NewsBits for March 21, 2006 sponsored by Digital Investigation - The International Journal of Digital Forensics & Incident Response - www.digitalinvestigation.net ************************************************************ Police data on 4,400 uploaded via Winny Ehime prefectural police have announced that confidential personal information on 4,400 people was included in files accidentally uploaded to the Internet via Winny file-sharing software. The investigation data was leaked through the computer of a 42-year-old police inspector of the criminal investigation department and included information on crime suspects, victims and investigation informants, as well as statements from suspects. http://www.it-observer.com/news/5895/police_data_4400_uploaded_via_winny/ - - - - - - - - - - State cop nabbed by decoy 13-year-old in Internet sting Over the years, CHP officer Stephen Robert Deck lectured countless Southern Californian motorists. But on Feb. 18, Deck wasnt even thinking about anyone old enough to drive. According to District Attorney Tony Rackauckas, the 51-year-old cop was lost in a sexual fantasy involving a 13-year-old Laguna Beach girl hed befriended in an Internet chat room. http://www.ocweekly.com/news/news/you-have-all-the-pie-i-want-to-eat/24613/ - - - - - - - - - - European phishing gangs targeted Microsoft is launching legal action against 100 phishing gangs based in Europe, the Middle East and Africa. By the end of March, 53 cases will have begun said Microsoft, with all 100 filed by the end of June. Seven of the criminal groups behind fake websites that trick people into handing over confidential information are known to be in the UK. The legal cases follow investigative work undertaken by Microsoft, national police forces and Interpol. http://www.it-observer.com/news/5890/european_phishing_gangs_targeted/ http://software.silicon.com/security/0,39024655,39157424,00.htm http://www.pcworld.com/news/article/0,aid,125140,00.asp Interpol: Politicians failing to tackle phishing Police forces around the world are being starved of financial and human resources to fight a growing number of crimes on the internet, Interpol has said. Speaking on Monday at an anti-phishing conference in Brussels, Bernhard Otupal, crime intelligence officer for Interpol's financial and hi-tech crime unit, said politicians are unaware of the ways criminals are using technology to steal money. http://software.silicon.com/security/0,39024655,39157425,00.htm - - - - - - - - - - French National Assembly approves copyright bill The French National Assembly approved a digital copyright bill on Tuesday that will require DRM (digital rights management) developers to reveal details of their technology to rivals that wish to build interoperable systems. The bill could affect the FairPlay DRM used by Apple Computer Inc. in its iTunes Music Store and iPod music players, and Microsoft Corp.'s Windows Media DRM, used by rival French music stores Fnac.com and Virginmega.fr to lock downloaded tracks to particular music players. http://www.computerworld.com/securitytopics/security/story/0,10801,109756,00.html http://www.msnbc.msn.com/id/11943799/ - - - - - - - - - - Debit-card fraud underscores legal loopholes Recent widespread debit-card fraud likely has roots in three major data leaks that occurred in the last six months, two of which have yet to be publicly disclosed by the companies involved. It is a lot easier to expose a company like CardSystems Solutions, than to expose a retailer. The credit card companies are not out there to put any retail company out of business. http://www.securityfocus.com/news/11381?ref=rss InfoCard Within Web Applications and Browsers http://www.it-observer.com/news/5902/infocard_within_web_applications_browsers/ - - - - - - - - - - Dutch hacker finds serious hole in IE 6 A Dutch Web developer has discovered a vulnerability in Microsoft Corp.'s Internet Explorer (IE) 6 Web browser that could allow a PC to be taken over after a user is lured to a malicious Web site. Microsoft has reproduced the vulnerability and is analyzing the problem, said Jeffrey Van der Stad, who describes the flaw briefly on his Web site. http://www.computerworld.com/securitytopics/security/hacking/story/0,10801,109754,00.html http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5608 - - - - - - - - - - Adware backers named and shamed Large corporations and dot.com firms are funding the distribution of software that loads invasive pop-up ads with their advertising dollars, according to a report by the Centre for Democracy and Technology. The US consumer rights organisation named and shamed a number of firms over the practice, including Club Med Americas, uBid, PeoplePC and GreetingCards.com. It is calling on mainstream firms to become more vigilant about policing their advertising practices. http://www.theregister.co.uk/2006/03/21/adware/ Big Firms Fail to Police Adware, Report Says http://www.washingtonpost.com/wp-dyn/content/article/2006/03/20/AR2006032001657.html - - - - - - - - - - Tough week ahead for malware companies The fight against invasive software will take a step forward next week as the Center for Democracy and Technology (CDT) and the Google Inc.