NewsBits for June 16, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ 4 Teens Suspected of Altering Grades Four students at Providence High School in Burbank are suspected of hacking into their school's computer system and changing grades, police said Friday. Burbank police arrested the boys, ages 16 to 17, at the private school's administrative offices Thursday. The high school juniors allegedly accessed the school system from locations on and off campus and changed their grades during a period of 30 to 45 days, said Lt. Kevin Krafft of the Burbank Police Department.,0,5717390.story - - - - - - - - - - 181 Italians charged in 100m software raids Italian police have charged 181 people, following raids on one of Europe's biggest bootleg software rings. They seized 118m worth of illegal software, music and films and estimate that the counterfeiting operation had an annual turnover of 100m. Another 10,300 people are under investigation. That's not a ring, that's a town. The police investigation sounds very military: 'Operation Mouse' was led by the Green Berets unit of Milan's Rapid Reaction Force (Compagnia di Pronto Impiego), a division of the Guardia di Finanza, Italy's tax police.,,t269-s2136094,00.html Vendors clamp down on license compliance,10801,82156,00.html - - - - - - - - - - High Court Upholds Porn Convictions The Arkansas Supreme Court on Thursday upheld the child pornography convictions of a Magazine couple. The decision affirms a 13-year sentence for James Cummings, and a 10- year sentence for his wife, Donna, who were convicted of operating a Web site featuring a pre-teen girl in various stages of undress. The two were arrested in October 2001, and charged with featuring images of the 12-year-old scantily clad and posing in ways prosecutors said were sexually suggestive. Police said a school counselor at Magazine High School received an anonymous tip that one of the students at the junior high school had a "paid Web site on the Internet." - - - - - - - - - - Former Professor To Serve Prison Term In West Virginia A former Marietta College professor convicted on 131 counts of child pornography and related charges in Ohio and West Virginia is going to prison in West Virginia. A Wood County judge sentenced 52-year-old Eugene Anderson of Parkersburg, West Virginia, last month to 92 years in prison after he pleaded guilty in February to 23 porn- related charges. Anderson also has been sentenced to 88 years in an Ohio prison for his conviction on 108 child porn, obscenity and pandering charges. Anderson resigned as Marietta College's information technology director in January 2001 while he was under investigation. His lawyers argued during his trial that co-defendant Robert Lynn Sandford was responsible for more than 40,000 pornographic images on Anderson's home and work computers. Sandford died last March. - - - - - - - - - - Ex-vicar jailed for child porn A former Berkshire vicar who downloaded hundreds of images of child pornography from the internet was jailed for six months on Friday. John Masters, 40, vicar at St John the Evangelist church in Newbury, Berkshire, for 10 years, admitted four charges of possessing indecent images of children and four of making such images. Officers found 483 images last October at Masters' former rectory home in Yattendon, Berkshire - some involving children being seriously sexually abused. The divorced father-of-two, now living in Southampton, was given a three year sentence, with six months to be served in prison, half suspended and the remainder to be spent on licence. - - - - - - - - - - Teacher arrested in Web sex sting An Avondale High School special education teacher was arrested Friday in an Internet sting after police say he attempted to lure a 15-year-old girl to a restaurant meeting for the purpose of having sex, police said. Instead the "teen-ager" turned out to be a Livingston County Sheriff's Department deputy, who arrested David R. Lewicki, 27, of Ferndale. Lewicki is charged with child abusive activity and the use of a computer for the purposes of having sex with a minor, felonies punishable by up to 20 years in prison. "The deputy impersonated a 15-year-old girl in a computer chat room on Tuesday and was contacted by him (Lewicki) right away," said Livingston County Undersheriff Robert Bezotte. "The meeting was set up for this morning, and he was arrested at the restaurant. - - - - - - - - - - Former Principal Indicted On Porn Charges A former Newfields Elementary School principal was indicted Monday on several counts of possession of child pornography. Authorities said the indictments stem from child porn they allegedly found on a school computer that had been issued to 61-year-old Barry Ring, of Newmarket, N.H. Investigators said no local children were among the images. In December, Ring was put on paid leave after he was arrested on charges he had shoplifted four prints from a downtown Exeter, N.H., business. After a plea bargain, he resigned, then was arrested on the pornography charges. - - - - - - - - - - Two face sex charges after online exchange Both times the men logged onto computer chat rooms, they believed they were exchanging messages of an explicit nature with 13-year-old girls. But in fact, they were chatting with law enforcement officials who were patrolling the Internet posing as teenage girls. As a result, a Granger man and a Mishawaka man have been charged recently with felony offenses. Timothy Sherman, 28, of Mishawaka, was charged Friday with child solicitation. Sherman is in custody and is awaiting an initial court appearance, according to court documents. Mauro Agnelneri, 52, of Granger, was charged May 30 with child exploitation. Agnelneri was released from jail Monday after posting a $1,000 cash bond, court records show. Investigator Mitch Kajzer of the St. Joseph County prosecutor's office was involved in both Internet policing efforts. - - - - - - - - - - Labour site defaced Labour officials had red faces today - no doubt matching their political leanings - after the Party's site was vandalised early this morning. The