NewsBits for February 23, 2004 sponsored by, Southeast Cybercrime Institute - ************************************************************ Ex-ViewSonic employee sentenced to one year A U.S. federal court sentenced Andrew Garcia, a former employee of monitor maker ViewSonic, to a one-year prison term for using other employees' passwords to break into the company's system, after he had been fired. The 39- year-old network administrator pleaded guilty in October to a single count of accessing a protected computer and causing damage. - - - - - - - - - - Waiters face fraud charges They recruited one young woman who worked at the Tied House restaurant in downtown San Jose, police said, and another while she was waiting tables at Dave & Buster's in Milpitas. The pitch was always the same: Restaurant workers could make easy money by secretly ``skimming'' their customers' credit cards through a little black box. While members of an alleged fraud ring have pleaded not guilty to conspiracy and other criminal charges, police reports obtained by the Mercury News suggest that leaders of the group were often brazen about enlisting young food servers to help steal credit card numbers and other account information. - - - - - - - - - - US woman in 419 kidnap terror ordeal Let's face it - it's not every day that you get an email from one of President Kennedy's former squeezes who finds herself rather inconveniently imprisoned in a hole in the ground with only a computer for company and $10m dollars to give away to worthy causes. - - - - - - - - - - In Michigan, Internet police prowl for predators At first glance, the 20-by-30 foot room could pass for a dorm room. Its walls and desks are covered in Marvel Comics actions figures. Superhero figurines rest atop computers. But the people who occupy the room are not teenagers, they are investigators with the Wayne County Sheriff's Internet Crime Unit. Posing as teenagers, they surf the Internet from their office in the county jail, accessing chat rooms in search of people trying to arrange dates with minors. - - - - - - - - - - Program shields anonymous flaw sleuths The U.S. Department of Homeland Security is asking companies to send it tips about flaws in the nation's technological infrastructure under a law that guarantees that the information will be protected from public disclosure. Called the Protected Critical Infrastructure Information (PCII) Program, the initiative allows companies to report security vulnerabilities in their products that may affect the nation's security without revealing the flaws to the wider public and opening the companies up to liability.,39020375,39147141,00.htm US vuln info-sharing program draws fire A long-anticipated program meant to encourage companies to provide the federal government with confidential information about vulnerabilities in critical systems took effect Friday, but critics worry that it may do more harm than good. - - - - - - - - - - Browser Hole Discovered After Code Leak A bug hunter last week claimed to have uncovered a security flaw in Microsoft Corp.'s Internet Explorer 5 Web browser by studying Windows source code that was leaked earlier this month.,10801,90326,00.html - - - - - - - - - - Web bookmakers tool up against blackmail hack attacks Internet gambling site Betfair has warned that blackmail threats from hackers are a serious problem. It's attempting to protect itself from threats of DDoS attacks. Internet- based bookmakers are tightening up their IT security in response to the threat of hackers who are threatening to attack their Web operations.,39020330,39147278,00.htm - - - - - - - - - - Summit on Net security Let's hope that no major virus hits the Internet this week, because many of the security professionals who fight such attacks will be busy at the RSA Conference in San Francisco. The show, at which techies and businesspeople talk over all aspects of electronic security, is expected to draw 10,000 attendees to Moscone Center. The event started 13 years ago with a focus on cryptography, the code-making that is the basis for computer security. RSA: Security vendors to build bridges at hot show,10801,90384,00.html Information security is about people RSA Keeps RFID Private RSA Security Inc. will unveil a finished version of its RFID "Blocker Tag" technology that prevents radio-frequency identification tags from being read. The technology, which RSA plans to demonstrate at its namesake conference this week in San Francisco, is one of the industry's first attempts to secure the anticipated oceans of consumer tracking data to be gathered by the tiny radio-powered tags.,4149,1536569,00.asp - - - - - - - - - - Trojans as spam robots: the evidence German magazine c't says it has evidence that virus writers are selling the IP addresses of PCs infected with Trojans to spammers. Spammers use these infected systems to unlawfully distribute commercial email messages, without the knowledge of their owners. The enemy within,3605,1153307,00.html - - - - - - - - - - HP aims to throttle Net threats Computing giant Hewlett-Packard plans to announce two services this week aimed at slowing down fast- spreading viruses and immunizing networks against threats. - - - - - - - - - - IE plug-in enables secure-document viewing Microsoft has released an add-on for Internet Explorer that enables the Web browser to view secure documents created with the latest version of the company's Office productivity software. As previously reported, Office 2003 includes new security capabilities that enable document authors to restrict access to a file. Companies need to be running Windows Server 2003 and Windows Rights Management Services in order to utilize the features. - - - - - - - - - - Fingerprint controls mobile access Atrua Technologies, a start-up backed by some of the top names in technology and telecommunications, on Saturday unveiled its first product -- a cellphone touchpad with built-in fingerprint recognition as a security feature. Atrua, funded by the venture capital arms of Ericsson, Nokia and Intel, said its "Atrua Wings'' product worked like the touchpad on many laptops, allowing users to scroll through menus and choose items with the touch of a finger. The same sensor, Atrua said, also acts as a fingerprint reader, increasing the security of wireless transactions and simplifying the sign-in process on secure Web sites.,39020360,39147151,00.htm - - - - - - - - - - Mobile Carriers Provide Handsets for Security Nowadays, mobile handsets are indispensable parts of everyday life. And that becomes increasingly true as the digital gadgets start to protect their owners in times of trouble. Starting this month, LG Telecom, the domestic wireless operator, launched a novel security service, named ``Aladdin,'' for the first time in the country. Under the new offering, an Aladdin-enabled handset takes a picture of the dangerous situation in which the owner is in and sends the picture to three preset persons along with location information by the push of a button. - - - - - - - - - - Weakness in Digital Evidence Targeted Photo manipulation is a snap by computer, and court challenges can result. New techniques buttress reliability, but some police stick to film. When Victor Reyes went on trial for murder last year, the technology that fingered him was supposed to be a star witness. Police in Florida had used software known as More Hits to determine that a smudged handprint they had found on duct tape wrapped around a body but originally couldn't decipher implicated Reyes in the 1996 killing. (LA Times article, free registration required),1,2983732.story - - - - - - - - - - Controversial government data-mining research lives on The government is still financing research to create powerful tools that could mine millions of public and private records for information about terrorists despite an uproar last year over fears it might ensnare innocent Americans.,2100,62390,00.html Senator demands action on TSA data-sharing flap Deal awarded for DOD, FBI security plan - - - - - - - - - - Bill Would Permit Posting Facts About Sex Offenders on Internet Like dozens of other law enforcement agencies throughout the state, the San Jose Police Department had installed computers in each of its stations that listed sex offenders covered by Megan's Law. But last year, only 430 people came to check them out, reflecting the statewide decline in the database's popularity since it debuted with much fanfare in 1997. (LA Times article, free registration required),1,1427968.story - - - - - - - - - - 419 haiku results delayed The results of our 419 haiku competition have been postponed after hundreds of wannabe poet laureates jammed El Reg inboxes with 17-syllable masterpieces. Accordingly, the results - which will announce who has won one of our magnificent Strategy Boutique t-shirts - will be announced later in the week. *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2004,, Campbell, CA.