_________________________________________________________________
London, Friday, December 13, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body
---------------------------------------------------------------------
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] Critics say Defense 'total information awareness' impractical
[2] Northcom cultures 'need to share'
[3] Washington-area lawmakers vie for Homeland Security headquarters
[4] DOD offering homeland expertise
[5] Burbano takes on homeland job
[6] Tech Sniffs Employee Offenders
[7] Now it's the World Wide 'Wanted' Web
[8] E-fraud costs retailers millions
[9] Therminator to watch for cyberattacks
[10] Contractor says tech industry must rise to information security
challenge
[11] Sprint pushes tougher security policy for vendors
[12] Top spammer hit by junk mail blitz
[13] (UK) Police charter will boost fight against cybercrime
[14] MyDomains.com hit by denial-of-service attack
[15] Aust security experts warn of new hacking target
[16] Your Microsoft critical security patches tonight
[17] INS sets date for student data
[18] Agencies see homeland security role for surveillance drones
[19] Bush science advisers contemplate technology transfer
_________________________________________________________________
CURRENT THREAT LEVELS
_________________________________________________________________
Electricity Sector Physical: Elevated (Yellow)
Electricity Sector Cyber: Elevated (Yellow)
Homeland Security Elevated (Yellow)
DOE Security Condition: 3, modified
NRC Security Level: III (Yellow) (3 of 5)
_________________________________________________________________
News
_________________________________________________________________
----------------------------------------------------
[1] Critics say Defense 'total information awareness' impractical
By Shane Harris
Security advocates and technology experts threw cold water on a
controversial Defense Department plan to create a new counterterrorism
system that would use information technology to sniff out clues to a
possible terrorist assault and identify attackers before they strike.
The critics said the system, currently being researched by the Pentagon,
would violate civil liberties, undermine commerce and probably wouldn’t
work.
Charles Peña, a policy analyst with the libertarian Cato Institute in
Washington, said it’s statistically unlikely that the system could
predict and pre-empt attacks and also avoid targeting innocent people as
suspected terrorists. He said that if the system—which theoretically
would analyze relationships among transactions such as credit card or
airline ticket purchases—were applied to the entire population, almost
as many people would incorrectly be identified as terror plotters as
would be correctly fingered. That scenario would make the technology
useless, said Peña, who argued against spending millions of dollars to
develop it.
The Total Information Awareness (TIA) system is managed by the Defense
Advanced Research Projects Agency (DARPA), the Pentagon’s main research
and development unit. It would use data retrieval, biometric
identification and other technologies to analyze information in
databases. DARPA has not yet said what databases would be searched, but
controversy has engulfed the project amid fears that private purchases
and travel patterns might become the subject of government inspection.
http://www.govexec.com/dailyfed/1202/121202h1.htm
----------------------------------------------------
[2] Northcom cultures 'need to share'
BY Dan Caterinicchia
Dec. 11, 2002
Just a little more than two months since its official start, the Defense
Department's Northern Command is suffering many growing pains, not the
least of which is attempting to mesh defense, law enforcement,
intelligence and homeland security cultures into a "need to share"
information environment.
Air Force Maj. Gen. Dale Meyerrose, Northcom's chief information
officer, said the DOD and national security structure operates in a
"need to know" environment, while the federal, state and local law
enforcement communities are focused on a "need to prosecute." However,
he said that neither of those approaches works for Northcom, which is
responsible for ensuring homeland defense capabilities and supporting
civilian authorities when directed by the president or secretary of
Defense.
http://www.fcw.com/fcw/articles/2002/1209/web-north-12-11-02.asp
----------------------------------------------------
[3] Washington-area lawmakers vie for Homeland Security headquarters
By Jason Peckenpaugh
Del. Eleanor Holmes Norton, D-D.C., called on the Bush administration
Wednesday to locate the headquarters for the new Homeland Security
Department in Washington.
Norton’s move came amid signs the White House may be considering whether
to base the new agency in the Washington suburbs.
