_________________________________________________________________
London, Friday, October 04, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] Report: Satellites at Risk of Hacks
[2] Hackers deface State Department site
[3] Microsoft says 1 percent of bugs cause half of all software errors
[4] Senate cybersecurity bill hits snag
[5] Army looking to outsource
[6] (CA) Federal proposal tells only part of cybercrime story
[7] Bill aims at foreign Web censorship
[8] Bush steps up demand for action on homeland security bill
[9] Northcom faces obstacles at launch
[10] State again target of hacking
[11] Allies Drop Leaflets Warning Iraqis
[12] 'Cowboy' WLANs letting industry down, analyst warns
[13] U.N. arms inspectors run into a few bugs
[14] House Passes Net Gambling Bill
[15] Teaming up against cyberthreats
[16] Klez-H enjoying its final days on infamy?
[17] Assessing Internet Security Risk, Part Four: Custom Web
Applications
_________________________________________________________________
News
_________________________________________________________________
[1] Report: Satellites at Risk of Hacks
Want to find the most-ignored cybersecurity hole in America's critical
infrastructure? Congressional investigators say, Look up!
By Kevin Poulsen, Oct 3 2002 4:42PM
Critical commercial satellite systems relied upon by federal agencies,
civilians and the Pentagon are potentially vulnerable to a variety of
sophisticated hack attacks that could cause service disruptions, or even
send a satellite spinning out of control, according to a new report by
the General Accounting Office, the investigative arm of Congress.
The GAO report, dated August 30th but not released publicly until
Thursday, criticizes the White House for not taking the vulnerabilities
into account in its national cybersecurity planning, a criticism it also
extends back to the Clinton administration.
http://online.securityfocus.com/news/942
See also:
http://www.mail-archive.com/infocon@infowarrior.org/msg00249.html
----------------------------------------------------
[2] Hackers deface State Department site
Unidentified hackers scrawled virtual obscenities on a State Department
Web site, forcing the department to close the site down, spokesman
Richard Boucher said Thursday. The obscenities appeared Wednesday on the
Web site www.usinfo.state.gov, which is designed to provide information
to computer users outside the United States. Boucher did not describe
the obscenities or know if they were politically motivated.
http://zdnet.com.com/2110-1105-960706.html
http://news.com.com/2110-1001-960706.html?tag=cdshrt
http://www.washingtonpost.com/wp-dyn/articles/A39528-2002Oct3.html
A FoGIS (http://www.fogis.de) member spotted the following:
State Press Briefing 03.10.02
QUESTION: Yeah, I have tried yesterday afternoon and this morning to
get into your overseas website and have been unsuccessful. Are you
all having trouble with that?
MR. BOUCHER: One of our sites was hacked. The International
Information website, the usinfo.state.gov site, which is run by the
Bureau of International Information Programs, largely directed at
foreign audiences, was temporarily shut down after the main page was
defaced on October 2nd. This affects this particular site only. Our
main site, www.state.gov remains open and most embassy sites from
overseas are not affected.
The defacement was on the main page. The investigation is being
coordinated by State's Internal Computer Incident Response Team.
It's not possible to surmise any intent of the intruders beyond
vandalism
At this point.
The affected site was hosted by a service outside the Department. At
no time were any inside computers or classified information or
sensitive information in any danger of compromise. We're fixing the
website and trying to put it back up and running as soon as possible.
QUESTION: What was the defacement?
MR. BOUCHER: I don't have information here.
----------------------------------------------------
[3] Microsoft says 1 percent of bugs cause half of all software errors
SEATTLE (Reuters) - One percent of the bugs in Microsoft Corp.'s
software cause half of all reported errors, with 20 percent of bugs
responsible for 80 percent of the mistakes, Chief Executive Steve
Ballmer said on Wednesday.
Microsoft, the world's largest software company, has been criticised for
unstable and unwieldy software -- which runs on more than 90 percent of
personal computers.
``Let's acknowledge a sad truth about software: any code of significant
scope and power will have bugs in it,'' Ballmer told customers in a memo
similar to one by Chairman Bill Gates this year renewing Microsoft's
commitment to trustworthy computing.
http://www.siliconvalley.com/mld/siliconvalley/4201832.htm
----------------------------------------------------
[4] Senate cybersecurity bill hits snag
By William New, National Journal's Technology Daily
An effort to quickly move through the Senate a bipartisan bill
authorizing $903 million over five years for cybersecurity research has
snagged on an anonymous Republican "hold," sources said. GOP aides on
Thursday said the issue of concern has been resolved and the hold will
be lifted, but at presstime, the Senate Democratic cloakroom said it is
still active.
"It is our understanding there is a hold on it from the Republican
side," said Carol Guthrie, the spokeswoman for bill sponsor Ron Wyden,
D-Ore. "This is particularly distressing in light of Senator Wyden's
policy of publicly announcing when he puts a hold on a piece of
legislation." Publicly announcing a hold is "a step toward resolving
differences in a bipartisan manner."
