Updated: 26.11.2002; 11:39:06 Uhr.
disLEXia
lies, laws, legal research, crime and the internet
        

Tuesday, November 5, 2002

Wormholes in hacker case

The creator of the Anna Kournikova Internet worm, Jan De Wit, lost an appeal against his conviction in a Dutch court last week.

He was sentenced to 150 hours of community service in September, 2001 for creating and releasing the worm.

De Wit, aka OnTheFly, had appealed because he was afraid that a conviction would adversely affect his career.

The primitive e-mail-based worm spread like wildfire in February, 2001, infecting hundreds of thousands of computers.

Sydney Morning Herald Nov 5 2002 11:21AM ET [moreover Computersecurity]
23:53 # G!

Mitnick's 'Lost Chapter' Found

The first chapter of hacker Kevin Mitnick's new book was omitted from the print version by the publisher. It mysteriously showed up online over the weekend.

Chapter One appeared only in about 300 unbound galley copies that publishing company Wiley distributed to the media several months before releasing the book, according to a Wiley spokeswoman.

The publisher decided to remove the chapter shortly before releasing the book. Wiley representatives were unable to comment immediately on why the chapter was pulled.

The chapter contains the first recounting by Mitnick of his life as a hacker and a fugitive, as well as his arrest, trial and life in prison.

The chapter also includes allegations by Mitnick that John Markoff, technology reporter for The New York Times, printed malicious stories about Mitnick during the hacker's years as a fugitive.

The missing chapter was first made publicly available late Saturday in a Yahoo discussion group called "Kevin's Story." It has since appeared on other websites.

Mitnick said he didn't know who had posted the chapter online. E-mails to the yahoo.com address listed with the original post went unanswered.

"I feel pretty good about the chapter being available," Mitnick said. "For a long time I was portrayed as the Osama bin Laden of the Internet and I really wanted to be able to tell my side of the story. I wanted to be able to explain exactly what I did and what I didn't do to people who thought they knew me."

Much of the material in the "missing chapter" details Mitnick's dealings with Markoff. [Wired News]
23:24 # G!

Neue Diskussionen um Suizid-Foren im Internet

Die Suizid-Gefahr unter Jugendlichen darf nach Expertenmeinung kein gesellschaftliches Tabu-Thema sein. Es sei keine Lösung, vor dem Hintergrund des Doppel-Selbstmordes in Berlin am Wochenende mit dem "Verbieterhammer" etwa gegen Suizid-Foren im Internet vorzugehen, sagte der Sozialpädagoge Gerd Storchmann am Dienstag in einem dpa-Gespräch in Berlin. "Solche Foren müssen differenziert beurteilt werden", meinte der Experte, der für die Organisation Neuhland tätig ist, die Hilfe für selbstmordgefährdete Kinder und Jugendliche anbietet. Handlungsbedarf sieht Storchmann jedoch bei Websites, die Anleitungen zum Selbstmord geben. "Die müssen abgeschaltet werden."

Online-Foren zum Thema Suizid sind unter Ärzten und Psychologen umstritten. Im Jahr 2000 registrierten die Forscher rund ein Dutzend "Internet-Suizide" in Deutschland, weshalb zum Beispiel der Psychiater Ulrich Hegerl von der Ludwig-Maximilians-Universität-München auf etwa 30 solcher Foren hinwies. Gefährlich mache diese aber vor allem die Art, wie über den Freitod kommuniziert wird. Im Fall des Berliner Doppelselbstmordes schließt die Polizei nicht aus, dass sich die beiden Jugendlichen im Internet gefunden haben könnten. [heise]
23:12 # G! Translate

MS ruling leaked through security blunder

Judge Colleen Kollar-Kotelly's ruling on the Microsoft anti-trust trial leaked onto the Web two hours before the official release

A security specialist is highly critical of apparent procedural inadequacies which saw the long-awaited judgment in the Microsoft anti-trust case posted online almost two hours before its official release. Stephen Martin, a senior security consultant with SMS Management Technology in Melbourne, said whoever posted the information online before its planned release time was severely underestimating the risk that it would be located early.

Martin said "it seems that the information may have been in the hands of people who didn't understand its sensitivity".

The incident would "...raise procedural questions about who managed the information from its conception through to its release."