The department’s location will have a critical effect on Washington’s
economy, Norton said at a press conference with Washington Mayor Anthony
Williams. The department will absorb anywhere from 15,000 to 18,000
federal employees who now work in Washington, and moving these workers
to the suburbs could damage the city, she said.
http://www.govexec.com/dailyfed/1202/121202p1.htm
----------------------------------------------------
[4] DOD offering homeland expertise
BY Dan Caterinicchia
Dec. 11, 2002
It is not the Defense Department's job to push technological solutions
on local emergency workers or the 22 federal agencies that make up the
Homeland Security Department, but DOD certainly can use its experiences
in information sharing, collaboration and networking to serve as models
for the new department, according to a panel of military experts.
Army Lt. Gen. Joseph Kellogg Jr., director of command, control,
communications and computer systems for the Joint Staff, said DOD can
serve as a reference in tying together disparate systems based on its
decades of work connecting overseas combat commands that include
representatives from all military services.
http://www.fcw.com/fcw/articles/2002/1209/web-dod-12-11-02.asp
----------------------------------------------------
[5] Burbano takes on homeland job
BY Colleen O'Hara
Dec. 11, 2002 ... updated 12:30 p.m.
Fernando Burbano, former chief information officer at the State
Department, has taken on a new role within the department as a senior
adviser on homeland security.
Last week Burbano became a senior adviser for homeland security in the
deputy secretary's homeland security office within the State Department.
It is a new office Burbano said, created to work on and coordinate
homeland security issues within the department and to serve as a liaison
with new Homeland Security Department.
Burbano said he is working with ambassador Ted McNamara on this effort.
No replacement for Burbano has been named, but in the meantime Bruce
Morrison, deputy CIO for operations, is acting CIO.
http://www.fcw.com/fcw/articles/2002/1209/web-burbano-12-11-02.asp
----------------------------------------------------
[6] Tech Sniffs Employee Offenders
By Michelle Delio | Also by this reporter Page 1 of 1
02:00 AM Dec. 13, 2002 PT
NEW YORK -- There are no bodies, bones or blood to analyze. No pondering
over a piece of decaying evidence that was once part of a human being.
But the forensics software on display at this year's Infosecurity 2002
tradeshow is enough to spook corporate employees everywhere.
Computer forensics applications are typically used to investigate
computer crimes and to preserve digital evidence so it's usable in
court. But these applications aren't just for law enforcement officials
anymore. Computer forensics software is helping stop corporate crime
before it happens.
http://www.wired.com/news/infostructure/0,1377,56826,00.html
----------------------------------------------------
[7] Now it's the World Wide 'Wanted' Web
By TODD R. WEISS
DECEMBER 11, 2002
Content Type: Story
Source: Computerworld
Forget about the wanted posters in your local post office.
The FBI is now going after the criminals on its "10 Most Wanted" list
using pop-up banner ads on the myriad Web sites owned and operated by
the Terra Lycos Inc. network.
In an announcement today, the U.S. attorney's office in Boston and the
Boston office of the FBI announced that the first-ever FBI Most Wanted
banner ad has been placed on the Lycos home page; it's a wanted poster
seeking Boston organized crime figure James "Whitey" Bulger.
Previously, Web users could see the Top 10 list only by going directly
to the FBI home page. The list has been online since 1995.
Bulger, who is being sought on charges including murder, racketeering,
extortion and money laundering, has been on the list since August 1999.
A $1 million reward is being offered for information that leads to his
capture.
http://www.computerworld.com/developmenttopics/websitemgmt/story/0,10801
,76654,00.html
----------------------------------------------------
[8] E-fraud costs retailers millions
By electricnews.net
Posted: 13/12/2002 at 12:58 GMT
Internet fraud will cost US on-line retailers $500 million this
Christmas, as fraudsters devise more sophisticated scams to obtain
credit card information.
Research firm Gartner said on Wednesday that an estimated $160 million
will be lost this holiday season to fraud and approximately $315 million
will be lost in sales due to suspect transactions.
Gartner said its survey found that on-line merchants did not think they
were getting the help they needed from credit-card issuers to prevent
fraud. The company advised on-line merchants to use real-time checks to
look for fraudulent activity based on patterns of fraud abuses. The
research firm said that suspect transactions should be weeded out for
manual review and money for chargebacks should be collected from card
issuers.
http://www.theregister.co.uk/content/6/28559.html
----------------------------------------------------
[9] Therminator to watch for cyberattacks
BY Dan Caterinicchia
Dec. 13, 2002
To create better protection for the nation's computer networks, the
National Security Agency and the Defense Department have signed an
agreement with Lancope Inc. to build Therminator, an advanced
information security tool.
