IT@Diocesan House #19

INTERESTING WEBSITES:
For those of you interested in web marketing or search engine
optimization, t...
money, according to a survey.
FULL STORY

Amazon.com adds web services to its offerings
Critics thought it was over the to...
agency said.
FULL STORY

China cuts online video a little slack
China's government has eased new Internet controls that ha...
security innovations.
http://www.elabs5.com/ct.html?
rtr=on&s=o1l,j69,er,1lbg,dzr7,2n9,aafe

Resume advice for the over-50...
What's in a (domain) name? Some serious cash.
At least 100 domain names sold for more than $100,000 last year.
http://www....
North and South Korea exchanged video messages with their kin
Tuesday under a new program. The two Koreas plan to continue...
25 Moments From Our First 25 YearsWe at PC World have seen
technology history--lots and lots of it. And maybe even made a ...
new HDTV's picture? We've got solutions for these and 22 other
common tech conundrums.Read the article

Use Google Apps to...
processor for screenwriters.Read the story

Time Warner to Split AOL Internet BusinessTime Warner will run the
Internet ac...
yourself if you think so.Read the story

From ITBusiness Edge/Daily Edge:
Phishers Go Whaling
The names given to various I...
investigated by the International Trade Commission, and Barracuda
is asking the open source community for help researching...
Trolltech: Another Open Source Company Gobbled Up :: News.com
French Police Dump Windows for Ubuntu :: The Register
Govern...
ENTERPRISE SECURITY IN 2008: ASSESSING ACCESS
MANAGEMENT
Joel Dubin, Contributor
Let's start with a key piece of the remot...
operated the two cables, but the damage to both occurred within a
matter of hours. Undersea cables can be damaged by movem...
--Employee Literally Pulls Plug on Attempted Cyber Theft
(January 31, 2008)
A scheme to steal money from a bank using remo...
was a violation of company policy.
http://www.njherald.com/345987573807788.php
http://www.computerworld.com/action/article...
that was discovered missing last October. It was being stored at a
warehouse run by Iron Mountain Inc., a data storage com...
reveal its border search policies, including policy regarding
copying electronic content from devices and seizing such dev...
DNI CYBER THREAT SUMMARY
DNI has just released a new unclassified threat assessment.
Below is a summary of the assessment;...
Of avocados and toilet flushes: a round-up of miscellaneous Super
Bowl legends.
Guitar Man: Musician finally masters extra...
current on them and do our best to point readers to authoritative links
confirming or debunking them.
c
Political rumors c...
promising untold wealth if only one helps a wealthy foreigner quietly
move millions of dollars out of his country. The ven...
A worm that disables Windows Automatic Updating and the Task
Manager (a part of Windows that provides information about
yo...
http://www.sophos.com/pressoffice/news/articles/2008/01/love-
storm.html

-- Win 32/Agent.
A Trojan-like malware that foun...
email message he uncovered caused the URL for a popular Mexico-
based bank to map to a fraudulent website controlled by th...
Critical-PDF-Reader-Flaw/
http://www.computerworld.com/action/article.do?
command=viewArticleBasic&articleId=9061299&sourc...
m
http://www.zdnetasia.com/news/security/0,39044215,62037415,00.ht
m
[Editor's Note (Ullrich): Internet Storm Center handl...
http://milw0rm.com/exploits/5046
http://milw0rm.com/exploits/5043
Microsoft Knowledge Base Article (details the "kill bit"...
http://milw0rm.com/exploits/5025
Microsoft Knowledge Base Article (details the "kill bit"
mechanism)
http://support.micros...
Upcoming SlideShare
Loading in...5
×

it_roundup_19.doc

9,763

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
9,763
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

it_roundup_19.doc

  1. 1. IT@Diocesan House #19 INTERESTING WEBSITES: For those of you interested in web marketing or search engine optimization, there are several sites you need to check out: Google Analytics Biznology Church Marketing Sucks All of the above are good tools for web-based optimization. You might also want to check out Mike Moran's book, Doing it Wrong Quickly which is on web marketing and search engine optimization. FREE Apple Training: Lehigh Valley Mall Apple Store: http://www.apple.com/retail/lehighvalley/month/200803.html Bethlehem: Thursday, Mar 6, 2008: 06:30 PM-07:30 PM, at Double Click Intro to iPhoto See how to edit/manage your photo library and share your pictures with family and friends. Thursday, Mar 13, 2008: 06:30 PM-07:30 PM, at Double Click Intro to Leopard Introduction to Mac OS X 10.5 Thursday, Mar 20, 2008: 06:30 PM-07:30 PM, at Double Click Microsoft Office on the Mac Intro to MS Office '08 for the Mac. Philadelphia: Tuesday, Apr 8, 2008: 07:00 PM-09:00 PM, at Sam Ash Philadelphia Live on Stage with Logic Studio Logic Studio - from Garage to Studio to the Stage. From CNN.com: Consumers confused -- and often wrong -- about digital TV transition Much of what consumers are learning about the looming shift to digital broadcasting is just plain wrong and could end up costing them
  2. 2. money, according to a survey. FULL STORY Amazon.com adds web services to its offerings Critics thought it was over the top when Amazon.com Inc. expanded from books into music in 1998. When the Web retailer let competitors start selling things alongside its own inventory in 2000, they said Amazon had gone nuts. FULL STORY FBI wants palm prints, eye scans, tattoo mapping The FBI is gearing up to create a massive computer database of people's physical characteristics, all part of an effort the bureau says to better identify criminals and terrorists. FULL STORY WATCH VIDEO Free Web site maps crime reports, calls The inspiration for CrimeReports.com came a decade ago when Greg Whisenant made the mistake of letting a stranger, who turned out to be a burglar, into his apartment building in Arlington, Virginia. FULL STORY Communing without nature As people spend more time communing with their televisions and computers, the impact is not just on their health, researchers say. Less time spent outdoors means less contact with nature and, eventually, less interest in conservation and parks. FULL STORY Microsoft tinkers with scary-smart ads Microsoft Corp.'s online advertising researchers will spend this year teaching computers to be smart about sticking ads into video clips, and to be even smarter about targeting ads to specific Web surfers. FULL STORY Facebook fraudster 'stole prince's ID' Moroccan authorities arrested a state-employed engineer on Wednesday for allegedly stealing the identity of King Mohammed VI's younger brother on the Internet site Facebook, the official news
