NewsBits for July 7, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ Software pirate jailed A London man convicted of selling counterfeit software online has received a 15-month prison term The Business Software Alliance is celebrating after a three-year investigation resulted in the imprisonment of a prolific software pirate. Lewisham Council Trading Standards and the BSA conducted the joint investigation into the activities of Bilal Khan, 23. Khan was being investigated for selling counterfeit software online, including popular products from Adobe, Macromedia and Microsoft.,,t269-s2137110,00.html - - - - - - - - - - Japanese officials worry about suicide pacts via the Web The pattern has become scarily familiar. After forging a pact with strangers over the Internet, young Japanese get together to carry out a carefully planned task suicide. Just as others may use the Web to plan a vacation or perhaps find a date, some people are turning to it to form death pacts. They trade tips on which rooftops are the best to jump from, which over-the-counter drugs are the most lethal. - - - - - - - - - - Man jailed for child porn offences A man who looked at photographs of men having sex with toddlers was today starting a six-month jail sentence. Fire alarm installer Alistair Menzies was also placed on the sex offenders' register for seven years and ordered to pay PS800 prosecution costs and defence costs of up to PS1,000. Menzies, 34, of Church Street, Bawburgh admitted 14 offences of making indecent images of children. - - - - - - - - - - File-Sharing Company Can't Sue on Antitrust The company that distributes Kazaa file-sharing software can't sue the major record companies and Hollywood studios for antitrust violations, a federal judge ruled Thursday. The labels and studios filed suit last year against Sharman Networks, alleging that it violated their copyrights by distributing and supporting Kazaa, which lets users copy files from one another's computers. Sharman countersued in February, claiming that the firms conspired to keep authorized and copy-protected versions of their songs and movies off Kazaa.,1,5549874.story Small firms profiting from piracy battle Piracy and peer-to-peer Malaysian minister slams software and music industries,,t269-s2137118,00.html - - - - - - - - - - Hackers battle among factions in `contest' that drew warnings Parts of the Internet erupted today in a battle among hackers, as factions disrupted a loosely coordinated ``contest'' among other groups trying to vandalize thousands of Web sites around the world. Unknown attackers for hours knocked offline an independent security Web site,, that was verifying reports of online vandalism and being used by hackers to tally points for the competition, which drew warnings last week by the U.S. government and private technology experts.,1,2345419.story Hacking contest flops,00030010.htm,1282,59538,00.html Hacking-competition site downed during contest,,t269-s2137108,00.html Crackers sabotage Defacers' Challenge Web vandals' contest leaves faint trace Government sites apparently werent targeted in Defacers Challenge Web hacking contest claims 'no big names' Hacker challenge ends in feuding,10801,82811,00.html - - - - - - - - - - Virus exploits celebrity cachet Another naked-celebrity virus is doing the rounds. Users hoping for a sneaky peek at some candid shots of Hollywood star Julia Roberts in compromising positions are facing disappointment -- the email attachment turns out to be a computer virus. Curious smut-seekers are in danger of infecting their machines with the mass-mailing worm MyLife.M, which purports to be a screensaver featuring the "Notting Hill" star.,,t269-s2137161,00.html - - - - - - - - - - Spammers' fake sites dupe consumers As millions of consumers are bombarded with junk e-mail, more of them are targets of identification theft. Customers of Best Buy, EarthLink and America Online are among recent targets of so-called phisher sites bogus Web sites that fish for personal data such as credit card and Social Security numbers from unsuspecting consumers. - - - - - - - - - - Red-faced MessageLabs tagged as a spammer Email-filtering firm MessageLabs had its mail servers briefly blocked by AOL, after allegations of an open relay. Mail-filtering specialist MessageLabs has been stung by the news that a number of its mail servers have been blocked by AOL's spam filters, amid allegations that it has an open relay that was pumping out spam.,,t269-s2137152,00.html Spam: Out of the frying pan, into the fire (series of articles),,t269-s2137069,00.html Dutch mass spammer loses grip - - - - - - - - - - California Ponders Privacy Laws Consumer and privacy advocates have gathered nearly enough signatures to put one of the nation's toughest financial privacy laws on the ballot next year in California. The California Financial Privacy Act, which needs a majority vote to pass, would require financial institutions to receive permission from their customers before sharing their sensitive financial information with other companies, affiliates and even other divisions of the same company. That requirement, known as "opt in," is one that the initiative's backers have been unable to pass through the state legislature.,1283,59529,00.html - - - - - - - - - - IT leaders say UK laws do not deter hackers Seventy seven per cent of IT chiefs said the UK's computer crime laws are not very effective at deterring hackers and virus writers in a recent poll. Not one of the 366 respondents felt existing laws were "very effective" while just 23% felt they were "quite effective", in the survey, carried out at May's IT directors Forum by event organiser Richmond Events. - - - - - - - - - - Aiming to Restore Crime Victims' Names Va. Law Creates 'Passports' to Help Targets of Identity Theft. Federal and