_________________________________________________________________
London, Monday, November 04, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
---------------------------------------------------------------------
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] FBI director says industry must do more to prevent cyberattacks
[2] Agencies, companies urged to set guidelines for fighting
cyberterrorism
[3] Root-Server Attack Traced to South Korea, U.S.
[4] Personal data travels far
[5] Microsoft dodges bullet
[6] But some shut their Windows
[7] Open source courses through DOD
[8] European police say they can't keep up with cyber criminals
[9] Feds pursue secrecy for corporate victims of hacking
[10] SPAMMER HAMMERED BY VERIZON BAN
[11] Scary Movie
[12] IG: State Department flunks systems security
[13] U.S. fears terrorists will imitate snipers
[14] State CIOs see accord with feds
[15] 'Sensitive' label strikes nerve
[16] How to get certified security for Win2k, by Microsoft
[17] Proof Win2K is still insecure by design
[18] Pentagon completes 'playbooks' for terrorism scenarios
[19] A New Cryptography Uses the Quirks of Photon Streams
[20] U.S. should fund R&D for secure Internet protocols, Clarke says
[21] New worm aims to infest Australian systems
[22] New Wi-Fi security would do little for public 'hot spots'
[23] Popular Linksys Router Vulnerable to Attack
_________________________________________________________________
News
_________________________________________________________________
[1] FBI director says industry must do more to prevent cyberattacks
By Shane Harris
FBI Director Robert Mueller Thursday implored industry technology
executives to do a better job securing the Internet and other data
networks by reporting incidences of online crime to the bureau.
"You're not enabling us to do [our] job" by withholding reports about
criminals who successfully penetrate companies' data networks or attack
their systems, Mueller told those attending a Falls Church, Va. forum on
combating online crime and cyberterrorism. Corporations are reluctant to
report such attacks to law enforcement agencies for fear of revealing
their systems' vulnerabilities. They worry the information could give
competitors an edge, or invite more attacks by criminals once they
discover the weaknesses.
http://www.govexec.com/dailyfed/1002/103102h1.htm
FBI seeks help vs. Cybercrime
http://www.fcw.com/fcw/articles/2002/1028/web-fbi-11-01-02.asp
----------------------------------------------------
[2] Agencies, companies urged to set guidelines for fighting
cyberterrorism
By Molly M. Peterson, National Journal's Technology Daily
The war on cyberterrorism requires law enforcement agencies and the
private sector to develop guidelines and protocols for sharing
information about network vulnerabilities and cyber attacks, government
and industry leaders said Thursday.
"Face-to-face relationships are great, but we need to go beyond that,"
Chris Painter, deputy chief of the Justice Department's Computer Crime
and Intellectual Property Section (CCIPS), said during a cyber-security
forum at Computer Sciences Corp. headquarters in Falls Church, Va.
Painter led one of several workshops in which law enforcement and
private-sector officials discussed obstacles to information sharing.
Conference organizers said they closed those workshops to the media in
order to encourage participants to discuss problems and ideas with as
much candor as possible.
http://www.govexec.com/dailyfed/1102/110102td1.htm
----------------------------------------------------
[3] Root-Server Attack Traced to South Korea, U.S.
By Brian Krebs
washingtonpost.com Staff Writer
Thursday, October 31, 2002; 3:30 PM
Last week's attacks on the Internet's backbone likely emanated from
computers in the United States and South Korea, FBI Director Robert
Mueller today said.
"The investigation is ongoing," Mueller said at an Internet security
conference in Falls Church, Va. He did not offer more details on the
investigation, nor did he outline the evidence investigators have
gathered so far.
http://www.washingtonpost.com/wp-dyn/articles/A46872-2002Oct31.html
----------------------------------------------------
[4] Personal data travels far
BY William Matthews
Nov. 1, 2002
Technology is making it much easier for government agencies to share
information, so they are -- including details about your bank accounts,
medical complaints and family lives.
Personal information from an electronic application for a student loan,
for example, may be transmitted to 10 other government agencies and
private entities such as consumer reporting agencies, schools and
lawyers.
http://www.fcw.com/fcw/articles/2002/1028/web-privacy-11-01-02.asp
----------------------------------------------------
[5] Microsoft dodges bullet
Steve Lohr The New York Times
Monday, November 4, 2002
NEW YORK When the federal government and 20 states filed their sweeping
antitrust suit against Microsoft in May 1998, the company dominated the
personal computer business and was aggressively moving into the
neighboring markets of software for handheld computers, cell phones,
television set-top boxes and big data-serving computers.
