NewsBits for August 13, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ FBI Looks For Source Of Internet Infection The FBI yesterday joined the hunt for the source of an Internet worm that was estimated to have infected more than 250,000 computers this week. As users patched the holes that made their computers vulnerable, it became clear that electronic attacks target both the humble to the mighty. Home users were believed to be most affected, but on Tuesday the "Blaster" worm reached into a dozen computers in the U.S. Senate and caused the Federal Reserve Bank of Atlanta to shut down most of its computer system. The worm interrupted work for two days at CBS in New York. Experts: Web attack may hit Microsoft Saturday Like sharp-shooters armed and ready to fire, hundreds of thousands of computers are poised to let fly a potentially crippling data attack on a lone Web site belonging to software giant Microsoft Corp. Starting Saturday, August 16, each computer infected by the "MSBlaster" or "LoveSAN" Internet worm will begin sending packets of data several times per second to the Microsoft site in an attempt to knock it offline. Variation of Blaster worm now showing up A modified version of the W32.Blaster worm is on the loose, according to advisories from two security firms. But users whose machines are patched against the original Blaster should be protected against the variant as well. Kaspersky Labs, a security firm in Moscow, this morning reported that it had detected a modified version of Blaster, also known as Lovsan, that takes advantage of the same vulnerability in the Windows interface that handles remote procedure calls (RPC). The only changes seem to be in the appearance of the new worm and a new text string abusing Microsoft Corp. and antivirus writers, according to the the Kaspersky alert.,10801,83976,00.html Blaster Worm Confounds Home Users, Variant Emerges Worm exploits a widespread Windows vulnerability The latest worm to torment Internet users underscores the limitations of getting patches in place. In just 24 hours, "MSBlast" exploded onto some 120,000 computers around the world, in spite of what some experts say was a less-than- spectacular programming job. A big part of the problem was that inattentive home users, and overbooked IT staffs, hadn't been able to put a patch in place, even though Microsoft had made it available in July. The Web will be watching Saturday to see if Microsoft can dodge a denial-of-service attack expected to be launched by the worm. Computer worm's punch grows Blaster shows IT departments the need for speed on patches,4814,83968,00.html Early bird avoids the worm Blaster still worming around Net Tips on Removing the LovSan Net Bug Blaster worm continues to spread Techs Begin Task of Fixing Worm's Damage New worm--no excuses this time Blaster worm wreaks havoc on home computers MSBlast worm a Frankenstein monster Computer Infection Disrupts Asia, Europe,3959,1217343,00.asp Worms Shouldn't Break Windows Worm Exploits Weak Link: PC Users,1377,59994,00.html Worm a Sign of Horrors to Come?,1282,60019,00.html - - - - - - - - - - Virus Takes out MD MVA. Virus forces Maryland Motor Vehicles Administration to close. A computer virus forced the Maryland Motor Vehicle Administration to shut all of its offices at noon Tuesday, August 12. The department expected to reopen its offices Wednesday, officials said. "We have closed all of our offices and facilities statewide. So there's no telephone service right now. There's no online service right now. There's no kiosk or express office service," MVA spokeswoman Cheron Wicker said. - - - - - - - - - - NJ Rabbi Admits He Tried To Meet Girl, 13, For Sex A rabbi pleaded guilty Tuesday to charges that he tried to arrange a sexual tryst with someone he thought was a 13-year-old girl he met over the Internet -- only to learn he had been talking with a detective. Rabbi Israel Kestenbaum, 55, of Highland Park, N.J., will receive five years probation under a plea deal he reached with prosecutors in state Supreme Court in Manhattan. - - - - - - - - - - Internet stings net 2 lawmen A West Point military policeman and a city correction officer were arrested yesterday in separate Internet sex sting operations, authorities said. Sgt. 1st Class Nelson Pardo, 39, of Highland Falls, Orange County, was busted in Bayside, Queens, where he planned to meet what he thought were 12- and 13-year-old sisters he met online, officials said. Pardo, who is assigned to the West Point Military Academy, sent the "sisters" nude photos of himself during the month-long sting, according to detectives with the NYPD computer investigation and technology unit who had posed as the girls. In the other case, a city correction officer was arrested after arranging to meet someone he thought was a 14-year-old boy but who actually was an undercover investigator for Nassau County