_________________________________________________________________
London, Thursday, April 18, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
IWS Sponsor
National Center for Manufacturing Sciences
http://www.ncms.org
host of the
InfraGard Manufacturing Industry Association
http://trust.ncms.org
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] Despite law, few people use e-signatures
[2] Peddling Snake Oil as Security
[3] Warning! Why one virus alert system won't fit all
[4] New Klez worm squirms across Internet
[5] Indian hacker turns cyber cop
[6] (Canada) Feds Open To Cyber Attack
[7] McAfee.com unveils network-wide security "grid"
[8] Businesses first line of defense in battling cybercrime
[9] Hacker to Be Key in Trial of Judge
[10] U.S. targets cybercriminals
[11] Security flaw in Microsoft Office for Mac
[12] US Supremes affirm virtual kiddie porn
[13] U.K. budget includes aid for e-commerce
[14] Survival in an Insecure World
[15] Openwall: Improving Security with the Openwall Patch
[16] DoD Unified Command Plan
[17] Senator may use border security bill to restructure homeland office
_________________________________________________________________
News
_________________________________________________________________
[1] Despite law, few people use e-signatures
By Troy Wolverton
Staff Writer, CNET News.com
April 17, 2002, 4:00 AM PT
Even in the Internet age, your John Hancock still matters.
Most people are still putting pen to paper these days, despite a law signed
by former President Clinton nearly two years ago that made electronic
signatures the legal equivalent of traditional signatures.
http://news.com.com/2100-1017-884544.html
----------------------------------------------------
[2] Peddling Snake Oil as Security
Wireless security vendors are trying to create a market where none exists.
As always, the key to better wireless security is better practice, not new
products.
By Richard Forno
Apr 17 2002 8:10AM PT
Recently, I received an invitation to speak at a plenary session for an
upcoming conference on wireless security. While the conference venue was
first-rate and they were covering all my expenses, I had to be honest with
the conference coordinators and decline the invitation.
The reason? If I went on-stage and delivered my views on wireless networking
and its security implications, the vendors exhibiting at the event would
have chased me from the dais and lynched me.
http://online.securityfocus.com/columnists/75
----------------------------------------------------
[3] Warning! Why one virus alert system won't fit all
Robert Vamosi,
Associate Editor,
ZDNet Reviews
Wednesday, April 17, 2002
When Homeland Security chief Tom Ridge unveiled the new Homeland Security
Advisory System, he added five new levels of alert--each distinguished by
its own color--to our already crowded color-coded vocabulary. Ridge's plan
is only the latest effort aimed at standardizing warning systems in the
security community these days. There's even a semi-serious proposal afoot to
have antivirus companies conform to a standard warning scale.
http://www.zdnet.com/anchordesk/stories/story/0,10738,2861506,00.html
----------------------------------------------------
[4] New Klez worm squirms across Internet
By: Robert Lemos
4/17/02 11:30 AM
Source: News.com
A new variant of the Klez worm managed to squirm into computers in some
parts of Asia on Tuesday and appeared to be spreading in the United States
as of Wednesday.
Alternately known as Klez.g, Klez.h and Klez.k, depending on the security
advisory that's referring to it, the worm has its own e-mail engine to mass
mail itself to potential victims, and it also attempts to deactivate some
antivirus products. The worm can also spread to shared drives connected to
PCs via local area networks or LANs.
While the e-mail message in which the worm gift-wraps itself is relatively
standard, its ability to elude most antivirus products has enabled it to
spread fairly widely, said Alex Shipp, an antivirus technologist for
U.K.-based e-mail service provider MessageLabs.
http://investor.cnet.com/investor/news/newsitem/0-9900-1028-9727379-0.html?t
ag=ats
http://ocipep-bpiepc.gc.ca/emergencies/advisories/AV02-020_e.html
----------------------------------------------------
[5] Indian hacker turns cyber cop
Net security is an increasing concern in India
By Brajesh Upadhyay
of the BBC Hindi service
The clock had just struck midnight when users logged onto a popular chat
site noticed a rather short message flashing up on their monitors: "DOS
attack".
http://news.bbc.co.uk/hi/english/world/south_asia/newsid_1934000/1934874.stm
----------------------------------------------------
[6] Feds Open To Cyber Attack
Government Systems Fail To Fend Off Hackers, Auditor Says
Ref: Ottawa Sun, 17 Apr 2002
by David Gamble, Parliamentary Bureau
Read this before you e-mail your income tax.
