_________________________________________________________________
London, Thursday, September 19, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
IWS Sponsor
IQPC Defence Conference: Information Operations 2002 25-26/09/02
Information Operations 2002: Analysing development in defensive and
offensive information operations, critical infrastructure protection,
information assurance and perception management.
September 25 - 26, 2002. London, UK (Pre-Conference Masterclass:
24th September 2002)
Information Operations 2002 Conference Web Site
http://www.iqpc-defence.com/GB-1826
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] Cybersecurity Plan Offends No One
[2] Administration unveils cybersecurity plan
[3] President Bush Announced His Appointment of 24 Individuals to Serve as
Members of the National Infrastructure Advisory Committee
[4] A Short History of Computer Viruses and Attacks
[5] White House balks at Senate confirmation for e-gov chief
[6] Pentagon's anti-terrorism battle takes a covert turn
[7] Probe: U.S. Knew of Jet Terror Plots
[8] Group says Microsoft isn't living up to antitrust settlement
[9] Fed cybersecurity initiative boosts TCPA
[10] Bird's-Eye View of What Irks Bush
[11] Web firms take second shot at success
[12] Detecting and Removing Trojans and Malicious Code from Win2K
[13] Slapped Silly
[14] A Gathering of Big Crypto Brains
[15] Falun Gong 'TV hackers' on trial
[16] Can Bon Jovi Foil the Pirates?
[17] Senate stuck in slow motion on homeland security bill
_________________________________________________________________
News
_________________________________________________________________
[1] Cybersecurity Plan Offends No One
The White House's strategy to secure cyberspace adopts a hands-off approach.
Critics say that's not enough.
By Kevin Poulsen, Sep 18 2002 6:26PM
PALO ALTO, Calif.--The White House formally unveiled a public draft of its
national cybersecurity plan at Stanford University here Wednesday to an
invitation-only audience of technology company CEO's and security industry
bigwigs, and a crush of media.
Introducing it as the product of an "unprecedented partnership" between the
private sector and government, Richard Clarke, chairman of the President's
Critical Infrastructure Protection Board (PCIPB), said the National Strategy to
Secure Cyberspace is a step towards preventing serious cyber attacks in the
future. "On this issue, when we know there are vulnerabilities, and we know some
of the solutions, let us work together as a country... to solve these
vulnerabilities before there's a major disaster."
http://online.securityfocus.com/news/677
----------------------------------------------------
[2] Administration unveils cybersecurity plan
By Bara Vaida and Stephen M. Lawton for National Journal's Technology Daily
PALO ALTO, Calif.- Borrowing on imagery from the Sept. 11, 2001, terrorist
attacks, the "Nimda" and "Code Red" computer viruses and veiled threats yet to
come, the White House on Wednesday unveiled its national cyber-security plan at
a press conference here.
What was originally expected to be a blueprint of how the administration plans
to fight cyber threats, the document is a "rough draft" that will be the subject
of public comment for the next 60 days, said Richard Clarke, the president's
cybersecurity adviser.
"The government cannot dictate, cannot mandate, cannot alone secure cyberspace,"
Clarke said. He characterized the theme of the document as moving away from
"who, what, when, how and shifting to a vulnerability paradigm."
http://www.govexec.com/dailyfed/0902/091802td1.htm
More:
Cybersecurity plan lacks muscle
http://news.com.com/2100-1023-958545.html?tag=cd_mh
US cyber defence plan lacks teeth, claim critics
http://www.cw360.com/bin/bladerunner?REQSESS=irD17TS&2149REQEVENT=&CARTI=115898&;
CARTT=1&CCAT=2&CCHAN=22&CFLAV=1
Two cheers for US cyber-security plan
http://news.bbc.co.uk/1/hi/business/2268188.stm
Cyber Security Report Spreads Burden
http://www.cbsnews.com/stories/2002/09/17/tech/main522287.shtml
Critics Rap Bush Cyber-Security Plan
http://www.eweek.com/article2/0,3959,541172,00.asp
White House cybersecurity plan avoids mandates
http://www.iht.com/articles/71144.html
----------------------------------------------------
[3] President Bush Announced His Appointment of 24 Individuals to Serve as
Members of the National Infrastructure Advisory Committee
President George W. Bush today announced his appointment of the 24 individuals
to serve as Members of the National Infrastructure Advisory Committee (NIAC).
Established by Executive Order 13231, NIAC will make recommendations regarding
the security of the cyber and information systems of the United States' national
security and economic critical infrastructures. The Committee will also examine
ways that partnerships between the public and private sectors can be enhanced to
improve cyber security.
http://www.whitehouse.gov/news/releases/2002/09/20020918-12.html
----------------------------------------------------
[4] A Short History of Computer Viruses and Attacks
Compiled by Brian Krebs
washingtonpost.com Staff Writer
Wednesday, September 18, 2002; 12:00 AM
1945: A moth is found trapped between relays in a computer operated by the U.S.
