NewsBits for March 16, 2005 ************************************************************ Dutch hackers sentenced for attack on government sites Five computer hackers in the Netherlands have been handed sentences ranging from work orders to youth detention for disabling a number of websites operated by the Dutch government. A group of around 15 hackers, who called themselves '0x1fe Crew', carried out a Distributed Denial of Service (DdoS) attack last year on the government websites and in a protest against recent cabinet proposals. The group claimed cabinet members were its sole targets. - - - - - - - - - - Tech Worker Sentenced to Prison for Hacking An Orange, California, IT manager who earlier pled guilty to hacking into his previous employer's computer network was sentenced Monday to five months in prison, the U.S. Attorney's Office said this week. According to a plea agreement dated August 30, 2004, Mark Erfurt broke into the computer systems of Santa Clara, California's Manufacturing Electronic Sales Corp. (MESC) on January 23 and 24 of 2003.,aid,120069,pg,1,RSS,RSS,00.asp - - - - - - - - - - KWU is victim of computer crime Someone reportedly got access to a Kansas Wesleyan University bank account and made about $10,000 in purchases, according to police. Deputy Salina Police Chief Barry Plunkett said the account was accessed through the Internet sometime between Feb. 22 and March 10. Five online purchases were made during that time, Plunkett said, for a total of $10,042. - - - - - - - - - - Kaiser Permanente patient data exposed online A disgruntled former employee at Kaiser Permanente, a health maintenance organization in Oakland, Calif., posted a link to a Web site containing the personal information of 140 Kaiser patients -- an effort, she said, to call attention to a potential breach of privacy laws by the company.,10801,100420,00.html - - - - - - - - - - Denmark fines mobile operator for SMS spam Debitel, a German-based telecoms operator, has been fined a record 2m kroner ($359,000) by a Danish commercial court for bombarding the customers of rival operator Telmore with junk messages touting its services. Germans form spam-busting alliance - - - - - - - - - - Spain spearheads net paedo dragnet Spain's interior ministry has announced that it is co-ordinating a 12-nation dragnet against net child pornography and expects around 500 arrests worldwide. Police are making simultaneous searches of homes in Argentina, Chile, Costa Rica Dominican Republic, France, Italy, Mexico, the Netherlands, Panama, Spain, Sweden and Uruguay after material distributed via a Spanish-language net chat room led authorities to the suspects. - - - - - - - - - - Judge fired after kiddie porn verdict A judge at Copenhagen's Maritime and Commercial Court was fired from his post on Monday, after receiving a conviction for the possession and distribution of child pornography. The 51-year- old judge was suspended from his post in April 2004, four months after police in the Copenhagen suburb of Lyngby charged him with owning and distributing child pornography. The judge continued to receive full salary. - - - - - - - - - - Child porn case prompts changes Internal Affairs says it's made radical policy changes after a school bus driver caught with child pornography was able to keep working. Graham Clyde Eyre was sentenced to three months prison after pleading guilty to 15 charges relating to nearly 300 images found on his computer of young boys being abused. - - - - - - - - - - ID thieves launch Dennis Thatcher scam In a bizarre spin on the now familiar 419 scam, security researchers today warned of a newly discovered email fraud designed to dupe unwitting recipients into believing they are the beneficiaries of the late Sir Denis Thatcher's last will and testament. The email, which claims to come from the lawyers of the ex-prime minister's late husband, says that the recipient will receive PS950,000 in compensation for work they have done helping the less privileged. The email claims that Sir Denis collected the money during his long and successful career in business. - - - - - - - - - - U.S. may restrict sale of Social Security numbers Seeking to combat rampant identity theft, U.S. lawmakers said Tuesday they may clamp new restrictions on companies that amass and sell social security numbers and other personal information. Executives from ChoicePoint and rival LexisNexis told legislators that they had scaled back the sale of sensitive personal information following revelations in recent weeks that identity thieves gained access to more than 177,000 of the consumer profiles they sell. Data Brokers Vow to Protect Personal Information - - - - - - - - - - DoS attack will cost 2 years of jail Derek Wyatt MP, chairman of the All Party Internet Group (APIG), has filed notice of a 10 Minute Rule Bill calling for amendments to the Computer Misuse Act (CMA) to address the threat from denial-of- service (DoS) attacks. Wyatt's Computer Misuse Act 1990 (Amendment) Bill tackles the key recommendations of the APIG inquiry into a revision of the CMA calling on the government to add a specific DoS offence and increase the maximum custodial penalty for CMA Section 1 (Hacking) offences from six months to two years. DoS attacks: crime without penalty - - - - - - - - - - US cyber-security 'nearly failing' Cyber-security in the US is "nearly failing" and has been given a "must