December 5, 2000 Man accused of surfing Net to molest child A Fremont man, accused of surfing the Internet to meet children, was arrested and booked on suspicion of attempting to molest a child, San Jose police said Monday. Robert Edward Lowe, a 47-year-old construction engineer, was also booked Thursday into Santa Clara County Jail on suspicion of distributing child pornography and solicitation to commit a felony. Lowe appeared in court Monday but did not enter a plea. His bail was set at $500,000. http://www0.mercurycenter.com/premium/local/docs/netmolest05.htm - - - - - - - - - Former school administrator indicted on pornography charges A former associate superintendent at Amphitheater Public Schools has been indicted on three counts of sexual exploitation of a minor in connection with three images of child pornography found on his work computer. John E. Rose, 59, is scheduled for arraignment Wednesday. He resigned from his Amphitheater job in October after a discovery of pornographic images on the computer in his office sparked an investigation by the Pima County Sheriff's Department. http://www.arizonarepublic.com/arizona/articles/1205superintendentporn-ON.html - - - - - - - - - Top U.S. diplomat leaves amid security breach row A top U.S. diplomat is retiring early after disciplinary action was initiated against six members of his staff over the disappearance of a laptop computer containing secret data, State Department spokesman Richard Boucher said on Tuesday. Boucher denied a Washington Post report that Ambassador Stapleton Roy, one of America's most respected Asia experts, was resigning in protest at Secretary of State Madeleine Albright's approach to dealing with the security lapse. The State Department has offered a $25,000 reward for anyone who helps recover the laptop, thought to hold data on nuclear proliferation, which was reported missing in January from the INR. http://www.zdnet.com/zdnn/stories/newsbursts/0,7407,2661617,00.html - - - - - - - - - Overseas hackers strike again: Israel Land Administration shuts down most of its web site The Israel Land Administration (ILA) was forced to close most of its Internet site last Fridey, due to damage caused by hostile overseas hackers. From now on and until further notice, there is therefore no possibility of receiving the results of the ILA’s new or previous tenders dated after January 1998. In contrast to the damage to tenders, other parts of the site providing general information are still operating. http://new.globes.co.il/serveEN/globes/docView.asp?did=454769&fid=947 - - - - - - - - - Network Associates denies hackers saw AV code Network Associates hit back at claims that its antivirus source code was compromised by hackers who breached the firm's security systems earlier this week. Jack Clark, European product manager at Network Associates, told vnunet.com: "No files or data were compromised by the hack." The denial came after a group of crackers, called Insanity Zine Corp, claimed to "own" Network Associates' antivirus software. The group admitted cracking and vandalising two of the computer security giant's Brazilian sites, www.nai.com.br and www.mcafee.com.br. Network Associates claimed the hackers did not penetrate any of its own websites, but only accessed sites hosted by a local contractor, Brazilian ISP Matrix. http://www.vnunet.com/News/1114794 - - - - - - - - - 'Mafiaboy' Trying To Stare Down Prosecutors Nearly a year after a hacker shut down some of the biggest names on the Internet -- causing an estimated $1.3 billion in lost business -- prosecutors and lawyers representing a defendant known as ''Mafiaboy'' are locked in a high-stakes game of chicken over whether the case will go to trial. The 16-year-old is charged with the cyber equivalent of breaking and entering in assaults last winter that shut down sites operated by Yahoo, eBay, CNN and E-Trade. The attacks, in which the Web sites were overloaded with requests from supercomputers infected with a program planted by a hacker, affected millions of Internet users worldwide. http://www.newsbytes.com/news/00/158985.html - - - - - - - - - Computer Data Key to Racketeer Case In a case that could test the limits of FBI surveillance in the Information Age, an alleged racketeer is going to trial on evidence gathered by agents who rigged his computer and monitored his every keystroke. Nicodemo S. Scarfo Jr., 35, the son of the jailed former boss of the Philadelphia mob, faces federal charges of running a bookmaking and loansharking operation. According to court documents, agents modified a computer Scarfo used at his Essex County business so that the FBI could monitor every keystroke, according to court documents. Scarfo could become the first defendant to challenge covert computer surveillance by the