NewsBits for November 17, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ Community service for Al-Jazeera hacker A Web designer was sentenced to community service for hijacking the Web site for the Arab satellite news channel Al-Jazeera and redirecting its traffic to a site showing a U.S. flag and the words "Let Freedom Ring." - - - - - - - - - - VARs assist in DoS crisis The channel has come to the rescue after six online businesses were bought down by denial of service (DoS) attacks. Criminals used DoS to crash web sites and demanded PS50,000 from each victim to stop the attacks. Police are investigating the incidents and the companies involved are using the channel to upgrade their IT defences. - - - - - - - - - - Internet provider sentenced in child porn case The owner of an Internet service provider was sentenced to 40 years in prison for violating his felony probation by possessing child pornography. Phillip Warren Roberts, 45, co-owner of Century Alpha Inc. in Waco, had been on deferred probation since pleading guilty in August 2000 to two counts of indecency with a child in the molestation of an 11-year-old girl. After authorities caught him with child pornography in October at his home in Lacy-Lakeview near Waco, prosecutors filed a motion to revoke his deferred probation. - - - - - - - - - - Former teacher gets three years on child porn charges A former teacher accused of having thousands of pornographic images of children on his computer received a three-year prison sentence. Arthur Vespignani, 29, of Blairstown, also chatted online with an undercover investigator who he thought was a 14-year-old girl, prosecutors said. Vespignani, who was arrested in January 2002, had taught in the Stanhope school district in Sussex County. He pleaded guilty in July to attempted sexual assault and distribution of child pornography, both second-degree crimes that carry up to 10- year prison terms upon conviction.,0,3664572.story - - - - - - - - - - Priest accused of soliciting sex with a minor over the internet A former Massachusetts priest accused of soliciting sex with a minor over the Internet is scheduled to stand trial next week in Hillsborough County Superior Court. Jury selection is set to begin Monday in the case of Frederick Guthrie, 67, of Newbury, Mass. His trial is expected to begin later in the week, according to the prosecutor, Assistant County Attorney Roger Chadwick. Guthrie is accused of using America Online to try to "seduce, solicit, lure or entice" a city police officer posing as a 15-year-old boy. He faces two counts of misuse of computer services, a felony carrying up to 3 1/2 to seven years in prison. Guthrie claims he sent e-mails telling the "boy" that he wasn't interested in sex. He also argues the officer was ambiguous about his purported age. - - - - - - - - - - Agents snare cyber predators on their own turf Sgt. Dave Torsiello is a veteran police investigator who learned to play different roles during his years as a Fort Worth vice officer. These days, the persona he most often assumes is that of a lighthearted 13-year-old who likes to chat online with strangers. Torsiello sits before a computer on the 15th floor of a state office building, simultaneously carrying on four different conversations. Within minutes, "Becky" is receiving nude photos from one messenger and an offer to have a "nasty phone chat" from another. - - - - - - - - - - New Zealand police warn about gold credit card scam from China New Zealand police issued a warning on Monday about a global gold credit card scam being run from an Internet website in China. People targetted are asked to fill in an application form and send a fee of five New Zealand dollars after which they receive a global gold card in the mail, apparently dispatched from an address in Auckland. - - - - - - - - - - Garage gadget wins digital copyright case In a closely watched technology lawsuit, a federal judge has ruled that a garage-door opener designed as a replacement for a model made by a rival manufacturer does not violate the nation's digital copyright law. "Consumers have a reasonable expectation that they can replace the original product with a competing universal product without violating federal law," Judge Rebecca M. Pallmeyer said. - - - - - - - - - - Online fraud threat grows Retailers, and online shops in particular, face growing costs from online fraud, according to a new report. They are therefore being advised to set up better systems to identify and prevent fraudulent transactions. - - - - - - - - - - Further data security laws on the way Although a US draft bill calling for compulsory annual security audits to be carried out by publicly listed companies has been delayed until early next year, security experts said regulations of this kind are inevitable, both for US and UK firms. Group fleshes out ID rules - - - - - - - - - - Exchange flaw leaves systems 'open to spammers' The guest account function in Exchange 5.5 and 2000 can leave networks vulnerable to becoming a spammers' tool, warns