NewsBits for March 13, 2006 sponsored by Digital Investigation - The International Journal of Digital Forensics & Incident Response - ************************************************************ Georgetown Hack May Have Exposed Personal Data Georgetown University in Washington has called in the U.S. Secret Service to investigate a server breach that may have exposed confidential information on more than 41,000 individuals.,10801,109426,00.html - - - - - - - - - - Hacked bank server hosts phishing sites Criminals appear to have hacked a Chinese bank's server and are using it to host phishing sites to steal personal data from customers of eBay Inc. and a major U.S. bank., according to Internet services company Netcraft Ltd.,10801,109500,00.html - - - - - - - - - - Email marketing firm settles data mining lawsuit Email marketing firm Datran Media has agreed to reform its business practices after paying $1.1m to settle a lawsuit that alleged it used personal data and email addresses gathered from other companies to mount junk mail campaigns.,1,7179106.story - - - - - - - - - - Citibank ATM fraud 'just tip of iceberg' - analyst An ongoing ATM fraud problem that forced Citibank into reissuing an unspecified number of US credit and debit cards is only part of a larger ongoing threat, a leading analyst warns. Avivah Litan, a research director at Gartner, said that Citibank is only one of a number of victims and that the banking industry is "less than halfway through this latest scam, which will continue to affect large numbers of cardholders". Lack of Candor Heightens Public Concern About Debit Card Fraud The mystery surrounding the source of a data compromise that resulted in an unprecedented wave of debit card fraud is fueling concern about the scope of the problem. The incidents also shine a spotlight on what appears to be an increase in attempts by criminals to compromise PIN-based card transactions, which have long been considered very secure, analysts said.,10801,109477,00.html - - - - - - - - - - Holy Grail No More It's happened again. In late February, another laptop was stolen that reportedly contained tens of thousands of names and Social Security numbers. This time, it was grabbed from the home of a state college employee in Denver; that employee had the data on the laptop in order to write a grant proposal and a master's thesis.,10801,109444,00.html - - - - - - - - - - Child Porn Producer in NC Gets 25 Year Sentence Burhan Mahmod Hinawi, age 44, of Charlotte, North Carolina was sentenced Friday by a federal judge to 25 years in prison to be followed by supervised release for life for production of child pornography in Syria which Hinawi transported into the United States. - - - - - - - - - - High school deaf interpreter gets 20 years for child porn A former Fort Myers High School deaf interpreter was sentenced to 20 years in prison today for transporting more than 4,000 pictures of child pornography. William Allen Lane, 34, of North Fort Myers, was arrested and charged in August with one count of transportation of child pornography and one count of possession of child pornography. In exchange for his guilty plea in December, prosecutors dropped the possession of child pornography charge. - - - - - - - - - - Virginia Man Gets 20 Years for Anime Child Porn Sentence for Parolee Includes Charges for Anime and Real Photographs. The Virginia man who was found guilty of 74 counts of child pornography in November, including several charges related to anime, has been sentenced to 20 years in prison. The individual, who was already on probation for a previous child pornography conviction, used a computer at the Virginia Employment Commission to download anime-child pornography and digital photographs of real children engaged in sexually explicit acts. - - - - - - - - - - Man gets prison in child porn Police don't know how long Girard LaFortune was stockpiling child pornography on his computer and in the ceiling of his apartment, but they're glad he won't be sharing such images for quite a long time. - - - - - - - - - - Defense rests in porn case: Accused ex-Wapak police chief does not take stand. The former Wapakoneta police chief accused of accessing and reproducing child pornography on his work and personal computers did not take the witness stand in a Madison County courtroom in his own defense. - - - - - - - - - - Millis man being held in child porn case A 40-year-old Millis man who spent much of the past six years working with children has been indicted by a federal grand jury on child pornography charges. - - - - - - - - - - Melvindale man arrested for stockpiling child porn DETROIT Law enforcement officials in Wayne County say they've never seen a child pornography collection so large. A 50-year-old suburban Detroit autoworker has been arrested for possession and manufacturing child porn. - - - - - - - - - - No Word Yet on Child Porn Charges The Crown has been handed all the information, but there has been no word yet on what charges, if any, will be laid against a 28 year old Prince George man. He was arrested at an Aitken Cresent residence early last week when police, accompanied by members of the Integrated Child Exploitation Unit executed a warrant at the home. At that time, police seized a computer and computer storage equipment. - - - - - - - - - - 'File-sharing' spurs arrest on porn charge At its peak a few years ago, so-called "file-sharing" networks were used to swap the hottest music, with people sharing tunes all over the planet. Now, authorities say, file-sharing is being used to swap images and videos of child pornography.,1249,635191184,00.html - - - - - - - - - - Internet-Arranged Suicides Surge in Japan Six young Japanese were found dead from asphyxiation in a car