FBI. http://www0.mercurycenter.com/svtech/news/breaking/ap/docs/711072l.htm - - - - - - - - - Increase in hacker activity - FBI The FBI has observed an increase in Hacker activity specifically targeting U.S. systems associated with e-commerce and other internet-hosted sites. The majority of the intrusions have occurred on Microsoft Windows NT systems, although Unix based operating systems have been victimized as well. The hackers are exploiting at least three known system vulnerabilities to gain unauthorized access and download propriety information. Although these vulnerabilities are not new, this recent activity warrants additional attention by system administrators. http://www.nipc.gov/warnings/advisories/2000/00-060.htm - - - - - - - - - At the Local Level, A Losing War on Internet Crime Gail Thackeray is Arizona's point woman in the state's war on cybercrime, and she's about to be overrun. Now, the state attorney general's special counsel on cybercrime is demanding more help from Arizona's law enforcement community - apparently in vain. Local police force officials say they lack the training, staffing and resources to deliver much in the war against the burgeoning menace. But Thackeray has a different take: She thinks local police departments just don't get it. ``Police departments are run by middle-aged, midcareer people who didn't have computers when they were young,'' Thackeray said. ``Management has simply not provided the training.'' http://www.antionline.org/2000/12/05/cndin/0285-0132-pat_nytimes.html - - - - - - - - - Cybersquads to combat terrorism The government plans to establish at government entities within a year expert groups to cooperate with the private sector in gathering information on cyberterrorism in an attempt to prevent computer attacks, government sources said Monday. According to a draft action plan compiledby the government, it also aims to promote legislation to crack down on cyberterrorism that seriously affects the public. The plan is expected to be finalized at a government panel meeting to enhance information security that will be held by the end of the year. Under the plan, such industries as information and communications, finance, aviation, electricity and gas, and administrative services by central and local governments will be designated "essential infrastructure" in preparing for potential cyberterrorist attacks. http://www.japantimes.co.jp/cgi-bin/getarticle.pl5?nn20001205b1.htm - - - - - - - - - U.S. embraces European computer crime proposal The United States has endorsed the gist of a controversial European drive to tighten cybercrime laws over the protests of privacy, civil liberties and human rights advocates. The central provisions of the 41-nation Council of Europe's latest draft convention ``are consistent with the existing framework of U.S. law and procedure,'' the Justice Department said in a Friday posting on its cybercrime Web site. At issue is the first multilateral pact drafted specifically to deal with the cross-border nature of much computer-related crime. http://www0.mercurycenter.com/svtech/news/breaking/internet/docs/705193l.htm Group voices concern over EU cybercrime Information technology industry groups have expressed concern about provisions in a Council of Europe draft proposal for fighting cybercrime. The World Information Technology and Services Alliance (WITSA), a global consortium of IT associations, said in a statement that "the draft convention could impose burdensome data-preservation requirements on Internet service providers (ISPs); make ISPs liable for third party actions; and restrict legitimate activities on the Internet." http://www.cnn.com/2000/TECH/computing/12/05/eu.cybercrime.plan.idg/index.html - - - - - - - - - European ISPs could bill customers for cybercrime costs Possibly setting a European precedent, Internet service providers (ISPs) in the Netherlands say costs for Internet access will rise significantly due to cybercrime regulation. The Dutch ISPs say they are forced to install expensive network monitoring equipment. The cost for a medium-size access provider will be around 1.5 million guilders (US$600,000), and larger ISPs would face higher expenses, said the Vereniging van Nederlandse Internet Providers (Association of Dutch Internet service providers - NLIP). "As a result the cost of Internet access will rise 20 to 25 percent," said Hans Leemans, director of the NLIP. The deadline for installing the equipment is April. http://www.cnn.com/2000/TECH/computing/12/05/cyber.crime.costs.idg/index.html - - - - - - - - - Experts: Carnivore review had no teeth A who's who among corporate and academic security researchers on Monday criticized a government funded review of the FBI's Carnivore Internet surveillance system as "limited" and "inadequate." The researchers