NewsBits for August 25, 2004 ************************************************************ Man gets 10 years for downloading child pornography U.S. District Judge Richard Cebull sentenced Timothy Dewayne Carpenter, 40 to the longest term possible. The judge, who reviewed a notebook of the child porn images taken from Carpenter's computer, said that " 'grotesque' would be the word used to describe'' the pictures. Assistant U.S. Attorney Marcia Hurd said an investigation of Carpenter began when a child reported that he and another child had been sexually abused by him. http://www.crime-research.org/news/25.08.2004/586/ - - - - - - - - - - Xbox slayings take even more horrific turn The gruesome Florida Xbox killings became even more revolting this week as gory details emerged around the methods used by the murders on their six victims. In a 15-count indictment, prosecutors stated that the victims had their throats slashed and were stabbed even after they had already died. In addition, one woman was sexually violated with one of the baseball bats used to beat all of the victims to death. A grand jury this week indicted the four men suspected of committing the murders, and State Attorney John Tanner vowed to seek the death penalty for all four individuals. http://www.theregister.co.uk/2004/08/25/xbox_grand_jury/ - - - - - - - - - - Police Say Little on Family's Complaint Anaheim officer's name and details are withheld after allegation of computer harassment. Anaheim police said Tuesday that they had taken "appropriate action" in response to a couple's complaint that an officer had used their son's computer to send sexually harassing comments to the boy's 17-year- old female classmate. Officials would not, however, discuss the details, nor identify the officer. "All I can say is that appropriate action was taken," said Sgt. Rick Martinez, a spokesman for the department. (LA Times article, free registration required) http://www.latimes.com/technology/la-me-emails25aug25,1,3045744.story - - - - - - - - - - Dozens Charged in Push Against Spam and Scams In what cybersecurity experts call the biggest crackdown on spam to date, the Justice Department is expected to announce today a series of arrests against junk e-mailers and online scammers, a marketing group involved in the investigation said. The cybercrime sweep, part of a yearlong investigation called Operation Slam Spam, involves more than 100 cases and dozens of people, one source with knowledge of it says. Many of the cases center on "phishing," fraudulent e-mail that appears to come from banks and other businesses. http://www.usatoday.com/tech/news/techpolicy/2004-08-25-spam-crackdown_x.htm http://www.washingtonpost.com/wp-dyn/articles/A30087-2004Aug24.html http://www.nytimes.com/2004/08/25/technology/25spam.html http://www.theregister.co.uk/2004/08/25/spam_us_crackdown/ http://www.wired.com/news/business/0,1367,64715,00.html http://www.gcn.com/vol1_no1/daily-updates/27066-1.html - - - - - - - - - - Justice Dept. probes for pirates The FBI seized computers, software and equipment as part of an investigation into illegal sharing of copyrighted movies, music and games over an Internet "peer-to-peer" network, Attorney General John Ashcroft announced Wednesday. Search warrants were executed at residences and an Internet service provider in Texas, New York and Wisconsin as part of the first federal criminal copyright action taken against a P2P network, in which users can access files directly from computers of others in the network. http://zdnet.com.com/2100-1104_2-5323904.html http://www.securityfocus.com/news/9394 http://www.theregister.co.uk/2004/08/25/doj_goes_after_filetraders/ http://www.cnn.com/2004/LAW/08/25/computer.crime.ap/index.html Why spam will revolutionize tech http://zdnet.com.com/2100-1107-5323437.html Hardware, software tools tackle spam, messaging security http://zdnet.com.com/2110-1103_2-5323834.html - - - - - - - - - - Deutsche Bank hit again by phishing attack Deutsche Bank AG was the target of a new phishing attack late yesterday and today after facing its first-ever reported assault last week, according to a bank spokesman. "We were hit by another phishing attack last night but were able to respond quickly," the spokesman for the German bank said today. "We blocked access to the pseudo Deutsche Bank Web site by 8:30 a.m. ... There was no damage done." http://computerworld.com/securitytopics/security/story/0,10801,95471,00.html - - - - - - - - - - Porn Law Draws Adult Sites' Ire Webmasters for adult sites are worried that both their profits and freedom to operate may suffer under recently proposed changes to a largely unenforced federal law requiring porn companies to document that performers are of legal age. Under Title 18, Section 2257 of the U.S. Code created under the Child Protection and Obscenity Enforcement Act of 1988, producers of adult magazines and movies must make identification documents available to federal inspectors on demand. http://www.wired.com/news/culture/0,1284,64702,00.html - - - - - - - - - - Hollywood sues DVD-chip makers The Motion Picture Ass. of America (MPAA) yesterday confirmed the organisation has begun legal proceedings against two makers of DVD chips. It alleges that the pair were rather more willing to offer their products more widely than they should be. The MPAA alleges that the two companies - Taiwan's MediaTek and US-based Sigma Designs - have sold chips designed to decode DVD's Content Scrambling System (CSS) to customers who lack a CSS licence. http://www.theregister.co.uk/2004/08/25/mpaa_vs_dvd_chipmakers/ - - - - - - - - - - Tech firms craft alternative to anti-piracy bill A cadre of telecom companies, makers of consumer electronics and other trade groups who oppose a Hollywood-friendly bill designed to thwart file-sharing of music and movies have drafted an alternative they say would shield them from frivolous lawsuits. The group, which includes Internet access providers Verizon Communications Inc., SBC Communications Inc., MCI Communications Corp., submitted their alternative to the Inducing Infringement of Copyrights Act to Congress Tuesday, said Sarah Deutsch, associate general counsel for Verizon. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9495601.htm French lawsuit challenges anti-piracy technology http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9494497.htm http://www.usatoday.com/tech/news/techpolicy/2004-08-25-france-cd-suit_x.htm Music labels sue 896 more music lovers http://www.theregister.co.uk/2004/08/25/riaa_sues_896_more/ http://www.msnbc.msn.com/id/5819566/ Copyright Bill Needs Big Changes http://www.wired.com/news/politics/0,1283,64697,00.html - - - - - - - - - - Legislature OKs offshore privacy bill A bill that would protect the privacy of personal medical and financial information when it is processed overseas in an offshoring contract was approved by the Legislature and has been sent to the governor's desk, the author of the legislation announced Tuesday. State Sen. Liz Figueroa, D-Fremont, said her bill -- SB 1451 -- provides that a stringent existing California law protecting consumer privacy in the state would apply to anyone who has access to such confidential information no matter where they are located. http://www.mercurynews.com/mld/mercurynews/business/technology/9489642.htm - - - - - - - - - - JibJab beats copyright rap A music company claiming to own the rights to Woody Guthrie's "This Land is Your Land" may have gotten more than it bargained for when it took on JibJab Media, the Web animators behind a wildly popular parody of the U.S. presidential campaign. On Tuesday, Ludlow Music agreed to allow JibJab to distribute its film, which is based on the tune, without interference. http://zdnet.com.com/2100-1104-5322970.html http://www.wired.com/news/digiwood/0,1412,64704,00.html - - - - - - - - - - Winamp vulnerable to camouflaged-skin attacks Beware of wolves in llama's clothing. That's the lesson for Winamp users, after a group of security researchers discovered that spyware makers are using a flaw in the way the multimedia software loads graphical themes, or skins, to infect PCs with their wares. The digital music player--made by America Online subsidiary Nullsoft, whose informal mascot is the llama--improperly allows the skin files to run programs. http://news.com.com/Winamp+vulnerable+to+camouflaged-skin+attacks/2100-1002_3-5323990.html - - - - - - - - - - Political site leaves backdoor open A US lobby site left the tools for changing its content easily accessible to anyone online. Rock the Vote, a grassroots movement that aims to convince younger Americans to vote, accidentally left its Web site publishing tools accessible to anyone who knew where to look. http://news.zdnet.co.uk/internet/security/0,39020375,39164504,00.htm - - - - - - - - - - Windows XP SP2 features security crater - report Windows XP Service Pack 2 has a flaw that gives users a false sense of security - quite literally. One report describes the security hole as a 'crater'. The vulnerability lies in the web systems management interface (WBEM), which allows downloadable code to spoof firewall status information. http://www.theregister.co.uk/2004/08/25/xpsp2_security_crater/ Microsoft offers SP2 compatibility guide http://zdnet.com.com/2100-1104-5323378.html - - - - - - - - - - Keychain-sized gadget snoops out wireless networks Until recently, business travelers looking for WiFi hotspots had to fire up their notebooks and scan for a connection. Smith Micros QuickLink Mobile WiFi Seeker takes the notebook out of the equation. The miniature device, which weighs less than an ounce and measures 2.25 by 1.2 by 0.4 inches, detects local 802.11b and 802.11g networks. It consists of a single button and four red LEDs. When the button is held down, the LEDs sweep back and forth for second or two and remain lit if a Wi-Fi signal has been found. The number of lit LEDs indicates the strength of the signal. http://zdnet.com.com/2110-1103_2-5323687.html - - - - - - - - - - TippingPoint trips up DoS attackers TippingPoint Technologies is extending its UnityOne intrusion prevention systems to include advanced denial of service protection, which will block a variety of DoS and distributed DoS attacks, including SYN floods, connection floods, packet floods and attacks originating from spoofed and non-spoofed sources. The new feature uses a hybrid approach involving a combination of anomaly filters, SYN proxy, rate shaping and statistical techniques. http://zdnet.com.com/2110-1103_2-5323866.html - - - - - - - - - - Death of the Internet greatly exaggerated Security experts downplayed media reports that an "electronic jihad" aimed at Israeli Web sites will start Thursday. The reports came after the Russian news service RIA Novosti published comments made by Eugene Kaspersky, a noted antivirus researcher, saying that several Web sites had posted a call to arms for mass Web defacementsto occur Aug. 26. http://zdnet.com.com/2100-1105_2-5323900.html - - - - - - - - - - Site slams IE's security The 'Browse Happy' campaign suggests that insecurities in Microsoft's browser should prompt people to switch. A group that prodded browser makers toward better standards compliance is urging people to abandon Microsoft's Internet Explorer. The group has set up a Web site reminiscent of Apple Computer's "Real People" ad campaign, which urged people to switch from Microsoft's Windows operating system to the Macintosh. http://news.zdnet.co.uk/software/applications/0,39020384,39164498,00.htm - - - - - - - - - - Using Libwhisker As noted in the article "Penetration Testing of Web Applications" the use of web applications to conduct business is increasing. Companies often have custom sites built by in-house developers, and it is almost impossible to find all the vulnerabilities in a web site using automated tools. Simply looking for default installations of different software may turn up nothing, but it may still be vulnerable to many different programming errors in this custom-built site. http://www.securityfocus.com/infocus/1798 *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.