Therminator will produce a graphical representation of network traffic
that allows information security workers and network administrators to
recognize the impact of cyberattacks in real time.
http://www.fcw.com/fcw/articles/2002/1209/web-nsa-12-13-02.asp
http://www.nsa.gov/programs/tech/factshts/20020305-2.htm
----------------------------------------------------
[10] Contractor says tech industry must rise to information security
challenge
>From National Journal's Technology Daily
Vance Coffman, chairman and CEO at Lockheed Martin, on Thursday said
that as the information technology industry moves to address homeland
security, it will be challenged continually to examine ways that it uses
information for security, and must "rise to meet that challenge."
That can be done by providing "just the right information, at the right
time, to the right people, in the right way—without threatening people's
individual liberties," he said in prepared remarks.
Speaking to the Northern Virginia Technology Council, Coffman called for
a fused, governmentwide information system on border activity. He also
called for increased defense spending in order to address new needs.
http://www.govexec.com/dailyfed/1202/121202td2.htm
----------------------------------------------------
[11] Sprint pushes tougher security policy for vendors
By DAN VERTON
DECEMBER 12, 2002
Content Type: Story
Source: Computerworld
NEW YORK -- Sprint Corp. is crafting a policy that would require all
software vendors that wish to sell their wares to the global
telecommunications company to first conduct a series of security tests
and then provide Sprint with the results of those tests.
That's the word from Sprint Chief Security Officer Robert Fox, who spoke
yesterday at the Infosecurity Conference & Exhibition here. "We're
working on a new policy for software vendors that will say, 'Before you
deliver your software to Sprint, you need to run certain tests and tell
us the results,'" said Fox. "There are holes in Microsoft [software, for
example,] you can shoot a cannon through. It's only fair that they tell
us."
http://www.computerworld.com/managementtopics/xsp/isptelecom/story/0,108
01,76687,00.html
----------------------------------------------------
[12] Top spammer hit by junk mail blitz
By Iain Thomson [12-12-2002]
Spam generator targeted by fed up web users
One of the world's most prolific generators of spam has received a taste
of his own medicine.
Alan Ralsky, described by London-based spam trackers Spamhaus as last
year's top sender of junk mail, has complained of harassment after
internet users signed him up to a deluge of unsolicited mail from all
over the world.
http://www.vnunet.com/News/1137552
----------------------------------------------------
[13] Police charter will boost fight against cybercrime
Business organisations have welcomed plans by the UK's National
High-Tech Crime Unit to give guarantees of confidentiality to businesses
when they report hacking, virus attacks and other computer crimes.
The unit's confidentiality charter, launched this week, follows
long-running concerns that businesses are failing to report computer
crimes because they fear that bad publicity will damage both their
reputation and their share price.
"We certainly welcome any moves to help business tackle computer crime.
Small businesses in particular need all the support they can get to cope
with this growing problem," the Institute of Directors said.
http://www.cw360.com/bin/bladerunner?REQSESS=qh14L06Q&REQAUTH=0&2149REQE
VENT=&CARTI=118184&CARTT=1&CCAT=2&CCHAN=22&CFLAV=1
----------------------------------------------------
[14] MyDomains.com hit by denial-of-service attack
The shutdown of up to 600,000 websites of MyDomain.com and
NamesDirect.com customers this week was caused by a massive Denial of
Service (DoS) attack. The company released a statement outlining the
circumstances, stating "about 3am Pacific, a Denial Of Service attack/
HUGE influx if DNS queries bombarded our main co-lo facility in
Seattle".
http://zdnet.com.com/2110-1105-977114.html
----------------------------------------------------
[15] Aust security experts warn of new hacking target
By Jeanne-Vida Douglas, ZDNet Australia
13 December 2002
While the security risk posed by poorly encrypted, or unprotected,
wireless local area networks (WLANs) are widely known, security experts
are warning of potential leaks from a new source - wireless LAN bridges.
According to Ross Chiswell, CEO of wireless networking reseller
Integrity Data Systems, companies who have been careful to protect their
WLANs from attack may be at risk when using wireless bridges to transmit
information between buildings.