Friday, charcoal stoves still smoking beside them apparently the latest victims of a surge in suicide pacts arranged over the Internet. Authorities said they suspected the five men and a woman, all in their 20s, met online before dying together Thursday night in a forested area 50 miles northwest of Tokyo. The car's windows had been sealed with tape. - - - - - - - - - - Web site in Siberia threatened with closure The Russian government sought Friday to shut down a popular, independent news Web site in Siberia for publishing extremist views of an anonymous reader who insulted Islam. - - - - - - - - - - IRS notices more 'phishing' identity theft attempts during filing season The Internal Revenue Service, noting an escalation in identity theft scams, is raising alarms about e-mails designed to dupe taxpayers into revealing personal financial information. IRS and Treasury Department officials have noticed an increase this winter in the frequency and sophistication of ``phishing'' schemes that use the tax agency's logo to lure victims. - - - - - - - - - - Sex crimes take toll on police Lexington County sheriffs investigators are feeling the strain of working back-to-back sex crimes since the beginning of the year. Each two-week pay period has been averaging about $18,000 in overtime this year, Sheriff James R. Metts said. - - - - - - - - - - Slick Internet and mail frauds still catching the vulnerable off-guard The Butte County District Attorney's Office, Royal Canadian Mounted Police and Canadian Postal Service recently helped a 74-year-old Oroville man retrieve $20,000 he'd sent to scam artists in Montreal for a lottery prize "processing" fee. Unfortunately, they couldn't help him recover the estimated $280,000 he'd already lost. - - - - - - - - - - McAfee Scrambles to Contain Virus Definition Gaffe Anti-virus vendor McAfee is scrambling to contain the damage from a faulty definition update that incorrectly flagged hundreds of legitimate software programs as W95/CTX, a low-risk Windows 95 virus that was first detected in 2004.,1759,1937154,00.asp McAfee software causes havoc McAfee update exterminates Excel - - - - - - - - - - Hole found in open source encryption software Developers of the open-source GnuPG encryption software have reported a security flaw that could allow an attacker to sneak malicious code into a signed e-mail message.,10801,109506,00.html,39024655,39157140,00.htm - - - - - - - - - - Ubuntu releases bug fix The Ubuntu Project has released a fix for a bug in Version 5.10 of its Linux operating system that could expose sensitive information. The installer in Ubuntu 5.10 fails to clean user passwords in the installer log files, leaving the passwords exposed to anyone who opens the log file.,10801,109511,00.html - - - - - - - - - - More on Mac Security Some advice after a handful of mostly harmless worms shows that Macs are vulnerable to attack. In the weeks since my last column, three Mac security exploits cropped up and have received a lot of attention (not that I'm saying "I told you so"). However, like the ones before them, they have proved to be not very threatening, albeit in varying degrees. And all three have been addressed by a security patch that Apple released on March 1.,aid,124982,00.asp Warnings over serious Apple flaws - - - - - - - - - - Virtual rootkits create stealth risk MS researchers grapple with phantom malware Security researchers have uncovered new techniques to hide the presence of malware on infected systems. By hiding rootkit software in virtual machine environments, hackers have the potential to avoid detection by security software, boffins at Microsoft Research and the University of Michigan warn. - - - - - - - - - - NIST seeks comments on digital signatures draft regulation The National Institute for Standards and Technology wants government and industry to comment by June 12 on its new draft standards for digital signatures, according to a request for comments issued today. - - - - - - - - - - CipherTrust toolbar adds phish net to e-mail E-mail security specialist CipherTrust on Monday released a free toolbar designed to help keep in-boxes clean. The TrustedSource Toolbar fights spam, phishing and e-mail fraud, the company said in a statement. The toolbar is available for Outlook and Lotus Notes. A version designed for Web-based mail, including Microsoft's Hotmail and Yahoo Mail, is due during the second quarter, the company said. - - - - - - - - - - How to legislate against hackers Everyone is in favour of sending hackers to prison for longer, but technology commentator Bill Thompson wonders if our MPs are competent to make good cyber-laws. - - - - - - - - - - Internet blows CIA agents' cover The Chicago Tribune says it has compiled a list of 2,653 CIA employees, just by searching the internet. The newspaper said it gathered the information from online services that compile public data, that any fee-paying subscriber can access.,1,1450881.story - - - - - - - - - - New Met blogging rules spark anger Many organisations are now having to consider how they deal with employees who blog about their work, and one of the most recent to take up the challenge is the Metropolitan Police. - - - - - - - - - - Report: Cost of FBI computer project up to $500 million The FBI plans to spend up to $500 million building the final piece of its delayed, troubled technology upgrade, yet risks a repeat of earlier missteps that led to excessive costs, according to a government report released Monday. ************************************************************ Digital Investigation is the international journal of digital forensics and incident response. To apply for a free sample copy visit: *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2006,, Campbell, CA.