usual dry political spin was replaced with a picture of George Bush carrying his dog bearing the face of a somewhat stunned Tony Blair. A rather crotchety Labour spin doctor said: "these things happen", before hanging up. Luckily, the BBC managed to capture a snapshot of the image before it was pulled down. - - - - - - - - - - Hacker tips CERT's hand on Linux/PDF flaw Confidential CERT information was also leaked in March. Confidential vulnerability information managed by the CERT Coordination Center at Carnegie Mellon University has again been leaked to the public, following a flurry of such leaks in March. The latest information concerns a flaw in PDF readers for Unix that could allow a remote attacker to trick users into executing malicious code on their machines, according to a copy of the leaked vulnerability report.,10801,82197,00.html - - - - - - - - - - BT sacks 200 in porn clampdown BT has sacked 200 staff over the last 18 months for accessing pornography while at work, according to figures published in the Sunday Telegraph. Ten of those reprimanded by the giant telco were reported to the police with a number facing court action. At least one of those received a prison sentence, according to a BT spokesman. BT emailed its 100,000 employees twice last year warning them that accessing pornographic Web sites while they were at work could lead to the chop. - - - - - - - - - - Child porn-lite users to wriggle free from court hook People who download child porn from the Internet could escape prosecution under new guidelines. Police are to be given the discretion to caution suspects. Only suspects with more than 16 child porn images on their computers - or with relevant previous convictions - face charges under new police guidelines, The Sun reports. - - - - - - - - - - Congress aims SODA at DoJ snooping The U.S. government's most secret class of Internet spying, telephone wiretaps and physical searches would become slightly less secret under legislation proposed this week reflecting lawmakers' growing unease with the Justice Department's use of expanded surveillance powers. The Surveillance Oversight and Disclosure Act (SODA) introduced in the House of Representatives would require the DoJ to publish an annual report counting and categorizing the number of surveillance orders issued under the Foreign Intelligence Surveillance Act (FISA) in the previous year. - - - - - - - - - - MPs hold public inquiry into spam The All Party Parliamentary Internet Group (APIG) is to hold a public inquiry into how to combat the ever-growing spam. The inquiry will see if legislation can be drawn up to beat the spammers. It will also examine whether technology can be used to hit reduce the amount of spam clogging up the Net. Derek Wyatt MP, anti-spam campaigner and Joint-Chair of APIG, said: "Spam will soon be the majority of emails sent.,,t269-s2136078,00.html - - - - - - - - - - India gears up to fight hackers India's first internet security centre is due to become operational in July. The centre will aim to prevent cyber attacks on key defence, business and government establishments. The project is being handled by the central information technology ministry with the help of the US-based security group, Cert. - - - - - - - - - - E-merchants Turn Fraud-busters Web retailers are teaming up to fight online credit card fraud and take back the e-neighborhood. Nobody likes being ripped off. But for online retailers, the pain of being ripped off by unethical consumers, identity thieves and bogus-card gangs has been magnified by what they consider to be the not- my-problem attitude of credit card issuers and card associations like Visa and MasterCard.,10801,82073,00.html - - - - - - - - - - Bad raps for non-hacks A few odd cases show that you don't have be a digital desparado to be accused of a cybercrime... particularly if you embarrass the wrong bureaucrats. Some recent (and not so recent) cases illustrate how computer security professionals and well intentioned whistle-blowers face a genuine risk of running afoul of computer crime statutes simply for forgetting to ask the right person, "May I?," before doing a computer security assessment. - - - - - - - - - - Do no harm: HIPAA's role in preventing ID theft With the deadline for ensuring privacy under the Health Insurance Portability and Accountability Act (HIPAA) recently passed, most health care providers and plan companies are preparing to implement the final rule for security. While many of these organizations are focused on the lack of budgetary and staff resources necessary to fulfill another unfunded federal mandate, most have lost sight of why this level of protection is necessary.,10801,82051,00.html - - - - - - - - - - Network cards and dodgy Win 2003 drivers Several network interface card device drivers that ship with Windows Server 2003 have been found to disclose information, according to an advisory by security firm Next Generation Security Software (NGS Software). NGS Software compares the vulnerability to the 'Etherleak' frame padding issue announced by @Stake in January 2003 (PDF). That vulnerability concerned ICMP message padding whereas the latest warning covers a similar issue within a TCP stream. - - - - - - - - - - eBlaster spyware has Achilles heel Few applications illustrate the dual nature of consumer technology as both constructive and destructive better than computer spyware. While it has a legitimate use by parents monitoring their children's on-line comings and goings, it has equal potential to violate the privacy of adults both at home and on the job. So when SpecterSoft invited El Reg to evaluate its recent eBlaster 3.0, a spyware program which the company markets to concerned parents and nosey bosses, I was eager to give it a go, particularly with a mind to seeing how difficult it would be to defeat. - - - - - - - - - - Security Startup's Creed: You Can't Hack What You Can't See Security software startup Trusted Network Technologies Inc. is expected to come out of hiding this week. But it hopes its customers will appreciate the ability to make