NewsBits for November 26, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ Due to the Thanksgiving holiday in the US, NewsBits will not be produced on Thursday 11/27 and Friday, 11/28/03. Normal distribution will return on Monday, 12/01/03. RJL ************************************************************ Ex-MS worker jailed for black market racket A former Microsoft worker was sent to jail for 17 months yesterday after admitting she stole software valued at $6 million from Microsoft's internal store. Kori Robin Brown, 31, of Spokane in Washington, will also be subject to a three year supervision order following her release, under a sentence imposed yesterday by US District Judge Marsha J. Pechman. Brown, a former administrative assistant in Microsoft's Xbox video console and games division, pleaded guilty to mail fraud charges in July.,10801,87589,00.html - - - - - - - - - - 10-year sentence in molestation case A 46-year-old Santa Rosa man convicted of molesting a 12-year-old neighbor and threatening to post photos of her on the Internet was sentenced Tuesday to 10 years in prison. Rickie Lester Bauman pleaded no contest in October to two counts of child molestation. According to the Probation Department, Bauman invited the girl to his Leo Drive home last July to play chess. He gave her alcohol, showed her pornography and repeatedly molested her, investigators said. He also took sexually explicit photos of the girl and said he would post them on the Internet, the report said. Investigators said they discovered the images on his computer, but there is no evidence they were ever put on the Internet. - - - - - - - - - - Center Twp. Man Fined for Possession of Child Porn A Center Township man on Friday was fined $500 and placed on probation for possession of child pornography. Judge William Martin placed Keith Fisher, 49, of Graceton under court supervision for five years for his guilty plea to the charges. A state-police computer-crime specialist charged that Fisher, while using the screen name "enchanedlover," transmitted several child-pornography images in October 2002 to an unidentified Internet user. - - - - - - - - - - Woman waives hearing in Internet sex case A 47-year-old woman who allegedly assisted her 14-year -old daughter in arranging Internet encounters waived her right to a preliminary hearing Tuesday. According to the criminal complaint, the woman and her daughter sent explicit images of themselves over the Internet. The images resulted in two men traveling to Clintonville to meet the 14-year-old girl. An 18-year-old from New York and a 41-year-old from Janesville were arrested. - - - - - - - - - - Man Arraigned On Child Porn Charges A long-distance bust landed a Rockland, Mass., man in court, charged with distributing child pornography. NewsCenter 5's David Boeri reported that Maryland police conducting an Internet sting tipped off investigators in Massachusetts. Richard Schirmer, 33, was arrested Tuesday and charged with possessing and distributing child pornography. According to Maryland police, they found Schirmer offering pornographic images of children in a computer chat room called "100 Percent Pre-Teen Girls." - - - - - - - - - - Taxi driver jailed after pedophilia images found on computer A PAEDOPHILE taxi driver was jailed yesterday after police found pictures of children as young as four on his computer. Father-of-one Geoffrey Barnes, 53, was caught as part of the FBI-led Operation Ore worldwide crackdown on internet pornography. Police discovered Barnes' credit card had been used to pay for access a child porn website. Prosecutor Tom Crowther said detectives discovered 181 indecent pictures and 35 movie files on two computers seized at Barnes' home. - - - - - - - - - - Trojan poses as naked XXX pics Windows users were warned today to be on their guard for a new Trojan that poses as a racy attachment to a saucy email. The Sysbug-A Trojan is disguised as an attachment containing naked pictures of a young couple. It's actually malicious code that, if run, allows hackers to gain control of vulnerable computers. - - - - - - - - - - Anti-spam law touted An official with Alberta's privacy commissioner says Canada needs to work with other countries on anti-spam laws if unwanted e-mail messages are to be halted. Tim Chander, issues manager with Alberta's office of information and privacy, says provincial and federal legislation next year might help stop messages that promise to fix your credit or enlarge your penis. But then again, he says, it might not. Senate approves minor changes to anti-spam bill Lawmakers: Spam Bill Is a Turkey - - - - - - - - - - Cybercrime Agency gets the EU Go-Ahead The European Union has given final approval for the creation of a Cybercrime Agency, described as an Interpol for the Internet. The Brussel based European and Network Information Security Agency (ENISA) was given the go-ahead to start operating in early 2004 and will help police forces from all over the continent co-ordinate their efforts by supporting the internal European Union market by facilitating and promoting increased cooperation and information exchange on issues of network and information security. - - - - - - - - - - New Explorer 6 active scripting flaw reported Security researchers in Denmark are warning users to disable "active scripting" in Microsoft Corp.'s Internet Explorer 6.0 Web browser to prevent attackers from targeting and taking remote control of their PCs. Niels Rasmussen, CEO of security research company Secunia ApS in Copenhagen, said yesterday that the latest vulnerabilities "allow malicious Web sites and viruses to bypass the security zone settings in Internet Explorer.",10801,87582,00.html - - - - - - - - - - Help on the way for ID theft victims Identity theft victims will have a wide swath of new rights under a federal law passed by Congress over the weekend, including free annual credit reports. But the bill essentially erases a number of state measures that provided even stronger protections for consumers. And questions remain about the ability of federal regulators to enforce some of the new provisions designed to help ID theft victims clean up the financial fallout and paperwork problems that result from the crime. - - - - - - - - - - U.S. funds study of tech monocultures The National Science Foundation has granted $750,000 to two universities to study how diversifying information systems and software could help fend off future cyberattacks, the agency said Tuesday. The study, proposed by Carnegie Mellon University and the University of New Mexico almost a year ago, will seek to identify commonalities in software that could be used as the basis for attacks. Such common vulnerabilities would point to a computer "monoculture" --a population so homogeneous that a single threat could destroy it. - - - - - - - - - - Deakin joins cyber-terror battlefield A DEAKIN University research team is developing a new weapon to fight the war against cyber-terrorism. Professor Lynn Batten is leading the research into a new form of wireless network data encryption, which she hopes will prevent hackers from accessing major organisations' sensitive information. Prof Batten said financial institutions, military organisations, hospitals, and governments who used wireless computer networks were currently at risk. - - - - - - - - - - ISP's "Black Box" is accessible to Law Enforcement As it is known, Verhovna Rada of Ukraine passed the bills developed for monitoring Internet and fighting cyber-crime. According to Security Service of Ukraine, the access to ISPs black boxes will be limited; these data will be accessible to high- ranking officers of Security Service of Ukraine by special order. However some funds believe that there is a certain attack of special services to freedom of the Internet and telecommunications. Thereupon, Reporters Without Borders addressed to Prime Minister of Ukraine Mr. Victor Yanukovich with call to carry out consultations on issue freedom of speech with organizations and experts engaged in the Internet activity. - - - - - - - - - - Smart-card crypto engine gets certification A flash-based secure cryptographic controller for smart cards from Atmel Corp. of San Jose, Calif., has been granted a Common Criteria Evaluated Assurance Level 4+, augmented to Assurance Vulnerability Assessment-Vulnerability Analysis.4. The AVA-VLA.4 augmentation represents a high level of assurance against sophisticated attacks, according to the National Institute of Standards and Technologys Computer Security Resource Center. - - - - - - - - - - Government to press on with ID cards Plans to introduce identity cards have been included in the Queen's Speech today, marking a significant testing ground for biometric security technology. Barclaycard trials new security method - - - - - - - - - - Fighting Spammers With Honeypots: Part 1 Like most advertising flyers found in postal mailboxes, millions of emails -- now classically referred to as spam -- fill email inboxes around the world everyday. Spam can be considered as the most annoying cyber-pollution that targets all of us with tons of unsolicited emails. Those emails usually contain advertisements and spammers are paid to spread as many of them as possible. Fighting Spammers With Honeypots: Part 2 - - - - - - - - - - Peter Cochrane's Uncommon Sense: Holistic security "We have the ability to be far more subtle and capable." A one-dimensional, internet-centric approach to security could leave us economically and militarily vulnerable. So what's the answer? Peter Cochrane says it needn't be heavy-handed.,39024643,39117079,00.htm Bill Gates Talks Seamless Computing, Security, And Linux - - - - - - - - - - Top 10 disaster recovery tips Each week asks a different expert to give their views on recent virus and security issues, with advice, warnings and information on the latest threats. This week Stephen Owen, EMEA product manager at Adaptec, runs through the basic steps for ensuring that IT disaster doesn't entail doom for your business. *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.