London, Thursday, October 24, 2002

                                INFOCON News

                            IWS - The Information Warfare Site



To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
infocon" in the body



                              [News Index]

[1] Cost-effective terror: a van and 13 bullets  
[2] Attack briefly disrupts Net  
[3] IE hopelessly bug ridden
[4] P2P hacking bill may be amended
[5] Bugbear hits Australian parliament 

[6] FBI technology shortcomings hamper sniper investigation
[7] Certifiably Certified 
[8] Making Spammers Pay
[9] E-gov chief says budget delays not hurting tech projects
[10] Bush urges ban on 'morphed' porn

[11] Europe teaches privacy lessons
[12] Legislative delay hinders technology officials' security work
[13] Reverse Engineering Hostile Code
[14] Feds investigating 'largest ever' Internet attack
[15] CIA agents join hunt at home for terrorists  

[16] Database pools crime information
[17] Senate approves legislation extending Navy intranet contract



[1] Cost-effective terror: a van and 13 bullets  
Brian Knowlton International Herald Tribune 
Thursday, October 24, 2002  
For millions in U.S. capital, a siege of fear
WASHINGTON It has been three weeks now since the first shot was fired -
and 3 million people are still ducking and holding their collective

People in the Washington area have now grown accustomed to pumping gas
in a crouch, or at a station sheltered from view (and from a sniper's
scope) by a huge tarpaulin; to fearfully scanning tree-lined stretches
as they drive along increasingly deserted roads; to walking in what
would have seemed a bizarre zigzag fashion through a shopping center
parking lot.

Normally bustling movie theaters are nearly empty in the evenings, as
are many shops and restaurants. Every white van has become suspect - and
white vans, people now realize, are absolutely everywhere.



(The attack was rather unsuccessful apart from the fact that it gave the
average John Doe on the street the impression that it was which is not
good. I received emails from friends sending me links about the event
which is rather useless as I get the information normally before them. 
The interesting bit about this is that none of them are interested in
InfoSec/IA/IO, ..., but it gives me good overview what issues the
average citizen hears about regarding the Internet. Unfortunately, most
of time they heard about it, they hear negative things which makes them
believe lots of the FUD which is spread by some media outlets and some
InfoSec companies. 

Also, I got emails from people who do not understand how the root domain
system works saying that there should be impact. It is important that we
educate people to show them that Internet is not a Cyberterrorist haven
as some people claim.

As said yesterday the attack could only have been successful if it
lasted for a quite a while. At least one good side effect of the attack
is that security of the root server is going to be improved. WEN)

'... But safeguards built into the Internet's architecture mean that
most users would not sense a slowdown in their Internet wanderings until
eight or more of these servers fail. ...'

'... "This time there was no impact," Wray said, "but the next time
there might be." ...'

' ..."It clearly says a lot more about the robustness and the
redundancies of the system than about the vulnerabilities,"
O'Shaughnessy said. ...'

'... As a testament to how new the Internet system is - the first
software to browse the Web emerged only a decade ago - O'Shaughnessy
noted that when telephones lines fail for short periods of time, the
outages get little notice. But when Internet servers suffer, the world
wants to know why, he said. ...'

[2] Attack briefly disrupts Net  
Victoria Shannon International Herald Tribune 
Thursday, October 24, 2002  
Worldwide servers overwhelmed with data
An unusually powerful, coordinated attack on the 13 computers around the
world that act as the backbone of the Internet briefly crippled more
than half of them, but because of the built-in workarounds in the
system, few Internet users likely even noticed. 

The FBI said Wednesday that its cyberdivision was investigating who was
behind the attack, which began Monday at about 2045 GMT and lasted for
about an hour, and what motivated it.

In technical terms, the attack was a "distributed denial of service."
The effect is to overwhelm computers by targeting data at them until
they fail.


Net attack flops, but threat persists

'... A widespread but unsophisticated attack on the computers that act
as the address books for the Internet failed to cause any major
problems, but experts warn that more security is necessary. ...'

'...According to security experts, a more sophisticated attack could
have disrupted the root servers long enough to impair Net access. Had
the attack prevented access to the servers for eight to 10 hours, the
average computer user may have noticed slower response times, said Craig
Labovitz, director of network architecture for denial-of-service
prevention firm Arbor Networks. ....'

'... The FBI has opened an investigation into the attacks, but the
agency will have a hard time finding the responsible person or group
because the distributed attack randomized the source information on each
piece of data, experts said. ...'


[3] IE hopelessly bug ridden
By John Leyden
Posted: 23/10/2002 at 10:54 GMT

Nine closely-related Internet Explorer flaws leave users open to a
variety of powerful attacks, security researchers at Israeli firm
GreyMagic Software warned yesterday. 

The vulnerabilities revolve around object caching and a combination
could enable an attacker to steal private local documents, steal cookies
from any site, forge trusted web sites, steal clipboard information or
even execute arbitrary programs, GreyMagic reveals . 

