_________________________________________________________________
London, Friday, November 15, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
CURRENT THREAT LEVELS
• Electricity Sector Physical: Elevated (Yellow)
• Electricity Sector Cyber: Elevated (Yellow)
• Homeland Security Elevated (Yellow)
• DOE Security Condition: 3, modified
• NRC Security Level: III (Yellow) (3 of 5)
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body
---------------------------------------------------------------------
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] Controversial provisions could delay Senate homeland vote
[2] Homeland Security bill would reorganize federal first responder
programs
[3] The government wants you -- to be a cyber-security soldier
[4] Briton fights extradition in hacking
[5] How To Protect Yourself From "Wireless" Computer Hackers
[6] Security adviser presses for new intelligence analysis agency
[7] Consortium demos secure network
[8] MS Takes Hard Line on Security
[9] Linux, Open Source have 'more security problems than Windows'
[10] Russians wage cyberwar to disrupt separatists
[11] Popular packet sniffing packages contaminated by Trojan
[12] FBI warns of risk of al-Qaida attack
[13] Al Qaeda's New Tactics
[14] Study Makes Less of Hack Threat
[15] US gov's 'ultimate database' run by a felon
[16] FTC drawing the line on spammers
[17] When firewalls and intrusion detection just aren't enough
[18] IT directors unsure of tech benefits
[19] Alien Autopsy: Reverse Engineering Win32 Trojans on Linux
[20] Air Force piloting SIPRNET portal
[21] Air Force planning enterprise C4ISR review
[22] Air Force rolling out XML e-forms
_________________________________________________________________
News
_________________________________________________________________
[1] Controversial provisions could delay Senate homeland vote
By Brody Mullins and April Fulton, Congress Daily
While senators remain focused on debate over personnel rules for the new
Homeland Security Department, that issue is far from the only
controversial matter remaining in the bill. From vaccine liability
protections to a delay in an airport baggage-screening deadline, the
GOP-drafted bill that passed the House Wednesday and heads to the Senate
Thursday includes contentious measures quietly written into the bill as
the congressional session draws to a close.
Senate leaders, determined to create the Homeland Security Department
before the year's end, are likely to accept most of the provisions.
Still, the new debates could push a final vote on the underlying bill
into next week. ,P> Governmental Affairs Committee Chairman Joseph
Lieberman, D-Conn., who wrote the Democrats' version of the bill, said
he is "especially concerned" about the latest GOP bill, because it
contains "a number of special-interest provisions that are being sprung
on the Senate without prior warning or consideration. This is really not
the time for that."
http://www.govexec.com/dailyfed/1102/111402cdam1.htm
----------------------------------------------------
[2] Homeland Security bill would reorganize federal first responder
programs
By Jason Peckenpaugh
The White House and the Senate have agreed to a major shake-up of
federal programs that provide anti-terrorism training to thousands of
“first responders” in state and local governments as part of the
homeland security bill now being considered by the Senate.
The reorganization, which is part of the homeland security bill passed
Wednesday by the House, takes anti-terrorism training duties away from
the Federal Emergency Management Agency and puts them in the Border and
Transportation Security division of the Homeland Security Department.
Specifically, the deal carves out the Office of National Preparedness
from FEMA and places it under the Office of Domestic Preparedness (ODP),
which will take the lead in training and equipping thousands of “first
responders” in the new department. The ODP is currently in the Justice
Department, but it would move to the Border and Transportation Security
Division of the Homeland Security Department under the legislation.
http://www.govexec.com/dailyfed/1102/111402p1.htm
----------------------------------------------------
[3] The government wants you -- to be a cyber-security soldier
By Steven E. Roberts and Aaron D. Rosenbaum
The Bush administration has re-energized its push for a Department of
Homeland Security. In addition to ``traditional'' security measures, the
proposed department would work to safeguard the Internet. The need for
cyber-security was underscored last month by an attack on servers that
maintain the directory of domain addresses on which the Internet
depends. While the Oct. 21 attack demonstrated America's continuing
vulnerability to cyber-terrorism, the real danger may be the fact that
this cyber-blitz received so little attention.
Before Sept. 11, 2001, only the fringes of the computer security
community warned of a ``digital Pearl Harbor.'' By targeting America's
critical electronic infrastructures -- power plants, airport control
towers, banking systems and communication networks -- terrorists or
rogue nations could attack the United States using nothing more than
ones and zeros and a stream of electrons. Ultimately, Sept. 11 made
cyber-terrorism a mainstream national security issue, but defense
against the threat remains more intention than substance.
http://www.siliconvalley.com/mld/siliconvalley/business/columnists/45225
96.htm
----------------------------------------------------
[4] Briton fights extradition in hacking
ASSOCIATED PRESS
An unemployed British computer administrator will fight U.S. efforts to
extradite him in what authorities are calling the largest-ever
successful hacking into American military networks, his attorney said
yesterday.
