_________________________________________________________________ London, Tuesday, October 15, 2002 _________________________________________________________________
INFOCON News _________________________________________________________________ IWS - The Information Warfare Site http://www.iwar.org.uk _________________________________________________________________ --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- _________________________________________________________________ ---------------------------------------------------- [News Index] ---------------------------------------------------- [1] Bluetooth may leave PDAs wide open [2] Security tops list of reasons not to deploy Web Services [3] Former FBI chief takes on encryption [4] Outlook Express flaw helps hackers [5] Terror Czar: The War Is Digital [6] Task force urges distributed intelligence [7] Sendmail downloads hit by random hack [8] How to hack people [9] (HS) Tough decisions [10] US Copyright Office wakes up to flaws in anti-hacking law [11] China clamps down on Net cafes - again [12] FBI to build forensics center in Silicon Valley [13] Bush advisor: Cybercrime costs us billions [14] Linux firewalls: IT Manager's top picks [15] Mozilla's 'Code of Silence' Isn't [16] Lawmakers focus on security-related technology issues [17] House committee votes to create E-gov administrator _________________________________________________________________ News _________________________________________________________________ [1] Bluetooth may leave PDAs wide open 15:26 Thursday 10th October 2002 Peter Judge RSA 2002: If you have Bluetooth, make sure security is enabled, or others might snoop your contacts or even make calls from your phone Bluetooth-enabled phones and PDAs may have a gaping security gap, which could allow other people to read data such as personal contacts and appointments, and even make phone calls using the owner's identity. Some of these devices are shipped with the security features in Bluetooth disabled, allowing other Bluetooth devices access, according to RSA Security. "I have stood at the RSA booth in conferences, with my phone paging for other devices, and watched other people's devices show up," said Magnus Nystrom, technical director of RSA Security. Many devices simply allowed access without demanding a "pairing" code, said Nystrom, and would have allowed him to examine the personal data of passers-by, or even to make calls with their phones. http://news.zdnet.co.uk/story/0,,t460-s2123677,00.html http://www.theregister.co.uk/content/55/27572.html http://www.washingtonpost.com/wp-dyn/articles/A11227-2002Oct11.html ---------------------------------------------------- [2] Security tops list of reasons not to deploy Web Services By ComputerWire Posted: 11/10/2002 at 08:54 GMT End-to-end security of web services forms the most significant barrier to implementation by organizations, but this is not expected to hinder future development. A biannual survey of North American developers by Evans Data found 24% of respondents list security concerns as the number one reason for not rolling out web services - a growth of five percentage points since Evans previous survey, conduced in March. http://www.theregister.co.uk/content/55/27560.html ---------------------------------------------------- [3] Former FBI chief takes on encryption 11:43 Tuesday 15th October 2002 Declan McCullugh, CNET News.com Louis Freeh may have lost his battle against allowing encryption when he was at the FBI, but he is continuing the fight now he's left the federal agency When Louis Freeh ran the FBI, he loved nothing more than launching into a heartfelt rant against the dangers of encryption technology. In dozens of hearings and public speeches, the FBI director would urge Congress to limit encryption products, such as Web browsers and email scrambling utilities, that did not include backdoors for government surveillance. http://news.zdnet.co.uk/story/0,,t269-s2123893,00.html ---------------------------------------------------- [4] Outlook Express flaw helps hackers Oops, we did it again. Again... Microsoft has warned Outlook Express users that a software flaw could allow an online vandal to control their computers. A critical vulnerability in the email reader could allow an attacker to send a specially formatted message that would crash the software and potentially take control of the recipient's computer. http://www.silicon.com/bin/bladerunner?30REQEVENT=&REQAUTH=21046&14001RE QSUB=REQINT1=55939 ---------------------------------------------------- '.... Kelly J. Kuchta, a cybersecurity expert who is chairman of ASIS' information technology security council, said private security firms have become more willing to work with law enforcement since Sept. 11, 2001. He said more companies are sharing information about cyberattacks with the FBI as part of InfraGard, a cooperative program between the public and private sectors. ....' http://www.infragard.net/ [5] Terror Czar: The War Is Digital By John Gartner 11:50 AM Sep. 11, 2002 PDT PHILADELPHIA -- Invading Iraq or silencing Syria won't put an end to terrorism, but according to an influential