NewsBits for July 16, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ Missing girl safe, ex-Marine held 12-year-old girl has been reunited with her parents after she went missing for four days with a 31-year-old former U.S. Marine who she met on the Internet. Police said Wednesday Shevaun Pennington was found on her way back to Britain after she had traveled to continental Europe with Toby Studabaker, who was arrested separately in Germany. "I'm obviously very relieved," said Greater Manchester Police Superintendent Peter Mason. He said German authorities detained Studabaker in Frankfurt Wednesday for child abduction "under the power of an international arrest warrant sworn out within the Greater Manchester police area." - - - - - - - - - - Federal Court Clerk In N.O. Faces Trial On Child Porn Charges A longtime employee of the federal court clerk's office in New Orleans will face trial next month on child pornography charges. Gerald D'Aquin, of Harvey, pleaded not guilty Tuesday to the July 3 indictment. D'Aquin remains free on a $25,000 bond. His case is set for trial Aug. 28 before U.S. District Judge Carl Barbier. D'Aquin, a finance assistant in the clerk's office for 17 years, has not reported to work since his arrest and is on annual leave. A federal grand jury indictment accuses him of using his home computer to receive and distribute sexually explicit images of children. Authorities say D'Aquin used the screen name Dolittle 1212 to receive and distribute the images to various people. - - - - - - - - - - Councilman's 'Net sex trial can proceed When Independence Council Member Otis Ketron was arrested in March and accused of trying to have sex with an underage girl, he told police he was "just playing a game." Ketron won't go to trial until at least October, but in court Tuesday prosecutors won a major victory for Ohio's importuning law when the judge refused to dismiss the indictment against Ketron because there was no actual "child" involved. Ketron's idea of play, prosecutors claimed Tuesday, was a string of sexually explicit Internet chats that would make a sailor blush. While sitting at his desk at Procter & Gamble, Ketron would log onto the Internet, enter a "chat" room and have conversations with what he thought was a 15-year-old girl. The "girl" actually was a Hamilton County Sheriff's deputy. - - - - - - - - - - Tigard man arrested in federal child porn sting A 61-year old Tigard man was arrested Tuesday night in an FBI child pornography sting. FBI agents and members of the Innocent Images Task Force arrested Richard Detwiler on a charge that he violated the federal law concerning the use of or attempted use of a means of interstate commerce to persuade or to entice a minor to have sex. Detwiler is the Resource Development Director for the Oregon Lions Sight and Hearing Foundation. If convicted, Detwiler faces a minimum of 60 months in prison and a $250,000 fine. According to the FBI, Innocent Images is an investigative program designed to crack down on those who make and traffic child pornography, and those who prey on children online. - - - - - - - - - - Internet Sex Charge Raises Parents' Online Fears A state social worker was charged with trying to lure a child over the Internet for sex, once again raising concerns over the safety of children online. Nathan Scott Ravell, 32, of Effingham, N.H., was charged with luring a child, and possession and distribution of child porn over the Internet. The employee of the New Hampshire Mental Health and Development Service Center was arrested in Keene, N.H., where police said he set up a meeting with who he thought was a 14-year-old boy. The boy turned out to be Keene Detective James McLaughlin, who has been involved in hundreds of Internet sex sting operations. - - - - - - - - - - Third ex-MS employee pleads guilty A former Microsoft employee pleaded guilty on Tuesday to falsely ordering software meant for internal use and selling it for personal profit, the third such incident since last December. Kori Robin Brown, 31, a former administrative assistant at the company's Xbox video console and games division, ordered more than $6 million worth of Microsoft's SQL Server database software and sold it for personal gain between 1998 and 2000, according to a statement by the U.S. Attorney's office for the Western District of Washington.,,t269-s2137652,00.html - - - - - - - - - - Man fined for Internet kidney sale A German court has sentenced a man for trying to sell one of his kidneys on the Internet to a four month suspended jail sentence and fined him 2,000 euros ($2,300), authorities said Tuesday. A spokesman for the court in the western town of Kassel said the 48 year-old Austrian mechanic was accused of violating laws on illegal organ trading for offering his kidney as a "blood purification organ" online at a starting price of 66,500 euros. - - - - - - - - - - A Congressional hunt for IP criminals A key legislator in the U.S. House of Representatives said Tuesday that he would release the first "Intellectual Property Crime Index" next week. Rep. Lamar Smith, R-Texas, the chairman of the House subcommittee that oversees copyright law, said the index would accomplish what he said the U.S. Department of Justice statistics currently don't do well: track intellectual property crimes and analyze trends over time. - - - - - - - - - - Quiet move in Senate to kill Pentagon surveillance program Without fanfare, senators debating defense spending for next year have proposed eliminating all money for the Pentagon's development of a vast computerized terrorism surveillance program that has raised