NewsBits for February 18, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Hackers View Visa/MasterCard Accounts More than five million Visa and MasterCard accounts throughout the nation were accessed after the computer system at a third party processor was hacked into, according to representatives for the card associations. Early indications were that none of the information, which would include credit card numbers, was used in a fraudulent way, according to the representatives. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/5207757.htm http://news.com.com/2100-1017-984842.html http://www.washingtonpost.com/wp-dyn/articles/A24525-2003Feb18.html http://www.msnbc.com/news/874126.asp http://www.cnn.com/2003/TECH/02/17/creditcard.hack/index.html http://www.vnunet.com/News/1138873 http://www.theregister.co.uk/content/55/29362.html http://www.nandotimes.com/technology/story/769804p-5541144c.html - - - - - - - - - - Man pleads guilty to making child porn pictures A 42-year-old man is awaiting sentencing after police found more than 2,400 indecent images of children on his computer. Derek Fairhurst, of Mill Road, Marlow, pleaded guilty at Wycombe Magistrates Court yesterday to 11 charges of making indecent photographs of children in November. Officers searched Fairhurst's home as part of the police ongoing Operation Ore against people in the UK who have downloaded child porn from a US-based site. http://www.bucksfreepress.co.uk/news/display.var.697712.index - - - - - - - - - - OFFICER'S 1,000 CHILD PORN IMAGES A Perverted police officer snared by an FBI- inspired probe faces jail after admitting building up a library of child porn. Pc Christopher Lilley, a Notts officer for 11 years, had more than 1,000 web images described by a judge as "absolutely horrible". And the judge said the married father's plan to set up a child website called Absolute Amateurs made the offence even graver. A court heard how in one picture, Lilley had superimposed the head of a girl he knew on to the body of a naked child. Lilley, 33, of Sherwood Rise, Mansfield Woodhouse, was arrested last September as a result of Operation Ore. http://www.thisisnottingham.co.uk/displayNode.jsp?nodeId=66056&command=displayContent&sourceNode=65583&contentPK=4216073 - - - - - - - - - - SPARED JAIL FOR NET PORN A Computer expert who kept a haul of child porn after downloading files from the internet escaped a jail sentence yesterday. Lincoln Crown Court heard how Randy Concepcion was arrested 12 months ago after police raided his home in Gedling. When officers examined his computer's hard drive they discovered 84 images of children involved in sex acts with adults and other youngsters. Concepcion claimed he accidentally downloaded the files. http://www.thisisnottingham.co.uk/displayNode.jsp?nodeId=66056&command=displayContent&sourceNode=65583&contentPK=4182667 - - - - - - - - - - Man charged after flight manual appears on eBay The auction of a purloined flight manual on eBay has prompted the arrest of an Air Canada baggage handler. Robert Gaglione, 47, of Brampton, Ontario has been charged with theft after allegedly offering a stolen 2002 edition of the airline's flight manual up for sale on the online auction site earlier this month. The manual, designed only for use by flight crews, includes sensitive security details "including who has the keys to the cockpit doors and the potential seat locations of sky marshals", Canada's Globe and Mail reports. The February 10 auction also offered flight charts as part of the package. http://www.theregister.co.uk/content/6/29369.html - - - - - - - - - - Nokia picture phone IDs lurking villains Police in Italy have recorded what is thought to be the world's first conviction thanks to a tip-off using an image sent by a mobile picture phone. Two thieves were jailed for six months last week after a shopkeeper became suspicious as they loitered outside his shop. So concerned was the tobacconist, he snapped the two men with his new Nokia picture phone and promptly sent it to local police. http://www.theregister.co.uk/content/59/29346.html - - - - - - - - - - LaPorte sex sting takes lead on Web In LaPorte, a 32-year-old police detective posing as a 13-year-old girl on Internet chat rooms has snared five men in less than two months. Those facing charges are from as near as Valparaiso and as far away as Ohio and the Indianapolis area. Many area police departments say reaching out to snare would-be pedophiles in cyberspace is good police work. There seems no lack of sexual predators. But many local departments day they don't have the manpower or the necessary computer equipment to go after the men preying on children. http://www.post-trib.com/cgi-bin/pto-story/news/z1/02-16-03_z1_news_2.html http://www.hoosiertimes.com/stories/2003/02/17/news.030217_HT_A7_DEH24028.sto - - - - - - - - - - State Chasing Web Medics Who Prescribe Sight Unseen Attempts to stop U.S. doctors and pharmacies from issuing prescriptions online without physical examinations often have amounted to tortuous, low-speed chases through cyberspace after elusive targets. Now, California regulators are stepping up their efforts. Last month, they revoked the license of a cyber doctor accused of issuing 11,000 illicit prescriptions, and