NewsBits for March 11, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ 7 arrested in Internet sex sting A Fayetteville man was among seven men arrested by investigators from the state Attorney General's office as part of an ongoing undercover "child sex sting" operation. Attorney General Mike Fisher and Dauphin County District Attorney Edward M. Marsico Jr. on Friday announced the arrest of Bob Pope, 40, of 11380 South Mountain Road. Fisher said the arrests are the result of an ongoing undercover Internet investigation initiated by agents with the Child Sexual Exploitation Task Force, part of Fisher's Bureau of Criminal Investigation. Fisher noted that since March 2001, the task force has made 32 arrests. Fisher explained that, as part of the sting operation, the defendants responded to postings on the Internet placed by an undercover agent. - - - - - - - - - - Man found guilty of seducing girl on Internet The fate of an Air National Guardsman who seduced a 14-year-old girl he met over the Internet could go into a state district court jury's hands today. The same jury Monday afternoon found former Pearland resident Brian Croft, 34, guilty of sexual assault of a child in a Sept. 22, 2001 attack that culminated a relationship begun months earlier in an online chat room. The girl was 13 when the two began communicating in April or May of that year. Between their online meeting and their face-to-face introduction in September 2001, Croft had sent the girl messages in which he claimed to love her and told her they would one day marry. Croft picked the girl up from her home in Houston and drove her to a Galveston hotel, where police said he tried to have sex with her. - - - - - - - - - - Man Faces Child Porn Charges After Wife Complains A man was charged Monday with pandering in child pornography after his wife complained about pictures allegedly found on their home computer. Shawn Alen McDonald , 34, of Columbus, was charged with nine counts of pandering involving the use of a minor in nudity, a fifth-degree felony. Police said an investigation started on June 17, 2002, when Nikki McDonald made a complaint with the Columbus Police Exploited Children's Unit and said that possible child porn was on her home computer. Nikki McDonald was upset by the alleged discovery while searching for evidence of an affair, NewsChannel 4's Tricia Gale reported. She then left their home for a brief period. She said that during the time she was away from her home, more questionable material was discovered on the computer, which was being shared only by her and her husband. - - - - - - - - - - Lofgren bill backs digital copying for personal use Congresswoman Zoe Lofgren re-introduced a bill Monday that seeks to preserve consumers' rights to make digital copies of music, movies and books for their own use. The bill, dubbed the Balance Act, would establish consumers' rights in the digital world. It would formalize the right to make backup copies of digital works for use on other devices -- like the car stereo or portable player -- and protect consumers who bypass technological locks to view a DVD movie on their laptops. Support wanes for antipiracy chips,,t269-s2131748,00.html - - - - - - - - - - Supreme Court declines to hear Internet libel case The U.S. Supreme Court has declined to intervene in a key Minnesota Internet libel case brought by an Alabama woman. The nation's highest court on Monday declined to hear an appeal of a Minnesota Supreme Court ruling on a petition by Katherine Griffis of Birmingham, Ala., who says she was defamed in an Internet Egyptology newsgroup by Marianne Luban, who lived in St. Paul at the time. Luban had ridiculed Griffis' credentials and expertise, saying Griffis, who taught noncredit college courses on Egyptology in Alabama, had gotten her college degree from "a Cracker Jack box." - - - - - - - - - - UK Govt publishes revised 'snoopers charter' The Government has watered-down its proposed "snoopers charter" following public concerns about widespread access to phone, email and Internet records. Last summer, the UK government unveiled sweeping extensions to its snooping powers with plans to widen the list of authorities which could demand access to phone, Internet and email records. The proposals caused an outcry - and a swift about-turn from the Government. Today, it published revised proposals which the Government claims "strikes a better balance" between the privacy of the citizen and the need to investigate crime and protect the public.,,t269-s2131747,00.html - - - - - - - - - - Bush signs bill to help block telemarketing calls President Bush on Tuesday signed legislation creating a national "do-not-call" list intended to help consumers block unwanted telemarketing calls. The bill allows the Federal Trade Commission to collect fees from telemarketers to fund the registry, which will cost about $16 million in its first year. The do-not-call program should begin operation by summer. Telemarketers say the registry will devastate their business. The Direct Marketing Association, an industry group, filed a