October 24, 2000 Net paedophile gets five years A paedophile who used the Internet to stalk his victims has been sentenced to five years imprisonment for the sexual abuse of a 13-year-old girl he met on the Web. Aylesbury Crown Court heard that Patrick Green, 33, of Ivor Heath in Buckinghamshire lured the girl into meeting him after posing as a 15-year-old boy. Green stalked the girl for several months, and after obtaining her private email address arranged a private rendezvous. Green met the girl in his car and took her to his flat where he began a series of indecent assaults. http://www.zdnet.co.uk/news/2000/42/ns-18652.html - - - - - - - - - - - - Credit card details exposed by website Details of thousands of credit cards were left temporarily exposed on the internet by a UK video retailer after it upgraded its website 10 days ago. An investigation by vnunet.com's sister title Computeractive, revealed that details from more than 11,500 customers held by Bensonsworld.co.uk could have been easily accessed, by altering the web address in a browser accessing its site. The retailer, the website of 20-year-old London-based retailer Bensons, confirmed the problem and said it wasn taking precautions to prevent access to the data. It locked access to the website on Monday afternoon by password protecting it. http://www.vnunet.com/News/1112881 - - - - - - - - - - - - MindSpring site exposes password files An unpatched, buggy version of open-source e-commerce software, combined with a misconfigured hosting server, exposed password files earlier this month for approximately 100 domains hosted by Atlanta-based EarthLink Inc. The chain of events included the discovery of a 2-year-old security flaw and the exposure of password lists for all customers on two MindSpring Enterprises Inc. servers. The situation illustrates some of the potential perils of failing to register e-commerce software with vendors that issue security and other upgrade advisories. A Web search by an affected customer has uncovered potentially thousands of e-commerce sites that haven't applied the patch. http://computerworld.com/cwi/story/0,1199,NAV47_STO52714,00.html - - - - - - - - - - - - Virus in the valleys The Welsh Assembly's computers are still suffering from attacks by 1990s-style viruses. The IT network at the National Assembly for Wales was out of action on 24 October 2000 following a virus attack. Computer systems were threatened for the second time in less than a week with all 2,500 staff at both the Assembly headquarters and its civil service support base told not to use the network. Steve Jenkins of the Welsh Conservatives described the disruption: "I came in this morning and the virus had screwed up everything. There was no internet access and we couldn't receive or send emails. Its particularly difficult here as the Assembly is as paperless as possible." A member of the Welsh Liberal Democrat party echoed his counterpart calling the situation a "bloody inconvenience". http://www.kablenet.com/kable.nsf/Frontpage/2E250298B813356780256982004D458F - - - - - - - - - - - - Hackers insist they beat audio technology Researchers on Tuesday stood by claims they hacked into copyright protection technology developed by a music industry forum, calling the technology inherently flawed. A spokeswoman for the Secure Digital Music Initiative (SDMI), which had offered a $10,000 award to hackers who could break into its software by Oct. 7, said the group was still reviewing whether anyone had succeeded. http://www0.mercurycenter.com/svtech/news/breaking/reuters/docs/555129l.htm - - - - - - - - - - - - Anonymous Net posting not protected In a ruling that challenges online anonymity, a Florida appeals court declared Monday that Internet service providers must divulge the identities of people who post defamatory messages on the Internet. Critics of the ruling say it could have a chilling effect on free expression in Internet chat rooms. The ruling comes against the efforts of the American Civil Liberties Union to protect the identity of eight individuals who posted anonymous missives on a Yahoo! financial chat room about Erik Hvide, the former CEO of Hvide Marine Inc. Hvide alleges that personal attacks against him also caused damage to the company's image. http://www0.mercurycenter.com/svtech/news/breaking/ap/docs/520074l.htm - - - - - - - - - - - - SDF prepares to combat cyberterrorism The Defense Agency is set to develop computer systems to combat attempts by hackers to disrupt the country's defense operation by breaking into key computer systems, sources said Monday. The sources said the agency is studying a system that could inflict damage on defense systems in other countries through the Internet even though it could run contrary to the Constitution. The agency hopes to launch full-fledged development of the system, which will cover the Ground, Maritime and Air Self-Defense forces in the budget for fiscal 2001, the sources said. The agency plans to organize a squad that will handle antihacker and antivirus schemes, by picking officers from the three forces, the sources said. http://www.japantimes.co.jp/cgi-bin/getarticle.pl5?nn20001024b5.htm - - - - - - - - - - - - High-stakes hacking, Euro-style In the United States, a hacker is usually viewed as a teen-age, blue-haired nuisance who defaces Web sites. Maybe he ends up in court, and even in handcuffs but he doesn’t end up hanging from a tree. Not the case in Europe, where a legendary 27-year-old German computer hacker was found hung by his own belt in a Berlin park two years ago. On that side of the Atlantic, a place where stealing Internet access is sometimes a necessity and computer hardware is often archaic, hacking is hardly a game. http://www.msnbc.com/news/479105.asp - - - - - - - - - - - - FBI developing ’Enhanced Carnivore’ The FBI is still developing its Carnivore