NewsBits for February 8, 2005 ************************************************************ Charges dropped against 'DDoS Mafia' US prosecutors have dropped criminal complaints against four of five men accused of offering a denial of service attack for hire. Paul Ashley, the network administrator of CIT/FooNet, a web and IRC hosting company, and three alleged accomplices, Jonathan David Hall, Joshua James Schichtel, and Richard Roby were accused of organising attacks against the websites of rivals of Massachusetts businessman Jay Echouafni. http://www.theregister.co.uk/2005/02/08/ddos_mafia_case/ - - - - - - - - - - Florida man sues bank over $90K wire fraud A Miami businessman is suing his bank after $90,000 was lifted from his firm's online banking account following a computer virus attack. Joe Lopez, 42, filed suit against the Bank of America in Miami Circuit Court last week alleging that the bank was negligent in failing to protect his account from compromise through known risks, the South Florida Sun-Sentinel reports. http://www.theregister.co.uk/2005/02/08/e-banking_trojan_lawsuit/ - - - - - - - - - - Teachers cleared in school porn probe Forensic computing techniques proved decisive in proving staff at a Buckinghamshire primary school had not been surfing for porn at work. The head of the school called in Disklabs, a computer forensics and data firm, last year when he discovered web folders with pornographic content on a PC used by pupils. The history of these folders suggested a creation date during lesson time and a modified date on a teacher-training day. http://www.theregister.co.uk/2005/02/08/computer_forensics_disklabs/ - - - - - - - - - - MAN SENTENCED FOR POSSESSING OVER 600 CHILD PORN IMAGES An Anderson County man was sentenced Monday to 10 years in federal prison for possessing more than 600 images of child pornography on his personal computer. Kameron Joe Monk pleaded guilty in September to possessing the pornography on June 3. http://www.zwire.com/site/news.cfm?BRD=1994&dept_id=341384&newsid=13909996&PAG=461&rfi=9 - - - - - - - - - - Ormond Beach man charged with child porn An Ormond Beach man was charged with 25 counts of possession of child pornography after his wife discovered lewd images on his home computer, police said. David Brian Conley, 59, of Ormond Beach was arrested after police found 115 pornographic images on his computer, 25 of which were certified by the Child Protection Team of Volusia County as child pornography according to state guidelines, police said. http://www.news-journalonline.com/NewsJournalOnline/News/Local/03AreaEAST05020805.htm - - - - - - - - - - 60-year-old indicted on child porn charge A Wadsworth Township man -- once a recipient of a Big Brother of the Year award -- has been indicted by a Medina County grand jury on one felony count of pandering sexually oriented material involving a minor. Richard L. Mansfield, 60, was arrested last month after child pornography allegedly was discovered on his home computer. Sheriff's detectives searched Mansfield's Reimer Road home Jan. 13 after a 14-year-old participant in the Big Brother program accused him of molestation. http://www.ohio.com/mld/ohio/news/10844501.htm?1c - - - - - - - - - - Teacher indicted on child porn charges A former Eastland high school teacher was indicted Thursday by an Erath County Grand Jury on charges of possession or promotion of child pornography on Jan. 12, 2004. District Attorney John Terrill said James Strang Shannon, 50, was indicted in Erath County because Shannon was a resident of Erath County when an investigation was initiated through a hotline for Internet child pornography. http://www.empiretribune.com/EMPIRETRIBUNE/myarticles.asp?P=1083802&S=425&PubID=17425 - - - - - - - - - - Child porn suspect charged A county magistrate in Indiana on Wednesday ordered Stephen D. Puckett, 58, of Crawfordsville, Ind., to be held in jail on $100,000 bond. Puckett, who was arrested after a tip from Wichita police, was charged with three counts of child exploitation, 45 counts of possession of child pornography and one count of possession of a controlled substance. Purdue police last week arrested Puckett, a lab services supervisor in the school's biology department, after Wichita police officers said they had received child pornography images via the Internet from a computer on Purdue's campus. http://www.kansas.com/mld/kansas/news/local/10811537.htm - - - - - - - - - - Youth, 17, held over child porn A teenager will appear in court next month after police raided his family home and found more than 30,000 child pornography images stored on a computer. The 17-year-old from Windsor, in Sydney's north-west, is the first person to be charged under Section 91 of the Crimes Act, which was amended last month so police could lay charges before suspect material was officially classified as pornography. http://www.smh.com.au/news/National/Youth-17-held-over-child-porn/2005/02/05/1107476853185.html http://www.bordermail.com.au/newsflow/pageitem?page_id=892020 - - - - - - - - - - Pervert's child porn snaps A FOSTER carer walked free last night despite hoarding more than ONE MILLION sick child porn pictures. The total of images collected by dad- of-five John Harrison, 53, is almost DOUBLE the largest uncovered in Britain previously. But the married internet pervert from Denton, Greater Manchester, was released by a court on licence. http://www.thesun.co.uk/article/0,,2-2005061170,00.html http://news.scotsman.com/latest.cfm?id=4102435 - - - - - - - - - - Hotel where child porn was filmed was at Disney World Authorities say photos of a young girl used for Internet pornography material were taken at a hotel at Walt Disney World in Florida. The photos -- with the girl's image removed -- were distributed recently by Canadian investigators. They took the rare step of making the pictures public in hopes of getting tips that would lead them to the child and her abuser. http://www.whbf.com/Global/story.asp?S=2916568 Police should release child porn victim's picture http://www.torontofreepress.com/2005/weinreb020805.htm - - - - - - - - - - phpBB forum offline after defacement The popular phpBB forum has been taken offline after hackers cracked into its server and defaced its website yesterday. The open source project's website was attacked using a vulnerability in a package called AWStats announced 17 January. The same exploit has also been used to attack several popular weblogs in recent days, Netcraft reports. http://www.theregister.co.uk/2005/02/08/phpbb_forum_defacement/ - - - - - - - - - - Microsoft releases 'critical' patches Microsoft on Tuesday released a higher-than-usual number of monthly updates, more than half of which were given the software company's highest rating of "critical." The software giant announced a dozen updates, eight of which were given its highest severity rating. Microsoft's Office XP, Internet Explorer 6 and an image file component of the Windows operating system for Media Player and MSN Messenger were among the updates dubbed critical. http://news.com.com/Microsoft+releases+critical+patches/2100-1002_3-5568203.html http://www.msnbc.msn.com/id/6936372/ http://www.newsfactor.com/story.xhtml?story_title=Microsoft-Patches----Holes&story_id=30316 http://computerworld.com/securitytopics/security/story/0,10801,99621,00.html - - - - - - - - - - Worm uses passwords to hit MySQL Database administrators received a stark reminder about the shortcomings of password protection late January following reports that a new net worm has started exploiting MySQL databases configured with weak passwords. The worm targets Windows systems running the open-source MySQL database, and has been using the "MySQL UDF Dynamic Library Exploit" to run code on hijacked systems. But before the worm can use the exploit it first needs to log in to the database's administrator account, called the "root" account. http://www.vnunet.com/news/1161093 - - - - - - - - - - MSN Messenger outage blamed on 'data center' issue Microsoft said late Tuesday that it had resolved problems that had caused a significant outage affecting its MSN Messenger service worldwide. A company representative declined to elaborate on the nature of the problem, or the steps Microsoft took in fixing it. In an earlier statement, the representative said the outage was caused by an "isolated issue that we've located in the data center." http://news.zdnet.com/2100-9588_22-5568012.html - - - - - - - - - - Child porn could bring 5-years in jail Offenders possessing objectionable material such as child pornography could land themselves in jail for five years under new government proposals. The Government plans to toughen legislation before Parliament to bring the proposed maximum penalty of two years in jail for that crime to five years' jail. http://www.stuff.co.nz/stuff/0,2106,3181560a10,00.html - - - - - - - - - - FCC goes after cell phone spammers The Federal Communications Commission on Monday published a list of domain names to which telemarketers may not send e-mail without permission from cell phone subscribers. Cell phone companies submitted the domain names to the FCC, and the list deals only with sites that send spam to cell phones. http://www.cnn.com/2005/TECH/ptech/02/08/cellphones.spam.ap/index.html - - - - - - - - - - Summit on battle against e-crime Police and computer experts in Wales will join force for an event aimed at finding ways of tackling the growing problem of internet crime. They first e-crime conference in Wales is being held in Cardiff on Tuesday. From credit card fraud to identity theft, high-tech crime is increasingly affecting consumers, business and even government. http://news.bbc.co.uk/2/hi/uk_news/wales/4245163.stm - - - - - - - - - - OMB considering cybersecurity standardization Office of Management and Budget officials are considering standardizing the cybersecurity business processes of agencies in order to save money, increase security and help those with small information technology budgets. A task force led by the Homeland Security Department and OMB officials will meet in March to consider whether the consolidation of common processes, services and technologies regarding security could improve performance while reducing costs. http://www.govexec.com/dailyfed/0205/020805p1.htm - - - - - - - - - - Feds look to finalize IT security controls NIST has issued the last draft of the new requirements. The National Institute of Standards and Technology (NIST) has released the final draft of a set of recommended security controls for federal information systems. The controls are likely to become a mandatory and nonwaivable Federal Information Processing Standard by the end of this year for all federal systems except those related to national security. http://www.computerworld.com/securitytopics/security/story/0,10801,99582,00.html - - - - - - - - - - EC backs 'Safer Internet Day' Brief: A group of international companies and