said that while a previous review completed by a team at the Illinois Institute of Technology Research Institute (IITRI) appeared to have been conducted in good faith, the results were incomplete. "We continue to have serious concerns relating to the Carnivore system," stated the researchers in the report, authored by Steve Bellovin and Matt Blaze from AT&T Laboratories, David Farber from the University of Pennsylvania, Peter Neumann from SRI International, and Gene Spafford from Purdue University. http://www.zdnet.com/zdnn/stories/news/0,4586,2661076,00.html http://www.newsbytes.com/news/00/158986.html - - - - - - - - - Virus Writers Send Holiday Greetings Christmas goodwill in cyberspace might not be as sincere as it seems, virus experts are warning. Malicious season's greetings look set to cause the latest computer bug scares, with the first two Christmas viruses already spreading fast. "Music," which masquerades as a Christmas tune program, is a bug that can update and mutate itself by connecting to its creator's Web site. "Navidad," aimed at Spanish speakers, has swiftly become the second-most troublesome virus to clients of British-based antivirus firm Sophos. http://www.pcworld.com/news/article.asp?aid=35983 - - - - - - - - - Autodesk Settles $100,000 Case With Repeat Software Piracy Offender Autodesk, Inc. today announced that it has settled a federal lawsuit against second-time software licensing violator W. J. Sutherland & Associates, Inc., of Bloomington, Minnesota. Sutherland & Associates, a design engineering firm, was caught earlier this year violating a settlement agreement reached with Autodesk in 1996. To resolve its second software licensing infringement, Sutherland & Associates had to pay Autodesk a $100,000 penalty, purchase enough AutoCAD software licenses to bring the company into compliance with federal copyright law, purchase Autodesk software directly from Autodesk for the next year, and subject itself to annual on-site inspections by Autodesk for the next three years. Further, Sutherland & Associates and its President Jock Sutherland were made subject to a federal court order barring them from making unlawful copies of Autodesk's software. http://biz.yahoo.com/prnews/001129/ca_autodes.html - - - - - - - - - Groups seek to restrict Amazon.Com Two Internet privacy groups, unhappy about Amazon.com's new policies on selling shopper information, including buying habits and credit card and social security numbers, asked federal regulators Monday to block the practice unless the company gets customer approval. Junkbusters Corp. and the Electronic Privacy Information Center took the appeal to the Federal Trade Commission, which has intervened in similar cases in the past. Amazon revised its privacy policy in August, telling customers it now considers information it has about them a company asset to be sold should the online retailer go out of business or sell a division. http://www0.mercurycenter.com/svtech/news/breaking/ap/docs/707128l.htm - - - - - - - - - Net Privacy Law Could Pass, Despite Congressional Rancor Although fallout from this year's messy presidential election may deepen partisan battle lines in the next Congress, Internet privacy legislation actually stands a good chance of passing, given the congressional makeup and continued public demand for privacy protection, observers said today. "Looking at the makeup of the next Congress ... there is some justifiable optimism that there will be an Internet privacy law passed in the next Congress," Andrew Shen, a policy analyst for the Electronic Privacy Information Center (EPIC) said today. http://www.newsbytes.com/news/00/159002.html - - - - - - - - - Canadian privacy law raises ante NEXT MONTH CANADA will enact a law that offers sweeping privacy protections for its citizens. But the law may also create legal obligations and data management problems for potentially thousands of businesses that exchange data with firms and subsidiaries in Canada, the United States' largest trading partner. On Jan. 1, Canada's Personal Information Protection and Electronic Documents Act becomes law, requiring businesses to offer Canadian citizens certain guarantees regarding the collection and use of personal data. For example, they must get a customer's consent before sharing data with affiliates or commercial partners and must provide access to that data for review. http://www.infoworld.com/articles/hn/xml/00/12/04/001204hncanpriv.xml - - - - - - - - - China to tighten Web regulation In its latest effort to place restrictions on Internet usage, China intends to tighten regulation of online bulletin boards, Beijing's top telecommunications official said Tuesday. Wu Jichuan, head of the Ministry of Information Industry, said the Chinese government was working on a ``better way'' to