_________________________________________________________________
London, Wednesday, November 06, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
---------------------------------------------------------------------
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] Worms of the future: Here's how they'll attack you
[2] Bank error exposes e-mail addresses
[3] Navy Sites Spring Security Leaks
[4] Math discovery rattles Net security
[5] Electronic elections: What about security?
[6] New center reaches out to private firms to protect infrastructure
[7] Information-sharing partnerships seen as anti-terror model
[8] For Microsoft, no respite from EU
[9] Homeland Security staff studies data analysis tools
[10] Aust companies push tech security to top priority
[11] NATO plans radically new strategy
[12] CIA missile team stalked bin Laden's top man for months
[13] Heckenkamp Free Again
[14] Sonera security staff held on snooping charges
[15] Report: Defense fails to set strategic goals for securing bases
[16] Polymorphic Macro Viruses, Part Two
[17] Pentagon's quadrennial review found lacking
[18] Hacking syndicates threaten banking
[19] NSA taps vendors for encryption
_________________________________________________________________
News
_________________________________________________________________
[1] Worms of the future: Here's how they'll attack you
Robert Vamosi,
Senior Associate Editor,
CNET/ZDNet Reviews
Wednesday, November 6, 2002
As the Internet develops, so too will the maladies that afflict it. In
other words: As more and more people protect themselves against e-mail
worms and viruses, those threats will likely become smarter and more
sophisticated to circumvent those protections.
Perhaps this is one reason why 2002 has been relatively quiet in terms
of viruses. Virus writers are hunkered down, preparing a new evolution
in virus code. But security researchers are already thinking about what
those evolutionary changes might look like, so (it's hoped) we can be
prepared to fight these new digital pests if and when they actually
appear.
http://www.zdnet.com/anchordesk/stories/story/0,10738,2896683,00.html
----------------------------------------------------
[2] Bank error exposes e-mail addresses
By Troy Wolverton
Staff Writer, CNET News.com
November 5, 2002, 2:00 PM PT
Bank of the West exposed the e-mail addresses of thousands of its online
banking customers Monday, in a mistake it blamed on "human error."
In an e-mail message sent Monday to alert customers that its banking
system would be out of service for maintenance this weekend, Bank of the
West included the e-mail addresses of more than 3,300 of its customers
in the "To" field, company spokesman John Stafford confirmed Tuesday.
Stafford said the company mistakenly placed the e-mail addresses in the
"To" field instead of masking them by placing them in the blind carbon
copy (BCC) field.
"It was an inadvertent mistake," Stafford said.
http://news.com.com/2100-1017-964611.html
----------------------------------------------------
[3] Navy Sites Spring Security Leaks
By Brian McWilliams
02:00 AM Nov. 06, 2002 PT
The U.S. Navy took one of its websites offline Tuesday and added new
security controls to a second site after Internet surfers discovered
they could access confidential Navy databases.
The exposed Navy files included material designed to support a machine
for testing the electronics of weapon systems called the Consolidated
Automated Support System. Web surfers were able to browse through
hundreds of trouble tickets, dating back to 1989.
http://www.wired.com/news/technology/0,1282,56219-1-13,00.html
----------------------------------------------------
[4] Math discovery rattles Net security
By Lee Gomes
THE WALL STREET JOURNAL
Nov. 4 - Will Manindra Agrawal bring about the end of the Internet as we
know it? The question is not as ridiculous as it was just two months
ago. Prof. Agrawal is a 36-year old theoretical computer scientist at
the Indian Institute of Technology in Kanpur, India. In August, he
solved a problem that had eluded millennia of mathematicians: developing
a method to determine with complete certainty if a number is prime.
http://www.msnbc.com/news/830300.asp
----------------------------------------------------
[5] Electronic elections: What about security?
Voters put touch screens to the test
By Jeordan Legon
CNN
Tuesday, November 5, 2002 Posted: 10:02 AM EST (1502 GMT)
Los Angeles County Supervisor Yvonne Brathwaite Burke casts her early
ballot at a new touch-screen terminal.
