NewsBits for February 27, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Hollywood, software firms aim at pirates Two major trade groups filed on Thursday a slew of civil lawsuits against people they claim were selling pirated copies of films and software via online auction sites. The Motion Picture Association of America (MPAA), Hollywood's chief trade association, brought 12 cases against individuals who were allegedly auctioning pirated editions of popular films including "Harry Potter and the Chamber of Secrets" and "Die Another Day." The Business Software Alliance (BSA), whose members include Adobe and Apple, filed a handful of similar cases against people it said were selling stolen or illegally copied pieces of software. http://news.com.com/2100-1025-990489.html - - - - - - - - - - Fines leveled in online privacy case Candy maker Hershey Foods Corp. and cookie baker Mrs. Fields Original Cookies Inc. agreed to pay $185,000 to settle charges that they collected personal information from children without their parents permission, U.S. regulators said Thursday. http://www.msnbc.com/news/878558.asp - - - - - - - - - - Mass. man pleads guilty to affair with Bayside teen A Massachusetts man charged with having sex with a 15-year-old Bayside boy he met on the Internet last summer has pleaded guilty and faces one to three years in prison when he is sentenced next month, Queens District Attorney Richard Brown said last week. Chun Ho, 29, of 121 Tremont St. in Brighton, Mass., pleaded guilty to charges of sodomy and endangering the welfare of a child, the DA said. The DA's office said Ho admitted to meeting the boy in April in an online chat room, communicating with him repeatedly on the computer and telephone before driving down to Queens for sexual encounters with him in May and June http://www.zwire.com/site/news.cfm?newsid=7202615&BRD=1079&PAG=461&dept_id=506421&rfi=6 - - - - - - - - - - Juneau man pleads to federal child porn charges A Juneau man accused of using the Internet to attempt to lure a young boy into a sexual relationship has pleaded guilty to attempted possession of child pornography. Joseph L. Geist, 51, pleaded guilty Tuesday in federal court. A grand jury indicted Geist in November on charges of using electronic mail and a cell phone for attempted sexual abuse of a minor and possession of child pornography. http://www.news-miner.com/Stories/0,1413,113~26794~1207192,00.html - - - - - - - - - - Massive Attack star in child porn inquiry MASSIVE Attack's Australian tour may be in jeopardy after front man Robert Del Naja was arrested in a child pornography investigation. Although not charged, Del Naja -- known as 3D -- has been released on bail. It is common for bail agreements to prevent an accused from travelling overseas. Del Naja, 36, was arrested at his home in Bristol by police investigating an internet child porn racket. He is the second high-profile musician -- after Pete Townshend from The Who -- to be implicated in the Scotland Yard crackdown. http://entertainment.news.com.au/common/story_page/0,4459,6053363%255E7484%255E%255Enbv,00.html - - - - - - - - - - Pelham Middle School teacher charged in sex sting A 40-year-old schoolteacher and wrestling coach who thought he was engaging in sexually explicit online chats with a 14-year-old boy has been arrested by an undercover investigator who had posed as the teen, Westchester County District Attorney Jeanine Pirro announced yesterday. Spencer Glenn Davis, of 301 Post Road, North Salem, a sixth-grade teacher at Pelham Middle School since 1998 and the head wrestling coach at Woodlands High School in Greenburgh, became the 67th person charged in Pirro's Internet sex sting. http://www.nyjournalnews.com/newsroom/022703/a0127sexsting.html - - - - - - - - - - Detective: Man tried to lure girl on Internet A Melbourne man who thought he was communicating online with a 14-year-old girl was arrested Tuesday in Boynton Beach after traveling to Palm Beach County to meet the teen for sex, police said. Thomas S. Tewell, 40, had corresponded by Internet chat more than a half-dozen times with a Boynton Beach police detective posing as a 14-year-old girl, according to court documents. Tewell wrote in the Internet chats that he wanted to have sex with the girl and wanted to meet her, his arrest report said. http://www.sun-sentinel.com/news/local/palmbeach/sfl-p3bdig27feb27,0,5870875.story - - - - - - - - - - Sex-crime detective confident Sheriff's Detective Michael DiMatteo, who is under investigation for allegedly planting evidence, said Wednesday his name will be cleared once the inquiry is complete. DiMatteo is being sued by Gary Vertican II, a 34-year-old Crestline man who alleges the detective planted images of child pornography on CD-ROMs seized from Vertican's home. Vertican was convicted in November 2000 of attempted child molestation in a cybercrime case investigated by DiMatteo. http://www.sbsun.com/Stories/0,1413,208~12588~1207005,00.html - - - - - - - - - - Privacy again a hot-button issue for legislators Top federal and state privacy enforcement officials are promising aggressive action against companies that, through theft or accident, allow customer data to leak out. But there are divergent views on whether tougher privacy legislation is actually needed to protect customer data. U.S. Rep. Clifford Stearns (R-Fla.), the leading advocate of privacy legislation in the House of Representatives, said he plans to reintroduce within a few days privacy legislation that would set an "opt-out" standard for consumers. http://www.computerworld.com/securitytopics/security/privacy/story/0,10801,78887,00.html - - - - - - - - - - Finance sector to get terror legislation Treasury green paper to protect banking system from terrorists and viruses. The government is considering legislation to protect the banking system in the event of a major terrorist attack or computer virus outbreak. A green paper, The financial system and major operational disruption, published this week by the Treasury, warns that a major catastrophe could threaten the whole financial infrastructure of the UK. http://www.vnunet.com/News/1139090 - - - - - - - - - - French legislators vote to ban spam France's National Assembly on Monday voted in favor of banning unsolicited e-mail sales messages, known as spam. The move, presented to the lower house of parliament in the form of government amendments to a law to "increase confidence in the digital economy," was approved by deputies at a first reading. Direct electronic marketing without prior consent would be allowed in certain circumstances where the parties involved were properly registered so as not to penalise e-business between companies. The law now goes up to the upper house, the Senate, for its approval. http://www.nandotimes.com/technology/story/782597p-5609931c.html - - - - - - - - - - Your Child Could Be Internet Victim In Minutes It can be frightening how fast a teenager can fall victim to an Internet predator. It can happen in just minutes. But there are things parents can do to keep their teens safe. Amber Wynne is a typical 13-year-old. With her parents in the room, and under the supervision of Montgomery County detective Ray Kuter, Amber helped NBC 10 News demonstrate how quickly a child can become the victim of an Internet predator. Within 30 seconds, a 28-year-old man from California named Jake starts asking Amber personal questions, like her age, sex, and location. She tells him that she's 13, her name is "Brittney" and she lives in a Philadelphia suburb. Despite Amber's age, Jake asks her for a picture. It's now been seven minutes since she entered the chat room. http://www.nbc10.com/news/2008660/detail.html - - - - - - - - - - DVD-copying upstart battles Hollywood 321 Studios is asking a judge to block Hollywood's attempts to stop it from shipping its DVD-copying products, claiming its software is protected free speech. The company has been sued by seven major movie studios, which claim 321's DVD X Copy and DVD Copy Plus programs are helping to promote movie piracy. The studios claim the company is violating the Digital Millennium Copyright Act (DMCA) by selling software that can bypass protections on DVDs to make near-perfect copies. http://zdnet.com.com/2100-1105-986317.html - - - - - - - - - - Monster.com warns of growing problem of ID theft Internet job board Monster.com, acknowledging a growing problem for online career sites, is e-mailing millions of job seekers, warning that fake listings are being used to gather and steal personal information. An e-mail message from Monster, which arrived in many users' computer mailboxes Thursday, cautions that "regrettably, from time to time, false job postings are listed online and used to illegally collect personal information from unsuspecting job seekers." http://www.nandotimes.com/technology/story/784223p-5618653c.html - - - - - - - - - - DOD releases second half of security policy The Pentagon released an information assurance policy today that sets specific controls and standards for how users should secure Defense Department networks. Directive 8500.2 is the second part of a strategy to address the changing security needs in the department. DOD issued the first part, 8500.1, last October. It