_________________________________________________________________
London, Thursday, September 12, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
IWS Sponsor
IQPC Defence Conference: Information Operations 2002 25-26/09/02
Information Operations 2002: Analysing development in defensive and
offensive information operations, critical infrastructure protection,
information assurance and perception management.
September 25 - 26, 2002. London, UK (Pre-Conference Masterclass:
24th September 2002)
Information Operations 2002 Conference Web Site
http://www.iqpc-defence.com/GB-1826
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] On Capitol Hill, homeland security agenda is crowded
[2] Cheap Thrills on the Cyberterror Beat
[3] (UK) Anti-email snooping proposals 'stupid'
[4] NCS working on pair of pilots
[5] Why gov't cybersecurity plan promises to disappoint
[6] Commercial sector shares threat information
[7] Interagency report details Bush IT research priorities
[8] Insecurity Plagues Emergency Alert System
[9] Sept. 11: A year later, online privacy and security still weak
[10] PGP creator joins UK privacy watchdog
[11] Win-XP Help Center request wipes your HD
[12] GOP senators seek liability exemption for tech contracters
[13] End sought in Internet music case
[14] US committee passes privacy protection bill
[15] Broken Sept 11 worm poses little risk
[16] Evaluating Network Intrusion Detection Signatures, Part 1
[17] Win2K First Responder's Guide
_________________________________________________________________
News
_________________________________________________________________
[1] On Capitol Hill, homeland security agenda is crowded
By Charlie Mitchell, CongressDaily
Familiar autumn rituals are unfolding on Capitol Hill, as appropriators struggle
to complete their 13 spending bills, leaders maneuver legislation into place for
the final weeks of the session-and the parties hustle toward the midterm
elections in November.
But this is not a typical September in Washington. On the first anniversary of
the Sept. 11, 2001 terrorist attacks against the United States, talk of war with
Iraq and a "Code Orange" terror alert hang over the Capitol. Meanwhile, the
legislative machinery is grinding through an assortment of bills that were not
on the agenda-or were cast in starkly different terms-one year ago.
Already, Congress has passed myriad bills to improve airport security and assist
the reeling airline industry, tighten U.S. borders and help the communities that
bore the brunt of the attacks. The Senate Budget Committee released a fact sheet
this week detailing "more than $75 billion in budget authority" that Congress
has approved in response to the attacks.
http://www.govexec.com/dailyfed/0902/091102cdam1.htm
----------------------------------------------------
[2] Cheap Thrills on the Cyberterror Beat
Are computer viruses really on the verge of becoming instruments of bloodshed,
or is the press just addicted to disaster journalism?
By George Smith Sep 03, 2002
Did you hear of the computer virus that could "attack the Pentagon's ability to
mobilize or communicate with its forces" and cripple all government services in
a city? I read about it in the Center for Defense Information's July Defense
Monitor newsletter. It would be part of an "electronic Waterloo," readers were
informed.
These days "electronic Pearl Harbor" and "digital Armageddon" are fit only for
the nitwit's book of cliches, but "e-Waterloo" is grossly underused. As such, I
recommend gnomic cyber-security gurus massage it into worldwide circulation
posthaste.
http://online.securityfocus.com/columnists/107
----------------------------------------------------
[3] Anti-email snooping proposals 'stupid'
By Tim Richardson
Posted: 12/09/2002 at 10:04 GMT
Bob Jones - the boss of email filtering and blocking outfit Equiinet - describes
proposed legislation to outlaw bosses snooping on employees' email as "stupid
and ill-considered".
Last week Tory MP Michael Fabricant announced he was looking to introduce a Bill
that would stop employers from snooping on employees' email.
http://www.theregister.co.uk/content/53/27087.html
----------------------------------------------------
[Great agency which has been around since the Cuban Missile Crisis.
People should have a look at their public-private partnership model
as it works so well. WEN]
[4] NCS working on pair of pilots
BY Dan Caterinicchia
Sept. 11, 2002
The National Communications System is in the early stages of two pilot projects
aimed at improving the reliability and speed of the telecommunications and
wireless systems for first responders and other key personnel during a national
crisis or disaster.
http://www.fcw.com/fcw/articles/2002/0909/web-ncs-09-11-02.asp
----------------------------------------------------
[The plan is supposed to be market driven which limits its impact. Also
it will include new elements (they might be chemical manufacturing, food
safety, ...) within the Critical Infrastructure. WEN]
[5] Why gov't cybersecurity plan promises to disappoint
Robert Vamosi,
Senior Associate Editor,
CNET/ZDNet Reviews
Thursday, September 12, 2002
On Wednesday, Sept. 18, presidential cybersecurity adviser Richard Clarke will
unveil the first draft of the long-awaited National Strategy for Securing
Cyberspace (NSSC). Loosely based on feedback from computer users and vendors to
53 questions posted on the White House Web site, the final NSSC report will
ultimately make recommendations for making home users, major enterprises, the
national infrastructure, and the global Internet more secure.