prosecutors. - - - - - - - - - - Finland's Sonera Phone-Snooping Scandal Widens Employees of former Finnish telecoms monopoly Sonera violated the privacy of thousands by snooping into coworkers' phone calls and emails, police said on Wednesday, widening a scandal that shocked the Nordic nation. The National Bureau of Investigation said an investigation found Sonera employees monitored telephone and email records of about 100 of the telecoms company's staff in 2000 and 2001, more than previously thought. - - - - - - - - - - Thieves snatch PS1m phone, Xbox stash More than a million pounds' worth of mobile phones and games consoles were nicked from a lorry parked outside a Carphone Warehouse store near Birmingham early on Monday morning. Thieves got away with more than 7,000 Nokia mobile phones - including 6310is, 5100s and 3410s - with a trade value PS781,000 ($1.25 million). Also among the haul was more than 1000 Xbox consoles worth around PS130,000 ($208,330). - - - - - - - - - - FTC cracks down on Web page selling scam The U.S. Federal Trade Commission (FTC) has filed suit against a company that the agency charges is hawking Web presence over the phone and then charging its targets on their phone bill without their authorization. The company, Mercury Marketing, now doing business as, based in Philadelphia, calls small businesses, offers a Web page or an advertisement on the Internet and tells them they are legally obligated to pay for the services, the FTC said in a statement yesterday. Charges of $29.95 per month appear on customers' phone bills, according to the FTC.,10801,83966,00.html - - - - - - - - - - DOJ Pushes Stiffer Porn Law The Bush administration has appealed to the Supreme Court to reinstate a law that punishes website operators who expose children to dirty pictures and other inappropriate material. The court already has sided with the government once this year in its war against online smut, ruling that Congress can require federally funded public libraries to equip computers with anti-pornography filters.,1283,60018,00.html - - - - - - - - - - Hackers Claim New Fingerprint Biometric Attack Two German hackers say they have developed a technique to defeat biometric fingerprint scanners used to authenticate electronic purchasing systems. Unlike an earlier fingerprint attack developed by the pair last year, this system creates latex fingertip patches designed to be used while under observation. The hackers, known as Starbug and Lisa, presented their attack at the Chaos Computer Camp, an open-air event which took place last weekend in East Berlin. "We have developed methods to fake fingerprints on the run," said Lisa. - - - - - - - - - - Poindexter leaving DARPA After spending more than a year defending controversial counter-terrorism programs under his purview, John Poindexter says he will resign as director of the Defense Advanced Research Projects Agency's Information Awareness Office effective August 29. According to the Washington Post, Poindexter yesterday submitted a five-page letter of resignation to DARPA director, Anthony Tether, in which he wrote about the difficulty of explaining innovative technologies needed to help the U.S. intelligence community combat terrorism. "Although we have tried to be very open about our work, there is still a great deal of misunderstanding," Poindexter wrote, according to the Post. - - - - - - - - - - Companies struggling with data protection Only a handful of the UK's biggest companies can competently handle a data privacy enquiry. A survey of FTSE 100 companies by marketing consultancy Marketing Improvement, revealed that just four were able to comply with the Data Protection Act. - - - - - - - - - - NIST releases guidelines for IT security metrics The National Institute of Standards and Technology has released its final version of guidelines for developing metrics to help ensure agencies meet IT security requirements. NIST Special Publication 800-55, Security Metrics Guide for IT Systems is available online. Requirements for securing and evaluating IT systems are included in a number of laws, including the Clinger- Cohen Act, Government Performance and Results Act, Government Paperwork Elimination Act and the Federal Information Security Management Act. The laws do not specify how the evaluation is to be done, and the NIST document provides guidance on developing and using metrics to do this job. - - - - - - - - - - Spammers test new markets Pornographic spam is on the decline and is being replaced by growth in areas such as healthcare and online gaming, according to mail-filtering firm Clearswift. The change reflects an evolution in the kinds of spam that users are receiving, as filtering forces spammers onto new pastures, and success for certain products motivates the spammers to focus on areas where there are rich pickings. - - - - - - - - - - Telemarketers