NewsBits for February 3, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ eBay patrols for Columbia debris auctions eBay deleted several items billed as debris from the space shuttle Columbia from the online auction site Saturday, warning that anyone attempting to sell fragments from the doomed shuttle could be prosecuted. eBay spokesman Kevin Pursglove said customer service representatives received a handful of listings throughout the day from people purporting to have found debris in Texas. The listings were immediately yanked from the site, and executives may report the sellers to federal authorities. http://www.nandotimes.com/technology/story/746395p-5413862c.html - - - - - - - - - - eBay account hijacked, bidders bilked in 'rampant' fraud For a couple of days last month someone was auctioning Sony camcorders from Kevin Pilgrim's eBay account. But the auctioneer wasn't Pilgrim, who lives in Raytown, Missouri. More than two dozen online bargain hunters agreed to pay $US605 ($A1,029) apiece, in some cases wiring money to Germany. But there were no camcorders. The two-day auction was a fraud. While bidders got ripped off, the bad guys got away - at least for now. The scammers who hacked into Pilgrim's eBay account to woo unsuspecting bidders did their dirty work before eBay could shut his account down. http://www.smh.com.au/articles/2003/02/03/1044122303141.html - - - - - - - - - - Man guilty of possessing child porn A Kingston pedophile, who already served a prison term in the United States for a child sex crime, has pleaded guilty after police found 59 examples of child pornography on his office computer at the Alcan plant on Princess Street. Vladimir Blazek, 55, entered a guilty plea this week to a charge of possessing child pornography and will be sentenced next month. Crown attorney Harry MacDonald told Madam Justice Judith Beaman that police visited Blazeks Alcan office in September 2001 after being contacted by U.S authorities. http://www.thewhig.com/webapp/sitepages/content.asp?contentid=21259 - - - - - - - - - - Eviction Leads To Child Porn Arrest New York Authorities Tip Off Florida Investigators Investigators with a special task force have arrested a South Florida man on child pornography charges. Investigators with the Law Enforcement Against Child Harm (LEACH) Task Force arrested Eric G. Michelson, 32, of Dania Beach on Monday after they found dozens of video clips in his computer showing children engaging in various sexual acts. http://www.click10.com/mia/news/stories/news-195376120030203-150254.html - - - - - - - - - - Fake CNN Website Taken Offline A website that published fake news stories from CNN has been taken offline after receiving a threatening legal letter from the cable network alleging copyright and trademark infringement. The Fake CNN News Generator was online only a week, but generated a lot of controversy after ersatz news stories were picked up by local outlets and reported as real. Phony stories about the death of musician Dave Matthews, or the Olsen twins attending local universities, for example, appeared in a number of local newspapers, as well as regional radio and TV news reports. http://www.wired.com/news/culture/0,1284,57506,00.html - - - - - - - - - - Slammer fails to make January AV charts The Slammer worm fails to make it into the monthly charts of AV firms this month - despite becoming arguably the most damaging Internet worm ever. The Avril worm topped the list of calls to antivirus firm Sophos, while email filtering firm MessageLabs again reports that Klez-H topped its nuisance list. The company blocked Klez-H more than 550,000 times over the last four weeks. The non-appearance of Slammer of either chart is easily explained: AV software and services has a limited role in blocking Slammer. Slammer, a memory resident virus, needs to be combated with a combination of filtering the malicious traffic the worm generates and patching vulnerable boxes running vulnerable versions of SQL Server and MSDE. http://online.securityfocus.com/news/2230 http://news.zdnet.co.uk/story/0,,t269-s2129738,00.html SQL Slammer used British code http://www.vnunet.com/News/1138461 Slammer damage done in 10 minutes http://zdnet.com.com/2100-1104-983108.html Slammer: The first 'Warhol' worm? http://news.zdnet.co.uk/story/0,,t269-s2129785,00.html Something Needs to Change http://online.securityfocus.com/columnists/139 - - - - - - - - - - IT security spending to keep pace with budget Money requested in the fiscal 2004 budget for IT security would increase about 10 percent to $4.7 billion, according to the Office of Management and Budget. At that figure, allocations for security would hold steady at about 8 percent of federal IT spending. http://www.gcn.com/vol1_no1/daily-updates/21040-1.html - - - - - - - - - - Homeland Security Dept. Faces Leadership Void In one of his first moves as secretary of Homeland Security, Tom Ridge last week appointed former J.P. Morgan Chase Bank executive Alfonso Martinez-Fonts Jr. to serve as special assistant to the secretary for the private sector. But much work remains to fill key leadership positions at the newly formed U.S. Department of Homeland Security and avoid losing the momentum in the public/private partnership on cybersecurity and critical-infrastructure protection, Bush administration and private-sector officials said. http://www.computerworld.com/securitytopics/security/story/0,10801,78092,00.html - - - - - - - - - - MPs say snooping laws need ring fence New laws mean that ISPs face a mountain of requests for communications data - but government agencies can avoid paying costs by using old powers MPs have warned that government agencies must stop using a range of laws to demand access to records of people's surfing activities if ISPs are not to be forced out of business. http://news.zdnet.co.uk/story/0,,t269-s2129790,00.html - - - - - - - - - - Cyber attacks down, but vulns soar The level of cyber attacks decreased for the first time in the second half of 2002, dropping six per cent. That's according to Symantec's Internet Threat Report, published today, which bring together data gleaned from the security firm's acquisition of SecurityFocus and RipTech with its other sources for the first time. The report found that damage caused by recent blended threats, such as Opaserv, was less than that caused by older threats, such as Code Red. http://online.securityfocus.com/news/2231 