_________________________________________________________________
London, Thursday, August 29, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
InfowarCon 2002:
Homeland Defense and Cyber-Terrorism, Washington, DC September
4-5, 2002, optional workshops September 3 & 6. Presented by MIS Training
Institute and Interpact, Inc. Proven strategies for protecting against threats
to critical infrastructures and government systems. Go to:
http://www.misti.com/08/iw02nl27inf.html
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] Lawmaker outlines priorities for homeland security legislation
[2] Lobbying for Insecurity
[3] RIAA site comes under second attack
[4] Bush Security Plan Would Target E-Mail
[5] Cyberterrorism: Network lessons from Ground Zero
[6] Cyberterrorism: The real risks
[7] Have passwords had their day?
[8] Lamo bumped from NBC after hacking them
[9] When Feds are the Crackers
[10] Lawmakers, agencies study smart cards
[11] Canada preps Internet snoopers charter
[12] (UK) Online tax returns doomed, MPs warn
[13] DOD may pull key net from the Internet
[14] Judge: FBI to help Moussaoui search e-mail
[15] Liberty Alliance Ranks Swell
[16] New worm provides sad snapshot of virus writer psyche, says Sophos
[17] Defense launches plan to fight bioterrorist attacks
_________________________________________________________________
News
_________________________________________________________________
[1] Lawmaker outlines priorities for homeland security legislation
By Teri Rucker, National Journal's Technology Daily
ASPEN, Colo.- There are a number of provisions, such as indemnifying firms that
do business with the federal government, that Rep. Tom Davis, R-Va., wants to
see the Senate include in its bill to create a Homeland Security Department.
If the Senate does not address these provisions, Davis plans to fight to have
them included when the House and Senate reconcile their legislation, he said
last week at the Progress and Freedom Foundation's Aspen Summit.
The Senate's first order of business when it returns from the August recess is
to address a bill, S. 2425, passed by the Senate Governmental Affairs Committee
on July 25, which differs on key points from the bill, H.R. 5005, passed by the
House on July 26.
http://www.govexec.com/dailyfed/0802/082602td1.htm
----------------------------------------------------
[2] Lobbying for Insecurity
The NSA's Linux security project was so good it almost made up for that whole
Echelon thing. Then politics entered the picture.
By Jon Lasser Aug 28, 2002
The U.S. National Security Agency's contribution to open-source security,
Security-Enhanced Linux, found broad approval and support in geek forums from
Wired News to Slashdot that are typically suspicious of the government.
It's not surprising that it couldn't last, however, and a recent CNET article
suggests that the NSA may not make further contributions to software released
under the GNU General Public License, and perhaps other open-source licenses.
http://online.securityfocus.com/columnists/106
----------------------------------------------------
[3] RIAA site comes under second attack
By John Borland
Special to ZDNet News
August 28, 2002, 12:45 PM PT
For the second time in a month, the Recording Industry Association of America's
(RIAA) Web site was attacked Wednesday, apparently by opponents of the industry
group's efforts to shut down online music trading.
By midday Wednesday, the trade group's site was unreachable. Earlier in the day,
it had been modified to contain pro-file trading messages, and even direct links
to downloadable music and to file-swapping service Kazaa.
http://zdnet.com.com/2100-1106-955776.html
----------------------------------------------------
[4] Bush Security Plan Would Target E-Mail
By Roy Mark
According to an unreleased draft plan prepared by the Bush administration, the
president favors creating a centralized source for collecting and reviewing
e-mail and data relating to cyber security. The new organization would collect
threat data from the FBI's National Infrastructure Protection Center, the
Critical Infrastructure Assurance Office, the Department of Energy and
commercial networks, in addition to seeking private sector security data.
http://boston.internet.com/news/article.php/1451481
----------------------------------------------------
[5] Cyberterrorism: Network lessons from Ground Zero
16:58 Wednesday 28th August 2002
Sandeep Junnarkar, CNET News.com
After the attacks on the World Trade Center, businesses in New York have had to
learn some hard lessons about ways to keep their networks safe
As architects submit proposals for rebuilding the World Trade Center, teams of
engineers are working deep below the streets of Manhattan to construct a project
of their own -- one designed to keep the city connected to the rest of the world
if disaster strikes again.
In a subterranean labyrinth of ageing pipes and bundled wires stretching for
miles in every direction, these engineers are trying to make this city's densely
packed communications networks less susceptible to the kind of widespread
outages caused by the 11 September attacks.
http://news.zdnet.co.uk/story/0,,t269-s2121452,00.html
----------------------------------------------------
[Really good article which looks at the current Cyberterrorism hype. WEN]
'It is still easier to bomb a target than to hack a computer.'
[6] Cyberterrorism: The real risks
12:03 Tuesday 27th August 2002
Robert Lemos, CNET News.com
There have been many reports, both real and imagined, of the dangers of
cyberterrorism - this special report takes a look at the facts behind the fear
In 1998, a 12-year-old hacker broke into the computer system that controlled the
floodgates of the Theodore Roosevelt Dam in Arizona, according to a June
Washington Post report. If the gates had been opened, the article added, walls
of water could have flooded the cities of Tempe and Mesa, whose populations
total nearly one million.
There was just one problem with the account: it wasn't true.
A hacker did break into the computers of an Arizona water facility, the Salt
River Project in the Phoenix area. But he was 27, not 12, and the incident
occurred in 1994, not 1998. And while clearly trespassing in critical areas, the
hacker never could have had control of any dams -- leading investigators to
conclude that no lives or property were ever threatened.
http://news.zdnet.co.uk/story/0,,t269-s2121358,00.html
----------------------------------------------------
[7] Have passwords had their day?
Passwords are the traditional way to safeguard computer information, but with
hacking on the rise Kurt Lennartsson senior vice president of strategy at
Pointsec, explains why pictures are worth 1,000 words...
ALTHOUGH passwords are a cheap and convenient way to authenticate computer
users, there are some fundamental problems.
http://www.northantsnew.co.uk/ref/business.asp?ID=11350
----------------------------------------------------
[8] Lamo bumped from NBC after hacking them
By Kevin Poulsen, SecurityFocus Online
Posted: 28/08/2002 at 14:20 GMT
How did a mediagenic hacker like Adrian Lamo get himself bumped last week from a
scheduled appearance on the NBC Nightly News with Tom Brokaw? Perhaps with his
impromptu on-camera intrusion into the peacock network's own computers.
http://www.theregister.co.uk/content/55/26842.html
----------------------------------------------------
[9] When Feds are the Crackers
U.S. courts should join Russia in saying "nyet" to the FBI's lawless
international hack attacks.
By Mark Rasch Aug 26, 2002
In medieval times, attackers would use a bell-shaped metal grenade or "petard"
to break enemy defenses. These unreliable devices frequently went off
unexpectedly, destroying not only the enemy, but the attacker. As Shakespeare
noted, "'tis the sport to have the enginer Hoist with his owne petar."
That's what I thought of when the Russian Federal Security Service (FSB)
recently announced their plans to charge an FBI agent with hacking -- a crime
that the agent committed while investigating Russian hackers.
http://online.securityfocus.com/columnists/105
----------------------------------------------------
[10] Lawmakers, agencies study smart cards
By Karen D. Schwartz
Since Sept. 11, the debate about whether all American citizens should carry
smart cards has reached a fever pitch.
Although many experts don't believe the idea will bear fruit in the foreseeable
future due to concerns about privacy and interoperability, another plan,
proposed by Reps. Jim Moran, D-Va., and Tom Davis, R-Va., may have a better
chance. The 2002 Driver's License Modernization Act proposes that drivers'
licenses include smart card data to help prevent identity theft through the use
of such biometrics as fingerprint identification.
The idea has merit, says Lolie Kull, program manager for access control smart
card implementation in the State Department's Office of Domestic Operations,
Bureau of Diplomatic Security.
http://www.govexec.com/dailyfed/0802/082802s1.htm
----------------------------------------------------
[11] Canada preps Internet snoopers charter
By John Leyden
Posted: 08/28/2002 at 09:11 EST
The Canadian Government has published proposals to increase law enforcement
powers to monitor the country's citizens online.
A consultation document published last weekend by the Canadian Department of
Justice contains proposals that would compel ISPs to hand over the names and
addresses of customers to the police on request, curtailing rights to remain
anonymous online.