privacy concerns. In the past, Congress has limited the Defense Department's ability to implement the system now known as Terrorism Information Awareness while allowing research to proceed, but the new provision goes further to ban funding outright. - - - - - - - - - - Piracy linked to terrorism The head of Interpol called on Wednesday for a global crackdown on software and music piracy, saying the illicit proceeds help finance al-Qaida, Hezbollah and other terrorist networks.,,2-13-1443_1388359,00.html - - - - - - - - - - Hackers exploit lax home worker security 350,000 remote workers' PCs are back doors into corporate networks, claims survey. Hackers are gaining access to corporate networks by exploiting lax security on over 350,000 home workers' PCs connected to their work IT systems, a recent survey has claimed. - - - - - - - - - - Entertainment groups worried Internet privacy bill would hurt industry A bill making its way through the California Legislature is drawing opposition from entertainment groups and merchant associations, who fear it will make it easier for people stealing movies, computer games or other trademarked entertainment over the Internet to avoid being sued. - - - - - - - - - - Clarke Takes Gov't to Task Over Security Former White House cyber-security czar Richard Clarke ripped his former employer Tuesday, saying that the government is doing an unacceptable job of helping the private sector lock down the nation's critical infrastructure.,3959,1192919,00.asp - - - - - - - - - - Viral marketing spreads nasty message Internet security companies are warning about devious marketing tactics that have virus-like effects, but aren't actually viruses. Antivirus company Sophos has warned that its Australian technical support have been receiving reports from people who receive an e-mail inviting them to visit a Web site--run by Avenue Media NV, based on Curacao in the Caribbean--containing free comic video clips, including on of Bill Gates copping a pie in the face. Users who visit the site and view a video clip begin sending the e-mail invitation to their friends.,,t277-s2137632,00.html Virus expert feuds with Belgian hacker - - - - - - - - - - File swappers putting business at risk File-swapping applications are deeply entrenched inside corporate networks, according to a survey of computer systems by a Canadian network monitoring company. In a study spanning 560 companies, ranging from 10 to 45,000 employees, Canadian company AssetMetrix found peer-to-peer software such as Kazaa and Morpheus installed at least once in 77 percent of companies. The survey found that every company in its sample with more than 500 employees had at least one installation of file-swapping software. Is your company habouring file-swappers?,,t269-s2137639,00.html - - - - - - - - - - Ukrainian Anti-virus Center: The Results of Virus Activity Results of studying the virus attacks for 6 months 2003 have shown: the activity of virus-makers became more boisterous, their educational level has increased, their creations become more and more refined. Summing up, it is possible to say, that distributed Internet viruses are capable to penetrate into all elements of corporate information infrastructure, attacking both the software, and the equipment. According to Ukrainian Anti-virus Center the quantity of reports on virus attacks has grown in 15% for the first six months 2003. The most dangerous viruses were I-Worm.Tanatos.b, I-Worm.Lentin, I-Worm.Sobig, I-Worm. Klez. - - - - - - - - - - Symantec 'security scan' distributes rootkit "Symantec Security Check is a free web-based tool that enables users to test their computer's exposure to a wide range of on-line threats," the press release begins. Unfortunately, Symantec Security Check has also been installing an on-line threat of its own in the form of a dangerous ActiveX control. "The ActiveX control, named Symantec RuFSI Utility Class or Symantec RuFSI Registry Information Class, contains a buffer overflow exploit," the company says, though we're nearly certain they mean that it's exploitable, not that it's actually been infected with something. But you never know; the press release is one of those waffly ones that doesn't quite tell you everything you want to hear. - - - - - - - - - - Hot spots hide swappers from RIAA Early last spring, NYCWireless co-founder Anthony Townsend got a note in the mail saying that someone on his network had been violating copyright laws. This type of note is becoming increasingly common as record companies and Hollywood studios subpoena Internet service providers (ISPs) for information about subscribers in order to stop people from trading songs and movies online. But Townsend's case was unusual: As the representative of a loose collection of wireless "hot spot" Internet access points, there was no way he or the relevant access point operator in New York's Bryant Park could identify or warn the file trader. - - - - - - - - - - Microsoft admits critical flaw in nearly all Windows software Microsoft Corp. acknowledged a critical vulnerability Wednesday in nearly all versions of its flagship Windows operating system software, the first such design flaw to affect its latest Windows Server 2003 software. Microsoft said the vulnerability could allow hackers to seize control of a victim's Windows computer over the Internet, stealing data, deleting files or eavesdropping on e-mails. The company urged customers to immediately apply a free software repairing patch available from Microsoft's Web site.,10801,83130,00.html Government agency warns of Windows flaw,,t269-s2137628,00.html Microsoft