NewsBits for April 14, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ Virginia man sentenced to 5 months for selling mod chips A Virginia man has been sentenced to five months in prison for operating a Web site that helped video game enthusiasts bypass anti-piracy technology on popular games. David M. Rocci, 22, of Blacksburg, Va., pleaded guilty in December to conspiring to import, market and sell modification chips, which let users play pirated games on consoles such as Microsoft's Xbox and Sony's PlayStation 2. An Alexandria, Va. federal judge, in Friday's sentencing, also slapped a $28,500 fine on Rocci and five months of home detention with electronic monitoring, prosecutors said. Rocci was prosecuted under the 1998 Digital Millennium Copyright Act, which made it illegal to circumvent anti-piracy technology or assist others in doing so.,0,4979821.story - - - - - - - - - - Mail-Order Drugstores Face Threats of Criminal Charges Selma Karpen said she would start picketing if government officials follow through on threats to shut down the mail- order drugstore here. Karpen, 71, and so many other people have flocked to the Discount Drugs of Canada store since it opened last fall that owner Earle Turow has opened two dozen franchises across the country. (LA Times article, free registration required),1,4732392.story - - - - - - - - - - Voltarc, 2 workers stole trade secrets, judge rules A Superior Court judge in New Haven has ruled that a Waterbury-based lighting manufacturer and two of its employees stole trade secrets belonging to a competitor and former employer of both workers. Judge Lynda B. Munro Monday issued an injunction prohibiting Waterbury-based Voltarc Technologies Inc. from selling any products it developed with help from the stolen technology for two and a half years. - - - - - - - - - - Canadian caught in Internet sex sting gets nearly 3 years A Canadian was sentenced today to nearly three years in federal prison for traveling to San Antonio with the intent to have sex with a 12-year-old girl he met on the Internet. David Duyvestyn called his conduct deplorable and suggested that his judgment and libido had been altered by medication he was taking for Parkinsons disease at the time of his November arrest. The 12-year-old girl was actually an undercover San Antonio police officer using the online alias of Monica. - - - - - - - - - - Cafe owner sentenced in child-porn case A federal judge sentenced former West Ashley cafe owner David Goldberg to 2-1/2 years in prison Friday for using his business computer to collect images of child pornography from the Internet. A remorseful Goldberg told U.S. District Judge David Norton that his curiosity about child pornography and his stupidity has broken his business and family. - - - - - - - - - - CHILD PORN MAN SENT TO PRISON A 'lonely' man who downloaded pornographic images of children on his parents computer has been jailed for three months. Robert Jones, aged 43, of Prince Maurice Road, Lipson, admitted having indecent photographs of children and appeared at Plymouth crown court for sentence yesterday. Police executed a warrant at his parents' home after a pornographic image was spotted on the computer by the man's nephew, who then told his father, the court heard. Officers searched Jones' bedroom where they found a padlocked cupboard. Inside they discovered a carrier bag with numerous computer printed pictures along with items 'for sexual use'. - - - - - - - - - - Suspected Internet Predator Jailed A Metro Atlanta man is behind bars Friday night charged with using the Internet to entice a minor for sexual purposes. Authorities said Vance Lee Frier, 55, of DeKalb COunty was arrested Wednesday in the parking lot of a restaurant on Clairmont Road. Authorities said he came to the restaurant with the intention of meeting a 24-year-old woman and her two-year-old child for sex. The Federal Bureau of Investigation said it is seeking information on any additional Internet solicitation possibly made by Frier. He reportedly used the screen name Wants mom with girls and the alias first name Derik. - - - - - - - - - - Former LA assistant principal charged in child porn case A former assistant principal charged with distributing child pornography through the Internet posted $35,000 bond Friday and was released In approving the bond, U.S. Magistrate Judge Ralph Zarefsky ordered that Albert Pinedo's 12-year-old nephew be removed from the former assistant principal's Alhambra home and sent to live with Pinedo's adult daughter. He also ordered Pinedo not to associate with anyone under 17 without a parent or legal guardian present or loiter within 100 feet of a school. - - - - - - - - - - Child pornography case may involve homicide A Fulton man is arrested on child pornography charges for a second time and this time it's led to a homicide investigation. 58-year-old Jack Rogers was arrested by Federal and State agencies for possessing child pornography Thursday. In 1992 he served time for child pornography and now the Highway Patrol is looking into his possible involvement in the disappearance of a Skidmore, Missouri man. Federal Court documents also indicate that Rogers boasted on the internet about raping and kililng a Skidmore man. - - - - - - - - - - Man netted in child-sex sting A Casa Grande man was arrested at a North Side park by Tucson police yesterday on suspicion of sexual exploitation of a minor during an Internet child-sex sting. Mark Stephen Brashier, 38, of the 16000 block of West Hopi Drive was accused of 15 counts of sexual exploitation of a minor and one count of luring a minor for sexual exploitation after he arrived at Jacobs Park, 3300 N. Fairview Ave., to meet who he believed was a 14-year-old boy but was actually a Tucson detective, said Sgt. Marco Borboa, a Tucson police spokesman. - - - - - - - - - - Youth coach faces porn counts Pearl parents are expressing outrage following the arrest of a longtime youth baseball and soccer coach on charges of possessing child pornography. James Ralph "Sonny" Smith, 49, of Pearl, remains in the Rankin County jail in lieu of $200,000 bond on 10 counts of possession of child pornography, said Pearl Police Chief Bill Slade. Police, acting on a tip before Smith's arrest, obtained a warrant to search his home. That search resulted in the recovery of several CD-ROM disks reportedly containing hundreds of pornographic photographs of children and like movies he allegedly downloaded from the Internet, said Rankin County Assistant District Attorney Michael Guest. In addition to the CDs, police also took Smith's computer. - - - - - - - - - - Man held for child porn possession A city man is being held on a $100,000 bond following his arrest Thursday night for possessing child pornography allegedly downloaded from a recently seized Texas Web site. Alexander M. Koziara, 39, of 16 Mitchell St., was charged with nine counts of possession of child pornography and one-count of impairing the morals of a child following an investigation by city police that began Nov. 6. Koziaras arrest came after city police were contacted by the Connecticut State Police Computer Crimes and Electronic Evidence Unit (CCEEU) and the Internet Crimes Against Children (ICAC) Task regarding an investigation of one or more city residents. - - - - - - - - - - Child pornography charge dismissed Federal prosecutors dismissed a child pornography charge Friday against Walterboro real estate broker Calvert Huffines, who had been scheduled to go on trial Monday. Dismissing the charge against Huffines, however, does not end a challenge to a government subpoena for information about Huffines' online purchases from, said Assistant U.S. Attorney Rhett DeHart. Although the government has dismissed the criminal indictment charging Huffines with receipt of child pornography, the investigation will continue, said Assistant U.S. Attorney Mary Gordon Baker. The charge was dismissed because there was not enough time to comply with a judge's order Thursday to recreate the Web pages that prosecutors say contained images of child pornography that Huffines saw in May 2001, Baker said. - - - - - - - - - - Lawsuits by AOL Escalate Fight Against Junk E-Mail America Online Inc. has launched an intensified legal assault on junk e-mail by filing five lawsuits against more than a dozen individuals and companies accused of being major purveyors of "spam." AOL, the nation's largest Internet service provider, with 27 million subscribers, said the targets of its suits were responsible for sending its members an estimated 1 billion pieces of spam that resulted in more than 8 million complaints. The unsolicited messages contained such things as pornographic images, body- enhancement officers, and diet and financial schemes. - - - - - - - - - - Idaho man takes junk e-mail senders to court Kevin Wilson is on a mission to rid his e-mail of unwanted electronic advertisements. The technical writer and adviser at Boise State University has gone to small claims court against two companies that have spammed his e-mail accounts. He is part of a national network of anti-spam advocates engaged in what many fear is a fruitless battle. "Many people don't even remember a time when they didn't get daily porno e-mail or Nigerian scam letters," Wilson said. "But my issue has nothing to do with content. It's that it's unwanted." He has taken advantage of an Idaho law that lets people sue e-mailers for $100 if they continue to send material after they have been asked to stop. - - - - - - - - - - Armed with her laptop, agent looks for predators Every week a 14-year-old girl with a troubled home life appears on an Internet chat site, looking for felonious love. ``Hi, anyone here from California?'' A private greeting pops up, sometimes followed a little later by a photograph: a skinny blue-eyed girl with short blond hair, wearing a bathing suit. The photograph is of Stacey Mitry, the person typing the messages on a laptop in San Jose. But Mitry isn't a ninth-grade gymnast in Sacramento anymore. She's 31, a trained SWAT sniper who is working undercover as the sole South Bay member of the FBI's Crimes against Children unit. Next month, Mitry will receive an award from the National Center for Missing and Exploited Children for helping to find Sara Brin, a French girl who was kidnapped by her father. - - - - - - - - - - NET Guard Dying Quietly On Capitol Hill, most bills die young, smothered in their cribs by partisanship, philosophical differences or simple lack of money. But even with the president's blessing, there's no guarantee a law will achieve its authors' high-minded aims. Some languish in the statute books, unworkable and unused. That could be the fate awaiting the Science and Technology Emergency Mobilization Act -- at least a key part of it. - - - - - - - - - - Encryption proposal makes activists uneasy Cheating on income taxes or neglecting to pay sales taxes on online purchases could get you five extra years in prison if the government succeeds in restricting data-scrambling technology, encryption-rights advocates fear. Draft legislation circulating in the Justice Department would extend prison sentences for scrambling data in the commission of a crime, something encryption advocates fear would achieve little in catching terrorists -- and only hurt legitimate uses of cryptography.,0,2185818.story - - - - - - - - - - 'Super-DMCA' fears suppress security research A University of Michigan graduate student noted for his research into steganography and honeypots -- techniques for concealing messages and detecting hackers, respectively -- says he's been forced to move his research papers and software offshore and prohibit U.S. residents from accessing it, in response to a controversial new state law that makes it a felony to possess software capable of concealing the existence or source of any electronic communication. - - - - - - - - - - builds huge child porn database A huge database system designed to find sexually abused children is under development in the US. But legal restrictions mean that the project is unlikely to be replicated in the UK. The US Justice's Department Child Victim Identification Program will include a catalogue of thousands of illicit pictures seized from suspects and collected from the Web. This could make the Justice Department the "owner of the world's largest collection of child pornography, AP reports. This database represents an attempt to link images of abuse with the names of victims and the date of abuse. - - - - - - - - - - Cyberattacks With Offline Damage WHAT'S virtual is virtual, and what's real is real. Right? Maybe not. Most experts think of cyberattack as something that will happen in the virtual world, with effects on, say, computer networks or access to bank accounts. Cyberattacks involving the use of online tools against the offline world would be much harder. But a recent paper by a computer security researcher at Johns Hopkins University suggests that there are plenty of gateways that connect the cyberworld with the more familiar terrain that some call "meatspace." And, since he is a security researcher, he does it by showing the potential for a cunning attack that crosses that gateway. (NY Times article, free registration required) - - - - - - - - - - Can Apple make pirates surrender? If Steve Jobs wants to save the music industry, he'll have to convince millions of kids to give up free file-swapping networks and buy their MP3s instead. The Apple Computer co-founder and CEO has been exploring an acquisition of Vivendi Universal's music division, according to a source familiar with the situation--surprise talks that underscore the deep problems facing the music industry. Apple's entry into the recording business would no doubt carry huge risks for the computer maker. But it could also help create a catalyst for an industry desperate to innovate its way out of the technology trap set when MP3s met Napster and the high-speed Net some four years ago. - - - - - - - - - - DNS inventor calls for security overhaul Web site impersonation could become as great a risk as ID theft, Paul Mockapetris, the co-inventor of DNS warns. Waiting in the wings is a better security standard for the Internet's Domain Name System. It's called DNSSec, and it uses digital signatures to guard against impersonation. But political wrangles are holding up adoption, Mockapetris claims. - - - - - - - - - - Radical security development rethink urged Traditional methods for security projects are inadequate, warns expert. Traditional technology management methods are not capable of dealing with development of mission- critical security projects effectively, an industry firm claimed today. Benjamin Jun, vice president of Cryptography Research, warned that fundamentally different engineering processes are needed because traditional methods have meant managers can create systems that are impossible to check and difficult to repair. - - - - - - - - - - Poll finds privacy