NewsBits for July 16, 2004 ************************************************************ New York Times hacker Adrian Lamo gets home detention He was also sentenced to two years probation and fined more than $64,900. Adrian Lamo, who gained a reputation as the "homeless hacker" for his itinerant lifestyle, will be considerably easier to find -- at least for the next few months. Lamo was sentenced yesterday to six months of home confinement after pleading guilty in January to charges that he broke into the internal computer network of The New York Times Co. http://computerworld.com/securitytopics/security/story/0,10801,94600,00.html - - - - - - - - - - Feds ask state to check computer servers The appearance in a state computer of files containing texts and images that apparently originated with the terrorist group al-Qaeda prompted the federal Homeland Security Department to wonder about the security of other state computers. Gary Underwood, chief security officer for the state computer network, said that after a check this week of the state's computer system's servers, it seems the terrorist-related files were an isolated incident. http://www.usatoday.com/tech/news/computersecurity/2004-07-16-arkansas-servers_x.htm - - - - - - - - - - Judge fines spammer $4m A federal judge in California has awarded Microsoft $4m (PS2.13bn) after finding that a California man and his company had sent spam, or unsolicited email, to users of its MSN and Hotmail services to get them to download a toolbar onto their computer desktops. Judge Manuel Real of the US Central District Court of California found that Daniel Khoshnood and Pointcom had violated several laws against using deceptive email and web addresses, ordering the defendants to pay damages, attorneys fees and cease any activity that purports to be official communication from Microsoft. http://news.zdnet.co.uk/business/legal/0,39020651,39160838,00.htm http://www.theregister.co.uk/2004/07/16/ms_spam_case_win/ - - - - - - - - - - Cops Say Online Betting Site Offered Cash Or Sex An enterprising bookmaker offered sports bettors in four states the choice of collecting their winnings in sex or cash, police said. Online bookie Salvatore Teodoro used prostitutes to deliver to clients, who could take the money or various combinations of sex and cash, according to authorities. The arrangements were made public Thursday as police charged Teodoro with promoting gambling, prostitution and underage prostitution. Teodoro, 46, a convicted thief who managed a Web site for sports betting, also was accused of kidnapping and other charges after police said he tied up a police informant and threatened to shoot him and break his legs with a bat. http://www.wnbc.com/news/3536718/detail.html - - - - - - - - - - Conn. Man Facing Charges Of Sex With Boy An Enfield man has been charged with having sex with a 15-year-old Trumbull boy he met on the Internet. Michael Mongeau, 30, who faces similar allegations in an Enfield case, was arrested Thursday on charges of second-degree sexual assault, enticing a minor by computer and risk of injury to a minor. Mongeau had surrendered Tuesday to state police in Litchfield after being told there was a warrant for his arrest in Enfield for second-degree sexual assault, enticing a minor by computer, risk of injury to a minor and delivery of alcohol to a minor. http://www.wnbc.com/news/3536941/detail.html - - - - - - - - - - S.J. caregiver for kids arrested in child porn case A San Jose caregiver for mentally disabled children was arrested Thursday after authorities allegedly discovered him with child pornography. Billy Lynn Cline, 44, was taken into custody on suspicion of buying and possessing child pornography with the intent to distribute after a two-year joint investigation by the U.S. Postal Inspection Office and the Sexual Assault Felony Enforcement task force. http://www.mercurynews.com/mld/mercurynews/news/local/9171495.htm - - - - - - - - - - Oxford Uni hacks-to-hackers land in hot water Two Oxford University student hacks who turned hackers to expose IT security shortcomings at the University face possible suspension for their efforts. First-year students Patrick Foster and Roger Waite could be fined PS500 or suspended by University authorities after they broke into University systems and published an account of their findings in the Oxford Student paper. Foster, a former deputy editor of the paper, told the BBC that they were able to easily access sensitive systems containing details of the email passwords of their fellow students and more. http://www.theregister.co.uk/2004/07/16/oxford_uni_hackers/ - - - - - - - - - - Charges against Amsterdam '419ers' dismissed The Dutch Department of Justice yesterday suffered bitter defeat in a court case against thirteen West African men, who allegedly sent thousands of 419 or advance fraud fee letters through the Amsterdam cable network of UPC. The court ruled that there wasn't enough evidence to link the suspects individually to the scams. http://www.theregister.co.uk/2004/07/16/amsterdam_419_charges/ - - - - - - - - - - Latest Bagle worm 'certainly successful' The mass-mailing computer virus, dubbed Bagle.AF pens a path for intruders to relay bulk email messages through the infected computer and attempts to contact one of almost 150 compromised German websites to let the attackers known of their latest conquest. http://software.silicon.com/malware/0,3800003100,39122319,00.htm Latest Bagle succeeds by sheer numbers http://zdnet.com.com/2100-1105-5271930.html Bagle copycat builds Zombie attack network http://www.theregister.co.uk/2004/07/16/copycat_bagle_worm/ New Bagle released but Netsky tops the malware charts http://news.zdnet.co.uk/internet/security/0,39020375,39160826,00.htm - - - - - - - - - - BitDefender sees Al-Qaeda link in new Atak worm The 'smart' worm that sleeps when scanned has sprouted a variant that appears to be written by someone claiming links to Al-Qaeda, according to antivirus firm BitDefender. A second variant of the Atak worm, which goes to sleep to avoid detection by antivirus software, has been linked to an Al-Qaeda sympathiser who once threatened to release a powerful worm if the US attacked Iraq. http://news.zdnet.co.uk/internet/0,39020369,39160707,00.htm http://zdnet.com.com/2100-1105-5272328.html - - - - - - - - - - First virus for Windows CE surfaces A virus that infects Windows CE has been developed-- the first such bug discovered for the handheld operating system, according to one firm. BitDefender, based in Romania, stated that it has discovered a "proof of concept" virus for Microsoft's operating system for smart phones and other handhelds. The malicious