  3. 3. agency said. FULL STORY China cuts online video a little slack China's government has eased new Internet controls that had limited video-sharing to state companies, saying private competitors already operating in the fast-growing arena may continue. FULL STORY Reusable camera pill would be about $300 Technology that doctors expect will help detect precancerous cells faster and less painfully also could someday take cameras to parts of the body where no camera has gone before. FULL STORY Yahoo to reject Microsoft bid - source Yahoo plans to reject Microsoft's $44.6 billion takeover bid, the Wall Street Journal reported Saturday, citing a person familiar with the situation. FULL STORY EBay's PayPal funds freeze plan draws fire In the uproar that erupted over the planned fee hikes and other policy changes eBay announced last week, one drew particular ire and incredulity: eBay's plan to hold payments sent through its PayPal payment service for up to 21 days in certain circumstances. FULL STORY From the Christian Science Monitor: Facebook used to target Colombia's FARC with global rally Internet site to spawn protests in 185 cities Monday against rebel group's methods http://www.elabs5.com/ct.html? rtr=on&s=o1l,j69,er,be98,ajy8,2n9,aafe Building at World Trade Center is a showcase of terrorproof technologies Architects around the world are erecting skyscrapers that use a hollow concrete core surrounded by bomb-resistant glass and other
  4. 4. security innovations. http://www.elabs5.com/ct.html? rtr=on&s=o1l,j69,er,1lbg,dzr7,2n9,aafe Resume advice for the over-50 crowd Those with lengthy work histories must keep resumes brief and adjust to today's digital times, career specialist say. http://www.elabs5.com/ct.html? rtr=on&s=o1l,j69,er,bosi,1cne,2n9,aafe Essay: Need a new password? Here's literary help. Be inventive when changing those computer passwords every few months. http://www.elabs5.com/ct.html?rtr=on&s=o1l,j69,er,l8r6,jpj8,2n9,aafe Colombians tell FARC: 'Enough's enough' In a march organized on Facebook, hundreds of thousands protested against the leftist rebel group Monday. http://www.elabs5.com/ct.html?rtr=on&s=o1l,jin,er,ez5o,1j12,2n9,aafe We're on information overload Kids can't focus these days, and neither can I. http://www.elabs5.com/ct.html?rtr=on&s=o1l,jin,er,iam2,jzgu,2n9,aafe Godtube.com puts Christian worship online Entrepreneur Chris Wyatt draws millions to GodTube.com, a website with Christian content that features prayer walls, video clips, and social networking. NEW YORK - Chris Wyatt bears many marks of the Internet Generation. His thumbs beat out text messages on his BlackBerry, while his 60-gig iPod croons a soundtrack for his life. He also sprinkles his conversation with words like "dude" and "man." Click here to continue reading... http://www.elabs5.com/ct.html?rtr=on&s=o1l,jlw,er,lh8b,855r,2n9,aafe In China, texting home for the New Year Modern technologies update Chinese traditions as billions of text messages zing phone to phone. http://www.elabs5.com/ct.html? rtr=on&s=o1l,jmv,er,gpty,79m3,2n9,aafe
  5. 5. What's in a (domain) name? Some serious cash. At least 100 domain names sold for more than $100,000 last year. http://www.elabs5.com/ct.html? rtr=on&s=o1l,jx7,er,cps4,16n8,2n9,aafe Humor: A dog becomes a victim of identity theft The ID tag of Sir Barks-a-lot, a black Lab, is stolen by a German shepherd owner, who pins a crime on the unsuspecting hound. http://www.elabs5.com/ct.html?rtr=on&s=o1l,jxv,er,egih,j2i3,2n9,aafe Burma's censors monitor Internet, newspapers - and poets The regime has watched the media more closely since last September's uprising by monks. http://www.elabs5.com/ct.html? rtr=on&s=o1l,kgk,er,kq89,32li,2n9,aafe Homeless: Can you build a life from $25? In a test of the American Dream, Adam Shepard started life from scratch with the clothes on his back and twenty-five dollars. Ten months later, he had an apartment, a car, and a small savings. http://www.elabs5.com/ct.html? rtr=on&s=o1l,kgv,er,l43l,e8cy,2n9,aafe In opening Iran's first major space center and unveiling the country's first domestically built satellite Monday, President Mahmoud Ahmadinejad said Iran needs to have "an active and influential presence in space." According to state-run television, Iran launched a research rocket that was its first into space, reaching more than 60 miles above the earth. The amount of water that flows in the Mississippi River has increased 9 percent since 1950 and carbon levels have risen 40 percent, according to a research article in the journal Nature. The authors cite farming practices, including irrigation and soil treatments, and new crop types, as the probable reasons why a greater percentage of rainfall makes it into the river instead of evaporating into the atmosphere. Dozens of families separated for decades by the border dividing
  6. 6. North and South Korea exchanged video messages with their kin Tuesday under a new program. The two Koreas plan to continue the exchange every three months. Enhanced security technology is now in use at three airports, with Boston the latest to introduce equipment for digitally scanning each finger of foreign travelers, not just their index fingers, as has been done since 2004. More complete fingerprinting, previously introduced in Washington and Atlanta, is slated to be used at all the nation's international airports, seaports, and border crossings by the end of the year. From Macworld.com: Review: MacBook Air The decision about whether the MacBook Air is a product worth having can be answered by one question: How much are you willing to compromise? In his extensive review of the latest Apple laptop, Jason Snell looks at what trade-offs you'll have to make and whether the MacBook Air is the right machine for your needs. Read the story Copy files from 10.5 Preview's sidebar http://www.macworld.com/article/131793/2008/01/dicttricks.html? lsrc=mwhints From PCWorld.com: PBS Adds iTunes U ContentApple's iTunes U offerings have expanded this week with new content from the(PBS) network.Read the story More Options With Tomorrow's Cell PhonesInstall the software and services you want--plus, enjoy cameras, portable game consoles, and more with access to wireless networks.Read the story Cut Cables Force Worldwide 'Net Traffic ReroutingA preliminary investigation links the cuts to a ship's anchor that dragged and ripped into the two fiber optic undersea cables.Read the story Hackers Can Expose Masked Surfers, Study SaysA researcher says the techniques to stay anonymous online can be thwarted through flaws in the systems.Read the story
