NewsBits for July 26, 2004 ************************************************************ Mydoom.O hammering search engines Antivirus software companies are warning e-mail users about a new version of the Mydoom e-mail worm, dubbed Mydoom.O, which is spreading on the Internet and causing slowdowns at search engines, including those run by Lycos Inc. and Google Inc. Leading antivirus software companies issued alerts for Mydoom.O, which was first detected today and arrives in e-mail message attachments that, when opened, install the virus and create a back door that remote attackers can use to access infected machines. http://computerworld.com/securitytopics/security/virus/story/0,10801,94801,00.html http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9248559.htm http://www.newsfactor.com/story.xhtml?story_title=MyDoom-Temporarily-Takes-Out-Google&story_id=26028 http://www.msnbc.msn.com/id/5518331/ http://www.cnn.com/2004/TECH/internet/07/26/google.down/index.html http://www.usatoday.com/tech/news/2004-07-26-google-slowdown_x.htm http://www.theregister.co.uk/2004/07/26/google_mydoom_infection/ http://news.zdnet.co.uk/0,39020330,39161678,00.htm http://zdnet.com.com/2100-1105_2-5283940.html http://news.com.com/MyDoom+variant+slams+mailboxes%2C+search+engines/2100-7349_3-5283940.html - - - - - - - - - - Virus purporting Bin Laden suicide hits Web A virus purporting to show images of Osama Bin Laden's suicide popped up on the Internet on Friday, designed to entice recipients to open a file that unleashes malicious software code, security experts said. The virus was attached to a message that was posted on more than 30,000 usenet newsgroups and is not being spread via e-mail, said Web security vendor Sophos PLC. http://computerworld.com/securitytopics/security/story/0,10801,94796,00.html Schwarzenegger virus terminated Virus writers have moved on from using Osama bin Laden's "suicide" as a lure to trying the same trick with Arnold Schwarzenegger. Last Friday VXers seeded multiple Usenet groups with messages saying Osama bin had killed himself, pointing users towards "photographs" illustrating the momentous news. In reality these images offered only the Hackarmy Trojan. The Trojan has been around for some months and the Usenet trick gives the aging malware a second lease of life. http://www.theregister.co.uk/2004/07/26/arnie_trojan/ From Robert Morris through Osama Bin Laden http://www.crime-research.org/news/26.07.2004/521/ - - - - - - - - - - Energy stops classified work using disks, other media Secretary of Energy Spencer Abraham has ordered a halt to all Department of Energy operations using controlled removable electronic media (CREM), including classified hard drives and computer disks, in order to improve security procedures to protect such media. The order, effective today, comes two weeks after officials at Los Alamos National Laboratory discovered that two computer disks containing classified information were missing. All classified operations as well as regular work activities at the lab in Los Alamos, N.M., have been suspended, according to information posted on the lab's Web site. http://computerworld.com/securitytopics/security/story/0,10801,94804,00.html - - - - - - - - - - Court upholds sentence for child porn convict The Idaho Court of Appeals has upheld the 30-year minimum prison sentence for a Burley man for taking pornographic pictures of young girls and trading them on the Internet. http://www.journalnet.com/articles/2004/07/09/news/local/news15.txt - - - - - - - - - - Waianae man sentenced to month in jail for Internet crime A Waianae man was sentenced to one month in jail and five years on probation for using the Internet to try and arrange a sexual encounter with a minor. Ciro Kamai, who's 31, pleaded guilty in May to electronic enticement of a minor. He was arrested in November when he went to Ala Moana Center to meet who he thought was a 13-year-old girl with whom he had been exchanging e-mail. Kamai had been communicating with a law enforcement officer posing as a minor. http://www.kpua.net/news.php?id=2723 - - - - - - - - - - Ex-prof gets probation in child porn case A distinguished chemistry professor at the University of North Texas has been sentenced to six years' probation for possession of child pornography, which was found on his work computer. Alan Philip Marchand, 64, who retired shortly after his arrest in October, pleaded guilty to four counts of possession of child pornography Thursday in a Denton courtroom just days before his trial was to begin. Marchand faced up to 10 years in prison on each count. http://www.dfw.com/mld/dfw/news/state/9248776.htm? - - - - - - - - - - Dad's child porn shame AN internet pervert who downloaded more than 900 images of child pornography has been referred by magistrates to the crown court for sentence. Ian Crossley, a 36- year-old married father, from Heywood, near Rochdale, admitted 16 specimen counts of possessing indecent images. Manchester magistrates decided their powers of punishment were insufficient. They referred Crossley to the crown court where he will appear next month. The court was told that police raided Crossley's home in August last year and removed his computer, 17 CDs and a floppy disc from the dining room for inspection. http://www.manchesteronline.co.uk/news/s/124/124938_dads_child_porn_shame.html - - - - - - - - - - Man Charged With Lewd Behavior A Bradenton man who met a 15-year-old Lakeland girl in an Internet chat room was arrested after he fondled her when they met in person for the first time Saturday, the Polk County Sheriff's Office said. Eric