_________________________________________________________________
London, Thursday, August 22, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
InfowarCon 2002:
Homeland Defense and Cyber-Terrorism, Washington, DC September
4-5, 2002, optional workshops September 3 & 6. Presented by MIS Training
Institute and Interpact, Inc. Proven strategies for protecting against threats
to critical infrastructures and government systems. Go to:
http://www.misti.com/08/iw02nl27inf.html
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] White House Officials Debating Rules for Cyberwarfare
[2] Defense agency makes progress on homeland technologies
[3] Congressman: 9-11 attacks could have been detected, stopped
[4] 9/11 fails to influence disaster recovery strategies - survey
[5] 'Stupid' linking policies come under fire
[6] Big-media Axis of Evil on the march
[7] How Much Info Is Too Much Info?
[8] UK e-commerce rules catch e-tailers unprepared
[9] Computer Security: Hack attack
[10] Alberta hackers gear up for International War Driving Day
[11] CIA must collaborate more, strengthen weaknesses
[12] Massive pirate CD haul seized
[13] A Web-only Primer on Public-key Encryption
[14] Web tracking firm, drug companies prevail in privacy lawsuit
[15] Federal Web sites need to be more user-friendly
[16] T-Mobile to go global with WLAN hotspots
[17] Introduction to Autorooters: Crackers Working Smarter, not Harder
_________________________________________________________________
News
_________________________________________________________________
[Finally, they focus more on the real threat. WEN]
Richard A. Clarke, head of the Office of Cyberspace Security, said the
government has begun to regard nation-states rather than terrorist groups as the
most dangerous threat to this country's computer security after several
suspicious break-ins involving federal networks.
[1] White House Officials Debating Rules for Cyberwarfare
White House cybersecurity czar Richard Clarke is leading the government's
efforts to create a national strategy for protecting America's critical IT
infrastructure. (File Photo - The Washington Post)
By Ariana Eunjung Cha and Jonathan Krim
Washington Post Staff Writers
Thursday, August 22, 2002; Page A02
The Bush administration is stepping up an internal debate on the rules of
engagement for cyberwarfare as evidence mounts that foreign governments are
surreptitiously exploring our digital infrastructure, a top official said
yesterday.
Richard A. Clarke, head of the Office of Cyberspace Security, said the
government has begun to regard nation-states rather than terrorist groups as the
most dangerous threat to this country's computer security after several
suspicious break-ins involving federal networks.
"There are terrorist groups that are interested. We now know that al Qaeda was
interested. But the real major threat is from the information-warfare brigade or
squadron of five or six countries," Clarke said in an interview with Washington
Post editors and reporters.
http://www.washingtonpost.com/wp-dyn/articles/A46967-2002Aug21.html
----------------------------------------------------
[2] Defense agency makes progress on homeland technologies
By Molly M. Peterson, National Journal's Technology Daily
PHILADELPHIA - Seven months after its launch in response to the Sept. 11
attacks, the Defense Advanced Research Project Agency's counterterrorism
division has made significant progress on a wide range of unconventional
homeland security technologies, a top DARPA official said Wednesday during a
conference sponsored here by the Government Emerging Technologies Alliance.
Those tools include bio-surveillance programs that could help spot unusual
outbreaks by tracking over-the-counter medication sales, and multi-modal
biometric tools that could identify terrorist suspects from a distance by
focusing on "face and gait."
"Gait is the way people walk, and the signature it creates," Robert Popp, deputy
director of DARPA's Information Awareness Office (IAO) told high-tech
professionals from the government and private sector during a panel discussion
on emerging counterterrorism technologies.
