NewsBits for July 28, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ Man Arrested For Child Porn After Taking Computer In For Repairs A local man took his computer in for repairs, but what a technician found on his hard drive landed the man in jail. Deputies say the Winter Garden man had downloaded disturbing images of child pornography on his computer. Deputies put it very bluntly: this is not a case of how many images there were on the suspect's computer, it's a matter of how bad they are. One deputy calls it the worst he's ever seen. - - - - - - - - - - Officials accuse man of running child porn site The police, with some help from overseas, arrested a Milford man on charges of operating a child pornography site through his home computer. Thomas F. Richards, 43, turned himself in to the police Thursday on a warrant charging him with 50 felony counts of possession of child pornography. The warrant was issued after the police seized his computer in June, Milford police Capt. John Winterburn said. The charges follow an almost two-month investigation involving authorities in other states and countries. - - - - - - - - - - ARREST THREAT: Child porn copies lead to conflict A local attorney who is assisting a child pornography suspect in his legal defense says a prosecutor threatened him with arrest for possessing photos entered into evidence in the case. Attorney Jonathan MacArthur said the threat was made by Clark County prosecutor Becky Goettsch, even though District Judge Lee Gates previously authorized MacArthur to possess alleged child pornography photos in order to assist his client's defense. "She crossed the line, way over the line," MacArthur said. - - - - - - - - - - Singapore cracks down on cartoon piracy A new anti-piracy body will focus on eliminating illegal sales of Japanese drama serials and cartoons, in an effort to strengthen ties with the West. A new industry association will be launched next week to curb video compact disc (VCD ) piracy -- but mainly of a single genre of movie.,39020651,39115266,00.htm - - - - - - - - - - BabyBear virus in MSN disguise Sophos has detected a new worm that appears to be an order to sign up to the MSN 8 service. BabyBear-A arrives as an email with a variety of subject lines and text, including one which tells the recipient they have signed up to the MSN 8 service. It reads: 'Dear Sir or Madame, We have detected that you have placed a Order for Msn8. Before we start your Service please confirm your order. To confirm your order please check the attachment. Thanks, Microsoft Corporation Support.' - - - - - - - - - - Subpoenas Sent to File-Sharers Prompt Anger and Remorse A blizzard of subpoenas from the recording industry seeking the identities of people suspected of illegally swapping music is provoking fear, anger and professions of remorse as the targets of the antipiracy dragnet learn that they may soon be sued for hundreds of thousands of dollars in damages. (NY Times areticle, free registration required) "Copying is Theft ..." New bill would curb P2P companies Pirates of the Internet Doggedly pursuing downloaders P2P users shown how to fight back - - - - - - - - - - Judge orders Interior to shut off Internet connections Judge Royce C. Lamberth of the U.S. District Court for the District of Columbia late this afternoon issued a preliminary injunction requiring the Interior Department to disconnect its IT systems from the Internet, with some exceptions. The preliminary injunction followed a hearing this morning in which the plaintiffs in the Cobell v. Norton litigation, who represent American Indian trust beneficiaries, sought the injunction. The goal of the injunction is to protect American Indian trust accounts from intrusion via the Internet. - - - - - - - - - - owner can sue VeriSign Gary Kremen, rightful owner of the domain name, has won the right to sue the registrar duped into transferring the lucrative domain to a convicted felon, Stephen Cohen. Judge Alex Kozinski, of the 9th US Circuit Court of Appeals, ruled on Friday that courts should treat domain names exactly as they would "a plot of land" or other types of property. If domain names are property, the three judges sitting in the case ruled, then registrars are responsible for protecting them.,39020372,39115287,00.htm - - - - - - - - - - DOD: Systems need more protection The Defense Department must do more to guard against cyber threats, said Robert Lentz, the department's director of information assurance. "As our dependence on information networks increases, it creates new vulnerabilities, as adversaries develop new ways of attacking and disrupting U.S. forces," he said. "Everyone must be made aware of his or her role in assuring the nation's information." IT Deficiencies Blamed in Part for Pre-9/11 Intelligence Failure,10801,83469,00.html - - - - - - - - - - Security officials discuss efforts to combat computer crime Research and development into cybersecurity is essential to combat computer crime, a security researcher said on Monday. "Computer crime is rising in scope," said Andrew Macpherson, the technical program coordinator for Dartmouth University's Institute for Security Technology Studies. "I don't think we have any way of quantifying computer crime [at this