  7. 7. 25 Moments From Our First 25 YearsWe at PC World have seen technology history--lots and lots of it. And maybe even made a little of it ourselves.Read the story Rock On! iPods Won't Hurt Your HeartMagnetic fields produced by Apple iPods and other such portable music devices don't interfere with cardiac pacemakers, an FDA study says.Read the story Three Plead Guilty in Nigerian Spam SchemeE-Mail sob stories that turn out to be scams could bring jail terms for trio who coaxed $1.2 million from victims.Read the story Facebook, MySpace Hit by Zero-Day FlawExploit code affecting an unpatched flaw in an image uploader used by both Facebook and MySpace is circulating publicly.Read the story Portable Hard Drive Requires PasswordThe new USB-based SATA EZSecu disk drive comes with a keypad to enter a PIN for access. Read the story New Mac Gaming Site Serves Disabled UsersAssistiveGaming.com launches to make computer games more accessible to fans with physical disabilities.Read the story Users' Bad Habits Invite Malware, Forum SaysA spyware forum panel suggests users' sloppy security practices are a major contributor to problems.Read the story 25 Products We Can't Live WithoutHere's the stuff you'd have to pry from the hands of the PC World staff.View the slideshow Hackers Rig Google to Deliver MalwareThe latest malware trend should prompt you to think twice about the links you click next time you search.Read the story 5 Cool Cell Phone AccessoriesHaving a flashy phone just isn't enough anymore. These add-ons will help you chat and listen to your tunes in style.Read the reviewShop for Cell Phone Accessories:Cell Phone Accessories 25 Answers To Common Tech QuestionsHow can you make Vista less annoying? Or back up your data easily? Or preserve your pricey
  8. 8. new HDTV's picture? We've got solutions for these and 22 other common tech conundrums.Read the article Use Google Apps to Build Your BusinessAdWords, AdSense, and Google Analytics can help you grow the reach of your Web site and help you make money.Read the article Open Your Business to Open-Source AppsThese nine free alternatives to commercial software applications can improve your productivity--and save you money.Read the article How the Presidential Candidates Stand on TechnologyFrom broadband speeds to patent reform, lots of important technology issues face the United States. Here's your guide to how the presidential candidates view the major questions.Read the story Apple Is Third Largest Smart Phone Company With the iPhone in only four countries, Apple has become the world's third largest smart phone supplier. Read the story Security Pros: Kill ActiveXA wave of bugs in the plug-in technology used by Microsoft's browser has some security experts recommending that users disable all ActiveX controls.Read the story Microsoft Offers Small Business Software SubscriptionsThe new Open Value Subscription program gives additional software license options to small businesses.Read the story Mac Hack Contest May Include Linux and Vista The CanSecWest security research conference promoters are thinking about giving hackers another shot at hacking a Mac, as well as Linux- and Windows-based PCs.Read the story Why Users Hate VistaHands-on users of the new OS are proving to be the most resistant. Read the story Four Services Inspired by Firefox and How They Were BuiltThe four applications serve different purposes: A Web browser, a music player and organizer, another that does the same for video, and a word
  9. 9. processor for screenwriters.Read the story Time Warner to Split AOL Internet BusinessTime Warner will run the Internet access and audience businesses of its AOL segment independently, the company said today.Read the story Technology Gets ChicA fashion show at the Boston Museum of Science blended high tech with high fashion.Read the story ZebraHosts Announces Mac HostingNew ZebraHosts service lets data center admins deploy Apple machines in dedicated rack space. Read the story Last Call: Analog Cell Phone Service DisappearingMost phones now use digital service, but home and business owners with alarm systems may miss the analog signal.Read the story Yahoo Cancels Limits on Small Biz Hosted StorageThe new monthly Web hosting service for small and medium sized businesses provides unlimited hosted storage capacity and bandwidth.Read the story Yahoo Said to Beef Up Talks With GoogleYahoo looks for alternatives to Microsoft's unsolicited $44.6 billion takeover bid, according to a report in the Los Angeles Times.Read the story Study: iPhone Dominant as Motorola FallsNew research claims consumers are searching out more advanced phones -- with Apple's iPhone and RIM's Blackberry leading the trend.Read the story New Apple Patents Show Range of TechnologiesForty-seven Apple patents have been published by the U.S. Patent and Trademark Office showing off upcoming product changes.Read the story Keep Windows XP Until 2009, Analysts Tell MicrosoftMicrosoft may have pushed a too-aggressive XP transition schedule because of how long it took to release Vista, an analyst suggests.Read the story Hacked Antivirus Site Delivers a VirusThe Web site of AvSoft Technologies attempts to install a virus on visiting PCs, security firm warns.Read the story Encryption Brings New Risks, Experts SaySecurity workers warn that encrypting stored data doesn't truly protect it, and you're fooling
  10. 10. yourself if you think so.Read the story From ITBusiness Edge/Daily Edge: Phishers Go Whaling The names given to various Internet scams are amusing. They also are important. Common sense says that the more precisely a threat is defined, the more effective technical countermeasures will emerge. Simply put, the better folks understand the issues, the better the odds are of staying safe — and it all starts with evocative names. But the names proliferate: phishing, spear phishing, pharming and drive-by- phishing. In a relatively recent innovation, there now is whaling. All of these terms refer to efforts to get folks to surrender valuable information or to click on links that do bad things to their systems, such as plant key loggers and spyware. Read Full Article Open Source Implications of Microsoft-Yahoo Microsoft's $44.6 billion bid for Yahoo is all over the news, of course, and pundits are analyzing the possibility from all angles. Will a Microsoft/Yahoo combo give Google a run for its money? Will the government gear up for yet another antitrust investigation? Does it automatically take the sting out of (and the suspicion away from) the Google-DoubleClick deal? News.com blogger Matt Asay raises another relevant question: If the deal goes through, what implications will a Microsoft-Yahoo combination have for open source? In his view, it puts Microsoft squarely in the open source game — like it or not. Read Full Article Barracuda: We Will Defend Open Source Against Patent Threat When I see the words "open source" and "patent threat," I automatically think "Microsoft and Linux." So when news of Barracuda Networks' fight with Trend Micro over ClamAV began to surface, it took me awhile to wrap my head around the situation. Here are the basics, from Barracuda's point of view: Trend Micro wrote a letter informing the open source security appliance provider that some of its products violated a Trend Micro patent. Upon discovering that the patent covered technology used in the Clam AV open source project, the company filed lawsuit seeking a declaratory judgment that the patent is invalid and not infringed. Now, the case is being
