[Today's issue is delayed as I was attending an IO/IA workshop in London. There will be no Infocon News till maybe Thursday/Friday as London is under a massive 'infrastructure attack' per 20.00 tonight (not by any Al Qaeda terrorists or any cyberterrorists, but by striking tube (underground) workers. WEN]
Travellers braced for Tube strike http://news.bbc.co.uk/1/hi/england/2277687.stm _________________________________________________________________ London, Tuesday, September 24, 2002 _________________________________________________________________ INFOCON News _________________________________________________________________ IWS - The Information Warfare Site http://www.iwar.org.uk _________________________________________________________________ IWS Sponsor IQPC Defence Conference: Information Operations 2002 25-26/09/02 Information Operations 2002: Analysing development in defensive and offensive information operations, critical infrastructure protection, information assurance and perception management. September 25 - 26, 2002. London, UK (Pre-Conference Masterclass: 24th September 2002) Information Operations 2002 Conference Web Site http://www.iqpc-defence.com/GB-1826 _________________________________________________________________ ---------------------------------------------------- [News Index] ---------------------------------------------------- [1] FBI cyber chief heralds interagency cooperation [2] Military Space Operations: Planning, Funding, and Acquisition ... [3] At least 100 countries building cyber weapons - expert [4] Third slapper worm hits the street [5] ICANN closes in on .org successor [6] FBI agent: Break down the intelligence 'wall' [7] Philip Morris sues Internet sites [8] Internet phone calling: A firm fails to connect [9] Privacy Advocate Voices Mobile Spam Concerns [10] Canadians more wired about shopping on Net [11] Justice Department formalizes information sharing guidelines [12] Computers vulnerable at Oregon department [13] When is hacking a crime? [14] Linux hacker tracked to Surbiton... [15] Microsoft tweaks Xbox to thwart hackers [16] Sun Crypto curves into open source project [17] From bipartisan beginnings, homeland bill now a divider _________________________________________________________________ News _________________________________________________________________ [I hope this time the cooperation will work better than last time. Ron Dick seems to be keen on two way information sharing: >From a July Statement for the Record of Ronald L. Dick, Before the House Committee on Governmental Reform, Government Efficiency, Financial Management and Intergovernmental Relations Subcommittee Dick: '... At the NIPC we continue to seek partnerships which promote two-way information sharing. As Director Mueller stated in a speech on July 16th, "Prevention of terrorist attacks is by far and away our most urgent priority." We can only prevent attacks on our critical infrastructures by building an intelligence base, analyzing that information, and providing timely, actionable threat-related products to our public and private sector partners. We welcome the efforts of your Committee in improving information sharing, and I look forward to addressing any questions you might have.' The future will show whether this will be possible or not. All I can say: actions speak louder than words. Good luck. WEN] [1] FBI cyber chief heralds interagency cooperation By Bara Vaida, National Journal's Technology Daily Ron Dick, the director of the FBI's National Infrastructure Protection Center, said the FBI's new effort to partner with the Secret Service on investigating cyber crimes is aimed at marshalling resources. At the launch of the national cybersecurity protection plan last week, the FBI and Secret Service announced a new pilot program where several field offices of both agencies agreed to work together on investigating cyber crimes to determine who is behind a particular attack. "If you look at what we've done with the Infragard program and what they've done with the Electronic Crimes Task Force...we can leverage the capabilities of both staffs," said Dick in an interview with National Journal's Technology Daily. Full story: http://www.govexec.com/dailyfed/0902/092302td1.htm ---------------------------------------------------- [Interesting report. WEN] The United States is increasingly dependent on space for its security and well being. The Department of Defense's (DOD) space systems collect information on capabilities and intentions of potential adversaries. They enable military forces to be warned of a missile attack and to communicate and navigate while