_________________________________________________________________
London, Monday, October 28, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
---------------------------------------------------------------------
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] NIST sets security checkup standards
[2] Are snipers terrorists, too?
[3] Panel laments 'reactive' approach to homeland security
[4] Some companies dig deep in quest for security
[5] Comment: Trust hackers to dupe users
[6] The hacker's tale: an interview with Kevin Mitnick
[7] ICANN critic won't be silenced
[8] FBI to IT Execs: You Will be a Cyber-crime Victim
[9] Web sites in Spain go blank to protest new laws
[10] SA websites come under attack
[11] Readers Rate Microsoft's Security Progress
[12] You Win the Loss of Your Privacy
[13] Blogger.com survives hack attack
[14] Ruling may expand findings in MS lawsuits
[15] Going crackers over hackers
[16] Weapons of mass destruction
[17] Google's new site shows strong editorial judgment
[18] Why Hackers Don't Care About Wi-Fi
_________________________________________________________________
News
_________________________________________________________________
[1] NIST sets security checkup standards
By Vandana Sinha
GCN Staff
Federal agencies get their first peek Monday at proposed guidelines
that, by spring, will begin to standardize the testing of systems
security.
The National Institute of Standards and Technology developed the
guidelines, to be posted Monday at csrc.nist.gov. Special Publication
800-37 lays out instructions for a security checkup. It is the first in
a three-part series designed to bring consistency to certifying and
accrediting systems security. NIST will accept public comments on 800-37
for three months.
http://www.gcn.com/vol1_no1/daily-updates/20332-1.html
----------------------------------------------------
[2] Are snipers terrorists, too?
Jeffrey Gettleman The New York Times
Monday, October 28, 2002
WASHINGTON Atomized cells. Leaderless revolutionaries. Soft targets.
After Sept. 11, these were the dangers that intelligence officials
warned about. The sniper case amplifies them all.
These days, it is increasingly difficult to figure out who is a
terrorist - or what that even means. Terror - as opposed to terrorism -
may be inflicted by any loner with a vague political grievance and a
gun. John Allen Muhammad, the prime suspect in a string of killings
around the Washington area, is the perfect enigma.
The police say he seems to have been driven by split motivations, a mix
of ideology and rage. Muhammad, a Muslim convert, sympathized with Al
Qaeda and was angry at America, acquaintances said, but he also had
personal problems that may have set him off. In the end, one motive may
have been much more mundane: money. The police say that a note left at a
shooting scene included a demand for $10 million.
http://www.iht.com/articles/75055.html
----------------------------------------------------
[3] Panel laments 'reactive' approach to homeland security
By Jason Peckenpaugh
The United States remains highly vulnerable to terrorist attacks despite
unprecedented efforts to tighten homeland security over the past year,
according to a panel chaired by former senators Gary Hart and Warren
Rudman.
The panel found that billions of dollars in new security funding has
failed to fix weaknesses in information sharing and transportation
security, or to improve the ability of thousands of state and local
"first responders" to deal with terrorist attacks. It also observed that
the federal government has taken a "reactive" approach to homeland
security, moving quickly to shore up security lapses revealed on Sept.
11, but doing little to counter future threats.
"The federal government is dedicating an extraordinary amount of energy
and resources in response to the specific character of the Sept.11
attacks," said the panel's report, which was sponsored by the Council on
Foreign Relations, a think-tank based in New York. "A reactive mindset
is inevitably wasteful in terms of resources and can distract agencies
from anticipating more probable future scenarios and undertaking
protective measures."
http://www.govexec.com/dailyfed/1002/102502p1.htm
See also
http://www.mail-archive.com/infocon@;infowarrior.org/msg00281.html
----------------------------------------------------
[4] Some companies dig deep in quest for security
Dermot McGrath Special to the International Herald Tribune
Monday, October 28, 2002
PARIS Looking for a sense of security in an insecure world, a number of
companies are putting their most valuable computer databases 30 meters
below ground in a bunker - trying to guard against the risk of nuclear
explosion, terrorist attack, chemical or biological warfare, electronic
eavesdropping, electromagnetic "pulse bombs" and former employees bent
on revenge.
Companies in media, finance, telecommunications and biotechnology have
placed their servers in hermetically sealed environments, protected by
pressurized air locks, sophisticated electronic detection systems, steel
doors with a thickness of about 45 centimeters (18 inches), security
personnel and barbed wire.
http://www.iht.com/articles/75068.html
----------------------------------------------------
[5] Comment: Trust hackers to dupe users
Neil Barrett, IT Week [25-10-2002]
As that awful woman on the TV has it, you are the weakest link.
As we strive to improve the security of platforms, networks and
applications provided over networks, increasingly the weakest link in
the chain is the people involved in the systems. Not merely the helpdesk
staff - though they are traditionally a target for "social engineering"
attacks - but now many others within the organisation as well.
Simply phoning a member of staff and asking questions in an attempt to
gain useful information is the most basic type of social engineering
attack. But the most effective attacks depend on an escalating and
sophisticated series of measures. There are four key stages to this type
of attack. First of all, selection: a search is carried out to identify
as many people as possible within an organisation, and a subset of those
people are selected for the actual attack.
http://www.pcw.co.uk/Analysis/1136277
----------------------------------------------------
[6] The hacker's tale: an interview with Kevin Mitnick
Iain Thomson [25-10-2002]
Kevin Mitnick has been the world's most notorious hacker for over a
decade. After two jail terms, the second lasting five years, he was
released in September 2000.
He has since written a book on the art of social engineering and is
starting a consultancy to advise companies on the best way to protect IT
infrastructures.
Firstly, to set the record straight, are you a hacker or a cracker?
Definitely a hacker. Crackers go into systems for financial gain or to
deliberately cause damage. My motivations were those of the prankster
and explorer.
When I went into systems I was usually just looking around or on the
search for specific software for personal use. I've served my time and
those days are now over.
http://www.pcw.co.uk/Analysis/1136282
----------------------------------------------------
[7] ICANN critic won't be silenced
Cantankerous contrarian, ousted from board, vows to keep complaining
By Anick Jesdanun
Associated Press
SCOTTS VALLEY -- Karl Auerbach joined the Internet's key oversight body
as a voice of the online public, pledging to transform an organization
he considers beholden to vested commercial interests.
Auerbach got his change all right.
Fellow board members on the Internet Corporation for Assigned Names and
Numbers responded to Auerbach's caustic challenges by eliminating his
seat and those of the four other publicly elected directors.
Auerbach was consistently the contrarian on a board whose decisions on
Internet domains affect everything from how Web sites are named to how
e-mail is sent.
As he prepares to step down in December, an exhausted and frustrated
Auerbach believes ICANN is as out of synch as ever with the needs of
innovators and the general Internet public.
http://www.dailynews.com/Stories/0,1413,200%257E20950%257E952937,00.html
----------------------------------------------------
[8] FBI to IT Execs: You Will be a Cyber-crime Victim
By Colin C. Haley
FOXBORO, Mass. -- Speaking before a crowd of IT managers, FBI Special
Agent Jim Hegarty couldn't help inserting amusing anecdotes about New
York wiseguys and Soviet intelligence agents.
The crowd-pleasing stories, gleaned from years of field work, could have
come straight from "The Sopranos" or spy novelist John LeCarre.
But on the main topic of the evening, Hegarty's message was sobering:
"You're going to be a victim of cyber-crime, it's going to happen."
Hegarty, who oversees a team of IT investigators based in Boston,
outlined ways to prevent some attacks, or at least, limit the damage
they cause. His remarks came at a security forum sponsored by Lighthouse
Computer Services and held at the Gillette Stadium conference center.
http://www.internetnews.com/dev-news/article.php/1488321
----------------------------------------------------
[9] Web sites in Spain go blank to protest new laws
Associated Press
MADRID - Times have been hard for Georgeos Diaz-Montexano's online
course in Egyptian hieroglyphics. One student in two years, $12 US in
tuition. But Diaz-Montexano pulled the plug on what he calls the world's
only Spanish-language Egyptology site for a different reason: fears of
hassle or a hefty fine under Spain's new law regulating cyberspace.
http://www.ctv.ca/servlet/ArticleNews/story/CTVNews/1035583895538_309930
95///?hub=SciTech
----------------------------------------------------
[10] SA websites come under attack
Posted Thu, 24 Oct 2002
A hacker with a chip on his shoulder has hit South African websites,
reports the Business Day.
The Brazilian hacker, who calls himself 'r00t3rs' has attacked 20
websites with the domain name .co.za, causing the most damage inflicted
on South African websites in a single day, says the daily.
The hacker defaces the websites by entering them and deleting entire
pages, replacing them with blank pages featuring only his name.
http://cooltech.iafrica.com/technews/178837.htm
----------------------------------------------------
[11] Readers Rate Microsoft's Security Progress
By Tom Smith
We've recently looked at the security of Microsoft products from several
angles: how the company has lived up to expectations on its Trustworthy
Computing initiative, how it's managing the flow of security information
to customers, and how individual products are faring from a security
perspective.
In one of the more recent developments, Microsoft and a security company
called GreyMagic are publicly disagreeing over how security flaws should
be reported. GreyMagic has reported several holes in Internet Explorer,
while Microsoft says it's investigating and third parties should report
the flaws to Microsoft for the security of users. What's your view? Take
our poll.
As a follow-up to our recent Microsoft Progress Report, we asked you in
a reader poll to evaluate Microsoft's progress in Trustworthy Computing,
its plan to make security a primary design goal in all its products.
http://www.internetwk.com/security02/INW20021024S0004
----------------------------------------------------
[12] You Win the Loss of Your Privacy
Software at iWon Web Site Tracks Users Even After Removal
By Becky Worley, Tech Live
Oct. 23 - IWon.com offers prize money of up to $1 million to Web surfers
who visit the Internet portal site and make it their homepage. But a
chance to win money also means that members may be losing something more
important: their privacy.
