March 7, 2002 Hoodwinked Army pays for porn site A computer specialist was charged Thursday with operating a sex show Web site on a high-speed line which he got the U.S. Army to pay for by telling them it was used for communicating with forces in Bosnia. Gilbert Benjamin, 49, was arrested at his Neptune, N.J., home by special agents of the Army Criminal Investigation Division and the Defense Criminal Investigative Service. A 68-count indictment charges him with mail and wire fraud and submitting false claims with the intention of defrauding the government, said assistant U.S. Attorney Michael Guadagno. - - - - - - - - Internet Stock Fraud Schemer Settles SEC Charges A Tennessee man has agreed to settle charges that he orchestrated an elaborate junk e-mail campaign to drive up the stock price of two Internet technology companies. Dayton, Tenn., resident David Allen Lester settled charges on Wednesday that he used multiple e-mail aliases and Internet accounts to transmit bogus junk e-mail or "spam" in a fraudulent "pump-and-dump" stock scheme. - - - - - - - - Gibe worm poses as a Microsoft update A new virus pretends to be an update from Microsoft, but if triggered it is a mass-mailing worm. What appears to be a new security update from Microsoft is actually a clever attempt by a virus writer to spread a worm. Gibe (w32.gibe@mm) is a nondestructive worm written in Visual Basic that attempts to mass-mail itself to everyone in an address book. Fortunately, the infected email is plagued with spelling errors and should be easy to spot. Because this worm is not destructive and only sends email to others.,,t269-s2106131,00.html - - - - - - - - Enron investigation site shut down A congressional committee looking into the Enron collapse said Thursday that it temporarily shut down a Web site relating to its investigation because of a security problem, but it added that no sensitive data had been compromised. An official from the U.S. House of Representatives' Energy and Commerce Committee confirmed that its site was vulnerable because of a glitch in its IBM Lotus Domino database, which contained documents and information dating back to 1998. - - - - - - - - Teen Anarchist Back Online Despite FBI & Big ISPs Sherman Austin has not been charged with breaking any laws, but that hasn't stopped two of the biggest Internet service providers (ISPs) from running the California teenager off their property for his anarchist views. Last month, after incarcerating Austin, 18, for more than a week, federal prosecutors decided not to file charges against Austin for publishing bomb-making information at his site and hacking into several sites to post revolutionary calls to arms. - - - - - - - - Secret Service prepares for new world disorder Best known as the protectors of presidents, the U.S. Secret Service (USSS) are often seen as the men and women in dark suits and impenetrable glasses running alongside limousines and walking two steps behind world leaders. But when the USSS was created in 1865, its mission was to safeguard the nation's financial payment systems from fraud, counterfeiting and exploitation. These days, technology is often the facilitator of these crimes, so understanding and using technology for the detection and prevention of computer crime has become an integral part of the USSS's mission. - - - - - - - - U.S. studying Cuba's ability to disrupt Net The Bush administration has begun a review of Cuba policy that will include an assessment of whether Cuba can disrupt U.S. military communications through the Internet, a senior official says. That issue will be examined along with others to determine Cuba's potential to damage U.S. interests, the official said. The senior official, asking not to be identified, said Cuba's involvement in international terrorism also will be part of the review. - - - - - - - - House subcommittee approves bill for kid-safe Net domain The House moved closer Thursday to setting aside part of the Internet for material suitable for children. The Energy and Commerce Committee's telecommunications panel approved legislation to create a ``'' domain for Web sites free of pornography and other material deemed inappropriate for children under 13. ``While there is no substitute for proper parental supervision, responsible parents that I talk to want more tools to assist them in protecting their kids on the Internet,'' said Rep. Fred Upton, R-Mich., the subcommittee chairman. - - - - - - - - Davis reinforces security rules Rep. Tom Davis (R-Va.) introduced a bill March 6 that would update and extend the Government Information Security Reform Act, as members of Congress expressed concern over current legislation. Besides permanently reauthorizing GISRA, which is due to expire Nov. 29, Davis' Federal Information Security Management Act (FISMA) requires agencies to follow security standards and tools developed by the National Institute of Standards and Technology. Under current legislation, those standards are simply recommendations. - - - - - - - - Agencies outline security changes Federal agencies are reviewing old security programs and kicking off new ones in response to the deficiencies discovered during the self-assessments required by Congress, officials testified March 6. Energy and Defense department officials outlined several major changes in their information security policies and practices as they testified before a hearing of the House Government Reform Committee's Government Efficiency, Financial Management and Inter-governmental Relations Subcommittee. The changes include new system certification, employee training and policy compliance programs. - - - - - - - - Russian Company Asks Judge To Toss Copyright Case Attorneys for a Russian software company this week asked a federal judge to dismiss charges that the firm violated U.S. copyright