The federal government's computer systems -- and all the personal data they
contain -- are extremely vulnerable to cyber crooks, warns Auditor General
Sheila Fraser.
Federal computer security is years "out of date," meaning not only could it
fall prey to computer viruses but hackers who break into computers to steal
and manipulate personal information, Fraser warns in her latest report.
http://www.canoe.ca/OttawaNews/os.os-04-17-0034.html
----------------------------------------------------
[7] McAfee.com unveils network-wide security "grid"
Wednesday 17 April 2002
McAfee.com has taken the wraps off a new strategy and technology designed to
provide a broader, more intelligent security services to its customers using
XML (Extensible Markup Language) and Web services.
Srivats Sampath, chief executive officer of McAfee.com, said the initiative,
known as "Grid Security Services", would use distributed computing
techniques. In the past, this concept has pbeen applied to projects such as
genome research. McAfee hopes to provide real time, dynamic security for its
users.
http://www.cw360.com/bin/bladerunner?REQSESS=oEBA55P6&690REQEVENT=&CARTI=111
690&CARTT=1&CCAT=1&CCHAN=13&CFLAV=1&CPAGEN=ArticlePage&CPAGET=-99999&CSEARCH
=&CSESS=-99999&CTOPIC=
----------------------------------------------------
[8] Businesses first line of defense in battling cybercrime
By ALEX VEIGA
AP Business Writer
BAL HARBOUR, Fla. - U.S. companies are the first line of defense against
cyber terrorists and criminals seeking to cripple America's economy and
should invest heavily to protect their computer networks, the head of a U.S.
government task force told a conference Tuesday.
http://www.jacksonville.com/tu-online/apnews/stories/041702/D7IUAE400.html
----------------------------------------------------
[9] Hacker to Be Key in Trial of Judge
Courts: Attorneys for Ronald Kline of Irvine argue that Canadian police had
doubts about child porn informant.
By JACK LEONARD, TIMES STAFF WRITER
Two months before child pornography charges were filed against an Orange
County judge, Canadian authorities expressed "serious doubt" about the work
of a hacker who allegedly discovered illegal photographs on the jurist's
home computer, according to court documents filed this week.
http://www.latimes.com/news/local/la-000027414apr17.story
----------------------------------------------------
[10] U.S. targets cybercriminals
BY BEATRICE E. GARCIA
Miami is one of eight cities where the U.S. Secret Service is setting up one
of its Electronic Crimes Task Forces, aimed at helping small and large
businesses combat cybercrimes.
The key is planning and prevention, said Robert Weaver, deputy special agent
in charge of the Secret Service's New York Electronics Crimes Task Force.
''It's a much easier discussion when you're not hyperventilating into a
paper bag,'' said Weaver.
http://www.miami.com/mld/miami/business/3077429.htm
----------------------------------------------------
[11] Security flaw in Microsoft Office for Mac
By Robert Lemos
Staff Writer, CNET News.com
April 16, 2002, 5:15 PM PT
Microsoft acknowledged on Tuesday that its popular Office applications for
the Macintosh have a critical security flaw that leaves users' systems open
to attack by worms and online vandals.
The software slip-up happens because the Microsoft applications incorrectly
handle the input to a certain HTML (Hypertext Markup Language) feature. By
formatting a link in a particular manner, an attacker can cause a program to
crash a Macintosh or run arbitrary commands. The link could appear on a Web
page or in an HTML-enabled e-mail.
http://news.com.com/2100-1001-884364.html
----------------------------------------------------
[12] US Supremes affirm virtual kiddie porn
By Thomas C Greene in Washington
Posted: 17/04/2002 at 16:26 GMT
The US Supreme Court on Tuesday delivered a blow to prudes throughout the
land, when it ruled 6-3 that sexual material which doesn't involve the abuse
of actual children is legal.
At issue was the Child Pornography Prevention Act, which Congress passed in
1996 to purge society of dangerous images and ideas.
http://www.theregister.co.uk/content/6/24901.html
----------------------------------------------------
[13] U.K. budget includes aid for e-commerce
By Graeme Wearden
Special to CNET News.com
April 17, 2002, 11:10 AM PT
Gordon Brown, Britain's chancellor of the exchequer, has promised financial
assistance to help small companies embrace e-business.
http://news.com.com/2110-1017-884981.html?tag=cdshrt
----------------------------------------------------
[14] Survival in an Insecure World
To defeat cyberterrorists, computer systems must be designed to work around
sabotage. David A. Fisher's new programming language will help do just that
As one of the primary lines of defense against hackers, cyberterrorists and
other online malefactors, the CERT Coordination Center at Carnegie Mellon
University is a natural target. So like many high-profile organizations, it
beefed up its security measures after September's audacious terrorist
attacks. Before I can enter the glass and steel building, I have to state my
business to an intercom and smile for the camera at the front door. Then I
must sign my name in front of two uniformed guards and wait for an escort
who can swipe her scan card through a reader (surveilled by another camera)
to admit me to the "classified" area. But these barriers--just like the
patting down I endured at the airport and like the series of passwords I
must type to boot up my laptop--create more of an illusion of security than
actual security. In an open society, after all, perfect security is an
impossible dream.
http://www.scientificamerican.com/2002/0502issue/0502profile.html
----------------------------------------------------
[15] Openwall: Improving Security with the Openwall Patch
by Zeshan Ghory
last updated April 17, 2002
Introduction
This article will examine the Openwall Linux kernel Patch, one of the
best-known kernel hardening patches. It will explain how to install the
patch and will examine its main features. Using the patch will require a
basic understanding of how to recompile the kernel. Some of the explanations
will assume a basic knowledge of the C programming language, but it is not
essential to the usage of the patch.
The patch proper is available under the GPL, other portions of the tarball
are licensed differently. See the LICENSE file for further details.
In case you aren't familiar with the idea, a "patch" contains modifications
to the kernel source code. For example, when upgrading from one kernel
http://online.securityfocus.com/infocus/1570
----------------------------------------------------
[16] Unified Command Plan 17/04/02
Secretary of Defense Donald H. Rumsfeld and Chairman of the Joint Chiefs of
Staff Gen. Richard B. Myers today announced changes to the Unified Command
Plan (UCP) that establishes the missions and geographic responsibilities for
combatant commanders.
The revised plan includes changes that accomplish the following:
Creates a new combatant command, U.S. Northern Command, and assigns it the
mission of defending the United States and supporting the full range of
military assistance to civil authorities.
Shifts U.S. Joint Forces Command's geographic area of responsibility to the
U.S. Northern Command and U.S. European Command. This enables U.S. Joint
Forces Command to focus on transforming U.S. military forces.
http://www.iwar.org.uk/news-archive/2002/military/04-17-02.htm
----------------------------------------------------
[17] Senator may use border security bill to restructure homeland office
>From CongressDaily
Senate Appropriations Committee Chairman Robert Byrd, D-W.Va., said Monday
he is considering offering amendments to a border security bill pending on
the Senate floor, including one concerning the structure of the office of
Homeland Security Director Tom Ridge.
However, Byrd also indicated in floor comments that he may soon allow the
bill to pass, even though it is "not the final answer to what ails our
border defenses."
Meanwhile, Senate Environment and Public Works Committee Chairman James
Jeffords, I-Vt., asked Ridge Monday to testify before the committee early
next month on homeland security legislation. In a letter to Ridge, Jeffords
said he hoped Ridge would testify at a May 7 hearing.
http://www.govexec.com/dailyfed/0402/041602cdam2.htm
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