A Republican aide, however, said the delay is not a formal hold but
rather one Republican office "taking a closer look" the legislation.
http://www.govexec.com/dailyfed/1002/100302td1.htm
----------------------------------------------------
... We're already doing that business with [the Defense Information
Systems Agency], where roughly 85 percent of the work is outsourced,"
White told Federal Computer Week immediately following an Oct. 3
luncheon speech sponsored by the Washington, D.C., chapter of the Armed
Forces Communications and Electronics Association. ...
[5] Army looking to outsource
BY Dan Caterinicchia
Oct. 4, 2002
Army Secretary Thomas White said the service cannot truly transform
unless its business processes are part of the plan. Therefore, he said
the Army will "privatize every non-core function" that it can develop a
good business case for - including information technology and
communications positions.
http://www.fcw.com/fcw/articles/2002/0930/web-army-10-04-02.asp
----------------------------------------------------
[6] Federal proposal tells only part of cybercrime story
MICHAEL GEIST
Thursday, October 3, 2002
In the wake of the Sept. 11 terrorist attacks, the Canadian government
hurriedly introduced a series of new anti-terror measures.
Quietly included was a seemingly innocuous announcement -- Canada,
alongside other countries such as the United States, would implement the
global cybercrime treaty developed by the Council of Europe.
The full impact of that decision began to take shape last month when
Ottawa released a discussion document outlining the changes required to
bring Canadian law into conformity with the treaty. The document, titled
Lawful Access, details significant changes in the surveillance practices
of Internet service providers (ISP) and in law enforcement's access to
computer data. The proposal is troubling not only for what it says, but
even more so for what it doesn't say.
http://www.globetechnology.com/servlet/ArticleNews/gtnews/TGAM/20021003/
TWGEIS
----------------------------------------------------
[7] Bill aims at foreign Web censorship
By Lisa M. Bowman
Oct. 3 - A new bill designed to fight foreign Web censorship has been
introduced in Congress. The legislation, unveiled Wednesday by Rep.
Chris Cox, R-Ca., would create an Office of Global Internet Freedom
charged with fighting Internet blocking and helping Web users in
countries such as China and Syria get around censorship efforts and
avoid punishment. The bill also would allocate $50 million each year
over the next two years to develop and promote anti-blocking technology.
http://www.msnbc.com/news/816770.asp
----------------------------------------------------
[8] Bush steps up demand for action on homeland security bill
By Keith Koffler and Pamela Barnett, CongressDaily
President Bush Thursday sharpened his call for Congress to send him
homeland security legislation, insisting that lawmakers not go home
until the bill is finished.
Bush issued the call before a meeting with Hispanic leaders at the White
House, calling for Congress to finish the bill before leaving to
campaign.
The president's statement appears to equate the homeland security bill
with the fiscal 2003 Defense appropriations bill, which Bush also wants
to sign before Congress goes home to campaign.
http://www.govexec.com/dailyfed/1002/100302cd1.htm
----------------------------------------------------
[9] Northcom faces obstacles at launch
BY Dan Caterinicchia
Sept. 30, 2002
The Defense Department's new Northern Command is scheduled to start up
Oct. 1, but Northcom faces major cultural and technical obstacles in
communicating and sharing information - both internally and with the
civilian authorities it will support.
The command will include representatives from all the armed services,
and it is charged with ensuring homeland defense capabilities and
supporting civil authorities when directed by the president or secretary
of Defense.
Technology would play a role in easing the flow of information between
Northcom and its new partners, and Peter Verga, special assistant to the
secretary of Defense for homeland security noted an example while
speaking Sept. 26 at the Heritage Foundation, a Washington, D.C., think
tank.
http://www.fcw.com/fcw/articles/2002/0923/web-dod-09-27-02.asp
----------------------------------------------------
[10] State again target of hacking
Agencies are warned that the 'Godzilla' server was breached.
By Sam Stanton and Denny Walsh -- Bee Staff Writers
Published 2:15 a.m. PDT Wednesday, October 2, 2002
Five months after investigators found a computer hacker had gained
access to sensitive personal data on thousands of state employees,
officials are warning hundreds of agencies of new assaults on a state
computer server nicknamed "Godzilla."
In letters sent to 260 state agencies over the past few days, U.S.
Attorney John Vincent and California Highway Patrol Commissioner D.O.
"Spike" Helmick are warning of "possible intrusions" of state computer
systems.
Both letters ask officials to check the security of their computers and
report back by Thursday on whether they are secure.
http://www.sacbee.com/content/news/story/4631373p-5649680c.html
----------------------------------------------------
... Defense officials said coalition aircraft dropped 120,000 leaflets
depicting a jet bombing a missile launcher and a radar site with the
message: "Iraqi ADA (air defense artillery) Beware! Don't track or fire
on coalition aircraft!"
