NewsBits for March 7, 2006 sponsored by Digital Investigation - The International Journal of Digital Forensics & Incident Response - www.digitalinvestigation.net ************************************************************ Citibank probes ATM withdrawals Citibank has put a transaction block on an unspecified number of Citi-branded MasterCard debit and credit cards used in three countries because of fraudulent ATM cash withdrawal activity, the company said in a statement yesterday. http://computerworld.com/securitytopics/security/story/0,10801,109308,00.html http://www.channelregister.co.uk/2006/03/07/citibank/ Citibank Confirms Fraud in Canada, UK, Russia Linked to Breach http://www.eweek.com/article2/0,1759,1934988,00.asp - - - - - - - - - - Woman pleads guilty in porn spam case A New Hampshire woman has pleaded guilty to spam- related charges in connection with a pornographic e-mail operation, the U.S. Department of Justice announced Monday. Jennifer R. Clason, 33, of Raymond, N.H., pleaded guilty to one count of criminal conspiracy and two spamming counts under the CAN-SPAM Act, an antispam law passed by the U.S. Congress in 2003. Clason's plea is the third conviction related to the transmission of obscene e-mail messages, the DOJ said. http://computerworld.com/securitytopics/security/story/0,10801,109284,00.html - - - - - - - - - - Boys MySpace prank results in sex crime arrest A group of boys who posed as a 15-year-old girl for an Internet prank ended up helping police arrest a 48-year-old man who tried to meet the fictitious teenager for sex, authorities said. The five boys had created a fake profile of a girl on MySpace.com a social networking Web site to cheer up a friend who had recently broken up with his girlfriend. http://www.msnbc.msn.com/id/11708746/ http://www.cnn.com/2006/US/03/07/myspace.arrest.ap/index.html - - - - - - - - - - Judge upholds sentence in child porn case A 37-year-old Zanesville man will remain in prison for 36 years after being charged with 62 counts of pandering obscenity. Richard N. King of Zanesville has been in the Noble Correctional Institute after being found guilty of the charges last year. http://zanesvilletimesrecorder.com/apps/pbcs.dll/article?AID=/20060307/NEWS01/603070318/1002/NEWS01 - - - - - - - - - - City man pleads guilty in child porn case A 28-year-old Baltimore man pleaded guilty in federal court to possession of child pornography, the U.S. attorney's office said today. In a statement of facts, Brian C. Trimble admitted to sending an e-mail Feb. 17, 2004, to an undercover U.S. Postal Service agent that stated, "I'd be interested in male(s)/female(s) situations of ages 12-16" in response to the postal agent's online offer of sexually explicit videos of pre-teens. http://www.baltimoresun.com/news/local/crime/bal-sentence0306,0,3259649.story - - - - - - - - - - One-time foster dad indicted in child-porn exchange The man, 72, who faces a trial in two boys' rapes, is accused of receiving and sending graphic images. A former foster parent and one-time Episcopal priest suspected by Denver authorities of molesting young boys for five decades has been indicted on charges of distributing and receiving child pornography. http://www.denverpost.com/news/ci_3576076 - - - - - - - - - - Israeli Couple Indicted for Trojan Horse Virus Spyware An Israeli couple has been indicted on charges of developing the Trojan Horse computer virus that has attacked corporate computer systems. Michael and Ruth Haefrati were charged with developing the software virus used for corporate spying in a number of computer-related crimes. http://www.israelnn.com/news.php3?id=99680 http://www.newsfactor.com/story.xhtml?story_id=01300000BOXO http://www.vnunet.com/vnunet/news/2151467/couple-face-jail-trojan - - - - - - - - - - Senator may address spying concerns in supplemental funding bill Senate Judiciary Chairman Arlen Specter, R-Pa., said Tuesday he would consider offering an amendment to cut off funds forthe White House's warrantless domestic wiretapping, perhaps to the fiscal 2006 supplemental, if he did not receive more satisfactory answers from Bush administration officials. http://www.govexec.com/story_page.cfm?articleid=33560&sid=28 Homeland Security chief proposes screening of customer data http://www.govexec.com/story_page.cfm?articleid=33559&sid=28 - - - - - - - - - - Tougher hacking laws get support Both the Tories and Lib Dems have backed government measures to increase penalties for UK computer hackers. Anyone hacking a computer could be punished with 10 years' imprisonment under new laws. The move follows campaigning from Labour MP Tom Harris, whose ideas are now being adopted in the Police and Justice Bill. http://www.it-observer.com/news/5823/tougher_hacking_laws_support/ - - - - - - - - - - High Number Of Child Exploitation Cases Filed It's another sign of the dangers to children that can be found on the Internet -- federal prosecutors announced that they filed a record number of child exploitation cases last year. A large number of those cases were researched at the Midwest