NewsBits for July 10, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ London police quiz suspected US DoE cracker An 18 year-old Londoner suspected of commandering US Department of Energy computers to store illicitly obtained music and video files was arrested and questioned by police yesterday. Officers from the Metropolitan Police's Computer Crimes Unit were asked to investigate unauthorised access to 17 unclassified computers at a US Department of Energy research laboratory in Botavia, Illinois during June 2002 when the trail of the attacker led back to the UK. - - - - - - - - - - Teenage French hacker suspected of violating 2,000 sites A French high school student is being investigated on suspicion of breaking into and defacing some 2,000 Web sites -- including that of the U.S. Navy, police said Thursday. The 17-year-old boy, who went by the pseudonym ``DKD,'' hacked into sites and often replaced their welcome pages with political slogans, said Eric Voulleminot of the Regional Service of Judicial Police in Lille. - - - - - - - - - - Identity theft lands cop in confinement An airman was discharged from the Air Force, given 14 months confinement and reduced to airman basic after being convicted of several identity-fraud-related crimes during a recent general court-martial here. Senior Airman David A. Daniel, from the 377th Security Forces Squadron, was charged with larceny, forgery and intercepting mail from another airman. Charges were based on incidents dating back to September 2001, according to Capt. Tiffany Dawson, from the staff judge advocate office here. - - - - - - - - - - PS2 gaming service browser hacked A PlayStation 2 owner has figured out how to access non-Sony web pages using the browser software provided with the console's online gaming service. The PS2 typically points to a Sony server, and displays pages minus the web navigation tools computer owners are accustomed to using to surf the Net. Brook's self-confessed "hack" involves modifying the IP address the PS2 connects to when seeking out web pages, according to a BBC report. - - - - - - - - - - Porn Purveyors Getting Squeezed Pay me, or I'll crash your porno website. That's the threat Internet smut-slingers say they've been receiving from a hacker with a vendetta against the adult industry. And it appears to be more than just tough talk. Several sites have been temporarily taken offline in the last 10 days, battered by massive denial-of-service attacks, according to website operators.,1284,59574,00.html - - - - - - - - - - Putnam: Cybersecurity laws coming Cybersecurity regulation that will affect the private sector is on the way this year, Rep. Adam Putnam (R-Fla.) said this morning at a Capitol Hill forum sponsored by the Business Software Alliance and the Center for Strategic and International Studies of Washington. We will be moving some legislation in the House Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census, which he chairs, Putnam said. It wont be on the order of Sarbanes-Oxley," a 2002 act regulating accountability of public companies, but will be an effort to increase attention to security before major problems occur. - - - - - - - - - - Politics may spoil spam solutions Once thoroughly bipartisan, the debate in Washington over how to reduce the flow of bulk e-mail is pitting Democrats against Republicans, a development that threatens to complicate enactment of laws regulating spam. Politicians on Capitol Hill have realized that their constituents are fed up with the ever-increasing deluge of unsolicited e-mail, and most legislators appear to favor Congress taking some sort of action. But disagreements about what action is wisest have erupted along traditional political fault lines that pit Republican values against those cherished by Democrats. How to end spam in the future In the escalating battle against spam, it may look like the bad guys are winning right now. But the wars not over. Antispam warriors are developing new weapons to fight unwanted junk e-mail and legislators are debating strict new laws that could send spammers to jail. Top spam subject lines exposed - - - - - - - - - - Most businesses are hurt by cybercrime A survey covering 3,623 companies in 50 countries shows most businesses are being financially hurt by cybercrime and other forms of economic crime. PricewaterhouseCoopers said its Global Economic Crime Survey 2003 shows 47 percent of telecommunications and 46 percent of IT companies are suffering from economic crimes, figures only exceeded by banking and insurance industries. - - - - - - - - - - E-termination Employees are getting fired for e-mail infractions Twenty-two percent of companies have fired an employee over improper e-mail use, up from 17 percent in 2001, according to a survey of 1,100 companies conducted by The ePolicy Institute, the American Management Association and Clearswift, maker of software to manage and secure electronic communications.{F36CEE09-853D-41E5-9460-AE693D277493}&siteid=aolpf&dist=special - - - - - - - - - - Pirate CDs spin past one-billion mark More than one billion illegally-copied compact discs were sold last year, the latest sign that the beleaguered music industry is failing in its bid to wipe out piracy, a new industry study said on Thursday. In 2002 the sale of pirated CD copies rose 14 percent to 1.1 billion units from the previous year and has more than doubled in the past three years, turning a street-corner trade into an estimated $4.6 billion business, the International Federation of the Phonographic Industry (IFPI) said in its annual piracy report. At $4.6 billion, the global market for pirated music now ranks as the third biggest in the industry behind the United States and Japan.,10801,82925,00.html?SKC=security-82925 Illegal music downloads boosting album sales - - - - - - - - - - Bill Gates tops email hoax list Bill Gates isn't only the richest man in the world - he's also the subject of more email chain letters, virus hoaxes and scams than any other person or subject on the planet. The Bill Gates fortune email chain letter tops a list of hoaxes compiled by AV vendor Sophos. Despite the frankly ludicrous claim that the Microsoft's chairman is prepared to share his wealth with anyone who forwards the email to a friend, the hoax is still in active circulation after first appearing on the Net more than a year ago. - - - - - - - - - - Librarians take filtering problem