NewsBits for March 29, 2006 sponsored by Digital Investigation - The International Journal of Digital Forensics & Incident Response - www.digitalinvestigation.net ************************************************************ Two DNS servers hit by denial-of-service attacks In the second attack of its kind in the past few days, Domain Name System (DNS) servers at Network Solutions Inc. were hit by a denial-of-service attack this afternoon, resulting in a brief performance degradation for customers, according to the company. http://www.it-observer.com/news/5960/two_dns_servers_hit_by_denial_service_attacks/ http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5668 DNS hackers target domain registrars http://www.theregister.co.uk/2006/03/29/dns_ddos_attacks/ - - - - - - - - - - Barclays denies online confusion Barclays Bank customers have complained they can no longer set up new payments through the website. Barclays' call centre is telling customers that an increase in fraud, especially phishing, has forced them to stop customers setting up payments to new people - existing standing orders are not affected. http://www.theregister.co.uk/2006/03/29/barclays_online_suffers/ - - - - - - - - - - Judge hands out one-year sentence on child-porn charge Manitoba set a precedent for child pornography crimes yesterday when a Winnipeg man got a one- year jail sentence for distributing graphic pictures and movies of children having sex with adults. http://www.brandonsun.com/story.php?story_id=22310 - - - - - - - - - - Bus driver jailed for child porn A paedofile found with hundreds of thousands of serious indecent images of children on his computer has been jailed for just a year. Phillip Llorca (56), a bus driver from Salisbury, had pleaded guilty to making and downloading images after Wiltshire police arrested him following a tip-off from an investigation team in the United States. http://www.thisiswiltshire.co.uk/news/headlines/display.var.717353.0.bus_driver_jailed_for_child_porn.php - - - - - - - - - - Billings soldier charged with child porn A Billings solider charged with raping a teenage girl also faces federal exploitation and child pornography charges. Gregory Hilton Neufeld, 31, who is serving in the U.S. Army in Hawaii, pleaded not guilty Tuesday to a three-count federal indictment charging him with sexual exploitation of children, receipt of child pornography and possession of child porn. http://www.billingsgazette.net/articles/2006/03/28/news/local/24-childporncharged.txt - - - - - - - - - - More arrests in Bloomington child porn ring Two more arrests have been made in connection with a child pornography ring in McLean County. Brian Isaac, 39, of Bloomington and Doug Evans, 56, of Peoria are both charged with production of child porn. http://www.hoinews.com/news/news_story.aspx?id=4988 - - - - - - - - - - Former Verona Firefighter Fights Sex Charges A former Verona firefighter believes he's paid a price for a child sex assault. And Chase Kaczmarski, 26, wants a second degree, sexual assault charge dismissed. But for more than a year, Kaczmarski's also been a suspect in distributing child porn over the internet. http://www.wkowtv.com/index.php/news/story/p/pkid/23597 - - - - - - - - - - Lonoke Man Faces Child Porn Charges Police arrested a Lonoke man for allegedly having child pornography on his computer. Deputies arrested 48-year-old Lawrence Johnson on a computer child pornography charge after searching his home on Shotgun Lane in Lonoke. http://www.todaysthv.com/news/news.aspx?storyid=26024 - - - - - - - - - - Sacramento Man Arrested On Child Porn Charges A local man is under arrest tonight on child pornography charges. It appears the investigation started at Sacramento State University and expanded from there. The former Sacramento State Student was reportedly accessing and viewing pornography in his dorm on the Sacramento State Campus. http://cbs13.com/topstories/local_story_087230052.html - - - - - - - - - - Cops seek info abut child porn suspect Alaskan cops are releasing the picture of a man accused of travelling to the States with the intent of having sex with two young girls, hoping other potential victims may come forward. http://calsun.canoe.ca/News/Alberta/2006/03/29/1510376-sun.html - - - - - - - - - - Piracy set to dominate Chinese-US trade talks The issue of intellectual property (IP) protection looks set to be a major focus of the upcoming U.S.- China Joint Commission on Commerce and Trade (JCCT) talks scheduled to start April 11. Carlos Gutierrez, the U.S. secretary of commerce, was in Beijing Tuesday to discuss preparations for the talks and raised the issue of IP protection. http://www.computerworld.com/securitytopics/security/story/0,10801,110026,00.html - - - - - - - - - - Microsoft announces IE 7 bug site Microsoft has launched an Internet Explorer Feedback page to receive the next stream of bugs expected for its forthcoming IE 7 browser. The site, which requires a Microsoft Passport login (such as a Hotmail login), has a large page of Terms and Conditions that must be agreed upon before bugs can be submitted. http://www.securityfocus.com/brief/173?ref=rss After IE attacks, Microsoft eyes security betas http://www.computerworld.com/securitytopics/security/story/0,10801,110028,00.html Patches released for zero-day IE threat http://www.theregister.co.uk/2006/03/29/ie_patches_released/ - - - - - - - - - - The Web Hacking Incidents