But don't expect the plan to resolve all our cybersecurity issues. Far from it.
http://www.zdnet.com/anchordesk/stories/story/0,10738,2879777,00.html
----------------------------------------------------
[6] Commercial sector shares threat information
By William Jackson
GCN Staff
The Information Sharing and Analysis Centers, established in key commercial
sectors to help protect the nation's critical infrastructure, have evolved over
the last year, developing a structure to share threat information among ISACs.
"Code Red was the turning point," said Pete Allor, operations director for the
IT ISAC. "We realized how useful we could be. That's also the first time we
reached out to government, and government reached back."
Allor, who also is manager of the threat intelligence service-the X Force-for
Internet Security Systems Inc. of Atlanta, spoke about the role of ISACs during
an interview yesterday at the Networld+Interop/Comdex trade show.
http://www.gcn.com/vol1_no1/daily-updates/19952-1.html
----------------------------------------------------
[7] Interagency report details Bush IT research priorities
By William New, National Journal's Technology Daily
A new interagency report details the Bush administration's fiscal 2003 budget
priorities for the research and development program of long-term networking and
information technology. The report shows an emphasis on high-end computing and
software development next year.
"This program has been in progress for over 10 years and continues to be
strongly supported by Congress and the current administration" said Cita
Furlani, director of the National Coordination Office for Information Technology
R&D. "It's really a big benefit to the nation because each agency leverages the
other agencies' resources and we get the best bang for the taxpayers' buck."
The program coordinates IT R&D efforts for more than a dozen agencies and
offices, such as the National Science Foundation and offices in the Commerce,
Energy and Defense departments, with the goal of leveraging resources. John
Marburger, director of the White House Office of Science and Technology Policy,
headed the task force that prepared the report. The so-called "Blue Book" is
required annually under the 1991 High-Performance Computing Act.
http://www.govexec.com/dailyfed/0902/091102td2.htm
----------------------------------------------------
[8] Insecurity Plagues Emergency Alert System
The FCC-mandated network that lets officials interrupt radio and television
broadcasts in an emergency is wide open to electronic tampering, and the
government has no plans to fix it.
By Kevin Poulsen, Sep 10 2002 6:19AM
A national alert system that gives the president the ability to take over the
U.S. airwaves during a national crisis may inadvertently extend hackers the same
courtesy, thanks to security holes that put radio stations, television
broadcasters and cable TV companies at risk of being commandeered by anyone with
a little technical know-how and some off-the-shelf electronic components.
http://online.securityfocus.com/news/613
----------------------------------------------------
[9] Sept. 11: A year later, online privacy and security still weak
By Andrew Brandt, PC World
SEPTEMBER 11, 2002
A year after the Sept. 11 terrorist attacks, average Americans are subject to
more surveillance when they go online, and their Internet-connected PCs may not
be any safer from intruders, some experts say.
On the other hand, some of the laws that opponents and privacy advocates claimed
would compromise privacy were quashed. For example, Congress rejected measures
restricting the distribution of encryption software and implementing federal
identification cards.
http://www.computerworld.com/securitytopics/security/privacy/story/0,10801,74146
,00.html
----------------------------------------------------
[10] PGP creator joins UK privacy watchdog
By John Leyden
Posted: 11/09/2002 at 16:18 GMT
Cyber rights luminary Phil Zimmermann has joined the advisory council of
influential UK privacy watchdogs the Foundation for Information Policy Research
(FIPR).
Zimmermann, best known as the creator of Pretty Good Privacy (PGP) who earned
widespread acclaim for facing downs threats from the Feds when he exported his
famous encryption program, said he was joining FIPR to further trans-Atlantic
co-operation on civil liberties.
http://www.theregister.co.uk/content/6/27078.html
----------------------------------------------------
[11] Win-XP Help Center request wipes your HD
By Thomas C Greene in Washington
Posted: 11/09/2002 at 13:15 GMT
A malicious Win-XP Help Center request can easily and silently delete the
contents of any directory on your Windows machine, we've learned. Worse, MS has
rolled the fix silently into SP1 without making a public announcement. A good
sketch of the problem in English, along with a harmless self-test, can be found
here, thanks to Mike at http://unity.skankhouse.org, who did some tinkering
after noticing a tip on a BBS.
http://www.theregister.co.uk/content/55/27074.html
----------------------------------------------------
[12] GOP senators seek liability exemption for tech contracters
By William New, National Journal's Technology Daily
An amendment to the Senate bill to create a Homeland Security Department
prepared by two key Republicans would require the White House to exempt
government contractors from liability for homeland security technologies and
services.
