_________________________________________________________________
London, Monday, December 02, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body
---------------------------------------------------------------------
_________________________________________________________________
----------------------------------------------------
[CURRENT THREAT LEVELS]
----------------------------------------------------
Electricity Sector Physical: Elevated (Yellow)
Electricity Sector Cyber: Elevated (Yellow)
Homeland Security Elevated (Yellow)
DOE Security Condition: 3, modified
NRC Security Level: III (Yellow) (3 of 5)
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] B2-ORM Mailing List
[2] Homeland department could transform tech industry
[3] Pentagon distributes software for modeling effects of attacks
[4] Schneier: No "magic security dust"
[5] Total Info System Totally Touchy
[6] Lax Security: ID Theft Made Easy
[7] Net security: Steady as she goes
[8] Cisco backtracks on security functionality
[9] S Koreans launch cyber attack on US over schoolgirls' deaths
[10] Ten more tips for safe xmas e-tail
[11] Intercepts
[12] Computer virus insults victims
[13] The Insecurity of Computer Security
[14] Tech industry speculates about candidates for security jobs
[15] WLAN security is still work in progress
[16] Irish ISP blocks web site over dispute
[17] Bugbear remains top virus threat
[18] 'Critical' MS server flaw may affect few sites
[19] First hackers sighted in high speed mobile phone arena
_________________________________________________________________
News
_________________________________________________________________
[1] B2-ORM Mailing List
is an international email user group focused on the sharing of
information on the implementation of Basel II compliant Operational Risk
Management solutions in the Financial Services industry.
Why not join today? Simply send an email to :
mailto:[EMAIL PROTECTED]
The next three years will place enormous strain on the resources of
Operational Risk staff in the worlds Financial Services organisations.
Why not learn from others and share information? Good practice guides,
white papers and other essential information may be found on the groups
web site and downloaded to your own system.
Topics to be discussed include:
Business Continuity Management (new International Standard)
The role of Information Security, Audit and Compliance
Interfaces with Outsource and other service providers.
Six Sigma errors and defects management
Money Laundering and Fraud Risk
Interfaces to Credit and Market Risk
----------------------------------------------------
[2] Homeland department could transform tech industry
By William New, National Journal's Technology Daily
The creation of a Homeland Security Department may presage more than
better domestic security. It could mark the transformation of the
technology industry from an economically flat maker of consumer-oriented
products into a thriving, but more secretive, machine that creates
security-oriented products and services.
"The homeland security opportunity [for tech companies] is unprecedented
in the civilian side of government," said Bruce McConnell, a
Washington-based technology consultant. "The art form is to build
relationships early on with the most influential component agencies ...
who will define the architecture for years to come.
President Bush signed the legislation, H.R. 5005, on Nov. 25. It will
take effect in 60 days, but fundamental questions such as funding
remain. New jobs in the department also must be filled and congressional
oversight of the Cabinet-level agency defined.
http://www.govexec.com/dailyfed/1102/112702td1.htm
----------------------------------------------------
[3] Pentagon distributes software for modeling effects of attacks
By Bryan Bender, Global Security Newswire
The Defense Department has licensed to a few select nongovernmental
organizations previously unavailable software that can model the effects
of releases of nuclear, chemical, biological or radiological weapons and
materials.
The Heritage Foundation, Natural Resources Defense Council, Stanford
University and other institutions have recently gained access to the
computer modeling programs. The goal is to educate political leaders and
the public about the potential consequences of weapons of mass
destruction whether they are used by terrorists or by a state in
conflict with the United States. Furthermore, defense officials have
said that they benefit from the independent analysis by nongovernmental
organizations.
The modeling programs-the Hazard Prediction and Assessment Capability
(HPAC) and the Consequences Assessment Tool Set (CATS)-are both capable
of calculating the outcome of thousands of possible scenarios involving
a variety of weapons and materials. The models can determine the human
medical effects, toxicity levels, contaminated areas, population
exposure, hazard areas and casualties should WMD materials be unleashed
in an attack or dispersed in a military strike or by accident.
http://www.govexec.com/dailyfed/1102/112702gsn1.htm
----------------------------------------------------
[4] Schneier: No "magic security dust"
By Alorie Gilbert
Special to ZDNet
December 2, 2002, 7:14 AM PT
Tech entrepreneur Bruce Schneier is one of America's best-known computer
security experts. His testimony before Congress helped defeat legal
restrictions on cryptography sought by the FBI and the National Security
Agency when an appellate court ruled in 1999 that crypto algorithms were
a form of speech covered by the First Amendment.
