NewsBits for March 28, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ FBI to investigate Al-Jazeera Web hijack Following a week of being targeted by pro-US hackers, the FBI has decided to launch an investigation into the attacks. Visitors to both the Arabic and English versions of the Al-Jazeera Web site on Thursday were greeted with an American flag and a pro-US message, the work of an apparent online vandal.,,t269-s2132631,00.html Al-Jazeera struggles against continued attacks,,t269-s2132618,00.html War Hack Attacks Tit For Tat,2100,58275,00.html Al Jazeera Web Site Viewers Misdirected,1,3726363.story - - - - - - - - - - Islamic hackers use student Web site to promote al-Qaeda An extremist Islamic group hacked into an Internet bulletin board run by a Homer area high school student, turning it into an al-Qaeda propaganda outpost calling for attacks on the United States in response to the war on Iraq. More than 1,000 people used the portal since the information was posted over the weekend. The information had been removed by Tuesday morning, presumably to nest again in a few weeks on someone else's server. - - - - - - - - - - Cyber-war rages over Iraq As the conflict continues in Iraq, nerds are fighting their own war in cyberspace. Both pro- and anti-war hackers are causing mayhem on the Web. Pro-and-anti Iraq war protesters have been making their point by hacking into Web sites in a display of "cyber activism", rather than with the traditional can of spray paint or placard.,,t269-s2132670,00.html - - - - - - - - - - SOHAM COP SENTENCED A police officer involved in the Holly Wells and Jessica Chapman murder inquiry is due to be sentenced at a court for child pornography charges. Antony Goodridge, 34, pleaded guilty at a hearing in January to possessing 330 indecent photographs of children on September 12, 2002. Sentencing was adjourned for pre-sentence reports and a psychiatric report. Goodridge, who is due to appear at Ipswich Crown Court, was told by Judge John Holt that all sentencing options remained open. His conditional bail was extended until today's hearing.,,30100-12276834,00.html - - - - - - - - - - Trooper convicted of child pornography A state police trooper was convicted of downloading child pornography from the Internet onto a state police computer at the Waynesburg state police barracks. Cpl. John R. Mason, 41, of Aliquippa, Beaver County, was convicted Thursday of 20 counts of sexual abuse of children and 18 counts of criminal use of a communications facility in a non-jury trial before Greene County Judge H. Terry Grimes. - - - - - - - - - - ID theft: a $1bn a year crime Identity theft, reportedly America's fastest rising crime, cost US lenders at least $1 billion last year. That's according to an estimate by analysts TowerGroup, which published a report on the problem, titled Identify Theft: Lenders Are Victims, Too, earlier this week. Precise figures on the exact loss due to identity theft are hard to pinpoint, but there is little doubt about the seriousness of the problem. In 2002, 161,819 individuals in the US reported to the Federal Trade Commission that their identity had been stolen - bringing the number of reported US incidences of identity theft to nearly 300,000 since the launch of a database clearinghouse in 2000. - - - - - - - - - - Use a firewall, go to jail, and send Bill Gates too The (DMCA) Digital Millennium Copyright Act clearly isn't enough for some people. Massachusetts and Texas are - in curious formation - considering bills that will extend it to make firewalls (among other things) illegal. The strange synchronicity is illustrated by a quick look at the draft of the Texas bill then comparing it with the Massachusetts one, which you'll find in RTF format at Ed Felten's Freedom to Tinker, here. The strikeouts indicate that both, for whatever reason, have decided not to repress video this time around. - - - - - - - - - - Security remediation guide in works The Office of Management and Budget is working on guidelines that will help agencies track and fix information security vulnerabilities. OMB has led the charge to scrutinize agencies' information technology security strategies: It led the review of security assessments that agencies filed in compliance with the Government Information Security Reform Act (GISRA) of 2000, and it set out guidance for agencies to comply with the Federal Information Security Management Act of 2002. - - - - - - - - - - Computer scientists petition White House Computer scientists have asked the White House to reconsider antiterrorism rules that could limit academic freedom. In a letter Thursday to the White House's Office of Science and Technology Policy, the U.S. Association for Computing Machinery said "we are concerned that overly broad actions intended to ensure the safety and security of U.S. citizens may serve to limit many legitimate exchanges including the freedom to publish research and advance innovation in computer technology." - - - - - - - - - - Copyproof CDs moving to market? Copy-protection technology on music CDs may be headed for the U.S. market in bulk this year for the first time, according to one Wall Street analyst. In a research note published Friday, J.P. Morgan analyst Sterling Auty said that Arista Records, a subsidiary of BMG Music, appeared to be moving to market with CD copy-protection technology produced by SunnComm Technologies. "We expect volume shipments of protected CDs to ship commercially in the U.S. as early as the May-June time frame using the SunnComm solution," Auty wrote. "This will be the first major step in the growth of the CD audio protection market." - - - - - - - - - - Throwing green eggs at spam The spam epidemic is getting worse, clogging e-mail boxes and causing untold numbers of critical messages to get lost in the deluge. But ISPs, lawmakers or developers are coming to the rescue. It'll definitely take a combined effort. DTI promises to get tough on spam - - - - - - - - - - Gnome flaw threatens Linux users A vulnerability in the default image viewer for one of the two major Linux desktop systems could allow an attacker to execute code on a computer running the Gnome software, security group Core Security Technologies said in an advisory on Friday. The primary danger appears to be that some mail readers use the software, called Eye of Gnome, to display images within e-mails, opening the possibility that a virus could be spread using the flaw. - - - - - - - - - - Vulnerability hits NT 4, Windows 2000 and XP 'Important' RPC flaw cannot be patched on NT 4, warns Microsoft. Microsoft has warned of a vulnerability affecting Windows 2000 and XP systems and that is especially bad news for NT 4. - - - - - - - - - - Microsoft patches CRM flaw Microsoft released a patch this week for a flaw in its new set of customer relationship management applications, said a Microsoft representative. The patch allows companies using the CRM software to hide from view a string of letters and numbers that the system inserts in the subject line of e-mails it sends. Some customers had complained that the string of characters, which Microsoft calls a generated unique identifier, or GUID, could confuse e-mail recipients and cause e-mail to be blocked by spam filters. - - - - - - - - - - Glitch in Windows XP SP1 could slow systems Microsoft Corp. has acknowledged and patched a glitch with its Windows XP Service Pack 1 (SP1) update that can cause system slowdowns, but it has yet to make widely available its still-developing fix.,10801,79841,00.html - - - - - - - - - - TSA ramping up smart card tech Entering a four-month technical evaluation phase in its smart card program, the Transportation Security Administration soon will launch two regional pilot projects and has released a request for proposals (RFP). TSA's Transportation Worker Identification Credential (TWIC) System will provide employees at airports, ports, railways and other locations with secure access to buildings and systems. - - - - - - - - - - Week in review: Tech wars As the battle for Baghdad heats up, the Web and the wireless industry find themselves in the combat zone. An online vandal apparently hijacked the Arabic and English domains of the controversial Al-Jazeera Web site, replacing the home page with an American flag and a pro-U.S. message. The actual defacement appeared on a free Web site service provided by NetWorld Connections. Technically known as a "redirect," the hack redirected Web browsers that attempted to go to the sites to the content hosted on NetWorld's servers. - - - - - - - - - - FBI director details improvements The FBI has made significant progress modernizing its information technology infrastructure, FBI Director Robert Mueller told lawmakers March 27. The bureau's wide-area network, part of the Trilogy modernization project, is expected to come online by the end of the month, linking 21,025 computers in 622 FBI locations, Mueller told the House Appropriations Committee's Commerce, Justice, State and the Judiciary Subcommittee. Ninety-two percent of the FBI's U.S. employees are on the Trilogy system, he said, and the enterprise operations center, which manages the data network, hardware and software applications and security access, will become operational this spring. - - - - - - - - - - 911 Calls by Cellphone Swamp California Patrol It happens when there is an accident on the freeway, when a home is burglarized or a child is missing, Deanna M. Mora says: Hundreds of people dial 911 on cellphones. The result is a tidal wave of calls to operators at the California Highway Patrol. "We just answer until they stop," said Ms. Mora, a supervisor at the agency's Los Angeles County dispatch center. Nearly all cellular 911 calls are answered by the highway patrol as a result of a law passed almost two decades ago, when cellphones were primarily in cars. Now the calls are overwhelming the agency's call centers, resulting at times in long waits for callers and delays in getting calls to the appropriate agency, like local police or fire departments. (NY Times article, free registration required) *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.