The issue affects users running IE 5.5 and IE 6. Computers running IE 6
SP1 are vulnerable to a lesser extent, but are still at risk to two of
the nine vulnerabilities. Users of AOL Browser, MSN Explorer are also
affected. Only those using IE 5.0 SP2 have a measure of protection from
the exploits.



[4] P2P hacking bill may be amended 
Bill will have to be reintroduced next year 
By Declan McCullagh
WASHINGTON, Oct. 23 - A proposal to let copyright owners hack into and
disrupt peer-to-peer networks will be revised, a congressional aide said
Wednesday. Alec French, an aide to bill author Rep. Howard Berman,
D-Calif., defended his boss' ideas but acknowledged that some critics
had made reasonable points about the controversial proposal.



[5] Bugbear hits Australian parliament
10:12 Wednesday 23rd October 2002
Jeanne-Vida Douglas, ZDNet Australia   

The Australian government has had its workings interrupted for the
second time by an attack of the Bugbear virus 
The Bugbear virus is causing havoc for the second time in a month at
Australia's Parliament House in Canberra, interrupting the government's
operations and highlighting dangerous security flaws. 

On Tuesday evening, the Department of Parliamentary Reporting staff
circulated an email to all departments, members and their staff within
the nation's foremost government building, asking that they turn their
printers off until further advised. 



[6] FBI technology shortcomings hamper sniper investigation
By Shane Harris

The FBI doesn't have the technological capacity to handle the crushing
volume of leads that agents and police officers in Montgomery County,
Md., have received in the investigation of the Washington-area sniper,
according to law enforcement sources.

A team of agents has set up a system known as Rapid Start at the sniper
investigation command center in Rockville, Md. The team was sent from
the FBI Academy in Quantico, Va., and established a telephone hotline
for tips from the public and a clearinghouse for leads about the
investigation, said Special Agent Chase Foster, a spokesman for the
team. Agents are manually entering the leads into a database at the
command center, which organizes the information and assigns
investigators to follow up, Foster said. 

But the Rapid Start system was never designed to handle large volumes of
information, and is now being pushed to its limits as more than 67,000
calls from the public have poured in.



[7] Certifiably Certified

As security certifications become more plentiful, they are losing their
real value.

By Richard Forno Oct 23, 2002  
A recent issue of SC Magazine, one of the information security
industry's cheerleading trade rags, featured a full-page advertisement
with the following emblazoned across the top of the page: "How to
increase your salary by 21.39% in 7 days or less." 

At first glance, I thought it was from the same people sending "Get Your
Green Card Now" messages to USENET during the 1990s. But to my dismay I
saw it was from a firm offering intensive bootcamp-style training to
technology professionals to earn their security certifications from
ISC2, Cisco, TruSecure, and a suite of other organizations.The
advertisement also had the spamorific phrase "Get IT Security
Certifications Fast" and cited research reports showing that certified
people command higher salaries. 



[8] Making Spammers Pay 

By Jim Wagner 

Jon Larimore, president of Washington, D.C., metro Internet service
provider ZZAPP!, faces the same problem every provider around the world
faces -- allowing access to legitimate mass-marketed e-mail for his
"Our problem is that in our attempts to comply with our subscribers'
firm desire for spam-free mailboxes, however selective the spam blocking
system being used, it will tend to occasionally block advertising which
is not spam," he told internetnews.com. "From a purely pragmatic
standpoint, and because we're fulfilling our subscribers' wishes, it
really doesn't matter much to us whether the occasional valid
advertisement a subscriber actually wants to see fails to reach them." 

Larimore uses a combination of seven DNS-base black lists as well as his
own list of in-house IP blocks to keep known spammers from peppering his
server with millions of junk messages. His customers have repeatedly
said they'd rather miss the occasional legitimate message than find spam
in their inboxes. 



[9] E-gov chief says budget delays not hurting tech projects
By Maureen Sirhal, National Journal's Technology Daily

The head of the Bush administration's e-government initiative said
Wednesday that delays over budget approvals have not adversely affected
information technology projects within federal agencies.

"So far, it has not been a binding constraint," Mark Forman, associate
director of information technology and e-government at the White House
Office of Management and Budget, said in an interview. "We've asked were
there binding constraints and where there have been, we've worked with
the appropriators to take care of that." 

Forman added that the situation is better than he expected. "It's not
nearly what I thought it would be because we've got so much ... that
were multi-year projects," he said. 



[10] Bush urges ban on 'morphed' porn
09:23 Thursday 24th October 2002
Declan McCullugh, CNET News.com   

Warning of the dangers of the Internet, president Bush asks Congress to
ban child pornography where no real minor is involved and praises police
who patrol chat rooms undercover 
President Bush warned parents of the perils the Internet may hold for
their children on Wednesday and urged Congress to outlaw "morphed", or
virtual, child pornography.

Speaking in the Presidential Hall in the White House complex, Bush
described undercover police as "true patriots".



