NewsBits for June 4, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ Pair charged with burglary after stolen item shows up on eBay A police detective's hunch to log on to an Internet auction site has led to the arrest of two men on burglary charges. Richard Petrou, 18, of New Milford, was arrested Monday after authorities said he tried to sell a stolen radio on e-Bay. After using a subpoena to get the seller's name, police set up an account at the site and placed a winning $200 bid for the radio. - - - - - - - - - - Guard indicted in deletion of protective orders A grand jury has indicted a jail guard on charges of deleting nearly 500 court protection orders that authorities suspect were lost when he tried to erase an order involving a friend. Protection orders typically are issued to prohibit suspects of spousal abuse or stalking from having contact with a victim. Hector Delgado, 32, was indicted Tuesday on felony counts of tampering with records and unauthorized use of a computer. If convicted, he faces up to five years in prison. - - - - - - - - - - Virus update: Sobig.C has it in for the UK Sobig.C is now the most prevalent worm on the internet, and the UK is bearing the brunt of its attack. The latest variant of the Sobig computer virus gathered momentum yesterday, accounting for about 32,000 email messages, according to MessageLabs. The surge in email messages containing the worm pushed Sobig.C to the top position on the UK company's list of most prevalent threats. As of Wednesday morning, MessageLabs said its servers have stopped just over 84,000 copies of the worm since it was first detected over the weekend.,,t269-s2135578,00.html New version of 'Sobig' virus spreading - - - - - - - - - - Verizon to hand names over to RIAA update Verizon Communications said Wednesday that it will turn over to a recording industry trade group the names of four anonymous subscribers accused of illegal file swapping, after an appellate panel denied the company's request for a delay. In a victory for copyright holders, a panel of the U.S. Court of Appeals for the District of Columbia refused to intervene in the case and protect the subscribers' identities while the case moves forward. However, final victory for the recording industry is still a ways off, with a pending appeal scheduled for a hearing in September that could vindicate Verizon. - - - - - - - - - - Law gets tough on cybercrimes The Legislative Yuan passed changes to the Criminal Code that are intended to make hackers think twice before engaging in destructive behavior The legislature passed several amendments to the Criminal Code yesterday to toughen penalties for cybercrime in a bid to improve the country's ability to combat computer crime. The revisions, proposed by the Ministry of the Interior and the Ministry of Justice, target hackers who design and spread computer viruses or worms or access other people's computers without their authorization. - - - - - - - - - - EU cybercrime plans may be put on hold Plans for a European agency to tackle cybercrime such as computer viruses and terror attacks may be sidelined because governments want to monitor it too tightly, the European Union said Wednesday. The European Network and Information Security Agency, which would play a key advisory role to the 15 EU governments on how to combat Web- related threats, was expected to be up and running by the end of this year. However, member states now say they want to directly appoint members of the management board, which would oversee the work of the agency. They are also seeking to ax a planned advisory panel meant to give voice to the industry, EU officials said. - - - - - - - - - - Mass. could be fifth state to adopt anti-UCITA law A Massachusetts legislative committee held a hearing this week on an anti-UCITA bill, and the state could become the fifth to enact a law whose sole purpose is to protect its residents and businesses from the controversial software licensing law. The hearing underscores the difficulties that have confronted backers of the Uniform Computer Information Transaction Act (UCITA). Only two states, Virginia in 2001 and Maryland in 2000, have enacted the model legislation, while four states have adopted anti- UCITA measures. UCITA's progress toward state-by- state adoption appears, for now, to be stalled.,10801,81812,00.html - - - - - - - - - - Davis announces support for bill protecting privacy Gov. Gray Davis has thrown his support behind a financial privacy bill that would clamp down on the trading of consumers' personal information and could become a blueprint for a national law. The bill, SB 1, prevents financial institutions from sharing information with third-party companies unless they first get permission from customers. - - - - - - - - - - Senator wants limits on copy protection A conservative Republican senator said Wednesday that he has drafted a bill that would scale back the ability of record labels, movie studios and software companies to use anticopying technology. The bill, authored by Sen. Sam Brownback, would regulate digital rights management systems, granting consumers the right to resell copy-protected products and requiring digital media manufacturers to prominently disclose to consumers the presence of anticopying technology in their products. - - - - - - - - - - Broadband Internet Use Has Its Risks, Study Finds Besides