NewsBits for March 5, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Feds to prosecute cybersex case rejected by Maryland court The Justice Department is prosecuting an Internet sex case rejected by a Maryland court that ruled the suspect committed no crime because his "victim" was a state trooper posing as a 15-year-old girl. Donald Taylor Jr., 47, drove to Frederick from New Jersey in 1999, allegedly to have sex with an Internet correspondent he believed to be an underage girl. He was arrested by authorities who set up the sting, and charged with attempted third-degree sex offense involving a minor and solicitation of a minor for unlawful sexual conduct online. The case was thrown out by a judge who agreed with defense arguments that it was legally impossible for Taylor to commit those crimes with an adult. http://www.nandotimes.com/technology/story/793616p-5669562c.html - - - - - - - - - - Norwegian Court Approves DVD Hack Retrial A Norwegian court has approved prosecutors' appeal of a teenager's acquittal on charges that he created and circulated online a program that cracks the security codes on DVDs. An appeals court in Oslo granted the appeal but scheduled no trial date, Erik Moestue of Norway's economic crimes unit said Wednesday. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/5322436.htm http://www.nandotimes.com/technology/story/793147p-5667374c.html - - - - - - - - - - High court to hear Web smut case In the latest test of Congress' ability to control online content, the U.S. Supreme Court on Wednesday will hear arguments over whether libraries should be required to filter out porn on their Internet- connected computers. The case pits librarians worried about censorship and local control against anti-pornography crusaders who say the nation's schools and libraries should not serve as portals to violent and sexually explicit material. http://news.com.com/2100-1028-991096.html http://news.com.com/2100-1028-991199.html http://www.siliconvalley.com/mld/siliconvalley/news/editorial/5321221.htm http://www.nandotimes.com/technology/story/792875p-5666208c.html http://www.usatoday.com/tech/news/techpolicy/2003-03-05-library-filter3_x.htm http://dc.internet.com/news/article.php/2084861 - - - - - - - - - - Supreme Court OKs posting sex offender listings online The Supreme Court ruled Wednesday that states may put pictures of convicted sex offenders on the Internet, a victory for states that use the Web to warn of potential predators in neighborhoods. In a separate narrow ruling, the court turned back a challenge from offenders who argued they deserved a chance to prove they aren't dangerous to avoid having their pictures and addresses put on the Internet. http://www.usatoday.com/tech/news/techpolicy/2003-03-05-scotus-offenders_x.htm http://www.cnn.com/2003/LAW/03/05/scotus.sex.offenders.ap/index.html - - - - - - - - - - Europe Hacker Laws Could Make Protest a Crime The justice ministers of the European Union have agreed on laws intended to deter computer hacking and the spreading of computer viruses. But legal experts say the new measures could pose problems because the language could also outlaw people who organize protests online, as happened recently, en masse, with protests against a war in Iraq. The agreement, reached last week, obliges all 15 member states to adopt a new criminal offense: illegal access to, and illegal interference with an information system. It calls on national courts to impose jail terms of at least two years in serious cases. http://www.nytimes.com/2003/03/05/international/europe/05BRUS.html - - - - - - - - - - Kellogg describes cyber battlefield The war on terrorism is being fought not only in places such as Afghanistan and Pakistan, but also on a cyber battlefield where terrorists are using information technology to their advantage. However, the Defense Department is also using IT and is attempting to "connect the dots" before the next attack is carried out, according to one member of the Joint Staff. Army Lt. Gen. Joseph Kellogg Jr., director of command, control, communications and computers for the Joint Staff, said the cryptology being used by terrorists to protect their data and communications is as good, if not better, than DOD's solutions. http://www.fcw.com/fcw/articles/2003/0303/web-kellogg-03-05-03.asp - - - - - - - - - - House homeland committee creates cybersecurity subcommittee The new House Homeland Security Committee on Tuesday created five subcommittees, including one on Cybersecurity, Science and Research & Development to oversee the nations electronic preparedness. Members have not been assigned to the new subcommittees, according to the office of the committees chairman, Rep. Christopher Cox (R-Calif.) The Homeland Security Committee was formed to coordinate all House oversight of the Homeland Security Department and has legislative jurisdiction over the 2002 act creating the department. http://www.gcn.com/vol1_no1/daily-updates/21333-1.html http://www.computerworld.com/governmenttopics/government/policy/story/0,10801,79063,00.html - - - - - - - - - - Former Bush official praises cybersecurity consolidation A former Bush administration official said on Tuesday that consolidation of the government's cybersecurity responsibilities within the Homeland Security Department will enhance efforts to protect physical and electronic infrastructures. John Tritak, former head of the Commerce Department's Critical Infrastructure Assurance Office, defended the move. "The idea there is to consolidate and leverage the core competencies of these individual organizations in a way we couldn't do before," he said. Abolishing the board "does not suggest deviation of concern" about cybersecurity within the White House. http://www.govexec.com/dailyfed/0303/030503td2.htm - - - - - - - - - - Cyber Corps seeks to place security professionals The Cyber