into own hands With its members required to block pornography at Internet terminals in public libraries, the American Library Association is convening software developers next month to push for greater control over what gets filtered out. - - - - - - - - - - E-authentication policy due Friday The General Services Administration will publish a draft policy July 11 outlining how federal agencies should validate the identities of users conducting business through e-government applications. - - - - - - - - - - Liberty Alliance offers advice on external ID federation The guidelines explain how companies should work together on the ID effort. Having already set forth the technical requirements needed to create a federated identity architecture, the Liberty Alliance Project released guidelines this week for how companies should include business partners and customers in their networks, saying its crucial for the advancement of Web services.,10801,82945,00.html - - - - - - - - - - Microsoft says there's security problems with Windows SOFTWARE FIRM Microsoft issued a series of bulletins to its customers using Windows yesterday. One problem affects Windows 2000 and might allow the malicious to start messing with your machine. Another problem affects the flavours of Windows NT 4.0, the three flavours of Windows 2000, and Windows XP Professional. This could allow a malicious person to mess with your machine if you're not careful. - - - - - - - - - - IBM, Adobe secure digital signatures IBM is expected to announce a partnership with software maker Adobe Systems on Thursday to boost security in documents created with Adobe's Acrobat software. Forms and other documents created in the portable document format (PDF) used by Acrobat will be able to tap into the security chip included on all recent IBM desktop and notebook PCs. Among other purposes, IBM's "embedded security subsystem" can be used to store the electronic signature data, providing an extra level of security over more typical systems that store signatures on a PC's hard drive.,10801,82926,00.html - - - - - - - - - - Can hack any computer anywhere, claims techie A few reporters here were shocked to listen to a young CEO of a city-based Internet company claiming that he could `enter' any computer in any network throughout the world and retrieve data from it. ``What about George Bush's system?'' a reporter asked. ``Give me 48 hours and if the President's computer is online for that long, I can get into it,'' was the reply from M Jayashankar, CEO, Caliber Plus - an Internet firm in Kodambakkam. - - - - - - - - - - The ABCs of Network Security It requires constant vigilance, with regular applications of available network patches. The ideal approach for most companies is to have a day-to-day scanning program along with patch managementdone either internally or outsourced to a consultant. Its a jungle out there. Just ask any chief technology officer who is constantly on the alert for worms, viruses and other insidious pests attacking and boring holes in the networks operated by enterprises. - - - - - - - - - - Trojan scanning without the pitfalls Trojans, which are increasingly being used to steal credit card data and passwords, or to launch attacks against organisations, are not picked up adequately by basic security software such as an anti-virus engine, states a white paper issued by global security and messaging company GFI. The paper describes the seven main types of Trojan and explains how a Trojan can infect a network via an e-mail attachment or downloaded file. - - - - - - - - - - Secrets to the best passwords The use of good, hard-to-guess passwords can make it difficult for a malicious hacker to break into your computer account. Avoiding predictable keywords and using different methods to introduce variety into your passwords makes it easy for you to remember them but virtually impossible for others to guess them.,10801,82883,00.html - - - - - - - - - - Wi-Fi siren song can lead to rocky security The siren song of all corporate technology is productivity. The message is always the same, but its power lies in the sweetness of the tune. Right now a technology standard known as 802.11b -- better known as Wi-Fi and even better as wireless networking -- is particularly appealing. Setting Up a Secure Wireless Network - - - - - - - - - - Social engineering: It's a matter of trust Boiled down, social engineering is simply the exploitation of the natural human tendency to trust. It's sometimes used by hackers -- or others with malevolent intent -- to gain unauthorized access to a computer, with the goal of obtaining information that resides therein.,10801,82894,00.html - - - - - - - - - - Securing academic labs with OS X server, clients In a series of articles written by Yuval Kossovsky, manager of digital media systems at Hunter College's Department of Film and Media Studies in New York, Computerworld is following the school's integration of new Apple Computer Inc. hardware and software. This is the sixth of those articles, which offer a hands-on view of integrating Macintosh computers and Apple software in what's largely an Intel and Windows world.,10801,82918,00.html - - - - - - - - - - Posted PR documents prompt complaints on smart tags A consortium developing radio-tagged chips to replace bar codes in stores posted documents labeled confidential on its Web site that detail strategies to counter complaints the technology will be misused by retailers, the government or criminals to snoop on consumers. RFID spy-chippers leak confidential data on the Web Public relations flacks eager to win the public over to the benefits of mass RFID (Radio Frequency Identification) chip proliferation have ironically managed to leave their own confidential plans unprotected on the Web. An outfit called CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering) discovered the trove of marketing half-truths on the MIT Auto-ID Center Web site, available for all to see. - - - - - - - - - - Liability protection for anti-terror technologies The Homeland Security Department Friday will publish a proposed rule designed to accelerate the development of anti-terrorism technologies. Mandated by the law that created the department, the rule will protect companies from massive lawsuits in the event such technologies fail to prevent another terrorist attack. *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.