state police put the cuffs on 32-year old Angel Gonzales in front of his wife and two young children just as the neighborhood school bus pulled up. "We're taking your father to jail," they told his 6 year-old daughter, walking Gonzales to the cruiser as his neighbors gawked. - - - - - - - - - - Identity theft a $100-billion industry He who steals trash can get your name ... and thence into your savings accounts. What's in a good name? A fortune, for those who play your cards wrong. Garry Barker reports. If, in the days before plastic, online banking and the internet, you saw someone rummaging through a garbage bin, you knew they were a mostly harmless vagrant. - - - - - - - - - - Antiterror IT problem isn't technology Lack of funds, turf wars, complacency threaten info-sharing. Improvements in IT interoperability and information-sharing at the federal level have reportedly helped foil several recent terrorist plots. But policy barriers, turf wars and a growing sense of complacency in the private sector threaten to slow homeland security progress, officials said last week.,10801,82778,00.html - - - - - - - - - - Mac OS X security flaw discovered A security flaw has been discovered in the password protection component of Mac OS X's screensaver, and reports suggest that it could be present in any cocoa application. The hole was first reported on Full-Disclosure by Delfim Machado as follows: 'If you leave a key pressed for 5 minutes or more and then hit the enter key, you crash the screensaver and gain access to the desktop. you can mess the desktop and all around it (network, mail, docs, anything you can imagine). - - - - - - - - - - Antivirus Concerns in XP and .NET Environments After Windows NT was released, it took virus writers five years to learn how to infect it. Windows NT 3.1 and the Win32 API were released in late 1993, but it wasn't until August 1998 that W32.Cabanas became the first NT virus by capturing coveted kernel mode access. .NET and some of Microsoft's other initiatives have not been as lucky. The purpose of this article is to discuss antivirus (AV) concerns with .NET and Microsoft Windows XP. - - - - - - - - - - Linux hackers crack Xbox console Microsoft threatens legal action and accuses group of encouraging piracy. A group of hackers claim to have broken all security measures on the Xbox games console without modifying the hardware, prompting Microsoft to threaten legal action. The Free-X group had been requesting the release of a "signed" Linux boot loader from Microsoft, which would allow Xbox owners to run the open source operating system without any hardware modifications or the exploitation of the console.,,t277-s2137053,00.html - - - - - - - - - - Parents want better, no-cost spam filters Continual monitoring of children's web use unrealistic, warns charity. The IT industry has been urged to build spam filters that work into computers and to make them available for free, if the internet is to remain open to all. - - - - - - - - - - Pakistan to distribute free Net Porn filters Pakistan is to issue free software to Net users to help them filter out porn. Pakistan Telecom, the country's national phone company, already blocks access to 1,800 or so "corrupt and evil" porn web sites at the ISP level. According to the telecoms firm, approximately 60 per cent of Pakistan's one million Internet users visit porn sites. A recent proliferation of Internet cafes is also expanding the Net population, Reuters reports. - - - - - - - - - - Small companies legally thrive on Internet piracy Next time you try to download the latest pop tunes over the Internet, don't be surprised if you get a message chewing you out as a thief. Chances are, the digital reprimand would be the work of Randy Saaf or Marc Morgenstern, whose small companies belong to a budding cottage industry devoted to thwarting file-sharing and other Internet piracy. - - - - - - - - - - The piracy pitfalls of outsourcing IT outsourcing companies could risk criminal and civil proceedings if their clients do not have adequate licenses in place for their software, the Federation Against Software Theft (FAST) claims today. FAST has recently seen its first case involving a company using outsourcing (the software piracy watchdogs refuse to say which company, sector or even country was involved in the case). - - - - - - - - - - Satellite comms security risk warning Local networking and maintenance specialist Des Little, MD of black-owned Computer Pro, says local companies will have to up their security as SA's telecommunications industry is deregulated. Little says local companies and local telecoms service providers are going to have to spread their security blankets to ensure they cover Internet and wireless LANs, as well as satellite communications, which are often more prone to intrusion or attacks, such as Internet Protocol address spoofing, than the more traditional types of networks. - - - - - - - - - - Thinking Like the Enemy The Intense School teaches security from the hacker's perspective. As Andy Grove has said, only the paranoid survive. If so, David and Barry Kaufman, the founders of the Intense School, run an academy for survivors. They help the paranoid become even more so.,1653,50769,00.html - - - - - - - - - - EDS set to protect mobile data Hoping to cash in on a growing disaster-recovery market, Electronic Data Systems on Monday launched a service to protect data held on desktop computers, laptops and personal digital assistants. The company said its new service, Mobile Information Protection, allows companies to back up data on mobile devices automatically, as well as to restore lost or damaged information. "As employee productivity becomes even more dependent on mobile computing platforms, corporate information assets are at greater risk of loss or theft," Sandi