lawsuit against the FTC last month on grounds the registry unlawfully restricts free speech. - - - - - - - - - - USAF CIO urges software firms to excise vulnerabilities Technology companies looking to do business with the Air Force must reduce vulnerabilities in their software products, the department's chief information officer said on Tuesday. "One of the big challenges to the software industry is, we absolutely have to improve the quality of our software," John Gilligan told an industry crowd during a breakfast sponsored by Input, a market analysis firm. "We cannot deal with the trend of one or more software vulnerabilities identified each day that, if they were exploited, could shut us down." - - - - - - - - - - Safety program to be used statewide for online education Utah Attorney General Mark Shurtleff announced Friday March 7 at the Utah Coalition for Educational Technology Conference that Utah is the first state to adopt into school curriculum a new tool for protecting children from inappropriate content on the Internet. The tool, Netsmartz, is a user-friendly animated children's workshop that educates children about sex solicitors and other dangers on the Internet through a series of games, exercises and activities. "We're very excited about it - it's going to be amazing," Shurtleff said. "The best way to protect our children is education." - - - - - - - - - - Now They're After You: Music Cops Target Users Millions of people download copyrighted songs and even movies from the Internet with little fear of being caught. That's about to change. "[The music industry is] starting to move down the food chain," says Lawrence Hertz, a partner at New York law firm Hall Dickler Kent Goldstein and Wood, and a specialist in online law. He predicts that music publishers and other content owners will soon use 1998's Digital Millennium Copyright Act much more aggressively-- prosecuting not only companies like Napster but also individuals who download copyrighted content --and that they will start with the biggest users of peer-to-peer networks.,aid,109584,00.asp - - - - - - - - - - Bunker storage for company secrets A relic of the Cold War in the English countryside is offering companies a secure place to store their most valuable commodity -- data. Nestled 30 meters underground, the Bunker has blast-proof doors, airlocks, magnetically shielded rooms and guard dogs. "It's designed to withstand nuclear, biological and chemical attack," says Paul Lightfoot, a former Royal Air Force (RAF) officer and Operations Manager at the Bunker, near Sandwich, Kent. - - - - - - - - - - Liberty Alliance reveals architecture plans The Liberty Alliance Project released details of its federated identity-management architecture today, a move it said would help companies resolve technical issues encountered when building the foundation for Web services. "The architecture outlines where we are going and explains our long-term technical vision," said Michael Barrett, president of the Liberty Alliance Management Board and vice president of Internet technology strategy at American Express Co.,10801,79256,00.html - - - - - - - - - - New software aims to monitor Navy intranet, prevent glitches New technology will enable the Navy and Marine Corps to better monitor progress on a project to consolidate its computer systems into a single, massive intranet and will help prevent the system from crashing, officials said Friday. In October 2000, Electronic Data Systems Corp. (EDS) won a five-year contract to provide technology, maintenance and help desk support for the multibillion NMCI project. The internal network is designed to increase and streamline information sharing among roughly 300 Navy and Marine Corps bases in the United States, Puerto Rico, Cuba, Guam, Iceland and Japan. NMCI is also intended to protect sensitive military information from hackers. - - - - - - - - - - CA research center at heart of data-mining storm For the next few years, Teresa Lunt, principal scientist at the Palo Alto Research Center in California, is expected to be on the front lines of the government's efforts to analyze the nation's commercial databases for potential terrorist activity while also protecting individuals' privacy. She is the leader of one research project to be funded by the Defense Department's Information Awareness Office. Lunt's project aims to develop a "privacy firewall" that weeds out identifying information in searchable databases while providing government analysts with enough information to try to identify terrorists. The project was one of 26 chosen out of 180 proposals and is expected to receive about $1 million a year for the next three years. - - - - - - - - - - Yahoo! activates new spam filters The Internet company claims that its new email service will stop more spam getting into its customers' inboxes. Internet media company Yahoo! has activated new filters for "spam" and junk messages on its email service, which it says will cut down dramatically on the unsolicited messages that sometimes plague its users.,,t269-s2131721,00.html - - - - - - - - - - ISS reports PeopleSoft vulnerabilities Software vulnerabilities in one component of PeopleSoft Inc.'s PeopleTools application framework could be used to launch attacks against a wide range of PeopleSoft installations and give attackers remote access to sensitive or confidential information. The vulnerabilities exist in code for a small program called SchedulerTransfer that resides on the PeopleSoft Web server, according to an alert published by Internet Security Systems Inc.'s (ISS) X-Force organization. The small program, or servlet, is used to move PeopleSoft reports to and from a report repository on the Web server, ISS said.,10801,79247,00.html - - - - - - - - - - Confusion over serious Notes, Domino vulns Lotus Notes and Domino are subject to an unholy trio of serious security vulnerabilities which could exploited in denial of service or privilege elevation attacks on the vulnerable system. That's the stark warning from security outfit Rapid 7 (via a posting to BugTraq), which advises that a successful denial of service attack could result in corruption of Notes databases. Also, crackers may be able to take over vulnerable servers, Rapid 7 warns. - - - - - - - - - - IBM launches video-surveillance services Looking to cash in on the nation's increased focus on physical security, IBM announced on Tuesday that the company will push into the video-surveillance systems market. The company feels its expertise in computer systems and data analysis will quickly gain it customers in the market, which continues to shift from analog to digital systems, as government agencies and companies focus on getting more security out of their surveillance systems. - - - - - - - - - - Homeland Cybersecurity Efforts Doubted As the new Department of Homeland Security swallows nearly every cybersecurity office in the U.S. government, high-profile leaders are jumping ship, and analysts worry that only meager funding and muddled goals remain. It's existed for less than two weeks, but analysts are already concerned that the newly-formed Department of Homeland Security's cybersecurity unit may not grow up to be the powerhouse of efficiency and expertise it was billed as. - - - - - - - - - - Operation Candyman gets sticky If you've been taking the government at its word, you might be surprised that two federal judges, one in New York and one in Missouri, last week threw out evidence in two child pornography cases that were part of the much- publicized Candyman operation. Few people have spoken against the government in this matter because few people want to be seen as defending child pornographers. Federal prosecutors have been given the benefit of the doubt because, you know, if their evidence is maybe a little shaky, isn't that still better than releasing child molesters back into the community? - - - - - - - - - - IP Spoofing: An Introduction Criminals have long employed the tactic of masking their true identity, from disguises to aliases to caller-id blocking. It should come as no surprise then, that criminals who conduct their nefarious activities on networks and computers should employ such techniques. IP spoofing is one of the most common forms of on-line camouflage. In IP spoofing, an attacker gains unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine by spoofing the IP address of that machine. In this article, we will examine the concepts of IP spoofing: why it is possible, how it works, what it is used for and how to defend against it. - - - - - - - - - - CIA veteran named to head terrorism info center John Brennan, the CIAs deputy executive director, will be the first director of the new Terrorist Threat Information Center, the White House said today. The Bush administration expects the center to meld the terrorism intelligence gathered by the CIA, FBI and Homeland Security Department, among other agencies, into a seamless data source. CIA director George Tenet appointed Brennan on the advice of attorney general John Ashcroft, FBI director Robert Mueller, Defense secretary Donald H. Rumsfeld and Homeland Security secretary Tom Ridge. - - - - - - - - - - Study delves into info sharing Even before Sept. 11, 2001, government agencies were moving toward integrating their information systems with an eye toward one-stop shopping or data sharing. Those efforts accelerated during the past two years, especially among law enforcement agencies. Despite the energy poured into information sharing initiatives, governments are left to wonder if they really know how to implement them successfully. - - - - - - - - - - INS inspectors lack tools, training Inspectors at air points of entry do not have adequate equipment to share passenger information and they are not properly trained on the computer systems, a Justice Department inspector general's report said. The audit evaluated the Immigration and Naturalization Service's procedures for secondary inspections of air travelers. Such follow-ups are based on inspectors' concerns about a traveler or information in a database about travelers. *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.