The back side of the leaflet had another message. "The destruction
experienced by your colleagues in other air defense locations is a
response to your continuing aggression toward planes of the coalition
forces," leaflets written in Arabic said.
"No tracking or firing on these aircraft will be tolerated. You could be
next," said an English translation released by defense officials. ...
[11] Allies Drop Leaflets Warning Iraqis
Thu Oct 3, 3:32 PM ET
By PAULINE JELINEK, Associated Press Writer
WASHINGTON (AP) - In a direct message to Iraqi troops, allied forces
dropped thousands of leaflets over the southern no-fly zone in Iraq
warning gunners to stop firing on U.S. and British patrol planes.
Iraqi forces responded by firing on aircraft delivering the leaflets.
That led allied forces to bomb an air defense operations center, U.S.
Central Command officials said.
The leaflet drop was the first known direct warning from the Pentagon (
news - web sites) to Iraq's military rank and file in the Bush
administration's campaign to topple Iraqi President Saddam Hussein (
news - web sites).
http://story.news.yahoo.com/news?tmpl=story&u=/ap/20021003/ap_on_re_mi_e
a/us_iraq_propaganda_1
----------------------------------------------------
[12] 'Cowboy' WLANs letting industry down, analyst warns
By David Legard
October 3, 2002 5:43 am PT
THE WIRELESS LAN (WLAN) industry has neither technical nor business
stability and is in danger of causing another round of business
disasters in the telecommunication sector, according to independent
Australian analyst Paul Budde.
The lack of regulation is causing problems for end users, with
reliability and security being ignored in favor of providing multiple
services over broadband WLANs at the lowest possible price, according to
Budde.
http://www.infoworld.com/articles/hn/xml/02/10/03/021003hnwlans.xml
----------------------------------------------------
[13] U.N. arms inspectors run into a few bugs
Mercury News
U.N. inspectors preparing to search Iraq for biological weapons already
have found viruses.
The computer variety.
The viruses were in a mass of overdue reports on four CD-ROMs an Iraqi
official handed to biological, nuclear and chemical inspectors in Vienna
on Monday.
http://www.siliconvalley.com/mld/siliconvalley/4201505.htm
----------------------------------------------------
[14] House Passes Net Gambling Bill
by Mika Takahashi, WINNERonline.com
Updated 2 Oct 2002
On Tuesday the U.S. House of Representatives voted to pass Bill HR556,
the Unlawful Internet Gambling Funding Prohibition Act, under a
suspension of the rules. The bill would make it unlawful for banks,
credit card companies, and other financial firms knowingly to transfer
money to Internet gambling sites. It would also make it a federal crime
to operate an "unlawful Internet gambling" Web site.
http://www.winneronline.com/articles/october2002/hr556.htm
----------------------------------------------------
[15] Teaming up against cyberthreats
BY Diane Frank
Oct. 3, 2002
A new list of the top 20 computer security vulnerabilities comes with a
little help this year, as the public and private sectors have teamed up
to close the holes that cause the most problems.
The SANS Institute, the National Infrastructure Protection Center, the
Federal Computer Incident Response Center and the head of the
President's Critical Infrastructure Protection Board came together Oct.
2 to announce a new list of the top vulnerabilities in the Unix and
Microsoft Corp. Windows environments. SANS and the NIPC released the
first list last year.
http://www.fcw.com/fcw/articles/2002/0930/web-alert-10-03-02.asp
----------------------------------------------------
[16] Klez-H enjoying its final days on infamy?
By John Leyden
Posted: 10/02/2002 at 10:00 EST
The nasty BugBear worm made a race for infamy at the end of the month,
but that old favourite Klez-H still made it to the top of the virus
charts last month
That's according to monthly statistics from managed services firm
MessageLabs, which stopped 576,100 copies of the viruses in September.
It's the fifth month in a row Klez-H has topped the chart.
MessageLabs reports that virus infection rates are running at around one
per 200 emails, compared to one in 30 infected emails at the heights of
the Goner and Love Bug epidemics.
http://www.theregus.com/content/56/26491.html
----------------------------------------------------
[17] Assessing Internet Security Risk, Part Four: Custom Web
Applications
by Charl van der Walt
last updated October 3, 2002
This article is the fourth in a series that is designed to help readers
to assess the risk that their Internet-connected systems are exposed to.
In the first installment, we established the reasons for doing a
technical risk assessment. In the second article, we started to discuss
the methodology that we follow in performing this kind of assessment.
The third part discussed methodology in more detail, focussing on
visibility and vulnerability scanning. This installment will discuss a
relatively unexplored aspect of Internet security, custom Web
applications.
Web Application Analysis
Of all the possible services on the Internet DNS, e-mail and the World
Wide Web are by far the most pervasive. (In fact, in July 2002, the
monthly Netcraft Web site survey reported that 37,235,470 active Web
servers were connected to the Internet.) Of these, Web services are the
most complex and the most frequently abused.
http://online.securityfocus.com/infocus/1631
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
