NewsBits for March 3, 2004 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Dueling Viruses Are Latest Computer Pest The programmers behind the ongoing wave of computer worms and viruses hitting the Internet are starting to take aim at each other, and consumers and businesses around the world are getting caught in the crossfire, security experts said yesterday. http://www.washingtonpost.com/wp-dyn/articles/A28548-2004Mar3.html http://computerworld.com/securitytopics/security/virus/story/0,10801,90767,00.html Worm authors talk trash Security researchers have discovered that the authors of MyDoom and Bagle are exchanging insults with the author of Netsky using text that is hidden inside the virus's code. Since Friday, more than 10 variants of the Netsky, Bagle and MyDoom worms have been discovered. Mutants spreading in the past 24 hours have contained messages that indicate the authors of MyDoom and Bagle have teamed up against Netsky's author, antivirus experts said. http://zdnet.com.com/2100-1105_2-5168983.html http://msnbc.msn.com/id/4422372/ http://www.vnunet.com/News/1153225 http://www.newsfactor.com/story.xhtml?story_title=Virus_Writers_Mouth_Off_at_Each_Other&story_id=23291 http://www.usatoday.com/tech/news/computersecurity/2004-03-03-worm-wars_x.htm http://www.theregister.co.uk/content/56/36006.html With new Bagle and Netsky worms, March comes in with a roar http://computerworld.com/securitytopics/security/virus/story/0,10801,90629,00.html 10th Variant of Bagle Worm Hits the Net http://www.eweek.com/article2/0,4149,1542019,00.asp - - - - - - - - - - Clerk stashes 20m porn pics A 34-year-old accounts clerk has been jailed for five years after being convicted for possessing almost half a million indecent images of children. Andrew Tatam, 34, from Moulton near Spalding in Lincolnshire, admitted to possessing 495,524 images - thought to be to UK's largest collection of illegal images of children. http://www.theregister.co.uk/content/6/35982.html - - - - - - - - - - Ex-Librarian Sentenced Former University of Pennsylvania library director Paul Mosher was sentenced today to seven years probation. Mosher possessed about 5000 images of child pornography at his home and work computer. Mosher was eligible for up to 14 years in prison and a 30-thousand dollar fine. He resigned from the University last year following his arrest. http://abclocal.go.com/wpvi/news/3304-childpornsentence.html - - - - - - - - - - Man Arrested For Allegedly Having Sex With 2-Month-Old An El Dorado Hills man is being held without bond on federal child pornography charges after agents on Monday said they seized images from his home showing him performing sexual acts with a 2-month- old girl. U.S. Immigration and Customs Enforcement agents said the girl is one of the youngest sexual assault victims they have ever encountered. Larry Michael Jeffs, 41, was arrested at his home Thursday after the agents said they found explicit video images showing him engaging in sexual acts with the infant, who is now 8 months old. Jeffs is alleged to have distributed the images over the Internet, where they were recovered during a child pornography investigation in Detroit. The agents said they traced the images to Jeffs' e-mail. http://www.local6.com/news/2889866/detail.html - - - - - - - - - - Coach arrested in child sex solicitation A youth basketball coach has been arrested on charges of soliciting sex from a purported 13-year- old girl on the Internet. The girl turned out to be Eric Theisen, an investigator with the Douglas County Sheriff's Office who said he had online chats with 28-year-old suspect Jason Andrew Cain. Cain, a former teacher, was released on bond Friday after being advised of charges of enticement of a child and attempted sexual assault on a child. The sheriff's office said Cain and Theisen engaged in 12 live chats since mid- December, each becoming more sexually explicit until the proposed Thursday meeting, Lt. Tim Moore said. http://rockymountainnews.com/drmn/local/article/0,1299,DRMN_15_2699521,00.html - - - - - - - - - - Supreme Court debates online smut law A lawyer for the Bush administration has argued that the U.S. Supreme Court should uphold a law that protects children from Internet pornography. The case pits the free speech rights of adults against the power of Congress to control Internet commerce. Solicitor General Theodore Olson told the justices on Tuesday that indecent material is "persistent and unavoidable" and causes "substantial psychological and physiological damage on children." http://www.cnn.com/2004/LAW/03/02/online.smut/index.html Supreme Court Signals Curb to Online Porn http://www.latimes.com/technology/la-na-scotus3mar03,1,543912.story Justices Hear Arguments on Internet Pornography Law http://www.nytimes.com/2004/03/03/politics/03SCOT.html More than 100 000 websites with child porn http://www.crime-research.org/news/03.03.2004/103 - - - - - - - - - - FBI Seeks Identity of Child