an expert. Administrators of email systems based on Microsoft's Exchange might have spammers using their servers to send unsolicited bulk email under their noses, a consultant warned this week.,39020375,39117923,00.htm,10801,87222,00.html - - - - - - - - - - Security fixes still bug firms Microsoft's patching policies came in for fresh criticism last week, as it shifted the date of its regular patch bundle to the second Tuesday of the month and delayed several key updates. Gates gets serious about spam, security - - - - - - - - - - Road Runner messages 'censored', newsgroups complain Media giant Time Warner appears to be censoring subscribers to its Road Runner Net access service by corrupting newsgroup messages it fears contain pirated material. For the past fortnight, users of the $44.95 a month service have been complaining that the vast majority of newsgroups messages are incomplete, making them unreadable. - - - - - - - - - - Computer hacking: potentially a new kind of war in the Middle East The Middle East accounts for just over 1 per cent of hacking globally a statistic about unauthorized breaking into computer systems that may not necessarily jolt you. But take a closer look. In the United Arab Emirates alone, hacking in the first six months of this year grew 300 percent over the last six months of 2002. - - - - - - - - - - RSA signs deals with Microsoft and Accenture Microsoft to embed ClearTrust access management software into its identity and access products. Security vendor RSA has signed partnerships with Microsoft and Accenture for its Identity and Access Management product range. Microsoft is to build RSA's ClearTrust 5.5 web access management into its own identity and access software. - - - - - - - - - - Uni virus writing course 'is madness' A PLAN to teach virus writing at university has come under severe criticism at a conference of the Association of anti-Virus Asia Researchers. "Stopping virus writers is the job of law enforcement, not of computer science graduates," Dr Vesselin Bontchev, a computer virus and security expert at FRISK Software in Reykjavik, Iceland, said at the Sydney conference.,4057,7893491%255E15322,00.html - - - - - - - - - - Will that be cash, fingerprint or cell phone? No need to carry credit cards or cash. No need to haul around cards for the ATM, video store, gas station or frequent-flier program. It would all be replaced by just your fingerprint. Or perhaps your cell phone. Or a round piece of plastic the size of a quarter. - - - - - - - - - - It wasn't me, it was the Trojan horse Remember the Twinkie defense? Well, now there's the Trojan horse defense. That's right: In three recent court cases in the United Kingdom, defendants pleaded not guilty on the basis that someone else put code on their computer (via a Trojan horse) that caused their machines to break the law. - - - - - - - - - - Security takes more than patch management Keeping a network secure requires more than just reacting to problems - it needs proactive strategies to reduce the chance of a successful attack. Patch management is a little like flossing your teeth. Everyone knows they're supposed to do it, but most of us still don't. Some pundits say the simple answer for patching lies in proactivity. Get the patch applied before an incident occurs, and keep the problem from occurring rather than fixing it after the fact. That's a simple truth, but in practice, it's a lot harder to pull off than it sounds. It also contradicts the way security is usually addressed.,39020415,39117926,00.htm - - - - - - - - - - Oracle Row Level Security: Part 2 In part one of this short article series we looked at some of the advantages of Oracle's row level security, what it can be used for, and looked at a simple example of how it works. We'll conclude this series by testing the policies that have been setup, demonstrate a few of the data dictionary views that allow for management and monitoring, cover some other issues and features, and then see if the data can be viewed by hackers or malicious users through the use of trace files. Oracle Row Level Security: Part 1 - - - - - - - - - - Terrorism futures market gets second lease on life The Policy Analysis Market in terrorism futures that created such a stir that the Defense Advanced Research Projects Agency dropped it like a hot potato in July is back. The market, which is intended to be an analysis tool to track and predict events in the Middle East, was developed for DARPA by Net Exchange of San Diego. - - - - - - - - - - 'Secret' RFID test draws consumer ire Wal-Mart carried out a wireless-chip experiment that allowed cosmetics company employees to observe shoppers via a Webcam, it has been revealed. Wal-Mart Stores and Procter & Gamble quietly tested a controversial new retail technology earlier this year that allowed P&G employees to observe shoppers via a Webcam as they removed cosmetics from shelves, representatives of both companies confirmed Friday.,39020357,39117924,00.htm *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.