NewsBits for March 16, 2006 sponsored by Digital Investigation - The International Journal of Digital Forensics & Incident Response - www.digitalinvestigation.net ************************************************************ Game ID thefts surpass one million Company accused of taking no action to halt huge illegal registration. The number of victims in the world's largest identity theft case could surpass one million, authorities in South Korea have reported. Police announced this week that the number of victims of ID theft connected to the online game Lineage is between 980,000 and 1.22 million, according to the Korea Herald. http://www.vnunet.com/vnunet/news/2152080/game-id-thefts-surpass-million - - - - - - - - - - Lost Ernst & Young laptop exposes IBM staff Ernst & Young has lost another laptop containing the social security numbers and other personal information of its clients' employees. This time, the incident puts thousands of IBM workers at risk. Ex-IBM employees are also affected. http://www.theregister.co.uk/2006/03/15/ernstyoung_ibm_laptop/ - - - - - - - - - - Police break online child porn ring The U.S. Attorney General announced yesterday that police have broken up an online child ring that involved the sexual molestation of very young children. Police arrested 27 people in the U.S., Canada, Australia and Britain, following a months-long investigation into an online chat room called "Kiddypics & Kiddyvids." http://www.securityfocus.com/brief/165 http://www.latimes.com/technology/la-na-childporn16mar16,1,2576770.story http://www.cnn.com/2006/LAW/03/15/childporn.arrests/index.html http://www.vnunet.com/vnunet/news/2152105/police-bust-international-child - - - - - - - - - - Man Who Raped Own Children, Sentenced to 35 Years for Child Porn A Billerica, Massachusetts man was sentenced Friday to thirty-five years in federal prison for advertising child pornography on the Internet, possession of child pornography and related offenses. He was previously convicted of raping his own children. http://www.americanchronicle.com/articles/viewArticle.asp?articleID=6891 - - - - - - - - - - Helena man gets eight years for distributing child porn A former computer systems analyst for the state has been sentenced to eight years in prison, for using his home computer to distribute child pornography over the Internet. After completing his sentence, 52-year-old Richard Dickson will be on supervised release for the rest of his life. http://www.kbzk.com/Global/story.asp?S=4638610 - - - - - - - - - - Fined for Kid Porn A Canadian soldier who used computers at a New Brunswick military base to secretly view child porn received a suspended sentence during a court martial held yesterday. Master Cpl. Steven Charles Winstanley, 36, originally of Glace Bay, N.S., pleaded guilty to the National Defence Act charge of accessing child porn. http://www.edmontonsun.com/News/Canada/2006/03/16/1490796-sun.html - - - - - - - - - - Former Police Chief Waits For Sentence In Child Porn Case A former Auglaize County police chief will have to wait another two months to be sentenced on child porn charges. Dave Harrison, of Wapakoneta, was convicted on 15 counts of child pornography, two counts of unauthorized use of property and one count of theft in office. Harrison is free on bond. He is waiting on results from a pre-sentence hearing. http://www.whiotv.com/news/8052351/detail.html - - - - - - - - - - Man charged with trading child porn on Internet A Round Lake Beach man was charged Wednesday with trading child pornography images over the Internet after Lake County sheriff's officers executed a search warrant at his home Tuesday night, authorities said. http://www.chicagotribune.com/news/local/chicago/chi-0603160240mar16,1,689776.story - - - - - - - - - - Metro pair face charges of possessing child porn Two more Halifax-area men were arrested on child pornography-related charges Tuesday after investigators searched a pair of homes in separate investigations. Halifax resident Waclaw Otomanski, 54, faces charges of possessing, manufacturing and distributing the lewd material, the citys regional force said in a news release late Wednesday afternoon. http://thechronicleherald.ca/Metro/490329.html - - - - - - - - - - Computer techs tip police on child porn As an information technology specialist, Troy Wallwork has seen the secrets inside plenty of computers, from financial records to love letters. But when a recent search of one customer's PC turned up what looked like child pornography, he didn't know what to do. On the one hand, his company's reputation depends on preserving clients' privacy. On the other, he said the pictures he found were just too graphic to ignore, so he called the police. http://www.al.com/news/birminghamnews/index.ssf?