NewsBits for April 2, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ Law enforcement cracks down on Internet auction scams Federal and state fraud fighters are cracking down on Internet auction scams that fleeced thousands of consumers out of money and merchandise. The Federal Trade Commission is announcing Wednesday that it has joined with 33 state and local law enforcement agencies to target auction con artists with 57 actions ranging from criminal prosecutions to warning letters. Auction fraud was the No. 1 Internet- related complaint recorded by the FTC last year. Many of the cases included in the FTC's ``Operation Bidder Beware'' involve scams where consumers win an online auction and pay but never receive any merchandise.,1367,58681,00.html,10801,80818,00.html - - - - - - - - - - Fluffi Bunni nabbed at InfoSec Uber hacker Fluffi Bunni was arrested by the Metropolitan Police on Tuesday, while attending InfoSecurity 2003, in London. Or rather the police collared Lynn Htun, 24, alleged head of the group of hackers using the collective moniker Fluffi Bunni, on outstanding fraud charges.,10801,80811,00.html Infosec hit by arrest and virus attack - - - - - - - - - - Judge to appear in court on child porn charges A Cork Circuit Court judge is due in court today on a charge of possessing child pornography. Judge Brian Curtin is listed to appear at Tralee District Court in County Kerry today, accused of having the material on a computer at his home in Tralee on May 27 last year. The 51 year-old judge had been due in court in January but the case was adjourned until today following the presentation of a medical certificate from his solicitor. - - - - - - - - - - Burlington Man Faces Child Porn Charges A 25-year-old Burlington man is facing child pornography charges after chatting online with an undercover police officer who he thought was a teenage girl. James Clayton Harris II pleaded not guilty this week to four felony counts of possessing child pornography. According to court documents, the Chittenden Unit for Special Investigations was contacted by a detective from Xenia, Ohio, after a detective there posing as a teenage girl met Harris in an online chat room. - - - - - - - - - - NJ Man faces child-porn charges A federal grand jury Tuesday indicted a man found with child pornography. Jerry A. Landry, 34, had several hundred pictures and movies depicting children engaging in sexual acts, authorities said. He posted child pornography on a Web site that could be downloaded in exchange for identifying information Landry used in another pursuit - manufacturing false documents, authorities said. - - - - - - - - - - Telewest email halted under massive spam attack Telewest has been hit by a massive spam attack that has resulted in as many as 200,000 of its punters being without email for a couple of days at the beginning of the week. Normal service was resumed last night although the cableco is still ploughing through a backlog of 1.2 million emails it quarantined immediately after the attack. - - - - - - - - - - New Law Targets Internet Porn President Bush today signed legislation that would hand out prison sentences to online pornographers who deliberately mask their Web sites behind innocuous domain names. The provision is part of a larger bill that strengthens penalties for sexual abuse or exploitation of children, provides funding for a national child-abduction alert system and bolsters prohibitions against child pornography. The proposal is frequently referred to as the "Amber Alert" bill.,2933,85564,00.html - - - - - - - - - - Virginia threatens spammers with jail time Internet mavens who clog computers with massive volumes of unsolicited e-mail pitches now risk landing in prison and losing their riches under a tough Virginia law signed Tuesday. Although about half the states have anti-spam laws, no other allows authorities to seize the assets earned from spamming while imposing up to five years in prison, said Gov. Mark R. Warner.,10801,80813,00.html - - - - - - - - - - States Object to Spam Legislation It was just the first day of a Federal Trade Commission forum to address the growing problem of unsolicited bulk e-mail, or "spam," and already cracks began to appear in how best to eliminate the problem. At the first panel of the three-day conference, Washington Attorney General Christine Gregoire (D) announced that 44 states and the District of Columbia would not support two of the U.S. Congress's most vaunted plans to cut down on the proliferating spam plague. - - - - - - - - - - FTC: Two thirds of spam is fraudulent Internet users skeptical of junk e-mails promising easy money, miracle cures and dream dates are right to be wary: The government says two-thirds of the ``spam'' messages clogging online mailboxes probably are false in some way. The Federal Trade Commission said Tuesday that spam e-mails involving investment and business opportunities are especially dubious, with an estimated 96 percent containing information that probably is false or misleading. The FTC studied a random sample of 1,000 unsolicited e-mails taken from a pool of more than 11 million pieces of spam it has collected. The agency looked for deceptive claims in a message's text or the ``from'' or ``subject'' lines. ``In one way or another, a great deal of it appears to contain important information that is false or deceptive,'' said Eileen Harrington, the FTC's director of marketing practices. - - - - - - - - - - AOL flexes spam-fighting muscle America Online on Wednesday touted its spam- fighting prowess, saying it repelled more than 2 billion unsolicited commercial e-mails in a single day this week. The announcement was timed to coincide with the Federal Trade Commission's first public conference on spam, which started Wednesday. AOL, along with most Internet service providers and e-mail services, has taken up arms in an effort to stem the waves of junk e-mails inundating the in-boxes in offices and homes. - - - - - - - - - - Klez still sits on top of the worms Yet again Klez was the most common source of virus reports during the month of April, as measured by anti-virus firm Sophos. However, while many of the most prolific viruses have been doing the rounds for months in one variant form or another, system administrators should also be on the look out for a new entry in the chart--Datemake. Graham Cluley, senior technology consultant at Sophos Anti-Virus, said: "While Klez refuses to go away, a new entry this month is Datemake--a type of malware known as a dialer. It is programmed to dial a premium rate telephone line, typically with the intent of gaining access to adult material. Businesses should apply strict computing guidelines to prevent getting stung by a huge telephone bill and embarrassed by these seedy programs." - - - - - - - - - - Homeland chief urges firms to bolster cybersecurity Homeland Security Secretary Tom Ridge underscored to technology leaders Tuesday evening that the private sector should be worried about computer attacks and must do more to secure their networks. At a speech before the Northern Virginia Technology Council, Ridge cited a poll showing that 90 percent of CEOs do not think their companies are a target for terrorist attacks, and he expressed concern that companies may not be vigilant enough in trying to prevent hackings or other types of cyber attacks. - - - - - - - - - - NHTCU issues stark cyber-crime warning Organised crime moving in for the kill, Infosec delegates told. The head of the National High Tech Crime Unit (NHTCU) has called on businesses to take cyber-crime more seriously. Detective superintendent Len Hynds told delegates attending the Infosecurity Europe 2003 show that cyber-crime is no different from any other criminal activity and needs to be treated as such. - - - - - - - - - - NIAC Tackles Net Security As corporate America tries to work more closely with the federal government to improve network security, a primary goal among CEOs is avoiding new federal regulations. However, executives who are directly responsible for network security do not necessarily share that goal. CIOs and chief security officers across the country are quietly advocating regulation to spur their bosses into acting more effectively on network security, according to Tom Noonan, president and CEO of Internet Security Systems Inc., in Atlanta. There is a widespread feeling among executives accountable for IT that security is not receiving the attention it deserves from the helm, Noonan told top corporate executives gathered for a teleconference of the National Infrastructure Advisory Council last week.,3959,1046035,00.asp - - - - - - - - - - Music labels launch anti-piracy salvo The music industry started sending the first of a million instant messages Tuesday to computer users it suspects of trading pirated music. The automated messages warn individuals that what they're doing is illegal and could get them sued. The Recording Industry Association of America joined three other groups representing songwriters, music publishers and artists in what it described as an educational campaign directed at millions of Kazaa and Grokster users. The first 200,000 messages went out Tuesday. It expects to send a million in the first week. - - - - - - - - - - Air Force wins cyberexercise The Air Force Academy recently beat out the four other service academies in the Cyber Defense Exercise, a cyber training tool designed to prepare students to protect and defend the nation's critical information systems. Each student team was challenged to configure a network of computers securely to serve both local and remote users. The exercise environment was created to represent coalition information sharing; the students entered into direct cybercombat with so-called "red forces," which challenged them to keep their systems online and running. - - - - - - - - - - UK Web sites fare badly on consumer rights Many European Web sites lack basic such consumer- protection measures as a privacy policy and information about order cancellations, despite EU directives requiring them, according to a new pan-European study. The study indicates that even though the Web is no longer a novelty, many e-commerce sites aimed at consumers still lack basic protections for their personal data.,,t269-s2134138,00.html - - - - - - - - - - Oracle patches critical database server vulnerability Oracle Corp. has released a patch for a recently-discovered critical security vulnerability affecting its database servers. The buffer overflow vulnerability affects all supported versions of Oracle database servers and could enable a remote attacker to compromise the data stored in Oracle and gain control over the machine hosting the database server, according to a security alert posted by Oracle.,10801,80797,00.html - - - - - - - - - - Firms neglect remote workers' IT security Many companies are adopting an "out of sight, out of mind approach" and neglecting the security of remote workers' IT systems, warns a survey. The poll of 3,000 IT systems administrators found that although companies are diligent about updating their office-based antivirus software - with two- thirds of firms doing so on a daily basis - 70 per cent are only updating their remote workers' antivirus protection weekly or less frequently. - - - - - - - - - - Spammers and virus writers unite Spammers are turning to tactics favoured by virus writers to get their unwanted messages into circulation. Anti-spam activists have found that some unscrupulous spammers are hijacking the e-mail accounts of innocent users to send millions of messages. The spammers take over the accounts using malicious e-mail messages that resemble computer viruses. As efforts to beat spam accelerate, many junk marketers are keen to cover their tracks and hide the real origin of the messages they want to send. - - - - - - - - - - Information security bucks IT decline The market outlook for information security services continues to outshine other areas of the IT services industry, according to IDC. The research firm said yesterday that worldwide information security services spending will increase to more than $23.5bn (PS14.72bn) by 2007, representing a compound annual growth rate of 20.9 per cent. But IDC warned that security service providers must work harder to demonstrate that their offerings can deliver rapid return on investment in order to gain passage into the enterprise. - - - - - - - - - - Patching is the problem, says Microsoft Patching applications is the most costly security job that companies face, according to Microsoft's head of security. Craig Fiebig, general manager of Microsoft's security business unit, said the firm would continue its policy of releasing software updates on Wednesdays, but admitted that providing reliable, easy-to-install patches was an issue. - - - - - - - - - - AOL will charge for virus protection AOL launched a new virus-protection service for its members on Wednesday, marking the latest paid service from the Internet division of AOL Time Warner as it tries to turn itself around. The company's new management team said in December that it would unveil a series of paid services as part of its effort to contend with a slump in dial-up subscribers and advertising. AOL said its new virus-protection service, developed with the McAfee unit of Network Associates, helps guard against known viruses and worms, as well as new threats that may arise via a desktop-based product.,,t278-s2134117,00.html - - - - - - - - - - Smut Trading Outstrips Tune Swaps By most accounts, Apple's new iTunes music download service is pretty cool -- the first legitimate alternative to the song swapping on Kazaa, Morpheus and other file-trading services. But Apple's move won't slow down the manic expansion of these trading networks. Why not? Kazaa and company are increasingly trafficking in dirty video clips. And until Apple starts offering up Christy Canyon downloads, the swapping services can sleep easy.,1367,58665,00.html - - - - - - - - - - Electronic piracy must be stamped out -EC The European Commission is calling on all Member States to implement and enforce laws giving paid- for content providers protection from electronic piracy. In the EC's book, electronic pay-services are provided by TV, radio and internet, but it is clear that the big sums being lost to piracy are leeching out of pay-TV. In a report published yesterday on the implementation of the 1998 Directive on legal protection for electronic pay services,the EC urged members to fight electronic piracy. - - - - - - - - - - Honeypots: Simple, Cost-Effective Detection This is the fourth article in an ongoing series examining honeypots. In previous installments, we have covered two different honeypot solutions: Honeyd and Specter. Both honeypots are low-interaction production solutions; their purpose is to help protect organizations, as opposed to research honeypots, which are used to gather information. Production honeypots work by emulating a variety of services and operating systems. Honeyd, an OpenSource solution, is considered more powerful and flexible than Specter, but it is also more difficult to use. - - - - - - - - - - Wireless firms to meet 911 deadlines Wireless industry officials said Tuesday they will meet federal deadlines for providing enhanced 911 service that lets emergency operators locate cell phone users who call for help. Cell phone carriers have made great strides rolling out the service in recent months to thousands of emergency call centers, said Michael Altschul, a senior vice president and general counsel with the Cellular Telecommunications & Internet Association. - - - - - - - - - - Justice will study terrorisms impact at state, local levels Amid controversy over the burden that homeland security expenses have imposed on state and local governments, the Justice Department announced plans for a survey of international crime and terrorism. In a Federal Register notice today, the Office of Justice Programs asked for comments on its proposed survey of law enforcement administrators and investigators regarding international crime and terrorism. - - - - - - - - - - Security program to rely on biometrics Foreign visitors arriving in the United States by air and sea will be tracked by a new system that verifies their identities through fingerprints or newer technologies such as iris scans or digital photos. The new program is designed to allow U.S. officials to track the comings and goings of tourists, students and business travellers from overseas, part of efforts to tighten border security after the Sept. 11, 2001, terror attacks. *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.