Schneier co-founded security services company Counterpane Internet
Security where he serves as chief technologist. Arguing that constant
vigilance not technology is the best defense against computer break-ins,
Schneier believes security breaches are nonetheless fated to increase as
networking systems become more complex.
http://zdnet.com.com/2100-1105-975690.html
----------------------------------------------------
[5] Total Info System Totally Touchy
By Ryan Singel | 02:00 AM Dec. 02, 2002 PT
Can a massive database of information on Americans really preempt
terrorist attacks?
That's what industry experts are asking about the Pentagon's proposed
Total Information Awareness System, which, according to the proposal
(PDF), would aggregate on "an unprecedented scale" credit card, medical,
school and travel records.
http://www.wired.com/news/politics/0,1283,56620,00.html
----------------------------------------------------
[6] Lax Security: ID Theft Made Easy
By Michelle Delio |
02:00 AM Dec. 02, 2002 PT
The people charged last week with stealing the identities of at least
30,000 Americans weren't criminal masterminds.
They simply took advantage of sloppy security practices that allowed
them easy and unrestricted access to sensitive data.
Investigators in Manhattan said they have identified about 12,000
additional people whose credit reports may have fallen into criminal
hands during the almost three years that the New York-based identity
fraud ring was active. The scam was first detected eight months ago.
http://www.wired.com/news/privacy/0,1848,56623,00.html
----------------------------------------------------
[7] Net security: Steady as she goes
By Robert Lemos
Special to ZDNet
December 2, 2002, 10:30 AM PT
Dorothy Denning has never been shy of sounding off about society's use
of technology. This widely quoted Georgetown University professor of
computer science was once dubbed the "Clipper Chick" because of her
vocal support of the controversial Clipper encryption proposal. That
policy measure, which was ultimately scuttled, would have allowed the
U.S. government access to keys that could decipher any message encoded
by the system.
Despite her unpopular stance on encryption, Denning's dedication to
security nonetheless earned her respect, even from her opponents. Today,
she is considered an expert in encryption, hacktivism and emerging
trends in cyberterrorism.
http://zdnet.com.com/2100-1105-975720.html
----------------------------------------------------
[8] Cisco backtracks on security functionality
By ComputerWire
Posted: 02/12/2002 at 09:26 GMT
Having previously said that it had added firewall and
intrusion-detection features to its IOS security software, Cisco Systems
Inc has now clarified its position and said that those features will not
actually be integrated into the product until the first quarter of 2003.
Earlier this month, San Jose, California-based Cisco said that it had
added the functionality to IOS as part of 12 platform and services
enhancements that reinforced its leadership in the security market. Now
it appears the company might have been a little over-eager. In a terse
statement, it noted that it will not be available until next year.
http://www.theregister.co.uk/content/55/28377.html
----------------------------------------------------
[9] S Koreans launch cyber attack on US over schoolgirls' deaths
South Korean activists have attacked the White House computer server
with electronic mail bombs to protest the acquittal of two US soldiers
accused of killing two schoolgirls in a road accident.
Meanwhile, four people have been arrested breaking into a US army base
and riot police have stopped 300 protesters from marching on the
American embassy in Seoul.
http://abc.net.au/news/newsitems/s738547.htm
----------------------------------------------------
[10] Ten more tips for safe xmas e-tail
We know you all know this but in case you know someone who needs to
know...
First, the government brings us three tips for safe online shopping.
Then the e-tail industry indulges in some one-upmanship by publishing
not four, not five but ten pointers to help make your e-tail experience
this Christmas a good one.
http://www.silicon.com/bin/bladerunner?30REQEVENT=&REQAUTH=21046&14001RE
QSUB=REQINT1=56630
----------------------------------------------------
[11] Intercepts
BY Dan Caterinicchia
Dec. 2, 2002 Printing?
DOD Launching Cyberattacks?
The U.S. Strategic Command's joint task force for computer network
operations was created about 18 months ago and is in charge of defending
all Defense Department networks from attack. But there is more. The
agency also is charged with initiating cyberattacks when the president
or Defense secretary instructs it to do so, according to a joint task
force official.
But has the United States ever launched a cyberattack? Air Force Maj.
Gen. John Bradley, the joint task force's deputy commander, would not
say at last month's AFCEA International TechNet Asia-Pacific 2002
conference in Honolulu.
http://www.fcw.com/fcw/articles/2002/1202/intercepts-12-02-02.asp
----------------------------------------------------
[12] Computer virus insults victims
Users get an insulting message on their screen
Security experts are warning computer users to be on the look-out for an
insulting worm that can seriously harm a PC.
Known as Winevar, the worm is spreading via e-mail as an attachment that
infects computers running Windows.
Winevar has a particularly rude insult, displaying the message: "Make a
fool of oneself: What a foolish thing you've done!"
