NewsBits for April 1, 2004 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ 'Buffalo Spammer' convicted A man accused of using EarthLink Inc. e-mail accounts to release a flood of spam e-mail on the Internet has been convicted on charges of identity theft and falsifying business records, according to a statement from New York State Attorney General Eliot Spitzer. Howard Carmack of Buffalo, N.Y., also known as the "Buffalo Spammer," was found guilty by a jury in Erie County, N.Y., on 14 counts, including charges that he stole the identities of two Buffalo-area residents, which he then used to send out more than 800 million spam messages, the attorney general's office said. Carmack is scheduled to be sentenced on May 27 and faces three to seven years in prison. http://computerworld.com/softwaretopics/software/groupware/story/0,10801,91823,00.html http://www.siliconvalley.com/mld/siliconvalley/news/editorial/8330264.htm http://sfgate.com/cgi-bin/article.cgi?file=/news/archive/2004/04/01/financial1105EST0095.DTL http://news.com.com/2100-1024_3-5183558.html http://www.theregister.co.uk/content/55/36732.html - - - - - - - - - - Disgraced Air Force cadet in trouble again The Air Force said Wednesday it is weighing punishment for a former cadet accused of violating parole by allegedly seeking sex with a teenager through the Internet and trying to contact a wheelchair-bound woman he was convicted of sodomizing. Doncosta Seawell, who is in a military brig near San Diego, allegedly tried to contact his victim in January, the same month he allegedly tried to entice a 14-year-old girl to have sex, said Jennifer Stephens, spokeswoman for the Air Force. The teenager turned out to be a member of a group that tracks Internet sexual predators. http://www.usatoday.com/tech/webguide/internetlife/2004-04-01-bust-by-nikki_x.htm - - - - - - - - - - Porn-surfing nurse escapes with sack and caution A paediatric nurse dismissed for viewing online hardcore pornography at work has escaped being struck off the Nursing and Midwifery Councils (NMC) professional register. Steven Truscott was sacked from his job at the Middlesex Adolescent Unit after committing six offences of serious misconduct during March 2002. The subsequent NMC caution he received was considered unduly lenient by the Council for the Regulation of Healthcare Professionals (CRHP), which went to the High Court seeking a new hearing and harsher punishment. http://www.theregister.co.uk/content/6/36725.html - - - - - - - - - - Netsky tops virus charts by a country mile The Netsky worm beat off a strong challenge from various Bagle virus variants to top the malware charts last month. Message filtering firm MessageLabs blocked more than four million Netsky-infected emails in March. Netsky-C (2 million plus interceptions over the last four weeks) and Netsky-B (1.2 million). The other entrants in MessageLabs' Top 10 were insignificant by comparison. Bagle-J was the worst of the numerous Bagle variants released by VXers this month in a tit- for-tat conflict with the unknown authors of Netsky. http://www.theregister.co.uk/content/56/36740.html Competing authors pump up virus statistics Although NetSky was the more prolific worm last month, Bagle variants were not far behind, according to Sophos. NetSky variants accounted for 60 percent of all viruses reported in March, making it the most prolific worm in the month, according to a report released on Wednesday by security software vendor Sophos. http://news.zdnet.co.uk/internet/security/0,39020375,39150643,00.htm - - - - - - - - - - EU orders legislation on spam, cookies The European Union ordered eight countries Thursday to enact privacy legislation governing "spam" e-mail and Internet "cookies." It was the second warning sent to the countries, which have two months to comply or face lawsuits before the European Court of Justice. http://www.usatoday.com/tech/news/internetprivacy/2004-04-01-eu-outlaws-spam_x.htm UK firms warn of increasing spam burden http://news.zdnet.co.uk/internet/security/0,39020375,39150653,00.htm http://www.cnn.com/2004/TECH/internet/04/01/eu.spam.ap/index.html - - - - - - - - - - UK probes 'too good to be true' Internet offers An international trawl for the bottom-feeders of the Internet has dredged up 176 UK websites making claims that are "too good to be true", the Office of Fair Trading (OFT) reports. While this will come as no surprise to battle-hardened scam-spotters such as El Reg, the OFT is to be applauded for its efforts to expose these charlatans before some fool and his money are well and truly parted. The sweep was carried out by the OFT and 30 local trading standards