(CNN) -- As Americans go to the polls today, a record number of counties
-- almost one fifth by some estimates -- will be tallying the votes on
electronic voting machines. But some experts worry that despite rigorous
testing, the machines may not be as secure as their makers promise.
"People have jumped on the electronic voting bandwagon, thinking that
will solve the problems," said Avi Rubin, a technology security expert
and researcher at AT&T Labs in New Jersey. "But these systems are
largely untested."
http://www.cnn.com/2002/TECH/ptech/11/05/touch.screen/index.html
----------------------------------------------------
[6] New center reaches out to private firms to protect infrastructure
By Bryan Bender, Global Security Newswire
A new center dedicated to assessing terrorist threats to critical U.S.
infrastructures is reaching out to other institutions to help mitigate
the risk of attacks against strategic U.S. industries and government
services, according to U.S. officials.
The National Infrastructure Simulation and Analysis Center, or NISAC,
located at Sandia National Laboratories in New Mexico, has joined in
recent months with the Massachusetts Institute of Technology, Purdue
University, Cornell University, Lucent Technologies and Argonne National
Laboratory, among others, the officials said recently.
NISAC, which is jointly supported by nearby Los Alamos National
Laboratory, is seeking new strategic partners in establishing itself as
the primary national facility capable of simulating how catastrophic
terrorist attacks could disrupt critical infrastructure, how attacks on
one node might affect other elements of national infrastructure and how
to recover quickly from such events.
http://www.govexec.com/dailyfed/1102/110502gsn1.htm
----------------------------------------------------
[7] Information-sharing partnerships seen as anti-terror model
By Molly M. Peterson, National Journal's Technology Daily
Information-sharing partnerships that helped the federal government and
the private sector combat cyber attacks such as the "Code Red" and
"Nimda" viruses have served as a valuable model for protecting other
critical infrastructures from potential terrorist attacks, a top
cyber-security official said Tuesday.
"Prior to [Sept. 11, 2001], we really focused in on cyber threats,"
Ronald Dick, director of the FBI's National Infrastructure Protection
Center (NIPC), said during the first annual conference of the
Infrastructure Security Partnership.
Dick noted that when the Code Red virus spread rapidly across the
Internet in 2000, the FBI, the CIA, the National Security Agency and the
Secret Service worked with software giants such as Microsoft and Cisco
Systems to identify system vulnerabilities and determine ways to
mitigate the threat.
http://www.govexec.com/dailyfed/1102/110502td1.htm
----------------------------------------------------
[8] For Microsoft, no respite from EU
Eric Pfanner International Herald Tribune
Tuesday, November 5, 2002
'Our case is quite different' from U.S., commission says
LONDON European regulators vowed Monday to pursue their investigation of
Microsoft's business practices, which they have previously denounced as
uncompetitive, just three days after the software company cleared a
major legal hurdle in the United States.
A spokeswoman for Mario Monti, the European competition commissioner,
said Brussels would not use the settlement in the U.S. Justice
Department's antitrust case, which a judge largely approved Friday, as a
blueprint for its own proceedings.
The two cases involve different issues, and European regulators in the
past have pursued a tougher line over how companies use market dominance
in one area, such as Microsoft's Windows operating system, to extend
their reach into other product markets.
"Our case is quite different from a factual point of view from the case
in the United States," said a commission spokeswoman, Amelia Torres, in
Brussels. "We also have our own rules to uphold."
http://www.iht.com/articles/75876.html
----------------------------------------------------
[9] Homeland Security staff studies data analysis tools
By Jason Miller
GCN Staff
HERSHEY, Pa.-The Homeland Security Office is evaluating applications to
let agencies analyze links and relationships among information sets
without breaching privacy laws or sparking interagency turf battles.
