[INFOCON] - News 11/27/02
_ London, Wednesday, November 27, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ - To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body - _ [News Index] [1] Most homeland security agencies to move by March, White House says [2] Intelligence experts pan call for domestic spying agency [3] Lawmaker urges Bush to fill key homeland positions [4] FEMA debuts DisasterHelp.gov [5] Secure Programming with .NET [6] Free Chinese Net users - Amnesty [7] AKO offers secure portal lessons [8] Hackers Fight Censorship, Human Rights Violations [9] Firms to splash cash on IT security [10] Winning the Cybersecurity War [11] Justice Department outlines security roadmap for chemical plants [12] RIAA punishing Navy cadets 'because it can' [13] Court finds limits to California jurisdiction in cyberspace [14] Lawyers Fear Misuse of Cyber Murder Law [15] The seven deadly sins of e-tailers [16] Command to score joint C2 [17] RealPlayer security fix is faulty [18] Possessed! The Solaris font daemon [19] Feds break massive identity fraud _ CURRENT THREAT LEVELS _ Electricity Sector Physical: Elevated (Yellow) Electricity Sector Cyber: Elevated (Yellow) Homeland Security Elevated (Yellow) DOE Security Condition: 3, modified NRC Security Level: III (Yellow) (3 of 5) _ News _ [1] Most homeland security agencies to move by March, White House says By Jason Peckenpaugh The White House released its initial plan for organizing the Homeland Security Department on Monday, including a time frame for moving agencies to the new department. Pending Senate confirmation, Homeland Security Secretary-designate Tom Ridge will take office on Jan. 24, and nearly all of the agencies slated to move to the department will transfer on March 1. All agency transfers will be completed by Sept. 30, 2003 according to the plan, which was required under the Homeland Security Act that President Bush signed Monday. The plan does not state whether any employees will move offices when their agencies are transferred. The White House is looking for office space in the Washington area, and District of Columbia politicians, including Del. Eleanor Holmes Norton, D-D.C., have argued the new department's headquarters should be in the District. Northern Virginia offers additional sites for the potential headquarters, according to Rep. James Moran, D-Va. "Because we built more than in Maryland and the District, we have more office space and you can get very good prices," he said in a recent interview with Government Executive. http://www.govexec.com/dailyfed/1102/112602p1.htm [2] Intelligence experts pan call for domestic spying agency By Drew Clark, National Journal's Technology Daily A new domestic spying agency would neither serve the interests of police or spying agencies nor ameliorate Americans' fears about enhanced electronic surveillance by the government, a panel of intelligence experts largely agreed, for different reasons, on Friday. The proposal, reportedly discussed in the White House, is one of the recommendations of the Gilmore Commission, an advisory panel on terrorism and weapons of mass destruction. The issue gained renewed attention with a Nov. 18 decision of a secret court that expanded the government's authority to use intelligence information in criminal prosecutions. Attorney General John Ashcroft praised the decision, but civil liberties advocates said it represented a new avenue for spying on Americans. http://www.govexec.com/dailyfed/1102/112602td1.htm [3] Lawmaker urges Bush to fill key homeland positions >From National Journal's Technology Daily A key
[INFOCON] - (MIL) Electronic Warfare: Comprehensive StrategyStill Needed for Suppressing Enemy Air Defenses
(During the Kosovo campaign the Americans were very keen on German EW Tornado aircrafts as they lacked EW equipment. According to GAO the US military has still not beefed up their EW capabilities. The GAO report is not bad, but it does not take into account other problems (operational procedures, ...) which also hinder mission success. WEN) Electronic Warfare: Comprehensive Strategy Still Needed for Suppressing Enemy Air Defenses. GAO-03-51, November 25 http://www.gao.gov/cgi-bin/getrpt?GAO-03-51 Highlights http://www.gao.gov/highlights/d0351high.pdf What GAO Recommends GAO continues to recommend that the Secretary of Defense develop a comprehensive, crossservice strategy to close the gap between DOD's suppression capabilities and needs. In addition, an effective coordinating entity is needed to develop and monitor implementation of the strategy. In answer to a draft of GAO's report, DOD concurred with its recommendations. Staff changes are being made to address crosscutting issues, and an integrated product team process established to form a comprehensive approach to the electronic warfare mission. ... In conducting military operations, U.S. aircraft are often at great risk from enemy air defenses, such as surface-to-air missiles. The services use specialized aircraft to neutralize, destroy, or temporarily degrade enemy air defense systems through either electronic warfare or physical attack. ... ... According to DOD, countries have sought to make their air defenses more resistant to suppression. ... ... However, according to the Defense Intelligence Agency, these aircraft were unable to destroy their integrated air defense system because Yugoslav forces often engaged in elaborate efforts to protect their air defense assets. ... ... Since our January 2001 report,5 the services have had some success