government organisations have labelled Tuesday 'Safer Internet Day' for school children. The European Commission is supporting a child safety Web surfing campaign that has dubbed Tuesday "Safer Internet Day". http://news.zdnet.co.uk/internet/security/0,39020375,39187098,00.htm http://www.theregister.co.uk/2005/02/08/internet_safety_day/ - - - - - - - - - - Catfight in the spyware corral A group devoted to setting anti-spyware standards and helping consumers distinguish between safe and harmful software is on the rocks, with three founding members resigning in protest over policies they say are too lax. It's a "catfight in the spyware corral," as one security expert called it. Webroot Software, Aluria Software and Computer Associates International's PestPatrol successively announced their departures in recent days from the Consortium of Anti-Spyware Technology vendors (Coast). http://news.zdnet.com/2100-9588_22-5567781.html Anti-Spyware Consortium Crumbles Disappointment over COAST's failure to meet its goals is the most frequently voiced reason that the founding companies have left, but some observers have wondered how much the recent of inclusion of 180solutions has damaged the group; it recently was granted membership, despite the fact that it is an adware firm. http://www.newsfactor.com/story.xhtml?story_title=Anti-Spyware-Consortium-Crumbles&story_id=30311 - - - - - - - - - - Encryption catching on with security-conscious firms Data security is a must for Transend Business Services, a provider of Web-based managed business transaction services located in Chicago and Ottawa. As part of its services, the company stores and archives massive amounts of sensitive data regarding its clients' customer transactions. The company defends itself with multiple layers of firewall security, as well as VPN tunneling for data replicated between the company's data centers. http://computerworld.com/securitytopics/security/story/0,10801,99615,00.html - - - - - - - - - - Defense makes digital validation apps available The Defense Department has rolled out two applications to validate the authenticity of digital signatures for its Common Access Card program. DODs Public-Key Infrastructure Program Management Office has chosen Tumbleweed Valicert Validation Authority from Tumbleweed Communications Corp. of Redwood City, Calif., and Real Time Credential Validation Authority from CoreStreet Ltd. of Cambridge, Mass. http://www.gcn.com/vol1_no1/daily-updates/35038-1.html - - - - - - - - - - Of Dog Sniffs and Packet Sniffs Why a Supreme Court decision on canine-assisted roadside searches opens the door to a new regime of Internet surveillance. The Fourth Amendment to the U.S. Constitution is supposed to be the one that protects people and their "houses, places and effects" against "unreasonable searches." Forty-two years ago, the U.S. Supreme Court held that attaching a listening device to a public pay phone violated this provision because the Constitution protects people, not places, and because the Fourth Amendment prohibits warrantless searches without probable cause if the target enjoys a reasonable expectation of privacy. http://www.securityfocus.com/columnists/297 - - - - - - - - - - Latest virus, spam and hoax news Learnt how to create viruses? Now learn how to create spam and spyware. Students at the University of Calgary will soon be learning how to write spam and spyware programs as part of their computer security course. In the summer of 2003, the anti-virus industry was up in arms over the fact that the University of Calgary was proposing to teach its students how to write viruses. Now, the University plans to add spam and spyware to the course. http://www.virusbtn.com/news/spam_news/2005/02_08a.xml?rss http://software.silicon.com/security/0,39024655,39127703,00.htm - - - - - - - - - - Ten security laws you can rely on Microsoft's Security Response Center gets many calls for help with security problems, and the security experts there say all of the calls fall into one of three categories. First is the one we hear about the most: software flaws resulting in vulnerabilities. Second is the misuse or poor configuration of software. Third are the basic security mistakes that companies and individuals make every day. http://www.zdnet.com.au/insight/security/0,39023764,39180323,00.htm - - - - - - - - - - How to convert IM from a security risk to a business tool What started out as a way for teenagers and college students to "chat" by computer has grown to become a ubiquitous business tool. According to IBM, instant messaging is the fastest-growing communications medium of all time, reaching 50 million users in just two years, compared to six years for e-mail. Industry analysis firm Gartner Inc. predicts that IM will become the dominant business communications tool by 2006. http://computerworld.com/securitytopics/security/story/0,10801,99525,00.html - - - - - - - - - - Teens' online lingo leaves parents baffled Shorthand text messages can hide inappropriate behavior. She did everything right. Her 14-year- old daughter's computer was in the living room. She even peeked over her shoulder once and a while during the girl's avid instant message chats to make sure nothing unusual was going on. But the girl fell into a steamy Internet love affair with a 35-year-old man anyway. The mother was horrified and confused: How could this happen? http://www.msnbc.msn.com/id/6928800/ *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.