NewsBits for July 31, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Experts anxious over possible Net attack Government and industry experts are increasingly concerned about brewing hacker activity they consider a precursor to a broad Internet attack that will target a serious flaw in Windows software from Microsoft. http://www.cnn.com/2003/TECH/internet/07/31/internet.atttack.ap/index.html http://www.washingtonpost.com/wp-dyn/articles/A9713-2003Jul31.html http://www.msnbc.com/news/946460.asp? http://www.usatoday.com/tech/news/computersecurity/2003-07-31-ms-hack-alert_x.htm http://computerworld.com/securitytopics/security/holes/story/0,10801,83619,00.html - - - - - - - - - - Man, 53, Charged Under New Law Mississippi resident was arrested in Fountain Valley after traveling here allegedly for sex with a boy who was actually a police officer. A 53-year-old man was indicted Wednesday on federal charges of traveling to Orange County from his home in Gulfport, Miss., to have sex with a 13-year-old boy who was in fact a Fountain Valley police officer posing on the Internet. Daniel Diamond Tucker is the second man to be indicted in Orange County under a 13-week-old law providing mandatory minimum sentences of five years in prison for those convicted of sex crimes against children. A 31-year-old Anaheim man was arrested this month for allegedly using the Internet to arrange a sexual liaison with a 13-year-old girl who was actually an FBI agent. (LA Times article, free registration required) http://www.latimes.com/technology/la-me-molest31jul31,1,2104045.story - - - - - - - - - - Predators' chatroom trap for teens PEDOPHILES are increasingly using the internet to target children, police warned yesterday, as a Perth man was charged with molesting three girls he met in a web chatroom. Police allege the 31-year-old man met the three girls, aged 14 and 15, via a chatroom in February this year and later asked them to come to his home. The charges include 10 counts of sexual penetration, two of indecent dealing and three of aggravated sexual penetration without consent. He is due to appear in court tomorrow. http://www.theaustralian.news.com.au/common/story_page/0,5744,6839384%255E2702,00.html - - - - - - - - - - SBC Unit Sues RIAA Over Push to Identify Net Music Sharers Pacific Bell Internet Services jumped into the fray over music downloading late Wednesday, filing a federal lawsuit against the recording industry and questioning the constitutionality of the industry's effort to track down online music sharers. PBIS, the California Internet service provider of San Antonio-based SBC Communications Inc., alleges that many of the subpoenas served against it by the Recording Industry Assn. of America were filed improperly. http://www.latimes.com/technology/la-fi-pacbell31jul31,1,3880422.story http://www.siliconvalley.com/mld/siliconvalley/news/editorial/6427714.htm http://zdnet.com.com/2100-1104_2-5058107.html http://www.vnunet.com/News/1142731 Hollywood hunts for pirates http://www.usatoday.com/tech/news/techpolicy/2003-07-30-piracy_x.htm Lawmaker seeks info on RIAA dragnet http://news.com.com/2100-1027_3-5058594.html?tag=fd_top Labels win round in piracy crackdown http://zdnet.com.com/2100-1105_2-5057849.html UK P2P users may face legal action http://www.vnunet.com/News/1142728 Survey: Two-thirds of adult music downloaders don't care about copyrights http://www.siliconvalley.com/mld/siliconvalley/news/editorial/6429613.htm http://www.msnbc.com/news/946802.asp - - - - - - - - - - Yaha usurps Klez Yaha-E displaced Klez as the most common viral menace on the Internet over the last month, according to Messagelabs. The managed services firm has blocked Yaha-E 367,158 times so far in July, relegating Klez-H (332,343 interceptions) to second place in its monthly viral charts. Sobig-E (blocked 188,235 times) and BugBear-B (108,206) and Sobig-A (63,076) make up the remaining stop five places in MessageLabs chart, released last night. http://www.securityfocus.com/news/6579 http://www.theregister.co.uk/content/56/32087.html - - - - - - - - - - Spam emails hide key logger virus Careful what you click on - it could steal your identity. A dangerous strain of 'virus spam' is tricking computer users into allowing serious infections into home and business computer systems, IT experts have warned. According to industry body The Corporate IT Forum (Tif) virus spam, or 'v-spam', dodges antivirus and firewall