John Hackley, 28, who was charged with committing lewd and lascivious behavior, met the girl in a chat room in June. He e-mailed naked photographs of himself to her and they arranged to meet Saturday in Lakeland, an arrest report said. http://www.theledger.com/apps/pbcs.dll/article?AID=/20040720/NEWS/407200386/0/FRONTPAGE - - - - - - - - - - Georgia tip leads to Indiana child porn charges A South Bend man is facing child pornography charges after a Georgia woman he was chatting online with turned him in for performing lewd acts with a child in front of a web camera. State police say the woman alerted Gilmer County Sheriff's deputies, who went to her home while she was chatting with 25-year-old John Kulwicki. Police in Georgia immediately contacted Indiana authorities. Police say they searched Kulwicki's home and found 61 images involving toddlers and infants. http://www.wane.com/Global/story.asp?S=2091518 - - - - - - - - - - Camp counselor linked to child porn A 22-year-old Massachusetts man working as a camp counselor at an area boys camp will be arraigned today on charges of having child pornography on his computer. Matthew Elansky, of Jamaica Plain, Mass., was arrested on a warrant Friday at the camp. The Massachusetts attorney general's office, which issued the warrant, would not reveal the name or location of the camp except to say that it serves boys ages 8 to 15 years old. http://www.boston.com/news/local/maine/articles/2004/07/26/camp_counselor_linked_to_child_porn/ - - - - - - - - - - Man Arrested in Child Porn Case Police say a simple computer repair, turned into the largest child pornography bust in Richland County. David Allan Smith is facing 80 felony sex charges after police say hundreds of child porn images were downloaded onto his computer. The images are of children under the age of 10 engaged in a sexual act. A computer technician discovered the downloaded porn when Smith brought his computer in for repairs. "I wanted to kill him, I wanted to kill him," said Cory Pierce the owner of Alpha Computers and a father of five. Smith admitted to downloading the images, but told detectives he didn't think it was illegal. http://www.10tv.com/Global/story.asp?S=2078839 - - - - - - - - - - JUDGE: IT'S THE WORST CHILD PORN CASE I'VE DEALT WITH A Voluntary worker involved in the care of inmates at a young offenders' institution has been jailed after police found thousands of pornographic images of children on his home computer. Stafford Crown Court heard that John Firth had downloaded thousands of images of boys and girls being raped and tortured by adults and had 15 films showing similar material. http://www.thesentinel.co.uk/displayNode.jsp?command=newPage&nodeId=158314&contentPK=10648146 - - - - - - - - - - Lab Owner Faces Child Porn Charges The owner of a dental laboratory in Lakeland was charged with possession of child pornography Wednesday, the Polk County Sheriff's Office reported. Jeffrey Blanchard, 41, was arrested Wednesday at 1 p.m. at Blanchard Dental Laboratory on U.S. 98 in South Lakeland, sheriff's officials said. He was charged with 24 counts of possession of photographs of a sexual performance, a third-degree felony, according to an arrest warrant. Late Wednesday, Blanchard remained in the Polk County Jail on $24,000 bail. Investigators had received a tip that Blanchard was downloading child pornography on his computer, detectives said. http://www.theledger.com/apps/pbcs.dll/article?AID=/20040722/NEWS/407220443/0/FRONTPAGE - - - - - - - - - - Serial rapist-paedophile placed videos of his rapes on the Net The investigation is almost finished and the case is now being prepared to be brought to the court involving a 36-year old rapist called "Pulya" (rus. Bullet). Bullet is charged with 13 counts of raping under age girls, Russian police reported. He has been committing crimes since April 2001 through October 2003. He took girls to solitary places, raped them in the car holding the switched- on video camera, then gave cassettes to the owner of a local porn studio to be subsequently distributed on the Internet. http://www.crime-research.org/news/26.07.2004/520/ - - - - - - - - - - Judge protects defendant's Web site A federal judge has said a criminal defendant charged with possessing 1,000 kilograms of marijuana can keep his Web site. Federal prosecutors wanted U.S. District Judge Myron Thompson to order defendant Leon Carmichael to delete CarmichaelCase.com, which asks for information about informants the government allegedly used in the case. In a pair of rulings last week, Thompson said that the prosecution's request amounted to unconstitutional prior restraint in violation of the First Amendment. The Web site is not a threat or harassment, Thompson said, and "the government has not made its case that the protective order it seeks is warranted." http://zdnet.com.com/2110-1104_2-5284168.html - - - - - - - - - - 2004: A dreadful half-year for malware The last six months have seen a big surge in the amount of viruses, worms, Trojans and spyware applications threatening the Internet community. Figures released by McAfee on Monday shone a light on the increasing number of security threats faced by businesses and individual Web users. So far this year, 31 viruses have been classed as a medium risk or higher, compared to 20 in the whole of 2003. http://news.zdnet.co.uk/internet/security/0,39020375,39161677,00.htm - - - - - - - - - - Renewed efforts fail to stem tide of fraud In spite of stringent and determined efforts by government bodies and banks to stamp out fraud, the number of cases in the UK has increased over the past