Database The web hacking incident database (WHID) is a Web Application Security Consortium project dedicated to maintaining a list of web applications related security incidents. WHID goal is to serve as a tool for raising awareness of the web application security problem and provide the information for statistical analysis of web applications security incidents. http://www.it-observer.com/news/5958/the_web_hacking_incidents_database/ - - - - - - - - - - Anti-malware Vendors Stare Down Microsoft Threat While some experts have predicted that the arrival of Microsoft's Vista, along with several stand-alone security products, will threaten independent security vendors, many malware fighters say they aren't worried. http://www.eweek.com/article2/0,1759,1943759,00.asp - - - - - - - - - - Spy program snoops on cell phones Cell phones Security Security threats. New software that hides on cell phones and captures call logs and text messages is being sold as a way to monitor kids and spouses. But one security company calls it a Trojan horse. http://news.zdnet.com/2100-1009_22-6055760.html Mobile users to get more control of personal data http://www.computerworld.com/securitytopics/security/story/0,10801,109996,00.html - - - - - - - - - - Suffering in silence with data leaks A hacker had snatched her home address and phone and credit card numbers--even the three- digit security code printed on the back of her credit card--and was offering them to anyone willing to pay the asking price: $5. http://news.zdnet.com/2100-1009_22-6055160.html - - - - - - - - - - Wireless Cracking Tools By familiarizing yourself with following software, you will not only have a better understanding of the vulnerabilities inherent in 802.11 networks, but you will also get a glimpse at how a hacker might exploit them. These tools can even be used when auditing your own network as we will see later. http://www.it-observer.com/articles/1090/wireless_cracking_tools/ - - - - - - - - - - Scan for Viruses with Knoppix Ridding a network of Windows computers of a virus or worm can seem impossible. Viruses may cause computers to reboot and infect new machines while you are in the process of removing them. Through the use of the live- software installer, Knoppix provides a solution to this catch-22. http://www.it-observer.com/news/5959/scan_viruses_with_knoppix/ - - - - - - - - - - Burp - Suite for attacking web applications 1.0.1 Burp suite is an integrated platform for attacking web applications. It contains all of the burp tools (proxy, spider, intruder and repeater) with numerous interfaces between them designed to facilitate and speed up the process of attacking a web application. All plugins share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility. http://www.it-observer.com/tools/33/burp_suite_attacking_web_applications/ - - - - - - - - - - Avoid Wi-Fi false positives Recently, a reader reported being forced to disable intrusion-prevention monitoring within shared, multi-tenant locations because the wireless scanning system was generating a confusing abundance of red herrings, or false positives, from neighboring access points. http://www.it-observer.com/news/5965/avoid_wi_fi_false_positives/ - - - - - - - - - - VoIP Security: A layered approach Integration of communication services into the IP network infrastructure, and the Internet especially, is natural course that was started long ago with e-mail, continued with instant messaging and now taken one-step further with integration of standard, classical services like telephony. http://www.it-observer.com/articles/1091/voip_security_layered_approach/ - - - - - - - - - - Malware: Wading Through the Jargon Knowing the jargon is the first step to protecting your data and your computer system so that you can concentrate on more important work or play. This is the definitive guide to all you need to know about malicious code. Malware has been with us since 1981. http://www.it-observer.com/articles/1092/malware_wading_through_jargon/ - - - - - - - - - - The Price of Online Privacy At the grocery store the other night, I bought a half-pound of turkey from the deli. Only when I got home I discovered that they gave me ham by mistake. I went back to return the errant cold cuts, but before the store clerk would wait on me, he asked me for my name and phone number. http://www.it-observer.com/news/5962/the_price_online_privacy/ - - - - - - - - - - Google accused of bio-piracy First it was China, now it's genetics; Search giant Google has been accused of being the "biggest threat to genetic privacy" for its alleged plan to create a searchable database of genetic information. http://news.zdnet.co.uk/business/legal/0,39020651,39260264,00.htm - - - - - - - - - - Homeland Security to take digital fingerprints of visiting sailors The U.S. Department of Homeland Security plans to collect digital fingerprints of merchant sailors arriving at American ports, believing that will improve security and allow more seafarers to visit the United States, a department official said. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/14215943.htm ************************************************************ Digital Investigation is the international journal of digital forensics and incident response. To apply for a free sample copy visit: http://www.digitalinvestigation.net *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2006, NewsBits.net, Campbell, CA.