May 9, 2002 Man Gets 12 Years In 'Candyman' Child-Porn Sweep A Georgia man who photographed his sexual molestation of young boys and then distributed the images on the Internet has been sentenced by a federal court to more than 12 years in prison. The punishment meted out Wednesday to 19-year-old Robert William Burford of Lawrenceville brought an end to a case that was part of an ongoing Internet child- pornography sweep federal officials call 'Operation Candyman.' - - - - - - - - Fed's computer sting combats child porn U.S. federal and state officials say they are targeting up to 200 suspects in what they called the first undercover computer sting operation to combat child pornography. New Jersey Attorney General David Samson said Wednesday that officials in 29 U.S. states and at least 15 other countries were looking to serve search warrants on suspects' computers after authorities took over a child pornography Web site and used it to set up an undercover site. - - - - - - - - Bombing suspect's cell phone gave him away Mailbox bomb suspect Luke Helder made a crucial mistake while on the run: He turned on his cell phone. As soon as he activated it, FBI agents quickly triangulated his position between two rural towns and had him in handcuffs within an hour Tuesday, according to Nevada authorities. The fact that another motorist spotted Helder in passing helped authorities, but the cell phone signal like a locator beacon was a dead giveaway. - - - - - - - - Fugitive ex-Cisco VP in federal custody after suicide attempt Frail and confined to a wheelchair after nearly killing himself in a Santa Barbara apartment, a former Cisco Systems executive appeared in a San Jose federal courtroom Wednesday, ending a mysterious month on the lam eluding charges that he stole millions of dollars from the networking giant. - - - - - - - - House Panel OKs Morphed Kid Porn Ban A House subcommittee today approved legislation that would criminalize the distribution of images that have been digitally "morphed" to look like child pornography. By voice vote, the Judiciary Committee's Crime Subcommittee passed the "Child Obscenity and Pornography Prevention Act of 2002." Too Broad a Ban on Child Models?,1283,52379,00.html - - - - - - - - Judge rules copyright law constitutional A federal judge in San Jose ruled Wednesday that a controversial digital copyright law is constitutional, allowing a criminal case against Russian software vendor ElcomSoft to proceed. In an order denying ElcomSoft's motion to dismiss the case, U.S. District Judge Ronald M. Whyte said the Digital Millennium Copyright Act (DMCA) doesn't violate the Constitution when it limits software designed to circumvent electronic copyright protection methods.,1283,52404,00.html - - - - - - - - House privacy bill puts onus on consumers Several U.S. lawmakers introduced a long-awaited privacy bill Wednesday that would allow U.S. businesses to share information about customers who have not explicitly forbidden them to do so. More than a year in the making, the privacy bill unveiled in the House differs from a competing bill making its way through the Senate that would require businesses to get consumers' explicit permission before sharing sensitive information such as income level, religious affiliation or political interests. U.S. Rep. Cliff Stearns' bill would instead leave companies free to share customer profiles unless customers specifically forbade them. - - - - - - - - Information Resilience and Homeland Security Freedom of information may be a double-edged sword, but restricting information has only one edge - and it cuts off the lifeblood of a healthy democracy. In the current security- conscious environment, many people seem willing to sacrifice their most fundamental democratic rights to support anything that is promoted as good for homeland security. In many cases, an unwillingness to do so is perceived as being unpatriotic. Civil liberties group warns of EU surveillance proposal,,t269-s2109921,00.html Nameless in cyberspace--it's your right - - - - - - - - Microsoft patches Messenger Microsoft issued a security alert after discovering a weak spot in its popular MSN Messenger service that could be exploited by hackers. The alert, issued Wednesday, said that the vulnerability affected MSN Messenger's chat feature, which allows multiple messenger users to exchange text messages in a separate ActiveX-based window. Fix takes bite out of Messenger bug - - - - - - - - Attack of the clones Hackers can clone mobile phone SIM cards in minutes, and make calls at their victims' expense. In theory, at any rate: IBM researchers have uncovered a process, dubbed partitioning attacks, which lets crackers extract secret key information from SIM cards by monitoring side-channels, such as power consumption and electromagnetic emanations. This is much easier than breaking the cryptographic algorithms used by the card or using intrusive attacks to extract the key from the microchip. According to IBM, key information can be extracted in minutes using partitioning attacks - against hours needed for older attacks. GSM Phone Cloning Possible, But Chances Slim - - - - - - - - Team tackles Windows security Government, industry and academia have teamed up to secure the most popular type of system being deployed on servers in the public and private sectors: Microsoft Corp.'s Windows 2000. The National Security Agency and National Institute of Standards and Technology, in cooperation with the Center for