NewsBits for March 26, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ 'Hacktivists' protest war by attacking Web sites The disturbing image of a dead child appeared Tuesday on dozens of Web sites of U.S. and British companies, becoming the latest example of an escalating barrage of anti-war Internet "hacktivism." Since the war's start, several thousand Web sites have been defaced with anti-war images and slogans, Internet security experts say. Most often, the sites are owned by small businesses and non-profits, whose sites haven't been tweaked to deflect hackers. State Dept: Beware anti-war cyber attacks Bolster defences, computer users urged - - - - - - - - - - Bush order covers Internet secrets President George W. Bush has signed an executive order that explicitly gives the government the power to classify information about critical infrastructures such as the Internet. Bush late Tuesday changed the definition of what the government may classify as confidential, secret and top-secret to include details about "infrastructures" and weapons of mass destruction. The new executive order also makes clear that information related to "defense against transnational terrorism" is classifiable. - - - - - - - - - - H&R Block accused of misusing consumers' e-filing info Several consumer groups filed a complaint Tuesday with the Treasury Department, charging H&R Block with improperly marketing mortgages and other financial services to taxpayers who use an Internal Revenue Service Web site to access the company's free tax preparation service. - - - - - - - - - - Film producer acquitted of child porn charges Cape Town film producer Derek Serra, who was arrested during a Child Protection Unit raid on his Dorp Street studio, has been acquitted of child pornography charges in the Cape Town Magistrate's Court. Serra, 39, was arrested last March and charged with the possession of pornographic material depicting children. Police were investigating allegations that Serra had downloaded child porn from the Internet. But the State could not prove that Serra was responsible for the images found in his computer and he was acquitted. - - - - - - - - - - Domain name tricksters may land in jail The U.S. House of Representatives is scheduled to vote Thursday on a proposal that would criminalize using misleading domain names to lure unsuspecting people to sex sites. Under the proposal, a last- minute amendment to an unrelated child abduction bill, people who knowingly use an innocent-sounding domain name to drive traffic to a sexually explicit Web site could be fined and imprisoned for two to four years. An example of an innocuous-sounding domain name with pornographic content is, which is not sponsored by the Bush administration. - - - - - - - - - - Librarians sue over being subjected to Internet porn A barrage of Internet pornography has turned the downtown library into a hostile work environment for a dozen librarians, according to claims in a new federal lawsuit. The 12 sued the city library system Monday in U.S. District Court in Minneapolis, alleging they endured an intimidating, hostile and offensive workplace that violated state and federal law. The lawsuit seeks damages of at least $400,000 each, plus workplace changes. - - - - - - - - - - House committee passes child pornography measure Computer technicians would be required to report child pornography they find on computers they repair under legislation passed Tuesday by a state House committee. The child pornography bill is similar to legislation approved last year in South Carolina. It would require computer repair workers and installers who find images or computer files depicting sex acts involving a child under 18 to report it to police. - - - - - - - - - - Data mining sparks debate among lawmakers, administration Lawmakers and administrators sparred over the use and treatment of government data mining at a hearing held by a House Government Reform subcommittee. Government Reform Committee Chairman Tom Davis, R-Va., defended the use of data mining at a Tuesday hearing even as the White House Office of Management and Budget's top information official rebuked a controversial project to screen airline passengers. - - - - - - - - - - Energy security policy drafted The Energy Department has finished drafting its comprehensive cybersecurity policy, a top official said. The policy, signed by Energy Secretary Spencer Abraham, is in line with the Federal Information Security Management Act (FISMA) of 2002, said department chief information officer Karen Evans, speaking today at an executive breakfast hosted by Federal Sources Inc. and the Information Technology Association of America. - - - - - - - - - - War sparks Web censorship debate A Florida-based Web-hosting company knocked a small news site offline after it posted controversial photos of captured American soldiers, stoking accusations that private firms are censoring free speech. For several hours on Tuesday, YellowTimes was dark, carrying the message "Account for domain has been suspended." Later in the day there was sporadic access. - - - - - - - - - - Senator calls for copy-protection tags Software, music and movies that employ copy- protection schemes must be prominently labeled with consumer warnings, according to a bill introduced in Congress this week. The measure, sponsored by Sen. Ron Wyden, D-Ore., would grant the Federal Trade Commission the power to establish labeling methods for technology that limits the ability of consumers to freely copy, distribute or back up digital