_________________________________________________________________
London, Monday, September 30, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] New Net project aims to avoid hacking
[2] What's your cybersecurity strategy? Here's mine
[3] Defense U. targets e-gov
[4] P2P Hacking Bill draws support, critics
[5] When is hacking a crime?
[6] Secret Service patrolling for unsecured wireless networks
[7] Porn Spam: It's Getting Raunchier
[8] Council of Europe targets child sex abuse, online racism
[9] Maryland law targets spammers
[10] Turtle to shell hackers
[11] 64-bit encryption broken after four years
[12] Pentagon prohibits wireless, citing security reasons
[13] Navy launches e-records effort
[14] Hacker groups declare war on US.gov
[15] Homeland security concerns may derail long-term spending measure
[16] Remote Management of Win2K Servers: Three Secure Solutions
[17] 'I Yelled at Them to Stop'
_________________________________________________________________
News
_________________________________________________________________
[1] New Net project aims to avoid hacking
By Jeordan Legon (CNN)
(CNN) --Scientists concerned about the vulnerability of the Internet to
failure or hacking envision a next-generation system that would use the
collective power of users' computers to become more secure.
Researchers exploring that vision at five major U.S. universities got a
$12-million grant from the National Science Foundation (NSF) this week,
as part of a program that doled out $144 million to advance computer
science.
The Internet project, dubbed Infrastructure for Resilient Internet
Systems (IRIS), will attempt to solve two of the biggest problems faced
by Web users: sites being down when too many people try to access a
single server and hackers attacking the servers on which information is
stored.
http://www.cnn.com/2002/TECH/internet/09/27/iris.internet/index.html
----------------------------------------------------
[2] What's your cybersecurity strategy? Here's mine
David Coursey,
Executive Editor, AnchorDesk
Monday, September 30, 2002
Wireless analyst Andy Seybold has a theory about ZDNet's Digital Defense
Test, which I failed so miserably last week. Andy says that if you pass
the test, it proves you really don't need your computer, because you're
obviously not doing anything with it.
For the record, I did about as well on the test as other folks I know.
One TV news correspondent I know did worse, as did my boss Pat
Houston--and he helped develop the thing. Rob Enderle, the Giga analyst,
got a C when he took the test on my radio show--but I think he fudged a
bit.
THE POINT IS, we're not all losers tempting fate with our lax personal
computer hygiene. Rather, until the computer industry gets its
collective act together and produces products without inherent security
problems, most of us are going to do badly when it comes to securing our
systems. It's up to us as individual users to take care of ourselves.
Today I want to share with you how I do just that.
http://www.zdnet.com/anchordesk/stories/story/0,10738,2881906,00.html
----------------------------------------------------
[3] Defense U. targets e-gov
BY Colleen O'Hara
Sept. 30, 2002
The National Defense University last week began a master's-level
certification program designed to mold government managers into
e-government leaders.
The eGovernment Leadership Certificate Program is a "broad leadership
program" aimed at helping senior executives manage programs that cut
across organizational lines, said Linda Massaro, a senior fellow at the
university's Information Resources Management College. "It takes a
different set of skills" to do that effectively, she said.
http://www.fcw.com/fcw/articles/2002/0930/mgt-egov-09-30-02.asp
----------------------------------------------------
[4] US P2P Hacking Bill draws support, critics
By ComputerWire
Posted: 09/30/2002 at 07:25 EST
US lawmakers last week sat down with proponents and opponents of a
controversial bill that would allow copyright holders to use techniques
critics compare to "hacking" to prevent content being pirated on
peer-to-peer networks, Kevin Murphy writes.
At a hearing of the House Judiciary Committee's Subcommittee on Courts,
the Internet and Intellectual Property, a senior record industry
executive and the bill's sponsors argued that the bill is the best way
to stop P2P being used to pirate, while a public domain lobbyist said
the bill was too vague and potentially dangerous.
http://www.theregus.com/content/6/26458.html
----------------------------------------------------
[5] When is hacking a crime?
By Robert Lemos
Special to ZDNet
September 23, 2002, 4:32 AM PT
Kevin Finisterre admits that he likes to hew close to the ethical line
separating the "white hat" hackers from the bad guys, but little did he
know that his company's actions would draw threats of a lawsuit from
Hewlett-Packard.
This summer, the consultant with security firm Secure Network Operations
had let HP know of nearly 20 holes in its Tru64 operating system. But in
late July, when HP was finishing work to patch the flaws, another
employee of Finisterre's company publicly disclosed one of the
vulnerabilities and showed how to exploit it--prompting the technology
giant to threaten litigation under the Digital Millennium Copyright Act.
Finisterre, who was not hired by HP, now says he'll think twice before
voluntarily informing another company of any security holes he finds.
http://zdnet.com.com/2100-1105-958920.html
----------------------------------------------------
[6] Secret Service patrolling for unsecured wireless networks
Copyright C 2002 AP Online
By D. IAN HOPPER, AP Technology Writer
WASHINGTON (September 29, 2002 1:56 p.m. EDT) - Secret Service agents
are putting a high-tech twist on the idea of a cop walking the beat.
Using a laptop computer and an antenna fashioned from a Pringles potato
chip can, they are looking for security holes in wireless networks in
the nation's capital.
The agency best known for protecting the president and chasing down
counterfeiters has started addressing what it calls one of the most
overlooked threats to computer networks.
"Everybody wants wireless, it's real convenient," Special Agent Wayne
Peterson said. "Security has always been an afterthought."
http://www.nandotimes.com/technology/story/555541p-4378549c.html
----------------------------------------------------
[I am using the free Cloudmark SpamNet (http://www.cloudmark.com/) to
filter spam and it works really well (unfortunately it only supports
Outlook 2000/XP). WEN]
[7] Porn Spam: It's Getting Raunchier
By Julia Scheeres
2:00 a.m. Sep. 30, 2002 PDT
Naked women performing oral sex with guns pressed to their heads, naked
women with large dogs clutching their backs, naked women in pigtails
pretending to be daughters having sex with fathers.
These are some of the explicit images that have started slipping into
inboxes lately as spamsters try to drive traffic to a growing number of
sites featuring rape, bestiality and incest pornography.
http://www.wired.com/news/culture/0,1284,55420,00.html
----------------------------------------------------
[8] Council of Europe targets child sex abuse, online racism
By AGENCE FRANCE-PRESSE
STRASBOURG, France (AFP) - The pan-European rights body Council of
Europe on Friday passed resolutions against child sex abuse and Internet
racism but said the battle to fight them will be tough because of huge
financial interests.
"Combating the sexual abuse of children should be made a national cause
in all our member states" said rapporteur Fiorello Provera, of the
liberal, democratic and reformers' group. "Zero tolerance should mean
that no criminal went unpunished, there should be no geographical
limits."
"The trafficking and prostitution of both boys and girls have started to
flourish in our European states," she warned. "The children come from
Eastern Europe, from Africa, from China."
http://newsobserver.com/24hour/world/story/554721p-4372464c.html
----------------------------------------------------
[9] Maryland law targets spammers
By William Glanz
THE WASHINGTON TIMES
Maryland consumers tired of finding their electronic mailboxes
stuffed with unwanted pitches for amazing cancer cures and weary of
opening advertisements that claim to be messages from old friends should
get some welcome relief.
A new state law that takes effect tomorrow is intended to limit
unsolicited commercial e-mail, or spam, which accounted for almost half
of all electronic messages last year. Despite the legislation,
politicians, e-mail marketers and Internet service providers (ISP) who
support reining in spammers believe that stopping the electronic junk
mail will be difficult.
"If we haven't done it perfectly, we've certainly made a start," said
Delegate Joan Pitkin, the Prince George's County Democrat who sponsored
the bill in the Maryland General Assembly.
http://www.washtimes.com/business/20020930-5773480.htm
----------------------------------------------------
[10] Turtle to shell hackers
By Nick Farrell [26-09-2002]
FTC uses cartoon to push serious security message
The Federal Trade Commission (FTC) has introduced a cartoon turtle as a
mascot to promote internet security.
Dewie is designed to remind computer users, from children to businesses,
that only they can stop viruses and hackers from taking over their
computer.
http://www.pcw.co.uk/News/1135412
http://www.ftc.gov/bcp/conline/edcams/infosecurity/
----------------------------------------------------
[11] 64-bit encryption broken after four years
By James Middleton [30-09-2002]
And all it took was 15,769,938,165,961,326,592 keys
After millions of hours of processor work and four years of human
effort, the RC5 64-bit encryption algorithm has finally been broken.
Using 331,252 volunteer machines, a crypto group called Distributed.net
cracked RSA Security's encryption challenge and picked up a cheque for
$10,000.
http://www.vnunet.com/News/1135452
----------------------------------------------------
[12] Pentagon prohibits wireless, citing security reasons
By Ellen Messmer
Network World Fusion, 09/27/02
The Office of the Secretary of Defense has issued a memorandum that
prohibits the use of many types of wireless technologies in the Pentagon
and much of the Army, Navy and Air Force until the military has
developed a wireless security strategy, which it expects to do with
assistance from the National Security Agency.
