NewsBits for March 7, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ Judge Discards F.B.I. Evidence in Internet Case of Child Smut A federal judge in Manhattan has thrown out the government's evidence in an Internet child pornography case involving a Bronx man, in a ruling that could imperil scores of related prosecutions around the country. The judge, Denny Chin of Federal District Court, ruled that the F.B.I. agents who had prepared a crucial affidavit had "acted with reckless disregard for the truth." The ruling, dated Wednesday, was released yesterday, the same day that a federal judge in St. Louis, Catherine D. Perry, ordered evidence suppressed in a related case. Judge Perry, too, cited false statements in the affidavit.,,t269-s2131566,00.html,1848,57956,00.html - - - - - - - - - - Police raids following Texas University ID cyber-heist Crackers are believed to have swiped the social security numbers of 55,200 past and present University of Texas faculty members and students, following a computer break-in last weekend. The disclosure has prompted fears that the social security data might find it ways into the hands of ID thieves. Early indications are that the data has not, at least yet, been misused to obtain fraudulent loans and credit card accounts.,,t269-s2131593,00.html - - - - - - - - - - Man Acquitted of Online Threats on Jews A man has been acquitted of sending e-mails that threatened to kill Jews in Brooklyn. A federal court jury found Fowad Assed, a Palestinian-born U.S. citizen living in Brooklyn, innocent of sending three online messages to the Jewish Defense League that threatened bombing businesses in Borough Park, a heavily Jewish neighborhood. - - - - - - - - - - Equipment seized from Purdue students in child porn investigation Purdue University police seized computers and electronic equipment from 17 students as part of a child pornography investigation. Police said today that no arrests have been made, and the investigation is continuing. Officers received a warrant to search the on-campus rooms of 12 students yesterday. Five additional students voluntarily turned over computer equipment. Campus police say a preliminary investigation has turned up no apparent link among the 17 students. - - - - - - - - - - Police: Child Porn Found On Principal's Computer The principal of Newfields Elementary School is in more trouble. Police took 61-year-old Barry Ring into custody Thursday morning after reporting they found child pornography on his school-issued laptop computer. Ring faces six counts of possessing child pornography. Each carries a prison sentence of up to seven years. - - - - - - - - - - Child porn case held New trial dates have not been set for a 42-year-old city man charged with numerous sex crimes. Edwin Bartholomew, formerly of 366 Cherry St., remains in custody of the U.S Marshals Service Office while awaiting trial in Crawford County, Cleveland and California. In U.S. District Court in Cleveland, he faces two counts of sexual exploitation of children, two counts of transporting and receiving child pornography and a count of possessing child pornography. California authorities also allege Bartholomew transmitted pornographic pictures of children over the Internet. A Feb. 4 trial in Cleveland was postponed. According to a spokesperson for U. S. District Judge Donald C. Nugent, authorities are trying to transfer charges in California to Cleveland so Bartholomew can be tried at one time. - - - - - - - - - - E-mail scam tries to fool PayPal users PayPal subscribers are being targeted by a fraudulent e-mail scheme designed to con them into handing over their personal information. Over the past week, users of eBay's online payments service have been receiving e-mails masquerading as official PayPal alerts, eBay spokesman Kevin Pursglove confirmed Friday. The messages ask recipents to submit bank and credit card details. - - - - - - - - - - EarthLink says it stops ID-theft scam Internet provider EarthLink Inc. said Friday it had blocked an apparent identity-theft scam that sought to collect credit-card and bank-account numbers from its customers. Many EarthLink subscribers recently received an email message urging them to resubmit their personal information or face termination of their accounts, due to a recent system flush. - - - - - - - - - - Games anti piracy bot fingers ZX Spectrum archive site Hot on the heels of yesterday's BSA robot busts OpenOffice story we have a doppelganger - a games antipiracy trawling operation with mesh so small we feel sure it must be in breach of European fisheries legislation. The Interactive Digital Software Association last month sent a "Berne Convention - Demand for Immediate Take Down - Notice of Infringing Activity" to World of Spectrum, which is home of the Sinclair ZX Spectrum archive and also describes itself as "the largest on-line gaming center on the Internet." - - - - - - - - - - Scottish law firm hit by malicious email hoax Police and ISPs are investigating an email - set up to look like it was from a senior Scottish lawyer - that offers to 'screw the opposition to the wall'. A Scottish law firm is counting the cost of a damaging hoax email that someone has sent to thousands of addresses, purporting to be from a prominent partner at the firm who promises to be a "ruthless bastard" and "screw the opposition" on behalf of his clients in legal proceedings.,,t269-s2131611,00.html - - - - - - - - - - Senate Leader scraps website war poll, blaming hackers Senate majority leader Bill Frist has yanked a "Bomb Iraq" poll from his website. Frist's office told The Register that "tampering" was to blame for the removal of the poll, which asked "Should the United States use force to remove Saddam Hussein from power? Your opinion is important to Senator Frist." "Clever computer programmers created a program that generated 8,700 votes in a day," a spokesperson told us. Which is where the mystery really begins. The spokesperson couldn't say whether the software was running inside the firewall, representing a major breach of the Senate IT security, or was a robot-style vote generator run by netizens. - - - - - - - - - - Senate panel approves expansion of government wiretap power The Senate Judiciary Committee voted on Thursday to give the government new anti-terrorism powers to wiretap foreigners suspected of being "lone wolves" plotting violence. The legislation sponsored by Sen. John Kyl, R-Ariz., was approved 16-0 and sent to the Senate for consideration. The bill was a substitute by Kyl that added a "sunset" provision to have it expire at the end of 2006. - - - - - - - - - - State lawmakers will also take up the issue of child pornography. The latest proposal would close loopholes for computer- generated child porn. Another bill would force Texas schools to filter pornography from the internet. "Internet pornography is a booming industry. It's twice as large as Major League Baseball," said Rep. Buddy West (R), Odessa. The supreme court says virtual pornography is legal because it doesn't exploit a real child. One of the new bills would allow prosecutors to argue against that. - - - - - - - - - - Disaster scenario reveals private-sector misperceptions On the eve of military action by the U.S. and with terrorist attacks against the private sector still possible, CIOs and IT managers remain confused about the roles and missions of various organizations involved in response and recovery efforts stemming from a major disaster, according to former CIOs and experts. In a Computerworld poll taken last week, just after 158 CIOs and IT managers watched security experts role-play responses to a fictional disaster involving both physical and cyber-based attacks, 55% of respondents assigned blame for the IT disaster to the various private-sector Information Sharing and Analysis Centers (ISAC).,10801,79104,00.html - - - - - - - - - - Homeland security approach to privacy challenged Former Virginia Gov. James S. Gilmore III said yesterday that he's worried about the effect of the nation's high- tech homeland security efforts on privacy, and he took issue with experts who argue that a balance must be found between security and privacy. Speaking at the Homeland & Global Security Summit here, Gilmore, the chairman of the Advisory Panel to Assess Domestic Response Capabilities for Terrorism Involving Weapons of Mass Destruction, said he is concerned that the country is "on a hair trigger" when it comes to responding to terrorist threats.,10801,79148,00.html - - - - - - - - - - States rush to pass laws to fight spam By the end of this year, all 50 states may have antispam laws on the books, and Congress, which has never been under greater pressure to take action to fight unwanted e-mail, could also adopt a national law. But there's little hope that legislation will bring IT managers much relief. So far, 26 states have adopted spam laws that do things such as making forged address headers illegal. Other laws require that "ADV," short for advertisement, be included in the subject line of unsolicited commercial e-mail.,10801,79157,00.html - - - - - - - - - - Visa moves to prevent ID theft Visa USA said Thursday it will stop merchants that take Visa payments from displaying all but the last four digits of a card number on receipts in an effort to thwart a surge in financial identity theft. "Identity thieves thrive on discarded receipts and documents containing consumers' information such as payment account numbers, addresses, Social Security numbers, and more. Visa's new policy will protect consumers by limiting the information these thieves can access," Visa USA CEO Carl Pascarella told a press conference. - - - - - - - - - - The darkest side of ID theft When impostors are arrested, victims get criminal records. Malcolm Byrd was home with his two children on a Saturday night when a knock came at the door. Three Rock County, Wis., sheriffs officers were there with a warrant for Byrds arrest. Cocaine possession, with intent to distribute, it said. Byrd tried to tell them that they had the wrong man, that it was a case of mistaken identity, that he was a victim of identity theft. But they wouldnt listen. Instead they put him in handcuffs and drove him away. Again. - - - - - - - - - - Officials urge quick patch on e-mail security hole The race is on to patch a security hole on millions of e-mail computer servers. The concern: The flaw could be exploited by hackers to potentially disrupt America's infrastructure as war looms with Iraq. The hole was found by security firm Internet Security Systems (ISS) in December. Though no attacks have occurred, a hacker could tap into the Internet's most widely used e-mail-server program, Sendmail, and block, steal or erase e-mail. - - - - - - - - - - Security holes found in Google's Blogger Pyra Labs Inc. patched a number of security holes in its Blogger Web-based publishing tool this week that could have enabled a hacker to publish on Web logs owned by others. The holes were discovered by celebrated hacker Adrian Lamo, who reported them to San Francisco-based Pyra, according to a statement on the Blogger Web site. Search engine company Google Inc. acquired Pyra in February for an undisclosed amount.,10801,79149,00.html - - - - - - - - - - The Best Spyware Stopper According to Fred Felman, vice president of marketing at Zone Labs, ZoneAlarm "shuts down Internet connectivity instead of losing control of the system" when an unauthorized application tries to send information from a user's PC. After years of worrying about viruses and trojans, users have a new nemesis: spyware. This term refers to any program that distributes information from a user's computer without that user's knowledge. - - - - - - - - - - Cryptographic Filesystems: Design and Implementation As security becomes a greater focus in networks, every aspect of online information needs a level of protection from the network-level use of firewalls and IDS to the host-level use of IDS. However, an additional level of security has recently come to the forefront of security - cryptographic filesystems. While the technology for cryptographic filesystems has been available for quite a while, the deployment of cryptographic filesystems in production environments has not taken hold. - - - - - - - - - - Fighting back against spam Two bodies stepped up to the plate in the anti-spam battle, Wi-Fi came down to the pub, and Microsoft promised to send the DLL packing. Most Internet users are fed up with spam, and the marketing industry's self-regulatory body is finally taking this to heart, for what it's worth. New rules could have a big impact on stemming junk text messaging, but are less likely to make a difference to the flood of direct marketing filling your inbox. And an official Anti-Spam Research Group has been convened under the auspices of the Internet Research Task Force; it doesn't have policy-setting powers, but it could still prove influential.,,t269-s2131597,00.html - - - - - - - - - - Windows leaks or peeks? Microsoft has had some trouble holding on to its software lately, with versions of popular programs finding their way on to the Internet before their intended release. An early test version of the next major release of Windows leaked onto the Net, offering a glimpse of the companys plans for the new software. The leaked version of the upcoming desktop operating system, code-named Longhorn, hints of major changes under the Windows hood, including a new file system with enhanced storage capabilities. Known as Windows Future Storage, the new means for storing, accessing or indexing files will replace NTFS and FAT32, the predecessors used by Windows XP. - - - - - - - - - - Secure software for human rights workers could save lives During the conflict in Kosovo, a human rights researcher was passing through a checkpoint when government soldiers discovered the phone numbers of numerous rebel commanders in his notebook.The incident may have endangered Kosovo Liberation Army sources. That's why the researcher, Peter Bouckaert of Human Rights Watch, wishes that at the time he'd had a new software tool developed expressly for people like him who collect ultrasensitive information. *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.