Reports from the US indicate court staff placed the judgment on its Web-site at 2:40 p.m. on Friday, ahead of its scheduled release time. The reports indicate court staff did not release a link to the information, assuming this would adequately secure the documents from external access.

The judgment was supposed to be published online at 4:30 p.m., half an hour after printed copies were to be given to Microsoft and government lawyers. At this time, the court was planning on releasing a link to the document files that were already on their web site, hence making them public.

Someone was able to figure out where the documents were on the court's Website before the link was released. The URL was not difficult to guess, and the US court's web server is set up to allow results to be easily accessed once they have been put online.

The judgment was placed online in several PDF electronic documents. They were found in a directory named "Opinions/2002/Kotelly". The judge's name is Colleen Kollar-Kotelly.

Anyone familiar with the way in which these judgments have been published online in the past would not have had any trouble finding the documents.

The file was not password protected in any way, and the court's Web server is configured to allow users to browse through directories when they don't know the name of the file that they are looking for.

A reader of technology news portal slashdot.org posted a link to the judgment documents that the editors promptly published on their news page at 3:33pm.

It's been reported that over 4,000 slashdot readers read the judgment before 4:30pm, the time that it was supposed to be released.

This is not the first time that an organisation has accidentally released sensitive information in this way.

Last month the third quarter profit results for Swedish software company Intentia were accessed, and then published, by the Reuters news agency before their scheduled release.

Intentia had put the information on its website before its release time and assumed that no one would find it.

ZDNet Nov 5 2002 4:55AM ET [<a href="http://www.moreover.com/";>moreover Computersecurity</a>]
17:59 # G!

FTC: where spam goes off to die

For years, the Federal Trade Commission has been receiving forwarded spam from Internet users. What exactly has the agency been doing with it? [Help Net Security]

<em>Statistics and somtimes court cases ... al least that'S what they told at the National Cybercrime Conference 2002. They recive about 15.000 Spam messages per day</em>
17:51 # G!

BSA meldet bislang größten Schlag gegen europäische Raubkopierer

Das Internet Enforcement Team der Business Software Alliance (BSA) war nach eigenen Angaben der italienischen Finanzpolizei beim bislang größten Schlag gegen organisierte Software-Kriminalität in Europa behilflich. Bei Haussuchungen in neun Provinzen wurde ein Ring ausgehoben, der Raubkopien, Videos, Spiele und pornografisches Material im Wert von rund 100 Millionen Euro über drei Websites verkauft hatte. Ein Verdächtiger sei bereits angeklagt worden, gegen neun weitere werde ermittelt.

Die gefassten Raubkopierer hatten nach Angaben der BSA Verbindungen nach ganz Europa, insbesondere nach Deutschland, Spanien, Großbritannien sowie den Niederlanden. In diesen Ländern soll mit den Erkenntnissen der erfolgreichen Aktion - die Sichtung des Materials dauere derzeit noch an - nun ebenfalls verstärkt ermittelt werden. [ComputerWoche: Nachrichten]
17:15 # G! Translate

BKA-Zivilfahnder bekommen Steckbrief per SMS

Das Bundeskriminalamt (BKA) will eine neue Methode der Verbrechensbekämpfung testen: In den kommenden fünf Monaten verschicken städtische Ordnungsämter, Taxizentralen und Nahverkehrsbetriebe Kurzmitteilungen der Polizei an ausgewählte Mitarbeiter. Die SMS enthalten beispielsweise Beschreibungen von vermissten Personen, entflohenen Strafgefangenen oder Kfz-Kennzeichen. Die Teilnahme der "zivilen Ermittler" sei freiwillig. Von dem System erhofft sich das BKA, Straftaten schneller aufklären zu können. Das Pilotprojekt startet in zehn Polizeidienststellen: Traunstein (Bayern), Karlsruhe (Baden-Württemberg), Jena (Thüringen), Bochum (Nordrhein-Westfalen), Hannover (Niedersachsen), Potsdam (Brandenburg), Rostock (Mecklenburg-Vorpommern), Rendsburg (Schleswig-Holstein) und Saarbrücken (Saarland). [ComputerWoche: Nachrichten]
17:07 # G! Translate

Suing the fat-pushers

The lawyer who led the "nonsmokers' rights" class-action suits is laying into a new target: pushers of obesity-generating foodstuffs:

Who will he sue now? For starters, schools with food contracts that provide sugary and fatty food, and fast-food companies in general. His argument: Many food companies have neglected to inform consumers about just how bad their products are, have made misleading health claims about them and, worst of all, have exerted enormous pressure on their most gullible audience -- children. Eventually, he predicts, the states could sue to recover the billions they spend on obesity-related diseases (diabetes, strokes), and then the companies could settle, presumably for oodles of money, like the tobacco companies did.

