Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site

The information in this email is confidential and may be legally
privileged. It is intended solely for the addressee. Access to this
email by anyone else is unauthorised. If you are not the intended
recipient, any disclosure, copying, distribution or any action taken or
omitted to be taken in reliance on it, is prohibited and may be

-----Original Message-----
From: Wanja Eric Naef [IWS] [mailto:[EMAIL PROTECTED]] 
Sent: 16 October 2002 16:19
To: Wanja Eric Naef [IWS]
Subject: News 10/16/02


                      London, Wednesday, October 16, 2002

                                INFOCON News

                            IWS - The Information Warfare Site



To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
infocon" in the body



                              [News Index]

[1] Senator calls for new intelligence agency
[2] Sklyarov denied US visa to testify in DMCA case
[3] Stupid Bugbear tricks
[4] Military, witnesses aid hunt for sniper
[5] Where's the money?

[6] Freed hacker Mitnick debunks myths
[7] (UK) 'Complacent' companies slammed for poor security policies
[8] Information clampdown bugs scientists
[9] Fear Factor
[10] Spam poses threat to privacy

[11] Net security chief leaves too many questions unanswered
[12] Interpol: Cybercrime fight must be global
[13] Windows Messenger is new spam vector
[14] DOD appropriations progress
[15] Agencies' homeland security spending may bolster high-tech sector

[16] Intel touts security on a chip
[17] New TSP computer system hits another delay



(Intelligence is the way to go as it is impossible to protect every

One of my favourite quotes saying that it is impossible to have 100%

'The number one threat to American national security during this long
war is neither anthrax nor truck bombs . it is uncontrolled spending. We
cannot afford to put guards on every bridge and at every critical node
of our infrastructure. We cannot afford a sophisticated chemical and
biodetector in every government building. America cannot afford a
risk-free society in a world of global terrorism. The enemy's strategy
is to destroy our economy. We must not facilitate their efforts. America
will need to spend considerable sums of money to ensure our security .
but we must do it wisely . there will be no money to waste on irrational
fear and unconscionable pork. We must develop a strategic plan to guide
our efforts. This must include federal, state and local governments,
plus the private sector. Since 9-11, more than 130 bills regarding
homeland security have been introduced in the House of Representatives.
This is not the example of spending based on a strategic plan. 

"The outcome of this war will determine the type of nation our
grandchild will know. I do not want that to be a nation that is

Randall Larsen, Director, ANSER Institute for Homeland Security, at the
National Defense University Symposium on Quadrennial Defense Review 2001


Unfortunately, most of the current homeland security efforts do not
focus on how to improve the intelligence gathering and more important
sharing and analysing bit. In the media there were some story that there
might have been a 5th plane, but the potential pilot was denied entry to
the US, so it took never place (if the story is true, was it an Intel
success?).  The problem generally is that the public never hears the '99
times' when Intel agencies were successful in preventing terrorist
attacks and they have to realise that there is no 100% success rate as
the tragic events of September have shown.  There are lots of good
people around in the Intel business, but unfortunately people are not
always listening to their advice (where to put security measures in
place and where not to) . A good of example of this is Peter Caram's
book 'The 1993 World Trade Center Bombing - Foresight and Warning'.
Peter Caram, Detective Sgt, retired was in charge of anti-terrorist
intelligence at the Port Authority of New York and New Jersey. Caram
warned several times that the World Trade Center was very vulnerable to
car bombs of public parking at the WTC, but his warnings were ignored.
>From his book, '(1984 Report) ... the subgrade area (the WTC underground
parking lot) was a shopping mall for any terrorist with an explosive
laden vehicle. ...' WEN).

[1] Senator calls for new intelligence agency
>From National Journal's Technology Daily 

Sen. John Edwards, D-N.C., this week called for the creation of an
agency that would assume domestic intelligence-gathering duties about
terrorists from the FBI.

In a speech before the Center for Strategic and International Studies,
Edwards criticized the Bush administration's handling of intelligence
gathering. He said that while he supports the creation of a Homeland
Security Department, "the most urgent priority for our domestic defense
today is not moving boxes on an organization chart. Our most urgent
priority is stopping the enemy in our midst: identifying the terrorist
cells within the U.S."

Edwards said the FBI has failed in that role because it lacks the right
skills, strengths or staff to be a successful intelligence agency. He
said a new agency, similar to a British outfit known as MI5, should be
established to gather intelligence on domestic terrorist threats. Former
CIA Director R. James Woolsey proposed that idea last month.


(I will never forget the stock market graph of Adobe once Dmitry
Sklyarov was arrested as it shows that online in combination with 
Offline political protests can be very successful. WEN)

[2] Sklyarov denied US visa to testify in DMCA case
By John Leyden
Posted: 16/10/2002 at 10:51 GMT

Dmitry Sklyarov, the Russian programmer at the centre of the first
Digital Millennium Copyright Act (DMCA) prosecution, has been denied a
US visa in a move that jeopardises his requirement to testify in the
forthcoming trial of his former employers, ElcomSoft. 

ElcomSoft's chief executive, Alexander Katalov, has likewise been denied
a visa, Planet PDF reports, in a move that surely means the already
delayed October 21 start of the trial will be put back still further.



'... In the case of Bugbear the cyberterrorists were asleep at the
switch, too. Whoever wrote the thing wasted their time witlessly
programming a lengthy table of anti-virus programs into it. ...'

[3] Stupid Bugbear tricks
By George Smith, SecurityFocus Online
Posted: 15/10/2002 at 21:24 GMT

"Please, please, please" came the blandishments of the P.R. men. "If you
want to talk to someone about Bugbear, pleeze give me a call," twittered
one. Dear Sir, would you notice my client's rubbish for a computer virus
story angle? 

But even when ignored, the work of the flacks remains astonishingly
efficient. I often received their humorless memos well before the
presentation of even the fastest moving electronic disease. 

With Bugbear it was no different and the virus was no match for these
powers of mobilization. It arrived late, well behind advertisements
citing it, dragging along aft of one SirCam but in front of twelve
pieces of mail from the tomfool Dr. Greg Odili of Nigeria. 



(Horrible situation for the people living in these areas, nevertheless
it is a very interesting case study on how much it actually takes to
terrorise a nation and spread fear and how vulnerable we all are. If I
am not mistaken there is even an entry about such attacks in the
al-Qaeda handbook (not sniper though). In this case, though, it is very
likely that a single madman caused all the mayhem. WEN) 

[4] Military, witnesses aid hunt for sniper
Wednesday, October 16, 2002 Posted: 9:35 AM EDT (1335 GMT)

Suspect vehicles: 
White Chevrolet Astro-type minivan with a ladder rack on its roof; Ford
Econovan with a ladder rack on its roof; white box-type truck 
FALLS CHURCH, Virginia (CNN) -- Military aircraft will return to the
skies around the nation's capital to help search for the marksman who
has killed nine people, the latest victim a woman gunned down a few feet
from her husband. 

Defense Secretary Donald Rumsfeld on Tuesday night approved an FBI
request for use of the military aircraft. The planes, equipped with
high-tech surveillance equipment, will be flown by military pilots
accompanied by federal agents. (Full story) 

The slaying Monday night of FBI employee Linda Franklin apparently was
the closest the killer has come to being seen. Witnesses in the vicinity
of Franklin's slaying and in another of the area killings saw an
olive-skinned man in a white van, law enforcement sources said Tuesday.




 [5] Where's the money?
Oct. 14, 2002 

It's a story federal information technology managers are all too
familiar with: Congress mandates that they must secure their networks
from cyberattacks, but fails to appropriate the money needed to properly
safeguard systems.

The latest story of shortfalls in IT security spending - and this one is
especially troubling - comes from the National Nuclear Security
Administration (NNSA). This Energy Department agency was formed in 2000
to manage programs in nuclear weapons, nuclear nonproliferation and
naval reactors. Its mission represents "the most significant information
and physical security challenge in the nation, if not the world,"
according to a former information assurance expert at the National
Security Agency.