/base/news/1142504570238080.xml - - - - - - - - - - Canadian military to probe sale of gear on eBay The Canadian military has launched an investigation after some of its military clothing and equipment turned up for sale on the Internet, a spokesman for the Department of National Defense said on Wednesday. http://news.com.com/Canadian+military+to+probe+sale+of+gear+on+eBay/2100-1047_3-6050307.html - - - - - - - - - - Trojan extortion blocked by e-gold The creators of the Cryzip extortion Trojan did not benefit from the fraud, Internet payment company e-gold has claimed. Criminals are believed to have set up a number of accounts at the company in order to receive funds extorted from users in return for decrypting data files scrambled by the Trojan. http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5577 New Trojan encrypts data, demands ransom http://www.computerworld.com/securitytopics/security/story/0,10801,109590,00.html Say Hi to the mouse click capturing Trojan http://www.theregister.co.uk/2006/03/16/mouse_click_capturing_trojan/ - - - - - - - - - - Macabre Milosevic malware mounts Death 'pics' used as a hook for malware intrusion An IT security firm reported today that it has found nearly a million emails claiming to contain pictures of former Yugoslav president Slobodan Miloevic's body http://www.vnunet.com/vnunet/news/2152076/hackers-quick-exploit-milosevic - - - - - - - - - - Sites selling child porn targeted The group wants to stop websites profiting from child porn. Net and finance firms are joining up to stamp out commercial child pornography. The newly formed Financial Coalition Against Child Pornography brings together 18 organisations including Bank of America, American Express, Mastercard, AOL, Yahoo and Microsoft. http://news.bbc.co.uk/2/hi/technology/4812962.stm Credit card providers unite against child pornography Industry attacks child abuse by blocking the money flow. A group of 18 financial institutions and internet providers have joined forces with child advocacy groups in the US and Europe in an effort to eradicate commercial child pornography by 2008. http://www.vnunet.com/vnunet/news/2152065/credit-card-providers-team - - - - - - - - - - New denial-of-service threat emerges A new kind of denial-of-service attack has emerged that delivers a heftier blow to organizations' systems than previously seen DOS threats, according to VeriSign's security chief. The new DOS attacks first emerged in late December and kicked into high gear in January, before dying down four weeks ago, said Ken Silva, VeriSign's chief security officer. In less than two months, 1,500 separate Internet Protocol addresses were http://news.zdnet.com/2100-1009_22-6050688.html Attacks target Internet traffic cops A new variety of unusually powerful Internet attacks can overwhelm popular Web sites and disrupt e-mails by exploiting the computers that help manage global Internet traffic, according to security researchers. http://www.cnn.com/2006/TECH/internet/03/16/internet.attack.ap/index.html Internet panel to consider defenses against new attacks The Internet's primary oversight body will consider defensive measures against a new variety of powerful electronic attacks that can overwhelm Web sites and disrupt e-mails by exploiting the computers that help manage global Internet traffic. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/14113570.htm - - - - - - - - - - Tierney, Kerry fight for tougher child porn penalties U.S. Congressmen John F. Tierney, D-Salem, and Phil Gingrey, R-Georgia, recently introduced "Masha's Law" (H.R. 4703), legislation requiring tougher penalties for downloading child pornography off the Internet. http://www2.townonline.com/ipswich/localRegional/view.bg?articleid=449653 - - - - - - - - - - Congress rips DHS, DOD for low cybersecurity grades Members of the U.S. Congress on Thursday lectured technology executives at two major security agencies for failing cybersecurity scores, with one congresswoman saying she doesn't feel safe because of the problems. http://www.computerworld.com/securitytopics/security/story/0,10801,109588,00.html http://news.zdnet.com/2100-1009_22-6050520.html http://www.gcn.com/online/vol1_no1/40146-1.html http://www.fcw.com/article92642-03-16-06-Web http://www.govexec.com/story_page.cfm?articleid=33621 - - - - - - - - - - Qatar conference urges combat of cyber crime An international telecoms conference closed Wednesday in Qatar with a call for greater coordination to combat what delegates described as rising crime and terror on the Internet. "There is a possibility of putting in place a memorandum of understanding between member states on the issue of cyber security," Hamadoun Toure, a senior official with the UN's International Telecommunications Union (ITU), said. http://www.middle-east-online.com/english/?id=16003 - - - - - - - - - - Firms lax on ID theft safeguards Identity thieves can work inside companies Most businesses are not doing enough to secure their networks against identity fraud, a UK government survey says. Growing numbers of firms are using strong authentication to restrict unauthorised access, according to the Department of Trade and Industry. http://news.bbc.co.uk/2/hi/technology/4809262.stm http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5585 http://www.computerworld.com/securitytopics/security/story/0,10801,109599,00.html Your secret PIN may not be so secret http://news.com.com/2100-1029_3-6050259.html - - - - - - - - - - GSA seeks comment