NewsBits for June 23, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ High Court Upholds Library Web Filters The Supreme Court said Monday the government can require public libraries to equip computers with anti-pornography filters, rejecting librarians' complaints that the law amounts to censorship. More than 14 million people a year use public library computers, including many children, and the court said patrons of all ages were being exposed to unseemly sex sites on the Web.,1283,59359,00.html,,t269-s2136442,00.html - - - - - - - - - - Man Accused of Hacking Into University A 21-year-old student was arrested for allegedly hacking into a university computer system during student elections to cast hundreds of votes for a made-up candidate he named American Ninja. Shawn Nematbakhsh, a computer science major at the University of California, Riverside, was arrested Friday for investigation of drug possession and altering computer data without permission. If convicted, he could face up to three years in prison and a $10,000 fine. - - - - - - - - - - New Harry Potter book pirated Last month, rumors swirled that Internet pirates were distributing copies of the new Harry Potter book well in advance of its blockbuster release. The rumors proved false or, at least, premature. The moment that Harry Potter and the Order of the Phoenix went on sale around the world, pirates went to work. Only hours after the first Potter fan forked over $29.95 to read the fifth installment of J.K. Rowlings epic series, Internet pirates began reading the book for free. - - - - - - - - - - Fortnight worm redirects to porn sites A worm targeting unpatched systems sets up redirects and bookmarkes for porn sites - and is activated without an attachment being opened. Failure to patch a three-year-old Microsoft vulnerability is leaving home and business users exposed to a JavaScript worm that redirects Internet Explorer to porn sites.,,t269-s2136396,00.html - - - - - - - - - - Has Internet mystery code been tracked? Worm? Trojan? Attack tool? Network administrators and security experts continue to search for the cause of an increasing amount of odd data that has been detected on the Internet. Security software firm Internet Security Systems (ISS) on Thursday declared victory, saying that a new hacker tool that scans for paths into public networks was responsible. But many other security professionals--including those at Intrusec, the company that originally tracked down the hard-to-find code--believe that ISS jumped the gun. Mysterious Net traffic puzzles experts,,t269-s2136377,00.html - - - - - - - - - - Microsoft appeals French piracy fine Microsoft went to court in France last week to appeal its conviction in 2001 for software piracy, for which it was ordered to pay $425,000 in damages, costs and interest. Today we publish an eyewitness account of the appeal by Lionel Berthomier, who has been covering the case almost single-handedly since 1996. - - - - - - - - - - Law Gives Hacking Victims Right to Know California consumers will learn next month whether their favorite shopping sites are steeled against computer fraud or are haunted by hackers and identity thieves. Starting July 1, companies must warn California customers of security holes in their corporate computer networks. When a retailer discovers that credit card numbers in its files have been stolen, it must e-mail customers, essentially saying, "We've been hacked, and the hacker may have your credit card number.",1,1602711.story - - - - - - - - - - Napster Court Case Pits Label vs. Label Two years after music industry lawyers pounded Napster Inc. into submission, the major record companies are pointing fingers at each other over the flourishing of online music piracy. AOL Time Warner Inc.'s Universal Music Group, EMI Music and a cadre of publishers blame Bertelsmann, claiming the German media giant abetted copyright infringement by supporting Napster financially in 2000 and 2001. Bertelsmann says its accusers are at least partly responsible because they missed the chance to turn Napster's song-stealing users into paying customers. (LA Times article, free registration required),1,7458431.story - - - - - - - - - - Ashcroft: Help disrupt terror nets Attorney General John Ashcroft called on the business community today to help dismantle potential terrorist threats facing the United States. "We recognize that citizens and private businesses have information, knowledge and capabilities that can help in the war against terrorism. We also recognize that information sharing is a two-way street," Ashcroft said. - - - - - - - - - - One in five US firms have sacked workers for email abuse One in five (22 per cent) US companies have fired an employee for abusing corporate email facilities, according to a survey published today. The survey from the American Management Association, Clearswift, and The ePolicy Institute also found out that workers spend about a quarter (25 per cent) of their working day dealing with email. - - - - - - - - - - FBI, private companies team up for Infragard conference Power plants, bridges and buildings aren't the only things vital to national security -- computer networks also are crucial. And the FBI can't keep an eye on everything. So a unique partnership called the Infragard program has developed between the FBI and 8,300 companies to share information about both cyber and physical threats. On Monday, experts from around the country were expected to gather for the program's first national conference in Washington, D.C. Some 1,500 people were expected to attend the three-day meetings. ``It's going to be a whole new business growth area,'' said Paul Bracken, an information technology and security expert at the Yale School of Management. The program, started in 1996, was growing slowly but steadily until the terrorist attacks of Sept. 11, 2001, made security the top priority for the FBI. - - - - - - - - - - Computing is key force in war on terror As far as Matt Calkins is concerned, ensuring that government agencies have the right technology can be the difference between life and death. After the Sept. 11, 2001, terrorist attacks, U.S. intelligence agencies and the FBI were widely criticized for not recognizing the threat despite myriad clues. Many industry veterans believe that better technology could have significantly increased the chances of detecting information that might have prevented the disaster. - - - - - - - - - - Cybercrime on the rise Cyndi Miller knows she's smart and well-educated, and she knows that old saw about how some things really are too good to be true. And she still got suckered. It happened when Miller completed an online job application, aced a brief phone interview and landed what she thought was a good job opening at a Utah office for a national human resources company. When her new employer asked for her checking account number so that he could wire her paychecks to her, she didn't hesitate. - - - - - - - - - - OPM gives agencies direct-hire authority Agencies needing to fill IT security positions quickly now have the authority to directly hire these individuals. Kay Coles James, director of the Office of Personnel Management, today sent a memo to agency heads and Chief Human Capital Officers granting these and other initial authorities under regulations her agency published in the Federal Register June 13. Congress gave OPM direct- hire authority in the Homeland Security Act of 2002. - - - - - - - - - - Microsoft names new privacy chief Microsoft announced Monday that Peter Cullen, the corporate privacy officer for the Royal Bank of Canada, will be joining the software giant as its new chief privacy strategist. The top privacy officer has more than a decade of experience in the field, including establishing the Royal Bank of Canada's best practices for data handling in Canada and the United States, said the company in a statement. Cullen will join Microsoft on July 14, reporting to Scott Charney, the company's chief strategist in charge of its "Trustworthy Computing" initiative. The Redmond, Wash. software giant launched the corporate initiative in January 2002 as a way to secure its products, raise reliability and regain consumer trust.,10801,82423,00.html - - - - - - - - - - Giants line up to can spam Vendors and pressure groups last week intensified their efforts to crack down on spam, which continues to plague corporate email systems. However, experts said that the situation is unlikely to improve without the strengthening of national laws and the introduction of tough, globally-agreed legislation. Setting the rules for ISPs and spammers - - - - - - - - - - Symantec Strengthens IDS As traditional intrusion detection systems continue to come under criticism for inherent weaknesses, security vendors are introducing products with more advanced intrusion prevention and protection capabilities. Among them, Symantec Corp. this week plans to unveil a revised Symantec intrusion protection system. One of the main components of the new framework is the company's Host IDS 4.1, which includes a process management feature that can help defeat buffer overrun and Trojan horse attacks.,3959,1133143,00.asp,10801,82422,00.html - - - - - - - - - - Are we on the verge of self-service security? The very nature of security and the growing realisation that the perimeter is dissolving means that a new approach to securing information systems is required. Anyone familiar with the "twenty-doors" problem will realise that even by locking 19 doors security is not 95% but 0%. You have to see the whole picture. - - - - - - - - - - EU backs biometric passports European Union governments last week agreed to embed computer chips containing biometric data in passports. The plans to create passports carrying information on a person's fingerprint or retinal scans are presented as a way to reduce counterfeiting and fraud. Biometric chips would also be implanted in visas issued to foreign nationals travelling to Europe. - - - - - - - - - - From the Booby Hatch Senator Orrin Hatch says he wants to destroy music swappers' computers, but what he really means is that kids today have no respect for their elders. "Powerful Senator Endorses Destroying Computers of Illegal Music Downloaders!" trumpeted the Associated Press last week. What a tremendous headline! Orrin Hatch wants to smash the PCs of pirates. Senator's 'Extreme' Piracy Remedy Draws Criticism,10801,82374,00.html?SKC=security-82374 Piracy Paranoia Proves Counterproductive - - - - - - - - - - Lik-Sang founder speaks out on Nintendo court case Following last week's triumphant announcement by Nintendo that it had won a victory over Hong Kong based mail order retailer Lik-Sang, one of the company's founders, Alex Kampl, has spoken publicly about the ruling. We were also contacted this week by Pacific Game, the company which took over the running of last November, who pointed out that the current court case does not affect the mail order service as it stands now, since Pacific Game and are not named as defendants in the case. - - - - - - - - - - The Folly of Publishing the Slammer Code If even one business or home PC is inconvenienced (or worse) by an amateur hacker inspired by the Wired article, then the magazine's PR stunt will have seriously backfired. The Slammer worm, also known as the SQL Slammer, was one of the most ferocious virus attacks the Internet has ever seen. And if you want to find the underlying code for this nasty little worm, you need only pick up the latest issue of Wired magazine. - - - - - - - - - - Securing PHP: Step-by-step In my previous article ("Securing Apache: Step-by-Step") I described the method of securing the Apache web server against unauthorized access from the Internet. Thanks to the described method it was possible to achieve a high level of security, but only when static HTML pages were served. But how can one improve security when interaction with the user is necessary and the users' data must be saved into a local database? This article shows the basic steps in securing PHP, one of the most popular scripting languages used to create dynamic web pages. - - - - - - - - - - Future Threats Could Include Convergence of Terrorism, OC A top U.S. law enforcement official says that while the United States has made progress in the war on terrorism, future threats could include a combination of terrorists and organized crime. Director Mueller says the FBI has made great strides in combating terrorism since the 2001 terrorist attacks. But he also says that Americans need to realize that the nature of the threat against the United States will probably change in the near future. Internet as an intelligence tool - - - - - - - - - - DOD IG pulls report off Web site At the request of the National Imagery and Mapping Agency, the Defense Department inspector general's office recently pulled a report off its Web site to determine whether some information should be re- classified and not in the public domain. The June 6 report noted that procurement officials at NIMA had not complied with appropriate contracting policies and procedures in awarding some recent professional and technical service contracts. NIMA's actions included omitting documents required by the Federal Acquisition Regulation, the report said. *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.