Sens. Fred Thompson, R-Tenn., and John Warner, R-Va., filed the amendment on
Tuesday. Thompson is the ranking Republican on the Senate Governmental Affairs
Committee, which passed the homeland security bill, S. 2452, now on the Senate
floor.
Warner, who drove the amendment's completion, took a personal interest in the
issue after learning of it, an industry source said.
http://www.govexec.com/dailyfed/0902/091102td1.htm
----------------------------------------------------
[13] End sought in Internet music case
LOS ANGELES (AP) - Entertainment industry groups have asked a federal court
judge to rule before a trial on their copyright infringement claims against
Internet file- swapping services KaZaA, Grokster and Morpheus.
Attorneys for StreamCast Networks, which distributes the peer-to-peer software
program Morpheus, have also asked the judge to rule that distribution of the
software does not violate copyright law.
http://www.siliconvalley.com/mld/siliconvalley/news/editorial/4046371.htm
----------------------------------------------------
[14] US committee passes privacy protection bill
Thursday 12 September 2002
A congressional committee has approved a bill that will require federal agencies
to consider the impact of the new regulations and policies enforced after 11
September on individuals' privacy.
The US House Judiciary Committee approved the Federal Agency Protection of
Privacy Act, clearing it for consideration by the full US House of
Representatives next month.
The bill would compel agencies to conduct a privacy impact analysis when
proposing new rules and publish it for public comment.
http://www.cw360.com/bin/bladerunner?REQSESS=eD463A1I&2149REQEVENT=&CARTI=115720
&CARTT=14&CCAT=2&CCHAN=22&CFLAV=1
----------------------------------------------------
[15] Broken Sept 11 worm poses little risk
By John Leyden
Posted: 11/09/2002 at 10:57 GMT
Virus writers have exploited interest in the anniversary of the September 11
terrorist attacks with their latest attempts to create a damaging email worm.
Fortunately due to bugs in the code of Chet-A it fails to work properly and is
considered a minimal threat.
http://www.theregister.co.uk/content/55/27070.html
----------------------------------------------------
[16] Evaluating Network Intrusion Detection Signatures, Part 1
by Karen Kent Frederick
last updated September 10, 2002
Over the past several years, a number of academic and commercial entities have
conducted evaluations of various network intrusion detection (NID) software, to
determine the overall effectiveness of each product and to compare the products
to each other. Many system administrators and security analysts are also
responsible for conducting their own evaluations of NID products, in order to
choose a solution for deployment in their environments. NID evaluations
typically include some rough indication of the relative quality of each
product's signatures. However, high signature quality is critical to achieving a
good NID solution, so the importance of accurately evaluating signature quality
cannot be stressed strongly enough.
In this series of articles, we will present recommendations that will help you
to evaluate NID signatures. As you shall see, properly testing NID signatures is
a surprisingly complex topic. We will begin by discussing some of the basics of
evaluating NID signature quality, and then look at issues relating to selecting
attacks to be used in testing. Although you may not necessarily perform hands-on
NID testing and evaluations, the information presented in this series of
articles will give you the knowledge and the facts to get the most out of
published reviews and comparisons of NID signatures. Note that we assume that
the reader is already familiar with the basic concepts and principles of network
intrusion detection.
http://online.securityfocus.com/infocus/1623
----------------------------------------------------
[17] Win2K First Responder's Guide
by H. Carvey
last updated September 5, 2002
Introduction
When it comes to handling computer security incidents, proper first response
handling of computer security incidents is second in importance only to incident
prevention. Improper handling or collection of available information can do
irreparable harm to an investigation. Investigators need to have a thorough
understanding of what information they intend to collect, as well as the tools
they can use and the effects those tools have on the system itself.
Investigators know that not every event reported will require a full
investigation or lead to prosecution. Obviously, each incident will make
different demands on investigators; however, incident handling personnel should
not deviate from best practices and assume that different procedures should be
used to handle an event. There are specific items of information that can be
collected and analyzed quickly in order to determine what follow-up steps need
to be taken. This article will offer a brief overview of some of the steps
security administrators and incident handlers should take as part of the first
response to security incidents. This article will focus on incidents in
Microsoft Windows 2000, due to its popularity in both the corporate and server
environments. Many of the general topics discussed in this article are
applicable across other platforms, and many of the specific techniques and tools
discussed can also be employed on NT and XP.
http://online.securityfocus.com/infocus/1624
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
