NewsBits for March 14, 2006 sponsored by Digital Investigation - The International Journal of Digital Forensics & Incident Response - www.digitalinvestigation.net ************************************************************ US cops collar ATM fraud ring US police have arrested 14 people suspected of involvement in widespread ATM fraud that has forced a number of US banks to reissue debit and credit cards over recent months. The suspects are all accused of manufacturing counterfeit cards using stolen credit card details. Most of the arrests happened over the last fortnight. http://www.theregister.co.uk/2006/03/14/us_atm_fraud_arrests/ OfficeMax: No evidence of security breach Following an extensive review of its security systems, OfficeMax says it has no reason to believe it was the company that suffered the data breach that resulted in thousands of cases of debit card fraud. On Tuesday, the office-supply chain said that an independent study by a security expert found no indication that the company's customer information was lost. An internal investigation came to the same conclusion. http://news.zdnet.com/2100-1009_22-6049758.html - - - - - - - - - - Man charged with hacking into GM database A former security guard at General Motors Corp.'s Warren technical center is accused of taking employee Social Security numbers and using them to hack into the company's employee vehicle database. http://www.msnbc.msn.com/id/11827491/ - - - - - - - - - - Phishing fraudsters offer cash reward Email scammers are trying to dupe online banking customers into handing over sensitive account information using a bogus survey that offers a fictitious $20 reward. The attack, targeted against Chase Manhattan customers, represents the latest evolution of social engineering attacks by phishing fraudsters. http://www.theregister.co.uk/2006/03/14/chase_phishing_scam/ - - - - - - - - - - Ex-school aide gets 20 years for porn A federal judge Monday sentenced a former high school interpreter for the deaf to 20 years in prison for distributing child pornography over the Internet, the maximum recommended under sentencing guidelines. William Allen Lane, 34, e-mailed 15 child porn pictures to a local tattoo artist and said he delivered more than 700 images on a pair of CDs in exchange for a tattoo. The tattoo artist reported Lane to federal investigators in August. http://www.news-press.com/apps/pbcs.dll/article?AID=/20060314/NEWS0110/603140394/1075 - - - - - - - - - - Man gets 8 years for child porn A Kewanee man was sentenced to eight years in prison on 22 counts of child pornography, while his accomplice was sentenced to four years. Enoch Webster, 62, pleaded guilty in Henry County Circuit Court to 22 counts of child porn, two counts of aggravated criminal sexual abuse and possession of a weapon by a felon and was given eight years through the negotiated plea agreement, according to State's Attorney Terry Patton. http://www.pjstar.com/stories/031406/REG_B986P0DM.017.shtml - - - - - - - - - - Ex-chief found guilty on all counts in child-porn case A jury of nine women and three men spent nearly four hours in deliberations on Monday deciding the fate of former Wapakoneta Police Chief David L. Harrison before returning a verdict of guilty on all 18 charges. Harrison, dressed in a charcoal-colored suit, sat expressionless at the defense table in the Madison County courtroom as the clerk read each verdict. There was no reaction from a gathering of supporters, including his wife, Vicki, who were seated in the gallery behind the defense table. http://www.limaohio.com/story.php?IDnum=23570 - - - - - - - - - - Former Deputy Sentenced for Child Porn Investigators found hundreds of child pornography pictures on his computer. Now, the former Fresno County Sheriff's deputy is going to prison. Neil Edmiston was arrested in 2004 for having pornographic images of children on his computer. In court on Monday, a judge sentenced him to three years in prison. A judge gave Neil Edmiston the low end of the sentencing range, noting he had no prior record, voluntarily admitted to the crime and cooperated with law enforcement. http://abclocal.go.com/kfsn/story?section=local&id=3990161 - - - - - - - - - - Trojans swim team coach faces child pornography charges The former head coach of a childrens swim team in Halifax is facing child pornography charges. Robert Adam Widdis, 31, resigned from the Halifax Trojans Aquatic Club after police charged him last Thursday with possessing and accessing child porn. http://thechronicleherald.ca/Front/489985.html - - - - - - - - - - Convicted stabber now faces child porn charges The 23-year-old man convicted last week of stabbing and beating a Western Connecticut State University art student has also been accused of possessing child pornography in another case. Zachary Jay Elson, who faces up to 20-years in prison for the Danbury assault, is scheduled to appear in superior court in Bantam on Wednesday on 12 counts of possession of child pornography. http://news.newstimeslive.com/story.php?id=81051 - - - - - - - - - - Reno man held on suspected possession of child pornography A 45-year-old Reno man is behind bars on a federal charge of possession of child pornography after more than 10,000 images and more than 1,000 on-line videos were found on his computer, according to court documents released Monday. http://news.rgj.com/apps/pbcs.dll/article?AID=/20060314/NEWS01/603140348/1004/NEWS - - - - - - - - - - Workers duped by simple CD ruse To office workers trudging to their cubicles, the promotion looked like a chance at sweet relief from the five-day-a-week grind. By simply running a free CD on their computers, they would have a chance to win a vacation. But the beguiling morning giveaway in London's financial district last month was more nefarious than it appeared. http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5563 - - - - - - - - - - US judge ponders Google decision Google said users of its search engine have a right to their privacy. A US judge says he is inclined to order internet giant Google to turn over some data sought by the US government. Judge James Ware told a hearing in California that he would weigh the government's need to gather data against the privacy of Google users. http://news.bbc.co.uk/2/hi/technology/4804182.stm U.S. scales back demand for Google data; judge is favorable http://computerworld.com/developmenttopics/websitemgmt/story/0,10801,109546,00.html Google cuts data deal with DoJ http://www.theregister.co.uk/2006/03/14/google_doj_data/ - - - - - - - - - - Cybercrime worse than physical crime for Australian business Australian CIOs believe more strongly than their global peers that employees now pose a threat to corporate security, according to a new IBM research report. Seventy five percent of local CIOs who spoke to IBM perceive that threats originate internally compared to a global benchmark, based on a total of 17 countries, of 66%. http://www.itwire.com.au/content/view/3602/53/ - - - - - - - - - - Official seeks aid in fighting child porn Michael Cantara gets a "knot in his stomach" when he thinks about the backlog of computers that have yet to be analyzed as evidence in child pornography cases. Cantara, commissioner of the Department of Public Safety, asked lawmakers Monday to give him two more investigators to address the 60-case backlog that his current staff doesn't have time to process. http://kennebecjournal.mainetoday.com/news/local/2530860.shtml - - - - - - - - - - Spam king sets up in New Zealand? An unsolicited bulk e-mail campaign for broadband and telephone calling rates may have flushed out a notorious U.S. spammer from a low-profile existence in Auckland. Contacted by Computerworld, Brendan Battles of Auckland denies that he is the same person as U.S. spammer Brendan Battles. He also denied spamming in New Zealand, even though Computerworld rang him on a number supplied in one of the spam messages. http://www.computerworld.com/securitytopics/security/cybercrime/story/0,10801,109508,00.html - - - - - - - - - - Fraud falling under Chip and PIN Chip and PIN technology has helped cut credit card fraud by 13 per cent in the last year, its first decline in a decade, according to new figures. Data from the Association of Payment Clearing Services (Apacs) shows that losses due to the fraudulent use of credit and debit cards fell last year by PS65m to PS439m. http://www.theregister.co.uk/2006/03/14/chip_and_pin_security/ - - - - - - - - - - Cryzip Trojan Encrypts Files, Demands Ransom Virus hunters have discovered a new Trojan that encrypts files on an infected computer and then demands $300 in ransom for a decryption password. The Trojan, identified as Cryzip, uses a commercial zip library to store the victim's documents inside a password-protected zip file and leaves step-by- step instructions on how to pay the ransom to retrieve the files. http://www.eweek.com/article2/0,1759,1937408,00.asp - - - - - - - - - - McAfee ate my system False positive creates havoc. A faulty signature update from McAfee flagged up legitimate application files as infected with a low-risk virus, CTX. The dodgy anti-virus update (4715 DAT), issued on Friday, March 10, falsely identified a number of component files of Microsoft Office applications and some Windows systems files as infectious. Along with Microsoft Excel, components of Adobe Update Manager, Macromedia Flash Player and Google Toolbar were falsely labeled as viral. http://www.theregister.co.uk/2006/03/14/mcafee_av_false_positive/ - - - - - - - - - - Microsoft patches up Office Microsoft today issued two security updates for its Windows and Office products, including a patch that fixes a number of critical vulnerabilities found in the Office suite. In an advisory Microsoft said that its update fixes bugs in a variety of Office products, including Microsoft Office XP, Office 2003, Works Suite, and Office X for Mac. But the "critical" security rating -- Microsoft's most serious -- applies only to Microsoft Word, Excel, PowerPoint and Outlook 2000, or Office 2000. http://computerworld.com/securitytopics/security/story/0,10801,109553,00.html - - - - - - - - - - Fix in for 'critical' Flash player flaws Adobe Systems has issued a patch for critical security flaws in its Macromedia Flash Player that could allow malicious attackers to take control of systems. http://news.zdnet.com/2100-1009_22-6049676.html - - - - - - - - - - Liberty Alliance helps fuel use of identity specs As the Liberty Alliance Project gathers momentum, industry insiders are expecting a sharp rise in the use of products and services that use Web identity management specifications. The Liberty Alliance Project said today it expects the number of people and devices using federated identity specifications it endorses to top 1 billion this year. That figure includes people who have created identities using the Liberty-endorsed specifications, plus devices and Web sites that use the protocols. http://computerworld.com/securitytopics/security/story/0,10801,109541,00.html - - - - - - - - - - Windows Live parental controls due this summer Microsoft expects to release a first version of new, no cost parental control software for Windows XP by the end of June, the company said Monday. As reported earlier, Windows Live Family Safety Settings software is designed to help keep Web content that parents deem inappropriate from reaching their children. A preview version of the tool is currently available to testers. http://news.zdnet.com/2100-1009_22-6049294.html - - - - - - - - - - Passport data checks go live Personal details of passport applicants are being checked against third party databases in a scheme that could provide the basis for ID Cards. A scheme for verifying the personal details of passport applicants, which is intended to provide the basis for an ID Cards checking system, has gone live. http://www.theregister.co.uk/2006/03/14/passport_data_checks_live/ - - - - - - - - - - Windows Intruder Detection Checklist This document is being published jointly by the CERT Coordination Center and AusCERT (Australian Computer Emergency Response Team). http://www.cert.org/tech_tips/WIDC.html - - - - - - - - - - Dutch blaggers explode ATMs Banks in the Netherlands have begun fitting air vents to ATMs after local blaggers took to blowing up tills using explosive gas. According to local reports, enterprising local crims have taken to drilling holes in conventional ATMs and filling them full of flammable gas and igniting it from a safe distance, a technique called plofkraak. Surprisingly this doesn't incinerate the contents of cash dispensing machines. http://www.theregister.co.uk/2006/03/14/exploding_atm_attack/ - - - - - - - - - - ************************************************************ Digital Investigation is the international journal of digital forensics and incident response. To apply for a free sample copy visit: http://www.digitalinvestigation.net *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2006, NewsBits.net, Campbell, CA.