_________________________________________________________________ London, Thursday, April 18, 2002 _________________________________________________________________
INFOCON News _________________________________________________________________ IWS - The Information Warfare Site http://www.iwar.org.uk _________________________________________________________________ IWS Sponsor National Center for Manufacturing Sciences http://www.ncms.org host of the InfraGard Manufacturing Industry Association http://trust.ncms.org _________________________________________________________________ ---------------------------------------------------- [News Index] ---------------------------------------------------- [1] Despite law, few people use e-signatures [2] Peddling Snake Oil as Security [3] Warning! Why one virus alert system won't fit all [4] New Klez worm squirms across Internet [5] Indian hacker turns cyber cop [6] (Canada) Feds Open To Cyber Attack [7] McAfee.com unveils network-wide security "grid" [8] Businesses first line of defense in battling cybercrime [9] Hacker to Be Key in Trial of Judge [10] U.S. targets cybercriminals [11] Security flaw in Microsoft Office for Mac [12] US Supremes affirm virtual kiddie porn [13] U.K. budget includes aid for e-commerce [14] Survival in an Insecure World [15] Openwall: Improving Security with the Openwall Patch [16] DoD Unified Command Plan [17] Senator may use border security bill to restructure homeland office _________________________________________________________________ News _________________________________________________________________ [1] Despite law, few people use e-signatures By Troy Wolverton Staff Writer, CNET News.com April 17, 2002, 4:00 AM PT Even in the Internet age, your John Hancock still matters. Most people are still putting pen to paper these days, despite a law signed by former President Clinton nearly two years ago that made electronic signatures the legal equivalent of traditional signatures. http://news.com.com/2100-1017-884544.html ---------------------------------------------------- [2] Peddling Snake Oil as Security Wireless security vendors are trying to create a market where none exists. As always, the key to better wireless security is better practice, not new products. By Richard Forno Apr 17 2002 8:10AM PT Recently, I received an invitation to speak at a plenary session for an upcoming conference on wireless security. While the conference venue was first-rate and they were covering all my expenses, I had to be honest with the conference coordinators and decline the invitation. The reason? If I went on-stage and delivered my views on wireless networking and its security implications, the vendors exhibiting at the event would have chased me from the dais and lynched me. http://online.securityfocus.com/columnists/75 ---------------------------------------------------- [3] Warning! Why one virus alert system won't fit all Robert Vamosi, Associate Editor, ZDNet Reviews Wednesday, April 17, 2002 When Homeland Security chief Tom Ridge unveiled the new Homeland Security Advisory System, he added five new levels of alert--each distinguished by its own color--to our already crowded color-coded vocabulary. Ridge's plan is only the latest effort aimed at standardizing warning systems in the security community these days. There's even a semi-serious proposal afoot to have antivirus companies conform to a standard warning scale. http://www.zdnet.com/anchordesk/stories/story/0,10738,2861506,00.html ---------------------------------------------------- [4] New Klez worm squirms across Internet By: Robert Lemos 4/17/02 11:30 AM Source: News.com A new variant of the Klez worm managed to squirm into computers in some parts of Asia on Tuesday and appeared to be spreading in the United States as of Wednesday. Alternately known as Klez.g, Klez.h and Klez.k, depending on the security advisory that's referring to it, the worm has its own e-mail engine to mass mail itself to potential victims, and it also attempts to deactivate some antivirus products. The worm can also spread to shared drives connected to PCs via local area networks or LANs. While the e-mail message in which the worm gift-wraps itself is relatively standard, its ability to elude most antivirus products has enabled it to spread fairly widely, said Alex Shipp, an antivirus technologist for U.K.