_________________________________________________________________
London, Friday, August 02, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe
infocon" in the body
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] Senate delays vote on homeland security bill
[2] Bush adviser promotes 'responsible hacking'
[3] Italian police nab top secret website hackers
[4] Cybercafe crackdown threatens oases of privacy in Pakistan
[5] Wi-Fi honeypots a new hacker trap
[6] HP invokes DMCA to quash Tru64 bug report & RF rant
[7] Copyright, Security, and the Hollywood Hacking Bill
[8] When Dreamcasts Attack
[9] Security experts take shots at effort to create new department
[10] Web fraud schemes shut down by authorities
[11] Online newspaper incorrectly reports death of Prince Claus
[12] (UK) First e-elections "within 10 years"
[13] Fair or Foul Way to Fight Pirates?
[14] Are you insured against cybercrime?
[15] Taft scheduled to sign Ohio's anti-spam bill today
[16] New car technology worries US privacy advocates
[17] Trade bill includes billions for border security technology
_________________________________________________________________
News
_________________________________________________________________
[1] Senate delays vote on homeland security bill
By Brody Mullins and Charlie Mitchell, CongressDaily
The Senate delayed a procedural vote on homeland security legislation Thursday
until after the August recess-a move that further dampens the chances for Senate
approval of a Homeland Security Department by the symbolic deadline of Sept. 11.
Under a deal reached Thursday, senators will vote on a motion to proceed to the
homeland legislation soon after returning from the upcoming four-week break.
Senators had expected to vote on the motion Friday. However, Senate
Appropriations Committee Chairman Robert Byrd, D-W.Va., in a series of speeches,
has pleaded with senators to slow down consideration of the bill to ensure that
the creation of the new Cabinet-level department gets careful thought.
http://www.govexec.com/dailyfed/0802/080102cd1.htm
----------------------------------------------------
[2] Bush adviser promotes 'responsible hacking'
A White House adviser is urging computer professionals and hackers to do more to
help uncover software glitches. Computer security advisor Richard Clarke has
told experts attending the Black Hat conference in Las Vegas they have an
obligation to help.
He says their help is needed because most bugs are not found by software makers
themselves.
http://www.ananova.com/news/story/sm_641804.html?menu=news.technology
http://www.cnn.com/2002/TECH/internet/08/01/computer.security.ap/index.html
----------------------------------------------------
[3] Italian police nab top secret website hackers
Italian police say they have caught two groups of hackers who broke into top
secret US websites, including those run by the army, navy, and the NASA space
agency.
Police have identified 14 people, including four minors and several computer
workers, who belong to the two groups - one calls itself "Mentor" and the other
"Reservoir Dogs".
http://www.abc.net.au/news/scitech/2002/08/item20020802000120_1.htm
----------------------------------------------------
[4] Cybercafe crackdown threatens oases of privacy in Pakistan
Ian Fisher The New York Times
Friday, August 2, 2002
LAHORE, Pakistan Shahid Masood is a bit down on the Internet these days. But he
has never seen anyone who looks like a terrorist at the cybercafe he owns here.
Mostly, he says, his customers are boys trying to look at naked girls.
"People do not use it in a positive manner," he said in this vibrant city with
two universities and many students - enthusiastic customers if not always rich
ones. "Most of the people access porn sites. Then it is e-mail and chat sites.
Otherwise, there is not much usage of the Internet."
http://www.iht.com/articles/66490.html
----------------------------------------------------
[5] Wi-Fi honeypots a new hacker trap
By Kevin Poulsen, SecurityFocus Online
Posted: 30/07/2002 at 05:16 GMT
Hackers searching for wireless access points in the nation's capital may soon
war drive right into a trap. Last month researchers at the government contractor
Science Applications International Corporation (SAIC) launched what might be the
first organized wireless honeypot, designed to tempt unwary Wi-Fi hackers and
bandwidth borrowers and gather data on their techniques and tools of choice.
http://www.theregister.co.uk/content/55/26434.html
----------------------------------------------------
[Rick posted a good rant which is posted below the article's url. WEN]
[6] HP invokes DMCA to quash Tru64 bug report
By John Leyden
Posted: 31/07/2002 at 12:37 GMT
Hewlett Packard has threatened to use computer crime laws and the controversial
Digital Millennium Copyright Act to muzzle a group of security researchers who
unearthed a flaw in its Tru64 operating system.
The threat comes in a letter to SnoSoft from HP Veep Kent Ferson warning that
the security researchers "could be fined up to $500,000 and imprisoned for up to
five years" for its role in publishing code that demonstrated the vulnerability,
CNET's Declan McCullagh reports.
http://www.theregister.co.uk/content/55/26468.html
---------- Forwarded message ----------
Date: Wed, 31 Jul 2002 09:37:50 -0400
From: Richard Forno <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [infowarrior] - Comment on DMCA, Security, and Vuln Reporting
Given the recent news about HP using DMCA to shutter a Bugtraq disclosure of
Tru64 vulnerability, I felt it appropriate to chime in. I hope you find my
comments of-value and worthy of relaying onto the list.