Steve Cooper, the office's CIO, said yesterday the goal of the current
tests is to validate a data-sharing concept. The premise is that to
better track information on possible security threats, agencies must at
minimum share information about their data, he said at the Industry
Advisory Council's Executive Leadership Conference.
http://www.gcn.com/vol1_no1/daily-updates/20428-1.html
----------------------------------------------------
[10] Aust companies push tech security to top priority
By James Pearce, ZDNet Australia
05 November 2002
Security has pushed its way to the forefront of corporate consciousness,
according to an International Data Corp (IDC) survey of Australia's
medium to large organisations.
The survey revealed that 90 percent of respondents rated security as
"important" or "very important".
The results showed investment in IT security was increasingly the result
of proactive corporate policies and less a response to security
breaches, reflecting the rise in corporate concern over hacking and
virus infiltrations as well as a increased general awareness of security
issues.
http://www.zdnet.com.au/newstech/security/story/0,2000024985,20269645,00
.htm
----------------------------------------------------
[11] NATO plans radically new strategy
Robert G. Kaiser and Keith B. Richburg The Washington Post
Wednesday, November 6, 2002
BRUSSELS The North Atlantic Treaty Organization appears set to embrace a
radically new military posture and strategy that would profoundly alter
the shape and mission of the alliance, according to NATO officials here
and government officials in a half-dozen European capitals.
In a series of interviews, these officials said the planned changes - on
the agenda of a NATO summit meeting in Prague beginning Nov. 21 - could
remake the alliance more significantly than the other major item on the
agenda, the admission of seven new members from Eastern Europe. A
consensus on their entry was reached last summer, but invitations will
be issued officially only at the Prague meeting.
http://www.iht.com/articles/75927.html
----------------------------------------------------
[12] CIA missile team stalked bin Laden's top man for months
By Philip Smucker in Cairo and Toby Harnden in Washington
(Filed: 06/11/2002)
American and Yemeni intelligence agents spent months watching Osama bin
Laden's senior operative in Yemen before his assassination on his farm
near the north-western city of Marib.
As Qaed Salim Sinan al-Harethi, also known as Abu Ali, stepped into his
car with five henchman on Sunday night, agents called in an unmanned CIA
drone armed with Hellfire missiles.
http://www.telegraph.co.uk/news/main.jhtml;$sessionid$OKHTPIXMFDJGLQFIQM
FCFGGAVCBQYIV0?xml=/news/2002/11/06/wyem06.xml&sSheet=/news/2002/11/06/i
xworld.html
----------------------------------------------------
[13] Heckenkamp Free Again
Federal judges cool down and release alleged eBay hacker, who irked
them.
By Kevin Poulsen, Nov 5 2002 2:37PM
Accused superhacker Jerome Heckenkamp was released from jail last week
after seven months in federal stir, but only after assuring two federal
judges that he respects their authority after all.
Heckenkamp, 23, was taken into custody last March during a court
appearance in San Jose, Calif. where, representing himself against a
battery of computer crimes charges, he angered federal judge James Ware
with a series of baffling legal arguments apparently inspired by failed
tax-protester tactics.
In one gambit, Heckenkamp challenged one the indictment against him on
the grounds that it spelled his name in all capital letters, while he
spells it with the first letter capitalized, and subsequent letters in
lower case.
http://online.securityfocus.com/news/1582
----------------------------------------------------
[14] Sonera security staff held on snooping charges
By John Leyden
Posted: 05/11/2002 at 16:04 GMT
Two senior security staff at Finnish telco Sonera have been remanded in
custody, charged with breaching customer privacy by allegedly riffling
through private telephone records in an attempt to identify an internal
mole.
Helsingin Sanomat, Finland's biggest daily newspaper, reports today that
the Helsinki District Court ordered the pair to be held in custody amid
fears that they would interfere with an investigation by Finland's
National Bureau of Investigation into suspected violations of
communications privacy by Sonera.
http://www.theregister.co.uk/content/55/27945.html
----------------------------------------------------
[15] Report: Defense fails to set strategic goals for securing bases
By Jason Peckenpaugh
The Defense Department plans to spend $10 billion next year to safeguard
military installations from terrorism, but it has not set performance
goals to guide how this money should be spent, according to a new report
from the General Accounting Office.