If users press the ok button, they could lose all the files on their
computer.
http://news.bbc.co.uk/1/hi/technology/2523387.stm
----------------------------------------------------
[13] The Insecurity of Computer Security
By JOHN SCHWARTZ
HE thieves who stole the credit histories of more than 30,000 people,
law enforcement officials said last week, succeeded because Philip
Cummings, a low-level employee of Teledata Communications Inc., had easy
access to the material and was willing to steal it. Mr. Cummings, one of
three people under arrest for what officials describe as the largest
known case of identity fraud, was paid as much as $60 per person for
credit histories.
Just weeks prior to those arrests, three former fraternity brothers were
arrested on charges of trying to rig the computerized betting system in
the Breeders' Cup horse race, hoping to win nearly $3 million. Again, an
insider, Chris Harn, allegedly used his position as a programmer at
Autotote, a racing service company, to cheat the system.
http://www.nytimes.com/2002/12/01/weekinreview/01JOHN.html?ex=1039496400
&en=06622192e4b7e467&ei=5040&partner=MOREOVER
----------------------------------------------------
[14] Tech industry speculates about candidates for security jobs
By Bara Vaida, National Journal's Technology Daily
With the law to create a Homeland Security Department now on the books,
high-tech lobbyists have begun speculating about who will be chosen to
fill key technology leadership positions within the new Cabinet-level
agency.
High-tech companies are particularly interested in three homeland
security leaders who will shape policy and who could influence the
selection of agency vendors: the undersecretary for information analysis
and infrastructure protection, the undersecretary for science and
technology, and the chief information officer (CIO). All three people
who will fill those jobs likely will be known by Jan. 24, the effective
date for creating the department.
The Senate must confirm both undersecretaries but not the CIO.
http://www.govexec.com/dailyfed/1102/112702td2.htm
----------------------------------------------------
[15] WLAN security is still work in progress
By John Leyden
Posted: 29/11/2002 at 19:24 GMT
IT managers are cautiously optimistic that wireless networks will - over
time - become as secure as today's local area networks, but security
concerns are still holding back deployment of the technology.
Those are the main findings of a limited (but still informative) survey
of IT security manager attitudes on the deployment of 802.11b (wireless)
networks by security consultancy Defcom released this week.
http://www.theregister.co.uk/content/55/28373.html
----------------------------------------------------
[16] Irish ISP blocks web site over dispute
By Drew Cullen
Posted: 02/12/2002 at 16:31 GMT
UTVInternet (UTVi), the all-Ireland ISP, stopped its subscribers from
accessing Irish auction site ebid.ie last week. The action was taken in
response to commercial dispute between the two companies, UTVi told
Irish journalist Fergus Cassidy.
UTVi barred the way to ebid.ie for "a week or two", removing the block
last Friday afternoon. Entirely coincidentally, Cassidy, a columnist on
The Sunday Tribune, got on the case last week.
http://www.theregister.co.uk/content/6/28392.html
----------------------------------------------------
[17] Bugbear remains top virus threat
By Will Sturgeon
Silicon.com
December 2, 2002, 5:05 AM PT
Bugbear has claimed a second month at the top of the virus charts.
Bugbear accounted for almost 30 percent of all reports of viruses to
antivirus Sophos in the last month--well ahead of former top spot
incumbent Klez which now only accounts for around eight per cent of all
reports in third place.
Also making headlines, straight in at number two, is the Braid worm with
8.5 per cent of all reports.
http://zdnet.com.com/2100-1105-975673.html
----------------------------------------------------
[18] 'Critical' MS server flaw may affect few sites
16:08 Friday 29th November 2002
Matthew Broersma
A new flaw in IIS is unlikely to have a widespread impact, according to
Internet survey firm Netcraft. The firm also found evidence that Web
sites are fleeing the US
A recently-revealed security flaw in Microsoft's Internet Information
Server may have been over-hyped, according to testing figures from a
UK-based Internet research firm. Netcraft's figures also showed that the
large Web-hosting businesses that gained prominence in the 1990s are
continuing to lose out to smaller, customer-supported firms.
http://news.zdnet.co.uk/story/0,,t269-s2126786,00.html
----------------------------------------------------
[19] First hackers sighted in high speed mobile phone arena
By John Leyden
Posted: 27/11/2002 at 13:38 GMT
T-Mobile has installed a firewall on its GPRS network in the States
after a small number of users complained of receiving hacker probes when
using its high-speed mobile service.
The issue came to light after Mike Palmer, the technology director for
the broadcast division of AP, spotted numerous probes against his PC
while using T-Mobile's GPRS network, Computerworld reports.
http://www.theregister.co.uk/content/55/28322.html
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