PC security flaws on the rise http://www.vnunet.com/News/1138460 - - - - - - - - - - Tech project sweeps for Net scammers Australia's securities and investment watchdogs are turning to document-classification technology employing the latest linguistic techniques in their hunt for Web-based fraudsters. The Australian Securities and Investment Commission (ASIC) on Monday unveiled a joint research project with the Capital Markets Cooperative Research Centre, the University of Sydney and Macquarie University to develop an automatic Internet document classification system called 'Scamseek'. http://zdnet.com.com/2100-1104-983074.html http://news.zdnet.co.uk/story/0,,t269-s2129760,00.html - - - - - - - - - - Music industry attacks EU copyright proposal Proposed EU legislation for shutting down intellectual property pirates isn't hard enough on file-traders and peer-to-peer systems, according to an industry group The music industry has condemned proposed EU legislation for protecting intellectual property, saying that it "falls far short" of what is necessary to fight piracy. http://news.zdnet.co.uk/story/0,,t269-s2129768,00.html - - - - - - - - - - Content-Cleaning Software Angers Some Last June, Utah software developer Breck Rice met with movie directors to pitch new software for letting consumers digitally alter Hollywood hits. It could insert product placements into movies, make a New York skyline resemble Tokyo and even drape a modest negligee over Kate Winslet during her nude scene in "Titanic." The program, called "MovieMask," was designed in large part to make movies more family friendly, skipping violent or sexual content and toning down language. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/5094390.htm - - - - - - - - - - Microsoft protecting rights--or Windows? How music labels, Hollywood studios and consumers answer that question could determine whether the software giant dominates digital media the way it does Web browsers or desktop productivity applications, say analysts. The Redmond, Wash.-based company is engaged in a tried-and-true tactic of giving away highly valuable technology as a means of getting a foothold in an emerging market. http://news.com.com/2100-1023-983017.html - - - - - - - - - - Sex.com case heralds end of Internet - NSI Network Solutions - the Internet's biggest domain name registrar and the owner of the .com domain - has heralded the end of the Internet in court filings to the Californian Supreme Court. It warns that if a forthcoming decision by the court goes the wrong way it "would cripple the Internet and jeopardize the national economic benefit for e-commerce". It would also "threaten all Internet registrars' survival". http://www.theregister.co.uk/content/6/29152.html - - - - - - - - - - Software upgrade seeks to secure mobile data Sybase Inc.'s mobile software subsidiary today announced a security tool that's designed to let network managers deletedata from lost or stolen laptop computers and Pocket PC handheld devices. The Zap It feature is one of several enhancements that Dublin, Calif.-based iAnywhere Solutions Inc. is adding to its Manage Anywhere Studio software as part of an upgrade. IT managers can configure the security feature to erase sensitive data when a system is turned on without the proper password, iAnywhere officials said last week. http://www.computerworld.com/securitytopics/security/story/0,10801,78127,00.html - - - - - - - - - - IT Users Botch Security Again . . . . . . and again. The Slammer worm being the latest in a long history of utterly incompetent computer security procedures by IT systems managers. Blame software developers, if it makes you feel better. But IT buyers are the major problem. Security vendors would despair at the consistent foolishness of users if they didn't make so much money from fixing the problems usually after the fact. "IT buyers have tremendous control over the quality of security in the products they buy, but they don't use it," argues Jerry Brady, chief technology officer at Guardent Inc. in Waltham, Mass. http://www.computerworld.com/securitytopics/security/story/0,10801,78090,00.html - - - - - - - - - - Missing PKI Root Key Causes a Panic Attack My company has a formal process to deal with staffers who are leaving our company. It helps us close accounts quickly and deal with complicated situations like firings. We don't want someone to find out from our team that he's lost his job, rather than from human resources or his manager. So we must follow a complicated series of steps. Recently, we had a misstep. http://www.computerworld.com/securitytopics/security/story/0,10801,78019,00.html - - - - - - - - - - Firewall pioneer: Security needs integration Q&A: Marcus J. Ranum, a pioneer of commercial firewalls, on the challenges facing the industry and the ethics of 'ethical hacking'. Marcus J. Ranum is one of the foremost designers of IT security, also known as "the creator of the firewall". He is the main author of many firewall systems, such as DEC SEAL, TIS Gauntlet and the TIS Internet Firewall Toolkit. ZDNet Italy caught up with him in advance of InfoSecurity 2003 Italy, which he is due to open with his keynote on 12 February in Milan. http://news.zdnet.co.uk/story/0,,t269-s2129769,00.html - - - - - - - - - - Mobilizing for the first e-war Not long ago, I had dinner with a former military officer who participated in information warfare "what-if" exercises that the Pentagon and the White House ran in the late 1990s. "If Saddam ever attacks the U.S. through the Internet and takes out a telecommunications firm, we'll be in a state of war," my dinner companion told me. "All bets are off. The Fourth Amendment is on hold. If EarthLink is attacked, the Army could show up and seize control of their servers." http://zdnet.com.com/2100-1107-983121.html - - - - - - - - - - Suicide 101: Lessons Before Dying - Pt 1 Type "suicide" into an Internet search engine, and among the sites advertising therapy, hotlines and antidepressants, you'll find a handful of pages where suicidal strangers counsel each other on the best way to die. The largest site, called alt.suicide.holiday, or ASH, combines a public newsgroup, chat rooms and guide files instructing visitors on how to kill themselves using everything from aspirin to rat poison. http://www.wired.com/news/culture/0,1284,57444,00.html *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.