_________________________________________________________________
London, Thursday, August 15, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe
infocon" in the body
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] Mock cyberwar fails to end mock civilization
[2] Shadow government remains on alert in remote locations
[3] IT Pros May Face Background Checks
[4] Hackers use Wi-Fi invisibility cloak
[5] Growing pains for Linux
[6] SSL confidence weakened by IE flaw
[7] Senators, Software Battle for Privacy
[8] (TV) Special Edition: Def Con X
[9] DoS risk from Oracle9i debugging bug
[10] U.S. Aiding Asia-Pacific Anti-Cybercrime Efforts
[11] OECD updates network security guidelines
[12] New Dallas FBI chief takes post this week
[13] Network Associates Sweetens McAfee Offer
[14] Mobile phone virus: ACE is a hoax
[15] Appeals court to hear suit against VeriSign
[16] No Stone Unturned, Part Six
[17] Senator seeks rail security funds
_________________________________________________________________
News
_________________________________________________________________
[Good article which shows that 'Cybergeddon' does not loom around the corner.
WEN]
To sum up, the Naval War College's Craig Koerner pointed to the need for
"synergies" in making the attacks interoperable, hence feasible. For example,
the group would likely attack the Internet last to preserve it for other,
continuing attacks. He pointed out that while local attacks are possible, it's
virtually impossible to bring off any lasting, nationwide horror. The
stereotypical scenario of a crew of hackers bringing down the national
infrastructure is quite ludicrous, despite the apparently perjured testimony
before numerous Congressional Committees of Michael Vatis, Louis Freeh, Richard
Clarke, John Tritak, Ron Dick, Scott Charney, and Mudge.
[1] Mock cyberwar fails to end mock civilization
By Thomas C Greene in Washington
Posted: 14/08/2002 at 12:08 GMT
A mock cyberwar enacted by faculty of the US Naval War College and analysts from
Gartner does not appear to have fulfilled the Clancyesque predictions of mass
devastation envisioned by the leading security paranoiacs of the Clinton and
Bush Administrations.
The exercise, named "Digital Pearl Harbor," apparently in tribute to US
CyberSecurity Czar and Chief Alarmist Richard Clarke, brought together a team of
experts in several areas related to critical infrastructure for a three-day
hackfest.
http://www.theregister.co.uk/content/55/26675.html
----------------------------------------------------
[2] Shadow government remains on alert in remote locations
>From National Journal
Since Sept. 11, mid- and high-level career federal employees have taken rotating
assignments at two remote bunkers to ensure the continuity of government
operations in the event of another terrorist attack.
The parallel government operates at two locations in Virginia and Pennsylvania.
The people in the bunkers have the job of managing the country's food, water,
and energy supplies, as well as transportation needs, medical and health
emergencies, communications networks, and civilian peacekeeping during any
catastrophic incident that disables federal operations in Washington.
Reconstructing the constitutional government after destruction or maiming of the
capital would also be the task of the staff and officials assigned to the
bunkers.
http://www.govexec.com/dailyfed/0802/081402nj1.htm
----------------------------------------------------
[3] IT Pros May Face Background Checks
By DAN VERTON
JULY 29, 2002
Washington
The Bush administration plans to convene a panel of government and
private-sector labor and legal experts to develop guidelines for subjecting tens
of thousands of corporate IT and other employees to background investigations.
The panel, as described in the president's "National Strategy for Homeland
Security" report, released July 16, would be convened jointly by the secretary
of Homeland Security and the attorney general following the establishment of a
cabinet-level Department of Homeland Security. It would examine whether current
employer liability statutes and privacy concerns would hinder "necessary
background checks for personnel with access to critical infrastructure
facilities or systems."
http://www.computerworld.com/securitytopics/security/story/0,10801,73074,00.html
----------------------------------------------------
[4] Hackers use Wi-Fi invisibility cloak
Legal worries
13:02 Thursday 25th July 2002
Michael Sutton
Companies with insecure Wi-Fi networks used in hacking attacks could become
vulnerable to lawsuits. The cleanup from an attack can be very costly, and
victims will be looking for someone to foot the bill. Since the hacker who
perpetrated the attack might never be found, victims will target corporations
that unknowingly aided the hacker.