seek ways around do-not-call list The new National Do Not Call Registry already has 30 million telephone numbers in it, but enterprising telemarketers are trying hard to keep those phones ringing. - - - - - - - - - - Storage Security Gets More Complicated Networked storage brings big advantages to the enterprise and big security challenges to the IT Department. The shift to Storage Area Networks (SAN) and Network Attached Storage (NAS) is accelerating, with analysts predicting that by 2006 some 70 percent of enterprise information will be spread among Fibre Channel networks or attached storage devices. - - - - - - - - - - Navy taps Securify to manage legacy apps risk The U.S. Navy has awarded a $5.8 million contract to Mountain View, Calif.-based Securify Inc. that's designed to help the service tackle one of its most pressing security challenges: integrating thousands of legacy applications into its multibillion-dollar Navy/Marine Corps Intranet (N/MCI) program.,10801,83973,00.html - - - - - - - - - - NEC Solutions' presciption for security NEC Solutions America on Tuesday unveiled a three-layer data security product aimed at health care organizations that face patient privacy rules. Dubbed the "NEC MobilePro Tricryption System," the software is designed to keep sensitive information confidential by encrypting three elements: the actual data, the key needed to decipher the data, and a "key identifier" that acts as a kind of index for the initial key. - - - - - - - - - - Sun touts network identity systems When Stephen Pelletier, Sun Microsystems' VP of SunONE Network Identity, Communications and Portal products said recently that "a secure identity management infrastructure is a core foundation component to building the next generation of federated commercial Web services and is essential to managing the lifecycle of an identity - whether it be a person, community, device or service", he wasn't saying much different from anyone else who get excited about the potential of Web services, writes John McIntosh of Bloor Research. - - - - - - - - - - China reveals massive smart ID card plan China's 960 million citizens will be issued with digital smart ID cards, starting from next year. China will replace paper national identification (ID) cards with electronic identity cards starting in 2004, according to wire agency Dow Jones. The new digital ID card, which uses smart ID technology, will be carried by 960 million Chinese citizens. The embedded microchip in the plastic card stores an individual's personal information, which can be read and checked against databases kept by China's security authorities.,39020357,39115689,00.htm - - - - - - - - - - A firewall for IM: Just what we needed? This week, firewall solution provider Zone Labs is releasing a dedicated software product that it says offers the sort of protection no instant messaging user can do without. (Instant messaging protection is available as a feature in other, more comprehensive security suites.) Great. That's just what we needed.,14179,2914469,00.html Zone Labs Launches IM Security Tool - - - - - - - - - - Security Is in the Hands of the User A new Internet worm that spread across the globe Monday and Tuesday is a slap in the face to Microsoft's trusted computing initiative and a clear demonstration that a large portion of the responsibility for cybersecurity lies with individual users, not the companies that make software and computer systems. - - - - - - - - - - Prison for bomb blueprints? No regrets Sherman Austin is looking forward to a year in federal prison with the kind of equanimity that most people reserve for a trip to the doctor's office. The 20-year old anarchist was charged with distributing information about Molotov cocktails and "Drano bombs" on his Web site, Under a 1997 federal law Sen. Dianne Feinstein, D-Calif., championed, it is illegal to publish such instructions with the intent that readers commit "a federal crime of violence." - - - - - - - - - - Honeypot Farms For the past six months this series of papers has covered a breadth of honeypot topics. We have covered everything from what honeypots are, their value and different types, to common misconceptions and legal issues. However, one thing we have yet to discuss is deployment. How can you deploy honeypots in your environment? - - - - - - - - - - Oregon to unveil emergency link Oregon's Regional Alliance for Infrastructure and Network Security (RAINS) is planning an August 20 launch for an automated response system linking local emergency workers with organizations involved with homeland security. It will be one of the first automated secure links in the nation. RAINS executives will demonstrate this first production version of RAINS-NET to Portland city officials and then publicly announce that the link has "gone live". *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.