NewsBits for October 24, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ NatWest customers targeted in 'phishing' scam Net fraudsters have targeted NatWest customers in the latest fake email scam. Reg readers report receiving emails today purporting to be a security check from NatWest, which are in reality attempts to trick users into handing over sensitive account information to fraudsters. - - - - - - - - - - Code Thieves Strike Again Theft of source code is back in the spotlight. Alibre, a software company based in Richardson, Texas, alleges that a former employeeafter being terminatedhas begun illegally distributing a product called "RaceCAD," which Alibre says is actually its product, Alibre Design. Alibre officials say the problem came to light last week. Alibre's claim comes on the heels of the theft of source code for the video game Half Life.,4149,1361952,00.asp - - - - - - - - - - Man gets prison for cyber crime A Chester County man, who used the Internet to solicit sex with a person he believed to be a 12-year-old girl but who actually was two Montgomery County detectives, will spend the next three to six years behind bars at a state prison. "I am very pleased," said county Assistant District Attorney W. Todd Stephens on Thursday, commenting on the sentence issued by county Judge Thomas M. Del Ricci to Leonard "Lenny" Dowlin, 43, of Coatesville. - - - - - - - - - - Tech ignorance, vague laws lead to mistaken conviction Computer administrator Bret McDanel discovered a security flaw in his company's software. He warned his managers. They ignored his pleas. So he quit and fired off thousands of e-mails alerting customers to the problem. The vulnerability at Tornado Development Inc. finally got fixed. But McDanel was charged and convicted of causing damage under the federal Computer Fraud and Abuse Act. - - - - - - - - - - Jumping Flea worm lifted to high risk alert ANTI VIRUS firm F-Secure said it has raised the level of danger to two on the Flea computer worm, which sits in HTML-mail and auto activates when a message is opened using Microsoft Outlook. The Flea then connects to a web site, and delivers its bite by executing Javascript code without users being aware of what it's doing. Level two is the second highest alert level in F- Secure's classification. The firm said it has received many reports of this worm affecting computers in Asia and Europe. Experts predict new virus rampage,39020645,39117356,00.htm Viruses bruise Microsoft's bottom line,39020645,39117358,00.htm Microsoft Patches Its Patches - - - - - - - - - - New law would require computer security audits, status reports New legislation being drafted in the U.S. House of Representatives, which could be introduced as early as next week, would require all publicly traded companies to conduct independent computer security assessments and report the results yearly in their annual reports.,10801,86455,00.html - - - - - - - - - - Court slaps fine on song-sharing Web site in South Korea The operators of a Korean-language Web site that lets users share songs free of charge were convicted Friday of aiding and condoning copyright violations. The District Civil Court in Suwon, south of Seoul, slapped a 19.6 million won (US$17,000) fine on Yang Jung-hwan and his brother, Yang Il-hwan, who created the file- sharing Web site ``Soribada'' -- ``Sea of Sound'' in Korean -- in 2000. Regulators nearing decision on Internet piracy of digital TV - - - - - - - - - - Court to Rule on Cyber Cafe Regulations Garden Grove hopes the rules it imposed to stem a rash of crime are allowed. Owners say the restrictions have killed their business. An appeals court will determine within 90 days whether to uphold a Superior Court decision to prevent Garden Grove from imposing strict regulations on cyber cafes, which city officials have said attract gangs and violence. (LA Times article, free registration required),1,2911110.story - - - - - - - - - - University receives grant to fight hackers Scientists at Iowa State University are using a $500,000 grant from the U.S. Justice Department for a "cyber-defense" laboratory to fight computer hackers. The grant allowed ISU to move forward with plans for the Internet-Scale Event and Attack Generation Environment, or ISEAGE, pronounced ice age. - - - - - - - - - - UTSA workers research cyberterrorism San Antonio is becoming a major player in the fight against cyberterrorism. On Wednesday, representative Lamar Smith touted a program at the University of Texas at San Antonio. It comes after Secretary of Defense Donald Rumsfeld questioned whether the United States is winning or losing the war against