Gary McKinnon, 36, of London was indicted Tuesday in federal courts in
Virginia and New Jersey on eight counts of computer-related crimes. They
included break-ins over 12 months at 92 U.S. military and NASA networks
across 14 states, including two at the Pentagon. Mr. McKinnon also was
accused of hacking into the networks of six private companies and
organizations.
http://www.washtimes.com/national/20021114-5398600.htm
'Hacker' says attempt to extradite him is political
http://news.independent.co.uk/digital/news/story.jsp?story=351897
http://www.space.com/news/nasa_dod_hack_021114.html
----------------------------------------------------
(Bad article as it does not mention once that WEP is quite insecure.
WEN)
[5] How To Protect Yourself From "Wireless" Computer Hackers
(New York-WABC, November 14, 2002) — There is a warning for computer
users. There are spies out there and they are trying to get into your
computer with some of the new high-tech Internet connections, it's not
very difficult to do that. You have to protect yourself. Robb Hanrahan
reports.
Your personal information, address, credit card numbers, social security
numbers and even your passwords are at risk. There is a new type of
computer theft out there and it is "out there" in the air almost
everywhere that puts you at risk.
http://abclocal.go.com/wabc/news/WABC_111402_hackers.html
----------------------------------------------------
[6] Security adviser presses for new intelligence analysis agency
By Molly M. Peterson, National Journal's Technology Daily
The president should create a new, stand-alone agency to serve as an
"all-source fusion and analysis center" for intelligence related to
potential terrorist attacks, the chairman of an influential
counterterrorism commission told a House Armed Services subcommittee on
Thursday.
"There are misgivings with the idea of a new agency, but frankly, our
commission doesn't seem to see any other alternative," James Gilmore,
chairman of the Advisory Panel to Assess Domestic Response Capabilities
for Terrorism Involving Weapons of Mass Destruction, told lawmakers
during a hearing on the panel's fourth annual report to the president
and Congress.
The formal report is due next month, but members of the panel, commonly
known as the Gilmore Commission, decided to release certain
recommendations in advance, to help "inform the current debate" as
policymakers implement legislation to create a Homeland Security
Department.
http://www.govexec.com/dailyfed/1102/111402td1.htm
----------------------------------------------------
[7] Consortium demos secure network
BY Dibya Sarkar
Nov. 14, 2002
A public/private consortium in Oregon is developing a secure information
network that was created as a direct result of homeland security
concerns.
The consortium responsible for developing the Oregon Trial of Emergency
and Security Technology (O-TEST) demonstrated the model in Washington,
D.C., Nov. 13.
"It is a protocol of communication that is IP-based and lives on top of
a public network that provides a secure point-to-point data
interchange," said Wyatt Starnes, president and chief executive officer
of Tripwire Inc. and a member of the board of directors of RAINS — the
Oregon Regional Alliance for Information and Network Security.
http://www.fcw.com/geb/articles/2002/1111/web-oregon-11-14-02.asp
----------------------------------------------------
[8] MS Takes Hard Line on Security
By Paul Boutin |
02:00 AM Nov. 14, 2002 PT
MOUNTAIN VIEW, California -- Microsoft's security honcho has a message
for Windows users: Let's roll.
Craig Mundie, who oversees the company's Trustworthy Computing
initiative, told an audience Wednesday that in response to the threat of
terrorist cyberattacks, Microsoft would deploy security fixes to its
installed base of hundreds of millions of computers worldwide in the
coming year -- even if those fixes break applications in use by
customers.
http://www.wired.com/news/technology/0,1282,56381,00.html
----------------------------------------------------
[9] Linux, Open Source have 'more security problems than Windows'
By Robin Miller, NewsForge.com
Posted: 15/11/2002 at 08:37 GMT
According to a report published November 12 by Aberdeen Group, "Security
advisories for open source and Linux software accounted for 16 out of
the 29 security advisories - about one of every two advisories -
published for the first 10 months of 2002 by Cert (www.cert.org,
Computer Emergency Response Team)."