Internet surveillance tool, according to FBI documents obtained by the Electronic Privacy Information Center through a Freedom of Information Act lawsuit. The FBI is creating "Enhanced Carnivore" under a contract that runs through January that calls for the development of two new versions of the system, David Sobel, general counsel at EPIC, said Oct. 19. The documents, released to EPIC on Oct. 2, are the first of several installments that EPIC expects to receive as a result of its FOIA lawsuit over the controversial Carnivore system, whose legality is being investigated by the Congress and questioned by privacy advocates. http://www.fcw.com/fcw/articles/2000/1023/web-carn-10-23-00.asp - - - - - - - - - - - - Internet Experts Battle Cybercrime Top Internet experts from the world's richest countries met on Tuesday to forge new approaches in the battle against growing cybercrime but acknowledged they had no solution to the problem. "Data espionage and data theft, credit card fraud, child pornography, far-right extremism, and terrorists are ever more common on the Internet," German Foreign Minister Joschka Fischer told a conference of 100 government and industry experts. "Already today, losses from cybercrime are 100 billion German marks [$42.9 billion] a year. And without a doubt, this is only the beginning," he told the three-day conference of specialists from the Group of Eight (G8) industrialized nations. http://www.techtv.com/cybercrime/hackingandsecurity/story/0,9955,3007416,00.html - - - - - - - - - - - - Cybercrime treaty targets hackers Computer scientists fear impact on security research. Meet the world’s newest class of persecuted artists: computer hackers. European Union nations, and perhaps even the United States, are about to make nearly any form of hacking even security research illegal by treaty. The possibility scares a group of top European computer security experts gathered in Amsterdam this week so much that one declared, 'It’s the witch hunt of the 21st century.' USE THE TERM 'computer hacker' and you’ve already touched off a battle of semantics that leaves many scratching their heads. That’s part of the problem with The Council of Europe’s Draft Cybercrime Treaty, authored by the 41-nation body in consultation with the U.S. Department of Justice. It could be signed as early as December. http://www.msnbc.com/news/480734.asp - - - - - - - - - - - - White House steps up Net privacy protection The Clinton administration is stepping up its effort to ensure the government protects Americans' personal privacy after a congressional report alleged federal agencies electronically track users online. When asked about the report, which said 13 federal agencies ignored a directive against tracking visitors to government Web sites, White House spokesman Jake Siewert said the administration is starting to keep tabs on agencies. http://www.usatoday.com/life/cyber/tech/cti708.htm http://www.fcw.com/fcw/articles/2000/1023/web-priv-10-24-00.asp - - - - - - - - - - - - Industry lobbies to secure CIAO funding Applying pressure where agencies cannot, 11 private sector organizations called on Congress this week to fully fund the Critical Infrastructure Assurance Office for its continuing leadership of government and industry information security efforts. "If the CIAO is not funded adequately, it will set back the nation’s critical infrastructure strategic development and the public private cooperation that the agency has so ably facilitated," the letter states. "The CIAO has worked hard to gain the trust of industry for the benefit of the economic security of the U.S., and the rewards of this service are just beginning to come to fruition." http://www.fcw.com/fcw/articles/2000/1023/web-ciao-10-23-00.asp - - - - - - - - - - - - Employers gain e-snoop powers Workers may find their surfing habits under scrutiny. New regulations giving employers sweeping powers to monitor their workers' e-mails and internet activity come into force on Tuesday. But campaigners say the rules, under the new Regulation of Investigatory Powers Act, are an assault on personal privacy. Under the regulations, employers can legally monitor staff phone calls, e-mails and internet activity without consent, for a wide range of reasons. They can intercept communications to protect against computer viruses, to monitor how staff deal with customers, and to ensure workers are not using the internet to access offensive material. http://news.bbc.co.uk/hi/english/sci/tech/newsid_987000/987557.stm http://www.zdnet.co.uk/news/2000/42/ns-18646.html http://www.zdnet.co.uk/news/2000/42/ns-18645.html - - - - - - - - - - - - Virus Threat's Bad And Getting Worse - ICSA Survey The number of corporations infected by viruses this year has risen by 20 percent, with the pace of infections accelerating rapidly, according to a report issued Monday by anti-virus consulting firm ICSA.net. Larry Bridwell, content security program manager for ICSA Labs in Carlysle, Penn., and a study co-author, said the company's 2000 report indicates the danger for corporate "virus disasters" is worse now than it has ever been in the six years that ISCA has been conducting its annual virus surveys. http://www.computeruser.com/news/00/10/24/news7.html - - - - - - - - - - - - New filter scours servers for illicit content So long, smut. A Paris-based technology company Tuesday will unveil a filter that sends an email alert to customers whenever it finds a lewd picture or photo on a Web site. ImageFilter, the newest product from Internet infrastructure provider LookThatUp, is an "image recognition engine" that breaks down photos or drawings into their unique visual attributes. ImageFilter is the latest in a growing repertoire of products targeted at e-commerce companies that unwittingly host pornographic images, from Web hosting businesses to online auction houses. It's virtually impossible for such companies to monitor hundreds of thousands of pages created by disparate customers around the world. http://news.cnet.com/news/0-1005-200-3277835.html - - - - - - - - - - - - Programmer finds filtering system too diligent As Congress mulls whether smut-blocking software should be installed in all public schools and libraries, a computer programmer on Tuesday published a report alleging that at least one filtering company takes its job too far. The report found that software provided by Seattle's N2H2 blocked several political information sites, including one belonging to a conservative group that supports Web filters on public computers. N2H2 spokesman Allen Goldblatt explained that sites blocked were free home pages, which schools often ask to be blocked as part of its filtering package. Free home pages are sites created by individuals and hosted by companies such as GeoCities. "A lot of people think filtering is just about pornography, but it goes much deeper than that," Goldblatt said. http://news.cnet.com/news/0-1005-200-3286105.html - - - - - - - - - - - - Congress funds future digital defenders A program to train the next generation of federal cyberspace workers cleared a major hurdle this month. Congress approved the full funding request this month for a program that will provide scholarship money to students pursuing degrees in information security. In exchange, the scholarship recipients will work at federal agencies after graduation. The final amount of $11.2 million, contained in the Veterans Affairs-Housing and Urban Development appropriations bill, will go to the National Science Foundation for the administration’s Scholarship for Service program. It is part of the larger Federal Cyber Services initiative proposed by President Clinton in the National Plan for Information Systems Protection in January. http://www.fcw.com/fcw/articles/2000/1023/web-cyber-10-24-00.asp - - - - - - - - - - - - ADL points to signs of hate on Web The Anti-Defamation League has devised an online guide to hate symbols, logos and tattoos to help parents and teachers identify warning signs in their communities. The guide appeared Tuesday on the ADL's Web site. Unlike a companion print edition, the ADL's Web site will be continually updated with new symbols and groups. The league will also encourage visitors to report new sightings via e-mail. http://www0.mercurycenter.com/svtech/news/breaking/ap/docs/527781l.htm - - - - - - - - - - - - The Policy of Protection You've shored up the firewall, implemented intrusion detection and deployed strong authentication. But there's one more security measure you can take to protect your company's electronic assets: Buying insurance. Several carriers now offer security insurance to help you manage the risks posed by cyberspace. "Achieving 100% security is impossible," says Greg Grant, director of marketing and alliances for Internet Security Services (ISS) in Atlanta. http://www.nwfusion.com/research/2000/1023feat2.html - - - - - - - - - - - - Companies Fight Back Against Internet Attacks This summer, the Yahoo message boards were full of postings that insinuated that Titan Corp.'s stock was headed south. "Very very bad earnings surprise coming today?" said one. "[Titan] is getting nailed with huge sell orders! Jump the sinking ship," said another, posted by someone with the screen name "CCRibber." If the goal was to scare investors and drive the stock price even lower, it worked. Messages like that - plus a fake analyst report criticizing Titan - sent Titan's shares plummeting from $44 on June 20 to $21 on Aug. 22. It was a staggering 50% loss in market value, totaling $1.3 billion. Then Titan got mad. The San Diego-based high-tech company filed suit on Aug. 30, angrily charging that the posters were "unscrupulous short sellers" who conspired to depress the stock for their own profits. The company got a subpoena to "smoke out" the people behind the three dozen screen names that had torpedoed Titan's stock. http://computerworld.com/cwi/story/0,1199,NAV47_STO52667,00.html - - - - - - - - - - - - Scourge of the Internet Age: ID theft A Web-based system aimed at fighting identity theft debuted on Monday while U.S. regulators mulled new ways of helping disentangle victims from this growing scourge of the Internet age. Privista Inc., a New York startup allied with credit bureau Equifax, rolled out ID Guard, which will be offered free for life to consumers signing up by Dec. 31 at Privista. The service will monitor weekly an Equifax credit file for unusual activity: address changes, new account openings, account inquiries, uncommonly large credit-card balance changes, social security number changes, and 10 other potential warning signs. When a trigger event has occurred, the service notifies the user by e-mail, helping fight a problem that could afflict as many as 750,000 Americans next year, said Privista CEO Eric Gertler, citing industry projections. http://www.zdnet.com/zdnn/stories/news/0,4586,2644454,00.html - - - - - - - - - - - - Shining light on cybercrime Expert says security barrier is human, not technical. After more than six years of chronicling the insecurities of cyberspace for a computer security newsletter, Richard Power finally decided this past spring to put it all together in a book. The result is Tangled Web: Tales of Digital Crime From the Shadows of Cyberspace (Que, $25), which explains in everyday terms for the non-techie and security pro alike how and why cyberspace has gained a reputation as a bad neighborhood. He examines many of the best-known crimes committed in this relatively new area and discovers that, as in the physical world, matters in cyberspace aren't always as they seem. http://www.usatoday.com/life/cyber/tech/cti703.htm *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000, NewsBits.net, Campbell, CA.