  11. 11. investigated by the International Trade Commission, and Barracuda is asking the open source community for help researching prior art. Users Cutting Corners, Not Crooks, Are Main Inside Threat Human nature dictates that malicious inside threats get more attention than folks who cut security corners out of ignorance or because they want to do their jobs more efficiently. But these non- malicious threats actually are far greater, says Matt Flynn, the strategist for NetVision. Luckily, many tools will do as good a job catching well-meaning employees bypassing security as a malcontent trying to steal valuable data. It is important, however, that security staffs put measures in place to closely track both groups. Read Full Article Noted Intranets Make Liberal Use of Web 2.0 Many companies are still struggling to determine when and where it makes sense to employ Web 2.0 technologies at work. Yet at least one application — the company intranet — appears to be a fairly obvious candidate to me. So it's not surprising that the winners of Nielsen Norman Group's (NNG's) annual Ten Best Designed Intranets competition make liberal use of such Web 2.0 features as advanced personalization. Read Full Article Get the Full Network Security Picture Network security analysts have so much data coming at them from so many different devices it's hard to get a handle on what's really going on sometimes, says Packet Analytics' Andy Alsop. The company's new tool gives them what they need to get a "full context" picture. Read Full Article U.S. Tops in Tech Use :: Reuters Web Site Takes Recruiting up a Notch :: Inc.com Cut Cables Cause Internet Outages in India :: USA Today Late or Not, Dell Enters VoIP Market :: GigaOM Blogger Calls Cloud Computing Just Plain Goofy :: ZDNet Vista May Be Linux's Best Friend :: The Chief Officers' Network Open Solutions Alliance to Open European Chapter :: LinuxWorld Insight on HP's Open Source Initiative :: News.com
  12. 12. Trolltech: Another Open Source Company Gobbled Up :: News.com French Police Dump Windows for Ubuntu :: The Register Government Using Wiki to Swap Info :: The Washington Post Gphone Speculation Mounts Again :: MarketingWeek Gartner Predicts More Macs and More :: InformationWeek Microsoft Makes $44.6 billion Bid for Yahoo :: TechCrunch Broad Encryption Deployment Key to Data Security :: News.com Web Apps, Phishing Responsible for Security Vulnerabilities :: InformationWeek Phishers Sharpening Their Harpoons :: Dark Reading Cisco Pushes High-Performance Firewall :: internetnews.com Storm Botnet Not Going Anywhere :: Computerworld From IEEE Spectrum: Detroit Auto Show: Diesels Turn Green and Ecofriendly Hybrid cars took a backseat to diesels, and GM went on an eco- offensive, but pickup trucks were still the big deal at the Detroit auto show Dean Kamen's "Luke Arm" Prosthesis Readies for Clinical Trials DARPA may decide the fate of Dean Kamen's next-generation prosthetic arm Gadgets Gab at 60 GHz Cheap silicon transceivers broadcasting in this still-unlicensed band may usher in the hi-def wireless home Across the Outback on Photons Alone With Australia's desert as its raceway, the World Solar Challenge illuminates some of the best electric-vehicle technology The Erasable Holographic Display New three-dimensional holographic material can be written and rewritten indefinitely, paving the way toward 3-D movies From Techtarget.com: INFORMATION SECURITY REQUIRES ORGANIZED TEAMS http://go.techtarget.com/r/2995785/5300425 Joel Dubin, CISSP, Contributor
  13. 13. ENTERPRISE SECURITY IN 2008: ASSESSING ACCESS MANAGEMENT Joel Dubin, Contributor Let's start with a key piece of the remote access and endpoint security puzzle: network authentication for mobile devices like laptops, BlackBerrys, PDAs and other wireless equipment. For road warriors armed with laptops, the old standby VPNs -- both IPsec and SSL -- will continue to grow and dominate because of their successful track record, ease of deployment and reasonable cost, though SSL will still outpace IPsec. http://go.techtarget.com/r/3004673/5300425 WHITE PAPERS: The Four Essentials of WAN Optimization from Packeteer TITLE: "Physical Security in Mission Critical Facilities" URL: http://go.techtarget.com/r/2989583/3976660/2 PUBLISHER: APC TYPE: White Paper 10 Steps to Security and Compliance http://go.techtarget.com/r/3013383/5300425 Outbound Email and Content Security in Today's Enterprise http://go.techtarget.com/r/3013384/5300425 Understanding VPN Technology Choices: Comparing MPLS, IPSec and SSL http://go.techtarget.com/r/3022991/5300425 The Age of Wireless LANs http://go.techtarget.com/r/3022993/5300425 SECURITY News: From SANS: --Severed Cables Disrupt Service in Mediterranean and Asia (January 31, 2008) Two undersea communications cables in the Mediterranean - one near Marseilles, France and the other near Alexandria, Egypt - were accidentally cut on Tuesday, January 29. Different groups
  14. 14. operated the two cables, but the damage to both occurred within a matter of hours. Undersea cables can be damaged by movement along fault lines or by ships' anchors. Internet access was disrupted in most of Egypt and in India, and some Verizon customers experienced slow service. Most communications were rerouted through other cables. http://www.nytimes.com/2008/01/31/business/worldbusiness/31cable. html?ei=5088&en=95a9e51bf6c http://news.bbc.co.uk/2/hi/technology/7218008.stm http://news.smh.com.au/damaged-cables-cut-internet-in- mideast/20080131-1p5a.html [Editor's Note (Schultz): Although it appears that this incident was completely accidental, it is hugely significant in that it provides a glimpse of what might happen when a massive denial of service attack designed to bring the entire Internet down occurs, something that I have predicted will happen this year. (Honan): If your company outsources services to countries overseas have you reviewed your business continuity plans lately to determine how an outage like this would impact on your business and what to do in the event that it does?] --FTC Asks Court to Hold Alleged MySpace Hijackers in Contempt (January 31, 2008) The Federal Trade Commission (FTC) has asked a US district court to hold alleged MySpace hijackers in contempt for violating an earlier FTC order that bars them from unfair and deceptive practices. Walter Rines, Sanford Wallace and Rines's company Online Turbo Merchant allegedly used a variety of techniques to redirect MySpace users to other websites where they were inundated with ads, earning the accused commissions. Rines, who previously ran a company called Odysseus Marketing, was accused in October 2005 of offering users free software that came bundled with spyware that bombarded users with pop-ups, replaced legitimate search results with results that benefited the company, and stole information from users. In October 2006, the FTC obtained a permanent injunction that barred the defendants from redirecting users' computers, changing their browser default home pages and from altering functions of other applications. http://www.computerworld.com/action/article.do? command=viewArticleBasic&articleId=9060482&source=rss_topic17 http://www.ftc.gov/opa/2008/01/contempt.shtm
