NewsBits for May 30, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ Three cases highlight technology smuggling Three times in the past month, the U.S. government has uncovered illicit efforts to smuggle sensitive military or nuclear technology out of the United States to Pakistan, one of America's key partners in the war on terror. One of the cases resulted from an anonymous tipster reaching out to U.S. authorities because of the Sept. 11 terrorist attacks. - - - - - - - - - - UK Teacher jailed over child porn A school teacher who downloaded child pornography from the internet has been jailed for four months. Michael Yates, 45, who taught in Cornwall for more than 20 years and now lives in Plymouth, pleaded guilty in April to taking and making indecent photographs of children. He was jailed at Exeter Crown Court on Thursday and banned from working with children indefinitely, as well as being banned from accessing any child internet sites or chat rooms. He was ordered to go on a three-year sex offender's course on his release from jail and to sign on the Sex Offenders' Register for seven years. - - - - - - - - - - Bus driver charged with sex solicitation Authorities have arrested a man who drove school bus for the Anoka-Hennepin School District on suspicion that he solicited a child for sex over the Internet. So far, there are no victims in the case of Joel Richard Hoard, 22, 8008 Ewing Ave. N., Brooklyn Park, who was arrested last Tuesday at Bills Superette, 3100 Brookdale Drive. But police said Hoard thought he was meeting a 14-year- old boy for sex when he arrived at the Brooklyn Park store May 20. He actually had been corresponding with an undercover police officer when he allegedly set up the date. Police say he later admitted to chatting with dozens of boys on the computer and getting pictures that showed some of them naked. - - - - - - - - - - Charged Natick High teacher is placed on unpaid leave Joseph Doyle, the Natick High School history teacher and ice hockey coach charged earlier this month with allegedly soliciting sex from a New Hampshire teen, has been placed on unpaid leave by the superintendent. Doyle, a married father of two children, is accused of trying to lure a 14-year-old boy named Brad he met over the Internet into having sex with him Keene, N.H., Detective James McLaughlin posed as the boy online. When Doyle turned up at their agreed meeting spot at a YMCA in Keene, he was arrested by McLaughlin. - - - - - - - - - - TEACHER DID LIVE SEX ACTS ON INTERNET Authorities in Westchester County have busted a substitute middle school teacher from upstate New York who was allegedly caught masturbating in front of a Web cam for a person who he thought was 14-year-old boy. The "teen" turned out to be an undercover investigator working for the office of District Attorney Jeanine Pirro, who allegedly caught Robert Sudakow, 28, of Utica engaging in "obscene acts" live on the Internet. During his conversation with the undercover investigator Sudakow described in explicit detail the sort of sexual activities he wanted to engage with the youngster, prosecutors alleged. - - - - - - - - - - Milton fire official charged in Internet sex talk sting A Milton fire commissioner was arrested in Westchester Wednesday for allegedly sending indecent materials to a 14-year-old, the Westchester County District Attorney's office said. Charles Diorio, 57, was accused of having sexually explicit Internet conversations with someone he thought was 14, officials said. Diorio was arrested in White Plains when he allegedly attempted to meet the teen, who was actually an undercover investigator, authorities said. - - - - - - - - - - Beacon man faces child porn charges A city man was arrested Tuesday after police found sexual photos of children on his home computer, city police said. Mario Capperilli Jr., 19, was under investigation when police arrested him and discovered the pictures, police said. The images, described by police as ''obscene sexual photos,'' were of children ranging from 7 to 15 years old and included some from the Beacon area, police said. Capperilli was charged with three felony counts of obscene sexual performance by a child and was awaiting arraignment Tuesday afternoon. Additional charges and arrests were pending, police said. - - - - - - - - - - IU student facing more sex charges A 19-year-old Indiana University student who was extradited last month to Westchester County, N.Y., on child pornography charges has now been accused of crimes against children in Arlington County, Va. Galen Baughman, who was arrested in April at his 427 S. Henderson St. apartment, now faces three new felony charges in Virginia: carnal knowledge of a minor, crimes against nature and use of communications systems to facilitate offenses involving children, said Matt Martin, a spokesman for Arlington County police. After a criminal investigator in Westchester assumed the identity of a 14- year-old child whom Baughman had reportedly been contacting over the Internet, Baughman was charged in April with five counts of promoting sexual performance by a child and attempted dissemination of indecent material to minors in the first degree. - - - - - - - - - - Man faces 73 counts of child porn in Fallon A former sailor has been ordered to stand trial in Fallon on 73 counts of child pornography. Ronald Alex Stevenson, 37, is accused of photographing three teenage girls in various poses in the summer of 2001. He is also charged with possessing child pornography taken from the Internet. Following a preliminary hearing last week, Justice of the Peace Daniel Ward determined there is enough evidence for Stevenson to stand trial in district court. - - - - - - - - - - Judges Disagree in Child Porn Case Two federal judges sitting in adjoining courtrooms in Central Islip have disagreed on whether false statements by a former FBI agent may have jeopardized cases against alleged child pornographers or child molesters in the metropolitan area and around the nation. In separate cases that grew out of the FBI's widely publicized child pornography investigation named "Candyman," U.S. District Judge Denis Hurley ruled Friday that he will hold a hearing to determine whether the agent's misstatements that led to the investigations of hundreds of people are sufficient to suppress the evidence against two Long Island men.,0,2643388.story - - - - - - - - - - California Supremes hear DeCSS case California's Supreme Court on Thursday heard oral arguments in a case that pits the motion picture industry against a man who distributed a DVD descrambling program through his website, until he was forced by a court order to remove it. Andrew Bunner, now 26, was one of hundreds of people who mirrored a copy of the open-source DeCSS program on the Web in 1999, after learning about the controversy surrounding the program on the "news for nerds" community site Slashdot. Shortly thereafter he was named in an injunction ordering him to take down the program, as part of broadly targeted lawsuit filed by the DVD Copy Control Association -- a motion picture industry group -- under a 1979 state law designed to protect trade secrets.,,t269-s2135389,00.html - - - - - - - - - - Court confirms DMCA 'good faith' web site shut down rights A U.S. court has extended the power of the DMCA even further with a ruling this week that backs up copyright holders' ability to shut down a Web site on "good faith." had asked the District Court for the District of Hawaii to require that copyright holders investigate infringing Web sites before shutting them down. This rational request was rejected by the court, as its granted the MPAA (Motion Picture Association of America) and any other DMCA zealot the right to put the clamp on Web sites at will. - - - - - - - - - - Aussie judge mulls giving university network records to labels A Federal Court judge has deferred handing down formal orders in the case between the music industry and Australian universities today, but indicated he would order the universities to provide copies of their network records to the music industry's technology expert.,2000048590,20274977,00.htm - - - - - - - - - - Abourezk files libel lawsuit against web site Former Sen. James Abourezk has filed a lawsuit against an Internet web site, claiming the operator libeled him by calling him a traitor. The lawsuit, which was filed Tuesday in Sioux Falls, also names Michael Marino, of Pennsylvania, as the site's editor and publisher. The web site, called, lists Abourezk's name and photo among a host of other public figures on a "Traitor List" for criticizing President Bush. - - - - - - - - - - Fizzer blasts Klez-H off top spot in viral charts The newly emerged Fizzer worm has displaced. Klez as the most common viral menace on the Internet over the last month. Managed services firm Messagelabs blocked Fizzer 497,846 times in May, relegating Klez-H (293,028 interceptions) to fourth place in the firm's monthly viral charts. MessageLabs reports that one in 145 emails it processed this month contained a virus. - - - - - - - - - - Cyber-crime is costing business billions, reports security survey Three-quarters of organisations have reported a substantial financial loss arising from cyber-terror, according to research. The eighth annual Computer Crime and Security Survey from the Computer Security Institute (CSI), produced with the San Francisco FBI's Computer Intrusion Squad, found that 75 per cent of the 530 survey respondents reported financial losses from hack attacks. (Report available here - Free registration required) - - - - - - - - - - Who creates viruses? According to researches, the most destructive and prejudicial viruses are Klez and Love Bug. So, virus Klez has caused the harm of $8 and $9,9 billion; Love Bug - $7,8 - $9,6 billion; Code Red $2,4 - $2,9 billion. Viruses are known well, but "virus- makers" are not. According to Sarah Gordon from Symantec the generalized nature of virus-makers is the following. They are men of 13-26 years, rather clever or overwhelmed with desire of self-assertion and to become members of certain society; as a rule they are encouraged with revenge, sociopolitical motives, desire to show weakness of technologies, and just with mere curiosity. As a rule, such "virus-maker" creates viruses not with the purpose of causing harm, but to be in "advance of technologies ". - - - - - - - - - - Virtual Time Machine May Foil Hackers "Not only can we turn back the clock on an attack to undo the damage, we can also go back to any point during the attack to observe exactly how the intruder breached the system," says University of Michigan computer-science professor Peter Chen. Traveling back in time may be the way to thwart hack attacks, say computer scientists at the University of Michigan. Losses from computer crime are soaring -- already approaching the US$2 billion mark, according to industry experts -- and the end is not in sight. Computer hackers, however, drop few clues at their crime scenes, leaving security experts and system administrators with slim options for accurate detection. - - - - - - - - - - Support grows for controversial virus writing course Users come out in favour of putting malware on the syllabus...The tide has turned in favour of the University of Calgary, earlier this week lambasted for announcing it will run a virus writing course for computer science students. However, the majority opinion still appears to be opposed to the controversial course. But whereas earlier in the week all voices appeared to be dissenting, support for the course is burgeoning. - - - - - - - - - - Cisco cracks down on Asia-Pacific counterfeits Networking heavyweight Cisco has warned its Asia- Pacific channel partners of an "aggressive" crackdown on counterfeit product in a memo which indicates some partners have already tried to rip off customers. From 1 June, Cisco will "aggressively pursue" any reseller caught shifting fake Cisco network gear, according to a letter sent by the networking giant's president of Asia Pacific Operations, Gordon Astles, to its Asia Pacific channel partners. - - - - - - - - - - Microsoft: Spam can be contained within two years Unwanted commercial e-mail, better known as spam, can be contained within two years but will first