NewsBits for March 22, 2006 sponsored by Digital Investigation - The International Journal of Digital Forensics & Incident Response - www.digitalinvestigation.net ************************************************************ Man arrested over online attacks A VICTORIAN man has been charged over a series of high-profile international internet hacking attacks. The 22-year-old was arrested in Melbourne early today after a joint state and federal investigation into the sophisticated attacks on internet relay chat (IRC) servers in Australia in 2005, the federal police said. http://www.heraldsun.news.com.au/common/story_page/0,5478,18562814%5E661,00.html Phishing and Denial of Service attacks are on the rise http://www.it-observer.com/news/5907/phishing_denial_service_attacks_are_rise/ - - - - - - - - - - 'Nut Case' gang rampage - GTA cited A member of the Oakland, California "Nut Case" gang who allegedly indulged in an orgy of murder, attempted murder, robbery and kidnapping could face the death penalty if the jury at his trial finds him guilty on commission of a robbery and multiple murder raps. Demarcus Ralls is the first Nut Case to stand trial for a six-week crime spree in late 2002 and early 2003 which "terrorized Oakland residents", ktvu.com reports. http://www.theregister.co.uk/2006/03/22/nut_case_gang/ - - - - - - - - - - 80,000 HP staff exposed as laptop loss party continues Financial services companies appear to have it in for their technology customers with Fidelity Investments adding to a spate of laptop thefts. A laptop lost by Fidelity this month has exposed 80,000 HP employees, staff were told last night. http://www.theregister.co.uk/2006/03/22/fidelity_laptop_hp/ - - - - - - - - - - Child-porn sentence grows to 25 years Chip Foreman, co-owner of an Orange County clock store and a registered sex offender, found himself in familiar surroundings Tuesday. Already sentenced to 10 years in federal prison for possessing child pornography, Foreman received a 25-year prison term on similar state charges. http://www.orlandosentinel.com/orl-sexconvict2206mar22,0,4338999.story - - - - - - - - - - Women sentenced in separate sex crime cases Two Utah women received 36-month prison terms Tuesday in unrelated child porn and sex crime cases. Debra Ann Larsen enticed an undercover agent posing as a 13-year-old girl in an Internet chat room to engage in sexual acts. http://www.sltrib.com/utah/ci_3626675 - - - - - - - - - - Penn Hills man pleads guilty in child porn case A Penn Hills man yesterday pleaded guilty in federal court to receiving hundreds of images of child pornography on his home computers. Robert Cunningham, 25, was sentenced to 63 months in prison for downloading the images between December 2004 and March 2005 on three family computers at his home. http://www.post-gazette.com/pg/06081/674607.stm - - - - - - - - - - Priest facing child porn charge A Roman Catholic hospital chaplain downloaded sexually explicit pictures of children from the Internet to his personal laptop computer, federal prosecutors said Tuesday. Rev. Daniel Schulte, 53, a Vincentian priest who formerly was one of four chaplains at St. Alexius Hospital in Hoffman Estates, is charged with one count of possession of child porn. http://www.chicagotribune.com/news/local/nearwest/chi-0603220222mar22,1,5576284.story - - - - - - - - - - Police arrest man on child porn charges A Fayetteville man is in police custody for allegedly downloading numerous images of child pornography on his computer. Thomas Marvin Ferriel, 24, of 741 S. Erika faces 10 counts of viewing, possessing and distributing sexually explicit material involving a child. http://nwanews.com/nwat/News/38746/ - - - - - - - - - - Couple charged with producing child porn A young couple have appeared in the Port Adelaide Magistrates Court charged with numerous sex offences, including producing child pornography. It is alleged that the 24-year old man and his 22-year-old girlfriend gave two teenage girls the drug ecstasy before videotaping them engaged in sexual acts. http://www.abc.net.au/news/newsitems/200603/s1598503.htm - - - - - - - - - - Group Starts Petition Drive To Remove Councilman Councilman Accused Of Downloading Child Porn A Calimesa councilman accused of downloading child porn onto computers, including a city- owned laptop, is facing a petition effort aimed at getting him to step down, the organizer said Tuesday. http://www.nbc4.tv/news/8169616/detail.html - - - - - - - - - - Apple lashes out at proposed French law Apple Computer Inc. has accused France of "state-sponsored piracy" in reaction to a proposed law that would allow iTunes users to play their music on devices other than iPods. http://www.computerworld.com/securitytopics/security/story/0,10801,109779,00.html - - - - - - - - - - Debit-card fraud underscores legal loopholes Recent widespread debit-card fraud likely has roots in three major data leaks that occurred in the last six months, two of which have yet to be publicly disclosed by the companies involved. Consumers have noted a large increase in the amount of debit-card fraud since the beginning of 2006, as well as a wide recall of cards by banks and financial institutions. http://www.theregister.co.uk/2006/03/22/debit_card_fraud/ Trojan Redirector Ups the Ante in Online Banking Attacks http://www.eweek.com/article2/0,1759,1940623,00.asp - - - - - - - - - - OSCE Office organizes discussion on cyber threats Combating cyber crime and threats to cyber security were the topic of a roundtable discussion, organized today by the OSCE Office in Yerevan. Experts from the Armenian Task Force on cyber crime and cyber security presented the main challenges in the field and suggestions to improve the situation, recommending as a first step that the country's Parliament ratify the 2001 Council of Europe Convention on Cybercrime. http://www.noticias.info/asp/aspComunicados.asp?nid=157745 Interpol: Politicians failing to tackle phishing http://management.silicon.com/government/0,39024677,39157425,00.htm - - - - - - - - - - Microsoft to update IE after bugs Microsoft Corp. is readying an update to Internet Explorer following the recent discovery of two unpatched IE vulnerabilities, including one bug that could allow attackers to seize control of a victim's PC. http://www.computerworld.com/securitytopics/security/hacking/story/0,10801,109769,00.html