NewsBits for April 29, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Student pleads guilty to stealing trade secrets from DirectTV A University of Chicago student pleaded guilty Monday to stealing trade secrets of DirecTV's most advanced anti-piracy technology, which later surfaced on a hacker Web site. Igor Serebryany, 19, could be sentenced to as much as 10 years in prison, but the plea deal recommends probation, said Nina Marino, Serebryany's attorney. Prosecutors were also seeking up to $146,000 in restitution to DirecTV Inc., Marino said. "It is in the discretion of the court, however, at this offense level, imprisonment is unlikely," Marino said. Two other counts against Serebryany - for duplicating the documents and for transmitting them - were dropped as part of the plea agreement. http://www.nandotimes.com/technology/story/871089p-6079422c.html http://www.usatoday.com/tech/news/2003-04-29-directv-hack_x.htm - - - - - - - - - - U.K. Arrests 'Fluffi Bunni' Hacker British authorities arrested a man Tuesday believed to head a group of hackers known as "Fluffi Bunni," which used a stuffed pink rabbit to mark attacks that humiliated some of the world's premier computer security organizations. Fluffi Bunni captured the attention of the FBI just days after the Sept. 11 terror attacks, when thousands of commercial Web sites were vandalized with a single break-in that included the message, "Fluffi Bunni Goes Jihad." The FBI characterized the act in a November 2001 report as an anti-American cyberprotest against the war on terrorism. http://www.siliconvalley.com/mld/siliconvalley/news/5745576.htm http://www.securityfocus.com/news/4320 - - - - - - - - - - Arab League leader child porn suspect Arab League leader Dyab Abou Jahjah is to be investigated on charges of child pornography after illicit images were allegedly found on his personal computer by Antwerp police. Police had been carrying out an investigation on the financing of the Arab League when Jahjahs personal computer was seized and the downloaded images discovered. http://www.expatica.com/belgium.asp?pad=88,89,&item_id=30856 - - - - - - - - - - Librarian On Leave Following Child Porn Charges The director of the Whitley County public library is now on administrative leave after he was arrested last week on child pornography charges. Federal investigators say Jack Wasano tried to buy child pornography over the internet using a library computer. They say they have e-mail of Wasano trying to buy video of girls between the ages of 11 and 14. The U.S. postal inspector's office had been investigating Wasano since January. http://www.wkyt.com/global/story.asp?s=1254932 - - - - - - - - - - Warrants in child porn case sealed Documents about evidence collected in a child pornography investigation that includes former Pierce County Sheriff Mark French were sealed last week after officials said they needed to protect the investigation and the victims. Several sources, who spoke on condition of anonymity, confirmed Friday for the News Tribune that French's computer was among 12 seized Thursday in an investigation into a Russia-based child pornography site. http://www.tribnet.com/news/local/story/3032630p-3056404c.html - - - - - - - - - - Police probe child-porn allegations The Louisiana State Police is investigating the possibility that child pornography was accessed on Carencro Police Department computers, according to an initial report released Monday by the state police. The police departments computers were confiscated on Feb. 19 by Louisiana State Police West District detectives. That afternoon, Carencro Police Chief Carlos Stout held a news conference to report that illegal material was found on the departments computers. http://www.theadvertiser.com/news/html/AAFED25E-6F24-48A8-9C3C-1CFA6181C8DF.shtml - - - - - - - - - - Court rejects malicious emailer's Papal bull A man accused of sending malicious emails has landed himself in a whole further heap of trouble by invoking no less than His Holiness the Pope as a character witness, the Telegraph reports. Julian Evans, 28, of Monmouth, south Wales, found himself hauled before Merthyr Tydfil magistrates on a charge of sending abusive messages to the local T-Mobile call centre after the firm refused him a job. A pretty minor offence, some T-Mobile users might claim, but Evans obviously believed the beak intended to hand down some hard time. http://www.theregister.co.uk/content/28/30449.html - - - - - - - - - - Teacher sues over Pa. student's online threat A teacher has sued the Abington Heights School District over a "secret assassination plan" that was allegedly posted by a student on the Internet because he