NewsBits for August 18, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ No 'Blaster' Worm Ripples, Microsoft Says The second wave of an Internet attack by the "blaster" worm barely caused a ripple, according to Microsoft Corp. It said it had no major problems from the worm's attempt to turn thousands of infected computers into instruments targeting the software company's Web site and network. The Redmond-based company had not noticed any extraordinary network congestion, spokesman Sean Sundwall said. There were also no reports of customers having major problems accessing the targeted Web site, which houses a software patch that fixes the flaw exploited by the worm. http://www.latimes.com/technology/la-na-briefs17.1aug17,1,4093078.story http://www.cnn.com/2003/TECH/internet/08/16/microsoft.blaster.ap/index.html http://www.cnn.com/2003/TECH/internet/08/15/microsoft.blaster/index.html http://computerworld.com/securitytopics/security/story/0,10801,84110,00.html Windows Update still standing despite Blaster http://www.theregister.co.uk/content/56/32378.html Mistake foils Blaster Denial of Service http://www.vnunet.com/News/1143058 http://www.newsfactor.com/perl/story/22107.html Virus Fails to Hit Microsoft, but Users Are Not So Lucky http://www.latimes.com/technology/la-fi-worm16aug16,1,6275344.story http://news.zdnet.co.uk/internet/security/0,39020375,39115770,00.htm Blaster infects 30,000 PCs per hour http://www.vnunet.com/News/1143069 Worm wakes security concerns, but lesson may not stick http://www.siliconvalley.com/mld/siliconvalley/news/editorial/6561058.htm - - - - - - - - - - In MSBlast's wake, a DirectX threat Microsoft seems to have survived the MSBlast worm attack, but now the company is urging Windows users to patch their systems against a different, and potentially more dangerous, vulnerability in its software. Even though most businesses have installed the patch for MSBlast, there is another vulnerability that could overshadow last week's events. On July 23, Microsoft posted a security bulletin on its Web site that describes a "critical" vulnerability in DirectX. According to the company, unprotected systems could be at the mercy of an attacker by simply playing a midi file or visiting a malicious Web page. http://zdnet.com.com/2100-1105_2-5065096.html http://news.zdnet.co.uk/0,39020330,39115773,00.htm http://news.com.com/2100-1002_3-5065117.html http://www.gcn.com/vol1_no1/daily-updates/23186-1.html http://www.washingtonpost.com/wp-dyn/articles/A9531-2003Aug18.html http://www.msnbc.com/news/952935.asp http://computerworld.com/securitytopics/security/story/0,10801,84126,00.html Microsoft to simplify patching http://www.vnunet.com/News/1143060 New worm blasts Microsoft (series of stories) http://zdnet.com.com/2251-1110-5062637.html - - - - - - - - - - Sansom Park man gets 10 years in child porn case A 49-year-old gravel truck driver who authorities say had hundreds of lewd images of children loaded onto computers, floppy disks and videos inside his Sansom Park home has been sentenced to 10 years in prison. Dennis Hayes Croxton, whose wife is a kindergarten teacher, reached an agreement with prosecutors last week and pleaded guilty to two counts of possession of child pornography. He was sentenced to 10 years in prison on each, although the sentences will run concurrently. http://www.dfw.com/mld/startelegram/news/local/6560825.htm - - - - - - - - - - Warrants issued in child porn case Three warrants were issued this week for the arrest of a Dexter man in connection with allegations linking him to child pornography. Dexter police this week issued warrants for the arrest of Jonathan D. Corbin, 31, of Dexter in a case that has been under investigation for several weeks. Police received a complaint from a computer repairman and an employee at a local rent-to-own company on July 25 regarding the incident. http://news.mywebpal.com/partners/884/public/news482828.html - - - - - - - - - - Milford Man Faces Child Porn Charges A Milford man who was allegedly at the center of a child pornography Web site was in court Monday, facing formal charges. Thomas Richards was charged with 50 felony counts of possession of child pornography. Because felonies are outside the jurisdiction of the court, no plea was entered at the proceedings. Richards was arrested after a two- month investigation that stretched overseas, including Great Britain and Austria. Prosecutors said they continue to look at all possible charges regarding Richards. Police have previous charged Richards with using his home computer to operate a child pornography Web site. http://www.thewmurchannel.com/news/2412455/detail.html - - - - - - - - - - Clerk's porn charge 'nightmare' A clerk at the House of Commons has told a court he thought he