Computer Forensics Lab in Kansas City. http://www.thekansascitychannel.com/news/7753693/detail.html - - - - - - - - - - Tougher Penalties Sought For Child Porn In ND North Dakota's penalty for possessing child pornography is weaker than in other states -- too weak, officials say. Possession of child pornography in North Dakota is a misdemeanor for first-time offenders, meaning they can avoid prison. Recent offenders in Cass County have served between five days and two months in jail. http://wcco.com/local/local_story_064185647.html - - - - - - - - - - EU privacy experts slam email tracking services Services that track whether an email has been opened will breach EU data protection laws unless the recipient has given unambiguous consent to the service, according to an opinion from the Article 29 EU Working Party on Data Protection. http://www.fcw.com/article92517-03-07-06-Web http://www.theregister.co.uk/2006/03/07/eu_slams_email_tracking_services/ - - - - - - - - - - Aussie antifraud cop hopes for increased collaboration In Victoria, call goes out for better business- government efforts. With only 5% of all fraud cases that occur in the Australian state of Victoria being reported, detective sergeant and identity management advocate Rodney Mills has called for better communication between business and government to help combat the growing problem. http://computerworld.com/securitytopics/security/cybercrime/story/0,10801,109303,00.html - - - - - - - - - - Zombie PCs menace mankind Script-kiddies make way for Mr Big. Cybercrooks are developing more sophisticated techniques to steal confidential data. According to the latest edition of Symantec's Internet Security Threat Report, malicious hackers are increasingly using bot-networks, modular malicious code and targeted attacks on web applications and web browsers to carry out cyber raids. http://www.channelregister.co.uk/2006/03/07/symantec_net_threat_report_2h2005/ Hacking for Financial Gain Symantec has announced that crimeware, software specifically designed to carry out criminal activity, is on the rise as a means for criminals to perpetrate cybercrime attacks. In the ninth volume of its Internet Security Threat Report, Symantec reveals that cybercriminals are developing new and more sophisticated techniques to steal data for financial gain. http://www.it-observer.com/news/5832/hacking_financial_gain/ Cyber criminals stepping up targeted attacks: report http://www.washingtonpost.com/wp-dyn/content/article/2006/03/07/AR2006030700060.html Symantec Warns of Rise of Cyber Crime Bots http://www.commentwire.com/article_news.asp?guid=E1582C33-0C8A-4A38-B10B-E0545224BBBE Cyber Criminals Launching Higher Numbers of Sophisticated Attacks http://www.computerworld.com.au/index.php/id;611804675 China malware increasing, Symantec says http://computerworld.com/securitytopics/security/story/0,10801,109282,00.html - - - - - - - - - - Banks beef up security Laws meant to ensure companies safeguard the privacy of customer records have been a boon to the business Todd Gooden heads. "I'd say our security practice has increased in the last six months 300 percent," said Gooden, chief executive officer of Consultrix Technologies, which has offices in Jackson, Memphis, Nashville and Birmingham. "It's literally to the point that we're gaining a new customer every two days regarding security." http://www.clarionledger.com/apps/pbcs.dll/article?AID=/20060305/BIZ/603050347 - - - - - - - - - - Researcher Hacks Microsoft Fingerprint Reader Never mind worrying about hackers stealing your password. A security researcher with the Finnish military has shown how people could steal your fingerprint, by taking advantage of an omission in Microsoft's Fingerprint Reader, a PC authentication device that Microsoft has been shipping since September 2004. http://www.pcworld.com/news/article/0,aid,124978,00.asp http://computerworld.com/securitytopics/security/story/0,10801,109276,00.html - - - - - - - - - - Mac OS X patch faces scrutiny An Apple Computer patch released last week doesn't completely fix a high-profile Mac OS X flaw, leaving a toehold for cyberattacks, experts said. The Mac maker released a security update for its operating system on Wednesday to plug 20 holes. The patch arrived after two weeks of intense scrutiny of the safety of OS X, prompted by the discovery of two worms, and the disclosure of a vulnerability that was deemed "extremely critical" by security monitoring company Secunia. http://news.com.com/Mac+OS+X+patch+faces+scrutiny/2100-1002_3-6046588.html Apple criticised for persistent Trojan flaw http://news.zdnet.co.uk/software/mac/0,39020393,39256044,00.htm - - - - - - - - - - Winner mocks OS X hacking contest Gaining root access to a Mac is "easy pickings," according to an individual who won an OS X hacking challenge last month by gaining root control of a machine using an unpublished security vulnerability. http://news.com.com/2100-1002_3-6046197.html http://www.securityfocus.com/brief/158 - - - - - - - - - - Microsoft cryptographer denies Vista back door A senior cryptographer