avoiding hostile action. And they provide information that allows forces to precisely attack targets in ways to minimize collateral damage and loss of life. DOD's satellites also enable global communications, television broadcasts, weather forecasting; navigation of ships, planes, trucks, and cars; and synchronization of computers, communications, and electric power grids. This growing dependence, however, is also making commercial and military space systems attractive targets for adversarial attacks. According to DOD, our adversaries are exploring such capabilities as directed energy weapons, space object tracking systems, physical attacks on satellite ground stations, and signals jamming. Moreover, our adversaries are gaining access to space-based information as well as acquiring new spacebased capabilities. In view of this growing threat, DOD is taking on efforts to strengthen its ability to protect and defend space-based assets, also known as "space control."1 Given the importance and potential costs of its acquisitions related to space, we identified DOD's efforts to strengthen its ability to protect and defend its space assets and the challenges facing DOD in making those space control efforts successful. [2] Military Space Operations: Planning, Funding, and Acquisition Challenges Facing Efforts to Strengthen Space Control. GAO-02-738, September 23. http://www.gao.gov/cgi-bin/getrpt?GAO-02-738 ---------------------------------------------------- [Hmmm. Matt did you get misquoted? WEN] [3] At least 100 countries building cyber weapons - expert By John Lettice Posted: 24/09/2002 at 10:09 GMT Cyberterrorism hyping has reached new heights - according to a report in the Melbourne Herald Sun, at least. The Herald quotes expert Matthew Devost, speaking at a meeting at the US consulate there recently, as claiming the CIA believes at least 100 countries are investigating waging war by computer, or cyberterror. Mr Devost is proprietor of terrorism.com, incidentally, which is something of a misnomer, as he's in the counter-terrorism game. Should any bona fide terrorist take him to the ICANN disputes panel we fear he'd be on difficult ground. But 100 countries? Could the CIA possibly believe this? Who are these countries? http://www.theregister.co.uk/content/6/27265.html ---------------------------------------------------- [4] Third slapper worm hits the street By Iain Thomson [24-09-2002] Hackers eye virus as base for development Barely 24 hours after the Slapper B worm started to show up on antivirus monitoring stations, a new variant has cropped up. According to security specialist ISS, Slapper C has infected 1,500 servers already and is spreading, although a source point has not been identified at this time. The company warned that the source code for Slapper has spread quickly among the underground community, and will be the development platform of choice for future attacks. http://www.vnunet.com/News/1135304 ---------------------------------------------------- [5] ICANN closes in on .org successor 09:03 Tuesday 24th September 2002 Reuters The Internet address regulator gives a nod to a group of thousands of computer engineers in their bid to run the non-profit domain The backing of a key domain regulator on Monday brought a group of computer professionals closer to control of the .org Internet domain, home to millions of nonprofits and community groups. The Internet Society, a group of 11,000 engineers and other networking experts, won another round in the months-long process to gain management the Internet's fifth-largest domain when the Internet Corporation for Assigned Names and Numbers (ICANN) reaffirmed its opinion that the Virginia nonprofit was the best-qualified of 11 applicants. http://news.zdnet.co.uk/story/0,,t278-s2122732,00.html ---------------------------------------------------- [6] FBI agent: Break down the intelligence 'wall' By Brian Friel An exchange between an FBI agent and the agency's headquarters, made public last week, shows that even before Sept. 11, the barrier between intelligence and law enforcement investigations-a barrier designed to protect civil liberties-got in the way of efforts to protect Americans from terrorists. The conflict between civil liberties and investigator powers has sparked debates about lifting limits on federal law enforcement agents and intelligence officers and about eliminating gaps between agencies and functions that terrorists exploit to avoid capture. The conflict also raises questions about how to best reorganize Cold War-focused federal functions to combat terrorism. http://www.govexec.com/dailyfed/0902/092302b1.htm ---------------------------------------------------- [7] Philip Morris sues Internet sites Cigarette maker aims to stop sellers from using trademarks NEW YORK, Sept. 23 - Philip Morris Cos. Inc. , the world's largest cigarette maker, Monday said it filed eight lawsuits aimed at stopping sellers of cigarettes over the Internet from using Philip Morris trademarks. http://www.msnbc.com/news/811757.asp?0si=- ---------------------------------------------------- [8] Internet phone calling: A firm fails to connect Don Kirk International Herald Tribune Monday, September 23, 2002 SEOUL Kim Dae Sun, vice president of Serome Technology Inc., avoided the usual euphemisms for the disasters that have befallen his once pioneering and high-flying company. "The boom of the Internet era has been collapsing," Kim said, "and the market is not as good as we expected." His words contrast sharply with the promise associated since the mid-1990s with Serome's business, using the Internet for making cheap phone calls. http://www.iht.com/articles/71419.html ---------------------------------------------------- [9] Privacy Advocate Voices Mobile Spam Concerns By boston.internet.com September 19, 2002 As advertisers gear up for a mobile marketing push in the United States, a privacy advocate is concerned the menu of messages will consist largely of spam. The technology, which delivers product pitches, special offers, sweepstakes and coupons to cell phones, is already popular in Europe, where advertisers will spend $53 million on mobile campaigns this year, according to recent findings by Jupiterresearch. (Jupitermedia, the parent of Jupiterresearch, also is the publisher of this Web site.) http://allnetdevices.com/wireless/news/2002/09/19/privacy_advocate.html ---------------------------------------------------- [10] Canadians more wired about shopping on Net Clickers shelled out almost $2-billion in '01 By MARINA STRAUSS RETAILING REPORTER Friday, September 20, 2002 - Page B1 Canadians spent almost $2-billion shopping on the Internet last year, "substantially" more than the previous year, Statistics Canada reported yesterday -- and analysts expect a further leap in 2002. On-line shoppers in an estimated 2.2 million households shelled out nearly $2-billion in 2001, compared with about $1.1-billion in an estimated 1.5 million households a year earlier, Statscan reported. The federal agency nevertheless cautioned against a direct comparison between data from the two years because of different tracking methods: The latest figures captured cybershopping from households that regularly used the Internet from various locations, while the previous data looked only at on-line shopping conducted from the home. http://www.globeandmail.com/servlet/ArticleNews/PEstory/TGAM/20020920/RONLI/Head lines/headdex/headdexBusiness_temp/1/1/63/ ---------------------------------------------------- [11] Justice Department formalizes information sharing guidelines By Drew Clark, National Journal's Technology Daily Attorney General John Ashcroft on Monday released guidelines designed to formalize the way in which federal prosecutors share information, including data obtained from electronic surveillance, with the CIA and other intelligence officials. The guidelines flow from last October's sweeping anti-terrorism bill, which empowered prosecutors to share information obtained through grand jury testimony or through electronic, wire or oral interception of information. Prior to passage of the landmark anti-terrorism legislation, known as the Patriot Act, prosecutors were specifically barred from sharing such information to intelligence, protective, immigration, defense or national security officials. http://www.govexec.com/dailyfed/0902/092302td2.htm ---------------------------------------------------- [12] Computers vulnerable at Oregon department 09/23/02 LES ZAITZ SALEM -- The state Department of Human Services has systematically neglected computer security for years, leaving Oregon's largest agency vulnerable to hackers and thieving employees who can pay themselves public benefits, according to an internal agency report. A consultant hired to evaluate the agency's computer safeguards found lapses at every level. State auditors identified similar problems a year ago, and agency leaders then promised to fix them. They still haven't. http://www.oregonlive.com/news/oregonian/index.ssf?/xml/story.ssf/html_standard. xsl?