terrorism. - - - - - - - - - - Hotmail promises better spam-catching Microsoft says using 'white lists' of approved addresses will help reduce the spam plaguing its Hotmail users. Taking a new twist on an old anti-spam method, Microsoft plans to use white lists for its free Hotmail email service.,39020375,39117359,00.htm Antispam methods aim to merge California Chalks Up a Spam Win,1367,60968,00.html Carphone Warehouse warned over SMS spam - - - - - - - - - - Defense Department drafts RFID policy The U.S. Department of Defense will give radio frequency identification technology a massive boost with a new policy requiring its suppliers to use RFID chips. The RFID policy, announced Thursday, is the latest step toward wider adoption of the controversial technology, which civil liberties groups fear could lead to unprecedented surveillance of consumers. Advocates say RFID chips will revolutionize supply- chain systems by making it far easier to identify and process inventory. MIT takes RFID to next stage,39020357,39117360,00.htm - - - - - - - - - - Brill: Thumbs up on private ID venture Newsweek columnist and Court TV founder Steven Brill is launching a venture to distribute identity cards that will allow people to speed through fast lanes at airport, office building and sports arena security checkpoints with a thumbprint scan. Brill-- author of "After," a chronicle of the security and privacy challenges faced after the Sept. 11 terrorist attacks -- has formed Verified Identity Card Inc., which will issue the cards, perform background checks and match databases against the government's list of known terrorists.,1367,60965,00.html OMB backs off plans for central authentication gateway - - - - - - - - - - Wireless Security Watch IT departments that think they can say no to wireless and handhelds are in a state of denial; it's already here. The benefits of wireless are too compelling to put the technology genie back into the bottle. Warning: While you're hanging around the IT water cooler fretting about wireless security, critical corporate data could be walking out the door hanging from someone's keychain. The smiling stranger in the hallway you just asked for the time should have responded, "It's 10 a.m. Do you know where your data is?" - - - - - - - - - - Survey: Porn Found Often on Work Computers Many of us apparently forget that our office computer belongs to the boss - along with all the Internet material you may load onto it. Two-thirds of human resources professionals said in a survey they've discovered pornography on employee computers. Nearly half of those, 43 percent, said they had found such material more than once. - - - - - - - - - - Yo, Mr. CEO, Get Our Point Now? A privacy group hired a skywriter to write part of the Social Security number of Citigroup's chief executive above New York City on Friday, protesting the bank's lobbying efforts to keep lawmakers from tightening privacy regulations and demonstrating that even the privacy of bank executives is at risk. Working during a break in cloud cover, an airplane scrawled the first five digits of CEO Charles Prince's Social Security number in 15-story numerals above Citigroup's global headquarters in midtown Manhattan.,1367,60964,00.html,10801,86453,00.html - - - - - - - - - - Q&A: DNS inventor Paul Mockapetris on Internet security The critical DNS system is more robust at the top, he said. Paul Mockapetris invented the Internet's core Domain Name System (DNS), which is a highly distributed hierarchical database that translates Web names into Internet Protocol addresses, and vice versa. Without it, the Internet as it's structured today wouldn't work. In an interview this week with Computerworld, he talked about the state of the DNS a year after the first distributed denial-of-service attack on the system.,10801,86457,00.html - - - - - - - - - - FBI chief extols benefits of post-9/11 tech upgrades The government has made great strides in technology improvements since the Sept. 11, 2001, terrorist attacks, FBI Director Robert Mueller said Friday. "New combined databases and analytical tools are helping us draw patterns and connections from a sea of data in ways we could not prior to September 11," Mueller said at the annual meeting of the International Association of Chiefs of Police (IACP). - - - - - - - - - - Satellites help slash Karachi car thefts, kidnaps Unpleasant shocks await car thieves in Karachi. With the click of a computer mouse, a satellite tracking system allows remote operators to seize control of the stolen vehicle, bring it grinding to a halt, and snap its locks shut as police swoop in. *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.