working for Microsoft has vehemently denied that the firm is planning to compromise the encryption functionality incorporated in its forthcoming Vista operating system by adding a backdoor. http://www.vnunet.com/vnunet/news/2151483/microsoft-cryptographer-denies http://news.zdnet.co.uk/software/windows/0,39020396,39255856,00.htm - - - - - - - - - - Chip-and-pin 'cuts fraud by 13%' The chip-and-pin system cut plastic card fraud by 13% in 2005, according to the Association of Payment Clearing Services (Apacs). Losses due to the fraudulent use of credit and debit cards fell last year by PS65m to PS439m. Most categories of fraudulent card use dropped, except for transactions over the phone, internet or by mail. http://news.bbc.co.uk/2/hi/business/4779314.stm - - - - - - - - - - Survey: Agency programs to protect privacy inadequate Most government agencies have made little progress in addressing privacy concerns, and the issue needs to be elevated, according to a new survey of members of the federal information technology community. http://www.govexec.com/story_page.cfm?articleid=33555 - - - - - - - - - - After flap, Symantec adjusts browser bug count Depending on how you count flaws, either IE or Firefox could be considered less secure. A report issued today by Symantec Corp. seeks to satisfy users of both Mozilla Corp.'s Firefox browser and Microsoft Corp.'s Internet Explorer. http://computerworld.com/securitytopics/security/story/0,10801,109278,00.html - - - - - - - - - - 'Fascist' ID database worries Lords The House of Lords called upon the ancient liberties enshrined in British common law last night when it ping-ponged the ID Cards bill back to the House of Commons. http://www.theregister.co.uk/2006/03/07/fascist_database_worries/ Lords rejects compulsory identity cards http://www.vnunet.com/vnunet/news/2151492/lords-slaps-government-id-card - - - - - - - - - - Government Smart-Card Project Hits Snags on Fingerprints, Costs The government's smart-card project appears at risk of falling behind schedule. Federal agencies are supposed to begin issuing government-wide identification cards that can vouch for the identity of federal employees and most contractors in October, but the Government Accountability Office warns that setting up and testing new ID systems may not be completed within deadlines set by the Bush administration. http://www.washingtonpost.com/wp-dyn/content/article/2006/03/06/AR2006030601628.html - - - - - - - - - - Study: Skype dangers may be acceptable to businesses Corporations should seriously consider banning Skype because of potential risks, but not before weighing whether the risks are outweighed by benefits, according to a new study by the Burton Group. http://computerworld.com/securitytopics/security/story/0,10801,109297,00.html - - - - - - - - - - The value of vulnerabilities There is value in finding vulnerabilities. Yet many people believe that a vulnerability doesn't exist until it is disclosed to the public. We know that vulnerabilities need to be disclosed, but what role do vendors have to make these issues public? http://www.securityfocus.com/columnists/391 - - - - - - - - - - MS denies helping Beijing nail cyberdissident Microsoft has denied helping Chinese authorities obtain evidence against a local journalist charged with sending "subversive" emails from a Hotmail account. Li Yuanlong, 45, is accused of sending opinion pieces that "fabricated, distorted and exaggerated facts, incited to subvert the state and sought to overthrow the socialist system" under the pseudonyms "Night Wolf" or "Wolf Howling in the Night", and using MSN Hotmail accounts. http://www.theregister.co.uk/2006/03/07/ms_cyberdissident_denial/ - - - - - - - - - - China and the break-up of the net Chinese ideas about the setting up its own domain name system could change the global nature of the internet, argues internet law professor Michael Geist. The number of people online in China is growing fast. There was a buzz in the internet community last week after the People's Daily, widely regarded as the most influential newspaper in China, published an article in English announcing changes to that country's domain name system. http://news.bbc.co.uk/2/hi/technology/4779660.stm - - - - - - - - - - National gun database backfires Further delays have plagued the project to create the National Firearms Licensing Management System (NFLMS). Two forces that have been piloting the database, Lancashire Police and the Metropolitan Police, will now have to run further tests. They have been forced to do so by the need to cleanse data so that information can be shared, and to configure different networks that have so far proved incompatible. http://www.theregister.co.uk/2006/03/07/more_setbacks_for_nflms/ ************************************************************ Digital Investigation is the international journal of digital forensics and incident response. To apply for a free sample copy visit: http://www.digitalinvestigation.net *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2006, NewsBits.net, Campbell, CA.