http://www.govexec.com/dailyfed/0802/082102td1.htm
----------------------------------------------------
[It is always easy to say that something could have been prevented
once it happened. WEN]
[3] Congressman: 9-11 attacks could have been detected, stopped
Congressman Curt Weldon (R-PA) has stated that implementation of an interagency
data mining capability and intelligence integration could have helped prevent
the September 11, 2001 terrorist attacks. Developing and deploying the
technology that was proposed and introduced before Congress years prior to the
attack may have allowed agencies to detect the threat. The raw data of the 33
classified agency systems could be combined and provide data-fusion
capabilities. The National Operations and Analysis Hub (NOAH) was proposed by
Weldon two years ago and was intended to be a data mining agency to provide the
intelligence community with threat profiles of terrorists, but was never
established. Weldon advocates the establishment of a centralized data mining
capability.
http://www.computerworld.com/databasetopics/data/datamining/story/0,10801,73633,
00.html
----------------------------------------------------
[For more info on BCP see this month's NCMS InfraGard
Manufacturing Industry Association Corner.Office
http://trust.ncms.org/CornerOfc0702.htm WEN]
[4] 9/11 fails to influence disaster recovery strategies - survey
By John Leyden
Posted: 20/08/2002 at 12:57 GMT
Contrary to the marketing push of many security and storage firms, few users
believe the events of September 11 should play a part in developing their
business continuity strategies.
That's the main conclusion of a survey of IT managers responsible for business
continuity, which found more than half (52 per cent) believed brand and customer
service should be the most important factors in developing business continuity
strategies.
http://www.theregister.co.uk/content/7/26753.html
----------------------------------------------------
[5] 'Stupid' linking policies come under fire
15:33 Wednesday 21st August 2002
Paul Festa, CNET News.com
Web sites with policies outlawing other sites from linking to pages other than
the home page are the targets of the 'Don't Link to Us' campaign
Want David Sorkin to link to your Web site? Just ask him not to.
Sorkin, associate professor of law at The John Marshall Law School in Chicago,
Ill., is the man behind Don't Link to Us, a Web site that exists merely to flout
what it terms "stupid linking policies."
http://news.zdnet.co.uk/story/0,,t269-s2121149,00.html
----------------------------------------------------
[6] Big-media Axis of Evil on the march
By Thomas C Greene in Washington
Posted: 08/22/2002 at 06:39 EST
The Recording Industry Ass. of America (RIAA) may have temporarily abandoned
plans to censor Web sites available to American surfers, but they've still got
their shock troops on heightened alert. Recently they've attempted to force
Verizon.net to identify a customer they claim is making music files available
for download. Verizon has refused, out of concern that it might expose itself to
liability on privacy grounds. The RIAA has filed a second demand with the courts
in Washington, DC, claiming that the customer's privacy rights are nullified by
its superior copyright concerns. Apparently the presumption of innocence will be
another casualty of that glorious crusade.
http://www.theregus.com/content/6/26072.html
----------------------------------------------------
[7] How Much Info Is Too Much Info?
Associated Press
2:05 p.m. Aug. 21, 2002 PDT
WASHINGTON -- States have made significant progress in putting their court
records online, allowing the public to examine criminal cases, lawsuits and
divorces. However, all are struggling to develop privacy standards that keep
pace with the technology, says a report released Wednesday.
The Washington-based Center for Democracy and Technology said states are trying
to figure out how to balance the right to access public records with the risks
of putting a battered wife's address on the Internet or posting uncorroborated
child abuse allegations for all to see.
http://www.wired.com/news/privacy/0,1848,54683,00.html
----------------------------------------------------
[8] UK e-commerce rules catch e-tailers unprepared
By Grant Hayday
Special to ZDNet
August 21, 2002, 7:40 AM PT
UK businesses which have failed to act on new e-commerce regulations that come
into force on Wednesday could find themselves open to prosecution unless they
take urgent steps to change their online operations.
The regulations set strict rules for UK businesses who advertise or sell goods
via a Web site, mobile phone or through email.
Under the new law, a Web site must (among other things):
. Acknowledge receipt of an order electronically and without undue delay.
. Allow simple means that allow the customer to correct errors prior to placing
the order.
. Highlight the languages offered for inclusion in the contract.
. Explain the different technical steps required to conclude the contract.