was upset over a teachers' strike. Teacher Willard Smith said in the suit, filed Monday in the Common Pleas Court of Lackawanna County, that the unnamed student should be further disciplined by the school for threatening him on his personal Web site. http://www.usatoday.com/tech/news/2003-04-29-web-threat_x.htm - - - - - - - - - - RIAA to file swappers: Let's chat Update: The recording industry is turning file-swappers' own tools against them with a new campaign that will send warnings to people who are offering copyrighted materials online. Tapping into the chat functions built into software programs such as Kazaa and Grokster, the Recording Industry Association of America (RIAA) on Tuesday started sending automatic messages to people who are providing copyrighted songs online, warning them that they're breaking the law. http://news.com.com/2100-1025-998825.html http://www.wired.com/news/digiwood/0,1412,58670,00.html http://www.washingtonpost.com/wp-dyn/articles/A55054-2003Apr29.html RIAA's Rosen 'writing Iraq copyright laws' http://www.theregister.co.uk/content/6/30441.html - - - - - - - - - - This just in: Spammers fib A new Federal Trade Commission study on spam reaches a conclusion that shouldn't surprise anyone with an in-box: Most spammers lie. Whether disguising who they are, providing misleading subject lines, or offering false deals that are too good to be true, spammers are more likely to mislead recipients than to tell the truth about their offers, the study found. http://news.com.com/2100-1029-998750.html http://www.nandotimes.com/technology/story/871714p-6083873c.html http://www.usatoday.com/tech/news/techpolicy/2003-04-29-spam-stats_x.htm http://www.wired.com/news/business/0,1367,58664,00.html http://www.msnbc.com/news/906746.asp http://www.computerworld.com/softwaretopics/software/groupware/story/0,10801,80796,00.html - - - - - - - - - - Web Sites Shut Down in Spam Fight Scores of Web sites were taken off the Internet over the weekend because of new pressures on a commercial Internet service provider to stop unwanted marketing e-mail, or spam, and the companies that use it. Most of the Web sites that were shut down had no relation to the company accused of sending spam other than having the same Internet service provider for their Web site. But in the escalating spam battles, some anti-spam groups seem to care little about collateral damage. (NY Times article, free registration required) http://www.nytimes.com/2003/04/29/technology/29SPAM.html?th New Virginia law would seize junk e-mailers' assets http://www.nandotimes.com/technology/story/872183p-6086404c.html http://www.washingtonpost.com/wp-dyn/articles/A55100-2003Apr29.html Do-Not-Spam Plan Draws Critics http://www.wired.com/news/business/0,1367,58655,00.html - - - - - - - - - - Smarter public burying worm threat Antivirus companies have played down the threat from the Nolor (aka Cailont) mass-mailing email worm a "garden variety" virus that spreads by sending itself to Windows address book entries through an executable attachment. The worm had received the highest distribution rating from Symantec, despite low levels of infections. The high rating was given to the virus because it has the capacity to spread rapidly, John Donovan, managing director of Symantec in Australia and New Zealand, told ZDNet Australia. http://zdnet.com.com/2100-1105-998723.html http://news.zdnet.co.uk/story/0,,t269-s2134019,00.html - - - - - - - - - - Wiretap applications dropped in 2002, report finds Law enforcement officials sought fewer court orders last year for eavesdropping on private conversations, a report says, but that doesn't include hundreds of wiretaps approved by a special court to track down suspected terrorists and spies. Federal and state judges authorized all but one of the 1,359 wiretap applications submitted in 2002. The requests represented a 9 percent decrease from the 1,491 applications logged the previous year, according to the annual report by the Administrative Office of the U.S. Courts. Federal wiretaps rose by 2 percent, to 497, while the number of applications filed by state officials dropped 14 percent to 861. http://www.securityfocus.com/news/4314 - - - - - - - - - - Too many UK businesses exposed to hackers A third of UK businesses are leaving themselves exposed to hackers by failing to crack down on medium and low-level security flaws, according to the results of a network monitoring survey. The fifth annual Security Audit survey by consultant NTA Monitor found that, despite tackling major security vulnerabilities, UK companies are failing to address smaller flaws. http://www.vnunet.com/News/1140544 - - - - - - - - - - Licensed to