systems by tempting users to click on a website link contained in an email which then sends them a virus. http://www.vnunet.com/News/1142716 - - - - - - - - - - Senator calls for reports on government data searches The legislation won quick backing from two privacy rights groups. Civil liberties groups, including the Electronic Frontier Foundation (EFF) and The Center for Democracy & Technology (CDT), are throwing their support behind a piece of legislation that would require U.S. agencies to report to Congress about the personal information they collect. http://computerworld.com/securitytopics/security/privacy/story/0,10801,83613,00.html - - - - - - - - - - Senate committee closes loophole in Internet gambling bill A Senate committee approved legislation Thursday that would ban illegal gambling on the Internet and closed a potential loophole that the Justice Department has said could actually legalize gambling in states where it is now prohibited. The legislation prohibits the use of credit cards to place online wagers. Operators of Internet gambling sites could be sentenced to up to five years in prison. The Senate Banking, Housing and Urban Affairs Committee voted unanimously to send the amended bill to the Senate for consideration. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/6430012.htm - - - - - - - - - - OMB challenges report on Privacy Act compliance Bush administration officials have rebuked the General Accounting Office for concluding in a new report that agencies are not taking adequate steps to protect private records. http://www.govexec.com/dailyfed/0703/073103a1.htm - - - - - - - - - - Superworm Manifesto unveiled at cybersecurity briefings Internet worms until now have been mostly dumb, inefficient and poorly organized, making little impact. But software developer and activist Brandon Wiley unveiled a guide for correcting these flaws at the Black Hat Briefings security conference. The guide includes plans for creating a new generation of worms capable of communicating and cooperating to blanket the Internet quickly and quietly. http://www.gcn.com/vol1_no1/daily-updates/22986-1.html - - - - - - - - - - Privacy bid ready, waiting CONSUMER GROUPS GIVING LAWMAKERS TIME TO PASS BILL Backers of a financial privacy initiative said Wednesday that they've collected enough signatures to qualify it for the ballot. But in a surprise move, they promised to hold the signatures for three weeks to give state lawmakers a final chance to hammer out a bill instead. http://www.siliconvalley.com/mld/siliconvalley/news/local/6425369.htm - - - - - - - - - - UK.gov security is pants IT security levels in UK central and local government are worryingly poor and need significant improvements if the UK is to meet its e-government targets, a survey out this week warns. Government security levels fall far below those of comparable IT sectors such as banking and finance, according to a report from security testing firm NTA Monitor. http://www.theregister.co.uk/content/55/32104.html - - - - - - - - - - July spam captures exceed all of 2002 Anybody still unconvinced about the scale of the spam epidemic should consider this fact: MessageLabs intercepted more spam in the last month than in the whole of 2002. While this is in part proof that filtering is more widely used, it is also an indication as to just how much spam is being sent and received each day. According to MessageLabs spam accounted for 50 per cent of all e-mail again during July. http://zdnet.com.com/2100-1105_2-5058168.html Spam dumpster diving http://www.theregister.co.uk/content/55/32103.html - - - - - - - - - - DefCon, Black Hat: Action required More serious vulnerabilities have been discovered in the past month, highlighting the fact that security hasn't improved despite strong talk from government and industry. Security experts are gathering for two conferences in Las Vegas hoping their solutions won't fall on deaf ears. http://zdnet.com.com/2251-1110-5058151.html Hackers huddle in the desert (series of articles) http://news.com.com/2009-1002_3-5058213.html - - - - - - - - - - Government wants your view on smart cards A new government proposal examines how smart card technology could improve the delivery of public services. But would they differ from controversial ID cards? The government on Thursday launched draft proposals for the introduction of smart cards as a way of pushing its electronic government