Results 1 to 6 of 6
  1.    #1  
    On the road to 5,000 posts
    Life is what happens between Firmware releases.
  2. #2  
    If thats the case I should be put on some remote island. It's a $@#!%! up situation and the school is only trying to protect itself buy throwing the book at her. All I know is where I work the IT department has everything on lockdown...can't even visit myspace. You could evidently access the wrong material at this school which is negligence on their behalf.
    at&t iPhone3G
  3. #3  
    I actually wrote an email to the Gov of her state and CC'ed everyone I could think of. I tried CNN but I could not find an email address and only a submission form which errorred out each time I tried it.



    Dear Governor Rell,

    I have only been able to follow Julie Amero's case as best as I can via the main stream media and over the internet, but in doing so I fear there has possibly been a huge mistake of injustice in this case. I am not an expert and my interest in this case is purely rooted in my professional background as an educator in the public school system for 3.5 years working with the At-Risk population and with my background in IT, including head of the computer lab in a YMCA / Public School District joint venture in an after school center.

    The article titled Pop-up ads can land you in jail by By Ryan Russell that can be found at does a really good job at explaining most of my questions that I felt were either unanswered, not verified, or totally overlooked as I read many of the of the reports published about this unique case. Many of the points in question is in the school's responsibility to providing the necessary aid to it's employees to prevent any situation of "child endangerment", the charge Julie has been convicted on. Some of the points that does not appear to have been taken into account or not properly address and presented during Julie's conviction:

    • Outdated Anti-virus program that was discontinued on July 30th. Julie Amero's date of the action in question was on Oct 19th.
    • There was apparently not a very good IT policy in place to prevent student access to unacceptable websites. Or if there was, it was not followed or enabled by the School District or the School itself.
    • The school / district apparently failed to firewall the computer assigned to Julie.
    • The school instructed Julie to not log off the computer during the entire day, even when she had to leave the room. This school policy with substitute teachers created a situation beyond Julie's control with unlimited access to the internet made available to the students.
    • The prosecutor's apparently misrepresented the evidence on the internet addresses visited during the time in question. The internet addresses presented during the trial were not analyzed and did not distinguished between links that were clicked on with intent and between addresses that were visited because of non-voluntary pop-up adds....which Julie tried to close but was unable to because they kept on popping up again due to no popup blocker in place to begin with. Again a situation a teacher should never be put in if there are proper IT tools and policies in place to prevent this from happening.
    • When brought to the attention of the school / district officials she was instructed to ignore the pop up adds that were found to be offensive.
    • The image taken by the authorities was made with Norton Ghost, which is not a tool that retrieves all the necessary information from a hard drive for a forensic analysis.

    Below is a quote from the one of the technical experts that was NOT allowed to present much of the evidence that is vital to Julie's innocence and that shows several mistakes and oversights by the school in creating this situation:

    The Strange Case of Ms. Julie Amero: Commentary by Mr. Herb Horner

    SOURCE: http://www.networkperformancedaily.c...julie_a_1.html

    W. Herbert Horner has worked in computers since 1966. He was Systems Software Engineer for General Dynamics, Operating Systems Internalist for Sperry Univac, and he has diagnosed and corrected mainframe operating systems for the U.S. Armed Forces, NSA, IRS, and various commercial interests.

    He now operates his own consulting firm, Contemporary Computer Consultants, writes custom software for medical, municipal, business, and forensic applications. He also does network design, implementation, and administration. He also is a computer forensic examiner who was called as a defense expert witness in the Julie Amero case.

    In an effort to dispel rumor and produce a more accurate understanding of the Amero case in the public, we have offered him a chance to offer his commentary. Tomorrow we hope to have commentary from Detective Mark Lounsbury, who testified for the prosecution at Ms. Amero's trial.

    The Forensic Examination of the computer assigned to Julie Amero
    We obtained a copy of the PC hard drive from Officer Lounsbury who was most cooperative and at our office we created several copies, preserving the original.