Aberdeen says Microsoft products have had no new virus or trojan horse
advisories in the first 10 months of 2002, while Unix, Linux, and Open
Source software went from one in 2001 to two in the first 10 months of
2002, that in the same 2002 time period "networking equipment"
(operating system unspecified) had six advisories, and Mac OSX had four.
http://www.theregister.co.uk/content/55/28118.html
----------------------------------------------------
[10] Russians wage cyberwar to disrupt separatists
Chechen separatists say Russia's FSB security service is behind the
collapse of two Web Sites that form a key source of news for the rebel
area. The two sites, www.kavkaz.org and www.chechenpress.com, collapsed
under a barrage of attacks from computer hackers just after Russian
troops stormed a Moscow theater killing 41 armed rebels and 128 of the
hostages they had been holding there.
http://zdnet.com.com/2110-1105-965858.html
----------------------------------------------------
[11] Popular packet sniffing packages contaminated by Trojan
By John Leyden
Posted: 14/11/2002 at 16:43 GMT
Users are warned to be vigilant after trojanised versions of popular
packet sniffing packages were posted on well known download sites.
A detailed alert from members of the Houston Linux users group warns
that trojanised versions of Libpcap, used as a packet sniffing library
in programs like Snort (the open source IDS package), and Tcpdump have
been posted on Tcpdump.org. These contaminated packages have also found
their way onto many mirror sites, such as Wiretapped.net
http://www.theregister.co.uk/content/55/28105.html
----------------------------------------------------
[12] FBI warns of risk of al-Qaida attack
U.S. officials fear the tape purportedly from Osama bin Laden could
rally his followers to violence. Here, a supporter of Muthedda
Majlis-e-Amal, an alliance of hard-line Islamic parties, holds a picture
of bin Laden during a rally last month in Karachi, Pakistan.
NBC NEWS AND NEWS SERVICES
Nov. 15 — Two days after intelligence experts said an audiotaped
threat indicated terror mastermind Osama bin Laden was still alive, the
FBI has warned that al-Qaida is likely to attempt a “spectacular” attack
intended to inflict large-scale casualties and damage the U.S. economy.
http://www.msnbc.com/news/834102.asp
See also:
Europe is warning of terrorist threat
http://www.iht.com/articles/76999.html
----------------------------------------------------
[13] Al Qaeda's New Tactics
By PETER L. BERGEN
ASHINGTON — In past weeks Al Qaeda has relaunched itself, a rebranding
that presages a second phase in its war against the West. The clearest
evidence for this shift is in three audiotapes that Al Qaeda has
released since the beginning of October from its top leaders, Osama bin
Laden and Ayman al Zawahiri.
Most analysts both inside and outside the government believe those tapes
to be authentic. On them, the two Qaeda leaders call for a wider war
against not only the United States but the West in general, with a wider
range of targets. Al Qaeda has chosen war against all "the Crusaders,"
not just Americans. The front can be anywhere.
http://www.nytimes.com/2002/11/15/opinion/15BERG.html?ex=1038027600&en=1
de425fc034b87c5&ei=5040&partner=MOREOVER
----------------------------------------------------
[14] Study Makes Less of Hack Threat
By Noah Shachtman |
02:00 AM Nov. 14, 2002 PT
Despite the panting about "cyberterrorists," and despite the scare
mongering about venomous hackers preying on fragile federal networks,
attacks on government computer systems are declining worldwide,
according to a recently released report.
In the United States, reported intrusions into government networks fell
from 386 in 2001 to 162 in the first 10 months of 2002. Worldwide, such
attacks have declined by about a third -- from 2,031 last year to a
projected 1,400 today.
http://www.wired.com/news/politics/0,1283,56382,00.html
----------------------------------------------------
[15] US gov's 'ultimate database' run by a felon
By Thomas C Greene in Washington
Posted: 14/11/2002 at 20:22 GMT
We all know that truth is stranger than fiction, and here we have an
apparently real item straight from the realm of Tom Clancy. Imagine a
huge, absolutely huge, central database containing both the official and
commercial data of every single citizen, run by the US military
ostensibly for anti-terror and Homeland Security purposes, and all of it
under the direction of a convicted felon.
Well the database is in development and coming soon, according to the
New York Times; and the felon who will run it is disgraced Reagan
administration liar, dirty-trickster and cover-uper Admiral John M.
Poindexter, who Dubya has taken out of mothballs to keep us all safe
from dreadful evildoers.
http://www.theregister.co.uk/content/6/28107.html
----------------------------------------------------
[16] FTC drawing the line on spammers
By Troy Wolverton
Special to ZDNet News
November 14, 2002, 5:48 AM PT
A coalition of government regulators led by the Federal Trade Commission
on Wednesday announced a crackdown on online spammers and scammers.
Altogether, the regulators announced they had filed more than 30
enforcement actions and had sent letters to about 100 alleged spammers
warning them to cease sending the unwanted and often fraudulent
commercial e-mail messages. Additionally, the regulators announced the
results of an investigation into spam, concluding that Net users who
post their e-mail addresses in publicly accessible places, such as on
chat sites or newsgroups, are highly likely to receive spam as a result.