. Confirm whether the contract will be filed and how it will be accessible.
http://zdnet.com.com/2100-1106-954668.html
----------------------------------------------------
[9] Computer Security: Hack attack
By Tom McCann
The perils of having your pc hacked.EXPERIENCE shows networking of systems
helps your business become more efficient.
Such increased connectivity, however, leaves you and your organisation
vulnerable to security breaches.
The very benefits of faster internal processes, streamlined communications and
internet presence are precisely what makes your systems susceptible to attack.
In today's environment no organisation which makes a commitment to using the
internet as a commercial or communication tool is safe from attack, particularly
with an increasingly mobile workforce.
Despite today's security systems becoming ever more sophisticated it is actually
getting easier for the tech-savvy to figure out a way into your internal
networks.
The US Computer Emergency Response Team (CERT) has reported that during the past
ten years the sophistication of security attacks on systems has increased
exponentially, but the required knowledge to launch an attack has, in fact,
actually decreased.
http://www.belfasttelegraph.co.uk/business_telegraph/access_internet/story.jsp?s
tory=323963
----------------------------------------------------
[10] Alberta hackers gear up for International War Driving Day
By JACK KAPICA
Globe and Mail Update
Information technology managers may want to pay close attention to Red Deer,
Alberta, on Aug. 31, which has been targeted by hackers for a "wardriving" day.
In what is being billed as the first Alberta International Wardriving Day,
hackers armed with laptop computers outfitted with wireless networking gear and
global positioning systems will drive around Red Deer looking for unprotected
wireless computer networks.
The aim of the game - organizers are calling it a "hobby" - is to see which
hacker can find the most wireless networks in one day.
Also called "net stumbling," the game grew out of an earlier activity called
"war dialing," popularized by the 1983 movie War Games. That involved dialing
software, which was used to dial many phone numbers automatically, looking for
lines that are answered by modems.
http://rtnews.globetechnology.com/servlet/ArticleNews/tech/RTGAM/20020821/gtwar/
Technology/techBN
----------------------------------------------------
[11] CIA must collaborate more, strengthen weaknesses
By Shane Harris
PHILADELPHIA - The CIA and other intelligence agencies have little experience
identifying potential terrorist targets in the United States and dealing with
the threat posed by those vulnerabilities, according to Winston Wiley, the CIA's
associate director of central intelligence for homeland security, who spoke
Monday at a homeland security conference here.
Wiley said the ability of intelligence agencies to perform "vulnerability
assessments" of the country's infrastructure is the key talent missing from the
proposed Homeland Security Department. While President Bush's proposal would set
up a division charged with making those assessments, Wiley said that if it is
going to succeed, the Homeland Security Department, the FBI and the CIA must
draw more on the expertise of other agencies in this area.
The Energy Department is one agency that has the experience in making these
assessments, and works with other agencies and state and local governments to
find threats posed to power plants, transit systems and other critical elements
of the infrastructure. The FBI's National Infrastructure Protection Center and
the Commerce Department's Critical Infrastructure Assurance Office also fulfill
similar roles.
http://www.govexec.com/dailyfed/0802/082102h1.htm
----------------------------------------------------
[12] Massive pirate CD haul seized
Malaysia is also a piracy hot-spot
Pirated music CDs and copying equipment worth almost $20m (?12.5m) have been
seized in the Philippines in the country's latest blow against counterfeiters.
The police raid on a factory, in the north of the country, also resulted in
seven Indonesian and five Chinese workers being arrested.
http://news.bbc.co.uk/1/hi/entertainment/music/2208380.stm
----------------------------------------------------
[13] A Web-only Primer on Public-key Encryption
Public-key encryption, as noted in the profile of cryptographer Bruce Schneier,
is complicated in detail but simple in outline. The article below is an outline
of the principles of the most common variant of public-key cryptography, which
is known as RSA, after the initials of its three inventors; a mathematically
detailed explanation of RSA by the programmer Brian Raiter, understandable to
anyone willing to spend a little time with paper and pencil, is available here.
http://www.theatlantic.com/issues/2002/09/mann_g.htm
----------------------------------------------------
[14] Web tracking firm, drug companies prevail in privacy lawsuit
Last Updated: 2002-08-21 14:24:38 -0400 (Reuters Health)
By Karen Pallarito
NEW YORK (Reuters Health) - A now-defunct company that tracked visits to
pharmaceutical company Internet sites using "cookies" and "Web bugs" did not
violate federal wiretap, computer hacking or privacy statutes, a federal court
has ruled.