-backed Stopbadware Coalition will release two separate reports that state the names of undesirable software programs and the advertisers who help fund them. http://www.computerworld.com/securitytopics/security/story/0,10801,109719,00.html - - - - - - - - - - Kernel ARP hijacking patch for Linux kArp is a linux patch that allows one to implement ARP hijacking in the kernel, but control it easily via userland. You may configure, enable and disable kArp via ProcFS or the sysctl mechanism. kArp is implemented almost on the device driver level. http://www.it-observer.com/news/5903/kernel_arp_hijacking_patch_linux/ - - - - - - - - - - Net porn block to protect children INTERNET porn would be blocked before reaching household computers under a Labor pledge to protect children. Internet service providers (ISPs) would have to provide a "clean feed" without sites showing extreme violence or graphic sexual material. http://dailytelegraph.news.com.au/story/0,20281,18542395-5001021,00.html - - - - - - - - - - Google News dumps partner after PR hoax Unedited news service falls victim to online prank. Google News has stopped linking to a press release site after a teenager abused the service to spread a false press release about the search giant. The I-Newswire service offers free distribution of press releases to organisations and individuals. http://www.vnunet.com/vnunet/news/2152337/google-news-cuts-ties-gullible - - - - - - - - - - Elliptic Curve Cryptography Elliptic Curve Cryptography (ECC) has been gaining momentum as a replacement for RSA public key cryptography largely based on its efficiency, but also because the US National Security Agency (NSA) included it, while excluding RSA, from its Suite B cryptography recommendations. Suite B is a set of algorithms that the NSA recommends for use in protecting both classified and unclassified US government information and systems. http://www.it-observer.com/news/5899/elliptic_curve_cryptography/ Encrypt filesystems with EncFS and Loop-AES http://www.it-observer.com/news/5894/encrypt_filesystems_with_encfs_loop_aes/ - - - - - - - - - - When the law chases the Internet Both Congress and the courts have always played catch up with Internet crime, from credit-card theft to child porn. The fast pace of new Web software provides a challenge to slow-moving law. The latest example: a court order against Web giant Google. http://www.it-observer.com/news/5892/when_law_chases_internet/ - - - - - - - - - - French struggle to get US visas The US Embassy in Paris is struggling to deal with a huge increase in demand for visas because the French government has missed Bush's deadline for biometric passports. http://www.theregister.co.uk/2006/03/21/french_struggle_for_us_visas/ - - - - - - - - - - The High Cost Of Data Loss Sensitive personal data has been misplaced, lost, printed on mailing labels, posted online, and just left around for anyone to see. The situation has become untenable. Here's the ugly truth about how it keeps happening, who's been affected, and what's being done about it. http://www.it-observer.com/news/5888/the_high_cost_data_loss/ - - - - - - - - - - Get More Security with Fewer Resources CISOs at midsize businesses face many of the same problems as CISOs at larger companies, but with a lot fewer resources. What they've learned can help any CISO get by on less. Stanley Stash Jarocki is used to getting plenty of attention. http://www.it-observer.com/news/5901/get_more_security_with_fewer_resources/ Guide to Network Security http://www.it-observer.com/news/5893/guide_network_security/ How to Create Secure Web Applications with Struts http://www.it-observer.com/news/5900/how_create_secure_web_applications_with_struts/ The real threat to the Internet http://redtape.msnbc.com/2006/03/the_real_threat.html - - - - - - - - - - Bringing Botnets Out of the Shadows Nicholas Albright's first foray into some of the darkest alleys of the Internet came in November 2004, shortly after his father committed suicide. About a month following his father's death, Albright discovered that online criminals had broken into his dad's personal computer and programmed it to serve as part of a worldwide, distributed network for storing pirated software and movies. http://www.washingtonpost.com/wp-dyn/content/article/2006/03/21/AR2006032100279.html - - - - - - - - - - Perils of online dating prompt safety efforts Josie Phyllis Brown never had a chance against her 6-foot-6-inch killer, although his stature was one of the few things she should have known from his Internet profile. John Christopher Gaumer, who confessed to the murder and led Baltimore County police to Brown's body on February 7, listed his height and other attributes in his quest for dates on MySpace.com, a free Internet social site owned by News Corp. where mostly young people connect for friendship and romance. http://www.cnn.com/2006/TECH/internet/03/21/online.dating.threat.reut/index.html - - - - - - - - - - Dutch coffee shops introduce fingerprint ID Some Dutch coffee shops, which sell marijuana in small quantities for personal use, are introducing fingerprinting technology to check the age of customers. The shops are not allowed to sell to anyone under the age of 18. Coffee shops currently require photographic ID for proof of age. http://www.theregister.co.uk/2006/03/21/fingerid_coffeeshops/ ID cards to spur e-signature take up http://www.theregister.co.uk/2006/03/21/idcards_spur_esignatures/ - - - - - - - - - - Internet untouchable for FBI agents in city It seems as if every Manhattan prep schooler has one, but many of New York's FBI agents are fighting crime and terrorists without an Internet-ready phone or even an e-mail account, the Daily News has learned. Mark Mershon, the assistant director in charge of the FBI's 2,000-employee city office, blamed the technology gap on Washington budget constraints. http://www.it-observer.com/news/5896/internet_untouchable_fbi_agents_city/ ************************************************************ Digital Investigation is the international journal of digital forensics and incident response. To apply for a free sample copy visit: http://www.digitalinvestigation.net *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2006, NewsBits.net, Campbell, CA.