NewsBits for September 18, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ Computer Hacker Sentenced A St. Joseph, Missouri man was sentenced Wednesday, for hacking into his former company's computers without permission. 43-year old, Richard W. Gerhardt admitted downloading five-thousand user passwords from the computers at Friskies Petcare plant, where he worked as a temporary employee for nine months in 2001 and 2002. Friskies is part of Nestle USA, a division of an international company. - - - - - - - - - - Blaster trial set for November 17 The Minnesota teenager accused of unleashing a variant of the Blaster worm pleaded not guilty yesterday to a federal charge that carries a maximum sentence of 10 years imprisonment. Jeffrey Lee Parson, 18, of Hopkins, Minnesota, said little during his first appearance in a Seattle courtroom yesterday other than to confirm his age and identity, The Seattle Post-Intelligencer reports. His lawyers entered a not-guilty plea to a charge of "intentionally causing damage to a protected computer" on his behalf. Teen indicted for Internet 'Blaster' worm,10801,85118,00.html Teenage worm suspect pleads not guilty,39020375,39116470,00.htm - - - - - - - - - - Virus sender helped FBI bust hackers, court records say Federal prosecutors credited the man responsible for transmitting the Melissa virus -- a computer bug that did more than $80 million in damage in 1999 -- with helping the FBI bring down several major international hackers. Court documents unsealed Wednesday at the request of The Associated Press show that David Smith began working with the FBI within weeks of his 1999 arrest, primarily using a fake identity to communicate with and track hackers from around the world.,1282,60492,00.html - - - - - - - - - - Ex-School Official Admits Child Porn Role A former administrator at Samuel Gompers Middle School in South Los Angeles pleaded guilty in federal court to distributing child pornography over the Internet. Albert Pinedo, 60, a 25-year employee of the Los Angeles Unified School District, faces up to six years in prison. (LA Times article, free registration required),1,4940462.story - - - - - - - - - - Air Force cadet charged for running porn site Alleged sex scandal victims skeptical about reforms The Air Force Academy filed charges Wednesday against a cadet for running a pornographic Web site from his dorm room. Cadet 1st Class Sterling Barnes faces charges including using a government-provided computer to advertise and sell pornography for commercial gain, and wrongfully viewing, displaying and storing obscene material. - - - - - - - - - - New web worm warning The countdown to the next Windows web worm outbreak has begun. Malicious hackers are starting to circulate computer code that exploits recently found vulnerabilities in some versions of Microsoft's Windows operating system. The MSBlast worm that struck in August exploited similar vulnerabilities and caused havoc for many net-using firms. - - - - - - - - - - New virus preys on old IE flaw A new e-mail worm has started to spread quickly, taking advantage of an Internet Explorer vulnerability that was first disclosed two years ago. The bug, which has been alternately dubbed Swen and Gibe.F, appears to exploit a flaw that Microsoft first disclosed in a March 2001 security bulletin. Ken Dunham, manager of malicious code intelligence for Reston, Va.-based iDefense, said that Swen preys upon people's best intentions, appearing as an e-mail that purports to be a security update from Microsoft.,39020375,39116479,00.htm New worm poses risk to corporate networks,10801,85130,00.html - - - - - - - - - - Viruses 'a blessing in disguise' The SoBig and Blaster viruses could be a "blessing in disguise" as they can help IT departments apply a security policy to home users, according to the software manager at the Open University (OU). Next Sobig outbreak 'overdue',39020375,39116468,00.htm - - - - - - - - - - Kids charities demand ID parade for pre-paid punters UK child protection charities yesterday called for the mandatory registration of pre-paid mobile phones amid concern that paedophiles could use untraceable mobiles to access the Web. The Children's Charities' Coalition on Internet Safety (CHIS), a group of seven leading UK charities, wants to extend the safeguards that apply to establishing an Internet account to mobile phones. They want service providers to compile a register so that paedophiles are not able to shelter under the cloak of anonymity in accessing chatrooms or to visit illicit Web sites. - - - - - - - - - - Experts plot tactics to beat web crime The UK government's first e-crime conference in London talked tough on computer crime. The long- overdue initiative promised "joined-up thinking" with a frank discussion between industry security heads, police and government experts. - - - - - - - - - - Teenagers Emerge as Leading Cause of Cyber Crime The National Police Agency said yesterday that teenagers are the leading cause of cyber crimes such as hacking, the spread of computer viruses and the sale of counterfeit games. In a report presented to the National Assembly, the agency said the number of cyber crimes committed by teenagers was 16,620 between 2001 and July 2003, accounting for 42.2 percent of the total cases during the cited period. - - - - - - - - - - Distributors of DVD-copy software sued Hollywood studios Paramount Pictures and 20th Century Fox sued a handful of small software companies Wednesday, alleging that their distribution of DVD-copying software violates copyright law. The studios filed suit against Tritton Technologies, QOJ, World Reach and Proto Ventures in New York federal court, asking for unspecified damages and a court-ordered halt to the distribution of the various software packages.,1367,60494,00.html - - - - - - - - - - Punishing EU downloaders 'will alienate customers' Europe's Internet downloaders are avid music fans who own multiple gadgets and are as likely to buy a CD as anyone else, according to research released on Wednesday. The image belies the notion of the slacker teenager trawling the Internet for free music to hoard. They are regular shoppers in record stores today, and they are very likely to buy song downloads in the future, the researchers said.,39020372,39116469,00.htm - - - - - - - - - - Australian legislation cooks spammers New antispam legislation has been introduced into Australia's House of Representatives that allows for penalties of up to $733,000 ($1.1 million Australian dollars) per day for sending spam--and one lawmaker has called on the United States to follow suit with similar legislation. The spam bill would apply to spam that originates in Australia and contains a flexible sanctions regime that includes warnings, infringement notices and court-awarded penalties. UK law smashes consumer spam,39020330,39116473,00.htm,1283,60491,00.html,10801,85120,00.html Self-policing added to spam bill Spam policeman blasts new spam laws - - - - - - - - - - Yahoo Forcing Upgrade on IM Users In an effort to combat spam, Yahoo Inc. is requiring users of certain older versions of its Yahoo Messenger instant messaging client to upgrade by Sept. 24 or lose access to its popular IM network. But the move could have a side effect that company officials say was not the intent of the move: It could disable third-party IM clients and servicessuch as Cerulean Studio's Trillianthat commonly allow users to connect into multiple IM services at once.,4149,1273017,00.asp - - - - - - - - - - In DMCA war, a fight over privacy On May 16, 2002, top executives from the Recording Industry Association of America gathered to celebrate the Digital Millennium Copyright Act, a controversial law that Congress enacted in hopes of curbing online piracy. With glasses of champagne held high in the air, the RIAA, like-minded trade associations and friendly politicians--including at least one committee chairman--toasted the measure, one section of which permits copyright holders to unmask hundreds of suspected online pirates at a time. RIAA 'encouraging stalkers, molesters' - telco - - - - - - - - - - Recording industry cautiously eyes 'smart' CDs Recording companies are cautiously eyeing a new generation of smart CDs that promise to stifle music fans' ability to use file-swapping networks while still allowing them some freedom to make copies and share music. - - - - - - - - - - Oi! *Nix admin, get patching It's become a busy week for *Nix sysadmins with the release of patches over the last few days to resolve vulnerabilities with popular applications including Sendmail, openSSH and DB2. Those *Nix techies enjoying a sense of schadenfreude as their Windows sysadmin colleagues toiled to defend Windows systems against Blaster, Sobig, Nachi et all over the last month now have some work on their hands. IBM patches DB2 vulnerability IBM has released a software patch for a serious security vulnerability in some versions of its DB2 database, according to the security company that discovered the problems. If left unaddressed, the vulnerability could enable attackers to run malicious code on DB2 systems using the permissions of an administrative (root) account, according to Core Security Technologies Inc. in Boston.,10801,85085,00.html Patch issued for critical Sendmail flaw - - - - - - - - - - National ID cards - a privacy side-issue? Last week's decision by the UK cabinet to delay legislation on the introduction of a national ID card was made largely on the grounds of cost and doubts about the technology, but in a useful roundup of who's for and who's against, and why, today's Guardian reports that some "principled opposition" also exists. - - - - - - - - - - M&S benefits from email filtering Companies implementing an email filtering system should "keep things simple" and focus on key issues, according to Marks & Spencer's IT experts. - - - - - - - - - - Solaris to enlist military security The next release of Sun's operating system will add security features from Trusted Solaris, which was developed in partnership with the US government and military. Sun Microsystems has revealed that the next release of its Solaris operating system will contain enhanced security features developed through the company's close ties with the US military and intelligence services.,39020390,39116462,00.htm - - - - - - - - - - Have DoS Attacks Gone Out of Style? DoS attacks have mutated, merging with more advanced worms and viruses, as was the case when Blaster surfaced in August -- and analysts expect DoS to be a more and more frequent part of worm payloads. Less than two months after computer users sighed that the Year 2000 scare was only so much hubbub, the Internet world was racked by a series of attacks that made people question whether what had been touted as the most significant medium in history was as safe as they had thought. - - - - - - - - - - Wireless Network Policy Development (Part One) The need for wireless policy has never been greater. 802.11/a/b/g wireless networks (WLANs) [1] have taken the Information Technology world by storm. With 35 million units expected to sell in 2003 and with a predicted growth rate of 50-200% compounded year over year through 2006, wireless is here to stay. The benefits of wireless connectivity in the business world are immense; they come in the form of flexibility, convenience, portability, increased productivity, relatively low cost, and ease of implementation. These benefits are not without an expense, though. The same aspects that make wireless so desirable in terms of usability and productivity can also become an Achilles heel if the proper security measures are not addressed throughout the network's life-cycle. - - - - - - - - - - Army wants to fine-tune intelligence data sharing Lt. Gen. Keith Alexander, the Army's deputy chief of staff for intelligence, said he went to Iraq for a week early last month and found that the force "didn't have the full power of the intelligence community at its fingertips." That was evident when soldiers stood very near a terror suspect yet had no idea how dangerous he was because they didn't have access to his file, Alexander added. *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.