on procurement data privacy As the General Services Administration continues work on improvements to the Federal Procurement Data SystemNext Generation, the agency will accept comments on the system's privacy standards through June 2, according to a notice published in todays Federal Register. http://www.fcw.com/article92620-03-15-06-Web - - - - - - - - - - Microsoft goes public with Blue Hat security conference Microsoft Corp. is going public with some of the hacking information discussed at its Blue Hat Security Briefings event. Just days after the end of its third Blue Hat conference, the software vendor today posted the first blog entries at a new Web site. Microsoft is also promising to publish more details on the secretive invitation-only event. http://www.computerworld.com/securitytopics/security/hacking/story/0,10801,109606,00.html - - - - - - - - - - CeBIT exhibitors flunk wireless security test More than half of the wireless networks deployed at the CeBIT technology show in Hanover, Germany, last week had no encryption enabled, making the systems behind them prime targets, according to Kaspersky Lab Ltd., a security vendor. http://www.computerworld.com/securitytopics/security/hacking/story/0,10801,109605,00.html - - - - - - - - - - Microsoft releases March patches Microsoft released its March security bulletin yesterday, patching seven vulnerabilities-- six of which allowed remote code execution via Microsoft Office. The issues affecting Office allow for a 'drive-by download' whereby a user simply visits a malicious webpage with Internet Explorer to become affected. All of the six Office vulnerabilities earned the "Critical" tag, Microsofts highest rating. http://www.securityfocus.com/brief/164 - - - - - - - - - - French Encryption Specialist Launches In UK Prim'X Technologies, a provider of transparent encryption technology for enterprises and government organisations has today announced the launch of its encryption engine into the UK market. ZoneCentral V.2.5 allows businesses to secure sensitive files and folders from unauthorised access and is compatible with most authentication methods already deployed in corporate environments, including token smart cards, key files, and USB devices. http://www.theitshield.com/pr/5874 - - - - - - - - - - TrustedID Service Freezes Credit Reports TrustedID announced on March 13 the launch of its IDFreeze service, which aims to put consumers in control of their credit. IDFreeze is an e-management tool that lets users lock and block access to credit information in their names. The company charges $7.95 per month or $89.95 per year. http://www.eweek.com/article2/0,1759,1938557,00.asp - - - - - - - - - - ID card battle remains deadlocked An increased majority of MPs have overturned the House of Lords' rejection of 'compulsory' registrations. The ID cards battle remains deadlocked after MPs again overturned a House of Lords amendment that would have prevented people being forced to register for an ID card when applying for a passport. http://news.zdnet.co.uk/0,39020330,39257911,00.htm - - - - - - - - - - Poor authentication increases risk of identity fraud The latest survey from the DTI into the IT security of UK businesses has revealed that firms could be making themselves more vulnerable by using software-based two-factor authentication rather than hardware tokens. http://www.vnunet.com/vnunet/news/2152120/poor-authentication-increase - - - - - - - - - - Experts: Don't panic over RFID viruses - yet Proof-of-concept malware may help solve RFID security issues before they become a real problem. Dutch researchers have announced they have successfully created a virus capable of infecting RFID tags. http://news.zdnet.co.uk/internet/security/0,39020375,39257910,00.htm - - - - - - - - - - The intersection of Sarbanes-Oxley and insider threats Sarbanes-Oxley Act compliance should not be a distraction to security where the focus is on writing mountains of policies and procedures. It should, however, be used as a business differentiator, as an enabler for risk management and as a mechanism to use frameworks and certifications to better align business goals and process with security best practices. Nowhere is this more evident than issues surrounding insider threats. http://www.computerworld.com/securitytopics/security/story/0,10801,109527,00.html - - - - - - - - - - US bank approves ripped-up credit card application A US man who sent in a torn up, and taped back together, credit card application as an experiment to see whether he needed to shred his applications has received a credit card. Rob Cockerham used his father's address and his mobile (as opposed to land line number) when making an application for a JP Morgan Chase credit card. http://www.theregister.co.uk/2006/03/16/ripped_up_credit_card_application/ ************************************************************ Digital Investigation is the international journal of digital forensics and incident response. To apply for a free sample copy visit: http://www.digitalinvestigation.net *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2006, NewsBits.net, Campbell, CA.