concerns among e-government users Citizens enjoy the services offered by government Web sites, but remain wary of divulging personal information over the Internet, according to a poll released Monday by a nonpartisan government advocacy group. About 45 percent of more than 1,000 who responded to the February poll on electronic government said they would not mind submitting personal information online to obtain certain government services. But the same number said they were concerned about privacy on government Web sites. - - - - - - - - - - Spam takes ideological turn Almost as soon as the first bombs dropped on Iraq, spammers started launching their own attacks across the Internet. And in a new twist, people aren't just using junk e-mail to sell you war-related T-shirts, coins and so-called cures for biological attacks. They're using mass e-mail marketing software to spread their ideas about the war across the Net. - - - - - - - - - - Check Your Viral Load for Bugs Is your computer stuck in first gear? Does it cough and sputter and crash more often than usual? And, by chance, are you seeing an unusually high number of pop-up ads? If so, it's possible your machine harbors one or more programs known collectively as spyware, nasty little intruders that combine the worst features of e-mail viruses and spam into one package.,1282,58423,00.html - - - - - - - - - - Application Vulnerability Description Language coined Security vendors joined together today to back a standard for describing application security vulnerabilities. The new Application Vulnerability Description Language (AVDL), to be managed through the OASIS consortium, provides a "XML standard to define, categorize and classify application vulnerabilities in a standardized fashion". The language provides a way for vulnerability scanners, for example, to exchange data with application security software. OASIS has established a Technical Committee to develop the standard. - - - - - - - - - - Net security conference opening today in S.F. The leading Internet security conference starts today in San Francisco, and the timing probably couldn't be better. The combination of war in Iraq, terrorism threats and recent hacker attacks on the Internet have heightened concerns over cybersecurity. And with the tech economy in the doldrums, some industry leaders are looking at the market for electronic security products and services as a potential area of growth. RSA Conference: Closing the security gap Security a bright spot for IT spending New tools aim to secure corporate IT - - - - - - - - - - Windows gets tough on spam, viruses Microsoft on Monday will detail a future version of Windows that will make it easier to detect and isolate viruses. The Redmond, Wash.-based software giant will also show off new features in Microsoft Word 2003 and Exchange 2003 for fingering viruses and spam during this week's RSA Conference 2003 in San Francisco. The Windows Filter Manager Architecture is a set of application protocol interfaces (APIs) and code that will be added to Windows to handle some of the basic operational tasks of antivirus applications, such as how the application sets up an ordinary hard drive scan, according to Jonathan Perera, senior director of Microsoft's security business unit. - - - - - - - - - - RSA Looks to Lock Down Personal Data New technology from RSA Security Inc. could hobble hackers' ability to make off with user information from Social Security numbers to simple passwords through the compromise of a single machine. The Nightingale system, being revealed this week at the company's RSA Conference in San Francisco, is based on a venerable cryptographic concept known as secret sharing and first advanced by RSA co-founder Adi Shamir in the 1970s.,3959,1022166,00.asp - - - - - - - - - - McAfee spreads spam tools for small biz McAfee Security on Monday unveiled new spam-fighting software aimed at small and midsize businesses, the first product resulting from its acquisition of DeerSoft in January. The new McAfee SpamKiller for Microsoft Exchange Small Business is designed to ward off annoying spam through a combination of white lists, blacklists, content filtering and heuristics, which calculates the probability that a particular e-mail is spam by examining a pattern of characteristics in the message. - - - - - - - - - - Sun, Symantec team on IDS appliance Sun Microsystems Inc. and antivirus company Symantec Corp. are releasing a "no hassles" intrusion-detection system (IDS) appliance targeted at the enterprise and service provider markets, the two companies announced at the RSA Conference in San Francisco. The iForce IDS Appliance is a 1U (1.75-in.-high) rack-mounted device based on Sun's LX50 server platform. The hardware runs Sun's enterprise-class Solaris OS x86 operating system and will come outfitted with Cupertino, Calif.