was having a nightmare when he was accused of downloading child pornography. Father-of-two Phillip Lyon said: "My legs turned to jelly. I started sweating. I could not believe it. It was like a nightmare - a dream I thought I was going to wake up from. "I started crying. I was totally distressed. I did not know what to do." Mr Lyon, 38, from Stanford-le-Hope in Essex, denies 12 counts of making an indecent image of a child between October 2001 and April 2002. Giving evidence in his defence at Southwark Crown Court on Monday, Mr Lyon denied ever having downloaded images of children which were indecent, or pictures which were likely to be of children which were indecent. http://news.bbc.co.uk/2/hi/uk_news/england/essex/3161275.stm - - - - - - - - - - Citibank Warns Customers of Phishing Scam Citibank on Monday warned customers not to fall for an e-mail scam that threatened to shut down their checking accounts if they failed to provide their Social Security numbers. http://www.washingtonpost.com/wp-dyn/articles/A9991-2003Aug18.html http://www.msnbc.com/news/954099.asp http://www.usatoday.com/tech/news/computersecurity/2003-08-18-citi-phishing_x.htm - - - - - - - - - - RIAA says it isn't targeting small downloaders The Recording Industry Association of America says it will not go after small violators when it sues people who illegally share songs on the Internet. The assurance came in a written response to questions by Minnesota Sen. Norm Coleman, chairman of the Senate Governmental Affairs' Permanent Subcommittee on Investigations. Coleman plans to hold hearings on the RIAA's campaign, which he has labeled ``excessive.'' http://www.siliconvalley.com/mld/siliconvalley/news/editorial/6562543.htm http://news.com.com/2100-1027_3-5065369.html http://www.washingtonpost.com/wp-dyn/articles/A10937-2003Aug18.html - - - - - - - - - - Ashcroft: Patriot Act on Parade Attorney General John Ashcroft will visit states key to President Bush's re-election to defend the government's use of the antiterrorism USA Patriot Act, which is drawing increased criticism as a threat to civil liberties. After an opening speech Tuesday at a conservative Washington think tank, Ashcroft will embark on a campaign-style road trip, delivering remarks Wednesday and Thursday to law enforcement audiences in Philadelphia, Cleveland, Detroit and Des Moines, Iowa. http://www.wired.com/news/politics/0,1283,60083,00.html - - - - - - - - - - Helped by Technology, Piracy of DVD's Runs Rampant in China Even before "The Matrix Reloaded" opened in China's cinemas in July, Liu Ying watched it twice. Like many Chinese fans of the popular "Matrix" science-fiction franchise the latest is called "Hacker Empire" in Chinese Mr. Liu watched the movie in his home, on an unauthorized or "pirate" DVD copy. The DVD appeared soon after the film's American release earlier this year. http://www.nytimes.com/2003/08/18/business/media/18PIRA.html - - - - - - - - - - Overcoming Inertia on Porn Two years ago, Dallas police officers, U.S. postal authorities, and the Justice Department announced the arrests of 100 people in a global Internet child pornography ring. More than 250,000 people from 60 countries were paid subscribers, netting organizers more than $1 million a month. The bust has led to the arrests of hundreds of suspects around the world. But comparatively few arrests have been made in Canada, even though police have the names of over two thousand suspects. Many understaffed police units have not followed up on the names and credit card numbers of the 2,300 Canadians who downloaded images advertised as child porn. Child porn generates $3 billion annually in online sales, according to a report by Internet Filters Review. http://www.christianitytoday.com/ct/2003/009/9.30.html - - - - - - - - - - NTIA Says Filters Work Well Enough The National Telecommunications and Information Administration (NTIA) says currently available Internet blocking or filtering technology protection measures have the capacity to meet the needs of schools and libraries to comply with the Children's Internet Protection Act (CIPA) and to assuage the fears of free speech advocates. http://dc.internet.com/news/article.php/3065211 - - - - - - - - - - Defense to test ID-checking prototype The Defense Department in October will begin testing a prototype credential-checking system. The pilot will help DODs Directorate of Information Assurance and Defense Manpower Data Center develop a system that can validate the identities of people trying to gain access to military installations and contractor facilities where Defense work is performed. The DOD center, which oversees the Defense databases storing identity information, will work with Northrop Grumman Corp. on the test. The directorate, within the