London, Tuesday, September 17, 2002

                                INFOCON News

                            IWS - The Information Warfare Site


                               IWS Sponsor

IQPC Defence Conference: Information Operations 2002 25-26/09/02

Information Operations 2002: Analysing development in defensive and
offensive information operations, critical infrastructure protection,
information assurance and perception management.

September 25 - 26, 2002. London, UK (Pre-Conference Masterclass:
24th September 2002)

Information Operations 2002 Conference Web Site


                              [News Index]

[1] Microsoft's new deal with Uncle Sam
[2] White House tackles cybersecurity
[3] New strategy to expand focus
[4] Slapper worm gains strength in numbers
[5] Privacy leak reported in Mozilla-based browsers

[6] Web sites reinforce security and privacy policies, review finds
[7] Internet as Weapon
[8] Video-Conferencing Hole Exposed
[9] Future Intel chips -- hacker-proof?
[10] New AES crypto standard broken already?

[11] Commerce expected to renew contract with Internet oversight company
[12] Go Daddy offers anonymous domain registration
[13] (South Korea) Personal Information Misuse in Cyber Space Rising
[14] The Coming Virus Armageddon
[15] Virtual Soldiers in a Holy War

[16] U.S. Talks Cybersecurity at UN Conference
[17] Erosion of privacy causes concern



[The new National Strategy to Secure Cyberspace will be published
tomorrow in Stanford. I don't expect it to be a superb plan
as too many people where involved 'riding the Washington gravy train'
whilst creating the it. We will see on Wednesday how good the plan really
is. As said before it market-driven and it will introduce new
critical infrastructures. WEN]

>From the article:

'I don't even think it's such a fabulous idea for the White House to be
preparing these kind of grand Internet security reports. The federal
government's tech-cluelessness is embarrassingly obvious, and it needs to solve
its own problems first. The Internet is run by technology firms, which are in
turn run by people smart and motivated enough to do the right thing without
nagging by Uncle Sam. Sure, it doesn't always happen immediately, but market
forces are better in the long run at figuring out the right approach than
bureaucrats are.'

[1] Microsoft's new deal with Uncle Sam
By Declan McCullagh
September 16, 2002, 4:00 AM PT

WASHINGTON--Why does the White House refuse to tell Microsoft to get tough on
On Wednesday, the Bush administration is scheduled to publish its proposal to
increase the security of the Internet. Properly titled the "National Strategy to
Secure Cyberspace," it's said to talk with great earnestness about helping home
users safeguard their computers, about thwarting online intrusions into business
systems, and about providing better training to federal network administrators.

But, according to people familiar with the draft report, it pays scant attention
to Microsoft, which has been responsible for more online security woes than any
other company in history.

Such an omission would be glaring. Intentional design choices and unintentional
bugs in Microsoft Windows, Outlook, Word and Explorer have created
vulnerabilities so numerous they've become legendary. Shoddy default settings
have practically begged intruders to plunder Windows-equipped PCs. Any serious
look at Internet security has to start with the world's largest software



[2] White House tackles cybersecurity

By Declan McCullagh
Special to ZDNet News
September 16, 2002, 6:58 PM PT

WASHINGTON--The White House's cyberspace security plan, scheduled to be released
Wednesday, envisions a broad new role for the federal government in maintaining
Internet security.

While couching many concepts as mere suggestions, a draft of the plan seen by
CNET News.com says the government should improve the security of key Internet
protocols and spend tens of millions of dollars on centers to recognize and
respond to "cyber attacks."

The draft report, however, is still in flux. As of late Monday, one
controversial section that appears to have been deleted would have required
companies to contribute money to a fund to secure computer networks.



[3] New strategy to expand focus
BY Diane Frank
Sept. 16, 2002

The national strategy that the White House plans to release Sept. 18 will be the
first that includes strategic goals for every sector - ranging from home users
to global issues - according to a summary released today. It also will detail 18
national priorities that include coordinating research and development and
increasing information sharing.



White House To Unveil New Plan for U.S. Computer Security

Experts: Cybersecurity plan offers tips, not rules


[4] Slapper worm gains strength in numbers

By Robert Lemos
Special to ZDNet News
September 17, 2002, 4:50 AM PT

The Linux Slapper worm had compromised more than 6,700 servers as of early
Monday morning, and it continues to create a peer-to-peer attack network that
could shut down even corporate Internet connections.

Unlike past worms, which typically tried only to compromise computers on the
Internet, the Slapper worm has a grander scheme in mind: to create a large
peer-to-peer network that could be used to hit other servers. A computer that
gets infected becomes part of the network and could be commanded, or used to
command the other computers on the network, to attack, said Al Huger, senior
director of engineering for the incident response team at security company



[5] Privacy leak reported in Mozilla-based browsers

Tuesday 17 September 2002

A "serious" privacy leak in Mozilla, and other browsers based on the open source
technology, such as Netscape and Galeon, discloses users' Web surfing
information, according to a recent report.