[11] Europe teaches privacy lessons
By Sonia Arrison 
Special to ZDNet
October 23, 2002, 8:12 AM PT

COMMENTARY--Pushed by supporters as a model for the U.S., Europe's tough
Internet privacy regulations have come under fire--from surprising
The recent European Union-sponsored Data Protection Conference on
privacy heard reports from businesses, media outlets, trade unions and
four EU nations that demonstrated why the United States should not
follow Europe's pro-regulation path in protecting Internet privacy.

Ever since the EU's data protection directive took effect in 1998,
pro-regulation privacy advocates have been trying to convince the United
States and the rest of the world to adopt the European model. Under the
directive, e-mail addresses and other personal data can be disclosed or
transferred to third parties only with the individual's explicit
consent. Now that the model has been operational for a few years, the
excessive costs of strong privacy regulations are apparent, but privacy
worries remain high. This has led to criticism from some unexpected



[12] Legislative delay hinders technology officials' security work
By Maureen Sirhal, National Journal's Technology Daily

Federal technology leaders are making progress in coordinating an
e-government infrastructure and harmonizing information technology needs
in preparation for the proposed Homeland Security Department, a white
House official said Wednesday, but the congressional delay in creating
the Cabinet-level agency is hampering the effort.

Jim Flyzik, senior adviser to White House Homeland Security Director Tom
Ridge, explained the strategies and approaches that his office and
federal IT leaders are taking to harmonize government computer systems
in order to maximize efficiency and reduce costs. The effort meets both
new security needs and e-government goals, he said.

"We are working from a standpoint that we need to do information
integration no matter what happens with the proposed Department of
Homeland Security down the road, no matter how it finally evolves,"
Flyzik said at the FedFocus Conference here.



[13] Reverse Engineering Hostile Code 
by Joe Stewart 
last updated October 23, 2002 

Computer criminals are always ready and waiting to compromise a weakness
in a system. When they do, they usually leave programs on the system to
maintain their control. We refer to these programs as "Trojans" after
the story of the ancient Greek Trojan horse. Often these programs are
custom compiled and not widely distributed. Because of this, anti-virus
software will not often detect their presence. It also means information
about what any particular custom Trojan does is also not generally
available, so a custom analysis of the code is necessary to determine
the extent of the threat and to pinpoint the origin of the attack if

This article outlines the process of reverse engineering hostile code.
By "hostile code", we mean any process running on a system that is not
authorized by the system administrator, such as Trojans, viruses, or
spyware. This article is not intended to be an in-depth tutorial, but
rather a description of the tools and steps involved. Armed with this
knowledge, even someone who is not an expert at assembly language
programming should be able to look at the internals of a hostile program
and determine what it is doing, at least on a surface level. 



[14] Feds investigating 'largest ever' Internet attack 
By ComputerWire
Posted: 23/10/2002 at 09:16 GMT

US Federal authorities are investigating an attack on the internet that
has been described as the "largest and most complex" in history. Rather
than a specific entity, the attack was aimed at the domain name system's
root servers, essentially at the internet itself, writes Kevin Murphy. 

In a distributed denial of service attack that began 5pm US Eastern time
Monday and lasted one hour, seven of the 13 servers at the top of the
internet's domain name system hierarchy were rendered virtually
inaccessible, sources told ComputerWire.



[15] CIA agents join hunt at home for terrorists  
Dana Priest The Washington Post 
Thursday, October 24, 2002  
Agency aims to improve ties with FBI
WASHINGTON The Central Intelligence Agency is expanding its domestic
presence, placing agents with nearly all of the FBI's 56 terrorism task
forces in U.S. cities.Law enforcement and intelligence officials say the
step will help overcome some of the communications obstacles between the
two agencies that existed before the Sept. 11 attacks last year.

In many cities, according to local FBI special agents, the CIA employees
help plan daily operations and set priorities, as well as share
information about suspected foreigners and groups. They do not, however,
take part in operations or make arrests.



[16] Database pools crime information
BY William Matthews 
Oct. 23, 2002 

Even months before it will be fully operational, a St. Louis regional
crime database is demonstrating its crime-fighting finesse.

"We were just toying with it and we picked some names randomly," said
U.S. Attorney Raymond Gruender. When investigators typed a name from a
drug case into the database, the search function told them the suspect
was also being investigated by another agency for mail fraud.



[17] Senate approves legislation extending Navy intranet contract
By Amelia Gruber

The Senate last Thursday passed a bill extending the Navy's five-year,
multibillion intranet contract up to seven years.

The Navy Marine Corps Intranet (NMCI) is the Navy's effort to outsource
technology, maintenance and help desk support for more than 400,000
desktops and 200 networks. Electronic Data Systems Corp. was awarded the
five-year contract in October 2000. H.R. 5647, introduced by Rep. Tom
Davis, R-Va., caps the contract at seven years.

The bill now heads to President Bush for his signature.




The source material may be copyrighted and all rights are
retained by the original author/publisher.

Copyright 2002, IWS - The Information Warfare Site

Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site


To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
infocon" in the body


IWS INFOCON Mailing List
@ IWS - The Information Warfare Site

Reply via email to