try harder" D+ rating by the Federal government. The US Office of Management and Budget set forth cyber-security standards in the Federal Security Management Act 2002, encouraging federal agencies to tighten their IT systems. But government agencies are still not operating in a secure environment and have earned a nearly failing overall rating of D+. GAO finds ACE flaws - - - - - - - - - - Botnets multiplying over IRC A newly published report by the Honeynet Project and Research Alliance has shown that internet relay chat (IRC) is crucial to hackers running so-called botnets of virus-infected PCs. The team, which uses test machines to analyse hacker behaviour, found many IRC bots which were being used to control infected PCs in distributed networks. Bot nets use Windows for wicked work - - - - - - - - - - Limewire patches serious snooping bugs Limewire users need to update their software following the discovery of a brace of vulnerabilities that could allow snoops to spy on any file on a computer running vulnerable versions of the popular P2P file-trading software. The pair of security bugs, reported in Limewire versions 3.9.6 through 4.6.0 (for Windows), allows an intruder to read files outside shared directories whenever a target logs onto P2P networks. - - - - - - - - - - Pedophiles better at using Internet to prey on kids Less than two minutes after Angie Wilson entered an online chat room posing as a 14-year-old girl, older men began sending her messages. It didn't ake long for some messages to turn graphic, with one of the men sending Wilson a special agent with the Kansas Bureau of Investigation a sexually explicit image of himself. - - - - - - - - - - Child porn: Internet dangers arise A Thunder Bay family was appalled to discover that their daughter a Grade 6 student had her photo posted on a peers website. Anita Berglund, a family friend, said the girl was not aware that her school photo was posted. and she was especially upset when her name, age and school accompanied the photo. Berglund, who withheld the girls name to protect her identity, said the family fears the website could be an invitation for pedophiles to hunt down children. - - - - - - - - - - IT pros lulled into false sense of security Newly published research has warned that IT managers are not as secure as they think they are. According to a poll by research firm Dynamic Markets, over 90 per cent of IT managers believe that have good security protection, but 15 per cent of companies surveyed did not have any IT security systems in place beyond antivirus software and a firewall. - - - - - - - - - - No ID cards before the election It looks like the sun will set on the current legislative session before the government can get its ID card bill on the statute books. The government's plans for a national ID card look set to be shelved until after a general election because of likely opposition to the bill by Conservatives in the House of Lords.,39020330,39191661,00.htm - - - - - - - - - - Fla. county secures wireless Cautious about the security of its wireless network, a Florida county government has installed devices in its buildings to detect and prevent wireless intrusion. By using such devices to secure about 3 million square feet of airspace across 15 of Sarasota Countys 200 buildings, it is easier for information technology personnel to spot any unauthorized vulnerabilities or attacks on the wireless infrastructure. - - - - - - - - - - Hardware security sneaks into PCs Millions of workers will get the latest in PC security this year--but they won't get the full benefit. The three largest computer makers--Dell, Hewlett-Packard and IBM--have started selling desktops and notebooks with so-called trusted computing hardware, which allows security- sensitive applications to lock down data to a specific PC. - - - - - - - - - - TV Hacker: 15 Minutes Fame, Six Months Jail The perpetrator of the WebTV attack, David Jeansonne, was sentenced to 6 months for sending out e-mails with attachments that, if downloaded, made changes in customers' set-top box configurations that caused them to unintentionally dial the 911 emergency number. The recent sentencing of a Louisiana man for setting a Trojan virus loose among WebTV subscribers illustrates the Internet's vulnerability to security breaches -- regardless of the medium used to access it. - - - - - - - - - - Are IT workers becoming the corporate cops IT departments feel increasingly under pressure to be the "corporate police force" responsible for enforcing internal ethical and code of conduct policies, according to UK bosses. The issue has been highlighted by the firing of Boeing's CEO earlier this week after what appears to be the leak of one of his emails to the board revealing his relationship with a female co-worker in breach of the company's ethics code. - - - - - - - - - - A Method for Forensic Previews A Classic scene from the information security professional's work life. One of your systems administrators pokes his head in your office door. "The print spooler machine may have been compromised. Can you help me take a look? Some odd files have appeared -- that's all we know right now." Your pulse steps up a few beats: you told Operations on more than one occasion that they should address the availability issues faced by critical servers. *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2005,, Campbell, CA.