NewsBits for January 14, 2004 sponsored by, Southeast Cybercrime Institute - ************************************************************ Computer containing airline ticketing info stolen Airlines Reporting Corp. (ARC), an airline-owned financial transaction processing company, said yesterday that two computers, one of which contained airline ticketing data, have been stolen. It wasn't clear where the computers were taken from, or when, and the Arlington, Va.-based company offered few details about the theft.,10801,89062,00.html - - - - - - - - - - University student first to be sentenced over internet porn A university graduate is facing jail under tough new Queensland laws aimed at catching pedophiles preying on children in internet chat rooms. Matthew William Ross Kennings will be the first person sentenced under the laws next month after pleading guilty in the District Court in Brisbane yesterday. The 26-year-old refugee centre volunteer was charged in July last year with intending to procure a person he believed to be under 16 years old to engage in a sexual act. The new laws were introduced two months beforehand, with police and the state's Crime and Misconduct Commission setting up a joint operation to target offenders. Kennings was caught after making contact with one of the officers who was posing as a 13-year-old girl using the name BeckyBoo13 in internet chatroom MSN Whisper. - - - - - - - - - - List of victims in teacher case grows to six A federal judge ordered a Gresham middle school teacher to remain jailed after investigators said Tuesday that the teacher had inappropriate or sexual contact with at least six boys. John J. McPartlin, 42, of east Portland's Parkrose area is charged with using the Internet to solicit sex from minors. In a transcript of an Internet chat filed as part of a U.S. District Court affidavit, McPartlin wrote that he paid at least $200 to two boys, ages 17 and 13, to have sex with him simultaneously. - - - - - - - - - - Greenburg man accused of asking teenager for phone sex Police say a Greensburg man accused of asking a teenager for phone sex also stored multiple child pornography images on his computer. Robert D. Walker, 52, of 129 Talbot Ave., was charged last week with calling a 15- year-old Iowa girl he met in an Internet chat room, asking her questions about what she was wearing, and referring to her as a "slave girl." A state police examination of Walker's computer showed the hard drive contained 29 images of child pornography, according to an affidavit of probable cause. - - - - - - - - - - Student charged in child porn case A UA student has pled guilty to charges of downloading child pornography and sharing the material over the Internet while he lived in a campus residence hall last fall, officials said. Donilo Phillip Colich, 20, was charged with one count of attempted sexual exploitation of a minor under 15, a class 2 felony, according to UAPD Sgt. Eugene Mejia. Colich, originally indicted on 11 counts, received 10 years of probation last week, which includes no access to children and the Internet. He will also have to register as a sex offender, said Assistant County Attorney Kathleen Mayer. On Nov. 12, 2002, an unknown person from Switzerland notified the UA webmaster that Colich had been using the KaZaA file-sharing program to download child pornography in his room in the Manzanita-Mohave Residence Hall, 1010 N. Park Ave. The webmaster notified the computer management division on campus, which was able to trace the files back to an IP address that corresponded to Colich's computer. - - - - - - - - - - The Colony resident victim of Internet fraud, trend growing Police said the resident, who asked not to be identified, had gone online to purchase Internet advertising for his Web site. He paid several hundred dollars to a Phoenix-based company for a series of so-called "Web ads." However, the resident never received services for his payment and soon found himself in the middle of what Phoenix police called an "Internet fraud ring." - - - - - - - - - - South Korea probes North Korea's cyber-casino Security authorities here have launched a crackdown on South Koreans who have gambled through a "cyber- casino" run by North Korea's state lottery company, officials said Tuesday. The Cyber Crime Investigation (CCI) of the South Korean police said 16 people have been referred to prosecutors for a probe. - - - - - - - - - - Second Oscar 'Screener' Finds Its Way Onto Internet A copy of "The Last Samurai" has surfaced online, the Academy of Motion Picture Arts and Sciences said the day after it announced it was investigating the appearance on the Internet of the comedy "Something's Gotta Give." The academy said Warner Bros., which distributed "The Last Samurai," reported the incident Tuesday. The studio declined to say whether it had identified the source of the unauthorized copy.,1,933765.story The Good, the Bad and the Pirated Britain Steps Up Piracy Campaign,1412,61914,00.html - - - - - - - - - - US Supreme Court refuses to hear appeal "We do more than just fax marketing," claims on its web site. "We have assisted several missing children organizations, law enforcement agencies and individuals with fax poster alerts." - - - - - - - - - - Legislation to fight Net prowlers halted An effort by Sen. Jeff Denham, R-Merced, to better nab Internet child-sex prowlers died in a committee hearing Tuesday when not enough senators showed up to vote. Senate Bill 882 failed on a 2-0 vote in the Senate Public Safety Committee. The bill needed a majority, or four votes, to move out of the six- member panel. Denham expressed disappointment that his bill died because of procedural rules. A similar effort passed out of the same committee two years ago but later stalled. - - - - - - - - - - Police given power to lock up your data UK firms have been warned to prepare for impending changes to national law that will give the police powers to deny staff access to offices and mission critical data in the event of a major incident. Under proposed amendments to the Civil Contingencies Bill, the police will be able to evacuate danger