It still is, more than four years later. And there is little in the
ruling Friday on sanctions in the Microsoft case, by Judge Colleen
Kollar-Kotelly of U.S. District Court, that will slow down the big
software maker.
http://www.iht.com/articles/75644.html
----------------------------------------------------
[6] But some shut their Windows
Ariana Eunjung Cha The Washington Post
Monday, November 4, 2002
MERIDA, Spain Luis Millan Vazquez de Miguel, a college professor turned
politician, is succeeding where multibillion-dollar multinational
corporations have failed.
He is managing to unseat Microsoft Corp. as the dominant player in the
software industry, at least in his little part of the world. Vazquez de
Miguel is the minister of education, science and technology in
Extremadura, a rural western region of Spain made up of expanses of
olive trees and small towns and villages with a total of 1.1 million
inhabitants. In April, the government began an unorthodox campaign to
convert all the area's computer systems, in government offices,
businesses and homes, from the Windows operating system to Linux, a free
alternative. Already, Vazquez de Miguel said, more than 10,000 desktop
machines have been switched, with 100,000 more scheduled for conversion
in the next year. Organizers regard the drive as a low-cost way to bring
technology to the masses in the relatively poor region. ''We are the
future,'' he said. ''If Microsoft doesn't become more open and generous
with its code, people will stop using it, and it will disappear.''
Extremadura is being closely watched by Linux enthusiasts and Microsoft
to see how it manages the transition. Such efforts are likely to become
the next front in the battle to steal market share from Microsoft now
that a federal judge has approved a settlement in its antitrust case in
the United States.
http://www.iht.com/articles/75669.html
----------------------------------------------------
[7] Open source courses through DOD
BY Dan Caterinicchia
Nov. 1, 2002
What would happen if open source software were banned in the Defense
Department?
A recent study conducted by Mitre Corp. for DOD posed that hypothetical
question and found this answer: The department's cybersecurity
capabilities would be crippled and other areas would be severely
impacted.
Mitre Corp. was asked to develop a listing of open-source software
applications at DOD and to collect representative examples of how those
applications are being used. Over a two-week period, an e-mailed survey
identified 115 applications and 251 examples of use, and Mitre's report
acknowledged that actual use could be "tens of thousands of times larger
than the number of examples identified."
http://www.fcw.com/fcw/articles/2002/1028/web-open-11-01-02.asp
----------------------------------------------------
[8] European police say they can't keep up with cyber criminals
LONDON (Reuters) - Europe is losing out in its fight against cybercrime,
a top law enforcement official said on Friday.
"With cybercrime, it's become so obvious that we've lost the battle even
before we've begun to fight. We can't keep up," Rolf Hegel, head of
Europol's serious crime department, told the Compsec 2002 computer
security conference here.
The broad threat of cybercrime has puzzled police forces around the
world for years. And now there is mounting evidence that organized
criminal groups are using new technologies to commit everyday crimes and
some new ones.
http://www.usatoday.com/tech/news/computersecurity/2002-11-01-europe-cyb
ercrime_x.htm
----------------------------------------------------
[9] Feds pursue secrecy for corporate victims of hacking
Copyright C 2002
By TED BRIDIS, Associated Press
WASHINGTON (October 31, 2002 6:36 p.m. EST) - Senior law enforcement
officials assured technology executives Thursday that government will
increasingly work to keep secret the names of companies that become
victims to major hacking crimes, along with any sensitive corporate
disclosures that could prove embarrassing.
The effort, described at a cybercrime conference in northern Virginia,
is designed to encourage businesses to report such attacks and build
public confidence in Internet security. Officials promised to use legal
mechanisms, such as protective orders and sealed court filings, to
shield corporate hacking victims from bad publicity.
http://www.nandotimes.com/technology/story/601028p-4652104c.html
See also
http://www.usatoday.com/tech/news/computersecurity/2002-11-01-hacking-vi
ctims_x.htm
----------------------------------------------------
[10] SPAMMER HAMMERED BY VERIZON BAN
By SAM SMITH
November 3, 2002 -- Junk e-mailer Alan M. Ralsky has had his wings
clipped.
The man The Post recently identified as one of the 10 most notorious
junk e-mailers in the world, agreed to change his spamming ways last
week in a settlement with Verizon Internet Services.