Corps, a federal program to intensively train students in systems security and related engineering and science disciplines, now has dozens of qualified students ready for government placements following graduation in the spring. http://www.gcn.com/vol1_no1/daily-updates/21334-1.html - - - - - - - - - - Budget crunch doesnt keep TSA from playing its cards The Transportation Security Administration is moving ahead with a smart-card pilot for employees and a passenger-screening project despite a multimillion- dollar budget shortfall. For fiscal 2004, the agency expects to receive $500 million less than it requested in the proposal it sent to the Office of Management and Budget, CIO Patrick Schambach said. In the budget he sent to Congress, President Bush earmarked $4.81 billion for TSA. But officials said the budget crunch wont delay rollout of the Transit Worker Identification Credential, a smart card for physical and network entry at several transportation nodes across an entire region, including ports, railways and airports. http://www.gcn.com/vol1_no1/daily-updates/21300-1.html - - - - - - - - - - UK advertising authority introduces anti-spam rules New requirements for UK marketers mean that consumers must consent before receiving direct marketing via email or text message. The UK's advertising authority has taken new measures to stop junk email and text messaging, by making it mandatory in most cases for advertisers to get explicit consent before they can send commercial messages. http://news.zdnet.co.uk/story/0,,t269-s2131469,00.html - - - - - - - - - - Cybercrime Follows Money Trail When asked why he always went after banks, the famed Depression-era robber Willie Sutton once explained that he picked them because "that's where the money is." Nowadays, with more banking transactions performed over electronic networks than teller windows, a federal agency believes the same logic might appeal to cyberterrorists. In a report released this week on "Efforts of the Financial Services Sector to Assess Cyber Threats," the U.S. General Accounting Office concluded that entities handling monetary transactions face a particularly high risk of attack by criminals or terrorist organizations. http://www.wired.com/news/business/0,1367,57911,00.html - - - - - - - - - - Hotmail struggles with Nigerian scam E-mail users, up in arms over the massive amounts of spam allegedly from wealthy Nigerian money- laundering refugees, want to know what ISPs and e-mail providers are doing about this scam. silicon.com spoke to a representative of Hotmail, which has become a particular favorite for all spammers because they are able to sign-up anonymously and start spamming within minutes. Similarly Hotmail users are targeted prolifically because of the sheer number of addresses @Hotmail.com--offering rich pickings for software generating random mail addresses. http://zdnet.com.com/2100-1105-991117.html - - - - - - - - - - Feds stand behind Sun's Liberty Alliance The U.S. General Services Administration and the Department of Defense on Wednesday announced that they will join the Liberty Alliance Project, which aims to standardize Web authentication. The two federal agencies said they will join Liberty to consider ways of centralizing their troves of electronic information with a common authentication system. The GSA said it will explore of ways to implement authentication technology across the federal government's Web sites as part of the Bush administration's 24-step eGovernment initiative. http://zdnet.com.com/2100-1105-991116.html http://www.fcw.com/fcw/articles/2003/0303/web-liberty-03-05-03.asp - - - - - - - - - - LSD puts Sendmail bug under the microscope Polish ethical hackers Last Stage of Delirium (LSD) yesterday published proof of concept code for a serious flaw in Sendmail which emerged this week. In a posting to BugTraq yesterday, LSD provides a detailed analysis of the buffer overflow vulnerability for the first time. Previous advisories on the flaw, which has been present in Sendmail (undiscovered) for some years, are noticeably lacking in detail. http://www.theregister.co.uk/content/55/29596.html - - - - - - - - - - Internet vulnerabilities caught in BIND Confusion is rife about potential vulnerabilities in BIND, the most commonly used domain name server on the Internet, and experts are calling on the makers of the software to clarify the issue. Domain name servers are used to match domain names to numerical IP addresses, with the vast majority of these running BIND; the software essentially runs the Internet. http://zdnet.com.com/2100-1105-991094.html - - - - - - - - - - AOL claims 1 billion spam e-mails blocked In a single 24-hour period on Monday and Tuesday, America Online says it trashed a billion e-mails offering mortgages and organ enhancement, instead of letting them slip into customers' inboxes. AOL spokesman Nicholas Graham said the company's software filters snagged the record number of junk, or spam, messages. http://www.nandotimes.com/technology/story/793595p-5669484c.html ASA clamps down on spam http://www.theregister.co.uk/content/6/29583.html - - - - - - - - - - Court dismisses Falwell domain name case A federal judge in Virginia has dismissed Jerry Falwell's attempt to gain control of the Web address bearing his name, saying the court does not have jurisdiction over the matter. Falwell had claimed Illinois resident Gary Cohn violated trademarks by using the Jerryfalwell.com and Jerryfallwell.com Web addresses to post parodies of the televangelist. Cohn poked fun at Falwell, who blamed the Sept. 11 attacks on gays, pro- choice groups and others, comparing his views to those of people such as Osama bin Laden and Saddam Hussein. http://news.com.com/2100-1028-991215.html - - - - - - - - - - World's smallest combination lock gears up - for IT security One of America's top defence research institutes, Sandia National Laboratories, has unveiled a combination lock with a difference -- it's the size of a shirt button. Using microelectromechanical system (MEMS) design, the Recodable Locking Device has six notched gear wheels each the size of a full stop to replicate a traditional locking mechanism on a silicon chip. The resultant device gives a user just one chance to select the correct preset code from a million possible combinations - if the code is incorrect, the device mechanically locks shut until reset by the owner. Because of the simplicity of the device, the labs say, it is extremely easy to analyse for vulnerabilities. http://news.zdnet.co.uk/story/0,,t269-s2131479,00.html - - - - - - - - - - Sun pushes biometric security to banks Smartcard/fingerprint scanning solution 'virtually eliminates' possibility of data theft. Sun Microsystems is aiming its high-security log-on system, combining biometrics with smartcard technology, at banks and healthcare. The product provides user login authentication in line with the FBI's National Institute of Standards and Technology criteria. http://www.vnunet.com/News/1139218 - - - - - - - - - - PowerSwipe Aims To Thwart Wireless Crimes By securing data locally, and not depending on a carrier's own encryption methods or Secure Sockets Layer (SSL) protocol, Creditel may have developed a wireless security solution for a whole host of vertical markets. Technicians at Los Angeles-based Creditel have spent nearly three years developing a mobile-security system that they believe will stymie a great many would-be wireless crooks. The company's soon-to-be-launched PowerSwipe device, expected to sell for less than US$300, attaches to a Java Latest News about Java phone and transforms it into a handheld commerce enabler. http://www.newsfactor.com/perl/story/20914.html - - - - - - - - - - Windows Root Kits a Stealthy Threat Hackers are using vastly more sophisticated techniques to secretly control the machines they've cracked, and experts say it's just the beginning. Barron Mertens admits to being puzzled last January when a cluster of Windows 2000 servers he runs at an Ontario university began crashing at random. Theonly clue to the cause was an identical epitaph carved into each Blue Screen of Death, a message pointing the blame at a system component called "ierk8243.sys." He hadn't heard of it, and when he contacted Microsoft, he found they hadn't either. http://www.securityfocus.com/news/2879 - - - - - - - - - - `Black boxes' put rights at risk DON'T LOOK THERE: One of the most alarming effects of federal copyright law has been the turning of crucial electronic devices into ``black boxes'' -- machines that are closed to scrutiny even when a great deal rides on their robustness and accuracy. Ed Felten, a Princeton University computer science professor, noted this danger at a ``Digital Rights Management'' conference last week at the University of California-Berkeley. He warned that the trend is not well-appreciated, and that the boundaries of black boxes are growing. http://www.siliconvalley.com/mld/siliconvalley/5320213.htm - - - - - - - - - - In new twist, feds seize Internet domain names Federal agents routinely seize property allegedly used in the commission of a crime, anything from a drug dealer's car or speedboat to a hacker's computer. In a series of raids in recent weeks, the Justice Department has extended such grabs to property that might seem esoteric but worry civil libertarians -- Internet domain names. In one case, the government took over Web sites that it said peddled bongs, roach clips, rolling papers and other paraphernalia used in the consumption of illegal drugs. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/5320801.htm - - - - - - - - - - Betting on Private Data Search A CIA-backed Las Vegas firm is pitching a new technology that it says could address many of the privacy problems brought on by the government's ever-growing need for information in the war on terrorism. Systems Research and Development, a company known for helping casinos spot fraud, has developed a product called Anonymous Entity Resolution. It claims the technology can help investigators determine whether a terrorist suspect appears in two separate databases -- say, a government watch list and a hotel reservation system. http://www.wired.com/news/technology/0,1282,57903,00.html - - - - - - - - - - Privacy Activist Takes on Delta Hell, no, Bill won't go. And he doesn't want anyone else to go either, if their travel plans involve Delta Airlines. Bill Scannell, organizer of the successful Boycott Adobe campaign launched when Russian programmer Dmitry Sklyarov was arrested in the summer of 2001, is now calling for a boycott on Delta. At issue is Delta's test run this month of CAPPS II, the Computer Assisted Passenger Prescreening System. CAPPS II would require background checks on all airline passengers when they book a ticket, including checking credit reports, banking and criminal records. http://www.wired.com/news/privacy/0,1848,57909,00.html - - - - - - - - - - Mac attack or just breaking Windows? Colorado man jailed after killing laptop. George Doughty hung his latest hunting trophy on the wall of his Sportsman's Bar and Restaurant. Then he went to jail. The problem was the trophy was Doughty's laptop computer. He shot it four times, as customers watched, after it crashed once too often. He was jailed on suspicion of felony menacing, reckless endangerment and the prohibited use of weapons. "It's sort of funny, because everybody always threatens their computers," said police Lt. Rick Bashor, seconds before his own police computer froze at police headquarters. http://www.nandotimes.com/technology/story/793331p-5668254c.html http://www.usatoday.com/tech/news/2003-03-05-laptop-rage_x.htm *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.