The August 13 ruling by Judge Joseph L. Tauro of the US District Court for
Massachusetts finds in favor of the Web tracking firm Pharmatrak Inc. and its
pharmaceutical clients, including Pfizer Inc., Pharmacia Corp. and American Home
Products.
Pharmatrak went out of business shortly after the first individuals filed
lawsuits against the company in Massachusetts in August 2000, said Seymour
Glanzer, a senior partner with Dickstein, Shapiro & Morin in Washington, DC.
Other plaintiffs filed complaints in New York, and the suits were consolidated
in the Massachusetts district in June 2001.
Two of the defendants in the case -- SmithKline Beecham Corp. and Glaxo Wellcome
Inc. (now GlaxoSmithKline Plc) -- previously settled the charges to avoid
litigation, Glanzer added.
http://www.reutershealth.com/archive/2002/08/21/business/links/20020821legl002.h
tml
----------------------------------------------------
[15] Federal Web sites need to be more user-friendly
>From National Journal's Technology Daily
In order to maximize the efficiency of electronic government, federal Web sites
must tailor their design and content toward average citizens, a new report
suggested Wednesday.
In its review of 148 federal Web sites, the PricewaterhouseCoopers Endowment for
the Business of Government-a non-profit entity funded by the consulting
firm-rated the content and online services of the sites, including aspects such
as user help guides, navigation aides, privacy or security policies and links to
other Web pages.
The report found that only 12.8 percent of federal agencies provide
consumer-focused e-commerce applications on the Web; and 8.8 percent offered
direct links to e-government services.
The study ranked the U.S. Patent and Trademark Office No. 1 for its Web site
design and content offerings.
The Health and Human Services, Education and Treasury Departments, along with
the Navy, rounded out the category of top ranked sites for similar reasons.
http://www.govexec.com/dailyfed/0802/082102td2.htm
----------------------------------------------------
[16] T-Mobile to go global with WLAN hotspots
By ComputerWire
Posted: 08/22/2002 at 02:17 EST
T-Mobile, the Deutsche Telekom AG wireless unit which picked up the former
Mobilestar Networks Inc's US wireless hotspot network when it bought VoiceStream
Wireless last year, yesterday dusted off its windfall investment, and announced
plans to go global with its partners Starbucks Coffee Co and Hewlett-Packard Co.
Shortly before T-Mobile paid $50.7bn to acquire VoiceStream last June, the US
GSM network operator had itself paid an undisclosed sum for MobileStar, one of
the pioneers of the US hotspot scene whose disappointed ambitions had driven it
into receivership.
http://www.theregus.com/content/5/26066.html
----------------------------------------------------
[17] Introduction to Autorooters: Crackers Working Smarter, not Harder
by Matt Tanase
last updated August 21, 2002
Introduction
Efficiency and automation: one can argue that they are two of the most valuable
by-products of any technology. There is little doubt that the electronic tools
of today allow us to get more done in less time. We use software to eliminate
tedious work, reduce man-hours, and sift through mounds of data in seconds.
Crackers, as we know, are smart... and lazy. It should come as no surprise then
that they too, have employed technology to reduce their workload. The result? A
type of malicious code known as autorooters, programs designed to automatically
scan and attack target computers at blistering speeds.
A successful autorooter will give crackers what they want: complete control of a
target machine with little effort, fast. Scanning networks for vulnerable
machines, gaining unauthorized administrative access, installing backdoors, all
the tricks of the trade, can all be achieved at the click of a button. In this
article we'll explore the concepts behind autorooters and what can be done to
defend against them.
http://online.securityfocus.com/infocus/1619
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