    During the copy process we received several "Security Alerts!" from our antivirus program. We analyzed the activity log and noted that there were spyware/adware programs installed on the hard drive. We ran two other adware/spyware detection programs and more spyware/adware tracking cookie/programs were discovered. Out of the 42, 27 were accessed or modified days if not a month before October 19, 2004. We also noted that there was no firewall and there was an outdated antivirus program on the PC. The PC was being tracked before October 19, 2004 by adware and spyware.

    We examined all internet related folders and files before October 19, 2004, during October 19, 2004 and after October 19, 2004. Most significantly, we noted,, and were being accessed regularly.

    On October 19, 2004, around 8:00 A.M., Mr. Napp, the class' regular teacher logged on to the PC because Julie Amero being a substitute teacher did not have her own id and password. It makes sense that Mr. Napp told Julie not to logoff or shut the computer off, for if she did she and the students would not have access to the computer. The initial user continued use of the PC and accessed,,, and all between 8:06:14 - 8:08:03 AM. During the next few moments Julie retrieved her email through AOL. was accessed at 8:14:24 A.M., based upon the hair style images uploaded to the PC we were led to believe that there were students using the computer to search out hair styles. The user went to at 8:35:27 A.M. The user continued accessing the original hair site and was directed to This site had pornographic links, pop-ups were then initiated by There were additional pop-ups by,, and by 9:20:00 A.M., several java, aspx's and html scripts were uploaded. A click on the curlyhairstyles.htm icon on the site led to the execution of the curlyhairstyle script along with others that contained pornographic links and pop-ups. Once the aforementioned started, it would be very difficult even for an experienced user to extricate themselves from this situation of porn pop-ups and loops.

    All of the jpg's that we looked at in the internet cache folders were of the 5, 6 and 15 kB size, very small images indeed. Normally, when a person goes to a pornographic website they are interested in the larger pictures of greater resolution and those jpgs would be at least 35 kB and larger. We found no evidence of where this kind of surfing was exercised on October 19, 2004.

    Testimony and Trial
    We asked the prosecution to arrange for the defense to have unfettered access to the internet so that we could reenact the events of October 19, 2004. It was not granted. I went to court with two laptops and a box full of reference material prepared to very clearly illustrate what happened to Julie Amero. But, the prosecution objected because they were not given "full disclosure" of my examination. I was allowed to illustrate two screens, that of the , and sites.

    This was one of the most frustrating experiences of my career, knowing full well that the person is innocent and not being allowed to provide logical proof.

    If there is an appeal and the defense is allowed to show the entire results of the forensic examination in front of experienced computer people, including a computer literate judge and prosecutor, Julie Amero will walk out the court room as a free person.

    Let this experience stand as a warning to all that use computers in an environment where minors are present. The aforementioned situation can happen to anyone without fail and without notice if there is not adequate firewall, antispyware, antiadware and antivirus protection. That was not provided by the school administration where Julie Amero taught.
    My question is, given the situation where a substitute teacher is handed a computer that does nothing to aid the teacher against "child endangerment", given the school's own policy to create a situation inviting students to take advantage of unfettered access to the internet during school hours, and the school district's own lack of of competency by using outdated and discontinued anti-virus software and non existent or outdated popup blockers and website restriction policies....what is your opinion on this case? Are you willing to help and assist in making sure a serious breach of justice does not occur on March 2nd during her sentencing trail?

    Signed My Name


    For your easy reference here is Ryan Russell's article in it's entirety:

    Pop-up ads can land you in jail

    By Ryan Russell

    If you find yourself the victim of pop-up ads on a computer, with children in the vicinity, you could face decades in prison.

    I wish that I was exaggerating or being sensationalistic, but for Julie Amero this is far too real.

    Meet Julie Amero, substitute teacher

    There's a good chance that you've already heard something about Julie. She's perhaps better known as the Connecticut substitute schoolteacher who's been convicted of "child endangerment." She now faces a sentence of up to 40 years in prison because porn pop-ups appeared on a school computer.

