NewsBits for August 16, 2004 ************************************************************ Two accused of helping in hacking fraud plead not guilty Two men accused of aiding a Romanian man charged with hacking into the online ordering system of the world's largest computer equipment distributor pleaded not guilty Monday to charges of mail fraud and conspiracy to commit mail fraud. Olufemi Tinubu of Atlanta and Jeremy Long of Richmond, Va., are among five men accused of helping Calin Mateias, a 24-year-old from Bucharest, with hacking into the online ordering system of Ingram Micro Inc. Investigators say Mateias posed as a legitimate customer to place more than 2,000 orders totaling $10 million over four years. He then allegedly had people in the United States who had been recruited in Internet chat rooms to ship the computers and equipment or the proceeds from their sale to Mateias in Romania. - - - - - - - - - - Cop Was Internet 'Boy Hunter' Says DA A New York Police detective is under arrest, accused of sexually preying on a child from within the precinct house. Prosecutors say he was caught in an Internet sting, trying to seduce a young boy. Michelle Charlesworth reports from outside the court house in White Plains. This 37-year-old detective has been on the force for 16 years. NOw this undercover sting operation reportedly has piles of information on him, from e-mails he allegedly wrote, to videotaped Web- cam footage of him. - - - - - - - - - - Cops: Man Recorded Sex Assaults, May Have Tried To Sell Copies A man accused of sexually assaulting a teenage girl on three occasions apparently recorded the attacks and may have tried to sell copies on the Internet, authorities said. Charles "Chuckie" Raymond, 35, of Highlands was arrested Thursday night, several hours after the 17-year-old girl's grandmother confronted him about the alleged incidents. When Raymond denied the allegations, the woman went to the police and said the girl told her she had received $70 from Raymond as payment for having sex with him twice in recent weeks. She also said she had sex with him on Wednesday, and that he recorded all the sex acts with a Web cam. - - - - - - - - - - Sex offender provides leads in child porn ring inquiry Before he went to prison last month for repeatedly sexually assaulting an 11-year-old boy as part of a Beaver Dam pornography ring, Robert J. Hornyak sat down twice with investigators to help them in exchange for helping himself. By the time he was done talking, court records show, Hornyak had given authorities enough information for two search warrants on the home of a man he'd not seen in up to three years. - - - - - - - - - - China jails woman in porn crackdown A Chinese woman has been jailed for four years for running an online strip joint. Wang Yanli is believed to be the first woman to be banged up behind bars following China's tough new stand against Internet pornography. According to newswire reports, some 110 people had coughed up 600 yuan (PS40) a year to watch Wang's "lewd" shows each night, with state TV reporting that the XXX entrepreneur had racked up a profit of around PS2,000 in just three months. - - - - - - - - - - Arizona Man Was Sailor Who Wrote Radicals A former U.S. sailor who sent e-mail messages to a radical Islamic Internet site while a crewman on a Navy destroyer in the Middle East was identified Friday as a communications specialist and Muslim convert, according to sources familiar with the investigation and Navy records. But a woman speaking on behalf of Hassan Abujihaad, who left the Navy in January 2002, denied Friday that he had posted anti-American views on the site, as authorities assert, or did anything wrong.,1,2582399.story - - - - - - - - - - Web site wants free-speech protection for foreign gambling ads The operator of a gambling news site on the Internet has asked a federal judge to declare that advertisements in U.S. media for foreign online casinos and sports betting outlets are protected by free-speech rights. The suit, filed by Louisiana-based Casino City Inc. in Baton Rouge federal court, challenges subpoenas sent by the Justice Department to media outlets for records dealing with the purchase of ads for offshore gambling sites. - - - - - - - - - - Latest MyDoom worm exploits Web site guestbooks The worm that brought down Google strikes again, with a new variant that links to Web sites compromised by their use of standard scripts. A new variant of the MyDoom worm discovered on Tuesday downloads malware from an MP3-downloading site and a personal Web site, according to security experts, who claim that hackers have compromised these sites by exploiting scripting vulnerabilities in their guestbooks.,39020375,39163656,00.htm Infected PCs spew MyDoom variant Arming against viruses Security community tries to keep up with changing virus threats - - - - - - - - - - U.S. banks balk at data classification A Canadian initiative for security leads the way. An initiative by several leading Canadian banks to develop standards for data classification has shined an unwanted spotlight on U.S. banks, which appear to be unwilling to follow suit. A working draft of Canada's common data-sensitivity classification scheme is expected to be released by year's end, said Robert Garigue, coordinator of the initiative and chief information security officer at Toronto- based Bank of Montreal.,10801,95271,00.html - - - - - - - - - - Police want you to pay for their wire taps Canada's police chiefs propose a surcharge of about 25 cents on monthly telephone and Internet bills to cover the cost of tapping into the communications of terrorists and other criminals. The suggestion is intended to resolve a standoff between police forces and telecommunications companies over who should foot the expense of providing investigators with access to phone calls and e-mail messages. - - - - - - - - - - Sluggish movement on power grid cyber security One year after the worst blackout in U.S. history drew attention to the fragility of the North American power grid, progress on protecting the grid from computer intrusions has been slow in coming. This week the North American Electric Reliability Council (NERC) -- the not-for-profit industry group responsible for keeping electricity flowing through-out the United States and Canada -- released a list of measures taken to shore up electric grid reliability in the year since the August 14th, 2003 northeast blackout, when