Porn Suspects The FBI announced a new effort Wednesday to disseminate photographs of unidentified child pornographers in hopes that they will be recognized and arrested. The initiative is part of the FBI's "Innocent Images" program to combat sexual exploitation of children on the Internet. Since the program began in 1994, more than 3,000 people have been arrested on charges related to child sex. FBI officials said the new initiative uses child pornography images from the Internet. Photos are made of unidentified adults whose faces are visible in the scenes, then put on television shows and law enforcement Web sites. The photographs are edited to ensure no children are seen. http://www.foxnews.com/story/0,2933,113177,00.html - - - - - - - - - - OMB: Security improvements needed The federal government is moving in the right direction on information security, but progress in many areas remains slow, according a report that Office of Management and Budget officials submitted to Congress today. Despite a budget increase of $1.5 billion in fiscal 2003 to pay for information security improvements, 24 of the largest federal departments and agencies still fell short of security goals that they were required to meet by law. http://www.fcw.com/fcw/articles/2004/0301/web-fisma-03-03-04.asp - - - - - - - - - - Phishing scam 'most devious ever' An email attempting to trick Australian online-banking customers into divulging their details has been labelled the most 'devious' example that an antivirus vendor has encountered. A prominent antivirus vendor has described the latest email fraud scheme targeted at Westpac bank customers as the most "devious" the company has ever encountered. http://news.zdnet.co.uk/internet/security/0,39020375,39147979,00.htm - - - - - - - - - - Worms nibble away at ISP profits Worms are proving to be both a financial and managerial headache for Internet service providers. Dealing with worms that travel over their networks could cost North American ISPs as much as $245 million in 2004, according to a study released Wednesday by peer-to-peer management company Sandvine. For service providers worldwide, the overall expense could reach $370 million. The totals include the cost of tactical response teams, swamped customer support resources, higher transit costs, and likely customer churn due to a loss of positive brand image over time. http://zdnet.com.com/2100-1105_2-5169232.html http://www.globetechnology.com/servlet/story/RTGAM.20040303.gtsandmar2/BNStory/Technology/ Worms still number one security threat http://www.vnunet.com/News/1153197 - - - - - - - - - - Hands Off! That Fact Is Mine Imagine doing a Google search for a phone number, weather report or sports score. The results page would be filled with links to various sources of information. But what if someone typed in keywords and no results came back? That's the scenario critics are painting of a new bill wending its way through Congress that would let certain companies own facts, and exact a fee to access them. http://www.wired.com/news/business/0,1367,62500,00.html - - - - - - - - - - Hacker attacks on Presidential elections Information security assurance during voting is one of the most critical tasks while conducting elections of President of the Russian Federation, the head of the Central Electoral Committee of the Russian Federation, Alexander Veshnyakov announced. http://www.crime-research.org/news/03.03.2004/109 - - - - - - - - - - UIA will prevent offence in the Internet Administration of Ukrainian Internet Association (UIA) confirmed staff of the Committee on issues of security and preventing offences in information systems. Main goal of the Committee lies in preventing misuses in information systems, news release reports. Committee activity will be aimed at protecting large amount of Internet market participants and their interests, including end users. http://www.crime-research.org/news/03.03.2004/104 - - - - - - - - - - AIM add-on prompts spyware concerns A game distributed with new versions of AOL Instant Messenger does not respect users' privacy, critics say America Online began offering games along with the latest version of its instant messenger, and now some customers are worried that the company is playing with them, too. http://news.zdnet.co.uk/internet/security/0,39020375,39148016,00.htm New bill aims to shine light on spyware http://www.cnn.com/2004/TECH/03/03/hln.wired.spyware/index.html - - - - - - - - - - RIAA backs song-identification firm Technology that can listen to and identify songs, blocking peer-to-peer trading, is generating interest among US legislators. A new political battle is brewing over Net music swapping, focusing on a company that claims to be able to automatically identify copyrighted songs on networks like Kazaa and block illegal downloads. http://news.zdnet.co.uk/internet/security/0,39020375,39147991,00.htm Employees still swapping at work http://news.com.com/2100-1027_3-5169508.html