Navy. From then on, problems with computers are referred to as "bugs," and the
process of removing them is called "debugging."
http://www.washingtonpost.com/wp-dyn/articles/A50636-2002Jun26.html
----------------------------------------------------
[5] White House balks at Senate confirmation for e-gov chief
By Jason Peckenpaugh
The White House generally supports legislation that would create an e-government
chief's position at the Office of Management and Budget, but Bush officials are
balking at a provision that requires the official to be confirmed by the Senate.
The legislation, known as the E-Government Act (H.R. 2458), passed the Senate in
June and is awaiting action in the House. Besides creating the e-government
position-which mirrors the current role of Mark Forman, assistant director for
information technology and e-government at OMB-the measure also requires
agencies to protect the privacy of citizens using federal Web sites and
reauthorizes the 2000 Government Information Security Reform Act, which is set
to expire Nov. 29.
OMB supports these measures, but opposes Senate confirmation for the
e-government chief, in part because of the lengthy confirmation process for
presidential appointees, said Mark Everson, deputy director for management at
OMB.
http://www.govexec.com/dailyfed/0902/091802p1.htm
----------------------------------------------------
[6] Pentagon's anti-terrorism battle takes a covert turn
Susan Schmidt and Thomas E. Ricks The Washington Post
Thursday, September 19, 2002
WASHINGTON The Pentagon is preparing to consolidate control of most of the
global war on terrorism under the U.S. Special Operations Command, according to
government sources, signaling an intensified but more covert approach to the
next phase in the battle against Al Qaeda and other international terrorist
groups.
The unprecedented move, discussed by senior Pentagon officials for months, comes
in response to prodding by Defense Secretary Donald Rumsfeld for the military to
take more aggressive steps to capture or kill members of Al Qaeda, many of whom
have fled since the U.S. military campaign in Afghanistan began last year, the
sources said.
The Special Operations Command, or SOCOM, which like the U.S. Central Command
has headquarters in Tampa, Florida, has been ordered to come up with detailed
plans in the next weeks for how it will manage its expanded responsibilities,
sources said.
http://www.iht.com/articles/71143.html
----------------------------------------------------
'... Hill also said that between May and July 2001, the National Security Agency
reported at least 33 communications indicating a possible, imminent terrorist
attack. Asked why intelligence agencies didn't do more about the terrorist
threats, Hill said they have complained about a lack of resources and the
massive amount of intelligence they were receiving. "They were overwhelmed by
almost a flood of information," she said. ...'
[7] Probe: U.S. Knew of Jet Terror Plots
Wed Sep 18,10:20 PM ET
By KEN GUGGENHEIM, Associated Press Writer
WASHINGTON (AP) - Intelligence agencies failed to anticipate terrorists flying
planes into buildings despite a dozen clues in the years before the Sept. 11
attacks that Osama bin Laden ( news - web sites) or others might use aircraft as
bombs, a congressional investigator told lawmakers Wednesday as they began
public hearings into the attacks.
http://story.news.yahoo.com/news?tmpl=story&u=/ap/20020919/ap_on_go_co/attacks_i
ntelligence_22
----------------------------------------------------
[8] Group says Microsoft isn't living up to antitrust settlement
Thursday 19 September 2002
An industry group backed by some of Microsoft's top competitors has sent a
letter to the US Department of Justice (DoJ) claiming that the software maker is
not living up to the terms of a proposed antitrust settlement deal that it
reached with the federal government.
http://www.cw360.com/bin/bladerunner?REQSESS=irD17TS&2149REQEVENT=&CARTI=115902&;
CARTT=14&CCAT=2&CCHAN=28&CFLAV=1
----------------------------------------------------
[9] Fed cybersecurity initiative boosts TCPA
By Thomas C Greene in Washington
Posted: 17/09/2002 at 17:18 GMT
On Wednesday a group of federal bureaucrats, business representatives and
industry lobbyists will be rolling out a draft of the White House's new
initiative to enlist the computing public in the task of defending cyberspace.
Originally, the Feds had planned to roll out a final draft, but this has been
delayed due to unresolved conflicts among the technology companies the scheme
will be affecting.
http://www.theregister.co.uk/content/55/27159.html
----------------------------------------------------
[10] Bird's-Eye View of What Irks Bush
By Noah Shachtman
2:00 a.m. Sep. 18, 2002 PDT
While diplomats and generals debate what should be done if Iraq has acquired
weapons of mass destruction, a website run by a tiny Virginia nonprofit is
giving ordinary citizens a glimpse of what may be Saddam Hussein's biological,
chemical and nuclear arms-making facilities.