a sagging high voltage line in Ohio cascaded into a failure that left 50 million people in eight states and a Canadian province without power. - - - - - - - - - - Microsoft lists SP2 conflicts Microsoft has issued a list of nearly 50 software applications and games that may encounter problems with its Windows XP Service Pack 2 update. In a document published in the "Knowledge Base" section of the company's Web site, Microsoft details the various issues that people may face when they install the SP2 package, which was released to PC manufacturers earlier this month. A range of applications are listed in the Microsoft report, including several of the software maker's own products, along with antivirus tools, Web server software and a handful of games.,39020396,39163649,00.htm Rough patches for Microsoft's SP2 (series of stories) Hollywood still wary of Microsoft Sites give XP SP2 verdict MS invokes DMCA to stop SP2 file sharing demo Microsoft details conflicts in new XP update,10801,95297,00.html - - - - - - - - - - Postini tunes e-mail threat protection Postini has upgraded its e-mail intrusion prevention system, Perimeter Manager 5.0, to expand IP analysis and reduce false positives, also improving configuration and management capabilities. Claiming that "content filtering by itself is bankrupt" as a means of protection, Postini focuses on transport-layer e-mail intrusion prevention. The company runs a managed service for its customers to protect enterprise servers and desk tops at the perimeter, stopping spam and viruses before they enter the network. Directory harvest and denial of service attacks are stopped at the SMTP (port 25) connection. - - - - - - - - - - WholeSecurity program targets fraud sites WholeSecurity, an Internet security firm in Austin, Texas, has released a program to help companies combat a growing form of onlinefraud known as "phishing," the company said on Monday. Phishing starts with a forged e-mail apparently from a legitimate company, such as eBay or Citibank, telling the recipient his or her account information has expired. The recipient is instructed to click on a link that leads to a fake Web site. The site asks for confidential data, such as credit card numbers. - - - - - - - - - - CA Buys PestPatrol To Kill Spyware Computer Associates is adding anti-spyware technology to its eTrust threat-management software with the acquisition of PestPatrol. Computer Associates says the cross pollination of spam, viruses and spyware poses the threat of a converging enemy. Computer Associates International says it bought the privately held anti-spyware company PestPatrol for an undisclosed sum of cash. CA foresees the threat of spyware increasing to a level that rivals that of spam and viruses.,10801,95299,00.html - - - - - - - - - - Data watchdog slams ID card plans Britain is at risk sleepwalking into a surveillance society because of David Blunketts identity card scheme and other UK government plans, according to the UK's Information Commissioner. Richard Thomas also cited plans for a population register by the Office for National Statistics and a database on children, in warning of a slide towards a Big Brother- style system of ubiquitous surveillance in the UK. Thomas predicted Britain risks moving towards an East German Stasi-style snooping culture if current plans are followed through. - - - - - - - - - - Seven habits of highly effective identity management The emergence of Web-based technologies has forced organizations to change the way they conduct business. They must find new ways and new tools to securely control access to corporate resources and manage the security risks associated with the escalating volume of user administration.,,95200,00.html - - - - - - - - - - Hard time? Not for cyber criminals Jeffrey Lee Parson pleaded guilty last week to unleashing part of the MSBlast worm attack that wreaked havoc on the Internet a year ago. He got off easy. Federal prosecutors predictably touted Parson's guilty plea as an example for other would-be vandals. John McKay,the U.S. Attorney for Seattle, proclaimed: "The damage to individual computer users is very real, and the penalties are also very real." - - - - - - - - - - Big Brother's Last Mile The FCC's new ruling on broadband wiretaps will force customers to pay for the privilege of making the Internet less secure. On August 9th, 2004, the U.S. Federal Communications Commission (FCC) took a major step toward mandating the creation and implementation of new Internet Protocol standards to make all Internet communications less safe and less secure. What is even worse, the FCC's ruling will force ISP's and others to pay what may amount to billions of dollars to ensure that IP traffic remains insecure. - - - - - - - - - - Cyberspace Gives Al Qaeda Refuge Driven underground, the terrorist network has learned to exploit the Internet as it recasts itself into a more elusive, self-perpetuating form. In December, Al Qaeda operatives posted a manifesto on the Internet calling for attacks inside countries allied with the United States in Iraq. Spain, with elections approaching, was singled out as a target. On March 11, terrorists set off bombs on four commuter trains in Madrid and killed 191 people. Three days later, Spanish voters replaced the pro-war government with a party whose leader had promised to withdraw the country's 1,300 troops from Iraq. (LA Times article, free registration required),1,7151729.story - - - - - - - - - - Detecting Worms and Abnormal Activities with NetFlow, Part 1 Enterprise networks are facing ever-increasing security threats from worms, port scans, DDoS, and network misuse, and thus effective monitoring approaches to quickly detect these activities are greatly needed. Firewall and intrusion detection systems (IDS) are the most common ways to detect these activities, but additional technology such as NetFlow can be a valuable enhancement. - - - - - - - - - - On the Beastie Boys 'virus' CD Review Widely-circulated claims that the Beastie Boys' new album To the 5 Boroughs exhibits virus- like copy-control behaviour are unfounded, according to tests. EMI's statement regarding these claims, however, is incorrect, since the album does install software if played on a Windows PC. The tests also show that the copy control system on the disc is so weak that Mac and Linux users won't even realize it's there. *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2004,, Campbell, CA.