Ralsky, who boasted to The Post prior to the settlement that he saw
"nothing but growth" for his business, is now banned from Verizon's vast
Internet system.
The Chicago-based e-mailer told The Post he routinely sent out 30
million junk e-mails per day.
http://www.nypost.com/news/regionalnews/61193.htm
----------------------------------------------------
[11] Scary Movie
Hollywood's creative geniuses have launched a new horror genre: the
computer virus slasher film. How did we live without this?
By George Smith Nov 04, 2002
On Halloween, "The Mangler 2.0" virus took over my TV. It's a horror
movie from Artisan Entertainment now available on VHS and DVD. The
screenplay was written in nine whole days, bragged the credits.
It was just like real life.
First off, there is this rich girl, Jo. She's angry at her never-home
pop so she puts a virus into his corporate network.
You can tell she knows that what she's doing is wrong even while driven
by the evil compulsion. It's the purple lipstick, invasion of company
property after midnight and the cat-burglar wear that give it away.
http://online.securityfocus.com/columnists/121
----------------------------------------------------
[12] IG: State Department flunks systems security
By Wilson P. Dizard III
GCN Staff
The State Department's information system security remains weak a year
after the department was told of serious flaws, according to a recent
report by the State inspector general's office. The IG reviewed system
security in accordance with the Government Information Security Reform
Act, which calls for annual reviews. Even though State made a plan for
certifying and accrediting its systems, it has no timetable, according
to the IG.
http://www.gcn.com/vol1_no1/daily-updates/20398-1.html
----------------------------------------------------
[13] U.S. fears terrorists will imitate snipers
By George C. Wilson, National Journal
The U.S. intelligence net has caught terrorists abroad talking
admiringly over the past several days about the sniper attacks that
paralyzed much of the Washington area in October, and this has raised
fears within the government that Islamic extremists will deploy snipers
to other American cities soon, U.S. officials have told National
Journal.
"Terrorists in general engage in cross-group learning," said one
official knowledgeable about the recent overseas discussions of the
sniper attacks. They "take note of how we react to calamities, like
other terrorists attacks." They saw how "two men with a rifle" shooting
out of a $250 used Chevrolet "occupied the entire region, resulting in
significant disruption of daily activities," the official said. "This
has no doubt given ideas to terrorists."
If President Bush does wage war against Iraq, it could trigger sniper
attacks against Americans in a number of cities, officials warned. If
this happened, American civilians would find themselves in greater
personal danger from warfare than at any other time since the Civil War.
Back then, armies swirled around civilians and sometimes deliberately
destroyed their property, as in Union Gen. William Tecumseh Sherman's
fiery march through the South in 1864.
http://www.govexec.com/dailyfed/1102/110102nj2.htm
----------------------------------------------------
[14] State CIOs see accord with feds
BY Dibya Sarkar
Nov. 1, 2002
The keynote speeches of two senior White House officials signaled a
"rhetorical alignment" between the federal and state governments on
homeland security, e-government and other issues, several state chief
information officers acknowledged. But they said that officials must now
move beyond that.
Governments need to produce "actionable plans" on these issues, said
Gerry Wethington, Missouri's CIO and new president of the National
Association of State Chief Information Officers, during a roundtable
discussion at NASCIO's annual conference in St. Louis this week.
http://www.fcw.com/geb/articles/2002/1028/web-state-11-01-02.asp
----------------------------------------------------
[15] 'Sensitive' label strikes nerve
BY William Matthews
Oct. 31, 2002
Presidents from three prestigious government science academies have
urged the Bush administration not to declare information "sensitive but
unclassified" and withhold it from the public.
During the past year, dozens of federal agencies have adopted informal
policies of suppressing information that they think could be helpful to
terrorists planning attacks against the United States. And since summer,
the Office of Management and Budget has been considering whether to
adopt a formal policy for withholding sensitive information.
http://www.fcw.com/fcw/articles/2002/1028/web-info-10-31-02.asp
----------------------------------------------------
[16] How to get certified security for Win2k, by Microsoft
By John Lettice
Posted: 31/10/2002 at 17:52 GMT
Windows users whose spirits lifted at this week's announcement of Common
Criteria certification* for Microsoft's Windows 2000 would do well to
take a look at some of the assumptions and restrictions associated with
the tested system. While perhaps not as extreme as when NT passed Orange
book certification so long as it wasn't connected to a network, these do
seem just a little restrictive and artificial.
http://www.theregister.co.uk/content/55/27877.html
----------------------------------------------------
[17] Proof Win2K is still insecure by design
By John Leyden
Posted: 31/10/2002 at 15:40 GMT
A day after boasting that Windows 2000 has won Common Criteria security
certification, Microsoft was yesterday obliged to warn of two nasty
vulnerability affecting, er, Windows 2000.