retired U.S. Army general, figuring out how to effectively disrupt the communications of extremist factions could. Speaking to an audience of security professionals on Wednesday, Barry McCaffrey, a security expert who advises Congress, said that winning against Saddam Hussein will be relatively easy. Protecting civil rights while battling terror will be harder. http://www.wired.com/news/politics/0,1283,55089,00.html ---------------------------------------------------- [6] Task force urges distributed intelligence BY William Matthews Oct. 14, 2002 Better information analysis and sharing are essential in the war against terrorism, but don't build a giant, central database in Washington, D.C., a panel of intelligence and technology experts advised Homeland Security chief Tom Ridge last week. And don't put the FBI in charge of domestic intelligence gathering and analysis, a task force of the Markle Foundation urged in a 173-page report delivered to Ridge at the White House. http://www.fcw.com/fcw/articles/2002/1014/pol-task-10-14-02.asp ---------------------------------------------------- [7] Sendmail downloads hit by random hack By Robert Lemos Special to ZDNet News October 10, 2002, 4:21 AM PT Online vandals hacked into the primary download server for Sendmail.org and replaced key software with a Trojan horse, a Sendmail development team member said Wednesday. The apparent attack on Sendmail didn't leave a back door in the popular open-source e-mail software package, as previously believed, but compromised the download software on the Sendmail consortium's primary server so that every tenth request for source code would receive a modified copy in reply. http://zdnet.com.com/2100-1105-961469.html ---------------------------------------------------- [8] How to hack people Mitnick shortly after his capture in 1995 The biggest threat to the security of a company is not a computer virus, an unpatched hole in a key program or a badly installed firewall. In fact, the biggest threat could be you. So says Kevin Mitnick, and he should know. Mr Mitnick won notoriety as a hacker during the late 80s and early 90s and his exploits regularly became front page news. http://news.bbc.co.uk/1/hi/technology/2320121.stm ---------------------------------------------------- [9] Tough decisions Commentary BY Bruce McConnell Oct. 14, In July, Office of Management and Budget Director Mitchell Daniels Jr. seriously exercised the Clinger- Cohen Act by sending two memorandums to the federal agencies that will be affected by the proposed Homeland Security Department. The memorandums directed agencies to cease information system development efforts that exceed half a million dollars and to appear before the Information Technology Investment Review Group led by OMB and the Office of Homeland Security. The group is composed of chief information and financial officers and other senior officials from the various agencies affected. http://www.fcw.com/fcw/articles/2002/1014/mgt-bruce-10-14-02.asp ---------------------------------------------------- [10] US Copyright Office wakes up to flaws in anti-hacking law 11:13 Monday 14th October 2002 John Borland, CNET News.com It seems the US Copyright Office has finally realised that some parts of the Digital Millennium Copyright Act are just plain stupid Federal copyright regulators are opening the door for new exceptions to a controversial copyright law that has landed one publisher in court and a Russian programmer in jail. The United States Copyright Office is launching a rare round of public comment on rules that bar people from breaking through digital copy-protection technology on works such as music, movies, software or electronic books. Regulators aren't looking to change the law but they are looking for public suggestions on what kinds of activity should be legalised in spite of the rules. http://news.zdnet.co.uk/story/0,,t269-s2123809,00.html ---------------------------------------------------- [11] China clamps down on Net cafes - again By Tim Richardson Posted: 14/10/2002 at 10:28 GMT China has launched another crack down on Internet cafes this time banning children under the age of 16 from using them. The new regulations - due to come into force next month - were introduced following a fire at a Beijing Internet café in which 24 people died and 13 were injured. http://www.theregister.co.uk/content/6/27586.html ---------------------------------------------------- [12] FBI to build forensics center in Silicon Valley By Sean Webby Mercury News The FBI is creating a $3 million computer forensics lab in Silicon Valley, using the latest imaging software and high-end computers to sleuth for cyber-clues of child pornography, corruption, murder and more. The 12,000-square-foot Regional Computer Forensics Laboratory, at the foot of the Dumbarton Bridge in Menlo Park, will be available to help detectives from San Francisco, San Mateo, Santa Clara and Alameda counties hunt for digital clues. Investigators can bring seized computers and disks to be searched for incriminating e-mails, encrypted documents and other evidence within suspects' hardware or software. http://www.bayarea.com/mld/bayarea/4284974.htm ---------------------------------------------------- [13] Bush advisor: Cybercrime costs us billions Reuters October 14, 2002, 9:41 AM PT LONDON--Cybercrime is costing the world economy billions of dollars and is on the increase, President Bush's cyber-security adviser said Monday. "We have a great deal of focus nowadays on weapons of mass destruction but we need to be aware of the proliferation in cyberspace of weapons of mass disruption," Howard Schmidt told Reuters in an interview. The criminals range from terrorists to backroom hackers who know no frontiers. "Cyber crime is costing the world economy billions of dollars and it is still on the increase," Schmidt said. "The more we depend on the system, the more we use the system, the more they will exploit it." http://zdnet.com.com/2100-1106-961933.html ---------------------------------------------------- [14] Linux firewalls: IT Manager's top picks By Staff writers, ZDNet Australia 11 October 2002 Linux firewalls--it's one of the hot topics for CIOs and IT managers at the moment. ZDNet Australia takes a look at some of the options available for IT departments. Monitoring traffic, configuration glitches, and decisions about which firewall to opt for--they are all issues facing Australia's IT managers. Here we feature some tips, reports and analysis about Linux firewalls. http://www.zdnet.com.au/itmanager/technology/story/0,2000029587,20269014 ,00.htm ---------------------------------------------------- [15] Mozilla's 'Code of Silence' Isn't Developers are accused of not publicizing the browser's security vulnerabilities enough. But do we really need world wide alerts for every bug? By Jon Lasser Oct 09, 2002 Is the Mozilla project covering up security holes in its open-source browser? That seems to be the accusation in a recent note to Bugtraq, in which security researcher Thor Larholm publicized a list of bugs in Mozilla 1.0. The bugs weren't exactly a secret to begin with -- the list itself came from the Mozilla Web site. And they're all fixed in version 1.0.1. But Larholm's post hints darkly that the Mozilla organization should stop "hiding the fact that Mozilla, like most any other software product, has had and will have a long number of security vulnerabilities." The group has an obligation to publicize the bugs more thoroughly "so that the secinfo industry and the public in general becomes aware of these," Larholm wrote. http://online.securityfocus.com/columnists/114 ---------------------------------------------------- [16] Lawmakers focus on security-related technology issues By Chloe Albanesius, National Journal's Technology Daily The big news in Congress this week was the approval of a resolution authorizing unilateral military action in Iraq, but lawmakers also introduced several technology-related bills focusing on security and issues like identity theft, privacy and Internet safety. Sen. Richard Durbin, D-Ill., introduced his long-awaited legislation, S. 3107, designed to improve the databases involving state-issued driver's licenses. A similar measure, H.R. 4633, has sparked privacy concerns and been characterized as an initiative that would create a national identification card. But an aide to Durbin said the new Senate bill "is pretty narrowly crafted to improve the process at which licenses are issued." On another front, Sen. John Warner, R-Va., filed legislation that would exempt government contractors from liability involving technologies and services sold to the government for homeland security purposes. The measure, S. 3076, is identical to language in the Senate's version of broader homeland security legislation, H.R. 5005. http://www.govexec.com/dailyfed/1002/101102td1.htm ---------------------------------------------------- [17] House committee votes to create E-gov administrator By Molly M. Peterson, National Journal's Technology Daily A bipartisan bill to create an e-government office within the Office of Management and Budget won approval Wednesday from the House Government Reform Committee. Approved by voice vote, the legislation, H.R. 2458, aims to improve coordination and deployment of information technology across the federal government and help agencies achieve the IT management reforms required under the 1996 Clinger-Cohen Act. Virginia Republican Tom Davis, who chairs the Technology and Procurement Policy Subcommittee that approved the bill, said federal agencies' efforts to comply with that law have revealed the lack of a centralized focus on information management and pervasive information security and IT acquisition problems. http://www.govexec.com/dailyfed/1002/100902td1.htm ---------------------------------------------------- _____________________________________________________________________ The source material may be copyrighted and all rights are retained by the original author/publisher. Copyright 2002, IWS - The Information Warfare Site _____________________________________________________________________ Wanja Eric Naef Webmaster & Principal Researcher IWS - The Information Warfare Site <http://www.iwar.org.uk> --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk