NewsBits for April 3, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Computers stolen from New Mexicos Environment Department Thieves stole eight computers from New Mexicos Environment Department. Police said the theft occurred the night of March 27 or early March 28. The thieves stole only PCs and left behind monitors and keyboards. They left the server, too, said John Goldstein, communications director for the Environment Department. The computers contained information on the licensing of radioactive materials at 210 businesses, but state officials said they could not determine if the culprits were terrorists or simply burglars. http://www.gcn.com/vol1_no1/daily-updates/21601-1.html - - - - - - - - - - Hackers target Florida Congresswoman in e-mail prank A hacker broke into a congresswoman's e-mail account Wednesday and used it to send a message condemning President Bush and the war in Iraq, her office said. Rep. Ginny Brown-Waite drew attention last month when she proposed legislation to let families of Americans buried in France during the world wars bring home the remains if they are offended by France's stance against the war in Iraq. It wasn't known if the hacker's motives involved that bill. http://www.nandotimes.com/technology/story/838456p-5898200c.html http://abcnews.go.com/wire/Politics/ap20030403_185.html - - - - - - - - - - Microsoft manager facing trial for software theft dies A Microsoft manager accused of stealing $9 million worth of software to buy fancy cars, diamond rings and a yacht died from drinking antifreeze, the King County Medical Examiner's Office reported. Toxicology tests following the Feb. 7 death of Daniel Feussner, 32, showed high levels of ethylene glycol, the main ingredient in antifreeze, investigators said Monday. At the time, Feussner was free on bail after being charged in federal court with 15 counts of mail, wire and computer fraud. http://www.usatoday.com/tech/techinvestor/techcorporatenews/2003-04-02-microsoft-death_x.htm http://www.siliconvalley.com/mld/siliconvalley/news/editorial/5549081.htm http://www.nandotimes.com/technology/story/837982p-5896340c.html - - - - - - - - - - Child porn suspect pleads guilty to less severe charge David B. Huggins, 42, faced up to 15 years in prison after pleading guilty to downloading child pornography off the Internet on his home computer. Instead, because of an ex-FBI agent's misleading statements on a search warrant, Huggins was allowed to plead guilty Wednesday to the lesser charge of knowingly using a computer service to transport obscene material in interstate commerce. http://www.belleville.com/mld/newsdemocrat/5545135.htm - - - - - - - - - - TEACHER'S CHILD PORN A TEACHER has been ordered to sign the sex offenders register after he was caught with child porn. Jonathan Lister, 41, of Coniston Road, Hanging Heaton, Dewsbury, admitted 20 charges of possessing indecent photographs. Lister has been sacked as a secondary school supply teacher in Kirklees, working in different schools. Lister, who is single, had been living with his 69- year-old mother when police raided his home at 7am on February 17. The court heard he had around 300 images stored, featuring images of scantily-dressed girls aged 9-11. Prosecutor Zafar Siddique said the case came to attention of West Yorkshire Police after the National Criminal Intelligence Service received information that Lister had paid $19.95 for a gold subscription to a US based website. http://www.leedstoday.net/ViewArticle.aspx?SectionID=39&ArticleID=371554 - - - - - - - - - - Teacher facing child pornography charges A long-time Mississauga teacher who taught children as young as 12 was charged yesterday with possessing child pornography. Peel Police arrested 61-year-old Donald Curtis at his Mississauga home Monday following a search in which investigators seized a computer and found images of child pornography. Morality Bureau officers were tipped off by law enforcement authorities in the United States that a man here had ordered video tapes on the Internet depicting child porn. Most of the tapes and images seized were allegedly from the Philippines. http://www.mississauganews.com/mi/peelpolice/story/981803p-1173750c.html - - - - - - - - - - 60-Year-Old Faces Porn Charge A preliminary hearing has been continued in Lackawanna County for a man charged with downloading child pornography from a computer at the Scranton Public Library. Investigators say 60-year-old Michael Baranow downloaded the pictures from the computer on March 13th. Baranow has been arrested in the past. Authorities say he served three years in the Wayne County Prison for sexual abuse and possession of obscene material. http://abclocal.go.com/wpvi/news/04032003_nw_libraryporn.html - - - - - - - - - - County security chief under fire Peter Ekanem, Santa Clara County's top information security officer, is facing possible criminal charges for unauthorized use of his office computer and cell phone, actions that amount to security breaches. Ekanem, who is under investigation by the district attorney's office, was placed on paid administrative leave Feb. 3, leaving the county without its top expert on protecting computer systems from intruders while the nation is on heightened alert against terrorism. http://www.bayarea.com/mld/mercurynews/news/local/5547846.htm - - - - - - - - - - File-Trading Hoax Snares Victims An executive who claimed to have developed a file- trading service that intentionally flouted copyright protection laws revealed Wednesday that he made the whole thing up for a laugh -- and to sell a book. The Honest Thief was announced in February as a new service from PGR BV, a Dutch Internet services company. Pieter Plass, founder of PGR BV and president of CBB, a Dutch construction company, said he cooked up the lie as a joke and publicity stunt. "First of all, I wanted to have some fun with this," he said. "It's part of our culture to do April Fool's jokes. You can't be a prankster without pulling somebody's leg." http://www.wired.com/news/digiwood/0,1412,58319,00.html - - - - - - - - - - Intel e-mail issue divides court The California Supreme Court on Wednesday appeared deeply divided over how to balance free-speech rights in cyberspace against a company's right to control its e-mail systems, underscoring the high stakes for Internet law in a bitter feud between Intel and a disgruntled former employee. http://www.siliconvalley.com/mld/siliconvalley/5549141.htm http://www.theregister.co.uk/content/6/30084.html http://www.usatoday.com/tech/news/techpolicy/2003-04-03-spam-intel_x.htm http://www.wired.com/news/business/0,1367,58330,00.html http://news.zdnet.co.uk/story/0,,t269-s2132935,00.html http://www.latimes.com/technology/la-me-internet3apr03002425,1,7430869.story - - - - - - - - - - Pennsylvania rejects requests to identify blocked Web sites Pennsylvania's attorney general is citing laws against distributing child pornography in refusing to identify any of hundreds of Web sites his office has forced the nation's largest Internet providers to block under a unique state law. The legal stand by the attorney general, Republican Mike Fisher, stymies efforts by a prominent civil liberties group to challenge an unorthodox strategy in Pennsylvania to stem online child pornography. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/5550958.htm http://www.nandotimes.com/technology/story/839396p-5902872c.html Child Porn Law Creates Catch-22 http://www.wired.com/news/politics/0,1283,58336,00.html - - - - - - - - - - Simon waging court battle against similarly named Web firm Giant shopping mall owner Simon Property Group Inc. is pursuing its trademark infringement case against California-based Internet shopping service mySimon, despite a court setback. A judge threw out an August 2000 verdict that was in Simon's favor, citing new evidence. U.S. District Judge David Hamilton granted a new trial. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/5542485.htm - - - - - - - - - - Agencies Lag on Cybersecurity Readiness Several key federal agencies have failed to meet a four-year-old mandate to identify their most important information systems, according to a government report released today. The Commerce and Energy departments, the Environmental Protection Agency and the Department of Health and Human Services have not done enough to figure out which of their computers and networks need the most protection from electronic attack, the General Accounting Office said. http://www.washingtonpost.com/wp-dyn/articles/A13552-2003Apr2.html - - - - - - - - - - Worms boost cyberattack stats for 2003 The number of security events detected by companies in the first quarter of 2003 jumped nearly 84 percent over the preceding three months, according to a report that network-protection firm Internet Security Systems plans to release Monday. The increase in events, which can include minor probes for holes in network security as well as major attacks, stems mainly from an increase in worms and automated attack software, the company said in a summary of the report, which was seen by CNET News.com. http://news.com.com/2100-1009-995380.html - - - - - - - - - - Spam pips viruses as biggest web problem Spam is overtaking viruses as the biggest pain for businesses using the web. Monthly reports for March from antivirus companies show that, while virus activity is experiencing single digit growth, spam is growing at between 10 and 30 per cent and now accounts for one in every 2.8 emails. http://www.vnunet.com/News/1139934 - - - - - - - - - - Users pay the price for poor security Seven software security vulnerabilities were identified every day in 2002, costing users millions of pounds and damaging trust and confidence in the IT industry. Figures from security vendor Symantec show that 2,524 vulnerabilities were identified last year in more than 2,000 products. http://www.vnunet.com/News/1139932 Users: Companies need more 'holistic' view of IT security http://www.computerworld.com/securitytopics/security/story/0,10801,79983,00.html - - - - - - - - - - Do Privacy Fears Allow Terrorism? If you don't want the government to do what it must to protect you from terrorists, you should butt out, said Heather MacDonald, a lawyer at the Manhattan Institute, a conservative think tank. She made her remarks Wednesday at the 13th annual Computers, And, she urged, stop all the panic-stricken screaming, because it's endangering human lives. http://www.wired.com/news/privacy/0,1848,58332,00.html Spy plan critics called 'hysterical' http://zdnet.com.com/2100-1105-995229.html Net-privacy activists bemoan anti-terror agenda http://www.cnn.com/2003/TECH/ptech/04/03/tech.privacy.reut/index.html - - - - - - - - - - Copy-proof CDs flood Europe Companies are wary of selling copy-resistant CDs to Americans, but European consumers are seen as less likely to complain. Copy-resistant CDs may still be scarce in the United States, but signs are growing that the technology is becoming increasingly mainstream elsewhere and may finally break into the American market this year. http://news.zdnet.co.uk/story/0,,t269-s2132921,00.html - - - - - - - - - - Apache patch to thwart DoS attack The Apache Software Foundation has released a patch for its Apache 2.0 HTTP Server to thwart a "significant" denial-of-service vulnerability. Apache, which makes the popular open-source Web server application, released version 2.0.45 to fix a denial-of-service (DoS) problem. A DoS attack floods a network with data, rendering it inaccessible to legitimate queries. The vulnerability in version 2.0.44 affects all operating systems, according to the advisory. But Apache issued a specific warning for OS/2 users, noting that for them the new patch still had a DoS vulnerability. http://news.com.com/2100-1009-995309.html - - - - - - - - - - No Code Is Unbreakable - So What's Good Enough? When shopping for a new security solution, IT executives should look for a company that backs up its hype with detailed information on how its product works, what algorithms are used and how the product has been tested. Any computer security expert will confirm there is no such thing as unbreakable protection for networked systems. However, there are products and methods that are so time-consuming and computationally expensive to crack that they are "good enough" for all intents and purposes. http://www.newsfactor.com/perl/story/21174.html - - - - - - - - - - Safeguarding Your Corporate Data Vendors of storage technology have punted on security so far, ceding the field to startups. As the E-Commerce Times detailed in a recent story on data storage, the last few years have seen a significant revolution toward networked storage and away from disk drives and tape loaders attached directly to corporate servers. In fact, research firm IDC has estimated that by 2006, more than 70 percent of storage will be networked via fibre channel or Ethernet, rather than attached locally to a server via SCSI or another conventional type of disk connection. http://www.ecommercetimes.com/perl/story/21172.html - - - - - - - - - - FBI designing vast terrorism database The FBI is testing a limited version of an electronic counterterrorism system that officials hope will revolutionize the way agents collect and understand information, FBI officials said Thursday. As part of an ongoing technology upgrade, the FBI is building a massive database to store case information, leads, intelligence and even newspaper and magazine articles related to terrorism. Articles, the names of suspected terrorists on watch lists and terrorism-related message traffic from the Defense Department and the CIA have been placed into the database, which is being tested by some agents, according to Wilson Lowery, the FBI executive assistant director leading the project. Visa information from the State Department will be added to the database within 60 days, he said. http://www.govexec.com/dailyfed/0403/040303h1.htm FBI showcases Trilogy, information sharing http://www.gcn.com/vol1_no1/daily-updates/21602-1.html Report: Info sharing centers not sharing so much http://www.securityfocus.com/news/3690 *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.