supplied a framework for DOD to follow to protect its information systems, said Robert F. Lentz, director of information assurance for the Office of the Assistant Secretary of Defense for Command, Control, Communications and Intelligence. http://www.gcn.com/vol1_no1/daily-updates/21267-1.html http://www.fcw.com/fcw/articles/2003/0224/web-dodia-02-27-03.asp - - - - - - - - - - Internet sleuths: NCC course helps police, find cybercriminals A 14-year-old girl received an e-mail saying the sender would kill her if she didn't provide nude photos of herself. Upset that a neighbor's 9-year- old child wrote on his driveway with chalk, a man posted an explicit sex offer -- supposedly from the girl -- on the Internet along with her family's phone number. Michael Sullivan, a Naperville, Ill., police detective whose special technology-offense unit solved those crimes, yesterday used those experiences to help teach Norwalk Community College's new weeklong Computer Crime Investigator Course. http://www.norwalkadvocate.com/news/local/scn-sa-computercrime1feb27.story - - - - - - - - - - Is vigilante hacking legal? Striking back at computers that are attacking a company or home network could be legal under federal nuisance laws, a technology-law expert said Thursday. Curtis Karnow, attorney for law firm Sonnenschein, Nath & Rosenthal, stressed during a speech at the Black Hat Security Briefings conference here that no court case has yet established precedent regarding the use of a limited counterstrike to stop Internet attackers, but that nuisance statutes appear to apply. http://news.com.com/2100-1002-990469.html - - - - - - - - - - Credit Card Cos. Watch Own Backs The credit card industry focuses too much on reducing its own fraud costs and not enough on protecting consumers. That's the central claim in a new report from research firm Gartner that slams credit card companies for failing to notify consumers when credit card records are compromised by malicious hackers. The report notes that while credit card companies' "zero-liability" policies protect card holders from paying for unauthorized or fraudulent charges, they do not protect consumers from identity theft and the credit report hell that can follow. http://www.wired.com/news/privacy/0,1848,57823,00.html - - - - - - - - - - White House Finds Homeland Security Jobs a Tough Sell Just two days before 22 federal agencies are set to move to the new Department of Homeland Security, the White House has yet to fill three top positions responsible for protecting the nation's physical and digital infrastructure and managing the department's intelligence-gathering activities. The vacant posts are in DHS's Directorate for Information Analysis and Infrastructure Protection (IAIP), a terrorist threat assessment and warning unit that includes five cybersecurity divisions previously scattered across other federal agencies. March 1 is the deadline for most federal agencies reassigned to DHS to have completed the move to the department. http://www.washingtonpost.com/wp-dyn/articles/A7298-2003Feb26.html - - - - - - - - - - Finger-tapping to combat fraud Man entering PIN number at a cash machine. The way you tap in your PIN is unique Finger-tapping could become the latest weapon in the ongoing fight against debit card fraud. The way a person taps a number into a cash machine or mobile phone could be used as a means of identification according to scientists at the UK's university of Southampton. When a person taps on an object a unique set of waveforms are produced, which can be programmed and used to verify the person's identity. http://news.bbc.co.uk/2/hi/technology/2801403.stm - - - - - - - - - - Spammers Hiding Behind Students "Paying students to spam is a relatively new phenomenon, so we don't know the extent of the problem," says Steve Worona, director of policy and network programs for EduCause, a group that promotes the use of IT in higher education. University networks already stressed by file- sharing programs, viruses and hackers now face a new threat: students who sublet their network access to spammers for as little as $20 per month. http://www.newsfactor.com/perl/story/20871.html - - - - - - - - - - DOD spy database funding revealed The U.S. Defense Department has awarded millions of dollars to more than two-dozen research projects that involve a controversial data-mining project aimed at compiling electronic dossiers on Americans. NEARLY 200 CORPORATIONS and universities submitted proposals to the Defense Advanced Research Projects Agency, according to government documents brought to light by a privacy group Thursday. John