By publishing its analysis of commercial satellite pictures, GlobalSecurity.org
is doing more than educating the Internet-going public. The group is beginning,
in minute ways, to affect the moves of world players as well.
http://www.wired.com/news/politics/0,1283,55218,00.html
----------------------------------------------------
[11] Web firms take second shot at success
Once-struggling dot-coms go through reincarnation
September 18, 2002 Posted: 9:49 AM EDT (1349 GMT)
SAN FRANCISCO, California (AP) -- The Internet digital photo site Webshots
seemed destined to dissolve in the dot-com meltdown a year ago as its owner,
ExciteAtHome, prepared to go bankrupt.
But Webshots' co-founders lobbied for another try at developing the site into a
profitable business -- a goal that doesn't look as farfetched as it appeared
when ExciteAtHome was poised to pull the plug.
http://www.cnn.com/2002/TECH/internet/09/18/second.webshots.ap/index.html
----------------------------------------------------
[12] Detecting and Removing Trojans and Malicious Code from Win2K
by H. Carvey
last updated September 18, 2002
Introduction
The amount of malicious code directed at Windows systems seems to be increasing
on a continual curve [1]. IRC bots, backdoor Trojans and worms abound. It seems
that few Windows systems, particularly Win2K, are immune from infection,
regardless of how diligent the user or administrator may be. Many posters to
public lists continue to report Code Red and Nimda scans, as well as port scans
for popular Trojan applications, on an almost weekly basis.
The flip side of this is that users and administrators are also reporting that
their systems have been infected or "hacked", without having solid evidence to
support their assumptions. Many times, the reported activity may be, in reality,
normal activity of an application on the system.
http://online.securityfocus.com/infocus/1627
----------------------------------------------------
[13] Slapped Silly
Lessons I learned from falling prey to the latest Linux virus.
By Jon Lasser Sep 18, 2002
It's our turn again. The latest worm to attack Web servers is aimed squarely at
Linux systems running Apache. The Slapper worm affects 21 different builds of
Apache that live on top of a number of different Linux distributions, exploiting
the SSL bug reported at the end of July. It installs a distributed
denial-of-service (DDoS) client on the target system and also attempts to locate
and exploit other vulnerable instances of Apache.
http://online.securityfocus.com/columnists/109
----------------------------------------------------
[14] A Gathering of Big Crypto Brains
By Karlin Lillington
2:00 a.m. Sep. 19, 2002 PDT
NAAS, Ireland -- In a lush country hotel 20 miles south of Dublin, the barroom
conversation turns to steganography and database vulnerabilities, encryption
algorithms and biometric scanners, SWAP files and cookie poisoning.
Not your average pub denizens, the speakers are some of the best-known names in
cryptography and security, gathered for one of the industry's best-kept secrets:
the annual COSAC conference, held every fall in Ireland.
http://www.wired.com/news/technology/0,1282,55209,00.html
----------------------------------------------------
[15] Falun Gong 'TV hackers' on trial
Members of the Falun Gong spiritual movement have gone on trial in China,
charged with hacking into a cable television network and broadcasting pro-Falun
Gong messages.
http://news.bbc.co.uk/1/hi/world/asia-pacific/2267523.stm
----------------------------------------------------
[16] Can Bon Jovi Foil the Pirates?
By Noah Shachtman
2:00 a.m. Sep. 19, 2002 PDT
Hair-rock mastodons Bon Jovi may have actually done something cool this decade.
The 1980s megastars have a new, Web-based scheme to discourage their
soon-to-be-released disc from being pirated. And computer security experts think
the program just might work.
http://www.wired.com/news/technology/0,1282,55246,00.html
----------------------------------------------------
[17] Senate stuck in slow motion on homeland security bill
By Brody Mullins, CongressDaily
Senate Majority Leader Tom Daschle, D-S.D., filed a cloture motion Tuesday to
end a protracted debate on homeland security legislation, but it is unclear
whether he will be able to break the deadlock.
The White House deployed homeland security adviser Tom Ridge to Capitol Hill
Tuesday to reiterate his call for speedy action on the homeland measure. "We
need to get on with this," Ridge told reporters.
But it was considered unlikely that the Senate would heed the call. Just moments
after Daschle filed for cloture, Republicans objected. Republican leadership
aides held an impromptu news conference to accuse Daschle of employing Sen.
Robert Byrd, D-W.Va., to filibuster the bill to justify the cloture motion.
http://www.govexec.com/dailyfed/0902/091802cdam1.htm
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