http://techupdate.zdnet.co.uk/story/0,,t481-s2119788-p2,00.html
----------------------------------------------------
[5] Growing pains for Linux
ASSOCIATED PRESS
SAN FRANCISCO, Aug. 14 - Pioneered by idealistic programmers as a grass-roots
alternative to corporate control of software, the open-source Linux operating
system is grappling with the growing pains of adolescence.
http://www.msnbc.com/news/794258.asp
----------------------------------------------------
[6] SSL confidence weakened by IE flaw
A vulnerability in the way Internet Explorer checks the validity of digital
certificates may allow the undetected interception of information when used with
SSL. Certificates signed by intermediate certificate authorities are not checked
for the "Basic Constraints." This means that any websites with a valid digital
certificate could potentially generate a valid certificate for any other site,
instead of requiring a certificate body to do so. Mike Benham, an independent
security researcher out of San Francisco, states the flaw has existed for around
5 years.
http://www.geek.com/news/geeknews/2002Aug/gee20020814015857.htm
----------------------------------------------------
[7] Senators, Software Battle for Privacy
By John Taschek
It's coincidental that Anonymizer-one of the two mainstream privacy proxies in
business-released a new version the same week that two senators released a
statement that Americans need more privacy assurances.
The senators-Charles Schumer, D-N.Y., and John Edwards, D-N.C., are not only
concerned about Internet spying and unchecked camera surveillance, but they're
also concerned that if nothing is done to protect privacy immediately in this
anti-terrorism climate, citizens will never gain back some freedoms that existed
just a year ago.
http://www.eweek.com/article2/0,3959,463146,00.asp
----------------------------------------------------
[8] Special Edition: Def Con X
'CyberCrime' goes back to Vegas to get a look inside the underground computer
community's biggest event.
Watch Monday 8/19 at 12 a.m. Eastern.
For the fourth year in a row, "CyberCrime" is going to Def Con, the largest
hacker conference in the world. Thousands of hackers, corporate suits, and law
enforcement officers will converge in the Las Vegas desert to attend the two-day
conference. In our half-hour special devoted to the event, hosts Alex Wellen and
Jennifer London go behind the scenes to reveal the latest in hacking, computer
security, and online privacy.
http://www.techtv.com/cybercrime/shownotes/story/0,23008,3393559,00.html
----------------------------------------------------
[9] DoS risk from Oracle9i debugging bug
By John Leyden
Posted: 14/08/2002 at 12:56 GMT
A flaw in the debugging mechanism of Oracle9i supplies a mechanism for crackers
to crash vulnerable servers.
All Oracle9i installations are vulnerable to this attack, according to security
tools firm ISS, which discovered the problem. The flaw could be used to launch
denial of service attacks, it warns.
http://www.theregister.co.uk/content/55/26678.html
----------------------------------------------------
[10] U.S. Aiding Asia-Pacific Anti-Cybercrime Efforts
By Brian Krebs
washingtonpost.com Staff Writer
Wednesday, August 14, 2002; 3:12 PM
U.S. law enforcement officials will meet with representatives from a host of
Asia-Pacific countries this weekend as part of an international training program
to help developing nations combat computer crime and cyberterrorism.
http://www.washingtonpost.com/wp-dyn/articles/A17801-2002Aug14.html
----------------------------------------------------
[11] OECD updates network security guidelines
By John Leyden
Posted: 08/09/2002 at 06:45 EST
The Organisation For Economic Co-Operation And Development (OECD) this week
released a set of guidelines for information security aimed at creating a
"culture of security" among government and business in the wake of last year's
September 11 attacks.