manage the Internet. http://www0.mercurycenter.com/svtech/news/breaking/ap/docs/707489l.htm - - - - - - - - - Can hacker crack million-dollar dare? With a 30-day deadline, the challenge to crack Secure Systems' Silicon Data Vault technology will be issued by December 15. "We don't believe any hacker at all will get through the vault," Secure Systems CEO, Mike Wynn, told ZDNet. A successful crack will see US$10,000 donated by Secure Systems to a charity of the hacker's choice, otherwise if the technology isn't penetrated, US$1 million will be donated to the 'Make a Wish Foundation' when Secure Systems strikes a commercialisation deal that takes the technology to market. http://www.zdnet.com.au/news/dailynews/story/0,2000011358,20107397-1,00.htm - - - - - - - - - Johns Hopkins to launch IT security center JOHNS Hopkins University announced Monday that, thanks to a $10 million gift from an anonymous donor, it would open a center to study computer and information security issues. Called the Information Security Institute (ISI), the center may open as early as the third quarter of 2001. Located at the Baltimore-based university's northern Baltimore campus, the institute will examine the technological, legal, ethical, and public policy issues raised by the drive to create more secure computers and computer systems. Some of the topics listed as areas of particular interest may include the protection of intellectual property online, securing e-business transactions, privacy issues, and preventing computer crime. The institute will also feature labs where products will be tested for security vulnerabilities. http://www.infoworld.com/articles/hn/xml/00/12/04/001204hnjohnshopkins.xml - - - - - - - - - Companies showcase gadgets, software for online safety A handful of software companies are ringing online privacy bells as the holiday season approaches, urging consumers to give themselves the gift of Internet anonymity before venturing online to shop. Privacy companies were out in force Monday night for a mini tech fair at the University of California at Berkeley, showcasing wares that included self-destructing email, pseudonym makers and data scramblers to protect credit card information. Although hopes run high that consumers will gravitate to such products, enthusiasm was tempered by skepticism among the 75 or so attendees at the Berkeley show. Many said they worried about online companies collecting dossiers on consumers, but few acknowledged that they have yet to take advantage of the technology available to shield themselves. http://news.cnet.com/news/0-1005-200-4007337.html - - - - - - - - - Administrators get a hacker's-eye view The best way to find out if your house is secure is to hand over some cash to a thief and let him or her try to break in. Of course, you have to trust the thief. But that's what many security administrators are letting services companies do to better assess weak points in an enterprise and try to patch potential software holes before real hackers break in. Qualys Inc. this week launched its flagship service, QualysGuard, which aims to do just that. For a fee, users can let the Sunnyvale, Calif., company periodically try to hack in and then receive the gory details in reports. http://www.zdnet.com/eweek/stories/general/0,11011,2661459,00.html - - - - - - - - - Here's A Stupid Idea The marketing tactics of some security consultants has the potential to give the security industry as a whole a very bad name. First, it was the security analysts who called themselves the gray hats. Gray hats are those people who were hackers and decided to make a little money from their trade by offering security consulting services. They became legitimate but freely admitted they would communicate with the hacker community to find out the latest tricks of the trade. Some eyebrows were raised as to whether the gray hats could be trusted, given the fact they were former hackers. Now CRN West Coast Bureau Chief Marcia Savage is reporting on new marketing tactics to sell security services. Break into a company's network and then try to sell security services to that same company. http://www.crn.com/Components/Search/Article.asp?ArticleID=22045 - - - - - - - - - Protecting Your Organization's Reputation in Cyberspace The Internet offers organizations exciting opportunities to find timely information and to reach potential clients. This very power brings with it risks of damaging corporate and professional reputations. Non-technical problems in cyberspace include relying on or propagating bad information, violating the conventions of proper behavior established by custom in cyberspace, and outright fraud. http://securityportal.com/articles/reputation20001205.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000, NewsBits.net, Campbell, CA.