    For background on the case, you can read articles from the New York Times, MSNBC, or SecurityFocus. (Full disclosure: WSN editorial director Brian Livingston is quoted in the New York Times piece supporting Julie. The article at the MSNBC site is also a good read, but I don't recommend the accompanying video, which starts out with a falsehood and goes downhill from there.)

    Let me begin by saying that I'm biased when it comes to Julie's innocence. I'm doing my best to spread the word about her case, and have offered my technical skills to support her defense. I have access to some technical experts who are reviewing the trial transcripts and computer forensic evidence. I can't point to a public reference to support all of my positions yet, so you'll just have to take my word, for the time being.

    There are many points I could make about what's wrong with her case. But I'll stick with my core competency and just point out some of the technical flaws.

    Flawed technology condemns an educator

    The key issues were set in motion before Julie ever arrived to substitute-teach on the day in October 2004 that the pop-ups occurred. The school district had allowed its Web-filtering software support contract to expire, preventing the software from receiving updates. The computer in question was running Windows 98, and the browser in use was IE 6.

    According to evidence analysis performed by Alex Shipp, an independent malware researcher, the antivirus software was a trial version of Cheyenne Antivirus (CA). That product had been discontinued by Computer Associates on Mar. 17, 2004. It appears that CA issued a last courtesy update on June 30. Julie taught the class on Oct. 19. The computer had no antispyware software.

    In other words, this computer had almost no protection and an unsecurable operating system. This is the machine Julie was given to use.

    On the day in question, the regular teacher was there before class to log Julie into the computer. Substitutes didn't have their own accounts, and were ordered not to log out or shut down the computer. Julie left briefly and, when she returned, the regular teacher was gone. She found students, some of whom didn't even belong in the upcoming class, Web surfing on the teacher's computer.

    Experts now analyzing the hard-drive image have confirmed that the computer had been infected with adware days before Julie's arrival. Unfortunately, in this case, that means that when a student tried to visit a hairstyle Web site, he or she was instead redirected to a different site that had adult products advertised. When Julie tried to close the site down, this started a pop-up cascade.

    One thing I should mention about Julie: She's a total "computerphobe." She can perform basic computing functions, but that's about it.

    So what did she do when she couldn't get rid of the pop-ups? She turned the screen away from the students. It was at the front of the room, where the students would have had to be essentially at the teacher's desk in order to see. She did her best to get rid of the images without making it obvious to the students that something was wrong. If a student approached, she reportedly chased them away.

    During a break, Julie went for technical help to get rid of the pop-ups, which reappeared as fast as she tried to close them, but she received no help. No one would return to the classroom with her. She was told not to worry about it. However, she was worried about it, and it turns out she had reason to worry — she was later arrested for "child endangerment."

    Legal system fails pop-up victim

    When law enforcement became involved, sanity should have prevailed. Instead, the technical flubs continued, and the case sped downhill. A detective was assigned to take a forensic image of the computer and perform a technical analysis.

    Let me briefly tell you what I know about taking a proper forensic image of a computer that will be involved in a criminal case. Keep in mind that I'm not a forensics expert; these standards are just common knowledge in the computer security field.

    If you're going to image a drive for evidence, you have to use special write-blocking hardware that helps take a sector-by-sector image of the entire hard drive, including the "empty" space. The image is then hashed so that any tampering will be evident, and you always work from copies.

    Typically, only software tools with support from existing case law are used. Otherwise, questions can arise over the soundness of the tools and techniques. The imaging tools that have case law behind them are EnCase and the Unix dd utility.

    The detective in this case took an "image" of the hard drive with Norton Ghost. Norton Ghost is a tool used to back up a computer's hard drive in order to restore it to a known state after people have modified the configuration. It is often used on training or lab machines. There is nothing wrong with Ghost for what it does, but it is not a forensic tool.

    So what did the detective use to examine the "image"? He used a program called ComputerCOP Pro. It appears that the program displays a version of the Internet Explorer history, which shows the URLs that were visited. At trial, this ended up translating to the prosecutor telling the jury that this means that Julie "physically clicked" those links. In fact, pop-ups show up in the history the same way as a link you click on.

