NewsBits for July 9, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ Software prison term A Fremont man has been sentenced to more than two years in prison for selling illegally reproduced Microsoft software. Lawrence Jou, 53, was sentenced Monday to two years and nine months in prison by U.S. District Judge Claudia Wilken in Oakland. A co-defendant in the case, Eric Pang, 38, of Fremont was sentenced by Wilken in August to three years' probation and ordered to pay more than $328, 000 in restitution for conspiring to infringe on Microsoft copyrights. - - - - - - - - - - Man Accused of Using Web for Teen Sex Federal authorities say a 31-year-old from Anaheim visited a chat room to persuade a girl to meet with him. He says he thought she was an adult. A 31-year old Anaheim man was charged Tuesday with using the Internet to persuade an FBI agent posing as a 13- year-old girl to have sex with him. The case of David Jack Gritchen is the first in Orange County and one of only a handful in the country to be brought under a 10-week-old sentencing law that gives those convicted a mandatory minimum sentence of five years in prison. (LA Times article, free registration required),1,7703302.story Feds Crack Down on Sex Offenders,1283,59581,00.html - - - - - - - - - - Porn spammers to face jail in US The US Congress is considering a law that will criminalise pornographic and fraudulent spam but may require receivers to opt out of receiving legitimate bulk email. The Bush administration on Tuesday urged Congress to enact a new law criminalising pornographic and fraudulent spam.,,t269-s2137288,00.html MP sets up spam busting site - - - - - - - - - - Cyberscam strikes Massachusetts state lottery The agency is working with the FBI to track down the scammers. Scam artists have spoofed the Web site of the Massachusetts State Lottery Commission in an attempt to steal personal and financial information from lottery players across the country. The fake lottery Web site,, which was hosted by Clifton, N.Y.-based Inc., had been taken down by this afternoon. But the site, which was registered on June 13, was nearly identical to the Massachusetts Lottery Commission's official site,, according to lottery spokeswoman Amy Morris.,10801,82892,00.html - - - - - - - - - - New site spoofs PayPal to get billing information The fake site is the latest of several "brand spoofing" scams. A new Web site spoofs the PayPal Inc. online payment site and attempts to trick PayPal customers into divulging sensitive account and billing information. The fake Web site is the latest example in what security experts say is a rising trend of "brand-spoofing" scams.,10801,82888,00.html Russian hackers behind fake PayPal email scam? Convincing but fraudulent website tries to get users to enter credit card and bank account details...Russian hackers are suspected of being behind a professional- looking but fake PayPal email scam designed to steal a person's financial and personal details for identity theft. The email, which has being doing the rounds this week, is a much more detailed and convincing version of the long-running email that asks users to confirm their PayPal account details.,,t269-s2137292,00.html - - - - - - - - - - Hacking competition announces winner Boys from Brazil win on points as defacement challenge enjoys underwhelming response. The organisers of last weekend's hacking competition have declared a team from Brazil as the winner. The results were posted on, showing Brazilian defacement crew '' as the clear winner with 152 points, more than double that of its nearest rival. - - - - - - - - - - Pro-China site hit by hackers Last weekend's hacking contest may have struck a high- profile Chinese site. Has the mass hacker attack which began last Sunday claimed a high-profile victim in China? The official China news organ the People's Daily reported that Web site seemed to have been knocked out by a flooding denial of service (DOS) attack.,,t269-s2137264,00.html - - - - - - - - - - Half-dozen anti-spam bills presented to Congress LEGISLATION'S CHANCES ARE BETTER THAN EVER, GROUPS SAY Unsolicited e-mails plugging get-rich schemes, hair- growth concoctions and bare-breasted women are becoming more than just a nuisance. Spam is clogging the Internet and costing businesses up to $10 billion a year. We've found the perfect solution to spam FTC official calls do-not-spam list unrealistic House panel takes up anti-spam bills AOL: Spam and chat don't mix Spam fight divides on party lines - - - - - - - - - - New DVD 'ripper' pre-empts DMCA ruling Studio 321 is pushing ahead with new DVD-copying software despite an imminent ruling on its legality under the Digital Millennium Copyright Act. DVD software developer Studio 321 is preparing to launch six new applications, including an enhanced version of DVD copying software that is the subject of a US court case brought under the controversial Digital Millennium Copyright Act (DMCA).,,t269-s2137242,00.html - - - - - - - - - - RIAA sues vanishing Spanish music service The Recording Industry Association of American said Wednesday that it had sued the Parent company of Puretunes, a Spanish site that briefly offered inexpensive music downloads. Puretunes emerged in May, claiming that it had won rights from several Spanish licensing agencies that gave it the ability to distribute major label music legally online. Label representatives said the site was operating illegally because Puretunes had not acquired the permission of labels, artists or song publishers. Webcasters threaten to sue RIAA - - - - - - - - - - Experts urge firms to ignore hacking hype Excess publicity about supposed hacking events does more harm than good, according to some security experts. After a widely publicised hacking contest failed to cause as much damage as expected last weekend, computer security experts are advocating a novel response to Internet hackers out for a digital joy ride: ignore them.,,t269-s2137303,00.html The threat posed by hacker hype - - - - - - - - - - Cybercrime impact world economics Cyber crime cause damage to global economics in billions dollars and many experts think that it is a promptly increasing threat for national security and social well-being. USA is a leader in quantity of cyberattacks and makes 35,4 % of cyberattacks in the world. South Korea takes the 2-nd place - 12,8%; China - 6,9 %; Germany - 6,7 %; France - 4 %. The Great Britain takes the 10-th place - 2,2 %. As to level of cyberattacks, (the quantity of cyberattacks for 1000 Internet-users) South Korea takes the first place and makes 23,7 % . Poland is the second in the list - 18,4 %; Czechia - 14,2 %; France -14,2 % and Taiwan takes the fifth place - 14 %. - - - - - - - - - - Camera phones spread new brands of mischief It may have been inevitable. Now that cell phones with little digital cameras have spread throughout Asia, so have new brands of misbehavior. Some people are secretly taking photos up women's skirts and down into bathroom stalls. Others are avoiding buying books and magazines by snapping free shots of desired pages.,1284,59582,00.html - - - - - - - - - - IE Bugs Keep Coming Microsoft issued a patch Wednesday for a critical vulnerability in most versions of Windows that gives attackers remote control of a user's machine though Internet Explorer. But if the results of a new survey are any guide, most users won't install it. The bug is a buffer overflow in an HTML conversion library used by a number of Windows programs, including Internet Explorer, and by extension Outlook and Outlook Express. To exploit it, an attacker tricks a victim into visiting a specially-crafted malicious Web page, or -- a more likely approach -- sends an Outlook user an HTML-formatted e-mail with the attack code embedded within.,10801,82895,00.html - - - - - - - - - - Microsoft, IBM Extend Web Services Security Effort A group of vendors led by Microsoft and IBM are expected Tuesday to unveil new specifications in their efforts to lead the development of standards for secure Web services and federated network identity. At the Burton Group's Catalyst conference in San Francisco, IBM, Microsoft, BEA Systems, RSA Security and VeriSign will debut the publication of three new specifications extending WS-Security and related technologies, and will publish them to their respective Web sites, said Karla Norsworthy, director of dynamic e-business technologies at IBM, Somers N.Y. - - - - - - - - - - IBM creates new privacy tools IBM is unveiling Wednesday new tools to help corporations make sure their confidential information is only seen by authorized employees. With the advent of federal rules that require the banking, medical and other industries to protect customer privacy, IBM originally responded with Tivoli Privacy Manager--software designed to help organizations automate the enforcement of privacy practices as opposed to doing it manually or not at all. - - - - - - - - - - Kentucky Health Service Deploys Zixcorp For Secure E-mail Jewish Hospital HealthCare Services, which provides medical care in Kentucky and southern Indiana, selected ZixCorp to provide e-mail security, ZixCorp said Tuesday. JHHS licensed ZixVPM server-based secure e-mail, to initially enable 1,000 users with secure and private messaging in compliance with the Health Insurance Portability and Accountability Act. ZixCorp audited the hospital's e-mail policies and identified e-mail security vulnerabilities. - - - - - - - - - - Novell: Identity management is more than single sign-on Novell has launched an identity management framework designed to help enterprises build an infrastructure that controls employee, partner and customer access to corporate resources. Novell has released a framework for enterprises planning their long-term identity management strategy. The company is keen to stress that its framework does not just mean single sign- on, although that is one of the benefits.,,t269-s2137302,00.html Dell soups up security service - - - - - - - - - - NIST: Security products need standardization Despite wide use across government, intrusion detection systems have no standard metrics to measure their performance, according to a new report by the National Institute of Standards and Technology. The report An Overview of Issues in Testing Intrusion Detection Systems concluded that there are no comprehensive and scientifically rigorous methodologies to test the effectiveness of intrusion detection systems, which monitor and analyze systems and network traffic for possible hacker attackers or misuse. - - - - - - - - - - U.S. Information Security Law, Part Four: Information Security and the Public Sector- An Introduction to the National Security Law of Information Security. This is the last article in a four-part series looking at U.S. information security laws and the way those laws affect the work of security professionals. This installment continues the discussion of information security in the public sector and provides an overview of national security law in the United States as it pertains to information security. U.S. Information Security Law, Part One: Protecting Private Sector Systems, and Information Security Professionals and Trade Secrets U.S. Information Security Law, Part Two: Protecting Private Sector Systems and Securing the Working Environment U.S. Information Security Law, Part Three: Information Security and the Public Sector-An Introduction to the Criminal Law of Information Security - - - - - - - - - - Posted PR documents prompt complaints on smart tags A consortium developing radio-tagged chips to replace bar codes in stores posted documents labeled confidential on its Web site that detail strategies to counter complaints the technology will be misused by retailers, the government or criminals to snoop on consumers. The documents from the Auto-ID Center, a research group affiliated with the Massachusetts Institute of Technology, contain advice from center officials and a public relations firm Fleishman-Hillard on how to ``neutralize opposition'' and respond to potential privacy concerns from the public and media. Euro Scheme Makes Money Talk,1848,59565,00.html Tracking You at the Drug Store,1367,59572,00.html Wal-Mart cancels 'smart shelf' trial Goodbye UPC bar codes *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.