content. - - - - - - - - - - Cops handcuffed by cash crunch Child porn suspects and parole violators are slipping the long arm of the law because Canada's cash-strapped police forces don't have enough manpower to hunt them down, according to the head of the Canadian Police Association. CPA president Grant Orbst said local departments are running on "shoestring" budgets that have become a source of frustration for front-line officers and police brass. Orbst urged Ottawa to free up more dollars for programs that fight Internet child pornography, drug probes and parole violators. Top cops lobby for child porn crackdown - - - - - - - - - - Study: E-government projects must advance cautiously Because the federal government provides online services and issues identity documents, it must proceed with caution in providing e-government services that respect citizens' privacy, said a report issued Tuesday afternoon by the National Academies of Science. Because federal agencies like the General Services Administration issue digital certificates as well as engage in online transactions, "the government has at least these dual roles and must pay attention to its decisions" and their impact on privacy, said Stephen Kent, BBN Technologies chief scientist and chairman of the NAS committee that produced the report. - - - - - - - - - - Spam law a matter of fax? Like a growing number of people fed up with annoying online marketing pitches, Mark Reinertson decided to take his grievances to court. And like many other antispam activists, he brought his case before a small-claims judge and eventually won a ruling against the defendant, in this case Sears Roebuck, which was ordered to pay $539 in damages last month. - - - - - - - - - - Fighting spam for a good cause Two IBM researchers are proposing a new method of fighting spam that would force unfamiliar senders to donate to charity if they want to reach you. Under the proposal, concocted by IBM researchers Scott Fahlman and Mark Wegman, e-mail senders who haven't been cleared by a recipient would receive a message that their mail did not go through. They would then be instructed that they could reach the intended recipient if they were to pay a third-party site a few cents for a "charity stamp." The money paid to the third-party site, which could range from a penny to a quarter, would be donated to a charity of the sender's choice. - - - - - - - - - - Schools to offer free program on protecting U.S. secrets You can get a master's degree at UNC Charlotte or N.C. A&T State University in one of the hottest fields around for free _ free books, free tuition, free room and board. There's a stipend too: $1,000 a month. That's on top of a summer internship with benefits and pay. And when you're finished, you're practically guaranteed a job. This is the Cyber Corps, a federal program that's teaching U.S. citizens computer techniques to protect America's secrets. - - - - - - - - - - Fear and laziness stunt Wi-Fi growth Security fears and general laziness are the main obstacles blocking the widespread adoption of wireless networks, according to analysts. The need for end-to-end security and users' laziness are the key obstacles blocking widespread adoption of Wi-Fi wireless LAN -- but they are being overcome.,,t269-s2132530,00.html Wireless infrastructure goes unguarded Time To Get a Grip on Mobile Identity - - - - - - - - - - Too Cool For Secure Code Until Unix and Linux programmers get over their macho love for low-level programming languages, the security holes will continue to flow freely. The last several weeks, as always, have brought a constant flow of security advisories. Perhaps not a torrent, but certainly more than a mere trickle. Most notable among these is the Linux kernel ptrace vulnerability, which allows local users to acquire root privileges. Next, there is a clever timing attack against OpenSSL that can reveal a site's private key and thus compromise all of its traffic. - - - - - - - - - - Conspiracy theories abound in security mailing list launch Danish security service outfit Secunia this week launched an independent mailing list for security vulnerabilities. Secunia makes no bones in saying that its Security Advisories mailing list initiative is a direct attack against competitor SecurityFocus. The Danes are highly critical of SecurityFocus and security clearing house CERT. And they hope that their Secunia mailing list will replace at the "one source of information regarding the latest vulnerabilities and the security patches released by vendors". - - - - - - - - - - Airwave Transfer Debate Renewed With the U.S. waging a war in Iraq that relies heavily on wireless communications, a controversial Bush administration plan to transfer valuable airwaves from the military to the mobile phone industry is coming under new scrutiny. (LA Times article, free registration required),1,7800068.story - - - - - - - - - - Dirty bomb? Grab your PDA! Devotees of personal digital assistants (PDA) can put "survival" alongside "calendar" and "address book" in the list of useful applications, now that two companies have announced release of Terrorism Survival Plan software for PDAs. The new database application is a joint effort by Stephenson Strategies Inc. in Medfield, Mass., and Town Compass LLC in Seattle, according to a statement from the two companies. The software works on handhelds and other portable devices that run either the Palm OS or Microsoft Pocket PC 2002 operating systems.,10801,79695,00.html *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.