NewsBits for September 14, 2004 ************************************************************ Computer tech pleads guilty to enabling $50 million ID theft A computer technician who prosecutors said made possible the largest identity theft in U.S. history, surpassing $50 million, pleaded guilty Tuesday to conspiracy in a scheme that poached personal information from tens of thousands of people. Philip A. Cummings, 35, said he did not realize that his accomplices would do so much damage with the information he sold. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9661767.htm http://www.msnbc.msn.com/id/6001526/ http://www.wnbc.com/money/3729246/detail.html Your ID's been stolen. Now what? http://www.msnbc.com/modules/interactive.asp?id=/d/ip/IDTheft_Bcol_022803/data.js&navid=3032117&cp1=1 - - - - - - - - - - German MS counterfeiters sent to jail A German software pirate has been handed a three-year jail sentence for copyright infringement and selling counterfeit MS software after a trial lasting 18 weeks. The new jail time, handed down by the Stuttgart criminal court, is in addition to 10 months the defendant Dieter Rimmele has spent inside since his arrest. http://www.theregister.co.uk/2004/09/14/german_software_pirate_jailed/ http://computerworld.com/governmenttopics/government/legalissues/story/0,10801,95908,00.html - - - - - - - - - - Former LAPD photographer pleads guilty for secretly taping teen The former chief photographer for the Police Department pleaded guilty to secretly videotaping a 13-year-old girl as she undressed for a modeling session, officials said. David Adkins, 56, who was relieved as supervisor of the department's photographic operations in March, pleaded guilty to a misdemeanor charge of lewd and disorderly conduct. He was sentenced to two years' probation and ordered not to take any photographs without the subject's permission. http://www.mercurynews.com/mld/mercurynews/news/local/9658516.htm - - - - - - - - - - Store Owner Sentenced In Child Porn Case Charles Hair, owner of the Rainbow Incense store in Tampa, was sentenced Friday to 30 years in prison for possessing child pornography and trading child porn online. Hair, 58, had more than 200 images of prepubescent children on a Yahoo.com briefcase site, said Assistant U.S. Attorney Colleen Murphy Davis. Most of the images were of boys, Davis said. Last year, Hair allowed what he thought was another computer user with interest in child porn to access his Yahoo briefcase Web site, Davis said. The user was an undercover investigator with the U.S. Postal Service in Ohio, Davis said. http://news.tbo.com/news/MGBQG4B7ZYD.html - - - - - - - - - - Neenah man faces child porn charges A Neenah man could receive a prison sentence of more than 17 years after online tipsters alerted police that he might be a source of Internet child pornography. Matthew S. Dewilde, 21, will make an initial appearance on five felony counts of possessing child pornography Wednesday in Winnebago County Circuit Court. According to the criminal complaint, state investigators asked Neenah police to serve a search warrant at Dewilde's home after the National Center for Missing and Exploited Children received tips that he was uploading sexually explicit photos of children into Internet groups. http://www.wisinfo.com/postcrescent/news/archive/local_17783467.shtml - - - - - - - - - - Antioch School Counselor Charged With Child Porn A counselor at Antioch Community High School was arrested Friday after a computer he was having serviced was discovered to contain images of child pornography. Timothy Noonan, 53, was charged with possessing child porn and released on his own signature after a bond hearing on Saturday. Noonan reportedly took a personal computer to DeKind Computer Consultants, 1490 N. Main St., in Antioch, to have some existing files backed up on computer disks. DeKind technicians notified police after finding images of children between the ages of 7 and 14 in lewd and sexual poses. Noonan told police that his computer at school was for work purposes only, but school officials have asked authorities to examine it. http://www.nbc5.com/news/3728784/detail.html - - - - - - - - - - Man arrested on child porn charges A man wanted on child pornography charges who was believed to have fled the country has been taken into custody. The man was to appear in court for a bail hearing Monday after being arrested Saturday by the child exploitation section of the Toronto police sex crimes unit. The man was believed to have been heading to Pennsylvania but was arrested when he returned to his Toronto residence. Police had searched a home in Toronto last week and discovered a quantity of child pornography. Two computers were seized by detectives. Robert Clemens, 37, of Toronto is charged with making child pornography, making available child pornography and possession of child pornography. http://www.canada.com/national/nationalpost/news/toronto/story.html?id=c3cd8acb-07e9-448c-a287-7aed5d5be73c - - - - - - - - - - Doctor on child porn charges Biju Mohan is accused of making and possessing indecent photographs of children. This is the doctor facing charges of possessing and making an indecent photograph of a minor after being arrested as part of a UK-wide crackdown on child pornography. Biju Mohan, (37), pictured after leaving Belfast Magistrates Court yesterday, was arrested after a police raid on his Glebe Road West home in Newtownabbey. The raid was linked to a Metropolitan Police investigation code-named Operation Pilsey. Operation Pilsey was set up the Metropolitan Police Clubs and Vice Unit after an explosion in the number of people viewing child pornography by using file-sharing technology which does not require the use of credit cards. The police operation is the successor to Operation Ore, which netted thousands of suspected offenders around the world. http://www.belfasttelegraph.co.uk/news/story.jsp?story=561589 - - - - - - - - - - Bail revoked for man charged with having child porn A former Douglass (Mont.) man awaiting trial on charges he possessed child pornography at his apartment last year saw his bail revoked recently after New Jersey authorities charged him with a similar crime, court documents indicate. Harvey M. Weinman, 51, formerly of the 700 block of Sweinhart Road, was taken into custody at his West Conshohocken workplace by authorities from Montgomery County and Camden County, N. J., on a fugitive warrant, according to court documents. "The only way to keep these defendants off the computer is to put them behind bars," said Stephens, explaining why prosecutors wanted Weinman's bail revoked. "If given the opportunity, these defendants will continue their criminal ways behind the computer keyboard." http://www.pottstownmercury.com/site/news.cfm?newsid=12916564&BRD=1674&PAG=461&dept_id=18041&rfi=6 - - - - - - - - - - Frisco ISD staffer arrested in child porn case Frisco police obtained an arrest warrant Friday for a Frisco school district employee accused of promoting child pornography. Police said Gary Guy Hext, 59, of Frisco had no direct contact with children and did not work in a school. He worked as a supervisor for auxiliary personnel, hiring support staff and substitutes. Police said Mr. Hext sent e-mails containing child pornography to a man who was working covertly on the Internet to detect such material. Police called the man a "good Samaritan" but did not name him. He is a member of the Christian Coalition and was searching the Internet for information "harmful to families," Frisco Sgt. Gina McFarlin said. http://www.dallasnews.com/sharedcontent/dws/news/city/collin/stories/091104dnccofrporn.58c2d.html - - - - - - - - - - Child porn raids FIVE people were being questioned last night after police carried out dawn raids on suspected paedophiles across North Wales. The men were arrested early yesterday morning when officers swooped on six properties across the region and carried out searches on homes and businesses. More arrests were expected, police said. The raids came after an intelligence dossier from the USA, linked to use of child porn websites, was handed to National Crime Squad officials who passed the information on to North Wales Police. http://icnorthwales.icnetwork.co.uk/news/regionalnews/tm_objectid=14625859&method=full&siteid=50142&headline=child-porn-raids-name_page.html - - - - - - - - - - Fired worker blew whistle on child porn A SECRETARY took revenge on a top Edinburgh accountant by exposing his large stash of child porn, a court heard. Jennifer Ferguson called in police after former boss Alan Malcolm gave her a bad reference for a job application. Officers then discovered 20,000 images of young girls stored on his laptop at his Glasgow office. Malcolm, 55, a former financial adviser to the Scottish Office, now faces jail after he admitted to hoarding the porn. http://news.scotsman.com/edinburgh.cfm?id=1057042004 - - - - - - - - - - Ukraine: Unauthorized access to police data base Officers of counterintelligence information security unit of the Counterintelligence department and their colleagues of the regional Security Service department have discovered a channel of unauthorized access to the data base of traffic police. A company made contact on maintenance of the computer network in one of the regional traffic police departments and performed works according to it. http://www.crime-research.org/news/14.09.2004/631/ - - - - - - - - - - Assistant secretary for cybersecurity proposed Two amendments to the Homeland Security Act have been proposed to raise the profile of cybersecurity within the Homeland Security Department and speed development and adoption of new technologies. The Cybersecurity Enhancement Act, HR 5068, would create an assistant secretary for cybersecurity with broad responsibility for coordinating the departments efforts in securing critical IT infrastructure. http://www.gcn.com/vol1_no1/daily-updates/27281-1.html - - - - - - - - - - Justice Department plans more labs focused on cyber crime Attorney General John Ashcroft said on Monday that the Justice Department soon will expand its capabilities for pursuing cyber crimes by broadening its forensic analysis capabilities. The department has five regional centers for such analysis in the prosecution of cyber crimes and will increase the number to 13, he said. He did not provide further details. "We recognize that proper forensic analysis of computer evidence is critical for the successful investigation and prosecution of crime," he said in a keynote address at a conference held by the High Technology Crime Investigation Association. http://www.govexec.com/dailyfed/0904/091304td1.htm - - - - - - - - - - UK gov seeks safer web for kids Home Office minister Paul Goggins said today that he wants to make Britain the safest place for kids to be, online and offline, and announced a new campaign to promote online child safety. Speaking at the Promoting Mobile and Internet Safety Conference, Goggins said that although technology offered many valuable services, it still carries many risks. He argued that organisations should work together to better understand the challenges that need to be addressed to make the internet a safer place for children. http://www.theregister.co.uk/2004/09/14/online_safety/ - - - - - - - - - - Virus writers add network sniffer to worm Virus writers have grafted a network sniffer into the latest variant of the SDBot worm series. So far there are no reports of SDBot-UH in the wild but the inclusion of selective network sniffing along with keystroke logging features and other backdoor capabilities has security researchers worried. http://www.theregister.co.uk/2004/09/14/network_sniffer_worm/ http://news.netcraft.com/archives/2004/09/13/new_worm_installs_network_traffic_sniffer.html - - - - - - - - - - Reports of Internet fraud on rise in area The Hall County Sheriff's Office has been receiving many complaints about "phishing" and other types of e-mail and Internet fraud. Phishing is a high-tech scam that uses spam messages to deceive recipients into disclosing credit card numbers, bank account information, Social Security numbers, passwords and other sensitive information. http://www.gainesvilletimes.com/news/stories/20040914/localnews/34981.shtml Symantec launches antiphishing service http://computerworld.com/securitytopics/security/story/0,10801,95888,00.html - - - - - - - - - - Symantec labels China censor-busting software as Trojan Symantec has labelled a program that enables Chinese surfers to view blocked websites as a Trojan Horse. Upshot? Users of Norton Anti- Virus cannot access Freegate, a popular program which circumvents government blocks, the FT reports. http://www.theregister.co.uk/2004/09/14/symantec_targets_freegate/ - - - - - - - - - - UK information security agency warns of product flaws The government agency responsible for protecting the UK's critical IT infrastructure has issued an urgent alert to users after hundreds of security vulnerabilities were found in email gateways and web browsers. http://www.vnunet.com/news/1158064 - - - - - - - - - - German gov computing security office recommends switch to Opera The BSI (Bundesamt fur Sicherheit in der Informationstechnik), the German Federal Office for Information Security, has recommended a switch away from Microsoft's Internet Explorer to alternative internet browsers and specifically mentioned Norway-based alternative browser Opera. http://www.dmeurope.com/default.asp?ArticleID=3166 - - - - - - - - - - Major graphics flaw threatens Windows PCs Microsoft published on Tuesday a patch for a major security flaw in its software's handling of the JPEG graphics format and urged customers to use a new tool to locate the many applications that are vulnerable. The critical flaw has to do with how Microsoft's operating systems and other software process the widely used JPEG image format and could let attackers create an image file that would run a malicious program on a victim'scomputer as soon as the file was viewed. http://news.zdnet.com/2100-1009_22-5366314.html - - - - - - - - - - Analysts herald arrival of smart security patching tools IT security managers can look forward to the arrival of enhanced patching technology which will automate and reduce the cost of installing software security and maintenance updates, industry experts have predicted. According to a newly released report from Yankee Group, software patch management is developing to include features that are necessary to manage an upgrade process such as identifying new code versions, aid testing, installation and rollback. http://www.scmagazine.com/news/index.cfm?fuseaction=newsDetails&newsUID=fe78bbd8-9365-466d-96de-532e22d6f79d - - - - - - - - - - Hackers Join Homeland Security Effort Jason Larsen types in a few lines of computer code to hack into the controls of a nearby chemical plant. Then he finds an online video camera inside and confirms that he has pumped up a pressure value. "It's the challenge. It's you finding the flaws," he said when asked about his motivation. "It's you against the defenders. It comes from a deep-seeded need to find out how things work." http://www.securityfocus.com/news/9502 http://news.zdnet.com/2100-1009_22-5365401.html - - - - - - - - - - MyDoom Virus Writing Not a Resume Builder "There's no way anyone would hire them to fight viruses," said Sophos security analyst Gregg Mastoras. "For one, no security firm could maintain its reputation by employing hackers." Another consideration is that the kind of experience that hacking provides does not qualify one as a security expert. http://www.newsfactor.com/story.xhtml?story_title=MyDoom-Virus-Writing-Not-a-Resume-Builder&story_id=26931 - - - - - - - - - - A safer America: The document problem Imagine being told you'd never been born. Or rather, that records of your birth were no longer valid. Last month, thousands of Hudson County, N.J., residents got that unnerving news, after hearing that their birth certificates had been declared invalid because of an ongoing fraud investigation at the Hudson County Clerk's office, just across the river from Manhattan. The U.S. State Department had shut down passport operations at the clerk's office after an investigation uncovered alleged document fraud at the office -- specifically, sale of fraudulent birth certificates. The investigation is ongoing. And so is America's document problem. http://www.msnbc.msn.com/id/5946145/ - - - - - - - - - - Execution hoax raises Web ethics question A recent hoax has added to the debate about credible reporting on the Internet. A terrified-looking man, rocking back and forth in his chair with his hands tied behind his back, appeals to the United States to leave Iraq and spare him death. Then a hand with a knife appears to slice off his head. http://news.zdnet.co.uk/internet/0,39020369,39166410,00.htm - - - - - - - - - - Metasploit Framework, Part Three In the previous two parts of this article series we discussed the agility and ease of usage of the Metasploit Framework in an end-user environment. Moving further we will cover additional usage details and provide a brief insight of the MSF from a developer's perspective. Version 2.2 of the Framework was released in August 2004, and its immense potential was showcased at the Blackhat 2004 and Defcon 12 security conferences, which witnessed a jam-packed house during presentations by HD Moore and Spoonm. http://www.securityfocus.com/infocus/1800 *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.