_________________________________________________________________
London, Friday, August 16, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
InforwarCon 2002:
Homeland Defense and Cyber-Terrorism, Washington, DC September
4-5, 2002, optional workshops September 3 & 6. Presented by MIS Training
Institute and Interpact, Inc. Proven strategies for protecting against threats
to critical infrastructures and government systems. Go to:
http://www.misti.com/08/iw02nl27inf.html
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] FBI names cybercrime chief
[2] Sleuths Invade Military PCs With Ease
[3] FBI agent charged with hacking
[4] Intel case tests e-mail as free speech
[5] Antiterror Chief Quits F.B.I., Which Gets New Deputy
[6] Get security straight first at HQ
[7] Ad watchdog critical of Domain Registry of Europe
[8] Crypto lockdown secures lost laptop data
[9] Configuring IPsec/IKE on Solaris
[10] Senator asks OMB to tackle problem of missing government computers
[11] [UK] Tories add to calls for internet 'grooming' law
[12] Utah man sues Sprint over spam e-mail
[13] Windows Apache security bug revealed
[14] Library hacker gets jail time
[15] Post to Bugtraq -- Go to Jail
[16] Switch to Linux saved us millions, Amazon.com says
[17] Sex.com case turning dirty
_________________________________________________________________
News
_________________________________________________________________
[1] FBI names cybercrime chief
>From National Journal's Technology Daily
The FBI on Thursday named Keith Lourdeau as chief of the cybercrime section of
the FBI's cyber division.
Since Feb. 2001, Lourdeau was assistant special agent in charge of the FBI's St.
Louis division, where he was responsible for the daily operation of the
division's administration and operations.
Lourdeau joined the FBI in 1986 and has served in the Chicago, Little Rock,
Ark., and St. Louis field offices. While he was serving at the FBI's
headquarters, he was detailed to the CIA to assist in establishing a new
initiative targeting international organized crime groups.
On Thursday, the FBI also named Thomas Richardson assistant director of the
investigative technologies division.Most recently, Richardson, who joined the
FBI in 1975, was acting deputy assistant director of the criminal investigation
division's financial crimes, integrity in government and civil rights and
operational support unit.
http://www.govexec.com/dailyfed/0802/081502td1.htm
----------------------------------------------------
[2] Sleuths Invade Military PCs With Ease
By Robert O'Harrow Jr.
Washington Post Staff Writer
Friday, August 16, 2002; Page A01
SAN DIEGO, Aug. 15 -- Security consultants entered scores of confidential
military and government computers without approval this summer, exposing
vulnerabilities that specialists say open the networks to electronic attacks and
spying.
The consultants, inexperienced but armed with free, widely available software,
identified unprotected PCs and then roamed at will through sensitive files
containing military procedures, personnel records and financial data.
http://www.washingtonpost.com/wp-dyn/articles/A24191-2002Aug15.html
----------------------------------------------------
[3] FBI agent charged with hacking
Russia alleges agent broke law by downloading evidence
By Mike Brunker
MSNBC
Aug. 15 - In a first in the rapidly evolving field of cyberspace law, Russia's
counterintelligence service on Thursday filed criminal charges against an FBI
agent it says lured two Russian hackers to the United States, then illegally
seized evidence against them by downloading data from their computers in
Chelyabinsk, Russia.
http://www.msnbc.com/news/563379.asp
----------------------------------------------------
[4] Intel case tests e-mail as free speech
Former worker prosecuted for electronic trespassing
By Allyce Bess
THE WALL STREET JOURNAL
Aug. 14 - When Ken Hamidi was fired from Intel Corp. in 1995 after a long
workers' compensation battle, he didn't go quietly. Mr. Hamidi, 55 years old,
spent the next two years criticizing the company in e-mails sent to thousands of
co-workers. Convinced he was a victim of age discrimination, Mr. Hamidi even
publicized his campaign by dressing as a cowboy and going on horseback to
distribute printed versions of his messages to employees entering Intel's
Folsom, Calif., facility, where he once worked. Now, the California Supreme
Court will determine whether the former employee's e-mail is a form of
electronic trespassing, as Intel claims, or an expression of free speech.
http://www.msnbc.com/news/794127.asp
----------------------------------------------------
[5] Antiterror Chief Quits F.B.I., Which Gets New Deputy
By PHILIP SHENON
WASHINGTON, Aug. 15 - The F.B.I.'s counterterrorism chief, who has overseen the
investigations of the Sept. 11 terror attacks and last year's deadly anthrax
mailings, has decided to retire, with no replacement yet chosen, the bureau said
today.