/base/front_page/1032782122290112.xml ---------------------------------------------------- [13] When is hacking a crime? By Robert Lemos Special to ZDNet September 23, 2002, 4:32 AM PT Kevin Finisterre admits that he likes to hew close to the ethical line separating the "white hat" hackers from the bad guys, but little did he know that his company's actions would draw threats of a lawsuit from Hewlett-Packard. This summer, the consultant with security firm Secure Network Operations had let HP know of nearly 20 holes in its Tru64 operating system. But in late July, when HP was finishing work to patch the flaws, another employee of Finisterre's company publicly disclosed one of the vulnerabilities and showed how to exploit it--prompting the technology giant to threaten litigation under the Digital Millennium Copyright Act. Finisterre, who was not hired by HP, now says he'll think twice before voluntarily informing another company of any security holes he finds. http://zdnet.com.com/2100-1105-958920.html ---------------------------------------------------- [14] Linux hacker tracked to Surbiton... Would Swordfish have been sexier if Travolta and Jackman lived in Surbiton... or perhaps Thames Ditton...? London commuter town Surbiton, once famed as the home of seventies sit-com the Good Life, and held up as the very model of suburban life, has found itself at the centre of a trans-Atlantic police investigation into cyber-crime. Scotland Yard and the FBI last week traced a 21-year-old British man to the sleepy tree-lined streets of Surbiton and arrested him for allegedly writing and distributing the T0rn rootkit tool which enables users to hack Linux servers. http://www.silicon.com/bin/bladerunner?30REQEVENT=&REQAUTH=21046&14001REQSUB=REQ INT1=55667 ---------------------------------------------------- [15] Microsoft tweaks Xbox to thwart hackers And to cut costs Microsoft has changed the internal configuration of its Xbox game console, a move intended to thwart hackers and lower manufacturing costs. Word of the changes began spreading on sites devoted Xbox hacking, with some buyers of recently manufactured Xbox units complaining that mod chips designed for the original console won't work now. Microsoft Xbox spokeswoman Molly O'Donnell confirmed that the company had made minor changes to the console's configuration as part of ongoing efforts to "increase security and reduce overall costs". http://www.silicon.com/bin/bladerunner?30REQEVENT=&REQAUTH=21046&14001REQSUB=REQ INT1=55673 ---------------------------------------------------- [16] Sun Crypto curves into open source project By John Leyden Posted: 23/09/2002 at 14:35 GMT Sun Microsystems has donated its Elliptic Curve Cryptography technology to the OpenSSL project. The donation is designed to boost efforts among developers to move to the latest encryption technology and enhance Sun's reputation as a provider of secure technology. http://www.theregister.co.uk/content/55/27247.html ---------------------------------------------------- [17] From bipartisan beginnings, homeland bill now a divider By Molly M. Peterson, CongressDaily Most members of Congress have voiced support for President Bush's proposal to consolidate 22 existing federal entities into a 170,000-employee Homeland Security Department. But legislation to implement Bush's plan for what would be the largest reorganization of the federal government in 50 years has triggered partisan clashes over administrative flexibility, product liability, security-screening deadlines and other key issues affecting the technology industry. "I had hoped that we could set up a department that would be lean and agile and of the future, that would maximize the use of technology, that would capitalize on the spirit of innovation and new technologies,"House Minority Whip Nancy Pelosi, D-Calif., said during floor debate on the House version of the bill. "But, sadly, it does not." Pelosi, who served as ranking Democrat on the House Homeland Security Select Committee, has said the GOP-favored plan would create a "bloated, 1950s, bureaucratic department" while stripping its employees of civil-service protections, weakening information-disclosure laws, and providing the manufacturers of defective counterterrorism technology with "unprecedented" liability protection. http://www.govexec.com/dailyfed/0902/092302cdam.htm ---------------------------------------------------- _____________________________________________________________________ The source material may be copyrighted and all rights are retained by the original author/publisher. Copyright 2002, IWS - The Information Warfare Site _____________________________________________________________________ Wanja Eric Naef Webmaster & Principal Researcher IWS - The Information Warfare Site <http://www.iwar.org.uk> --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