departments as part of a 31-country International Consumer Protection and Enforcement Network initiative. http://www.theregister.co.uk/content/6/36736.html http://www.vnunet.com/News/1154005 - - - - - - - - - - Lawmakers Push Prison For Online Pirates People who illegally trade large amounts of copyrighted music online could face up to three years in jail under a bill approved today by a congressional panel. A House Judiciary subcommittee unanimously approved the "Piracy Deterrence and Education Act of 2004," which would be the first law to punish Internet music pirates with jail time if it were signed into law. http://www.washingtonpost.com/wp-dyn/articles/A40145-2004Mar31.html Feds Crank Up Heat on P2P http://www.wired.com/news/digiwood/0,1412,62895,00.html - - - - - - - - - - Foreign fraud hits U.S. e-commerce firms hard Selling stuff online? Beware orders from Yugoslavia, Nigeria, Romania, Pakistan and Indonesia. A study released Thursday claims that more than 40 percent of all credit card fraud suffered by U.S. companies online is committed by overseas crooks, with orders from those five countries the most likely to be cons. http://msnbc.msn.com/id/4648378/ - - - - - - - - - - Industrial control systems seen as 'undeniably vulnerable' The Department of Homeland Security and the private sector still haven't developed a comprehensive strategy for securing the real-time control systems that manage much of the nation's critical infrastructure, according to the chairman of a House subcommittee studying the issue. In a hearing yesterday on the security of Supervisory Control and Data Acquisition systems, which are used to manage infrastructure such as the electric power grid and oil and gas pipelines, Rep. Adam Putnam (R-Fla.) said the lack of a national strategy to deal with SCADA system security makes the nation "undeniably vulnerable" to cyberterrorism. http://computerworld.com/securitytopics/security/story/0,10801,91790,00.html - - - - - - - - - - Experts downplay 'spim' threat Spam that targets instant-messaging users is on the rise, but analysts say the problem won't be as disruptive as unsolicited e-mail. As spammers face legal action from the Can-Spam Act, they are expected to turn their efforts to sending unwanted messages via instant messaging, a technology that allows users to send messages to each other over the Internet in real time. http://zdnet.com.com/2100-1104_2-5183549.html - - - - - - - - - - Air Force conducts network-defense exercise Air Force officials finished a two-week computer network-defense exercise March 26, which validated and strengthened the Air Forces ability to defend its network against a wide range of attacks. About 200 people at network operations security centers and associated network control centers Air Force- wide experienced and overcame various tactical situations as part of Black Demon, the largest exercise of its kind within the Department of Defense. http://www.af.mil/news/story.asp?storyID=123007364 - - - - - - - - - - More police needed to tackle e-crime Improved enforcement of existing laws rather than more regulations should be a government priority in the fight against crime on the Net. The London Internet Exchange's (LINX) call for greater police resources in the fight against cybercrime comes as MPs prepare to hold an inquiry on whether Britains key computer crime law - the Computer Misuse Act 1990 - needs updating. The government is shortly due to publish its Framework Strategy for e-crime. http://www.theregister.co.uk/content/55/36739.html - - - - - - - - - - A Cybersecurity Role for Uncle Sam? The nation's top software companies today conceded that new government regulations may be needed to strengthen the nation's vital computer networks from online attack, a shift away from their traditional stance against regulation. But critics of the plan said it still falls far short of the aggressive action needed to protect the nation's information infrastructure from attacks by terrorists and online criminals. http://www.washingtonpost.com/wp-dyn/articles/A42846-2004Apr1.html http://www.usatoday.com/tech/news/computersecurity/2004-04-01-cybersecurity-wanted_x.htm http://www.fcw.com/fcw/articles/2004/0329/web-task-04-01-04.asp http://www.gcn.com/vol1_no1/daily-updates/25468-1.html http://www.cnn.com/2004/TECH/internet/04/01/cybersecurity.ap/index.html - - - - - - - - - - NIST releases new drafts of IT security documents The National Institute of Standards and Technology has published a pair of draft IT security documents for public comment. The documents, Special Publication 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories, and Special