their networks and critical information systems more clandestine. - - - - - - - - - - CA unveils antivirus, antispam product Computer Associates announced on Monday new software aimed at filtering out spam and viruses, along with preventing hacking and unacceptable employee usage of the Web. Called eTrust Secure Content Management, the software ties desktop antivirus and gateway-server filtering software into a single platform. The software, to be released this fall, will add features to the antivirus software already deployed by Computer Associates customers. It will integrate enterprisewide security management policies that address Web-, mail- and file-based threats. - - - - - - - - - - FaceTime releases IM security tools Instant-messaging software company FaceTime Communications unveiled on Monday two products that are designed to make IM programs secure for business use. IM Guardian manages communications through IM, peer-to-peer, Web conferencing and VOIP (voice over IP) applications. Administrators can use the software to block unwanted exchanges through these channels or to manage them for legitimate corporate use. - - - - - - - - - - Nokia offers mobile security and print-on-demand Nokia today announced new mobile security and print- on-demand services. It also launched two new handsets, the consumer-friendly 3100 and the mid-range multimedia- oriented 6600. The 6600 is based on the Symbian 7.0S operating system and Nokia's own Series 60 user interface. So it has a 176 x 208 pixel 16-bit colour display, as per Nokia's other Series 60 handsets. Built into the phone is a 640x480 digicam with 2x digital zoom. Devices Tackle Multiple Security Jobs,3959,1126989,00.asp - - - - - - - - - - Self-destruct files to secure data? Digital rights management to protect music and software. If technology firms like Sony and Microsoft have their way, songs and movies will expire after a single play unless you pay the copyright holder their due. THE TECHNOLOGY THAT makes this possible known as digital rights management, or DRM will forever change the way we consume media and software, experts believe. Info With a Ball and Chain - - - - - - - - - - Penetration Testing for Web Applications This is the first in a series of three articles on penetration testing for Web applications. The first installment provides the penetration tester with an overview of Web applications - how they work, how they interact with users, and most importantly how developers can expose data and systems with poorly written and secured Web application front-ends. Note: It is assumed that the reader of this article has some knowledge of the HTTP protocol - specifically, the format of HTTP GET and POST requests, and the purpose of various header fields. This information is available in RFC2616. - - - - - - - - - - Digital Legislation The election campaign has ended, the excitement around structuring the Parliament will calm down. The everyday work on establishing laws, determining their priorities will start early or late. It is desirable that Peoples deputies would not forget establishing digital legislation after that. Up-to-date computer information technologies have penetrated into all spheres of human activities: business, education, health protection, public administration, information services, leisure and so on. According to a digital economy analysis, nearly 5% of gross world product will fall at Internet-economy in 2003. In five years, every second expert will obtain the second high education in a remote way. - - - - - - - - - - Cyber Terrorism: experts are afraid of... Every day we become more and more dependent on a personal computer in day-to-day activity... The national critical infrastructure is more vulnerable now, especially, those vital elements related to communication and nuclear power. The problem of cyberterrorism is a point of issue in press, TV and Internet. Unfortunately, there are a lot of hearings and gossips over this theme that impedes the creation of effective system of fighting cyberterrorism. - - - - - - - - - - Interview: Can outsourcing aid security? Stijn Bijnens, chief executive at security specialist Ubizen, explains the latest advances and the case for outsourcing. IT Week: How has the economic slowdown affected firms' spending on IT security? Stijn Bijnens: The generally bad economic situation is taking its toll, having companies spend less on IT applications as a whole. This obviously had its effects on the security sector, but firms do need to keep up their investments in security. - - - - - - - - - - Cyberspace: Last Frontier for Settling Scores? In hindsight, John Henningham wishes he had never visited The journalism professor in Brisbane, Australia, gasped when the site filled his screen in January. He was looking at his own photo. Underneath was a vulgar description of a sexual act in bold letters preceding his name. There were accusations that Henningham had committed academic fraud and had been fired from his previous job "for selling degrees for cheap sex or some other price." (LA Times article, free registration required),1,5139341.story - - - - - - - - - - 'Little Brother' could be watching you, too Next time you go out for a walk, don't forget to smile for the camera. In these times of heightened security awareness and rapidly falling technology costs, it's no longer just banks and grocery stores that are using hidden surveillance cameras a growing number of Americans are installing them, as well as using secret "nanny-cams" in their homes and even carrying tiny cameras in cell phones and other devices. - - - - - - - - - - Plan to clear the air for police radios hits snag A proposed swap of airwaves to cut cell phone interference with dozens of police and fire radio systems nationwide has been held up by a less complex proposal from others in the industry. The rival proposals have vexed and divided the staff of the Federal Communications Commission as few issues have, in part because each plan would in some ways benefit the party proposing it. *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.