    In truth, the software also cannot tell you who was in front of the computer, who typed in a URL, or who saw the pictures displayed. It's clear that someone who lacks the technical background to properly interpret the results, and is not willing to put in the time to figure it out, can jump to some very wrong conclusions. The detective never even looked for spyware on the computer.

    This is the kind of technical evidence on which Julie was convicted.

    An innocent teacher awaits sentencing

    Julie is now awaiting sentencing, which is scheduled for Mar. 2. I could discuss jail-time possibilities, but many of us are still refusing to accept any possibility other than someone coming to their senses and throwing the verdict out.

    To that end, the experts I mentioned are frantically preparing their report on the technical information. The hope is that the prosecution or court will recognize that there has been a basic mistake in the facts presented at trial before a sentence is handed down.

    Despite my bias that I told you about, do you have reasonable doubt about Julie's guilt? For more information, see the julieamer blog at Blogspot, which is largely maintained by Julie's husband. There's a PayPal button at the top of that blog so people can contribute to help pay Julie's defense costs, which are reported to be over $20,000 so far.

    Ryan Russell is quality assurance manager at BigFix Inc., a configuration management company. He moderated the vuln-dev mailing list for three years under the alias "Blue Boar." He was the lead author of Hack-Proofing Your Network, 2nd Ed., and the technical editor of the Stealing the Network book series. His Perimeter Scan column appears twice a month in the paid version of the newsletter.


    Last edited by HobbesIsReal; 02/26/2007 at 06:11 PM.
  4. #4  
    Julie replied back to my email and thanked me. She personally confirmed that my outline of the issues were accurate in her case.

    The DOJ deleted my email without even reading it.
  5. #5  
    Here sentencing trial day is this Friday. You can see several other letters/emails asking if the Gov, Attorney General, District Attorney, going to help with this case, but with nothing in return at Julie's Blog at .

    Please use the email addresses I have listed above and write your own email ( you can use mine a guideleing but please do NOT copy mine as it will probably trigger SPAM filtering and nothing will get through). Time is essential with the sentencing in only 3 days.
    Last edited by HobbesIsReal; 02/27/2007 at 01:18 PM.
  6. #6  
    Here is the email I sent back to the DOJ in response to them deleting my email without even reading it:

    Sent: Tuesday, February 27, 2007 10:42 AM

    To: ''

    Cc: ''; ''; ''; ''; ''; ''; ''; ''; ''; ''; ''; ''; ''; ''; ''; ''; ''; ''; ''; ''; ''; ''; ''; ''; ''; ''; ''

    Subject: RE: Any help with Julie Amero?

    Department of Justice,

    Why was this email deleted and ignored without even taking the time to read it? Which apparently according to your website is against your own policy:

    Thank you for visiting the Department's "Contact Us" page. On behalf of the Attorney General, the Department of Justice would like to thank you for your many e-mail messages on law enforcement issues and activities and other matters of special interest to many groups across the nation. The Attorney General appreciates the fact that so many citizens have taken the time to express their views and thoughts on these important matters. In some instances, however, the volume of e-mail traffic on a particular issue is such that we cannot respond to each message individually. We would like you to know, however, that all incoming messages are forwarded to the appropriate organization within the Department of Justice and you can be assured that your voices and views are being heard.

    Yet when I sent my email yesterday, with a read receipt confirmation request, that is concerning an extremely time sensitive issue, it appears that you have deleted it with no regard to even reading it. This needs to be addressed before March 2nd's sentencing hearing for Julie Amero.

    Signed My Name


    From: ASKDOJ []
    Sent: Tuesday, February 27, 2007 4:20 AM
    To: Me
    Subject: Not read: Any help with Julie Amero?
    Importance: High

    Your message


    Cc:;;;;;;; ASKDOJ;;;;;;;;;;;;;;;;;;

    Subject: Any help with Julie Amero?
    Sent: Mon, 26 Feb 2007 18:13:29 -0500

    was deleted without being read on Tue, 27 Feb 2007 07:19:56 -0500

    .......followed the the quote of the email posted above.....

Posting Permissions