John Stenbit, assistant secretary of Defense for Command Control and
Communications and the Defense Department's chief information officer,
signed the memorandum along with the OSD's acting director of
administration and management, Howard Becker. Attached to the memo,
which pertains to use of wireless in the military's IT networks, is a
document entitled "Pentagon Area Common Information Technology Wireless
Security Policy." The document elaborates on the dangers of wireless to
network security and the steps the Penatgon and its service branches are
taking to come to grips with it. The decision on wireless had been
expected for several months.
Because wireless technologies, particularly wireless LANs, bring with
them new ways to break into networks, the Pentagon has decided to
prohibit the connecting of wireless devices to a classified network or
computer, the document states.
http://www.nwfusion.com/news/2002/0927pgon.html
----------------------------------------------------
[13] Navy launches e-records effort
BY Christopher J. Dorobek
Sept. 30, 2002
The Navy last week kicked off what is expected to become the
government's largest enterprisewide records management system when it
began installing software on Navy Marine Corps Intranet computers.
The Navy is loading software on about 100 PCs in the Navy Department's
Office of the Chief Information Officer. That tool eventually will help
the service manage records and documents across nearly 400,000 desktop
PCs at nearly 300 shore-based sites, officials said. Last year, the Navy
and EDS selected Australia-based Tower Software's TRIM as NMCI's records
management standard.
http://www.fcw.com/fcw/articles/2002/0930/news-navy-09-30-02.asp
----------------------------------------------------
[14] Hacker groups declare war on US.gov
By electricnews.net
Posted: 09/27/2002 at 08:46 EST
A record number of malicious hacking attempts were made this month, and
anti-American groups are responsible.
So says Mi2g, the London-based security consultancy, which notes that US
government on-line computers belonging to the House of Representatives,
Department of Agriculture, Department of Education, National Park
Service, NASA and the US Geological Survey were attacked in September.
http://www.theregus.com/content/55/26448.html
----------------------------------------------------
[15] Homeland security concerns may derail long-term spending measure
By Keith Koffler, CongressDaily
While there is increasing talk on Capitol Hill that Congress will
adjourn Oct. 11 and pass a continuing resolution stretching into
December or next year, House Republican leaders are quietly discussing
the possibility of a CR lasting a few weeks at best-with no
adjournment-if the Homeland Security Department bill is not finished.
The bill is at a standstill in the Senate, where Republicans are
insisting on a clean, up-or-down vote on a White House-backed amendment
offered by Sens. Phil Gramm, R-Texas, and Zell Miller, D-Ga. Democratic
leaders are refusing their demands, believing they have just enough
support to pass a competing amendment by Sens. John Breaux, D-La., Ben
Nelson, D-Neb., and Lincoln Chafee, R-R.I., which President Bush
promises to veto.
According to senior House GOP aides, there are doubts in the leadership
about whether Bush, who rarely speaks without emphasizing the importance
of creating a new Homeland Security Department, would sign a CR after
Oct. 11 that punts the issue months into the future. And there is
concern about voter reaction if Congress were to adjourn without
finishing what both Democrats and Republicans tout as a national
security priority.
http://www.govexec.com/dailyfed/0902/092702cd1.htm
----------------------------------------------------
[16] Remote Management of Win2K Servers: Three Secure Solutions
by Mark Burnett
last updated September 25, 2002
It's a common scenario: your company has an IIS Web server sitting 300
miles away at a high-bandwith, air-conditioned and power-regulated
co-location center. The network is stable and the price is right, but
you must completely manage the server remotely; you can't just go sit
down at the console whenever you want. Remote management presents
several problems, the most obvious being that the traffic between you
and the server is travelling across the public Internet, available for
others to sniff. Another problem is that remote administration normally
involves installing software and opening ports, both of which increase
the attack surface of your server. The goal when selecting a remote
administration solution is to make sure that you (and only you) can do
your job without exposing the server to additional risk.
http://online.securityfocus.com/infocus/1629
----------------------------------------------------
[17] 'I Yelled at Them to Stop'
U.S. Special Forces are frustrated. Kicking down doors and frisking
women, they say, is no way to win hearts and minds in Afghanistan. A
report from the front
Oct. 7 issue - One afternoon in August, a U.S. Special Forces A team
knocked at the door of a half-ruined mud compound in the Shahikot
Valley. The servicemen were taking part in Operation Mountain Sweep, a
weeklong hunt for Qaeda and Taliban fugitives in eastern Afghanistan.
http://www.msnbc.com/news/814576.asp?cp1=1
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