Internet Security, the SANS Institute and Microsoft, have reached an initial agreement on a benchmark for securing Windows 2000 computers, said Alan Paller, director of research at the SANS Institute, a security education and consulting organization. - - - - - - - - DHCP bug could give attackers control A VULNERABILITY IN the DHCP (Dynamic Host Configuration Protocol) server provided by the Internet Software Consortium (ISC) could allow attackers to take over affected servers, according to a security alert released by the CERT Coordination Center Wednesday. The DHCP server, or daemon, provided by ISC allows administrators to centralize the management and assigning of IP addresses to devices. The ISC's DHCP implementation installs a component called NSUpdate by default that allows the DHCP server to send information about hosts on the network to a DNS (domain name server), CERT/CC (Computer Emergency Response Team/Coordination Center) said. - - - - - - - - CryptoCard protects your portable devices How many PDAs and laptops have you or your coworkers lost? How well do laptop users guard their passwords when at customer sites? How many nightmares does that give the security techs back at the office? Laptop and PDA security covers a wide range, so let's talk about one area: user authentication, or making sure remote users are who they claim to be. - - - - - - - - In Satellite Piracy War, Battles on Many Fronts THE palm-size cards started appearing last year at border inspection points. They were stashed in glove compartments and trunks. Tucked into pockets and wallets. Hidden in brown paper packages. Drivers tried too hard not to appear nervous, and flubbed explanations when questioned by American customs inspectors. A new kind of contraband was trickling across the border from Windsor into Detroit along with the pseudoephedrine and the Cuban cigars. Initially, United States customs officials say, they found the cards puzzling. They looked innocuous enough blue plastic cards imbedded with computer chips. - - - - - - - - Datawiping works (true) The sedate world of PC disposal has been rocked by a study which suggest deficiencies in many commercial datawiping products. But were the tests fair? John Leyden reports. Tests on a string commercial datawiping products - which suggested that only one worked properly - have provoked a backlash from vendors: they question the study's methodology. Last month we reported an eTesting Labs study which found that only Redemtech Data Erasure, a product from the firm which contracted eTesting to run the trials, worked properly across six variously configured PCs. As we noted at the time, the results should be treated with caution as Redemtech paid eTesting to run the tests. - - - - - - - - Delete, Baby, Delete We're not quite as good at destruction as we think we are. Earlier this year, as the Enron debacle began to unfold, the company's accounting firm revealed that its employees had destroyed a "significant but undetermined number" of Enron-related documents, either by shredding paper files or by deleting electronic ones. Actually, the firm revealed that its employees had sought to destroy the documents. How much destruction had in fact been achieved remained uncertain. Computer sleuths moved in quickly, looking for "fingerprints" of the missing electronic transmissions on hard drives and backup tapes; it seems likely that many of the electronic documents have not been fully erased and will be recovered. - - - - - - - - Disposal of Personal Records Puts Consumers at Risk If you shop on the Internet, you may fret about keeping your credit card number safe. But when you pay a bill to a hospital or clinic, you probably don't think about where those computerized account records end up. Nor is that foremost on your mind when you start a job and provide your employer a home address and Social Security number. Yet the way those bills and records are handled can determine whether you become a victim of identity theft, the top online consumer complaint at the Federal Trade Commission. - - - - - - - - Responder networks must be interoperable, experts say The inability of local, state and federal emergency responders to communicate with one another gained attention after past disasters, but that attention did not translate into ways to make their communications systems interoperable. Now policymakers hope to harness the momentum after the Sept. 11 terrorist attacks to tackle the problem. - - - - - - - - Auditors slam Florida's unprotected juvenile justice data system Florida auditor general William O. Monroe has identified IT security and data accuracy problems at the states Juvenile Justice Department. The department hasnt implemented access controls strong enough to protect data about juveniles from improper disclosure or modification, according to a report from Monroes office. Department officials largely concurred with the critical audit and said they would make changes. - - - - - - - - Calif. town slices and dices its criminal data Police in Westminster, Calif., had plenty of crime data. But the crime database couldnt distinguish between an auto theft and a joy ride, said Lt. Derek Marsh, director of administrative services. If the database reported that a car had disappeared, officers had no way to determine whether it had been stolen by criminals or borrowed as a prank by teenagers. Lack of data was not the problem. *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2002,, Campbell, CA.