year, according to a report released today. Consultancy firm KPMG revealed in its Forensic Fraud Barometer report that there were 69 major fraud cases brought before the courts in the first half of 2004, compared with 63 in the last six months (2H) of 2003. http://www.vnunet.com/news/1156871 - - - - - - - - - - Advocates say electronic records boost data privacy When he announced the Department of Health and Human Services' 10-year plan to create a national health information infrastructure, HHS Secretary Tommy Thompson claimed that the use of electronic health records can protect the privacy of patient data better than paper files can. Thompson's claim was seconded last week by Dr. Brent James, vice president of research at EHR user Intermountain Health Care Inc. in Salt Lake City. http://computerworld.com/securitytopics/security/privacy/story/0,10801,94753,00.html - - - - - - - - - - Security at your fingertips Employees in at least one Defense Department office no longer have to remember passwords or personal identification numbers. DOD's Office of the Assistant Secretary of Defense for Networks and Information Integration is about one year into a pilot program that lets about 1,300 users sign on to their computers and access applications with a fingerprint authentication system. http://www.fcw.com/fcw/articles/2004/0726/web-dod-07-26-04.asp - - - - - - - - - - Vegas braces for DEFCON The bill has been finalised for DEFCON, the largest hacker gathering in the world, which kicks off this weekend. In between frightening the locals, strong- arming the one-arm bandits and defacing each other's websites conference delegates can look forward to an interesting array of talks. http://www.theregister.com/2004/07/26/defcon_preview/ - - - - - - - - - - eEye lifts the lid on endpoint security product EEye Digital Security Inc. announced a new endpoint security product today that it says will help organizations stop attacks launched from the Internet that use previously unknown, or "zero-day," software vulnerabilities. The Aliso Viejo, Calif.-based company unveiled Blink, an intrusion-prevention software (IPS) client with vulnerability scanning as well as network- and host-based firewall features. http://computerworld.com/securitytopics/security/story/0,10801,94797,00.html - - - - - - - - - - Software makers forced to issue their own fixes As a vice president at security software leader Symantec Corp., Matthew Moynahan applauds Microsoft's effort to make its Windows operating system safer from attack. But Moynahan is not so excited about the flood of help-desk calls almost certain to come when Microsoft releases a comprehensive security overhaul of Windows XP next month. His company's Norton Antivirus software runs on about 100 million desktop computers. http://www.signonsandiego.com/news/computing/personaltech/20040726-9999-mz1b26looms.html - - - - - - - - - - Microsoft's Scott Charney discusses Trustworthy Computing As Microsoft Corp.'s chief Trustworthy Computing strategist, Scott Charney can escalate his concerns directly to the senior leadership team headed by Bill Gates and Steve Ballmer. Charney, a former government prosecutor, also spearheads the company's Security Strategies Group, which works to advance the cause of secure products and services. During a recent visit to Boston, Charney met with Computerworld's Carol Sliwa and Robert L. Mitchell to talk about how Microsoft does security. http://computerworld.com/securitytopics/security/story/0,10801,94736,00.html Sidebar: Microsoft's Scott Charney Describes His Challenges http://computerworld.com/securitytopics/security/story/0,10801,94742,00.html - - - - - - - - - - A Promise Falls in the Forest A federal court recently ruled that website privacy policies aren't binding, because nobody reads them. The implications are far reaching for contract law and the Internet. A decision by a federal court in Minnesota may have profound repercussions for the ability of consumers and others to rely upon promises of security and privacy made on corporate or governmental websites -- and that's just for starters. http://www.securityfocus.com/columnists/257 - - - - - - - - - - Should Your ISP Block Child Pornography Websites? British Telecom (BT), the largest telecom operator in the UK, announced on Tuesday that it is using software to block visits to websites that contain child pornography. The software called Clean Feed, blocks access to illegal websites that are listed by the Internet Watch Foundation . Clean Feed prevents BTs 2.5 million Internet customers from viewing child pornography websites. http://www.crime-research.org/news/26.07.2004/508/ - - - - - - - - - - Wireless Attacks and Penetration Testing (part 3 of 3) In the previous two installments of this series, I've discussed the types of attacks your wireless network is subject to see and some techniques you can use to pen-test your WLAN. In this final part, I'll look at ways to mitigate the risks I've outlined in the previous parts of the article and spend a bit of time looking at some proposed solutions currently in front of the IETF. http://www.securityfocus.com/infocus/1792 - - - - - - - - - - Researchers aim to simplify debugging process Computer bugs, or errors in software, can mess up just about anything: They've been blamed for missing homework, blackouts, prison breaks and even the loss of multimillion-dollar space probes. They can be costly to the economy almost $60 billion a year, a 2002 federal study estimates. http://www.usatoday.com/tech/news/2004-07-26-whyline-debug_x.htm *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.