Changes in Canada's Criminal Code widen police search powers, require ISPs to
retain customer Web logs for up to six months and (less controversially) to
outlaw possession of computer viruses are also proposed.
http://www.theregus.com/content/6/26120.html
----------------------------------------------------
[12] Online tax returns doomed, MPs warn
Lucy Ward, political correspondent
Thursday August 29, 2002
The Guardian
Attempts by the Inland Revenue to persuade taxpayers to submit their returns
online are doomed unless it can dramatically improve security and reliability of
electronic self-assessment, MPs warn today.
Technical teething troubles, and a security breach allowing personal tax details
to be viewed by other users, have sapped public confidence, according to the
Commons public accounts committee.
http://politics.guardian.co.uk/news/story/0,9174,782193,00.html
----------------------------------------------------
[13] DOD may pull key net from the Internet
BY Christopher J. Dorobek and Diane Frank
Aug. 26, 2002 Printing? Use this version.
In an effort to secure one of its most widely used Internet networks, the
Defense Department is considering constructing something more akin to an
intranet.
The Non-Classified Internet Protocol Router Network (NIPRNET) was created in
1995 as a network of government-owned IP routers used to exchange sensitive
information.
http://www.fcw.com/fcw/articles/2002/0826/news-net-08-26-02.asp
----------------------------------------------------
[14] Judge: FBI to help Moussaoui search e-mail
By P. Mitchell Prothero
>From the Washington Politics & Policy Desk
Published 8/28/2002 4:27 PM
WASHINGTON, Aug. 28 (UPI) -- The judge in the trial of Zacarias Moussaoui's
demanded Wednesday that the FBI explain how it failed to notice an e-mail
account used by the so-called 20th hijacker.
Judge Leonie Brinkema told the FBI to supply the information in an affidavit.
Moussaoui, the first person charged with conspiring in the Sept. 11 terror
attacks on New York and Washington, has demanded the contents of an e-mail
account he claims he used before his arrest. Prosecutors have denied having
information about such an account, a claim that Brinkema seemed to find
suspicious.
http://www.upi.com/view.cfm?StoryID=20020828-041540-9414r
----------------------------------------------------
[15] Liberty Alliance Ranks Swell
By Dennis Fisher
The Liberty Alliance Project on Wednesday announced that more than two dozen new
organizations have joined the alliance, including some big names, such as Sprint
Corp. and the Internet2 consortium.
The alliance also announced it will hold its first all-hands meeting in Chicago
on Sept. 19.
The new members run the gamut of industries, from software and hardware to
health care, financial services and media companies. The alliance is trying to
build a diverse base of members to garner support for its federated identity
management architecture.
http://www.eweek.com/article2/0,3959,491518,00.asp
----------------------------------------------------
[16] New worm provides sad snapshot of virus writer psyche, says Sophos
The Duload worm (W32/Duload-A), which has the potential to infect PCs connected
to the KaZaA file sharing network, may be a damp squib when it comes to
infecting users, but it certainly provides an interesting insight into the
topics that may occupy many virus writers' minds, according to Sophos.
The Duload worm randomly creates disguises for itself using a pool of 39
filenames. These filenames - which reflect a preoccupation with sex, celebrity,
computer games and hacking - include 'J. Lo Bikini Screensaver.exe', 'Kama Sutra
Tetris.exe', 'Free Mpegs.exe' and 'The Sims Game crack.exe', as well as some
pornographic references.
http://www.sophos.com/virusinfo/articles/duload.html
----------------------------------------------------
[17] Defense launches plan to fight bioterrorist attacks
By Shane Harris
The Defense Department is launching a national strategy to defend against
biological attacks and is testing a wide range of technologies in Washington and
Albuquerque, N.M., to spot biological attacks before they become outbreaks,
according to officials at the Pentagon and in the two cities.
Defense's new initiative combines the efforts of two current biodefense
programs. The first, run by the Defense Threat Reduction Agency (DTRA), will
deploy air-monitoring equipment in Albuquerque this fall. The purpose of the
test, which will last about a year, is to determine how well biological
monitoring equipment could be used in an urban environment, said Angel Martinez
of Albuquerque's Environmental Health Department.
The detection equipment will collect particles from the air, then test them for
biological agents at the nearby Los Alamos and Sandia national laboratories,
Martinez said. He added that Albuquerque was chosen as one of the two test
cities because of its proximity to the labs, and because it already has an
extensive air quality monitoring system in place to comply with federal clean
air laws.
http://www.govexec.com/dailyfed/0802/082802h1.htm
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