The Mozilla bug was reported on the Bugtraq mailing list last week by researcher
Sven Neuhaus, who said that vulnerability reveals the URL of the page a Web
surfer is visiting to the Web server of the last page the user visited. The bug
affects Mozilla 1.0, 1.0.1, 1.1 as well as Mozilla-based browsers such as
Netscape 7 and Galeon, Neuhaus said. Older versions of Mozilla could also
contain the bug, the researcher added.



[6] Web sites reinforce security and privacy policies, review finds

By Wilson P. Dizard III
GCN Staff

A Brown University analysis of government Web sites found that more federal and
state sites are taking security and privacy seriously compared to last year.

The Center for Public Policy at Brown analyzed 1,265 federal and state sites,
measuring available features, variations between state and federal sites, and
responsiveness to citizens' information requests.

According to the study, 34 percent of the sites now have a visible security
policy, up from 18 percent last year. And 43 percent have some form of privacy
policy, up from 28 percent two years ago.



[FUD, FUD, FUD based on a 'swarming attack' briefing paper
by a certain US government agency, ... WEN]

[7] Internet as Weapon

Experts Fear Terrorists May Attack Through Cyberspace

By Chris Wallace

C O L O R A D O  S P R I N G S, Colo., Sept. 16 - Intelligence experts worry
that the next terrorist strike on the United States will be what they call a
"swarming attack" - a bombing or suicide hijacking combined with a hit on
computers - that will make it tougher for law enforcement and emergency teams to

To deal with such a threat, the Bush administration is finalizing a strategy to
guard against cyberterrorism.

"It's much easier to do than building a weapon of mass destruction," said
Richard Clarke, special White House adviser for cyberspace security.
"Cyberattacks are a weapon of mass disruption, and they're a lot cheaper and

What kind of damage using the Internet is possible? Clarke and other experts
offered examples of what a skilled computer hacker could do, even from a
computer on the other side of the world from the target:

  Alter the software that controls phone service, shutting down communications
for an entire region.

  Open or close the switch on an electric power grid or the floodgates of a dam.



[8] Video-Conferencing Hole Exposed
By Michelle Delio

A half-dozen exploits have recently been discovered in the operating system of
Polycom's popular ViewStation device.

Some of the issues have been addressed in a system upgrade released last week,
but many users said they weren't advised they needed to upgrade their
ViewStation's operating system and were unaware of the security problems.



[9] Future Intel chips -- hacker-proof?

Matthew Yi, Chronicle Staff Writer    Tuesday, September 10, 2002

Intel Corp. will begin hard-wiring security features into future generations of
chips in order to help fend off hackers and viruses, Intel President and Chief
Operating Officer Paul Otellini said Monday.

Code-named LaGrande Technology, new microprocessors armed with the security
feature will be able to keep files in PCs as safe as if they were in a "vault, "
Otellini told a room-full of software and hardware engineers at the Intel
Developer Forum in San Jose.



[10] New AES crypto standard broken already?
By Thomas C Greene in Washington
Posted: 16/09/2002 at 16:59 GMT

Theoretical attacks against AES (Advanced Encryption Standard) winner Rijndael
and runner-up Serpent have been published. They might work in the practical
world; they might not. That's about all we can say from the latest edition of
Bruce Schneier's CryptoGram newsletter, which seeks to simplify the issues
discovered by researchers Nicolas Courtois and Josef Pieprzyk, and elaborated in
a paper entitled "Cryptanalysis of Block Ciphers with Overdefined Systems of

Now while this represents an interesting bit of research, it does not mean that
AES has been or even can be cracked in the real world. The work is theoretical
and needs to be reviewed by others; and even if it's confirmed in theory and
partially confirmed empirically, it may never be possible to exploit it.



[11] Commerce expected to renew contract with Internet oversight company
By Maureen Sirhal, National Journal's Technology Daily

Officials at the Internet's monitoring body are praising news of an expected
renewal of its agreement with the Commerce Department to continue management of
the Internet's domain-name system, but Congress may weigh in on the matter.

Nancy Victory, the head of Commerce's National Telecommunications and
Information Administration (NTIA), said in a teleconference Friday that she
anticipates that the NTIA will renew its agreement with the Internet Corporation
for Assigned Names and Number (ICANN), but with added conditions.

ICANN spokeswoman Mary Hewitt praised Commerce's decision to renew its
"memorandum of understanding" (MOU) with ICANN. "However," she said, "we are
still in discussion as to the details in how the agreement will look."