  15. 15. --Employee Literally Pulls Plug on Attempted Cyber Theft (January 31, 2008) A scheme to steal money from a bank using remote access equipment was foiled when an attentive bank employee realized something was amiss with his computer and unplugged it. The thieves were attempting to transfer a large sum of money from the bank into an account that they would later presumably empty. Swedish police arrested seven people earlier this week in connection with the incident, which occurred last August. http://www.theregister.co.uk/2008/01/31/remote_access_bank_robber y_unplugged/print.html http://news.smh.com.au/swedish-bank-stops-digital- theft/20080131-1p53.html http://www.citynews.ca/news/news_19122.aspx [Editor's Note (Ullrich): It's nice to see someone paying attention! However, before you start unplugging your systems, consider removing the network cable instead. In some cases, memory forensics can be important. I know some malware researchers who snapped off the little tap on their network cable to make them easier to pull, after accidentally setting off malware (not that I recommend doing so on production systems. (Ullrich): Kudos to the employee for spotting this attack and reacting to it. Two takeaways from this story, does your security awareness program educate users on what they should do if they see suspicious activity on their system? How stringent are your background checks on the employees, contractors, cleaners and other people who have physical access to sensitive systems?] --Stolen Laptop Holds Info on 300,000 NJ HMO Members (January 30 & 31, 2008) A stolen laptop computer contains personally identifiable information of approximately 300,000 members of New Jersey-based Horizon Blue Cross/Blue Shield health insurance. The compromised data include names and Social Security numbers (SSNs), but not medical information. The laptop was not encrypted, but a security feature on the computer was programmed to delete the data on January 23. The computer was stolen from an employee on January 5. That employee was authorized to have the data on the computer, but taking it off premises without taking proper security precautions
  16. 16. was a violation of company policy. http://www.njherald.com/345987573807788.php http://www.computerworld.com/action/article.do? command=viewArticleBasic&articleId=9060299&source=rss_topic17 http://www.nj.com/news/ledger/jersey/index.ssf?/base/news-9/120167 1434279680.xml&coll=1 --Identity Thief Exploits Hotel Business Center and Internet Lounge Computers. Simbaqueba Bonilla, a Colombian national, pleaded guilty January 9, 2008 to an indictment involving an identity theft scheme in which he installed keylogging software on hotel business center computers and Internet lounges in order to steal passwords, account data, and other personal information. The computer fraud scheme had more than 600 victims worldwide, including U.S. Department of Defense employees. Simbaqueba used money obtained in the scheme to buy expensive electronic devices, including a home theater system, and to fund luxury travel to Hong Kong, France, Jamaica, the U.S., and other locations. More information: http://www.infoworld.com/article/08/01/10/Colombian-man-pleads- guilty-to-computer-fraud_1.html [Editor's Note (Reichert): How many of you have sent sensitive personal information (bank accounts, user IDs and passwords, etc.) over a public-use computer or an open wireless connection offered at internet cafes, coffee shops, or hotels? Those of you that raised your hand should rethink how important your personal information is to you. Editor's note (Rietveld): Maybe the Department of Defense should mandate that all of its employees subscribe to OUCH! if they still think hotel business center computers and Internet lounges are safe ways to send personal information.] Security Screw-Up of the Month Data Lost on 650,000 Credit Card Holders. Personal information on about 650,000 customers of J.C. Penney and up to 100 or more other retailers could be compromised after a computer tape went missing. GE Money, which handles credit card operations for J.C. Penney and many other retailers, said that the missing information includes Social Security numbers for about 150,000 people. The information was on a backup computer tape
  17. 17. that was discovered missing last October. It was being stored at a warehouse run by Iron Mountain Inc., a data storage company, and was never checked out, but can't be found either, said Richard C. Jones, a spokesman for GE Money, part of General Electric Capital Corp. Jones said there was "no indication of theft or anything of that sort," and no evidence of fraudulent activity on the accounts involved. More information: http://ap.google.com/article/ALeqM5iZchJDcVnuQDNPJsok2PSPr5v wRQD8U808VO0 http://www.news.com/Credit-issuer-says-data-lost-for-650%2C000- customers/2100-1029_3-6226913.html?tag=cd.top --Higher Education Funding Bill Tied to Anti-Piracy Efforts (February 7, 2008) A provision of the College Opportunity and Affordability Act, which was approved this week by the US House of Representatives, requires colleges and universities that participate in federal financial aid programs to develop and implement plans to enforce antipiracy rules, either through subscription services or "technology-based deterrents to prevent" piracy. The bill will have to be reconciled with a different Senate higher education funding bill before a final version is drafted for the president's signature. http://www.news.com/8301-10784_3-9867146-7.html? part=rss&subj=news&tag=2547-1_3-0-20 http://thomas.loc.gov/cgi-bin/bdquery/z?d110:h.r.04137: [Editor's Note (Schultz): To have college funding tied to anti- piracy enforcement is an intriguing approach. Many other anti-piracy approaches in colleges and universities that have been tried have failed. I suspect, however, that this particular approach has a high chance of succeeding given the great need for funding in higher education. ] [Editor's Note (Ullrich): It's not clear why universities are singled out like this. Universities are already exposed to a huge workload in responding to copyright requests and should be allowed to decide if the problem is large enough to require a technical solution.] --Lawsuit Will Seek Clarification on Electronic Device Searches (February 7, 2008) The Electronic Frontier Foundation (EFF) and the Asia Law Caucus plan to file a lawsuit this week that would force the US government to