11:17 # G!

Panama breaks the Internet

Panama's government has ordered all of its ISPs to begin blocking the UDP ports used for Internet telephony (AKA VoIP). The national telco is pissed that ISPs are undermining their businesses, which rely on charging farcically high rates for long-distance, and they've gotten their pals in government to strong-arm all the ISPs in the country.

In the decree, the Panamanian government requires "that within 5 days of publication, all ISPs will block the 24 UDP ports used for VoIP and any other that could be used in the future (which could end up being all UDP ports)," according to a reporter and computer consultant there, and that "the ISPs will block in their firewall or main router and in all their Border routers that connect with other autonomous systems."

This "unequivocally decrees that all routers, including those not carrying traffic from Panama, but that might be traversing Panama, have the 24 UDP ports blocked."

The significance of the government action affects areas far beyond that nation. Due to its geographical location, numerous undersea cables connect in the country, making it a substantial hub for international IP traffic.

David "Reed's Law" Reed posted this followup to the Interesting People list:

What Panama is doing is asking for the Internet to be redesigned and rearchitected in order to inflict a policy that relates to competition. The result is not the Internet.

It is important for the IAB and IETF to point out to the government of Panama that the service they are asking to be deployed is NOT the Internet. It violates the Internet standards, by incorporating an end-to-end protocol into the routers between adminstrative domains.

[Boing Boing Blog]
10:59 # G!

China Introduces Internet Identity Cards

A Chinese province is requiring Internet cafe users to buy access cards that identify them to police, further tightening official monitoring of who uses the Internet and what they do online, a police spokesman said yesterday. The system was installed in all 3,200 Internet cafes in the central province of Jiangxi last month.

"This system gives us more power to prevent crimes and identify criminals on the Internet," said the spokesman, who wouldn't give his name. [The Hacktivist]
10:51 # G!

Re: BBC News: Fake bank website cons victims (Leeson, RISKS-22.34)

The PayPal scam mentioned in RISKS 22.34 was relatively recent.

The technology was developed several years ago on AOL. It was common enough that it inspired the coining of a new term - phishing (for passwords and/or credit card numbers). The part I know about was mostly used by spammers. With a password, they could use the victims AOL account to send spam. With a credit card, they could sign up for more throw-away dial-up accounts to use for spamming.

Feed aolbilling to google-groups for more than you want to know: aolbilling.com is currently registered to somebody in Korea.

Here is a URL from May, 2000 describing the second wave - Yahoo, Hotmail... http://news.com.com/2100-1023-240295.html?legacy=cnet&tag=st.ne.ron.lthd.ni [Hal Murray via risks-digest Volume 22, Issue 35]
10:44 # G!

Online job listing an ID theft scam

'Background check' used to steal full slate of personal info By Bob Sullivan, MSNBC, 4 Nov 2002

It was just the job lead Jim needed: a marketing manager position with Arthur Gallagher, a leading international insurance broker. And only days after Jim responded to the job posting on Monster.com, a human resources director sent along a promising e-mail. We're interested in you, the note said. The salary is negotiable, the clients big. In fact, the clients are so valuable and sensitive that you'll have to submit to a background check as part of the interview process. Eager for work, Jim complied -- and sent off just about every key to his digital identity, including his age, height, weight, Social Security number, bank account numbers, even his mother's maiden name. IT WAS ALL JUST an elaborate identity theft scam designed to prey on the most vulnerable potential victims - the increasing ranks of the unemployed. ... http://www.msnbc.com/news/830411.asp [Monty Solomon via risks-digest Volume 22, Issue 35]
0:00 # G!


Maximillian Dornseif, 2002.
 
November 2002
Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
Oct   Dec

Search


Subsections of this WebLog


Subscribe to "disLEXia" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.