http://www.computerworld.com/securitytopics/security/story/0,10801,109768,00.html IE worries continue with critical bug http://computerworld.com/securitytopics/security/story/0,10801,109798,00.html Gates admits Internet Explorer error http://www.theregister.co.uk/2006/03/22/gates_mea_culpa/ - - - - - - - - - - Symantec pulls Backup Exec patches Companies using Symantec's Veritas Backup Exec are facing a dilemma after Symantec warned of security flaws in the software, but pulled some of the patches due to quality issues. http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5621 - - - - - - - - - - Sendmail security flaw identified, patch issued Internet Security Systems said it has uncovered a flaw in the most recent version of the Sendmail open-source code used primarily in Unix-based and some Windows-based e-mail gateways. http://www.computerworld.com/securitytopics/security/holes/story/0,10801,109791,00.html - - - - - - - - - - U.S. government probes Caller ID spoofing The U.S. government is becoming interested in commercial Caller ID spoofing services for a possible role in illegal activity. http://www.securityfocus.com/brief/171?ref=rss http://www.wired.com/news/technology/0,70462-0.html - - - - - - - - - - Apple Gets Security Lecture from Microsoft In a classic flipping of the script, a Microsoft program manager who regularly serves as the public face of the software maker's security response process rapped Apple for the way it handles security guidance to customers. http://www.eweek.com/article2/0,1759,1941316,00.asp Mac Viruses: The Hens Tooth Of Malware http://www.it-observer.com/articles/1084/mac_viruses_hens_tooth_malware/ - - - - - - - - - - Windows Vista delayed on quality, security concerns Microsoft announced on Tuesday that security concerns had delayed the software giant's next- generation operating system, Windows Vista, until November for business users and January 2007 for general consumer availabiltiy. http://www.securityfocus.com/brief/170 - - - - - - - - - - Protection from Emerging Virus Threats Today's malware distributors skirt traditional defenses by exploiting the zero hour gap, the time it takes to identify the attacking malware and write signatures that can detect and neutralize it. Recent studies have shown the lag time or gap between when a virus is recognized and a signature written to combat it can range from several hours to more than one day. http://www.it-observer.com/news/5909/protection_emerging_virus_threats/ Hearse spells doom for surfers http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5613 - - - - - - - - - - Home Secretary admonishes Lords over ID cards The government has attacked peers for holding up its ID card legislation. The government has criticised the House of Lords' repeated blocking of ID card legislation for trying to delay and destroy the bill. http://news.zdnet.co.uk/business/legal/0,39020651,39258741,00.htm - - - - - - - - - - Iowa proposes ID theft 'passport' Lawmakers in Iowa are proposing a special "passport" meant to protect victims of identity theft against false criminal action and credit charges. http://news.zdnet.com/2100-1009_22-6052308.html - - - - - - - - - - Security Implications of Deploying KVM Over IP As IP connectivity extends KVM control beyond the physical confines of the data center, it brings with it a new set of security concerns. This white paper provides an overview of system security in the context of both legacy rack mount KVM and KVM-over-IP systems, and includes a description of the threats that face enterprise systems, as well as the security mechanisms included in Raritan's Dominion(r) Series to counter the threats. http://www.computerworld.com/securitytopics/security/story/0,10801,109784,00.html - - - - - - - - - - OS X Sudo vs. Root: The Real Story OS X SudIn Mac OS X, the root account is disabled by default. The first user account created is added to the admin group and that user can use the sudo command to execute other commands as root. The conventional wisdom is that sudo is the most secure way to run root commands, but a closer look reveals a picture that is not so clear. http://www.it-observer.com/news/5906/os_x_sudo_vs_root_real_story/ - - - - - - - - - - Fighting Hackers, Viruses, Bureaucracy Search the exact phrase National Computer Security Survey on the U.S. Department of Homeland Security's Web site, and you won't find a thing. That's surprising, because the Department of Homeland Security is a co-sponsor of a study titled "National Computer Security Survey." http://www.it-observer.com/news/5908/fighting_hackers_viruses_bureaucracy/ - - - - - - - - - - Encryption for the masses A few weeks ago there was a knock at my door, and my new MacBook Pro laptop had arrived. I was very excited, because it's one of the first of the new Intel-based dual core systems available. Yes, it's fast. Fast enough to give me visions of OS X native apps running alongside both Windows Vista and Fedore Core inside two virtual machines. http://www.it-observer.com/news/5913/encryption_masses/ http://www.securityfocus.com/columnists/393 - - - - - - - - - - Is Your DR Plan Vulnerable to an Attack? Sorry, I have to do this. I have to rant. Here's what I have to get off my chest. News item: "DHS Scores F on Cybersecurity Report Card." Last week, a congressional oversight committee gave the U.S. Department of Homeland Security a failing grade on its annual cybersecurity report card. Congress says that when it comes to protecting the country's data infrastructure -- an entity that in itself has become critical to the continued functioning of the U.S. economy -- the DHS is a D-U-N-C-E. Appalling. http://www.computerworld.com/securitytopics/security/story/0,10801,109795,00.html - - - - - - - - - - Forensics Wiki This is the Forensics Wiki, devoted to information about digital forensics. We are just getting started, but still encourage you to browse the site and contribute whatever information you have available. http://www.it-observer.com/news/5914/forensics_wiki/ ************************************************************ Digital Investigation is the international journal of digital forensics and incident response. To apply for a free sample copy visit: http://www.digitalinvestigation.net *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2006, NewsBits.net, Campbell, CA.