[12] Go Daddy offers anonymous domain registration
By ComputerWire
Posted: 17/09/2002 at 07:07 GMT

A new sister company of Go Daddy Software Inc is to start offering internet
users anonymous domain name registration from today, becoming the first major
domain name registrar to do so, Kevin Murphy writes.

Go Daddy founder Bob Parsons has set up Domains By Proxy Inc, essentially a Go
Daddy reseller that will enter its own contact information, rather than the
registrant's, into the Whois database, whenever a registration is made.



[13] Personal Information Misuse in Cyber Space Rising
by Woo Byung-hyun ([EMAIL PROTECTED])

Personal information crimes in cyberspace reported to the Personal Data
Protection Center (www.cyberprivacy.or.kr) totaled 14,181 during last year, up
6.2 times the 2,297 in 2000, according to the Ministry of Information and
Communication Sunday. Cases regarding misuse of private information as of July
this year totaled 30,975, exceeding two times the total number of reports last



[14] The Coming Virus Armageddon
Send this Article

By Jay Lyman
NewsFactor Network
September 16, 2002

In addition to being stealthy, experts said, the ultimate computer virus would
be polymorphic -- able to change its code, message and form to avoid detection.

Computer virus writers are known for building on each other's work to create
ever-deadlier malware. In the future, a truly malicious code might not create an
immediate uproar by hitting the Internet with a big bang. Instead, it could
slowly and quietly seize control of a vast number of computers, doing
significant but not immediately apparent damage to data.

How conceivable is the supervirus threat? "We never say never in this business,"
McAfee.com (Nasdaq: MCAF) virus research manager April Goostree told NewsFactor.
"We've never really seen it, but we've seen some things that are pretty darn
close. I really don't see why it couldn't be done."

But Trend Micro (Nasdaq: TMIC) global director of education David Perry
disagreed, telling NewsFactor that given the nature of viruses today, it is
unlikely that one could cripple the Web. "I really don't believe in the concept
of there being an ultimate computer virus," he said. "There are rumors about
there being a metavirus or megavirus, but it's fiction."



[15] Virtual Soldiers in a Holy War

Date:  Monday, 16 September 2002

Source:  Ha'aretz Daily

Story:  "Virtual Al Qaida" was the main topic of a seminar held in Washington
about three months ago. At issue was the appearance in cyberspace of Web sites,
forums and chat rooms set up by bin Laden supporters, who preach his message of
jihad against the West, heretics, "the Crusaders and the Jews," and their
toadies in Arab countries and the Muslim world.

The purpose of the conference, which was attended by 15 experts, most of them
American, was to examine how the Al Qaida organization and its supporters have
changed since the September 11 attacks. Organized by a private company owned
primarily by CIA alumni, the seminar was essentially meant to give the CIA an
opportunity to listen to more views and hear a range of outlooks.

"For the radical fundamentalist Islamic movements, the Internet is a gift from
heaven," says Reuven Paz, who researches these groups. "I call it `the open
university.' It's available to anyone who is interested."

The radical Islamic movements' use of Western technology - created by the
culture they are railing against - is nothing new. From his headquarters in
Paris, the Ayatollah Khomeini once produced and distributed audio-cassettes
throughout Iran, with sermons that called on the Iranian masses to rebel against
the shah's regime. Osama bin Laden's network of dormant cells of activists who
lay low until called into action has used the Internet to transmit messages,
coded and otherwise, via e-mail.



[16] U.S. Talks Cybersecurity at UN Conference

Seeks greater worldwide cooperation

SEPTEMBER 16, 2002

NEW YORK -- The Bush administration took its cybersecurity message to the world
this month, urging increased cooperation on cybercrime prevention and the
ironing out of legal guidelines.

Speaking here to an audience of 150 diplomats from 22 nations, Paul Kurtz,
senior director for national security for the President's Critical
Infrastructure Protection Board, said that the lessons of Sept. 11 affect the
information security realm and that the world must do more to cooperate and
coordinate its anticybercrime efforts.



[17] Erosion of privacy causes concern

Stephen Bell, Wellington

The Auckland Council for Civil Liberties has "grave concerns" over the
atmosphere of increased tolerance to privacy invasion that has developed in the
year since September 11.

The most severe consequences are naturally in the US, with, for example, a
resurgence of government interest in the FBI's Carnivore email surveillance

New Zealand's environment is rather less aggressive on that front, says ACCL
lawyer Graeme Minchin, but the Crimes Amendment No 6 Bill, with its provisions
for police and the Security Intelligence Service to intercept digital
communications, still gives cause for worry, he says. Pressure to adopt such
measures was strengthened in the wake of September 11.




The source material may be copyrighted and all rights are
retained by the original author/publisher.

Copyright 2002, IWS - The Information Warfare Site

Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site


To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe
infocon" in the body


IWS INFOCON Mailing List
@ IWS - The Information Warfare Site

Reply via email to