last week they levied $48 million in fines against six out-of-state prescribers. http://www.latimes.com/technology/la-me-prescribe17feb17004434,1,7843622.story http://www.siliconvalley.com/mld/siliconvalley/news/editorial/5206103.htm - - - - - - - - - - FBI Warns Of Cyberthreats As Tensions Climb Feb. 14, 2003 The bureau's cybersecurity arm says the crisis with Iraq and increased problems with North Korea may trigger cyberattacks on U.S. networks. The National Infrastructure Protection Center, the FBI's cybersecurity arm, is warning that increased global stress over possible war with Iraq and the growing concern over North Korea may lead to cyberattacks on U.S. networks. http://www.informationweek.com/story/IWK20030214S0030 - - - - - - - - - - Centre seeks transfer of petitions on Internet child porn Realising the grave consequences of pornographic sites on internet, the Union Government today moved the Supreme Court seeking transfer of two petitions in High Courts advocating protection of children from cyber pornography and possible misuse of internet in allowing them access to pornographic and adult sites. A Bench comprising Justice R C Lahoti and Justice Arun Kumar issued notice on the petition seeking transfer of two petitions pending before Kerala and Madras High Courts on this issue so that an authoritative pronouncement could be given by the apex Court. http://www.hindustantimes.com/news/181_168036,0003.htm - - - - - - - - - - U.S. military looks to make cyberwarfare part of its arsenal The United States is studying the use of cyberwarfare - attacks that could cripple or control an adversary's key computer networks - which could prove useful in a conflict with Iraq, officials and security experts say. If pursued, it would mark the first time the United States, which has been trying to strengthen its defenses against Internet attacks and cyberwarfare, will have used these tools as a weapon. http://www.nandotimes.com/technology/story/766907p-5522696c.html - - - - - - - - - - Bill Would Ban Spam E-Mail in California The unwanted, sometimes lurid advertisements unleashed on computer users -- e-mail spam -- would be banned under a new bill in the Legislature. The bill would make it a crime to send unsolicited commercial e-mails from California or to an e-mail address in the state. People who received such spam -- "Miniature Remote Control Car -- Great Gift!" or "Lose 32 Pounds by Easter" -- could sue for at least $500 per violation. (LA Times article, free registration required) http://www.latimes.com/technology/la-me-spam18feb18001440,1,104460.story - - - - - - - - - - Analysts: Child Porn Hidden on Corporate Networks Child pornography is hidden on virtually every large corporate network, according to security experts. While it's common to hear stories of workers being fired for downloading pornographic images onto their systems, and it's even more common to hear people complain of pornographic spam, industry watchers say the problem goes even further. Child pornography -- explicit images and text dealing with underage children -- can be easily found on nearly every large network -- be it corporate, academic or government. http://www.internetnews.com/bus-news/article.php/1584551 - - - - - - - - - - Open Source group releases list of top 10 Web vulnerabilities Technical slip-ups such as unvalidated parameters and broken access control are among the top 10 vulnerabilities in Web applications and services, according to a list released today by the Open Web Application Security Project. The group said it wants the list to focus government and private- sector attention on common vulnerabilities "that require immediate remediation." http://www.gcn.com/vol1_no1/daily-updates/21159-1.html - - - - - - - - - - A New Tactic in the Piracy Battle This story is for all the people secretly copying digital songs, movies and games through online file- sharing systems such as Kazaa and Gnutella.You know who you are -- and soon, the copyright cops could know, too. As it turns out, so-called peer-to-peer networks are very good at distributing digital material, but very bad at hiding the sender or the receiver. Taking advantage of this transparency, record companies, Hollywood studios and other copyright holders are tracing users of peer-to-peer networks back to their Internet addresses and cataloging not only the items they've downloaded but also the goods they're storing for others to duplicate. (LA Times article, free registration required) http://www.latimes.com/technology/la-fi-pirate17feb17,1,6443184.story DVD-copying startup puts bounty on pirates http://zdnet.com.com/2100-1103-984893.html http://news.com.com/2100-1023-984893.html?tag=fd_top http://news.bbc.co.uk/2/hi/technology/2758177.stm - - - - - - - - - - Demo showcases security, antispam tools A conference dedicated to showcasing new technology is out to prove that tech innovation isn't dead; it's just become more practical. During the dot-com boom, the Demo conference was a splashy venue for high-tech industry executives, venture capitalists and start-ups looking to cut a high profile. This year, however, companies will need more than a great idea and a slick demo to gather the accolades. http://zdnet.com.com/2100-1103-984731.html - - - - - - - - - - Possible Password Flaw Found in Windows XP Security hole could allow an unauthorized user to render passwords useless, expert says. A security flaw recently revealed in Microsoft's Windows XP could enable unauthorized users to access password-protected PCs. Using the Windows 2000 CD, anonymous users can apparently boot up a computer with the Windows XP OS and call up the troubleshooting program Windows 2000 Recovery Console. http://www.pcworld.com/news/article/0,aid,109406,00.asp - - - - - - - - - - Oracle 9i Database, Ap Server bust six ways to Sunday Oracle admins are in for a busy time with the publication of no less than six vulnerabilities over the last week. Four of the vulnerabilities are buffer overflow flaws affecting various components of Oracle9i Database Server. Then there's two flaws affecting Oracle9i Application Server, which pose denial of service risks... or worse. http://www.theregister.co.uk/content/53/29360.html - - - - - - - - - - Phoenix core protects a hard drive Phoenix Technologies is hoping PC manufacturers will latch on to its newest software to help solve PC problems and improve data security. Phoenix, which creates BIOS software for many of the largest PC manufacturers, branched out this week with the new CME, or Core Managed Environment, software suite. Where the BIOS (basic input/output system) provides a bridge between a PC's operating system and its hardware, CME will create protected areas on a PC's hard drive that can host sensitive data or applications that alleviate common problems, allowing the computers to run even if the operating system is damaged, the company said. http://zdnet.com.com/2100-1104-984896.html - - - - - - - - - - Tracking the Killer Worm Whereas TCP connections require a three-way "handshake," UDP connections do not require such an acknowledgement. Therefore, the Slammer worm, which spread via UDP, could make connections as fast as the host servers could send out packets. Are you paranoid yet? If not, you should be. The SQL Slammer worm was yet another in a long string of wake-up calls indicating that many enterprises' security practices are not up to snuff. http://www.newsfactor.com/perl/story/20776.html - - - - - - - - - - GIZMORAMA: Debunking hoax viruses Beware! Some nasty viruses are lurking out there. Some people with nothing better to do in their lives than make others miserable are cooking up new toxic programs every day. We have often wondered if there was a monetary relationship between virus authors and virus killers, each supplying the other's means of a living. Don't laugh. It's possible. http://www.nandotimes.com/technology/story/768398p-5532416c.html - - - - - - - - - - Bye, cyberczar Clarke - thanks for everything The retirement of Richard Clarke is appropriate to the reality of the war on terror. Years ago, Clarke bet his national security career on the idea that electronic war was going to be real war. He lost, because as al Qaeda and Iraq have shown, real action is still of the blood and guts kind. http://www.securityfocus.com/columnists/143 - - - - - - - - - - Instant mayhem Email has revolutionised the way we talk to each other. For many of us, snail mail is a thing of the past. However, the benefits of speedy communications have come at a price. The past few months have seen commercial and home email users assailed with malicious worms and viruses, underlining the dangers of sharing information online. http://www.smh.com.au/articles/2003/02/17/1045330518898.html - - - - - - - - - - Secure MySQL Database Design When it comes to installing software, secure design is often the last consideration. The first goal is usually just to get it to work. This is particularly true of databases. Databases are commonly referred to the keys to the kingdom: meaning that once they are compromised, all the valuable data that is stored there could fall into the hands of the attacker. With this in mind, this article will discuss various methods to secure databases, specifically one of the most popular freeware databases in use today, MySQL. http://www.securityfocus.com/infocus/1667 - - - - - - - - - - State to share visa info with FBI The State Department is working out an agreement with the FBI that would allow the law enforcement agency to tap into State's database of 50 million visa applications. The agreement, which will be spelled out in a memorandum in the next month or two, will help provide better links among agencies that use different and incompatible technology. http://www.fcw.com/fcw/articles/2003/0217/web-visa-02-18-03.asp - - - - - - - - - - Perspective: Closer to a national ID plan? A little-known company called EagleCheck is hoping to provide a standardized identity check technique that governments and corporations will use to verify that you are who you claim to be. EagleCheck, a privately held firm in Cleveland, proposes that whenever someone uses a driver's license or a passport for identity verification, the ID's authenticity will be checked through EagleCheck's network, which is tied to state motor vehicle and federal databases. The databases will respond by saying whether the ID is valid. http://news.com.com/2010-1071-984792.html *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.