  18. 18. reveal its border search policies, including policy regarding copying electronic content from devices and seizing such devices. The lawsuit was prompted by a number of cases in which travelers' laptop computers, cell phones, MP3 players and other electronic devices were searched. The searches carried out on the devices go beyond looking at items being transported; according to an Asian Law Caucus attorney, "the government is going well beyond its traditional role of looking for contraband and really is looking into the content of people's thoughts and ideas and their lawful political activities." If the searches were conducted within the country, they would require warrants and probable cause. Some companies have changed their policies to require travelers not to have company information on laptop computers. Instead, these people must access company data over the Internet. http://www.washingtonpost.com/wp- dyn/content/article/2008/02/06/AR2008020604763_pf.html [Editor's Note (Ullrich): Various countries have laws that prohibit certain data or software from being imported and exported. I kind of like the note at the end that some companies no longer allow travelers to carry any company data in and out of the country. This policy will protect users from lost laptops as well as from searches by non-US customs services. However, it does require a safe way to access the data remotely.] --Spammer Fined US $2.5 Million (February 4 & 6, 2008) The Federal Trade Commission (FTC) has announced that a US judge has ordered Sili Neutraceuticals and its owner Brian McDaid to pay more than US $2.5 million for violations of the FTC Act and the CAN-SPAM Act. The company and McDaid were ordered to cease sending spam, and to cease misrepresenting the products advertised in the email. The company sent unsolicited email messages advertising weight loss and age reversing products with unsubstantiated claims and misleading subject fields, no opt-out mechanism, and no physical postal address. http://www.techworld.com/security/news/index.cfm? RSS&NewsID=11323 http://www.scmagazine.com/uk/news/article/782050/judge-orders- weight-loss-spammer-pay-25-million/ http://www.ftc.gov/opa/2008/02/sili.shtm
  19. 19. DNI CYBER THREAT SUMMARY DNI has just released a new unclassified threat assessment. Below is a summary of the assessment; the whole document can be found at: http://www.dni.gov/testimonies/20080205_testimony.pdf FROM SNOPES.COM: New Articles Did Senator John McCain once say that 'the Democratic Party is a fine party, and I have no problems with it'? f Is the Make-A-Wish Foundation being driven into bankruptcy by a child who wished for unlimited wishes? c Of Pell Grants and more: E-mail claims non-citizens don't pay taxes but are eligible for federal educational assistance programs not available to U.S. citizens. a Photograph purportedly shows Brutus, a canine Medal of Honor recipient who tore the throats out of the insurgent guards holding his handlers before turning his boys loose. h Has the result of this Sunday's Super Bowl already been foretold by a popular film that hit the theaters in December 2007? p "I Have a Deram" — er, what? News report shows Martin Luther King Day celebrants holding misspelled signs. Was a group of Muslim women clutching briefcases and text messaging during films spotted making a terrorist attack "dry run" in a theater? t Web site offers to sell third-world orphans for adoption as organ donors. d Does a U.S. penny cost more than one cent to manufacture? E-mail posits a "Bill and Hillary Clinton" presidency. Is it possible? " The malicious 'Storm Worm' is still stealthily infecting computers, this time with a lure tied to Valentine's Day- themed messages. t Was Patriots quarterback Tom Brady once a cast member of The Brady Bunch television series? Worth a Second Look W Does the winner of the Super Bowl predict stock market trends for the year? y Did actress Catherine Bell correctly predict the results of Super Bowl XXXVI?
  20. 20. Of avocados and toilet flushes: a round-up of miscellaneous Super Bowl legends. Guitar Man: Musician finally masters extraordinarily difficult guitar part he heard on a record, only to learn the recording had been made using two guitars. Still Haunting the Inbox S There was no letter to Starbucks from coffee-seeking GI's serving in Iraq, so no response from the coffee retailer saying it didn't support the war and anyone in it. t Many rumors are swirling about Illinois senator Barack Obama. A 15-year-old boy named Evan Trembley from Wichita Falls, Texas, isn't missing — it's a hoax. i The entreaty to aid 7-year-old Amy Bruce who is dying of lung cancer and a brain tumor by forwarding an email and a sappy poem titled "Slow Dance" is a hoax. " No, the new U.S. dollar coin doesn't omit "In God We Trust" — that phrase has been stamped into its edge. p While it is true that in 2004 a man in India was electrocuted when trying to use his cell phone as it recharged, it is safe to use your cell phone while it is charging. p No, commentator Andy Rooney did not write the "I like big cars, big boats ..." polemic. b Dialing #77 or *677 is not a surefire way of reaching the local highway patrol — the service is in place in some regions, but not in others. If in need of assistance, dial 911 instead for the sure thing. n The missing child alert about 13-year-old Ashley Flores of Philadelphia is a hoax. P 809 area code scam: Unsuspecting phone customers have been gulled by con artists into placing calls to area codes in the Caribbean that result in hefty charges. t No, reversing your PIN at the ATM won't summon the police to your aid a if you're being robbed. Hillary Clinton is the subject of many e-mailed items, and our "Clintons" section contains write-ups about a number of them. " No, Bill Gates is not sharing his fortune with everyone who forwards a specific e-mail on his behalf. This tired leg-pull continues to romp through everyone's inbox, the most widespread incarnation swearing "This took two pages of the Tuesday USA Today!" ! Virus announcement and virus hoax e-mails are afoot! We try to keep X
  21. 21. current on them and do our best to point readers to authoritative links confirming or debunking them. c Political rumors continue to swell around the two leading Democratic presidential contenders, Barack Obama and Hillary Clinton. . Appeals to find missing children: Ashley Flores, Reachelle Marie Smith, and Evan Trembley. . E-mail claims cell phone numbers are about to be given to telemarketers. t Computer virus warnings: Life Is Beautiful, Invitation (or Olympic Torch), and Postcard (or Greeting Card). E-mail claims Starbucks refused to send free coffee to G.I.s serving in i Iraq. E-mail claims Bill Gates, Microsoft and AOL are giving away cash and merchandise to those who forward an e-mail message. a E-mail claims that entering one's PIN in reverse at any ATM will summon the police. s E-mail describes woman who evades a rapist posing as a policeman by calling #77 (or *677) on her cell phone. Various rumors about the U.S. Social Security system. Image shows artist's conception of the USS New York, an under- construction warship built using steel from the World Trade Center. c Warnings about scammers' running up long-distance charges by asking victims to press #-9-0 on their telephones or luring phone users into returning calls to numbers within the 809 area code. "Slow Dance," a poem supposedly written by a terminally ill young girl named Amy Bruce. n E-mail claims the design of new U.S.dollar coins omits the motto "In God We Trust." G E-mail warns that auto thieves are stealing cars by using VINs to obtain duplicate keys. o Transcripts of remarks attributed to television personalities Andy Rooney and Jay Leno. . FDA health advisory regarding drugs containing PPA (phenylpropanolamine). ( Web site allocates money to autism research and other charities for every video viewed. e Photograph shows a kayaker being trailed by a Great White shark. Fraud Afoot F Seems like everyone has become the recipient of mysterious e-mails