(Kevin Mitnick had very bad luck as the government made an example out
of him and he was certainly not a major threat to national security. He
has written a book called The Art of Deception: Controlling the Human
Element of Security which I really want to read as I am curious what he
has to say. WEN)



[6] Freed hacker Mitnick debunks myths

By Iain Thomson [16-10-2002]

World famous hacker shares secrets in new book

The world's most notorious hacker Kevin Mitnick claims that false
accusations of breaking into top secret US installations were used to
demonise him by law enforcement agencies in their fight to bring him to

In an interview with vnunet.com, he described himself as a hacker not a
cracker, a prankster and explorer who was motivated by a desire to see
how things worked rather than malicious intent or a thirst for profit.



[7] 'Complacent' companies slammed for poor security policies

By Will Sturgeon, silicon.com
14 October 2002
A survey of IT security managers and administrators, found that 54 per
cent believe their organisation is not doing enough to combat the
threats, despite 34 per cent of the respondents saying their companies
had experienced cybercrime. 
More than half of the UK firms surveyed admit they are not doing enough
to combat cybercrime--even though one third have been hacked, according
to a survey from Learning Tree International. 



[8] Information clampdown bugs scientists 
After Sept. 11, federal government removes public access to data,
orders CD-ROMs destroyed 
INDIANAPOLIS, Oct. 14 -  Some scientists are running into a major
post-Sept. 11 stumbling block: Federal restrictions have eliminated
access to information vital to their studies.    



[9] Fear Factor

STANLEY "STASH" JAROCKI doesn't act like the agreement he recently
signed with the FBI's National Infrastructure Protection Center (NIPC)
is a big deal. "It's a prenuptial-nothing exotic," says Jarocki,
chairman of the Financial Services Information Sharing and Analysis
Center (ISAC) and vice president of information security engineering at
Morgan Stanley. 
But, in fact, it's a huge deal. With the memorandum of understanding
Jarocki signed last June, the ISAC-which was formed in 1999 to give
financial companies a place to exchange information about security
threats out of the earshot of regulators and law enforcement-has agreed
to talk at least once a week to the NIPC, a law enforcement coordination



[10] Spam poses threat to privacy
Workplace privacy will be casualty in war on spam

If you thought the problem of junk e-mail was bad enough now then it is
about to get a whole lot worse. 

"You ain't seen nothing yet," said Satish Ramachandran, chief executive
of Mirapoint, a company which provides software to deal with the menace
of unwanted commercial e-mails. 

One of the first casualties of the fight against spam in the workplace
would be privacy, said Mr Ramachandran. 



[11] Net security chief leaves too many questions unanswered

By Hiawatha Bray, Globe Staff, 10/14/2002

When President Bush's Internet security chief Richard Clarke visits MIT
on Wednesday, he'll probably receive a polite and courteous response. 

And that's a shame. Nothing against Clarke, mind you. He's saddled with
the massive responsibility of protecting the nation's sensitive computer
systems from attack by terrorists and criminals. It's a tough job and he
deserves a sympathetic hearing. But we should also lob some hard
questions his way, questions that go unanswered in the document that
Clarke is coming to discuss.

It's called ''The National Strategy to Secure Cyberspace.'' As an
overview of the challenges involved, it's pretty good stuff. Download a
copy at www.whitehouse.gov/pcipb, and see for yourself. As a road map
for action, though, it's like a sip of weak tea. Imagine a World War II
strategy document in which Eisenhower suggests that it might be nice to
invade Normandy, and you'll get the general tone.


More from the Infocon archive:

[netsec-letter] #21, Securing Cyberspace -- Comments on the National

[INFOCON] - News 09/19/02

[INFOCON] - OCIPEP: Release of U.S. National Strategy to Secure

[INFOCON] - America's National Cybersecurity Strategy: Same Stuff,
Different Administration


[12] Interpol: Cybercrime fight must be global
13:21 Wednesday 16th October 2002

International experts in fighting cybercrime are calling for
computer-offence legislation to be more widely established, and greater
cooperation in combating crime 
Top international cybercrime-busters wrapped up a three-day conference
in the world's most wired country on Wednesday with a call for greater
global cooperation to fight online offences. 