The regulators' action was the third such FTC-led initiative this year
to combat spam, noted Brian Huseman, a staff attorney at the FTC.
http://zdnet.com.com/2100-1106-965723.html
----------------------------------------------------
[17] When firewalls and intrusion detection just aren't enough
By John Leyden
Posted: 14/11/2002 at 13:47 GMT
Firewalls alone are not enough to thwart today's more sophisticated
range of attacks, while Intrusion Detection Systems detect and record
attacks, but do not block them. AV products, properly updated, can help
protect against malicious code but are necessarily limited in their
scope.
http://www.theregister.co.uk/content/5/28101.html
----------------------------------------------------
[18] IT directors unsure of tech benefits
By IT Analysis
Posted: 15/11/2002 at 08:28 GMT
With tech budgets under intense scrutiny and vendors waiting with baited
breath for a surge in spending, there's probably never been a better
time to look at project success. According to a recent poll of IT
directors from medium and large businesses, individually they will spend
£37.7 million a year on some 45 annual IT projects for their business,
but 80 per cent of them don't believe that these solutions will provide
a competitive advantage to their firm.
There is an obvious question that begs to be answered - what is the
definition of competitive advantage? Does it include profitability and
efficiency gains for instance? We don't know and the study, undertaken
by Winmark Research, doesn't seek to answer it.
http://www.theregister.co.uk/content/7/28117.html
----------------------------------------------------
[19] Alien Autopsy: Reverse Engineering Win32 Trojans on Linux
by Joe Stewart
last updated November 14, 2002
In my last article, Reverse Engineering Hostile Code, I described the
tools and processes involved in basic reverse engineering of a simple
trojan. This article will offer a more detailed examination of the
reversing process, using a trojan found in the wild. At the same time,
this article will discuss some techniques for reversing Windows-native
code entirely under Linux. As an added bonus, all the tools used in this
article are either freeware or free software. They are:
Wine - the Win32 API implementation for Unix;
gdb - our favorite Unix debugger and disassembly environment; and,
IDA Pro Freeware Version - Win32 disassembler (runs on Linux under Wine
release 20021007, may run under other versions as well).
http://online.securityfocus.com/infocus/1641
----------------------------------------------------
[20] Air Force piloting SIPRNET portal
BY Dan Caterinicchia
Nov. 14,
The Air Force is developing a portal that runs on the Defense
Department's Secret Internet Protocol Router Network (SIPRNET) in an
attempt to provide air operations centers "point and click" access to an
integrated set of secure information.
Lt. Gen. Leslie Kenne, deputy chief of staff for warfighting integration
at Air Force headquarters, said the SIPRNET portal is being tested as a
way to eliminate the "disconnect between the force and the unit level"
and will enable users to simply "point and click" to get the information
they want.
The portal is being piloted at the Combined Air Operations Center at
Langley, Air Force Base, Va., Kenne said, speaking Nov. 13 at Air Force
IT Day, sponsored by the Northern Virginia chapter of the Armed Forces
Communications and Electronics Association (AFCEA) International. She
said her office is working the Air Force's Office of the Chief
Information Officer on the project.
http://www.fcw.com/fcw/articles/2002/1111/web-siprnet-11-14-02.asp
----------------------------------------------------
[21] Air Force planning enterprise C4ISR review
BY Dan Caterinicchia
Nov. 14, 2002
C4ISR — command, control, communications, computers, intelligence,
surveillance and reconnaissance — touches every part of the Air Force
and is therefore the heart of the service's transformation. That's why
the Air Force will begin regular reviews of enterprise capabilities,
with the first one planned for next month.
Maj. Gen. Craig Weston, vice commander of the Air Force Materiel
Command's Electronic Systems Center (ESC), Hanscom Air Force Base,
Mass., said the service separates its C4ISR enterprise into four
domains:
* Combat operations.
* Combat support.
* Business operations.
* Common integrated infrastructure, which is the Air Force's information
backbone.
http://www.fcw.com/fcw/articles/2002/1111/web-review-11-14-02.asp
----------------------------------------------------
[22] Air Force rolling out XML e-forms
BY Dan Caterinicchia
Nov. 14, 2002
The Air Force has selected an Extensible Markup Language-based
electronic forms solution that will enable personnel worldwide to avoid
having to save multiple files and include an ink signature when filling
out e-forms.
Information Management Tool viewer software from PureEdge Solutions Inc.
will replace the FormFlow software the Air Force has been using. The
service is converting 18,000 e-forms that are used by more than 700,000
service members worldwide, said Carolyn Watkins-Taylor, director of the
Air Force Departmental Publishing Office (AFDPO).
http://www.fcw.com/fcw/articles/2002/1111/web-eforms-11-14-02.asp
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