speed, the most coveted feature of a broadband connection is that it is always on. But according to a study that is scheduled to be released today, those two advantages are exposing broadband customers to far greater risk than most of them realize. The study, conducted by the National Cyber Security Alliance, highlights the chasm between the assumptions of consumers about the security of their Internet connection and the reality. The result is a high risk of hacking, viruses and identity theft, according to Keith Nahigian, the spokesman for the alliance and a consultant to the Office of Homeland Security. - - - - - - - - - - Experts question security of medical records Electronic medical records can easily by hacked, security experts say, raising privacy concerns as more information is entrusted to the system. "The probability that I will be able to break into a password encrypted system is very close to 100 per cent," Tony Nelson, a computer security expert, said. - - - - - - - - - - Linux security breaches at all time high Windows stood up better, company claims. A UK BASED security firm claimed today that digital attacks on Web sites using the Linux operating system have reached an all-time high over the last three months. British firm mi2g claimed that Windows based servers were more resilient from March to May for corporate and government systems. It issued figures saying that the reason for the vulnerabilities was down to improperly configured systems, lack of a "trustworthy" computing initiative, and corporations choosing Linux because of its cost but not costing in technical support overheads. - - - - - - - - - - World faces 'spiralling Internet piracy problem' The software industry is facing a "spiralling Internet piracy problem" that threatens to reverse a global trend that has seen the thieving of commercial software decline over the last eight years. In its latest annual study the Business Software Alliance (BSA) claims that software piracy has decreased 10 points (from 49 per cent to 39 per cent) since 1994, thanks to increased education and tighter legislation. - - - - - - - - - - Group drafts a truce in flaw dispute A security coalition has published draft guidelines for issuing bug alerts, a bid to temper a hot debate over when and how alerts should be released. The draft rules were released Wednesday by the Organization for Internet Safety (OIS), a group composed of software companies and security firms, which have found themselves on opposite sides of the debate. Scott Culp, senior security strategist for Microsoft, said the document is intended to keep both researchers and software makers honest. - - - - - - - - - - Security standards could bolster file-sharing networks Plans to build security features into personal computers to make unauthorised digital copying more difficult could backfire by strengthening controversial peer-to-peer file-sharing networks, say US researchers. Peer-to-peer programs such as Kazaa and Morpheus let users scour each other's hard drives for music and other files though a decentralised network. The entertainment industry has targeted the companies behind these programs because many shared files are protected by copyright. - - - - - - - - - - Girls Teach Teen Cyber Gab to FBI Agents Md. Students Help Catch Pedophiles On the Internet As undercover assignments go, posing as a teenage girl online to catch pedophiles has its share of challenges for the typical FBI agent. Should he ever capitalize words in instant messages? Is it okay to say you buy your clothes at 5-7-9? And what about Justin Timberlake? Is he still hot or is he so two years ago? For those investigative details, the FBI calls on Karen, Mary and Kristin -- Howard County eighth-graders and best friends. - - - - - - - - - - HHS boosting cybersecurity The Department of Health and Human Services has expanded its contract with iDefense Inc. to provide cyberthreat intelligence to the entire department. Reston, Va.-based iDefense will help the department protect its computers, networks and Internet functions with the company's iAlert intelligence service. - - - - - - - - - - Windows Server 2003 gets first patch Less than two months after launching its Windows Server 2003 operating system, Microsoft has released a security patch to fix a vulnerability that could let malicious sites run damaging code on the server. Although security experts--even those at Microsoft itself--had pointed to the company's latest server OS as the first test of the software giant's massive Trustworthy Computing initiative, representatives maintained that the patch did not mean the release had been a failure in its security practices.,,t269-s2135625,00.html,10801,81815,00.html Microsoft Gets Serious About Security? Microsoft promises to patch up patches - - - - - - - - - - Microsoft adds spam filtering to MSN 8 The latest version of MSN will include a new spam filtering algorithm and better content control for parents. Microsoft said it will release an updated version of its MSN Internet service on Wednesday, the latest salvo in its ongoing campaign to unseat AOL. The latest update to MSN 8 focuses on beefing up software to block unsolicited bulk email and adds new parental controls. A sneak peek of the software made its rounds on the Net in April under the guise "MSN 8.5.",,t269-s2135589,00.html - - - - - - - - - - .NET 'more secure' than