agenda. http://news.zdnet.co.uk/hardware/emergingtech/0,39020357,39115397,00.htm http://www.theregister.co.uk/content/6/32106.html Datatrac wins ID card contract http://www.fcw.com/fcw/articles/2003/0728/web-dhs-07-31-03.asp - - - - - - - - - - Does Quicken for Windows have a huge security hole? QUICKEN 2003 FOR WINDOWS may have a huge security hole but the firm may also not realise it's there. According to a reader, he contacted Quicken to ask about the hole, and in his own words entered the labyrinthine and Kafkaesque world of its tech support, with the problem still squirming around in its technical support depths. He claims that if you password protect your Quicken data files, they're very easy to circument simply by using the super validation function in the software. http://www.theinquirer.net/?article=10793 - - - - - - - - - - Research firm posts own Half-Life patch A US company has released a patch for popular combat game Half-Life, after waiting months for the game's creator to act. A security research firm has released its own patch for critical flaws in a popular computer game after waiting months for the game's creator to do something. Earlier this week, US-based PivX Solutions issued an advisory warning of three high-risk buffer- overflow vulnerabilities it discovered in Half-Life, a popular first person shooter (FPS) game. http://news.zdnet.co.uk/internet/0,39020369,39115391,00.htm http://zdnet.com.com/2110-1105_2-5058089.html - - - - - - - - - - Data Protection : Subject Access Requests - any complaints? A Government Consultation Paper, published in October 2002 by the Lord Chancellor's Department, asked for opinions on whether the arrangements for 'subject access requests', under the current Data Protection legislation, were satisfactory or not, writes John MacGowan of Bloor Research. http://www.theregister.co.uk/content/63/32097.html - - - - - - - - - - Fed: Cyberterror fears missed real threat When airliners crashed into the World Trade Center and the Pentagon on September 11th, 2001, the nature of the attack took America's defenders by surprise. They were expecting hackers. "We were very shocked in the federal government that the attack didn't come from cyberspace," said Marcus Sachs, cyber program director in the Department of Homeland Security. http://www.securityfocus.com/news/6589 - - - - - - - - - - This is cyber-crime, not just an act of hacking My name is Shumani Gereda, an attorney in Johannesburg specialising in IT Law & Telecomms related aspects. I believe the word "hacker" is being used loosely in this article. The ECT Act does not define what a hacker is, neither does it define cyber crime. It only gives an explanation of what constitutes cyber [computer-related] crime. http://www.itweb.co.za/sections/feedback/feedcopy.asp?CommentID=2365 - - - - - - - - - - Feds to tap California prison data The Homeland Security Department is planning to tap into the California State Offender Based Information System as part of a plan to use existing databases to carry out its mission. California's offender database contains detailed and timely information on every inmate in the state's prison system, including biographical data, criminal history, past and current warrants. http://www.fcw.com/fcw/articles/2003/0728/web-ca-07-31-03.asp - - - - - - - - - - Georgia county upgrades crime net A Georgia county is working to meet upgraded network security guidelines for state and federal criminal justice information. Columbia County, a well-to-do suburban community encompassing the city of Augusta, apparently is one of the first municipalities in Georgia to employ the required TCP/IP for its six agencies, including the sheriff's department, which is helping lead the project. http://www.fcw.com/geb/articles/2003/0728/web-colum-07-31-03.asp - - - - - - - - - - UK e-voting pilots deeply flawed A leading British academic has warned of the shortcomings of electronic voting schemes tried at this year's local elections. The criticism, from Dr Ben Fairweather, Research Fellow at De Montfort University's Centre for Computing and Social Responsibility, comes in advance of the publication of the Electoral Commission's evaluation of the pilot schemes due later today. http://www.securityfocus.com/news/6580 http://www.theregister.co.uk/content/55/32091.html Electronic Voting Hits A Snag http://www.washingtonpost.com/wp-dyn/articles/A9025-2003Jul31.html *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.