Federal Bureau of Investigation officials said the departure of the official,
Dale L. Watson, would have no effect on the terrorism investigations, because
Mr. Watson would leave behind experienced deputies when he takes a job with Booz
Allen Hamilton, the business consulting firm.
http://www.nytimes.com/2002/08/16/national/16BURE.html?ex=1030499471&ei=1&en=891
fac781216d471
----------------------------------------------------
[6] Get security straight first at HQ
Thursday 15 August 2002
The concept of the "extended enterprise" - where your systems are connected to
suppliers, partners and distributors - is an Internet phenomenon, writes Ross
Bentley.
However, says John Frazier, director of infrastructure services at i2
Technologies, many of these e-business initiatives have stalled because of the
potential security threats these projects have created.
"Extending the enterprise is great for business but a nightmare to secure," he
says. "What companies should be doing is getting their own house in order before
they open up their systems to the outside world. You can extend the enterprise
easily but how do you control access once they are in? This is the biggest
hurdle for many companies."
http://www.cw360.com/bin/bladerunner?REQSESS=0Z5G811&2149REQEVENT=&CARTI=114948&;
CARTT=3&CCAT=1&CCHAN=13&CFLAV=1
----------------------------------------------------
[7] Ad watchdog critical of Domain Registry of Europe
By Tim Richardson
Posted: 16/08/2002 at 09:52 GMT
The Advertising watchdog has slammed Domain Registry of Europe (DRoE) for
misleading consumers over its mailshots that "look like bills".
Last month The Register reported how the Canada-based domain registration outfit
is currently targeting domain holders in the UK with unsolicited letters that
readers claim "look like bills".
http://www.theregister.co.uk/content/6/26705.html
----------------------------------------------------
[8] Crypto lockdown secures lost laptop data
17:06 15 August 02
NewScientist.com news service
Stolen or lost laptops can now automatically encrypt all their data, thanks to
new equipment that creates a wireless bond between the machine and its owner.
When its "master" is out of range, it locks down, keeping the data from falling
into the wrong hands.
http://www.newscientist.com/news/news.jsp?id=ns99992683
----------------------------------------------------
[9] Configuring IPsec/IKE on Solaris
by Ido Dubrawsky
last updated August 15, 2002
The IP Security Protocol (IPsec) and the Internet Key Exchange (IKE) protocol
are designed to permit system and network administrators the capability to
protect traffic between two systems. These systems can be network devices or
individual hosts. With the release of Solaris 8, Sun added the ability to
configure IPsec on Solaris hosts in order to construct a virtual private network
(VPN) between the systems or to secure the traffic destined for a system. This
article is the first of a three-part series that will examine IPsec and the key
management protocol, IKE, and provide readers with an introduction on how to
configure both protocols on a Solaris host.
http://online.securityfocus.com/infocus/1616
----------------------------------------------------
[10] Senator asks OMB to tackle problem of missing government computers
By Tanya N. Ballard
[EMAIL PROTECTED]
A lawmaker urged the Office of Management and Budget Thursday to tackle the
problem of missing computers at several federal agencies.
"I'm worried that just as dryers have the knack of making socks disappear, the
federal government has discovered a core competency of losing computers," Sen.
Charles Grassley, R-Iowa, wrote in an Aug. 15 letter to OMB Director Mitch
Daniels.
http://www.govexec.com/dailyfed/0802/081502t1.htm
----------------------------------------------------
[11] Tories add to calls for internet 'grooming' law
Matthew Tempest, political correspondent
Friday August 16, 2002
The Conservatives today called for an immediate criminal offence to target
paedophiles who "groom" children through internet chatrooms.