"Some of the cheaper wireless bridges are still using the IEEE
protocols, which are as easy to read as any other WLAN infrastructure,"
Chiswell said. "It doesn’t make that much of a difference if there is a
firewall at each end, because the traffic can still be intercepted".
http://www.zdnet.com.au/newstech/communications/story/0,2000024993,20270
671,00.htm
----------------------------------------------------
[16] Your Microsoft critical security patches tonight
By John Leyden
Posted: 12/12/2002 at 17:15 GMT
Microsoft last night released three sets of security patches, the most
important of which aims to address flaws in Microsoft Virtual Machine
(VM) which it admits could enable system compromise.
The VM patch is designed to address eight vulnerabilities, the most
serious of which would enable an attacker to gain control over a user's
system. That's possible because of a vulnerability that means an
untrusted Java applet could access COM objects.
Microsoft VM is a virtual machine for the Win32 operating environment
and ships with most versions of Windows as well as in most versions of
Internet Explorer, so many millions of users are potentially affected by
the problem. Attack scenarios are all too familiar. To exploit the flaws
an attacker would create a Web page that, when opened, exploits the
desired vulnerability, and either host it or send it to a victim as an
HTML mail.
http://www.theregister.co.uk/content/55/28546.html
----------------------------------------------------
[17] INS sets date for student data
BY Judi Hasson
Dec. 12, 2002
The Immigration and Naturalization Service has issued a final rule
requiring colleges and universities to begin reporting information about
foreign students electronically on Jan. 30, 2003.
The program is part of the Student and Exchange Visitor Information
System (SEVIS) that is being implemented to keep track of foreign
students who receive visas to study in the United States.
http://www.fcw.com/fcw/articles/2002/1209/web-ins-12-12-02.asp
----------------------------------------------------
[18] Agencies see homeland security role for surveillance drones
By Richard H.P. Sia, CongressDaily
An increasing number of federal agencies are pursuing plans to use
pilotless surveillance aircraft to help patrol the Mexican and Canadian
borders, protect the nation’s major oil and gas pipelines and aid in
other homeland security missions.
Incoming Senate Armed Services Committee Chairman John Warner, R-Va.,
said in an interview Tuesday that he will ask President Bush to explore
the possible deployment of such aircraft, known as unmanned aerial
vehicles or drones, by civilian agencies responsible for homeland
security.
The drones would be similar to those used in high-profile missions by
the CIA and U.S. military to target suspected Taliban and al Qaeda
operatives in Afghanistan. But unlike many of the UAVs deployed
overseas, such as the one that fired a missile at a carload of suspected
terrorists in Yemen last month, the drones flown for homeland security
operations would not be armed with weapons, only cameras or sensors,
several federal officials said.
http://www.govexec.com/dailyfed/1202/121202sia.htm
----------------------------------------------------
[19] Bush science advisers contemplate technology transfer
By Teri Rucker, National Journal's Technology Daily
Determining just how effective the federal government is in translating
its new discoveries into private-sector successes can be difficult
because it is so hard to measure, but the President's Council of
Advisors on Science and Technology (PCAST) wants to sort it out so it
can craft a list of "best practices" that federal labs and universities
can follow.
"It is hard to come to a consensus on how technology transfer is doing,"
Mark Wang, associate director of RAND's Science and Technology Policy
Institute, said on Thursday at a RAND forum. It is difficult if not
impossible to put a dollar value on some research because it can be
decades before the benefits are realized in the marketplace, he said.
That means policymakers should develop more meaningful metrics, with the
understanding that "one size does not fit all," said Bruce Mehlman,
assistant secretary for technology policy at the Commerce Department.
"We've got to measure what we value and not value what we measure,"
Mehlman said, cautioning that policymakers should be careful not to skew
the research toward short-term efforts because they are easier to
quantify.
http://www.govexec.com/dailyfed/1202/121202td1.htm
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
------------------------------------------------------------------------
‘Information is the currency of victory on the battlefield.’
GEN Gordon Sullivan, CSA (1993)
------------------------------------------------------------------------
Wanja Eric Naef
Principal Researcher
IWS - The Information Warfare Site
http://www.iwar.org.uk
------------------------------------------------------------------------
Join the IWS Infocon Mailing List @
http://www.iwar.org.uk/general/mailinglist.htm
------------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
