NewsBits for July 3, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ Probation for illegal Internet pharmacy shipments A restaurant manager was placed on probation for two years Friday for shipping packages of prescription drugs sold by an illegal Internet pharmacy launched by his mother. John Gorman had been convicted along with his mother, his brother and a Webmaster for $1.3 million in sales generated by two Internet sites, and The business was shut down in May 2001 after less than a year. - - - - - - - - - - Scamming spammer agrees to repay victims An e-mail spam operation that promised people cash for stuffing envelopes at home will refund more than $200,000 to settle federal charges that it deceived consumers, regulators said Wednesday.The Federal Trade Commission had accused the operation of using spam to sell consumers letters and pre-stamped, pre-addressed envelopes for a $40 fee. The operation told consumers they would earn $2 for every envelope stuffed, but people who paid the fee did not receive envelopes. - - - - - - - - - - Spam-maker sues SpamArrest A US manufacturer of canned-meat products is launching a trademark infringement case against SpamArrest. Hormel foods, the US maker of canned spam, is mounting a legal challenge against anti-spam company SpamArrest's use of the word spam -- claiming trademark infringement. At the centre of the dispute is a trademark registered by Seattle-based SpamArrest in early 2002. The company was granted a trademark for "computer software, namely, software designed to eliminate unsolicited commercial electronic mail".,,t269-s2137023,00.html - - - - - - - - - - Hacker Hoax or Serious Threat? While most Americans will spend the holiday weekend relaxing, a band of hackers may or may not be trying to prove who's the best cyber villain, according to warnings from private and government security officials. Will hackers attack 6,000 Web sites in 6 hours on July 6?,aid,111438,00.asp Cracker competition could cause chaos Defacement contest likely to target Web hosting firms - - - - - - - - - - Putting teeth in cyberprivacy A new California statute designed to protect the public from identify theft delivers the first in a series of warning shots to companies to get serious about protecting vital electronic information. For the first time, government regulations will require organizations to be open about security breaches, which traditionally have gotten swept under the rug--or addressed without much fanfare. California civil code 1798.82, which goes into effect Tuesday, requires any business or person who "maintains computerized data that includes personal information that the person or business does not own...(to) notify the owner or licensee of the information of any breach of the security." - - - - - - - - - - California juggles anti-spam bills One bill is thrown out while another progresses to further consideration. A key committee on Tuesday voted to send one spam bill to the floor of the California assembly and left a competing bill to die in what one senator called a victory for Microsoft. The bills have wound their way through the California legislature as lawmakers nationwide come under increasing pressure to criminalise the sending of unsolicited commercial email. Efforts to pass tough anti-spam laws abound at the state level, and the US Congress is also considering a number of bills.,,t269-s2137001,00.html - - - - - - - - - - Pakistan tackles web porn An estimated one million people are online in Pakistan. Pakistan is to develop software to block pornographic websites as part of a drive against obscenity on the net, say officials. The computer program will be offered for free to surfers later this year so that they can set up internet filters on their machines. As a conservative Muslim nation, Pakistan is keen to shield its citizens from the copious amount of explicit material on the web. Porn spam set to flood inboxes - - - - - - - - - - Cybercrime centre open for business The federal government said yesterday its new crime- fighting body would help review and buttress laws against cybercrime. The Australian High Tech Crime Centre, launched in Melbourne yesterday, will be managed by the Australian Federal Police and will support federal, state and territory law enforcers in dealing with high-tech crime. Federal Justice Minister Chris Ellison said the government would also look at tightening the law: "We're also looking at other laws in relation to card skimming devices and any sort of fraud committed on the internet." - - - - - - - - - - Illinois supercomputer center to head military cybersecurity effort Hoping to thwart hackers, the military is launching a new research effort at the University of Illinois to improve the security of battlefield computers and communications systems. Officials at the school's National Center for Supercomputing Applications on Thursday announced an initial $5.7 million grant from the Office of Naval Research to establish a new research center to develop technology against enemy hackers, NCSA director Dan Reed said. - - - - - - - - - - Nuclear police lack IT access And will not have a secure network for at least two years. The armed police protecting the UK's nuclear materials and power stations still do not have a secure IT network, two years after the 11 September terrorist attacks. - - - - - - - - - - Microsoft defends security track record Software designed by humans will always have flaws, says Microsoft, but the company argues that its security record is improving. Microsoft has admitted it does not expect to ever release completely secure, flawless code, but denied that its software was any less secure than any other complex code.,,t269-s2137005,00.html Microsoft wants to manage identities,,t269-s2136987,00.html - - - - - - - - - - London travellers' smartcard goes live The first phase of Transport for London's (TfL) travel smartcard goes live across the capital this week. Holders of annual and monthly season tickets for London's public transport network will be able to buy the Oyster smartcard online or via a dedicated phone line. - - - - - - - - - - Tools reveal secret life of documents The life stories of the documents we create are becoming increasingly important as the scrutiny of industries and governments gathers pace. Weapons of mass destruction are being sought in Iraq. Every time you write or edit these files you leave a trail of information revealing what you did and when you did it. - - - - - - - - - - Study: Wi-Fi users still don't encrypt Think you've heard more than enough about war driving and Wi-Fi insecurity? Two days of electronic eavesdropping at the 802.11 Planet Expo in Boston last week sniffed out more evidence that most Wi-Fi users still aren't getting the message -- or are comfortable broadcasting their e-mail into the ether. Security vendor AirDefense set up two of its commercial "AirDefense Guard" sensors at opposite corners of the exhibit hall at the Boston World Trade Center, the site of the conference, and for two days analyzed the traffic flowing between conference- goers and 141 unencrypted access points set up by the conference for public use, and by vendors on the floor. Wireless Hunters on the Prowl,1382,59460,00.html - - - - - - - - - - Penetration Testing for Web Applications (Part Two) Our first article in this series covered user interaction with Web applications and explored the various methods of HTTP input that are most commonly utilized by developers. In this second installment we will be expanding upon issues of input validation - how developers routinely, through a lack of proper input sanity and validity checking, expose their back-end systems to server-side code-injection and SQL-injection attacks. We will also investigate the client-side problems associated with poor input-validation such as cross-site scripting attacks. Penetration Testing for Web Applications (Part One) - - - - - - - - - - Rethinking privacy protection and Big Brother As a security expert, I worry about my privacy as much as everyone does--probably more--because I have seen what can go wrong. With recent federal regulations such as the USA Patriot Act, some companies believe they need to protect themselves from "Big Brother" by getting rid of data. But privacy advocates are making a big mistake by harping on only one side of the picture. Privacy isn't about deleting my data, it's about controlling access to my data-- most of which I don't want thrown away. - - - - - - - - - - Foreign student tracking system called inefficient, intrusive "You better bet well make a fuss, if you charge to spy on us! An angry throng of more than 100 students at the University of Wisconsin at Madison stood shouting in military cadence at a panel of school administrators, whod called an emergency campus meeting in April. The students, about half of them from foreign countries, denounced the schools plan to make foreign students pay for a U.S. government database to monitor them. - - - - - - - - - - 'Sherlock Holmes' thinks lateral for murder cops "When you have eliminated all which is impossible, then whatever remains, however improbable, must be the truth." Sherlock Holmes. Scottish software developers have developed a program to help police consider all the possibilities in the investigation of suspicious deaths. 'Sherlock Holmes' is designed to highlight less obvious lines of inquiry that detectives might overlook. - - - - - - - - - - Personal locator beacons available in 48 states Personal locater beacons, a potential lifesaving technology, became available Tuesday to millions of Americans. The beacon system became operational in the 48 contiguous states, allowing lost hikers, campers and others to be tracked in an emergency if they carry the devices. - - - - - - - - - - Most Nebraska counties unable to track 911 cell calls If someone dials 911 on a cell phone in Jefferson County, authorities only have a general idea of the person's location unless the caller is able to give more detail. With a new emergency response system implemented in the county this year, a computer automatically displays the cell phone's number and which of the county's four cell towers the call was relayed from. Other than that, rescue workers are left searching sometimes over dozens of square miles. - - - - - - - - - - MIT project aims to give citizens a Google for their government On Friday, Massachusetts Institute of Technology's Media Lab plans to debut a Web site called "Government Information Awareness," a project that aspires to be far more than just another, dime-a-dozen assemblage of government documents and resources. *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.