Publication 800-67, Recommendation for the Triple Data Encryption Algorithm Block Cipher, are available online at csrc.nist.gov/publications/drafts.html. http://www.gcn.com/vol1_no1/daily-updates/25469-1.html http://www.fcw.com/fcw/articles/2004/0329/web-nist-04-01-04.asp - - - - - - - - - - Gates e-mails security missive to customers Microsoft Corp. Chairman and Chief Software A rchitect Bill Gates reached out to his company's customers today in an e-mail detailing the company's efforts to secure its software products. In the message, Gates called computer security "as big and important a challenge as any our industry has ever tackled" and said Microsoft is making "significant progress on the security front." http://computerworld.com/securitytopics/security/story/0,10801,91801,00.html http://www.theregister.co.uk/content/55/36737.html Programmers told to put security over creativity http://zdnet.com.com/2100-1105_2-5183634.html - - - - - - - - - - Jamaica gov cleans up MS act Microsoft is close to signing a licensing deal with the Jamaican government, which should bring rampant piracy in the public sector under control. Up to 50 per cent of Microsoft software used by the Jamaican government is unlicensed, according to a "highly placed source" of the Jamaican Observer. Private sector softare piracy in the country is even higher, running at 70 per cent, the Business Software Alliance estimates. http://www.theregister.co.uk/content/53/36721.html Ukrainian government to shift state institutions to legal software March 24, 2004, inured the Order for Software Use in Executive Authorities, approved by the resolution of the Cabinet of Ministers of Ukraine, September 10, 2003, No #1433, enured. Under this Order, executive authorities should purchase exclusively licensed software or use freeware programs, press service of the State Committee of Intellectual Property informed. All licensed copies must be provided with documents that prove legality of their use according to license or proving its belonging to freeware. http://www.crime-research.org/news/01.04.2004/167 - - - - - - - - - - Bug hunters go open source A project to catalogue and describe security vulnerabilities, derived from the ideals of the open source movement, opened to the public yesterday (March 31). The Open Source Vulnerability Database (OSVDB) aims to plug what it sees a gap in information security market. http://www.theregister.co.uk/content/55/36741.html - - - - - - - - - - UK.biz largely indifferent to spam tsunami Just one in ten UK organisations consider spam a major issue, and a full third report the spam tsunami is having little or no impact on their business. Accordingly, the use of anti-spam filtering technology still the exception rather than the rule. http://www.theregister.co.uk/content/55/36729.html - - - - - - - - - - Korean RIAA nobbles Samsung music phone The Korean equivalent of the RIAA has forced Samsung to downgrade the MP3 playback quality of a new media phone. Korea's Association of Phonogram Producers had wanted Samsung to release its MP3 Anycall flip phone with music playback disabled for all but DRM-encumbered music, reports the Korean Herald. A compromise was where the MP3 would play shareable music, but at reduced quality. But it isn't clear if the launch will go ahead. The record label lobby group had threatened to withdraw content from carriers. http://www.theregister.co.uk/content/64/36715.html Florida Court Sends RIAA Away http://www.wired.com/news/digiwood/0,1412,62915,00.html Canadian Court Deals Blow to Music Industry http://www.newsfactor.com/story.xhtml?story_title=Canadian_Court_Deals_Blow_to_Music_Industry&story_id=23595 - - - - - - - - - - Triple setback for music giants' global jihad The music industry's war on file swapping has suffered major three setbacks in recent weeks, and today's rebuff by a Canadian federal court is only the latest tactical defeat. We're now seeing indications that not only are the legal threats not working, but neither are the carrots of "legitimate" music download services, which even after a year of hype, comprise less than half of one per cent of the "illegal" P2P downloads every day. http://www.theregister.co.uk/content/6/36712.html - - - - - - - - - - Microsoft patches win industry trust Security professionals say Microsoft's Trustworthy Computing initiative may finally be improving their lives because the latest patches and fixes being distributed by Redmond rarely break other applications. Just over two years ago, Bill Gates fundamentally changed the way Microsoft approached software development by making security the highest priority. The company has spent millions of dollars to train staff in privacy concerns and secure programming, while building new tools and processes to help create reliable software. http://zdnet.com.com/2100-1105_2-5183110.html - - - - - - - - - - Defense Dept. to Encrypt All Wireless Communication The Defense Department will soon issue a policy to guide the use of WiFi equipment, said Ronald Jost, the department's director of wireless technology. Jost spoke yesterday in Washington at the National High Performance Computing Conference. http://www.washingtonpost.com/wp-dyn/articles/A40869-2004Mar31.html - - - - - - - - - - Tech Security Arrives as the New Big Thing Steven I. Cooper, the Department of Homeland Security's chief information officer, had just wrapped up a speech at the government technology trade show FOSE last week when they began lining up: a dozen or so eager information security company executives making on-the-fly sales pitches. http://www.washingtonpost.com/wp-dyn/articles/A40906-2004Mar31.html - - - - - - - - - - Tech heavyweights explain how to destroy the Internet A group of tech celebs gathered on Capitol Hill this week to brief Congressional aides on how Congress and the Federal Communications Commission (FCC) can, and probably will, make a complete mess of the Internet in about a year's time. http://www.theregister.co.uk/content/22/36744.html - - - - - - - - - - Consolidation in the name of network security Your mom always told you that there was safety in numbers. But then again, your mom wasn't managing a Fortune 1,000 data center. In this age of constant, high-risk security threats, many IT managers have found that more data infrastructure means more complexity and the potential for more attacks on their networks. That's why IT managers today are putting mom's old adage to the test and are consolidating their data center infrastructures in the name of network security. http://computerworld.com/securitytopics/security/story/0,10801,91630,00.html - - - - - - - - - - "Reality Mining" the Organization Data mining is a start, but it misses the critical pieces of information that are transmitted by word of Who are the experts within your organization? Who has the most decision-making influence? Recently, managers have started mining data from e-mail, Web pages, and other digital media for clues that will help answer such questions. http://www.technologyreview.com/articles/wo_pentland033104.asp - - - - - - - - - - Delta begins second RFID bag tag test Delta Air Lines Inc. starts its second test of radio frequency identification (RFID) technology to track bags today in hopes of improving accuracy over the 96.7% to 99.9% it achieved in a test last year. Pat Rary, manager for baggage planning and development at Delta, said the Atlanta-based company plans to test every bag checked in on its Jacksonville, Fla. -Atlanta route during the 30-day test. http://computerworld.com/mobiletopics/mobile/technology/story/0,10801,91826,00.html TSA eyes RFID boarding passes to track airline passengers http://computerworld.com/securitytopics/security/story/0,10801,91830,00.html - - - - - - - - - - China jails woman over Net criticism of government A woman who posted an article on the Internet criticizing the way China's government handles public complaints has been sentenced to 18 months in a labor camp, a human rights group said Thursday. Ma Yalian used several Chinese legal affairs Web sites to post the article documenting her fruitless efforts to petition over the destruction of her Shanghai home, New York-based Human Rights in China, or HRIC, said in a statement. http://www.usatoday.com/tech/world/2004-04-01-china-net-jail_x.htm - - - - - - - - - - Suicide captured on videotape turns up on porn site A man's suicide in the lobby of a public housing building videotaped by a closed-circuit camera turned up on a pornographic Web site. Police were trying to track down how the video was acquired, and the Internal Affairs Bureau was focusing on officers who monitor housing project cameras. http://www.usatoday.com/tech/news/2004-04-01-suicide-footage_x.htm - - - - - - - - - - Kern County Website to List Sex Offenders Kern County will have a website listing high-risk sex offenders, said the Bakersfield Police and Kern County Sheriff's departments. Until now, residents had to visit the Sheriff's Department for information on offenders in the county. Limited information on high-risk offenders in Bakersfield was available at the Police Department's website. (LA Times article, free registration required) http://www.latimes.com/technology/la-me-sbriefs1.11apr01,1,511702.story *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.