reach unprecedented proportions, Microsoft Corp.'s chief spam fighter said yesterday. "Spam has reached epic proportions, and we are in a crisis situation," said Ryan Hamlin, general manager of Microsoft's antispam technology and strategy group, speaking at the company's Silicon Valley campus in Mountain View, Calif.,10801,81677,00.html - - - - - - - - - - Government may ignore ID card opposition Lumping together the thousands of people who opposed the introduction of entitlement cards could help get the policy introduced, but would also provoke a major outcry. Concern is growing that the government may ignore thousands of people who have said they opposed the introduction of ID cards in the UK, because they registered their concern via the Web.,,t269-s2135431,00.html - - - - - - - - - - Study finds technical errors in government sites A survey of 41 federal Web sites found that 68 percent will present some sort of bug within the first 15 minutes of a visit, according to the Business Internet Group of San Francisco. Most glitches were application server and Web server errors such as blank pages, embedded content errors and the 500 internal server error, the survey found. Diane Smith, the groups research director, said she selected the sites because they are used in the Keynote Government Internet Performance Index from Keynote Systems Inc. of San Mateo, Calif. The index includes sites of 10 Cabinet departments, the White House, both houses of Congress and several large agencies. - - - - - - - - - - Microsoft does security reshuffle Kevin Kean to take over as security head as Microsoft continues to focus on 'trustworthy computing'. Microsoft this week named a new top executive for its Security Response Center, the unit responsible for addressing vulnerabilities in the company's existing products. Kevin Kean, who had been working as a senior group product manager on Windows Server 2003, is taking over for Steve Lipner as head of the unit that issues security bulletins and patches for Microsoft's existing products. - - - - - - - - - - Yahoo issues IM, chat security patches Yahoo issued on Friday security patches for its Yahoo Instant Messenger and Yahoo Chat clients in an effort to fix a buffer overflow vulnerability discovered in the software. When users of the software log on to the IM network or enter a chat room, Yahoo is prompting them to install the patches. In addition, the company posted the patches on its Web site. A buffer overflow is a common security vulnerability in computer programs written in C and C++ that allows more information to be added to a chunk of memory than it was designed to hold. - - - - - - - - - - Apache patch covers HTTP security hole Apache has updated its open source Web server software because of a security vulnerability found in WebDAV, its HTTP extensions. The Apache Software Foundation released on Wednesday an updated version of its market- leading Web server software, primarily to patch previously undisclosed security holes. The group, which coordinates development and distribution of the open-source software, recommended that system administrators promptly upgrade to version 2.0.46 of Apache HTTP Server, available for download from the Apache Web site.,,t269-s2135402,00.html - - - - - - - - - - Chips To Secure Smartphones The processor is the obvious security gatekeeper, says ARM exec Richard York, for reasons of design and broad software coverage. "Operating systems are by their nature big and lumbering and difficult to secure. There are just too many entry points for attackers." Ever since wireless mobile client devices were first mooted there have been concerns over security. The relatively small number of such devices until recently has meant that virus writers, hackers and crackers have tended to look towards other targets, but an attempted hack on an Orange SPV phone earlier this year was a wake-up call to users that these devices may have some shortcomings for security. - - - - - - - - - - HP embeds security, adds thin client HP has updated its business PC range to include an embedded chip to aid encryption systems and launched a new thin client device. Hewlett-Packard has launched new business desktop computers including one with HP's first embedded security chip option, and another that is its first post-merger thin client.,,t269-s2135397,00.html - - - - - - - - - - Hackers Put 'Bane' in Shadowbane The horror, as horror so often does, began slowly - almost imperceptibly. Late Tuesday evening, little things suddenly started to go very wrong in the virtual world of Shadowbane, a popular online multiplayer game. Some players noticed that their money and weapons had suddenly vanished. A few whispered that tonight the monsters somehow seemed slightly bigger and meaner. And then all hell broke loose. Shadowbane had been hacked by several of its players.,2101,59034,00.html - - - - - - - - - - Interview with Chairman, British Computer Society Security Expert Panel Willie List is Chairman of the British Computer Society Security Expert Panel and has worked in the Information Security industry for over thirty-five years. Here, interviewed by John McIntosh, he shares his personal insight into the security industry. - - - - - - - - - - States try digital watermarking Vermont and New Jersey are the first states to consider using digital watermarking to secure driver's licenses -- something that's become a matter of urgency in the wake of a nationwide explosion of identity theft. Both states are using digital watermarking provided by Digimarc ID Systems LLC, which supplies secure identification solutions to 33 states. - - - - - - - - - - Police chief wants traffic wardens to help in crime fight Traffic wardens could play a vital intelligence-gathering role in tackling street crime and anti-social behaviour, according to one of Scotland's leading police officers. Andrew Cameron, president of the Association of Chief Police Officers in Scotland (Acpos), suggested that the much-vilified public sector workers could take on an expanded role as a conduit for information to police. *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.