Office of the Assistant Secretary of Defense for Networks and Information Integration, is paying $500,000 for the test, which will run through March. http://www.gcn.com/vol1_no1/daily-updates/23188-1.html - - - - - - - - - - Pocket Wi-Fi sniffers end missing hotspot misery Road warriors know the frustration: you're in a foreign city and want to find a Wi-Fi access point. Normally that means looking on the Internet for site directories that can tell you where the nearest hotspots are located, such as WiFinder or WiFiMaps. Most of the time, it's trial and error. Now, there is a much easier solution. US peripherals maker Kensington has introduced worlds first: a detector that will locate Wi-Fi networks. No more booting up your notebook to find a Wi-Fi signal. http://www.theregister.co.uk/content/68/32374.html - - - - - - - - - - Corralling Security Data Like many companies, Online Resources Corp. has deployed host- and network-based intrusion-detection systems (IDS), firewalls and antivirus tools on its networks. But until it installed a security event management suite, the company had a hard time dealing with the deluge of data pouring in from its various security systems. Not only was the incoming data voluminous and highly unreliable, but the IT staff also had to collect it from each system and then manually correlate it. http://computerworld.com/securitytopics/security/story/0,10801,83978,00.html - - - - - - - - - - The sad tale of a security whistleblower Opinon Previous articles in this space have discussed whether security professionals can go to jail for doing things like demonstrating the insecurity of a wireless network, or conducting a throughput test on a system without permission. Now, a new and unwarranted extension of the US computer crime law shows that you can go to jail for simply telling potential victims that their data is vulnerable. http://www.theregister.co.uk/content/55/32381.html - - - - - - - - - - Online gripe forum tackles mobile spam If you've being ticked off by poor service or peeved by annoying mobile spam messages, help is at hand. Grumbletext provides a forum to publicise UK mobile phone scams. It's a Vmyths for the mobile generation, with more interactivity built in. http://www.theregister.co.uk/content/6/32387.html - - - - - - - - - - Fake drugs force makers to play spy games Drug companies are turning to spy novel gizmos invisible inks, tiny radio-frequency antennas and the like to help stop counterfeiters from faking or adulterating prescription drugs. Counterfeits represent a fraction of the $192 billion U.S. drug market. But investigators in recent months have seized a variety of fakes. They include Lipitor pills that contained only small amounts of the ingredient needed to lower cholesterol and vials of an expensive cancer drug filled with only bacteria-laden salt water. http://www.usatoday.com/tech/news/2003-08-17-fakedrugs_x.htm - - - - - - - - - - E911 tracking--an invasion of privacy? I recently bought a Nokia 3650 cell phone, a curvaceous feat of engineering that includes a video camera, Bluetooth, Symbian's Java operating system, and Internet connectivity. About the only feature the Nokia lacks is a Global Positioning System (GPS) receiver. But it turns out that even without a GPS receiver--which can calculate someone's location through satellite positioning--your wireless provider may still be collecting and recording pretty detailed information about your whereabouts. http://zdnet.com.com/2100-1107-5065012.html - - - - - - - - - - Open Line Saves 2 From Intruders Woman drops phone but doesn't hang up. Three thousand miles away, a relative calls 911. Grace Richardson believes that she and her husband survived when two armed men burst into their Virginia home because the intruders interrupted a phone call with her sister in California. On the evening of Aug. 10, Richardson was talking to Betty Gates, who lives near Fresno, when the gunmen arrived and held Richardson and her husband, Marvin, at gunpoint. http://www.latimes.com/technology/la-me-saved17aug17,1,1862527.story - - - - - - - - - - Wireless Growth Hinders Rescuers As a fellow officer battled a house fire with a garden hose this spring, Anne Arundel County police officer Patrick A. Fisher had to drive several blocks away from the scene in order to get a strong enough radio signal to allow him to summon firefighters. The explosive growth of the mobile phone industry has crowded and tangled the nation's airwaves to such an extent that wireless company signals are increasingly interfering with emergency radio frequencies used by police and firefighters, public safety agencies said. http://www.washingtonpost.com/wp-dyn/articles/A7270-2003Aug17.html *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.