While just browsing the iWon site is relatively harmless, the potential
privacy problem stems from the installation of its iWonPlus subscriber
package, which allows members access to other site features such as
chat.
http://abcnews.go.com/sections/scitech/TechTV/techtv_iwonspyware021023.h
tml
----------------------------------------------------
[13] Blogger.com survives hack attack
By Troy Wolverton
Special to ZDNet News
October 25, 2002, 11:46 AM PT
update Pyra sparked up its popular Blogger.com site Friday after
shutting it down earlier in the day in response to a hacker attack.
The hack compromised individual accounts, locking out site users from
their blogs.
Pyra has taken the machine that was compromised offline and restored the
Blogger site from its redundant servers, said Jason Shellen, the
company's director of business development. Users whose accounts were
compromised should be able to access them again, he said.
http://zdnet.com.com/2100-1105-963375.html
----------------------------------------------------
[14] Ruling may expand findings in MS lawsuits
By Sandeep Junnarkar
Special to ZDNet News
October 25, 2002, 9:46 AM PT
In what could be a legal blow to Microsoft, a federal judge has signaled
that antitrust plaintiffs who filed recent private lawsuits against the
software giant might be able to use findings from the government's
earlier case, according to published reports.
The comments by U.S. District Judge Frederick Motz in Baltimore were
made during a one-day hearing on a motion by plaintiffs Thursday. The
plaintiffs--including number of software makers--asked that they be
allowed to base their lawsuits on the antitrust violations that were
established in the Justice Department's long-running case against
Microsoft.
http://zdnet.com.com/2100-1104-963339.html
----------------------------------------------------
[15] Going crackers over hackers
Author: Alastair Otter , ITWeb journalist
[ITWeb, 24 Oct 2002] I've learned over the past few years while writing
about IT security that if you ever mention the word "hacker" in
reference to someone who breaks into a computer system or defaces a Web
site, you're bound to get a whole lot of "real hackers" coming out of
the woodwork to tell you off.
Each time it is the same story: we're hackers because we like to
"experiment", but they (being the alleged criminal element) are
"crackers" because they have some sort of malicious intent. More often
than not, you get referred to one or other online definition of the
differences between hackers and crackers.
http://www.sundaytimes.co.za/business/technology/Tech3.asp
----------------------------------------------------
[16] Weapons of mass destruction
Rebecca Peters IHT
Monday, October 28, 2002
A plague of small arms
LONDON Ten people died from the sniper's bullets in the Washington area.
In the same three-week period, 1,600 people died from gunfire in the
United States generally, and more than 17,000 around the world.
Apart from evoking horror, high-profile shootings in the United States
cause us to shake our heads and lament the easy availability of guns in
America. The Land of the Free, as we all know, is also the Home of the
Handgun.
But the United States is not the only country affected by the
proliferation of guns. The United Nations recently identified the
widespread availability of small arms (the term preferred in
international diplomatic circles) as a major problem throughout the
world.
http://www.iht.com/articles/75028.html
----------------------------------------------------
[17] Google's new site shows strong editorial judgment
Lee Dembart International Herald Tribune
Monday, October 7, 2002
PARIS Since you are holding a newspaper in your hands, I conclude that
you are interested in news, and since you are reading this column, I
conclude that you have some interest in the electronic goodies that the
world arrays before us.
How about the conjunction of the two?
Many news organizations, including the International Herald Tribune,
have Web sites on which they post what they're publishing or
broadcasting that day, frequently supplemented by additional material
specially prepared for the Internet. In all cases, there are human
editors who select and package the news for the parent publication or
broadcast medium in the first place, and there are additional editors
who oversee putting it on the Web.
http://www.iht.com/articles/72944.html
----------------------------------------------------
[18] Why Hackers Don't Care About Wi-Fi
By Lou Hirsh
www.WirelessNewsFactor.com,
Part of the NewsFactor Network
October 25, 2002
Experts at war driving -- scanning communities for the existence of
wireless networks that can be tapped -- routinely exchange location
secrets and sniffing tips over the Web, the way gamers trade strategies
for reaching new levels.
Call them traditionalists, but breaching wireless networks apparently
does not hold the same allure for hackers as wreaking havoc on closed
systems via the wired Internet -- at least not so far.
Despite efforts to ferret out truly insidious hacking on Wi-Fi systems,
security experts generally have turned up little evidence of nefarious
activity. For instance, one honeypot set up by a government contractor
in the Washington, D.C., area earlier this year failed to attract much
attention in its first few weeks.
One possible explanation is that hacking Wi-Fi is too easy. And with
constant warnings about how porous these networks can be, users have
been cautious about transmitting sensitive data over them, so there is
not much to steal.
http://www.newsfactor.com/perl/story/19776.html
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