War Drive in N.H. A land where white pines easily outnumber wireless computer users, New Hampshire may seem an unlikely haven for the free networking movement. But the state, known for its Live Free or Die motto, could become the first in the United States to provide legal protection for people who tap into insecure wireless networks. A bill that's breezing through New Hampshire's legislature says operators of wireless networks must secure them -- or lose some of their ability to prosecute anyone who gains access to the networks. http://www.wired.com/news/wireless/0,1382,58651,00.html - - - - - - - - - - Wi-Fi security gets a boost The Wi-Fi Alliance has announced the certification of products using the latest security specification, as it works to allay concerns about wirelessly transmitting data over networks. One of the chief concerns for businesses about the Wi-Fi wireless networking technology has been the lack of a security standard. An industry group called the Institute of Electrical and Electronics Engineers has been working to develop and approve 802.11i, a security standard that won't be finished for at least another year. The latest security specification, Wi-Fi Protected Access (WPA), is a subset of what will become the 802.11i standard. WPA replaces the existing security protocol, called Wired Equivalent Privacy. http://news.com.com/2100-1039-998779.html - - - - - - - - - - Microsoft publishes security guides for admins Microsoft Corp. released a guide on April 25 to help systems administrators run Windows Server 2003 securely and reannounced a similar guide for Windows 2000 yesterday. The Windows Server 2003 Security Guide and the Windows 2000 Security Hardening Guide for Windows 2000 Professional and Server editions give instructions on how to set up the software and how to mitigate various attack types, as well as other tips, said Michael Stephenson, lead product manager for Windows Server at Microsoft. http://www.computerworld.com/securitytopics/security/story/0,10801,80786,00.html Many NT apps won't run on Server 2003 http://zdnet.com.com/2100-1104-998826.html - - - - - - - - - - Microsoft plugs biometrics for Windows AuthenTec, a maker of fingerprint-recognition sensors, announced on Monday that it had signed a deal with Microsoft to integrate software support for biometrics into the Windows operating system. AuthenTec will create a reference driver that will be the example for other biometric hardware makers to follow in designing their own driver software. In addition, a new application programming interface (API) will allow software to access new hardware features made available through the drivers, said Michael Stephenson, lead product manager for Microsoft's Windows server group. http://zdnet.com.com/2100-1105-998666.html http://news.zdnet.co.uk/story/0,,t269-s2134035,00.html - - - - - - - - - - PGP creator: Moore's Law is a threat Moore's law is the biggest threat to privacy today, asserts Phil Zimmermann, who in the early 1990s developed Pretty Good Privacy to bring encryption to the masses. Zimmermann, who was here for the Infosecurity conference, told ZDNet UK that Moore's law represents a "blind force" that is fueling an undirected technology escalation. Moore's law, developed by Intel co-founder Gordon Moore, states that the number of transistors on a chip will double about every 18 months. http://zdnet.com.com/2100-1105-998728.html http://news.zdnet.co.uk/story/0,,t269-s2134034,00.html - - - - - - - - - - NY networks court video security The New York State Unified Court System has opted for a networked video system to provide surveillance for about 30 courthouses in New York City in a $230,000 deal that could be the precursor of a statewide installation. The surveillance system, provided by Axis Communications Inc., will enable security people to monitor entrances and exits at the courthouses from a remote command center using CourtNet, the court system's multiple- gigabit, fiber-based enterprise network. http://www.fcw.com/geb/articles/2003/0428/web-court-04-29-03.asp - - - - - - - - - - Computer glitch wrongly notifies contest 'winners' Kellogg Co. said a computer glitch involving its American Airlines online sweepstakes resulted in some people being informed erroneously by e-mail that they had won a grand prize of 25,000 of the airline's frequent-flier miles. American spokeswoman Laura Mayo said Monday that several thousand of the airline's customers who take part in the AAdvantage loyalty program received the computer notification sometime over the weekend. http://www.siliconvalley.com/mld/siliconvalley/news/5742949.htm *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.