The News.Com story with more details is at :
http://news.com.com/2100-1023-947325.html?tag=fd_lede
- ----------RFF Comments
I find it sadly amusing that technology companies see "security
debate" on the same level as "piracy" or "copyright controls." What it
really serves as is a corporate secrecy tool and (as was said) cudgel
against any and all potential enemies.
HP, in its infinite corporate and legal wisdom - the same wisdom
shared by Ken Lay, Jeff Skilling, Fritz "Hollywood" Holings, and
Bernie Ebbers - has opened a Pandora's Box here. Next you'll see folks
saying that public disclosure of the generic password on the default
Unix "guest" account will be prosecutable under DMCA, or that a given
exploit uses a "buffer overflow" to cause its damage is likewise
criminal to speak of. It's bad enough that black markers might become
illegal, isn't it? But the madness continues.
While I disagree with Adobe's use of DMCA last year against Dmitry, at
least their claim was somehow - admitted tangentally - related to
copyright protection. HP's case is just absurd and has nothing to do
with copyrights and everything to do with avoiding embarassment and
taking responsibility for their product's shortcomings.
I believe system-level security is MUTUALLY-EXCLUSIVE from copyright
protection -- or more accurately, the 'economic security' of the
vendors. Taking reasonable steps - including public disclosure of
exploits and their code - to protect a user's system from unauthorized
compromise IN NO WAY impacts the copyright rights of HP, unless HP
wrote the exploit code that's being publicly shared w/o
permission....in which case it's truly their fault then. Regardless,
either way you look at it, they're using DMCA to conceal their
embarassment and duck responsibility.
The way we're going, thanks to HP's legal geniuses, we may as well
call NIST, NSA, SANS, and IETF to rewrite a new 'industry standard'
definition for 'computer security' that places the vendor's profit and
public image above the confidentiality, integrity, and availability of
end-user data and systems. For all intents and purposes, Congress has
already done that with DMCA and Berman's proposed "Hollywood Hacking"
Bill -- they just forgot to inform (or seek counsel from) those of us
working in the real information security community.
Bleeping idiots. Congress and Corporate America. When it comes to
technology policy, neither has the first clue . No wonder we're in the
state we're in.
rick
infowarrior.org
- --
You are a subscribed member of the infowarrior list. Visit
www.infowarrior.org/lists for list information or to unsubscribe. This
message may be redistributed freely in its entirety.
----------------------------------------------------
[7] Copyright, Security, and the Hollywood Hacking Bill
Proposed copyright enforcement legislation may circumvent fundamental
constitutional protections and create chaos on the Internet.
By Richard Forno Jul 31, 2002
Copyright enforcement, the attempt by the entertainment industry to prop up
their obsolete business models, is increasingly a danger to the legitimate use
of information technology and, by extension, the future of the Internet
community.
The latest troubling development in copyright enforcement is a bill recently
introduced in the Congress by Howard Berman (D-CA). This bill would allow
copyright holders to disable computers used to illegally trade copyrighted
material, such as music and movies. Copyright holders would be exempt from
computer hacking laws, and allowed to disable P2P networks allegedly used in
illegal file sharing by various technical means currently prohibited by existing
computer crime laws. It would grant copyright holders legal carte blanche to
ping, probe, scan, disrupt, attack, and crack remote computer systems or
infrastructures to ensure no copyright infringements are taking place. Not only
that, but under the bill, the copyright holder is not liable for any damages
beyond $50 resulting from their on-line copyright enforcement. (For the full
text of the proposed legislation, please click here.)
http://online.securityfocus.com/columnists/99
----------------------------------------------------
[8] When Dreamcasts Attack
White hat hackers use game consoles, handheld PCs to crack networks from the
inside out.
By Kevin Poulsen, Jul 31 2002 5:26PM
LAS VEGAS--Cyberpunks will be toting cheap game consoles on their utility belts
this fall if they follow the lead of a pair of white hat hackers who
demonstrated Wednesday how to turn the defunct Sega Dreamcast into a disposable
attack box designed to be dropped like a bug on corporate networks during covert
black bag jobs.
The "phone home" technique presented by Aaron Higbee of Foundstone and Chris
Davis from RedSiren Technologies at the Black Hat Briefings here takes advantage
of the fact that firewalls effective in blocking entry into a private network,
are generally permissive in allowing connections the other way around.
http://online.securityfocus.com/news/558
----------------------------------------------------
[9] Security experts take shots at effort to create new department
By Molly M. Peterson, National Journal's Technology Daily
President Bush's proposal to create a Homeland Security Department-and the
disparate House and Senate bills to implement the sweeping plan-do not
adequately address several issues that are crucial to the government's ability
to effectively combat terrorism, several national security experts said
Wednesday.
"The problem of intelligence sharing and intelligence fusion is not addressed by
this reorganization," Michele Flournoy, a senior adviser for international
security at the Center for Strategic and International Studies (CSIS), said
during a forum sponsored by the Cato Institute.