Poindexter, who oversees the agencys Total Information Awareness (TIA) program, approved 26 of them last fall, including grants to the University of Southern California, the Palo Alto Research Center, and defense contractor Science Applications International. http://www.msnbc.com/news/878582.asp http://www.wired.com/news/conflict/0,2100,57830,00.html - - - - - - - - - - Security flaw exposes Windows ME Microsoft has issued a software patch for what it calls a critical security flaw in its Windows Millennium Edition operating system, according to the company's Web site. The security flaw is a "buffer run" vulnerability, which, if exploited, lets an attacker execute software programs on a victim's computer. The flaw could allow attackers to delete files, run software code and modify programs that appear to have originated locally on the victim's PC, according to the warning on Microsoft's Web site. http://zdnet.com.com/2100-1105-986292.html http://news.zdnet.co.uk/story/0,,t269-s2131178,00.html http://www.vnunet.com/News/1139101 - - - - - - - - - - Vendors roll out new corporate spam-fighting tools Vendors continued to heed companies' calls for more spam- fighting tools this week, rolling out new enterprise products and services designed to can spam. Both e-mail security provider MX Logic Inc. and antispam software and service company Brightmail Inc. are unveiling new technologies that they say can significantly reduce the amount of spam flowing into companies' in-boxes. http://www.computerworld.com/softwaretopics/software/groupware/story/0,10801,78879,00.html - - - - - - - - - - These Are Not Your Father's Wiretaps In the old days, tapping a phone was as easy as one- two-three. All calls ran over Ma Bell's copper wires. To listen in, law-enforcement agents simply requested that the phone company isolate the suspect's wire and record any calls made or received. One phone company. One network. One flip of a switch. That was eons ago by techno-standards, however. The new world of telecommunications has made it much harder for the FBI to thwart evildoers -- and for privacy advocates to ensure that the agency doesn't overstep its bounds. http://www.securityfocus.com/news/2720 - - - - - - - - - - Fragmentation holds back IT security Many firms prevented from deploying essential security policies, warns analyst. Fragmentation of the information security services market is preventing many enterprise and public organisations from deploying essential security policies, industry experts have warned. In its latest report, The Shifting Landscape: US Information Security Services, 2002, analyst firm IDC said that the global IT security services market will be worth $23bn (PS15bn) annually by 2006, but is categorised by immaturity which leaves it fragmented and highly dynamic. http://www.vnunet.com/News/1139102 - - - - - - - - - - Cyber-Blackbeards Beware Uncle Sam is getting serious about piracy. No, not the parrot-toting knaves of the high seas, but their modern- day broadband namesakes. The latest development: The Justice Department this week seized a domain name and Web site that traded tips and products about copyrighted movies and games. Officials are using the case to warn other potential pirates about the risks of swapping illegal files and copyrighted products on the Internet. http://www.washingtonpost.com/wp-dyn/articles/A10376-2003Feb27.html - - - - - - - - - - Intrusion Prevention Systems: the Next Step in the Evolution of IDS You blended your IDS with my firewall! No, you blended your firewall with my IDS! Either way, when you combine the blocking capabilities of a firewall with the deep packet inspection of an IDS, you get the new kid on the block: intrusion prevention systems or IPS. http://www.securityfocus.com/infocus/1670 - - - - - - - - - - War Protesters Are Taking to Information Superhighway Opponents of a U.S. invasion of Iraq flooded the nation's capital with phone calls, e-mails and faxes Wednesday in an organized protest with a technological twist. Organizers of the "virtual march on Washington" said that Senate offices and the White House were deluged with more than 1 million calls and faxes. "We are getting slammed by the virtual marchers," said an aide to Sen. Zell Miller (D-Ga.), who supports President Bush in the use of force, if necessary, to disarm the government of Saddam Hussein, with or without U.N. approval. http://www.latimes.com/technology/la-na-antiwar27feb27,1,262154.story http://www.cnn.com/2003/TECH/ptech/02/26/virtual.protest/index.html http://www.wired.com/news/politics/0,1283,57824,00.html *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.