news/2004-03-17-cheating-made-easy_x.htm - - - - - - - - - - Detection of SQL Injection and Cross-site Scripting Attacks In the last couple of years, attacks against the Web application layer have required increased attention from security professionals. This is because no matter how strong your firewall rulesets are or how diligent your patching mechanism may be, if your Web application developers haven't followed secure coding practices, attackers will walk right into your systems through port 80. http://www.securityfocus.com/infocus/1768 - - - - - - - - - - Feds to require passenger data from airlines The Transportation Security Administration said Wednesday it will order airlines to turn over passengers' personal records in the next couple of months to test a computerized passenger screening program that could keep dangerous people off airlines. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/8209006.htm http://www.govexec.com/dailyfed/0304/031704tdpm1.htm Airlines OK Security Plan http://www.wired.com/news/privacy/0,1848,62701,00.html Homeland Security bureau studies lessons of Spain bombings http://www.govexec.com/dailyfed/0304/031704c1.htm Data Protection - getting it right http://www.theregister.co.uk/content/67/36332.html http://www.fcw.com/fcw/articles/2004/0315/web-privacy-03-17-04.asp *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.