WebSphere Security consultancy @stake has completed a comparative security analysis of Microsoft's .NET Framework and IBM's WebSphere development environment which concludes that Redmond's environment takes less effort to secure. Although touted as independent the analysis was funded by Microsoft, a point openly disclosed by @stake openly discloses. For the record, @stake compared Microsoft's .NET Framework Version 1.1, running in Windows Server 2003, and IBM's WebSphere Java 2 Enterprise Edition (J2EE) framework, running in both Unix and Linux environments. - - - - - - - - - - Learning to Love Big Brother Microsoft's digital rights management (DRM) may have implications for security professionals. But the physical difficulty of meeting was enormous. It was like trying to make a move at chess when you were already mated. Whichever way you turned, the telescreen faced you. (George Orwell's 1984) DRM: Digital Rights Management. Or, as some prefer to call it, Digital Restrictions Management. Basically, the idea is that the creators, and/or owners, of digital content - a song, a video, a document, even an email - should be able to dictate how that content is used and who can use it. It's an issue that security pros need to be intimately familiar with. - - - - - - - - - - Spam Is in Eye of the Beholder E-mail that features an exuberant sprinkling of exclamation points is almost guaranteed to provoke petulance in potential clients, according to Michelle Feit, president of ePostDirect. Free is another word that sparks sudden skepticism and must be used with extreme care.,1367,59089,00.html - - - - - - - - - - Better data sharing key to fighting terrorism Top-notch intelligence is truly a first line of defense against terrorist attacks, and federal agencies must make greater efforts to collect, digest and share data, a former CIA director said today. Stansfield Turner, speaking at an industry-sponsored conference in Washington, blended broad recommendations for better intelligence gathering with observations of evolving U.S. foreign policy and how they relate to fighting terrorists. What we want to do is cut them off at the pass. We dont want to wait until a 9-11 has happened, Turner said. That means we need to know who they are, when they are going to operate, where and against what. - - - - - - - - - - 'Poindexter's nutty scheme' Bruce Sterling calls himself an author, a journalist and an editor--and all that is true. But Sterling, who wrote "The Hacker Crackdown," is also a contrarian and a leading cultural critic of modern technology. From his home in Austin, Texas, Sterling has written popular science fiction novels such as "Islands in the Net," "Distraction," "Heavy Weather" and, with co-author William Gibson, "The Difference Engine." In technology circles, Sterling is almost as known for his droll conference speeches through which he dispatches politicians and corporate titans alike with Mark Twain-like wit and precision. - - - - - - - - - - Smartcams Take Aim at Terrorists The Department of Defense believes intelligent DIVAs can fight terrorism. This isn't about overpaid celebrities with high heels and machine guns. You can watch for those divas on The Jerry Springer Show. These distributed digital video arrays, or DIVAs, are collections of really smart cameras able to detect and identify an individual in a crowded train station and track him wherever he goes -- out of the station, into the parking lot, onto the freeway and so on.,1282,59092,00.html - - - - - - - - - - U.S. reviewing old, secret surveillance files Government prosecutors are reviewing years worth of sensitive telephone and e-mail wiretaps and results from secret searches to decide whether they can file criminal charges against suspected terrorists in the United States. Senior prosecutors from across the country met Wednesday at the Justice Department with Attorney General John Ashcroft, who ordered the review. They said the examination of more than 4,500 intelligence files is guiding the government's pursuit of what Ashcroft described as "hundreds and hundreds" of suspected terrorists in this country. - - - - - - - - - - UN group decides passports will include facial biometrics An international aviation security body has developed draft standards for embedding biometrics into machine- readable travel documents such as passports, though details of the requirements must be resolved over the next several months, a State Department official said. The International Civil Aviation Organization, a specialized United Nations agency based in Montreal, has approved its working groups recommendation of facial recognition as the biometric technology of choice for travel documents. The group also selected high-capacity, contactless integrated circuit chips to store the digital images on the documents. - - - - - - - - - - Imaging software helps ID suspect in La. murders Sheriffs deputies in St. Martin Parish, La., used composite imaging technology to help identify Derrick Todd Lee, who is charged in the rape and murder of five women in south Louisiana. Lee was arrested May 27 in Atlanta. Sheriff Mike Neustrom's office used Faces software from IQ Biometrix Inc. of Fremont, Calif., to construct a photo likeness of the suspect from victim and witness interviews before DNA results provided his identity. *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.