areas should a "catastrophic incident" occur. - - - - - - - - - - No relief from Microsoft phishing bug Tuesday's edition of Microsoft's monthly bundle of security advisories features an omission that should keep online fraud artists and identity thieves happy: over one month after its discovery, there is no official patch available for a bug in Internet Explorer that lets swindlers pass off counterfeit websites as the real thing. - - - - - - - - - - J.R.R. Tolkien estate wins cybersquatting case The estate of J.R.R. Tolkien won a cybersquatting case on Tuesday as the final installment of the film of his epic trilogy, "Lord of the Rings: The Return of the King," continued to top the worldwide box office. Alberta Hot Rods, a Canadian-based operator which registered and linked it to its commercial celebrity Web site, was found to have no legitimate rights, the World Intellectual Property Organization (WIPO) said in a ruling.,7204,8387596^15318^^nbv^,00.html - - - - - - - - - - Haiti kisses ICANN ring, rewarded with control over own domain In Geneva recently, the worlds governments got together in the first ever meeting dedicated to discussing the effect of the Internet on the world. It very nearly fell apart after a huge split over who should be running the Net - the semi-autonomous private Californian company still beholden to the US government, ICANN, or the international standards body responsible for telecommunications across the globe, ITU. - - - - - - - - - - Currency Detector Easy to Defeat Anti-counterfeiting provisions in the latest version of Adobe Systems' flagship product have proven little more than a speed bump, but company representatives insist that including them was the right thing to do. Adobe acknowledged last week that its Photoshop CS digital editing package includes a "counterfeit deterrence system" designed to prevent users from accessing images of currency.,1377,61890,00.html - - - - - - - - - - Microsoft rolls out security bundle THE FIRST monthly security bundle for Windows software include fixes for bugs in its Internet Security and Acceleration Server. That software is used to regulate IP telephony. Three new Microsoft security patches released,39024655,39117781,00.htm Microsoft update ignores spoofing hole,39020375,39119095,00.htm VOIP, Video-Conferencing Apps Face Security Risk,4149,1435887,00.asp?kc=EWRSS03119TX1K0000594 UK govt finds security flaws in VoIP and texting technology,39020345,39119076,00.htm Security firms put up 'Personal Firewall Day' - - - - - - - - - - EarthLink tool hunts down spyware The company's Spy Audit software is intended to ferret out unwelcome programs that take up surreptitious residence on a computer's hard drive, typically when someone downloads freeware or shareware but also through e-mail and instant messaging. Those programs keep track of a computer user's online activity and can be difficult to locate and remove. Problems that arise from spyware's presence can range from the annoying --a barrage of pop-up ads--to the menacing, including the potential for data corruption and theft of personal information. - - - - - - - - - - Network Associates Adds Anti-Virus Protection For Handhelds Network Associates on Tuesday added a new anti-virus defense product to its security portfolio, one that targets enterprises with employees carrying Microsoft Pocket PC and Windows Mobile devices. Dubbed McAfee VirusScan PDA Enterprise, the new software installs a small anti-virus client on the mobile gear, but can be managed by the IT staff using Network Associates' McAfee ePolicy Orchestrator (ePO), an overseer's tool that sets and enforces security policies. ISS adds spam filter with Cobion buy - - - - - - - - - - Novell targets Web services security Novell is integrating its identity management and Web services software in a way that it says will ease customers' ability to secure corporate networks. The company on Wednesday released Nsure Identity Manager 2, an update to its server software for authenticating access to networks and managing user passwords. Next week, Novell is expected to release exteNd Suite 5, the latest edition of its Java-based server software and Web services development tools. - - - - - - - - - - SMC Unveils Wireless PCI Cards That Extend Range, Security SMC Networks Tuesday introduced two new wireless PCI cards the Irvine, Calif.-based networking vendor says boosts the power and security of its existing PCI cards. The SMC2512W-B EliteConnect 2.4GHz 802.11b High Power Wireless PCI Card is set to become available this month at an MSRP of $109.99. - - - - - - - - - - Keeping systems properly stitched Patch management is not new. Eight years ago, TuneUp Utilities (from TuneUp Software GmbH) and Oil Change (now owned by Network Associates Inc.) gave individuals the ability to scan their computers for a variety of software updates and apply the latest versions automatically. Unfortunately, the average user showed little interest in keeping up with the changes, and automated updating died out. - - - - - - - - - - Problems and Challenges with Honeypots For the past 18 months we have seen a tremendous growth in honeypot technologies. Everything from OpenSource solutions such as Honeyd and Honeynets, to commercial offerings such as KFSensor are commonly available. However, as with any relatively new technology, there are still many challenges and problems. In this paper we take an overview of what several of these problems are, and look at possible approaches on how to solve them. By identifying these problems now, we can hope to make honeypots a stronger technology for the future. - - - - - - - - - - Standardizing on Security The Linux standards group publishes 565 pages of data describing a standards-compliant Linux package. So why aren't any of them about security? Things that are created in an open fashion tend to be the best of breed. They they benefit from the entire world seeing them at their most basic level, and parties collaborating to enhance them and make them better. Open technology is an example of this. *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2004,, Campbell, CA.