The timing couldn't be more embarrassing for Redmond but, let's face it,
the appearance of more bugs in Win2K (or IE, WinXP etc.) is hardly much
of a surprise.
First up and more seriously, a buffer overflow flaw has been unearthed
involving Microsoft's implementation of Point-to-Point Tunnelling
Protocol (PPTP), a Virtual Private Networking technology natively
supported within Windows 2000 and Windows XP. PPTP support is an
optional component in Windows NT 4.0, Windows 98, Windows 98SE, and
Windows ME.
http://www.theregister.co.uk/content/55/27874.html
----------------------------------------------------
[18] Pentagon completes 'playbooks' for terrorism scenarios
By Bryan Bender, Global Security Newswire
The Defense Department has completed a set of "playbooks" outlining how
government authorities should deal with a variety of terrorist and other
scenarios involving weapons of mass destruction and mass casualties,
according to a senior Pentagon official.
Stephen Younger, director of the Pentagon's Defense Threat Reduction
Agency, said yesterday the series of response plans-first ordered during
the Clinton administration-have been approved and are being circulated
among key government agencies.
The playbooks are designed to "identify the hard problems" in dealing
with a catastrophic terrorist attack, he told a nuclear, chemical, and
biological defense conference sponsored by Aviation Week.
http://www.govexec.com/dailyfed/1102/110102gsn1.htm
----------------------------------------------------
[19] A New Cryptography Uses the Quirks of Photon Streams
By JOHN MARKOFF
The quirky world of quantum physics, where mathematical elements can
hold multiple values and objects can be in several places at once, is
heading toward commercial products.
A start-up company, MagiQ Technologies, plans to announce today a
cryptogaphy - or code - system that uses a technology called quantum key
distribution to thwart eavesdropping on a fiber optic communication
channel. The company, based in New York, says it has a working model of
its system and will have a commercial version available in the second
half of next year.
http://www.nytimes.com/2002/11/04/technology/04QUAN.html?ex=1037077200&e
n=4c97eb506661bf4f&ei=5040&partner=MOREOVER
----------------------------------------------------
[20] U.S. should fund R&D for secure Internet protocols, Clarke says
By William Jackson
GCN Staff
Presidential cybersecurity advisor Richard Clarke today renewed his call
for government funding to support R&D for more secure Internet
protocols.
Clarke told reporters that security and reliability of the basic
protocols underlying the Internet have not received enough attention
because no one has a proprietary interest in them.
http://www.gcn.com/vol1_no1/daily-updates/20382-1.html
----------------------------------------------------
[21] New worm aims to infest Australian systems
By Patrick Gray, ZDNet Australia
01 November 2002
An Internet worm, posing as an anti-virus update arriving in an email,
is also using peer to peer (P2P) software to spread.
The Merkur worm, aka W32.HLLW.Merkur@mm arrives in email form with the
subject "Update your Anti-virus Software" and has an attachment named
"Taskman.exe".
The worm relies solely on the recipient being fooled into running the
attachment to spread.
http://www.zdnet.com.au/newstech/security/story/0,2000024985,20269585,00
.htm
----------------------------------------------------
[22] New Wi-Fi security would do little for public 'hot spots'
By BOB BREWIN
OCTOBER 31, 2002
The new security features that wireless LAN vendors plan to build into
products under the Wireless Protected Access (WPA) program will do
little to protect enterprise or individual users in the booming Wi-Fi
public-access "hot spot" market.
http://www.computerworld.com/securitytopics/security/story/0,10801,75535
,00.html
----------------------------------------------------
[23] Popular Linksys Router Vulnerable to Attack
By Dennis Fisher
A denial-of-service vulnerability in one of the most popular cable and
DSL routers allows an attacker to crash the router from a remote
location.
The Linksys Group Inc.'s BEFSR41 EtherFast Cable/DSL Router with 4-Port
Switch is vulnerable to a remote DoS attack that requires the attacker
to do nothing more than access a specific script on the router's remote
management interface. The vulnerability affects all of the routers with
firmware versions earlier than 1.42.7.
http://www.eweek.com/article2/0,3959,663801,00.asp
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
