NewsBits for March 1, 2006 sponsored by Digital Investigation - The International Journal of Digital Forensics & Incident Response - www.digitalinvestigation.net ************************************************************ Men plead guilty over web piracy Films, music, and computer games can be illegally shared on the web. Four men have pleaded guilty to being part of a ring that distributed illegal copies of music on the internet. Derek Borchardt, of North Carolina; Matthew Howard, of Colorado; and Aaron Jones, of Oregon, pleaded guilty to criminal charges, US officials said. http://news.bbc.co.uk/2/hi/entertainment/4761768.stm Four plead guilty in US piracy case http://www.theregister.co.uk/2006/03/01/music_pirates_plead_guilty/ - - - - - - - - - - Former government IT worker guilty of hacking In an increasingly connected world economy, organizations often need to share data with foreign branches, suppliers, and A former IT systems auditor for a U.S. government agency faces a possible five- year prison sentence on a computer hacking charge after secretly monitoring his supervisor's e-mail and computer use, the U.S. Department of Justice said. http://www.networkworld.com/news/2006/030106-government-worker-hacking.html - - - - - - - - - - Sting nets two spam scam suspects The US secret service has arrested two men over accusations that they sent massive quantities of spam emails to more than 1.2m AOL subscribers. Todd Moeller (AKA Trill), of New Jersey, and his business partner Adam Vitale (AKA Batch1), 25, of Florida, were busted after agents used an informant to hire the duo to spamvertise a computer security product. http://www.theregister.co.uk/2006/03/01/spam_scam_sting/ - - - - - - - - - - AOL Reels in Phishers The ISP becomes the first major portal to take on phishing gangs directly, and law enforcement welcomes new member. America Online said Tuesday it has filed three civil lawsuits against three gangs that obtained private identity information of unsuspecting customers through online subterfuge. http://www.redherring.com/Article.aspx?a=15895&hed=AOL+Reels+in+Phishers http://www.theregister.co.uk/2006/03/01/aol_phishing_lawsuits/ http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5471 - - - - - - - - - - Veteran cop arrested on child porn possession A 15-year veteran of the Huntsville police force was arrested Tuesday on charges of possession of child pornography. Kenneth Haga, 41, of 4111 Newson Road was arrested after Huntsville police investigators found images on Haga's home computer of children under the age of 17 involved in sexual acts, Chief Rex Reynolds said. http://www.al.com/news/huntsvilletimes/index.ssf?/base/news/1141208447276650.xml - - - - - - - - - - Fishers man faces charge of possessing child porn A 58-year-old Fishers man was charged Feb. 21 in U.S. District Court with possession of child pornography, U.S. Attorney Susan W. Brooks announced. Federal prosecutors allege that on April 12, Stephen J. Dolson was found in possession of a compact disc containing "numerous images of minors engaged in sexually explicit conduct." http://www.topics.com/articles/1/066705-2031-088.html - - - - - - - - - - Day-care parents shocked A local man who pleaded guilty to numerous child-porn charges is married to an employee of an Ottewell neighbourhood daycare centre. Janice Treleaven has worked at Ottewell Daycare and After School Care at 5825 93A Ave. - which nearly 35 children attend - for the last three years. http://www.edmontonsun.com/News/Edmonton/2006/03/01/1467498-sun.html - - - - - - - - - - Child porn seizures rise There has been a recent increase in the amount of child pornography confiscated coming into Canada, says Canadian Border Services (CBS). A 47-year-old Medicine Hat man was arrested by border officers crossing into Coutts Sunday while allegedly having child pornography on his laptop. http://calsun.canoe.ca/News/National/2006/03/01/1467916-sun.html - - - - - - - - - - Vendor waited six weeks to notify Ohio officials of data breach The Ohio state attorney generals office is investigating the terms of a contract between the state Department of Administrative Services and a New Jersey-based prescription drug benefits provider after a laptop computer containing the unencrypted Social Security numbers and birth dates of about 4,300 state workers and 300 of their dependents was stolen in late December. http://www.computerworld.com/securitytopics/security/story/0,10801,109116,00.html - - - - - - - - - - Expensive Trojan emerges in Russia A Java application that covertly sends premium rate texts has been observed by Kaspersky Lab Antivirus companies are warning of new malicious software that can infect any mobile phone capable of running Java applications, not just feature- rich smartphones. http://news.zdnet.co.uk/hardware/mobile/0,39020360,39254970,00.htm - - - - - - - - - - DDoS Attacks Target Prominent Blogs Several prominent weblogs have been hit with distributed denial of service (DDoS) attacks in recent weeks, as the target list for digital attackers continues to broaden. While some of the attacks appear to be politically motivated, on Monday a DDoS struck one of the blogosphere's most financially successful bloggers. http://www.it-observer.com/news/5792/ddos_attacks_target_prominent_blogs/ - - - - - - - - - - Chinese reporter charged with subversion for online essays A Chinese journalist whose reports on rural poverty and unemployment riled local officials has been charged with subversion after posting essays on the Internet, a human rights group said in a statement seen Tuesday. http://news.findlaw.com/ap/o/51/02-28-2006/db620010b081972e.html - - - - - - - - - - India is top target for spam The rate of technological advancement has outstripped growth in security awareness in India, while the US is still the highest spam producer. India's rapid adoption of new technology has left its PC users struggling to cope with very high levels of spam, according to a report released Wednesday. http://news.zdnet.co.uk/internet/security/0,39020375,39255198,00.htm - - - - - - - - - - When a stranger calls, Caller ID might not be trustworthy Last fall, U.S. Rep. Tim Murphy's office started getting phone calls from constituents who complained about receiving recorded phone messages that bad- mouthed Murphy. The constituents were especially upset that the messages appeared to come from the congressman's own office. At least, that's what Caller ID said. ``People thought we were making the calls,'' Murphy said. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/13991593.htm http://www.govexec.com/story_page.cfm?articleid=33495 - - - - - - - - - - Research Group Warns Of New Mobile Device Threat The proof-of-concept Crossover virus is named for its ability to cross-infect a Windows Mobile Pocket PC from a desktop computer, and then delete files on the mobile device. http://www.informationweek.com/news/showArticle.jhtml?articleID=181401195 http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5480 http://www.informationweek.com/news/showArticle.jhtml?articleID=18140119 - - - - - - - - - - New Threats Outflank IT Defenses, Says Vendor Exec Thomas Noonan is president and CEO of Internet Security Systems Inc., an Atlanta-based vendor of IT security products and managed services. ISS reported revenue of $330 million last year, and its customer base includes 17 of the largest banks worldwide. In an interview with Computerworld at RSA Conference 2006 here this month, Noonan spoke about what he described as the "continuously" changing security threats faced by corporate users. http://www.computerworld.com/securitytopics/security/cybercrime/story/0,10801,109006,00.html - - - - - - - - - - Apple patches serious Mac OS flaws Apple Computer on Wednesday released a security update for Mac OS X that fixes 20 vulnerabilities, including a high-profile Web browser and Mail flaw disclosed last week. The set of patches addresses a variety of security flaws, including several that could let an attacker gain control over a computer running the operating system software. http://news.zdnet.com/2100-1009_22-6044945.html Apple OS X update responds to security and worm concerns http://www.vnunet.com/vnunet/news/2151225/apple-update-responds-security - - - - - - - - - - Internet Explorer tweak made public Microsoft has issued a 'voluntary' patch that it expects users to upgrade to oer the next six months. Microsoft on Tuesday made broadly available an Internet Explorer update related to a high-profile patent spat with a start-up backed by the University of California. http://news.zdnet.co.uk/software/applications/0,39020384,39254968,00.htm - - - - - - - - - - Professor criticized for online-attack test A final practical test for a computer-security class has network administrators up in arms. According to handlers at the SANS Institute, a professor at a university (both have been promised anonymity) has assigned his students homework requiring them to perform attack reconnaissance on an Internet server. http://www.securityfocus.com/brief/151 - - - - - - - - - - E-passports to debut this summer A State Department official on Wednesday said the department plans to start making electronic passports for government travelers and issuing e-passports for tourists this summer. Recently, the department began issuing diplomatic e-passports on a trial basis. http://www.govexec.com/story_page.cfm?articleid=33495 - - - - - - - - - - Dispute Over Satellite Radio May Be Key Issue for Digital Copyrights Howard Stern and Oprah Winfrey might have lent some serious star power to subscription- based satellite radio networks XM and Sirius, but that doesn't mean the fledgling medium is ready for prime time. http://www.law.com/jsp/article.jsp?id=1140689115074 - - - - - - - - - - The big DRM mistake Digital Rights Managements hurts paying customers, destroys Fair Use rights, renders customers' investments worthless, and can always be defeated. Why are consumers and publishers being forced to use DRM? http://www.securityfocus.com/columnists/390 - - - - - - - - - - iPods slip through gaping security holes ... and so do cameras, and USB sticks and pretty much any portable storage device... Companies are still failing to recognise the security threat posed by portable storage devices, such as the dozens of iPods which may enter and leave their offices each day. http://software.silicon.com/security/0,39024655,39156886,00.htm - - - - - - - - - - Rootkit Hunting vs. Compromise Detection The presentation I gave in Washington, D.C., at Black Hat Federal Conference in January 2006. It's about new generation of stealth malware, so called Stealth by Design (SbD) malware, which doesn't use any of the classic rootkit technology tricks, but still offers full stealth! The presentation also focuses on limitations of the current anti-rootkit technology and why its not useful in fighting this new kind of SbD malware. http://www.it-observer.com/news/5794/rootkit_hunting_vs_compromise_detection/ - - - - - - - - - - Comprehensive Threat Management: A Symantec Solution for Modern-Day Attack Protection When it comes to information security these days, most organizations remain in a tenuous position. Despite their best efforts, enterprises continue to be successfully attacked at an alarming rate. The result is the need for a threat management solution that is proactive, and therefore able to thwart unknown attacks. http://www.computerworld.com/securitytopics/security/story/0,10801,109057,00.html - - - - - - - - - - The Struggle to Manage Security Compliance for Multiple Regulations The 2006 Security Compliance Research Report is the first in a series designed to help establish benchmarks showing how firms worldwide are dealing with compliance and its impact on corporate IT security programs. http://www.it-observer.com/news/5795/the_struggle_manage_security_compliance_multiple_regulations/ The Shortcut Guide to Network Compliance and Security http://www.it-observer.com/news/5796/the_shortcut_guide_network_compliance_security/ Mobility versus security - getting the balance right http://www.it-observer.com/articles/1072/mobility_versus_security_getting_balance_right/ - - - - - - - - - - Companies Contemplate Life Without BlackBerrys Eugene Stein is thinking about Plan B for the 1,900 BlackBerry e-mail devices under his charge that could be rendered useless if their maker, Research in Motion Ltd., gets slapped with a court-ordered shutdown. http://www.it-observer.com/news/5791/companies_contemplate_life_without_blackberrys/ ************************************************************ Digital Investigation is the international journal of digital forensics and incident response. To apply for a free sample copy visit: http://www.digitalinvestigation.net *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2006, NewsBits.net, Campbell, CA.