NewsBits for April 28, 2004 sponsored by, Southeast Cybercrime Institute - ************************************************************ U.S. charges four under new law against 'spam' e-mails U.S. authorities charged four people in Detroit on Wednesday with e-mailing fraudulent sales pitches for weight-loss products, the first criminal prosecutions under the government's new "can spam" legislation. Court papers identified the four as Daniel J. Lin, James J. Lin, Mark M. Sadek and Christopher Chung, all believed living in suburban Detroit. They were accused of disguising their identities in hundreds of thousands of e-mail sales pitches and delivering e-mails by bouncing messages through unprotected relay computers on the Internet. - - - - - - - - - - Music industry sues 477 more computer users The recording industry sued 477 more computer users Wednesday, including dozens of college students at schools in 11 states, accusing them of illegally sharing music across the Internet. The Recording Industry Association of America, the trade group for the largest labels, praised efforts by colleges and universities to use technology and school policies to crack down on music piracy on their own computer networks. But it said the most egregious offenders on scampus deserved to be sued. Apple disables iTunes song-swapping tool - - - - - - - - - - ACLU challenges FBI use of secret letters to obtain records The American Civil Liberties Union is challenging the FBI's use of expanded powers to compel Internet service providers to turn over information about their customers or subscribers. A lawsuit challenging secret FBI national security letters was filed April 6 in U.S. District Court in New York but not made public until Wednesday because of its extraordinary sensitivity. - - - - - - - - - - Microsoft hole spawns false alarm, real attacks Antivirus company Symantec Corp. backtracked today after claiming that it captured an example of a new Internet worm that takes advantage of a recently disclosed hole in Windows machines running Secure Sockets Layer. The company yesterday trapped an example of the malicious code called backdoor.mipsiv and warned customers that it was either a new worm or a small automated program called a "bot" that exploits a new Windows Private Communications Transport Protocol (PCT) vulnerability, part of the Windows implementation of SSL. However, Symantec today said further analysis of the code showed that it was neither a worm nor a bot and that it didn't use the PCT vulnerability.,10801,92732,00.html Worm worries grow with release of Windows hacks - - - - - - - - - - Beware the domain slammers - UK gov The UK's Office of Fair Trading (OFT) is warning small businesses to look out for dodgy domain name registration services, after receiving several complaints from companies. The dotcom cowboys contact a business saying that a third party is just about to buy a domain name that would suit them, but that if they get in quickly, they can buy it for themselves. Trouble is, the OFT says, that the third party is often a figment of the salesman's imagination, conjured up to pressure the target company into making a quick purchase. - - - - - - - - - - Federal program funds network security testbed A technology research company has been awarded a contract to build out a large-scale network testbed that will support a national Internet security research program. McAfee Research, the technology research division of Network Associates Inc. of Santa Clara, Calif., was awarded subcontracts by the University of California at Berkeley and Pennsylvania State University. The work is part of a $10.8 million program funded by the National Science Foundation and the Homeland Security Department. Leader: Sorry, but security's expensive,39024711,39120313,00.htm - - - - - - - - - - Microsoft to create pop-up safety lessons Microsoft plans to use more dialog boxes and other messages in future software releases to educate people on 'safe' computing. At the InfoSecurity trade show in London, Microsoft said Tuesday that new versions of its Windows and Office products will educate customers about security via dialog boxes, warning messages and offers to automatically configure security settings. MS rethinks security patch test scheme - - - - - - - - - - Phoenix extends Bios to enhance network security Phoenix Technologies, the company behind the Phoenix Bios firmware that is installed in about 80 percent of all PCs, launched a utility at the InfoSecurity show in London on Wednesday that can allow users' hardware to be used in conjunction with a traditional login system to ensure that only authorised users with a "trusted device" can gain access to the corporate network.,39020375,39153285,00.htm - - - - - - - - - - Common Access Card traveled a long, rocky road to success A team of officials from the Defense Manpower Data Center this morning gave a behind-the-scenes glimpse of the challenges in managing the Defense Department's Common Access Card. "Many said we were on the bleeding edge of technology when we started this roll-out," said Lynda A. Cole, a management and program analyst in the DMDC's Access Card Office. It soon became clear how true that was, Cole said. - - - - - - - - - - IT security to go offshore. Maybe Infosecurity Europe 2004 IT security - once the most closely-guarded IT function - could become the next candidate for offshoring. As the security market has evolved, more companies have outsourced functions like security monitoring and response. Tight corporate budgets and a skills shortage of suitably qualified security professionals have accelerated this trend. - - - - - - - - - - Stop Being a Victim An influential newspaper columnist blames "contemptuous techies" for allowing users to fall prey to viruses and spyware. But don't some users deserve a little contempt? Writing these columns gets tough sometimes. It can be quite a challenge to keep content current while trying to add value by driving home the basic concepts of security without sounding like a broken record. Clueless user: ditch the victim mentality - - - - - - - - - - Tales from the crypto world Paul Kocher, president and chief scientist of Cryptography Research, came to prominence in the industry by breaking things. In 1998, the company cracked security on smart cards by monitoring how much power their internal microprocessors used. Kocher also came up with the software inside Deep Crack, a machine tailored to crack encrypted documents. - - - - - - - - - - Hack + Activism = Hacktivism A term "hacktivism" originated from the combination of two words "hack" and "activism" and is used to mean a new phenomenon of social protest that is a peculiar synthesis of social activity pursuing purpose of protest against anything, and hacking (using Internet technologies with the purpose to bring damage to computer networks and their users). - - - - - - - - - - Florida town to use blanket of surveillance cameras One of the nation's wealthiest towns will soon have cameras and computers running background checks on every car and driver that passes through. Police Chief Clay Walker said cameras will take infrared photos recording a car's tag number, then software will automatically run the numbers through law enforcement databases. A 911 dispatcher is alerted if the car is stolen or is the subject of a "be on the lookout" warning. *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2004,, Campbell, CA.