code's author, who uses the pseudonym Ratter, is part of the 29A VX group that created a virus for the Symbian OS. http://zdnet.com.com/2100-1105_2-5273168.html - - - - - - - - - - Source code shop shut down The online shop where hackers were offering Enterasys and Napster source code for sale has closed its doors. The site, which called itself the Source Code Club, opened on Monday but shut up virtual shop late on Wednesday because of its customers' fears. It also said it would reopen in the "near future" when it had found the right business model. A statement on the site read: "We regret to inform that SCC has temporarily suspended operations. Our business model is currently being re-designed to alleviate some of the initial fears our customers faced." http://zdnet.com.com/2100-1105_2-5272515.html - - - - - - - - - - US nuclear lab suspends secret work Classified work at a key US nuclear weapons research lab has been suspended after sensitive data was reported missing. The unprecedented stand-down at Los Alamos National Laboratory, New Mexico, began at noon yesterday after two important storage devices went unaccounted for during a 7 July inventory check. Officials refused to say what was on the Weapons Physics Directorate discs, citing national security concerns. The shut down will allow the intensification of a search, already into its eighth day. http://www.theregister.co.uk/2004/07/16/los_alamos_flap/ Los Alamos lab again missing computer disks with classified data http://computerworld.com/securitytopics/security/story/0,10801,94586,00.html - - - - - - - - - - GAO reports laundry list of DHS shortcomings The Homeland Security Departments failure to implement a long list of recommendations for improving its operations and management has left security vulnerabilities in the nations borders and infrastructure, the Government Accountability Office said. The troubled Computer Assisted Passenger Prescreening System II was the target of seven recommendations concerning the systems development, oversight and IT security. http://www.gcn.com/vol1_no1/daily-updates/26636-1.html - - - - - - - - - - Olympics on guard against hackers, worms and Trojan horses Everyone is on the lookout for Olympic infiltrators. Greek police get no vacation this August. The military has warships and anti-terrorist commandos primed. NATO will offer surveillance planes. Washington has sent over radiation scanners. Another security front line is quietly watched over by a French executive armed with only a clipboard and flow charts. His foes include distant hackers, invisible computer viruses, code- burrowing worms and the Trojan horses of the cyber age. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9172029.htm - - - - - - - - - - Russian piracy inflicts $1 billion damage As it is well-known, a problem of intellectual property rights protection is the sticking point between Russia and the US. This pointed question was discussed in the frames of Russia entrance to the WTO. However, US Assistant Secretary of Commerce William Lash, made sure himself of the efficiency of Russian law enforcement actions in this sphere. In answer to assurance of Russian Ministry of Economic Development and Trade Deputy Minister Andrey Sharonov and head of the Federal Service for Intellectual Property, Patents and Trademarks Boris Simonov that Russian authorities go the extra mile to fight fake production, the US official demonstrated some purchases. http://www.crime-research.org/news/16.07.2004/495/ - - - - - - - - - - Problems of Combating Computer Crimes and Cyber Terrorism New opportunities offered by the Internet transformed many legal forms of activity and through cutting down terms, simplified procedures of arranging deals and reduced distance between contracting parties, while increasing attendant costs. http://www.crime-research.org/news/16.07.2004/494/ - - - - - - - - - - Police 'misusing national computer' The failure of police to retain and pass on data amounts to 'misconduct', says the deputy chair of the police complaints commission. Misuse of the Police National Computer (PNC) by officers is undermining public confidence in the police's ability to handle data, according to the deputy chair of the police complaints commission. Speaking on 15 July, 2004, John Wadham said that the failure to retain and pass on data is a "misconduct" issue for police, as much as the misuse of PNC data which has been a "consistent problem" over the last 20 years. http://news.zdnet.co.uk/business/legal/0,39020651,39160706,00.htm - - - - - - - - - - Ohio stops three counties from switching to e-voting Three counties that were considering electronic voting machines made by Ohio-based Diebold Inc. cannot switch by November because tests have shown security problems, Secretary of State Kenneth Blackwell said Friday. Hardin, Lorain and Trumbull counties will stick with their current systems, Blackwell spokesman Carlo LoParo said. Mercer County decided earlier this week to stick with its current system -- punch-card ballots. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9174112.htm ITAA fires back at e-voting critics http://computerworld.com/governmenttopics/government/story/0,10801,94584,00.html - - - - - - - - - - Worried firms consider email boycott Six out of 10 companies claim they will give up email if the threat posed by viruses, spam and other unwanted content is not contained and a viable alternative emerges. Responding to an email security survey carried out by MessageLabs a further 40 per cent said they feel 'worried' by the current email security threat to their business, with only 29 per cent feeling 'optimistic'. http://www.vnunet.com/news/1156684 - - - - - - - - - - Metasploit Framework (Part Two) In the first part of this article series, we discussed how development of an exploit is still a painful and time-consuming process. We discussed the common hindrances faced during the development of exploits and how the Metasploit Framework acts as the singular solution to these problems. After getting a hands-on with the concepts of exploitation and exploit framework we now move further and shed light on the internals of the Metasploit Framework. http://www.securityfocus.com/infocus/1790 - - - - - - - - - - Find 'Missing' clues on Web sites, e-mail Cryptic clues given online and on the CD-ROM will help players solve the mystery that develops in "Missing: Since January." "Missing: Since January" is a fresh adventure that uses the Internet and e-mail to make some of its game play more realistic and intriguing. http://www.cnn.com/2004/TECH/fun.games/07/16/review.missing/index.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.