-based Symantec's ManHunt IDS software. The appliance is capable of performing intrusion-detection analysis at speeds up to 2Gbit/sec., according to Sanjay Sharma, security segment manager at Sun.,10801,80304,00.html - - - - - - - - - - Tools Aid Security Policy Compliance Users looking for help locking down their servers and ensuring compliance with security policies are getting some new options this week. Pedestal Software Inc. in Newton, Mass., is announcing a new version of its SecurityExpressions software that's designed to let companies deploy, enforce and audit security policies across server and client systems.,10801,80275,00.html - - - - - - - - - - Security league opens for shared work Computer Associates has partnered with several physical security companies to create an industry group devoted to developing best practices and promoting integrated security products and services. Dubbed the Open Security Exchange, the organization lists as initial members identity card maker HID, smart card maker Gemplus, security firm Pinkerton Consulting and Investigations and security software company Software House, a subsidiary of Tyco Fire & Security. The companies and partner CA announced the group's launch at the RSA Data Security conference in San Francisco on Monday. - - - - - - - - - - Gateway opens another door for cross-agency authentication The Federal e-Authentication Gateway has been cleared for government operation. "I have authorization to operate in a live environment," Stephen Timchak, e-Authentication project manager for the General Services Administration, announced at the RSA 2003 Conference. The gateway is a tool that will provide a common way to authenticate users of e-government applications. It is being created to support the 24 other e-government initiatives identified under the President's Management Agenda, so that each agency does not have to develop its own authentication application. - - - - - - - - - - Defence checks out smart cards THE Australian Defence Force will roll out smart card- style access passes for all Canberra-based personnel as a forerunner to a possible defence-wide deployment. The smart-card pilot is a first within the ADF. It is phase one of the e-Defence project. It will be rolled out later this year for about 5000 personnel, a spokesman for the Defence Materiel Organisation communications systems branch said. The DMO oversees buying capital equipment for the ADF. The cards may be a precursor to a biometric pass system throughout Defence.,7204,6284478%5E15321%5E%5Enbv%5E15306,00.html - - - - - - - - - - How to automate a DoS attack using the Post Office Fancy taking revenge on someone you don't like by deluging someone with junk mail? A little bit of knowledge can go a long way. Thanks to the increased readiness of companies to send out brochures and magazines to anyone who bothers to register online, the US Postal Service can become the agent of denial of service attacks. This much is well known, but a recent paper by security researchers Simon Byers, Aviel Rubin and Dave Kormann demonstrates how to automate this attack. - - - - - - - - - - Cryptographic File Systems, Part Two: Implementation This is the second article in a two-part series looking at cryptographic filesystems. The first article in this series covered the background on cryptographic filesystems from the underlying concepts to some of the mechanics of those systems. This article will cover implementation. The focus will be on implementing the Microsoft's EFS under Windows 2000 and the Linux CryptoAPI. Cryptographic Filesystems, Part One: Design - - - - - - - - - - Pocket tracker monitors children Worried parents will soon be able to keep an eye on their children at all times via a wearable tracking device and a website that maps where they go. The wearable device will have a panic button that, when pressed, instantly alerts parents via phone that something is wrong. Through the website parents will be able to pinpoint the location of their children in real time as well as replay where they have been over the last few hours. - - - - - - - - - - 'Wireless policing' puts city on cutting edge The first call regarding a motorcycle chase in St. Paul last week got Sgt. Tom Bergren's attention because speeds approached 100 miles per hour before officers broke off for safety reasons. Within minutes and blocks of the first incident, reports of a second high-speed chase involving a motorcycle came over his police radio, and Bergren wondered if the two incidents were related. Normally, Bergren would have waited hours or even days until the incident reports were filed and distributed to see if his hunch was correct. But thanks to a new wireless records management system, Bergren read the reports electronically within minutes of the chases and while officers were still in the field. The key features of the St. Paul system are the 160 laptops placed in squad cars, and the software that allows records to be searched electronically for such things as names, addresses, stolen or recovered items, types of crimes and locations of incidents. *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.