Unveils Web-Services Security Tools - - - - - - - - - - ISPs rush to fix Cisco flaw Internet service providers are vulnerable to a flaw in Cisco routers that could cause some Web sites and servers to become inaccessible, according to a major telecommunications company and network administrators familiar with the issue. While details of the flaw are unclear, it is apparently widespread and affects much of the network infrastructure used by the major Internet service providers, CNET learned Wednesday. Cisco is a major provider of network switches and routers used to direct data across the Internet. - - - - - - - - - - Security concerns drive data centre deals Analyst predicts huge increase in spending on hosting services. Concern over IT security issues is so compelling that global organisations will increase spending on hosting services by 91 per cent by 2007, according to market watchers. - - - - - - - - - - Los Alamos County shores up security Security within the Los Alamos (N.M.) County's information technology department wasn't quite up to par when systems manager Laura Gonzales came on board three years ago. - - - - - - - - - - Police invest in ChildBase system New system will help police gather evidence against paedophiles more swiftly. The National Crime Squad is using facial recognition software in the fight against paedophiles.The unit has invested PS500,000 in ChildBase, bespoke facial recognition software based on technology developed by Canadian company Imagis Technologies. - - - - - - - - - - A Quantum Leap in Cryptography Visionaries are using photons to develop data-security systems that may prove the ultimate defense against eavesdropping hackers. In a dark, quiet room inside the Cambridge (Mass.) labs of Verizon (VZ ) subsidiary BBN Corp., network engineer Chip Elliott is using the laws of physics to build what he hopes will be an unbreakable encryption machine. The system, which sits atop a pink heat-stablization table, is designed to harness subatomic particles to create a hacker- proof way to communicate over fiber-optic networks. - - - - - - - - - - Let's bring e-crime into the open There are some basic problems with electronic crime. We don't know how much of it there is, we can't detect it, we can't prevent it, and even if we do catch someone at it, it's hard to prosecute them. High- profile hackers like Kevin Mitnick get slapped down big-time, but is this a response to their specific crime? Or are the police and the justice system just venting their frustration at the knowledge that many others are getting away with it? - - - - - - - - - - Freedom of speech in the Internet Problem of legal regulation of the Internet is one of the most important tasks of the state. Legislators undertake attempts to define a role of the state in the Internet relations. The Council of Europe is going to pass new rules for owners of webs - resources; at least, this project is discussed rather actively. There is a point in the rules that will oblige publishers to give an opportunity to all authors to comment the written in the same place. However, this law has opponents as well; they see the beginning of the end of freedom in the Internet. - - - - - - - - - - Wi-Fi anonymity tempts pirates Some Wi-Fi hot spots allow users to remain anonymous and untraceable, thwarting any efforts to sue for copyright violations. Early last spring, NYCWireless co-founder Anthony Townsend got a note in the mail saying that someone on his network had been violating copyright laws. This type of note is becoming increasingly common as record companies and Hollywood studios subpoena Internet service providers (ISPs) for information about subscribers in order to stop people from trading songs and movies online. But Townsend's case was unusual: as the representative of a loose collection of wireless "hot spot" Internet access points, there was no way he or the relevant access-point operator in New York's Bryant Parkcould identify or warn the file trader.,,t269-s2137649,00.html - - - - - - - - - - U.S. passports to add facial biometrics The State Department plans to develop intelligent passports that will carry facial images with biometric data on advanced computer chips. The department will adopt a standard approved in late May by the International Civil Aviation Organization, which selected facial biometrics as the identification tool and high-capacity, contactless chips as the storage device. Contactless chips transmit data via low-power radio frequency, rather than direct contact with a reader device. - - - - - - - - - - SBlogs: Another Tool in the Security Pro's Toolkit (Part One) My name is Scott, and I'm an information addict. I'll admit, I love information. No, make that I love and need information. If you're interested in keeping up with trends and changes in security, you're probably an information addict as well. You absorb security- related information and then ponder, examine, and analyze it before reshaping it in a way that helps protect your data, your systems, and your networks. - - - - - - - - - - In police cruiser simulators, the world's full of bad drivers The drivers in Center City are idiots. They cross double yellow lines, ride curbs and run stop signs. Many just ignore Trooper Roger Beaupre when he activates his cruiser's flashing lights. Others panic and brake in mid-intersection. Beaupre is tailing a drunken driver -- Center City is full of them -- but looks away for a moment. He broadsides a school bus. Game over. Time to hit reset and put the police cruiser back on the outskirts of town. *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.