Senior cybercrime police officers from 37 countries agreed at a meeting
in South Korea that worldwide investigations were needed to chase online
criminals who operate with little regard for state frontiers. 



[13] Windows Messenger is new spam vector
By Thomas C Greene in Washington
Posted: 16/10/2002 at 08:44 GMT

The forces of evil have produced a devilish tool whereby spam can be
sent to thousands of Windows users in minutes, in the guise of system
alerts. This was brought to our attention by reader Mike MacNeill, who
sent us a screenie of a Windows system alert offering him the university
diploma of his dreams with "no required tests, classes, books or
interviews," in the classic manner. Below is a smaller example: 

The scam is the brainchild of an outfit called DirectAdvertiser, and
leverages the Windows RPC (Remote Procedure Call) function. I downloaded
the demo version and played around for a while. My results may not be
entirely accurate because I didn't use the full, $700 version, and
because I used it on my own network behind a firewall. However, running
Ethereal on the box and trying it out revealed packets destined for
ports 135 (DCE/RPC), 137 (NetBIOS name service) and 138 (NetBIOS UDP) on
the target.



[14] DOD appropriations progress
BY Dan Caterinicchia and Christopher J. Dorobek 
Oct. 11, 2002 

Congressional negotiators this week settled on recommending $355.1
billion in new discretionary spending for the Defense Department for
fiscal 2003, with a focus on improvements for the military's command,
control, communications, computers, intelligence, surveillance and
reconnaissance (C4ISR) functions.



[15] Agencies' homeland security spending may bolster high-tech sector
By Molly M. Peterson, National Journal's Technology Daily

Innovative homeland security products could enable some investors to
buck the downward trend in the general high-tech sector, several venture
capitalists said Tuesday. 

"I contend that security investments are holding their own and are
escalating," Michelle Kraus, founder of Accelerator Group, said during a
conference sponsored by the Council of Security and Strategic Technology

Kraus, who moderated a panel discussion on security-investment trends
and opportunities, said "investments are being made every day" in
firewalls, authentication technology, routers and other technology
products that could help protect critical infrastructures and
information networks. 


[16] Intel touts security on a chip
By John Leyden
Posted: 15/10/2002 at 17:51 GMT

Intel today announced what it bills as the industry's first network
processor for secure content processing. 

The Intel IXP2850 network processor features high-performance packet
processing with security features in a single chip and is designed for
applications such as Virtual Private Networks, Web services and Storage
Area Networks. 

Hardware mechanisms within the chip enable popular encryption standards
such as 3DES and the recently introduced Advanced Encryption Standard to
be implemented at speeds up to 10Gbps, according to Intel. The company
is positioning the part as an alternative to customised ASICs commonly
found in current high-speed firewall/VPN appliances from the likes of


[17] New TSP computer system hits another delay
By Brian Friel

A new computer system that would give federal employees more control
over their 401k-style Thrift Savings Plan accounts won't debut in
November as scheduled, the TSP board announced Friday. 

The delay is the sixth time in two and a half years that the system's
launch has fallen behind. This time, the delay was blamed on testing
that found the new system couldn't handle large numbers of TSP
transactions at once. TSP officials issued a statement saying a new
launch date has not been set.

"Evaluation of approaches to achieve the requisite increase in the
system's processing speed is now under way, but sufficient progress has
not yet been made in this effort to permit the establishment of a new
schedule for system implementation," the TSP statement said. "In the
interim, the board will continue to use its current well-proven monthly
valued system." 



The source material may be copyrighted and all rights are
retained by the original author/publisher.

Copyright 2002, IWS - The Information Warfare Site

Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site


To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
infocon" in the body


IWS INFOCON Mailing List
@ IWS - The Information Warfare Site

Reply via email to