The lack of an overarching strategy for base security could waste
resources and hamstring efforts to assess security across military
installations, GAO concluded in its report (GAO-03-14). Base security
efforts include reducing the number of access points to installations,
beefing up security patrols at high-risk targets and arming all security
personnel.
Defense has developed 31 standards to help the services protect their
installations and has issued guidance for bases on assessing the
vulnerability of their facilities. But the department has not set
long-term performance targets that would help services fund base
security in a strategic way, according to GAO.
http://www.govexec.com/dailyfed/1102/110502p1.htm
----------------------------------------------------
[16] Polymorphic Macro Viruses, Part Two
by Gabor Szappanos
last updated November 5, 2002
This article is the second of a two-part series that will offer a brief
overview of polymorphic strategies in macro viruses. The first
installment of this series looked at some early examples of
polymorphism, along with some of the early polymorphic techniques. This
installment will look at the first serious polymorphic macro viruses, as
well as the evolution of viruses into true polymorphic and, ultimately,
metamorphic viruses.
The First Polymorphs
WM95.Slow was the first serious polymorphic macro virus. It consists of
a single AutoClose macro. The main virus code is stored in a string
array where the characters are shifted by a constant value selected
randomly between 4 and 14.
http://online.securityfocus.com/infocus/1638
Part One:
http://online.securityfocus.com/infocus/1635
----------------------------------------------------
[17] Pentagon's quadrennial review found lacking
By George Cahlink
The Defense Department's 2001 Quadrennial Defense Review succeeded in
laying out a broad military strategy, but failed to offer a detailed
analysis that could be useful in making future budget decisions,
according to a new General Accounting Office report.
"On the positive side, the review was enhanced by the sustained
involvement of the Secretary of Defense and other senior department
officials," GAO officials concluded in the report, (GAO-03-13). "In
addition, it led to the adoption of a new defense strategy that
underscores the need to transform the force to meet future threats and
adopt more efficient business practices."
But auditors found several weaknesses in the QDR process, saying the
Pentagon delayed the start of the review by several months until other
strategic reviews were completed; failed to consider certain topics
required by Congress (including the reform of Defense agencies); and did
not take a detailed look at the long-term structure of U.S. forces.
http://www.govexec.com/dailyfed/1102/110502g1.htm
----------------------------------------------------
----------------------------------------------------
[18] Hacking syndicates threaten banking
By DAN VERTON
NOVEMBER 04, 2002
The number of organized hacking syndicates targeting financial
institutions around the world is growing at a disturbingly fast rate.
And so is the number of banks willing to pay these high-tech
extortionists hush money to protect their reputations, according to a
security expert at The World Bank.
Cases in which banks, brokerage firms and other financial institutions
have quietly paid hacking syndicates extortion money are "extremely
widespread," said Tom Kellermann, senior data risk management specialist
at The World Bank in Washington. Kellermann, who co-authored a study on
the electronic security risks facing the global financial community,
presented the findings during an Oct. 29 online seminar sponsored by
Cable & Wireless Internet Services Inc. in Vienna, Va.
http://www.computerworld.com/securitytopics/security/cybercrime/story/0,
10801,75584,00.html
----------------------------------------------------
[19] NSA taps vendors for encryption
Gigabit Ethernet encryptors will support secure exchange of information
BY Dan Caterinicchia
Nov. 4,
A Defense Department analyst at the Pentagon is working on a top-secret
case and needs to quickly exchange a large amount of information with a
colleague in the intelligence community on the other side of the
country. But the only tools available that are fast enough to
accommodate the data transfer are commercial IP-based networks.
Today, analysts have reached an impasse. But the National Security
Agency is working to break that roadblock.
http://www.fcw.com/fcw/articles/2002/1104/tec-nsa-11-04-02.asp
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