  22. 22. promising untold wealth if only one helps a wealthy foreigner quietly move millions of dollars out of his country. The venerable Nigerian Scam has discovered the goldmine that is the Internet. Beware — there's still no such thing as "something for nothing," and the contents of your bank account will end up with these wily foreigners if you fall in i with this. Likewise, look out for mailings announcing you've won a foreign lottery you don't recall entering. Or that because you share the surname of a wealthy person who died without leaving a will you're in line for a windfall inheritance. . And be especially wary if, while trying to sell or rent anything online (car, boat, horse, motorcycle, painting, apartment, you name it) you're approached by a prospective buyer/renter who wants to pay with a cashier check made out for an amount in excess of the agreed-upon price and who asks the balance be sent to a third party. p Aspiring work-at-homers promised big bucks for acting as intermediaries for international transactions wherein they cash checks for other parties or reship goods to them have been defrauded by con artists. Don't you be next. a If someone calls to announce you've failed to appear for jury duty and will be arrested, do not give the caller your personal and financial information in an effort to prove he's sending the gendarmes after the wrong guy. You're being tricked into giving up this information to an identity thief. WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES From SANS: --ActiveX Control Flaws Affect MySpace and Facebook Users (January 31, 2008) Vulnerabilities in two ActiveX controls that Facebook and MySpace members use to upload images to their pages could be exploited to crash Internet Explorer (IE) and possibly allow remote code execution, which could in turn allow attackers to take control of the machine on which IE runs or steal data. The ActiveX controls in question are based on a commercial control known as Image Uploader. http://www.computerworld.com/action/article.do? command=viewArticleBasic&articleId=9060483&source=rss_topic17 -- WORM_SILLYFDC.CY.
  23. 23. A worm that disables Windows Automatic Updating and the Task Manager (a part of Windows that provides information about your computer's performance, services and running applications). The worm is dropped by other malware on infected websites and spreads via removable devices such as USB sticks and portable drives. Affected computers are unable to get Windows updates automatically. Disabling the Task Manager makes it impossible to check the running processes in order to shut down the infection. More information: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp? VName=WORM_SILLYFDC.CY -- Secret Crush. Adware* with over 50,000 daily users on Facebook that invites people to find out who amongst their friends has a secret crush on them. Users tempted to discover more have to invite at least five other Facebook users to install the application before their mystery admirer is revealed. However, no secret crush is ever revealed. Instead users are directed to an external website that invites Facebook users to download potentially unwanted applications that will display pop- up advertising. More information: http://www.sophos.com/pressoffice/news/articles/2008/01/facebook- adware.html *Adware: A form of spyware, installed and activated on your computer without your consent, that collects information about your browsing patterns and uses it to display targeted advertisements as pop-ups in your web browser. -- Storm Worm encore. A Trojan repackaged yet again. This incarnation of the "Dorf" Trojan sends out emails posing as messages of love in an attempt to lure unsuspecting users to dangerous websites. The emails sport subject lines such as "Falling In Love with You," "Special Romance," and "You're In My Thoughts." The body of the email contains a link to a website that is actually one of the many compromised computers in the worldwide Storm botnet. The website displays a large red heart, while installing malware onto the visitor's computer. More information:
  24. 24. http://www.sophos.com/pressoffice/news/articles/2008/01/love- storm.html -- Win 32/Agent. A Trojan-like malware that found its way onto a popular brand of digital photo frames sold by Best Buy, both online and in-store. The affected frames are limited to the 10.4-inch version (model# NS- DPF10A) of Best Buy's own Insignia brand photo frames, although there are reports of the same malware found on similar devices bought from Sam's Club. Best Buy spokesperson Nissa French said the virus was apparently introduced at some point in the manufacturing process. More information: http://www.theregister.co.uk/2008/01/25/best_buy_digital_frames_vir us/ http://isc.incidents.org/diary.html?storyid=3892 --Drive-by Download* Menace Spreading Fast Booby-trapped web pages are growing at an alarming rate with unsuspecting firms acting as nurseries for botnet farmers, according to a new study. Security watchers at Sophos** are discovering 6,000 new infected webpages every day, the equivalent of one every 14 seconds. Four out of five of these webpages actually belong to innocent companies and individuals, unaware that their sites have been hacked. Websites of all types, from those of antique dealers to ice cream manufacturers and wedding photographers, have hosted malware on behalf of virus writers. More information: http://www.theregister.co.uk/2008/01/23/booby_trapped_web_botnet_ menace/ * http://en.wikipedia.org/wiki/Drive-by_download ** http://www.sophos.com/ --Pharming*: Home Router Attack Serves Up Counterfeit Webpages A security researcher says he has observed criminals using a new form of attack that causes victims to visit spoofed banking pages by secretly making changes to their high-speed home routers. According to Symantec researcher Zulfikar Ramzan, the attack changes a router's settings which can then send a user to a rogue web site instead of the one they requested. Malicious code embedded in an
  25. 25. email message he uncovered caused the URL for a popular Mexico- based bank to map to a fraudulent website controlled by the attackers. More information: http://www.symantec.com/enterprise/security_response/weblog/2008/ 01/driveby_pharming_in_the_wild.html http://www.theregister.co.uk/2008/01/23/pharming_attack_in_the_wild / * http://en.wikipedia.org/wiki/Pharming --Mozilla Releases Firefox Update (February 7, 2008) Mozilla has released Firefox 2.0.0.12, an update for the open source browser that addresses a number of flaws, three rated critical, one rated high, and three rated moderate. The flaws addressed could be exploited to conduct cross-site scripting attacks, execute code, and steal information that could be used to commit identity fraud. The update fixes a disclosed directory traversal vulnerability that affected the browser if it had add-ons with flat packaging. http://www.eweek.com/index2.php? option=content&task=view&id=46262&pop=1&hide_ads=1&page=0& hide_js=1 http://www.mozilla.org/projects/security/known- vulnerabilities.html#firefox2.0.0.12 --Lack of Documentation Accompanying Adobe Reader Update Raises Questions (February 6, 2008) Adobe has issued an update for Adobe Reader 8 (Specifically 8.1.2), but there was no accompanying public documentation on the severity of the flaws addressed. The summary in Adobe's security advisory says "the update includes several important security fixes, among them a few of critical severity that could be remotely exploitable." An Adobe spokesperson said the company "plan[s] to share further information on the topic within a few days ..., at which point the company has completed the process of responsible disclosure with third-party stakeholders." The statement suggests that at least one of the vulnerabilities involves third-party software licensed by Adobe. Internet Storm Center:http://isc.sans.org/diary.html?storyid=3955 http://www.eweek.com/c/a/Security/Adobe-Ships-Silent-Fix-for-
  26. 26. Critical-PDF-Reader-Flaw/ http://www.computerworld.com/action/article.do? command=viewArticleBasic&articleId=9061299&source=rss_topic17 http://www.adobe.com/support/security/advisories/apsa08-01.html [Guest Editor's Note (Raul Siles, Internet Storm Center ): It is a serious flaw that may cause remote code execution, and proof-of- concept (PoC) code is already available from a commercial pen- testing tool vendor.] --ActiveX Flaws in Yahoo! Jukebox is Being Actively Exploited (February 4, 5 & 6, 2008) Attackers have begun exploiting recently disclosed ActiveX flaws in Yahoo! Music Jukebox. Two ActiveX controls in the media player are vulnerable to buffer overflow attacks. The malware places backdoors on vulnerable machine; there is no fix available at this time. ActiveX vulnerabilities in other products have also been disclosed recently. Yahoo! has announced that it plans to switch its customers over to RealNetwork's Rhapsody service. http://www.theregister.co.uk/2008/02/05/yahoo_jukebox_vuln/print.ht ml http://www.heise-online.co.uk/security/Holes-in-numerous-ActiveX- controls--/news/103006 http://www.scmagazineus.com/ActiveX-control-flaws-found-in-Yahoo- Music-Jukebox-FrSIRT/article/104937/ http://www.scmagazine.com/uk/news/article/782053/yahoo-switches- jukebox-users-rhapsody-exploit-activex-control-flaw-appears-wild/ --US-CERT Recommends Disabling All ActiveX Controls (February 5, 2008) The recent spate of ActiveX vulnerabilities has led the US Computer Emergency Readiness Team (US-CERT) to recommend that users disable all ActiveX controls. Vulnerabilities have been disclosed in ActiveX controls in the Facebook and MySpace social network sites and Yahoo! Messenger, Instant Messenger and Music Jukebox media player. Internet Explorer users can disable ActiveX controls by setting the browser's security level to "high." http://www.computerworld.com/action/article.do? command=viewArticleBasic&articleId=9061101&source=NLT_PM&nli d=8 http://www.zdnetasia.com/news/security/0,39044215,62037417,00.ht
  27. 27. m http://www.zdnetasia.com/news/security/0,39044215,62037415,00.ht m [Editor's Note (Ullrich): Internet Storm Center handler Tom Liston wrote a little GUI tool which will allow you to disable these ActiveX controls. See http://isc.sans.org/diary.html?storyid=3931] HIGH: Multiple Yahoo! Jukebox ActiveX Controls Multiple Vulnerabilities Affected: Yahoo! Jukebox mediagrid.dll ActiveX Control Yahoo! Jukebox datagrid.dll ActiveX Control Description: Yahoo! Jukebox is Yahoo's popular music management service. Part of its functionality is provided by two ActiveX controls, "mediagrid.dll" and "datagrid.dll". These controls contain multiple buffer overflow vulnerabilities in their handling of a variety of parameters. A malicious web page that instantiated one of these controls could trigger one of these vulnerabilities, allowing an attacker to execute arbitrary code with the privileges of the current user. Multiple proofs-of-concept and technical details are publicly available for these vulnerabilities. Status: Yahoo! has not confirmed, no updates available. Users can mitigate the impact of these vulnerabilities by disabling the affected controls via Microsoft's "kill bit" mechanism for CLSIDs "22FD7C0A-850C-4A53-9821-0B0915C96139" and "5F810AFC-BB5F-4416-BE63-E01DD117BD6C". Note that this may affect normal application functionality. References: Proofs-of-Concept http://milw0rm.com/exploits/5052 http://milw0rm.com/exploits/5051 http://milw0rm.com/exploits/5048
  28. 28. http://milw0rm.com/exploits/5046 http://milw0rm.com/exploits/5043 Microsoft Knowledge Base Article (details the "kill bit" mechanism) http://support.microsoft.com/kb/240797 Yahoo! Jukebox Home Page http://music.yahoo.com/jukebox/ SecurityFocus BIDs http://www.securityfocus.com/bid/27578 http://www.securityfocus.com/bid/27579 HIGH: Multiple Uploader ActiveX Controls Buffer Overflows Affected: MySpace Uploader ActiveX Control Facebook Photo Uploader 4 ActiveX Control Aurigma ImageUploader ActiveX Control Description: Multiple image uploading ActiveX controls contain buffer overflows in their handling of control properties. These controls are used by several web sites to facilitate image uploading. Most importantly, these controls are used by two extremely popular social networking sites, MySpace and Facebook. A specially crafted web page that instantiates one of these controls could exploit this buffer overflow to execute arbitrary code with the privileges of the current user. A proof-of-concept and full technical details are publicly available for this vulnerability. Status: MySpace has not confirmed, no updates available. Users can mitigate the impact of this vulnerability by disabling the affected controls via Microsoft's "kill bit" mechanism using CLSIDs "48DD0448-9209-4F81-9F6D- D83562940134" and "6E5E167B-1566-4316- B27F-0DDAB3484CF7". Note that this may affect normal application functionality. References: Proof-of-Concept
  29. 29. http://milw0rm.com/exploits/5025 Microsoft Knowledge Base Article (details the "kill bit" mechanism) http://support.microsoft.com/kb/240797 SecurityFocus BIDs http://www.securityfocus.com/bid/27533 http://www.securityfocus.com/bid/27534 http://www.securityfocus.com/bid/27539 Kat Lehman Information Technology Coordinator Diocese of Bethlehem 610-691-5655 x235 klehman@diobeth.org

×