The demand came on the back of the disappearance of Cambridgeshire 10-year-olds
Jessica Chapman and Holly Wells, although the Tory shadow home secretary, Oliver
Letwin, admitted he did not know if the internet was a factor in this case.
http://society.guardian.co.uk/children/story/0,1074,775708,00.html
----------------------------------------------------
[12] Utah man sues Sprint over spam e-mail
By RICH VOSEPKA
Associated Press Writer
SALT LAKE CITY - In what's apparently the first use of Utah's new anti-spam law,
lawyers are seeking damages from Sprint Communications Co. for an unsolicited
advertisement e-mailed to a Utah man.
Sprint lawyers responded by asking Judge Denise Lindberg to force the plaintiff,
Terry Gillman, to hand over his hard drive to Sprint while the case is pending.
Sprint Communications is a subsidary of Overland Park, Kan.-based Sprint Corp.
The judge on Tuesday refused to order the hard drive to be turned over. She did
say Sprint and Gillman are prohibited from erasing anything from their computers
that could be relevant to the case, said attorney Denver Snuffer, who represents
Gillman.
http://www.siliconvalley.com/mld/siliconvalley/news/3780039.htm
----------------------------------------------------
[13] Windows Apache security bug revealed
By Thomas C Greene in Washington
Posted: 15/08/2002 at 02:11 GMT
Default installations of Apache on Windows are susceptible to a bug discovered
by Italian researcher Luigi Auriemma, Apache.org reports.
http://www.theregister.co.uk/content/55/26686.html
----------------------------------------------------
[14] Library hacker gets jail time
'Very serious offense' earns Philly man 1-3 years in state prison
By Jeffrey Blackwell
Democrat and Chronicle
(August 15, 2002) - Hacking into the Monroe County Library System's Web site has
earned a Philadelphia man 1-to-3-years in state prison.
Christopher J. Chinnici pleaded guilty in June to a felony charge of
second-degree computer tampering for breaking into the system in December 2001
and leaving behind an obscene image after one attack and an animated cartoon
after another.
http://www.democratandchronicle.com/news/0815story110800_news.shtml
----------------------------------------------------
[15] Post to Bugtraq -- Go to Jail
HP's ill-advised DMCA threat actually had a few legal teeth. Will federal
prosecutors soon start chomping at bug finders?
By Mark Rasch Aug 05, 2002
Imagine discovering a flaw in an operating system that would permit you to
obtain root privileges. Imagine then posting information about this
vulnerability to a message board dedicated to information security, along with a
link to an exploit that could be assembled to take advantage of the
vulnerability. Does the vendor of the OS congratulate you?
No. In the case of an engineer for SnoSoft who did precisely that last week,
both he and his employer were rewarded for their diligence by a threat, not only
of civil lawsuit by the vendor, but also of criminal prosecution under two
separate federal and several state statutes.
http://online.securityfocus.com/columnists/100
----------------------------------------------------
[16] Switch to Linux saved us millions, Amazon.com says
By Brier Dudley
Seattle Times technology reporter
SAN FRANCISCO - Amazon.com switched nearly its entire computer network to the
freely shared Linux operating system not because of politics but because it is
helping the company grow and cut costs, Amazon's engineering chief said
yesterday.
"We wanted the best tool for the task," said Jacob Levanon, director of systems
engineering at the Seattle-based Internet retailer.
Amazon has become a poster child for the progress Linux is making in
large-enterprise computing since the Web giant began using Linux to run 92
percent of its network computers last September.
http://seattletimes.nwsource.com/html/businesstechnology/134513573_linux15.html
----------------------------------------------------
[17] Sex.com case turning dirty
09:33 Wednesday 14th August 2002
Lisa M. Bowman, CNET News.com
An arcane domain name dispute also involves porn operators, a fugitive on the
run in Mexico, a forged letter and bounty hunters
Although it's an arcane case about property rights in the digital age, the
Sex.com saga has all the trappings of a juicy pulp fiction novel: a fugitive on
the lam in Mexico, would-be bounty hunters, and porn.
Now justices in the 9th Circuit Court of Appeals are hoping to sort out at least
one of the issues: whether domain name registrar VeriSign can be held
responsible for turning the Sex.com name over to someone who sent the company a
forged letter requesting the transfer.
http://news.zdnet.co.uk/story/0,,t269-s2120807,00.html
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