laws by selling - from Russia - a product capable of circumventing security features built into Adobe eBooks. In their first round of motions in the highly anticipated case, attorneys for Moscow- based Elcomsoft argued that U.S. prosecutors did not have jurisdiction to prosecute the firm - which wrote and published the offending software product in Russia. - - - - - - - - GAO: Reports of ID theft on the rise Credit card fraud said to surpass $1 billion annually Reports of identity theft have grown rapidly over the past several years, and the resulting credit card fraud has surpassed $1 billion annually, congressional investigators said Thursday. Complaints to consumer hot lines, the Federal Trade Commission and other sources show that Americans more than ever are at risk of having their money stolen and credit records wrecked. - - - - - - - - Defense: Extend ban on non-U.S. workers The U.S. Department of Defense has proposed dramatic new limits on the use of foreign nationals in computer- related projects, rekindling a heated debate over the use of immigrant labor for high-tech jobs. The proposal to amend the agency's personnel security guidelines could prevent most non-U.S. citizens from working with unclassified information, department officials said Thursday. Right now there are similar restrictions on those who work on technical projects dealing with classified information, but in a post-Sept. 11 world, the department is considering extending the policy. - - - - - - - - Record label copyright proof due in Napster case A federal judge gave the record labels suing Napster until Thursday to produce documents proving they own the copyrights to 213 songs that once traded for free over the song-swap service. U.S. District Judge Marilyn Hall Patel ordered the labels to provide certificates of copyright registration, or applications for such proof, for top-selling artists such as the Beatles and Elvis Presley. A special master, Neil Boorstyn, was appointed by Patel to examine the labels' documents. He will file a report to the court detailing whether the labels have sufficiently established copyright ownership rights. - - - - - - - - Spies can exploit computer lights, monitor glow By monitoring the flashing lights on electronics equipment and the indirect glow from monitors, scientists have discovered ways to remotely eavesdrop on computer data. The two methods are relatively simple to carry out, but also easy to prevent, according to scientific papers written by researchers in the United States and Britain. ``Data communication equipment, and even data encryption devices, sometimes emit modulated optical signals that carry enough information for an eavesdropper to reproduce the entire data stream,'' the authors of one paper write. ``It requires little apparatus, can be done at a considerable distance, and is completely undetectable.'',1282,50893,00.html - - - - - - - - Ford may find porn difficult to ditch Ford U.K.'s plan to remove pornography from its workers' computers is drawing criticism from Internet filtering experts. On Monday, Ford issued a two-week amnesty to its 20,000 U.K. workers to remove any offensive, including racist, material either downloaded from the Internet or received via e-mail from their machines. The car manufacturer offered help from its computer systems managers to remove the content during this period.,,t269-s2106147,00.html - - - - - - - - Netscape Navigator Browser Snoops On Web Searches AOL Time Warner's Netscape unit is snooping on searches performed by users of its latest Navigator browser at Google and other search sites. According to a network traffic analysis performed by Newsbytes, Netscape is capturing Navigator 6 users' search terms, along with their Internet protocol (IP) address, the date Navigator was installed and a unique identification number. - - - - - - - - Gator Branded A Trojan Horse Despite Security Fix Gator Corp. has corrected a security flaw in the Web-based installer program for its popular digital wallet software, but some anti-virus utilities still brand the program a Trojan horse. Responding to a report in February that the ActiveX installer opened a potential back door for attackers, Gator temporarily removed the program, GatorSetup.exe, from its sites and posted a security update that eliminates the vulnerability for users who have installed the program using the ActiveX control. - - - - - - - - Network Associates discontinues PGP encryption software Software company Network Associates has stopped selling PGP, the most widely used software for e-mail encryption, after failing to find a buyer for the technology, a spokeswoman said Thursday. PGP, or Pretty Good Privacy, is available free online for personal use, a major reason the company saw little future in trying to make a business of selling the software for corporate use, said spokeswoman Jennifer Keavney. ``It is the leading encryption technology out there, but it's all based on free downloads,'' she said. - - - - - - - - USPS cancels secure e-mail biz The U.S. Postal Service has decided to get out of the secure e-mail business and is pulling the plug on its PosteCS service. Unable to make money on the service or find a buyer for it, USPS will discontinue the e-mail initiative, said Postal Service spokeswoman Sue Brennan. PosteCS is a Web-based service designed to deliver digital files that are too large for some commercial e-mail services and to deliver electronic documents that require timely receipt and assurance against tampering. Documents could be stamped with an electronic postmark to verify the time, date and place of origin and receipt. - - - - - - - - MicronPC adds fingerprint safeguards to Pentium 4 notebook The three layers of biometric security built into the new TransPort GX3 notebook PC are the direct result of federal interest in security, MicronPC LLC portable product manager Jay White said yesterday. We looked at the requests for quotations and heard comments from federal buyers, White said. Our No.1 target market is government. IRS auditors and other security conscious users, for example, asked for standard removable hard drives that they could pull out every night and put in hotel safes, he said. - - - - - - - - DivX brings downloaded movies to your TV A video compression technology born in the hacker community is poised to enable a new generation of products that allow consumers to view films they've downloaded over the Internet on their living room TV. DivX Networks said its software will appear in new DVD players, ReplayTV-like digital video recorders and portable devices similar to MP3 players, to reach stores this holiday buying season. If DivX 5.0 makes the leap from the Internet's murky file- swapping underground to mainstream products without attracting a lawsuit from Hollywood, it will be a coup that other file-swapping pioneers, like Napster, have failed to accomplish. - - - - - - - - Invasion of the "Porn Nappers" Beware: Smut-site owners are waiting to grab your URL if you allow your registration for it to lapse. Charles Mondin, the director of the United Senior Health Cooperative (USHC), knows why I'm calling before I tell him. "We get a lot of calls about our Web site," he chuckles knowingly. For the last six months, the organization's official Web site has been located at But previously, it had a different URL -- and now, when you type in the old address, you end up on a hard-core pornography site. - - - - - - - - Prevent workstation hacking Hacking isnt limited to the server. In fact, the workstation is often the first place a hacker will try to access because from there, he or she can gain insight into how the network is set up. Often, however, workstation protection is over-looked. To help you safeguard your workstations, I have some examples of how hackers gain access to workstations and some tips on how to keep unwanted guests from breaking into them. - - - - - - - - Ripped Off Online E-commerce may allow people to shop from the privacy of their own home, but it doesn't make shopping any safer. In fact, new studies show that online fraud related to e-commerce transactions is dangerously high. Merchants surveyed by research firm GartnerG2 reported that they lost 1.14 percent of all online sales, or about $700 million, to fraud in 2001. Overall, merchants rejecting around 5 percent of Internet transactions as "suspicious." To counter this disturbing trend, credit card companies, merchants, and law enforcement are setting up new programs to stamp out online fraud.,23008,3375042,00.html - - - - - - - - A Postcard From Brazil An emerging Internet society could hold a few lessons for Americans in dealing with security issues. Brazil is a technologically progressive nation that has embraced the Internet and its attendant technologies and processes with gusto. Unfortunately, like many countries, Brazil is in a state of information security infancy. While it has jumped wholeheartedly into the global information society, it has not yet developed a framework of laws to deal with the many intricacies of computer crime, or a comprehensive approach to information systems security. - - - - - - - - Ten Windows Password Myths With all of our advances in security technology, one aspect remains constant: passwords still play a central role in system security. The difficulty with passwords is that all too often they are the easiest security mechanism to defeat. Although we can use technology and policy to make passwords stronger, we are still fighting the weakest point in any system: the human element. Ultimately the goal is to get users to choose better passwords. However, it is not always clear how to achieve that goal. The problem is that as creative as humans are, we are way too predictable. If I asked you to make a list of totally random words, inevitably some sort of pattern will emerge in your list. - - - - - - - - Blocked Site of the Day Peacefire puts the spotlight on a different site each day that is screened out by various online filtering programs, including Netnanny, Cybersitter, Cyber Patrol, SurfWatch and others. These freedom of speech advocates' selection when we visited was a site devoted to ending violence against gays and lesbians. says its findings have been used by lawyers for the American Civil Liberties Union, People For the American Way, and other anti- censorship groups to challenge Internet censorship laws in Congress and in several state legislatures. - - - - - - - - Pentagon accelerates homeland security communications system The Pentagon announced this week that it will fund the fast-track development of an experimental communications system to enable federal, state and local emergency response officials to share terrorist threat information and coordinate their emergency response capabilities. "We need to have a command and control system ... so that all parties and first responders can talk to each other," Sue Payton, deputy undersecretary of Defense for advanced systems and concepts, said Tuesday during a Pentagon briefing. - - - - - - - - Wearable computing to defeat terrorism Wearable-computing hypemeisters Xybernaut are at it again, this time persuading former Virginia Governor James Gilmore to serve as pitch man for the company's ambition to equip US officials and law enforcement officers with wearable devices to root out terrorists. Gilmore made an appearance at the seventh annual International Conference on Wearable Computing (ICWC), which is part of the COMDEX Chicago trade show. Xybernaut apparently is paying for the ICWC bit as a prime marketing vehicle. *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2002,, Campbell, CA.