Indies Stay in Tune With Sharing http://www.wired.com/news/digiwood/0,1412,62504,00.html - - - - - - - - - - QuickTime flaw identified Apple Computer Inc.'s QuickTime Player has an unspecified flaw that permits remote code execution. According to SecurityGlobal.net LLC's SecurityTracker service, a remote user can cause arbitrary code to be executed on a target user's system. This follows a notice issued by eEye Digital Security Inc. It states that Apple's QuickTime media player reportedly contains a vulnerability that allows a remote user to cause arbitrary code to be executed "with little user interaction." This apparently affects all QuickTime platforms. http://computerworld.com/securitytopics/security/story/0,10801,90765,00.html - - - - - - - - - - Target to phase out 'smart' Visa cards Citing limited shopper use, retailer Target Corp. is phasing out computer chips on its Target Visa cards, dealing a setback to proponents of smart-card technology. Target announced the move yesterday, less than three years after it introduced the cards. The technology allowed cardholders to download discount coupons, or "smart coupons," from the Internet or in-store kiosks onto the cards and then use the coupons on shopping trips to Target stores. http://computerworld.com/mobiletopics/mobile/technology/story/0,10801,90745,00.html - - - - - - - - - - PKI vendors wanted A decade of work has led to public-key infrastructure standards that are close to making digital authentication a governmentwide reality, General Services Administration officials announced this week. In a notice posted March 2, GSA officials said they are ready to create a list of bidders that can supply smart cards based on federal PKI standards that include a new electronic-authentication policy specification. http://www.fcw.com/fcw/articles/2004/0301/web-pki-03-03-04.asp - - - - - - - - - - Manufacturers build up security efforts Companies in manufacturing industries are putting more emphasis on security than any other information technology initiative, according to research from analysts at Gartner. A survey released Wednesday by the Stamford, Conn.-based research firm concluded that manufactures are more focused on protecting their IT assets from external threats than they are on other technology efforts such as enterprise applications integration (EAI) and wireless infrastructure adoption. http://zdnet.com.com/2100-1105-5169182.html - - - - - - - - - - How to protect your company from 'zero-day' exploits A "zero-day" exploit is any vulnerability that's exploited immediately after its discovery. This is a rapid attack that takes place before the security community or the vendor knows about the vulnerability or has been able to repair it. Such exploits are a Holy Grail for hackers because they take advantage of the vendor's lack of awareness and the lack of a patch, enabling the hacker to wreak maximum havoc. http://computerworld.com/securitytopics/security/story/0,10801,90447,00.html - - - - - - - - - - El Reg badly misguided on cyber-terror threat Our recent, negative review of Black Ice: The Invisible Threat of Cyber-Terrorism by Dan Verton drew a good deal of reader mail, including a request by the author to debate the issues raised in our article, and his book. http://www.theregister.co.uk/content/7/35983.html - - - - - - - - - - RFID revolution: Are we close? When it comes to radio frequency identification technology, the conventional wisdom is that it will certainly revolutionize the way manufacturers, distributors and retailers track products and inventory. But figuring out details of how this emerging technology should progress and get used remains a source of debate. The issues range from safeguarding data the tiny chips transmit to managing the reams of data RFID readers gather. http://zdnet.com.com/2100-1103_2-5169246.html - - - - - - - - - - TSA seeks weapons imaging devices The Homeland Security Departments Transportation Security Administration plans to buy hundreds of machines that can detect concealed weapons carried by people entering airports. Project Falcon is a procurement to develop and deploy a device to discreetly and safely screen persons at checkpoints, according to a TSA notice. The government intends to award a contract for the development of a spot field-of-view, concealed- weapons imaging device for routine metal detection resolution of persons entering airport terminals. http://www.gcn.com/vol1_no1/daily-updates/25151-1.html - - - - - - - - - - More Details on Sex Felons May Be Posted Riverside County legislators and law enforcement officials, contending that residents need better access to information about convicted sex offenders, are pushing for an Internet site that would not only name the offenders, but display photographs, addresses, convictions and criminal tactics. http://www.latimes.com/technology/la-me-megan3mar03,1,5882141.story *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.