point]." - - - - - - - - - - Wash. cops get wise to Internet-borne crime Bellingham police are ready to go after more online criminals. Motivated by the rising number of Internet fraud, theft and sexual abuse cases nationwide, Bellingham has sent one officer for training on how to gather evidence from suspects' computers. Other officers will be trained to track down people who rip off people by misrepresenting themselves and their products at Internet auctions or by using technology to steal people's identities. - - - - - - - - - - Black Hat: Joining Forces to Fight Hacking The last few months have seen the revelation of a rash of critical vulnerabilities in a wide variety of software, from Oracle Corp.'s database packages to Windows to Cisco Systems Inc.'s IOS code. And if 2003 is to be remembered for being one of the worst years on record for such problems, this week's Black Hat Briefings in Las Vegas may well go down as the event where security researchers began to turn the tide in the fight against faulty code.,3959,1204962,00.asp - - - - - - - - - - Spam Battle Plans Companies are relying on multilevel spam-fighting strategies that include e-mail filtering tools, blacklist services and employee education. Impotency drugs and underdeveloped body parts may have become big jokes in anecdotes about spam, but they're no laughing matter to Joshua Elicio, director of information security at Memorial Medical Center in Las Cruces, N.M. While words like Viagra and penis seem like obvious triggers for spam filters, it's not so simple when you're a teaching hospital where material on pharmaceuticals and anatomy are a mainstay to business.,10801,83386,00.html - - - - - - - - - - Security spending ignores training Educating staff on security risks remains a low priority for most companies. Most firms are focusing their security spending on technology and business continuity systems, rather than investing in staff training to improve protection, according to a recent survey by consultancy Ernst & Young. Security needs constant attention - - - - - - - - - - Microsoft brings Secure Web Services closer As the noise of secure communications and identify management continues unabated and vendors clamour at the door, Microsoft's recent announcement of Web Services Enhancements 2.0 might have been missed, writes John McIntosh of Bloor Research. Flaws Inevitable, Microsoft Says,10801,83479,00.html - - - - - - - - - - Cisco releases fix for Aironet flaw Cisco Systems has released patches for a pair of security flaws that were discovered in its Aironet 1100 series wireless access points. One flaw would have allowed an attacker to use a "classical brute force" technique to discover account names, according to security troubleshooter Vigilante. Vigilante said the second flaw could freeze the access point and bring down the wireless access zone. Cisco posted advisories on the flaws Monday. - - - - - - - - - - Cavium touts wireless security processor Cavium Networks today announced a new range of security processors for Wireless LAN applications and protocols. Cavium's NITROX Wireless Security Processors are designed to make it easier for equipment manufacturers to introduce support for emerging 802.11 security standards, such as 802.11i. The Wi-Fi Protected Access (WPA) security specification a cut-down version of what will become 802.11i and is beginning to make its way into products. 802.11i is to be ratified as a standard by the IEEE next year. Poor standards plague WLan security WiFi Is Open, Free and Vulnerable to Hackers Keeping WiFi Private Proves Arduous Task - - - - - - - - - - Sacked staff turn to sabotage Failure to revoke access to corporate networks could prove very costly. IT departments that fail to revoke access rights to critical systems risk exposing their firms to security breaches by former employees, new research has found. More than half the UK workforce would be prepared to seek revenge on former employers by exploiting continued access to corporate systems if they were unhappy at losing their job, according to research by software vendor Novell. - - - - - - - - - - Privacy pendulum swings back In the immediate aftermath of Sept. 11, 2001, the worry in Washington, D.C., was more about national security than about individual privacy. A couple days after the terror attacks, the U.S. Senate voted to grant the Federal Bureau of Investigation sweeping Internet surveillance powers that, in some cases, would not require a judge's approval. Huge portions of that bill, self-importantly titled the Combating Terrorism Act, eventually became part of the even more grandly named law called the USA Patriot Act. Truste, IAPP join for corporate privacy push,10801,83517,00.html - - - - - - - - - - Senate would force DHS sharing The Senate appropriations bill for homeland security has a little-noticed provision that would force the department to share data with other government agencies. Under the measure, the Homeland Security Department and other intelligence agencies would have to share information with other federal, state and local agencies. The department and intelligence groups would also have to make sure their computer systems are compatible. *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.