-based e-mail service provider MessageLabs. http://investor.cnet.com/investor/news/newsitem/0-9900-1028-9727379-0.html?t ag=ats http://ocipep-bpiepc.gc.ca/emergencies/advisories/AV02-020_e.html ---------------------------------------------------- [5] Indian hacker turns cyber cop Net security is an increasing concern in India By Brajesh Upadhyay of the BBC Hindi service The clock had just struck midnight when users logged onto a popular chat site noticed a rather short message flashing up on their monitors: "DOS attack". http://news.bbc.co.uk/hi/english/world/south_asia/newsid_1934000/1934874.stm ---------------------------------------------------- [6] Feds Open To Cyber Attack Government Systems Fail To Fend Off Hackers, Auditor Says Ref: Ottawa Sun, 17 Apr 2002 by David Gamble, Parliamentary Bureau Read this before you e-mail your income tax. The federal government's computer systems -- and all the personal data they contain -- are extremely vulnerable to cyber crooks, warns Auditor General Sheila Fraser. Federal computer security is years "out of date," meaning not only could it fall prey to computer viruses but hackers who break into computers to steal and manipulate personal information, Fraser warns in her latest report. http://www.canoe.ca/OttawaNews/os.os-04-17-0034.html ---------------------------------------------------- [7] McAfee.com unveils network-wide security "grid" Wednesday 17 April 2002 McAfee.com has taken the wraps off a new strategy and technology designed to provide a broader, more intelligent security services to its customers using XML (Extensible Markup Language) and Web services. Srivats Sampath, chief executive officer of McAfee.com, said the initiative, known as "Grid Security Services", would use distributed computing techniques. In the past, this concept has pbeen applied to projects such as genome research. McAfee hopes to provide real time, dynamic security for its users. http://www.cw360.com/bin/bladerunner?REQSESS=oEBA55P6&690REQEVENT=&CARTI=111 690&CARTT=1&CCAT=1&CCHAN=13&CFLAV=1&CPAGEN=ArticlePage&CPAGET=-99999&CSEARCH =&CSESS=-99999&CTOPIC= ---------------------------------------------------- [8] Businesses first line of defense in battling cybercrime By ALEX VEIGA AP Business Writer BAL HARBOUR, Fla. - U.S. companies are the first line of defense against cyber terrorists and criminals seeking to cripple America's economy and should invest heavily to protect their computer networks, the head of a U.S. government task force told a conference Tuesday. http://www.jacksonville.com/tu-online/apnews/stories/041702/D7IUAE400.html ---------------------------------------------------- [9] Hacker to Be Key in Trial of Judge Courts: Attorneys for Ronald Kline of Irvine argue that Canadian police had doubts about child porn informant. By JACK LEONARD, TIMES STAFF WRITER Two months before child pornography charges were filed against an Orange County judge, Canadian authorities expressed "serious doubt" about the work of a hacker who allegedly discovered illegal photographs on the jurist's home computer, according to court documents filed this week. http://www.latimes.com/news/local/la-000027414apr17.story ---------------------------------------------------- [10] U.S. targets cybercriminals BY BEATRICE E. GARCIA Miami is one of eight cities where the U.S. Secret Service is setting up one of its Electronic Crimes Task Forces, aimed at helping small and large businesses combat cybercrimes. The key is planning and prevention, said Robert Weaver, deputy special agent in charge of the Secret Service's New York Electronics Crimes Task Force. ''It's a much easier discussion when you're not hyperventilating into a paper bag,'' said Weaver. http://www.miami.com/mld/miami/business/3077429.htm ---------------------------------------------------- [11] Security flaw in Microsoft Office for Mac By Robert Lemos Staff Writer, CNET News.com April 16, 2002, 5:15 PM PT Microsoft acknowledged on Tuesday that its popular Office applications for the Macintosh have a critical security flaw that leaves users' systems open to attack by worms and online vandals. The software slip-up happens because the Microsoft applications incorrectly handle the input to a certain HTML (Hypertext Markup Language) feature. By formatting a link in a particular manner, an attacker can cause a program to crash a Macintosh or run arbitrary commands. The link could appear on a Web page or in an HTML-enabled e-mail. http://news.com.com/2100-1001-884364.html ---------------------------------------------------- [12] US Supremes affirm virtual kiddie porn By Thomas C Greene in Washington Posted: 17/04/2002 at 16:26 GMT The US Supreme Court on Tuesday delivered a blow to prudes throughout the land, when it ruled 6-3 that sexual material which doesn't involve the abuse of actual children is legal. At issue was the Child Pornography Prevention Act, which Congress passed in 1996 to purge society of dangerous images and ideas. http://www.theregister.co.uk/content/6/24901.html ---------------------------------------------------- [13] U.K. budget includes aid for e-commerce By Graeme Wearden Special to CNET News.com April 17, 2002, 11:10 AM PT Gordon Brown, Britain's chancellor of the exchequer, has promised financial assistance to help small companies embrace e-business. http://news.com.com/2110-1017-884981.html?tag=cdshrt ---------------------------------------------------- [14] Survival in an Insecure World To defeat cyberterrorists, computer systems must be designed to work around sabotage. David A. Fisher's new programming language will help do just that As one of the primary lines of defense against hackers, cyberterrorists and other online malefactors, the CERT Coordination Center at Carnegie Mellon University is a natural target. So like many high-profile organizations, it beefed up its security measures after September's audacious terrorist attacks. Before I can enter the glass and steel building, I have to state my business to an intercom and smile for the camera at the front door. Then I must sign my name in front of two uniformed guards and wait for an escort who can swipe her scan card through a reader (surveilled by another camera) to admit me to the "classified" area. But these barriers--just like the patting down I endured at the airport and like the series of passwords I must type to boot up my laptop--create more of an illusion of security than actual security. In an open society, after all, perfect security is an impossible dream. http://www.scientificamerican.com/2002/0502issue/0502profile.html ---------------------------------------------------- [15] Openwall: Improving Security with the Openwall Patch by Zeshan Ghory last updated April 17, 2002 Introduction This article will examine the Openwall Linux kernel Patch, one of the best-known kernel hardening patches. It will explain how to install the patch and will examine its main features. Using the patch will require a basic understanding of how to recompile the kernel. Some of the explanations will assume a basic knowledge of the C programming language, but it is not essential to the usage of the patch. The patch proper is available under the GPL, other portions of the tarball are licensed differently. See the LICENSE file for further details. In case you aren't familiar with the idea, a "patch" contains modifications to the kernel source code. For example, when upgrading from one kernel http://online.securityfocus.com/infocus/1570 ---------------------------------------------------- [16] Unified Command Plan 17/04/02 Secretary of Defense Donald H. Rumsfeld and Chairman of the Joint Chiefs of Staff Gen. Richard B. Myers today announced changes to the Unified Command Plan (UCP) that establishes the missions and geographic responsibilities for combatant commanders. The revised plan includes changes that accomplish the following: Creates a new combatant command, U.S. Northern Command, and assigns it the mission of defending the United States and supporting the full range of military assistance to civil authorities. Shifts U.S. Joint Forces Command's geographic area of responsibility to the U.S. Northern Command and U.S. European Command. This enables U.S. Joint Forces Command to focus on transforming U.S. military forces. http://www.iwar.org.uk/news-archive/2002/military/04-17-02.htm ---------------------------------------------------- [17] Senator may use border security bill to restructure homeland office >From CongressDaily Senate Appropriations Committee Chairman Robert Byrd, D-W.Va., said Monday he is considering offering amendments to a border security bill pending on the Senate floor, including one concerning the structure of the office of Homeland Security Director Tom Ridge. However, Byrd also indicated in floor comments that he may soon allow the bill to pass, even though it is "not the final answer to what ails our border defenses." Meanwhile, Senate Environment and Public Works Committee Chairman James Jeffords, I-Vt., asked Ridge Monday to testify before the committee early next month on homeland security legislation. In a letter to Ridge, Jeffords said he hoped Ridge would testify at a May 7 hearing. http://www.govexec.com/dailyfed/0402/041602cdam2.htm ---------------------------------------------------- _____________________________________________________________________ The source material may be copyrighted and all rights are retained by the original author/publisher. Copyright 2002, IWS - The Information Warfare Site _____________________________________________________________________ Wanja Eric Naef Webmaster & Principal Researcher IWS - The Information Warfare Site <http://www.iwar.org.uk> --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk