NewsBits for October 15, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Jury mulls verdict in UK teen hacking case The jury in the trial of a UK teen accused of an electronic attack on a major US port retired today to consider its verdict. Aaron Caffrey, 19, of Shaftesbury, Dorset, allegedly hampered the operations of the Port of Houston by initiating an attack that crippled its Web-based systems for hours in the early hours of September 21 2001. This was the result of a misdirected attack by Caffrey against a fellow chat-room user, the prosecution claims. http://www.theregister.co.uk/content/55/33413.html - - - - - - - - - - Net paedo jail sentence increased A British paedophile who sexually abused two 13 year-old girls he groomed using Internet chatrooms has had his jail sentence extended 18 months by the Court of Appeal. Michael Wheeler, 36, an electronics engineer from Cambridgeshire, was sentenced in June to three years for unlawful sex and indecent assault on the two girls. http://www.theregister.co.uk/content/6/33407.html - - - - - - - - - - Security company warns of Hotmail worm Security company Finjan Software has warned of a security vulnerability in Microsoft's Hotmail web- based e-mail service, but Microsoft said that the hole has already been closed. The latest security flaw, known as a cross-site scripting vulnerability, could be used to create an internet worm that steals e-mail addresses from Hotmail users' accounts, captures credit card numbers or installs Trojan horse programs, Finjan said. http://www.computerweekly.com/articles/article.asp?liArticleID=125671 http://news.com.com/2100-1002_3-5091695.html http://computerworld.com/securitytopics/security/holes/story/0,10801,86095,00.html - - - - - - - - - - Microsoft warns of four new Windows flaws Microsoft Corp. warned consumers Wednesday about four new flaws in its popular Windows software as the company shifted to monthly alerts for serious problems that could let hackers break into computers. In particularly embarrassing disclosures, Microsoft acknowledged problems in its technology to authenticate software publishers over the Web and in its Windows help and support system. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/7021315.htm http://www.securityfocus.com/news/7213 http://www.msnbc.com/news/980779.asp http://www.wired.com/news/technology/0,1282,60832,00.html http://computerworld.com/securitytopics/security/holes/story/0,10801,86099,00.html DoS attack warning for Windows 2000/XP http://www.vnunet.com/News/1144366 http://news.zdnet.co.uk/internet/security/0,39020375,39117148,00.htm Trojan compromises email delivery http://news.zdnet.co.uk/internet/security/0,39020375,39117149,00.htm Microsoft accelerates Windows security update http://news.zdnet.co.uk/0,39020330,39117154,00.htm http://zdnet.com.com/2100-1105_2-5091381.html Microsoft releases monthly security fixes http://zdnet.com.com/2100-1105_2-5091835.html Why Ballmer doesn't get it on security http://zdnet.com.com/2100-1104_2-5090865.html Donk-D network worm begins its rounds The network worm and backdoor Trojan, Donk-D, has been reported in the wild, warns anti-virus company Sophos. Copying itself to network shares with weak passwords, it also attempts to spread by exploiting the now-familiar vulnerabilities in Windows RPCSS service - This allows the worm to execute its code on target computers with System level priviledges, which was the flaw first addressed by Microsoft security bulletin MS03-026. Backdoor Trojan functionality also enables a remote attacker to control the computer via IRC channels. http://www.pcpro.co.uk/?http://www.pcpro.co.uk/news/news_story.php?id=48748 - - - - - - - - - - Threat of mobile virus attack real Mobile phone operators say it is only a matter of time before the wireless world is hit by the same sorts of viruses and worms that attack computer software. With an increasing amount of information being sent through wireless channels, new threats are opening up. http://www.cnn.com/2003/TECH/10/15/itu.security/index.html - - - - - - - - - - RIAA presses court for swappers' names The Recording Industry Association of American wants a federal court to make public the names of 93 customers of an Internet cable provider who swapped songs illegally. The Recording Industry Association of America is pressing a federal court to ignore cable Internet provider Charter Communications' attempt to keep private the names of 93 subscribers who allegedly traded songs online illegally. http://news.zdnet.co.uk/business/legal/0,39020651,39117159,00.htm Fan to RIAA: It Ain't Me, Babe http://www.wired.com/news/digiwood/0,1412,60814,00.html - - - - - - - - - - Law update to deal with cyber-crime Hackers, cyber-vandals and computer virus spreaders will face up to 10 years jail under legislation to be introduced in South Australia. It will also be illegal to modify computer data without permission, impair electronic communication, or possess a computer virus with the intention of committing a serious computer offence. http://abc.net.au/news/australia/sa/metsa-15oct2003-14.htm - - - - - - - - - - Prosecutors admit error in conviction of computer administrator Federal prosecutors said they made a mistake in getting a computer administrator convicted for exposing flaws in his employer's computer system and asked an appeals court to reverse his conviction. In a motion filed Tuesday, Assistant U.S. Attorney Ronald L. Cheng said his office made ``an error'' in its prosecution against Bret McDanel. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/7020049.htm http://www.securityfocus.com/news/7202 http://www.msnbc.com/news/980675.asp - - - - - - - - - - UK anti-spam delegation urges cooperation British officials have met American counterparts to discuss joint efforts at turning the tide of unwanted email. British officials on Tuesday urged their US counterparts to cooperate in their fight against "spam'' email, downplaying differences between the two countries' legal approaches to unwanted commercial marketing. http://news.zdnet.co.uk/internet/security/0,39020375,39117152,00.htm http://www.nzherald.co.nz/storydisplay.cfm?storyID=3528951 http://www.theregister.co.uk/content/6/33408.html Survey: Internet Users Want No-Spam List http://www.washingtonpost.com/wp-dyn/articles/A29944-2003Oct15.html - - - - - - - - - - Taking Different Tacks on Piracy Warner Home Video skips copy-protection technology on 'Matrix' DVD, while Universal adds digital watermark. The home video release of "The Matrix Reloaded" boasts all the extras expected on a blockbuster DVD, with one notable exception: an extra layer of protection against piracy. (LA Times article, free registration required) http://www.latimes.com/technology/la-fi-matrix15oct15224419,1,5924627.story - - - - - - - - - - Feds Cramming Privacy Reports For the first time ever, nearly every government database is undergoing top-to-bottom scrutiny. Soon good government groups and even citizens will get a look into how these systems work and what data they contain. While many of the agencies running the largest database systems already have missed the deadline for submitting initial privacy impact reports, privacy groups and federal agencies' privacy officers say that the new process, not the deadline, is what matters. http://www.wired.com/news/privacy/0,1848,60782,00.html - - - - - - - - - - Sandvine offers anti-worm weapon At ITU Telecom World in Geneva, Sandvine announced new worm mitigation capability for its Peer-To-Peer Policy Management platform. In addition to dramatically reducing the network impact of peer- to-peer file sharing, Sandvine's platform can now monitor peer-to-peer and all other Internet traffic for worm signs, neutralizing malicious code in transit before it crashes network performance. http://www.globetechnology.com/servlet/story/RTGAM.20031015.gtsand1015/BNStory/Technology/ - - - - - - - - - - HotBrick debuts dual-WAN security boxes with managed service HotBrick Security Solutions a Miami, Fla hardware start-up and managed firewall provider Wednesday plans to debut a pair of dual-WAN security appliances for small offices. The HotBrick Firewall VPN 600/2 and 1200/2 each include a stateful packet inspection firewall, VPN server, URL blocking and intrusion detection and prevention. The dual-WAN ports let small businesses set up two broadband connections to ensure business continuity for critical applications such e-mail and credit card processing. The devices support cable, DSL, T-1, and wireless Ethernet WAN interfaces. http://www.nwfusion.com/net.worker/news/2003/1015hotbrick.html - - - - - - - - - - Forgot your PC password again? The technology, based on biometrics - identifies individuals based on biological traits -- has begun to take off in a world where credit card fraud and identity theft runs rife. Attention confounded consumers: there's a high-tech solution that could render obsolete your growing jumble of credit card pin numbers and computer passwords -- and it's as plain as the nose on your face or fingerprint. http://www.ciol.com/content/news/2003/103101513.asp http://www.cnn.com/2003/TECH/ptech/10/15/biometrics.password.reut/index.html - - - - - - - - - - Attackers may lurk inside the firewall Corporations should be as concerned about personal computers inside the network perimeter as those riding its boundary, warns Symantec's security team. Vincent Weafer, senior director of Symantec Security Response, said cyber-attackers are shifting their efforts from outside the intranet boundary to inside. http://zdnet.com.com/2100-1105_2-5091375.html - - - - - - - - - - The joy of patching Each week vnunet.com asks a different expert to give their views on recent security issues, with advice, warnings and information on the latest threats. This week Andrew Warriner, head of technical support at ON Technology, considers the benefits to IT managers of employing centralised, automated patch management to ensure a higher standard of network security. http://www.vnunet.com/News/1144360 - - - - - - - - - - FBI systems still need work, IG says The FBI's technology systems still suffer from weak security planning and management and inefficient access controls, according to a Justice Department Inspector General report released Oct. 14. The bureau has been the subject of numerous information technology audits listing hundreds of recommendations over the years, and it needs a process to ensure those studies are followed up, the report says. http://www.fcw.com/fcw/articles/2003/1013/web-ig-10-15-03.asp Datatrac to run FBI call centers http://www.fcw.com/fcw/articles/2003/1013/web-fbi-10-15-03.asp - - - - - - - - - - Agilent measures market for tool against terrorism Agilent Technologies has a new piece of ammunition in the fight against terrorism: a lab-on-wheels. The Palo Alto company has developed a mobile laboratory, installed in a van, that's able to detect everything from anthrax, arsenic and Ebola virus to sarin nerve gas. Agilent is marketing its van as a way to protect communities nationwide that were shaken by the Sept. 11 terrorist attacks. http://www.siliconvalley.com/mld/siliconvalley/7017993.htm *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.