It's the first time in ten years that the 30-nation inter-government group has
updated its principles on security. Recognising the influence the Internet has
had on security over that time, the OECD has drawn up a nine-point programme
designed to guard against such risks as cyberterrorism, computer viruses,
hacking and other threats.
http://www.theregus.com/content/55/25923.html
----------------------------------------------------
[12] New Dallas FBI chief takes post this week
DALLAS (AP) - Twenty-two-year FBI veteran Guadalupe Gonzalez will take over the
bureau's Dallas field division, where he will be in charge of the nation's
largest joint terrorist task force.
Gonzalez, 47, succeeds Danny Defenbaugh, who retired in May. Gonzalez starts his
new job this week.
Gonzalez, who grew up in Corpus Christi, becomes the Dallas FBI's first Latino
commander.
Gonzalez previously led the Phoenix FBI office, where he left amid criticism
that his focus on drug enforcement stalled counterterror investigations that
could have stopped the Sept. 11 attacks.
http://www.reporternews.com/2002/texas/texas_New_Dalla814.html
----------------------------------------------------
[13] Network Associates Sweetens McAfee Offer
By REUTERS
Filed at 10:31 p.m. ET
NEW YORK (Reuters) - Security provider Network Associates Inc. (NET.N) on
Tuesday said it sweetened its bid for the 25 percent of McAfee.com (MCAF.O) it
doesn't own, valuing the stake at about $209 million.
http://www.nytimes.com/reuters/technology/tech-tech-network-mcafee.html?ex=10300
75200&en=7caf0573ef9e933b&ei=5040&partner=MOREOVER
----------------------------------------------------
[14] Mobile phone virus: ACE is a hoax
Old 'joke' virus warning rears its ugly head...
A mobile phone virus hoax which first did the rounds a couple of months ago has
resurfaced, if the silicon.com email postbag is anything to go by.
The virus warning appears to come from Essex Police, and reads along these
lines:
"Mobile phone virus alert, if you receive a phone call and your mobile phone
displays ACE-? on the screen. DON'T ANSWER THIS CALL - END THE CALL IMMEDIATELY.
http://www.silicon.com/bin/bladerunner?30REQEVENT=&REQAUTH=21046&14001REQSUB=REQ
INT1=55098
----------------------------------------------------
[15] Appeals court to hear suit against VeriSign
Wednesday 14 August 2002
A US Court of Appeals is to decide whether VeriSign is liable for damages after
transferring the sex.com domain name to someone who forged a letter claiming
ownership.
According to groups supporting Gary Kremen, the owner of sex.com, this is a case
with potentially broad implications for anyone who registers a domain name.
Kremen has spent seven years and $3.4m (?2.2m) in legal fees for the right to
keep a domain name he says he should have never lost.
http://www.cw360.com/bin/bladerunner?REQSESS=118B110&2149REQEVENT=&CARTI=114978&;
CARTT=14&CCAT=2&CCHAN=28&CFLAV=1
----------------------------------------------------
[16] No Stone Unturned, Part Six
by H. Carvey
last updated August 14, 2002
Introduction
This is an additional installment to the No Stone Unturned series, which was
written to help clarify to NT/2K admins the steps they can take to determine the
nature and purpose of suspicious files found on their systems. In Part Five of
the series, our heroic system administrator found an unusual file on a
compromised system. In this bonus installment, he attempts to determine the
nature and purpose of that file.
http://online.securityfocus.com/infocus/1618
----------------------------------------------------
[17] Senator seeks rail security funds
By Molly M. Peterson, National Journal's Technology Daily
As the Senate prepares to consider a wide range of transportation provisions
during next month's floor debate of its sweeping homeland security bill, some
lawmakers are warning that potential vulnerabilities in the nation's rail system
have been largely overshadowed by Congress' mad dash to bolster aviation
security.
"Our lack of rail security precautions is an Achilles heel in our nation's
efforts to secure our transportation system," Sen. Tom Carper, D-Del., said
recently. "It would be nice to believe that our rail system will never be a
target for terrorists, but this is naive."
The Senate's homeland security bill, S. 2452, includes a Carper-authored
amendment that would provide Amtrak with $1.2 billion for rail security
improvements.
http://www.govexec.com/dailyfed/0802/081402td1.htm
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