Flournoy said the new department should include a "national intelligence fusion
center" to improve intelligence agencies' ability to share information with each
other and with federal, state and local law enforcement officials. The new
department also should establish an information classification system that could
enable law enforcement officials to contribute to intelligence analysis
projects, she said.
http://www.govexec.com/dailyfed/0702/073102td1.htm
----------------------------------------------------
[10] Web fraud schemes shut down by authorities
By Reuters
July 30, 2002, 11:15 AM PT
Federal and state law enforcement authorities said Tuesday that they had taken
action against 19 Internet-based scams they say collectively bilked consumers
out of millions of dollars.
Work-at-home schemes, auction fraud, deceptive use of junk e-mail, securities
fraud and other schemes were targeted by a broad Internet law enforcement effort
including state attorneys general, local law enforcement authorities and a
number of federal agencies.
Several cases have been settled already, with punishments ranging from
seven-year jail sentences to agreements by defendants to stop their schemes.
http://news.com.com/2100-1017-947219.html?tag=cd_mh
----------------------------------------------------
[11] Online newspaper incorrectly reports death of Prince Claus
25/07/2002 Editor: Joe Figueiredo
On July 24th, the web version of the Dutch daily, the Haagsche Courant, was one
of several Dutch online newspapers to incorrectly report the death of Prince
Claus, the Dutch prince consort, who is currently lying in intensive care at an
Amsterdam hospital.
http://www.europemedia.net/shownews.asp?ArticleID=11704
----------------------------------------------------
[With the current state of security. Not really. WEN]
[12] First e-elections "within 10 years"
Britain could have its first e-general election by the end of the decade,
according to the chairman of the Electoral Commission.
But Sam Younger warns that the Government needs to set out a clearer vision of
the future of voting if it is to meet its target of an "e-enabled" election
sometime after 2006.
It believes it would be "premature" to claim it is on track for this goal.
http://www.thisislondon.com/dynamic/news/story.html?in_review_id=656508&in_revie
w_text_id=627443
----------------------------------------------------
[13] Fair or Foul Way to Fight Pirates?
Tech Firms and Hollywood Divided Over Proposed Bill to Stop Piracy
By Peter Barnes, Tech Live Washington, D.C., Bureau Chief
July 31 - Record companies are supporting a new bill in Congress that would let
them legally disable peer-to-peer (P2P) networks - and even target individual
computers - to fight digital piracy.
Observers say chances are remote that the so-called Peer to Peer Piracy
Prevention Act will pass Congress. The proposal represents the latest round in
the battle between content companies and technology firms over how to control
illegal copying and distribution of copyright material on the Web.
http://abcnews.go.com/sections/scitech/TechTV/techtv_piracybill020731.html
----------------------------------------------------
[14] Are you insured against cybercrime?
Almost certainly not
UK IT directors are largely unaware of the concept of IT insurance, according to
a firm which specialises in IT insurance.
http://www.silicon.com/bin/bladerunner?30REQEVENT=&REQAUTH=21046&14001REQSUB=REQ
INT1=54636
----------------------------------------------------
[15] Taft scheduled to sign Ohio's anti-spam bill today
By Andrew Welsh-Huggins
The Associated Press
COLUMBUS - After someone relayed thousands of pornographic e-mails through a
client's Internet connections, Barry Hassler was happy to support an Ohio bill
trying to crack down on unwanted e-mail known as spam.
But Mr. Hassler has doubts about the effectiveness of the legislation he
supported.
"It's hard to track down the real source of this information to be able to
prosecute someone," said Mr. Hassler, founder of HCST, an Internet service
provider in suburban Dayton. "To this day, we don't know where these messages
originated from."
http://enquirer.com/editions/2002/08/01/loc_taft_scheduled_to.html
----------------------------------------------------
[16] New car technology worries US privacy advocates
14:59 Thursday 1st August 2002
Rachel Konrad, CNET News.com
Data designed to aid emergency workers in case of a crash could fall into the
wrong hands say opponents
General Motors will begin installing new sensors and communications systems into
vehicles next year that could save lives but might raise privacy concerns. At a
news conference Wednesday, emergency medical doctors and highway safety
advocates praised the GM's Advanced Automatic Crash Notification (AACN) as a
life-saving system by the giant automaker.
http://news.zdnet.co.uk/story/0,,t271-s2120194,00.html
----------------------------------------------------
[17] Trade bill includes billions for border security technology
By William New, National Journal's Technology Daily
The bill to renew presidential trade-negotiating authority passed by the Senate
Thursday includes billions of dollars earmarked for new border security
technologies and contains explicit negotiating objectives on e-commerce and
services.
The Senate passed the bill, H.R. 3009, by a vote of 64-34. Sections of the bill
that would reauthorize the Customs Service have attracted mixed reactions from
the high-tech industry and civil liberties groups.
"It's good for Customs, and it's good for the tech industry because it provides
the funds to modernize the system and gives us an opportunity to do the work,"
said former customs attorney Joseph Tasker, now senior vice president at the
Information Technology Association of America.
http://www.govexec.com/dailyfed/0802/080102td2.htm
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
- ---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe
infocon" in the body
- ---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