Scullen, global leader of EDS' Intelligent Storage Services unit, said in a statement. EDS is based in Plano, Texas. - - - - - - - - - - Start-up streamlines e-mail encryption A Palo Alto, Calif., start-up has its sights set on making sure that more people encrypt their e-mail. Voltage Security's e-mail encryption system is a slight twist on the current practice of using a combination of security codes--one publicly available and one privately stored--to encrypt and decrypt messages. Using Voltage's approach, the so-called public key is derived from the sender's e-mail address, eliminating one step in the process, according to the company. "You don't have to go through the process of obtaining a security credential or certificate," said Voltage CEO Sathvik Krishnamurthy. - - - - - - - - - - Neoteris debuts appliances for securing online meetings Neoteris Inc. in Sunnyvale, Calif., announced today a family of appliances to help companies provide secure online meetings. Neoteris Meeting Series will debut late this month as a software upgrade to the Neoteris Instant Virtual Externet (IVE) Access Series product line and will appear as a stand-alone appliance late this year, Neoteris officials said.,10801,82805,00.html - - - - - - - - - - Wireless security not taken seriously Wireless is attracting many users for its flexibility and power to deliver quality service at high speed. But the security built into the 802.11 protocol in all its flavours is inadequate on its own, warns security expert Rogan Dawes of Deloitte & Touche Enterprise Risk Services. Speaking at a joint marketing breakfast designed to spur acceptance of Centrino notebooks, hosted by Intel and NEC, Dawes provided welcome perspective on the security hoodoo surrounding wireless a topic which along with legalities and business models is still clouding the issue. Wireless Hunters on the Prowl,1382,59460,00.html - - - - - - - - - - Closing the 'window of vulnerability' Protecting your network from the blended threat. The recent Bugbear.b outbreak provided the most recent high-profile illustration of the speed and virulence of today's security threats. The variant managed to cause more damage in a day than its predecessor managed in three days, striking in over 100 countries worldwide and receiving a high-risk assessment from all the major antivirus vendors. - - - - - - - - - - Who's Watching You Surf? Citizen-rights groups turn to courts, Congress to keep tabs on legal surveillance. Privacy watchdog groups and members of Congress are making grim guesses about how often the FBI peeks into records of U.S. citizens' Internet activity and phone calls. But because the Department of Justice has blocked much of the content of its reports, the watchdogs can't get enough information to draw conclusions.,aid,111451,00.asp - - - - - - - - - - Promises, Promises Most online businesses promise they'll protect customer data as if it were their own. Now the government is holding them to it. The last couple of weeks have been a busy time for information security law and privacy. First, the California law that requires disclosure of break-ins that compromise personal data went into effect on July 1st. Senator Diane Feinstein introduced legislation that would make such disclosure requirements mandatory nationwide. Aimster lost its appeal, Verizon ponied up its database, and the RIAA declared legal war on its customers. - - - - - - - - - - E-commerce special report: Security Part IV: There are some simple steps every company can take towards ensuring it is protected not only against hackers and fraudsters, but also against charges of negligence when the worst does happen. Security is as much about physical processes within the four walls of your company as it is about electronic protection from hackers out on the Internet. Stories about e-commerce sites getting hacked propagate around the Web like spam down a fat pipe, but you rarely hear about the companies whose servers get stolen because they forgot to lock the server room door -- which exits onto a back alley. Yet it does happen.,,t481-s2137147,00.html - - - - - - - - - - E-Mail Hucksterism, Offensive but Effective Every medium seems to have its signature hucksters, with advertising messages that are annoying, repetitive, improbable yet somehow successful. (NY Times article, free registration required) - - - - - - - - - - Security unease as government buys software Sitting at his laptop computer in a hotel near Toronto one day last October, Gregory Gabrenya was alarmed by what he discovered in the sales- support database of his new employer, Platform Software: the names of more than 30 employees of the United States National Security Agency. The security agency, one of many federal supercomputer users that rely on Platform's software, typically keeps the identities of its employees under tight wraps. Gabrenya, who had just joined Platform as a salesman, found the names on a list of potential customer contacts for Platform's sales team. The discovery crystallized his growing concern that the company was perhaps too lax about the national security needs of its United States government customers, in the military, intelligence and research. - - - - - - - - - - 'Weapons of mass destruction' spoof draws huge traffic A Birmingham man's satirical Web page clocked up more than a million visits last week. A Web site lampooning the United States' inability to locate weapons of mass destruction in Iraq has become one of the biggest hits on the Internet. The site, which is designed to look like a genuine error message -- replete with "bomb'' icon -- was last week the top result when the phrase "weapons of mass destruction'' was entered into one of the Web's top search engines, Google.,,t269-s2137132,00.html *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.