in improving their suppression capabilities, but they have not reached a level needed to counter future threats. ... ... The Air Force recently upgraded the HARM Targeting System and is procuring additional systems. The upgrade (known as R-6) provides better and faster targeting information to the missile, but even with this pod the F-16CJ still lacks some of the capabilities of the retired F-4G. ... ... The services have already identified serious reliability problems with current self-protection systems on U.S. combat aircraft, including jammers, radar warning receivers, and countermeasures dispensers. Most of the current systems use older technology and have logistics support problems due to obsolescence. Also, as we reported last year,7 the selfprotection systems on strike aircraft may have more problems than the services estimate. ... ... The services have initiated additional research and development efforts to improve their ability to suppress enemy air defenses, but they face technology challenges and/or a lack of funding priority for many of these programs. ... ... The air defense suppression mission continues to be essential for maintaining air superiority. Over the past several years, however, the quantity and quality of the services' suppression equipment have declined while enemy air defense tactics and equipment have improved. DOD has recognized a gap exists in suppression capabilities but has made little progress in closing it. In our view, progress in improving capabilities has been hampered by the lack of a comprehensive strategy, cross-service coordination, and funding commitments that address the overall suppression needs. DOD relies on individual service programs to fill the void, but these programs have not historically received a high priority, resulting in the now existing capability gap. We continue to believe that a formal coordinating entity needs to be established to bring the services together to develop an integrated, cost-effective strategy for addressing overall joint air defense suppression needs. A strategy is needed to identify mission objectives and guide efforts to develop effective and integratedsolutions for improving suppression capabilities. ... Recommendations for Executive Action ... To close the gap between enemy air defense suppression needs and capabilities, we recommend that the Secretary of Defense establish a coordinating entity and joint comprehensive strategy to address the gaps that need to be filled in the enemy air defense suppression mission. The strategy should provide the means to identify and prioritize promising technologies, determine the funding, time frames, and responsibilities needed to develop and acquire systems, and establish evaluation mechanisms to track progress in achieving objectives. ... IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
[INFOCON] - CERT Summary CS-2002-04
CERT Summary CS-2002-04 November 26, 2002 Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT Summary to draw attention to the types of attacks reported to our incident response team, as well as other noteworthy incident and vulnerability information. The summary includes pointers to sources of information for dealing with the problems. Past CERT summaries are available from: CERT Summaries http://www.cert.org/summaries/ __ Recent Activity Since the last regularly scheduled CERT summary, issued in August 2002 (CS-2002-03), we have seen trojan horses for three popular distributions, new self-propagating malicious code (Apache/mod_ssl), and multiple vulnerabilities in BIND. In addition, we have issued a new PGP Key. For more current information on activity being reported to the CERT/CC, please visit the CERT/CC Current Activity page. The Current Activity page is a regularly updated summary of the most frequent, high-impact types of security incidents and vulnerabilities being reported to the CERT/CC. The information on the Current Activity page is reviewed and updated as reporting trends change. CERT/CC Current Activity http://www.cert.org/current/current_activity.html 1. Apache/mod_ssl Worm Over the past several months, we have received reports of a self-propagating malicious code that exploits a vulnerability (VU#102795) in OpenSSL. Reports received by the CERT/CC indicate that the Apache/mod_ssl worm has already infected thousands of systems. Over a month earlier, the CERT/CC issued an advisory (CA-2002-23) describing four remotely exploitable buffer overflows in OpenSSL. CERT Advisory CA-2002-27 Apache/mod_ssl Worm http://www.cert.org/advisories/CA-2002-27.html CERT Advisory CA-2002-23 Multiple Vulnerabilities in OpenSSL http://www.cert.org/advisories/CA-2002-23.html Vulnerability Note #102795 OpenSSL servers contain a buffer overflow during the SSL2 handshake process http://www.kb.cert.org/vuls/id/102795 2. Trojan Horse Sendmail Distribution The CERT/CC has received confirmation that some copies of the source code for the Sendmail package have been modified by an intruder to contain a Trojan horse. These copies began to appear in downloads from the FTP server ftp.sendmail.org on or around September 28, 2002. On October 8, 2002, the CERT/CC issued an advisory (CA-2002-28) describing various methods to verify software authenticity. CERT Advisory CA-2002-28 Trojan Horse Sendmail Distribution http://www.cert.org/advisories/CA-2002-28.html 3. Trojan Horse tcpdump and libpcap Distributions The CERT/CC has received reports that some copies of the source code for libpcap, a packet acquisition library, and tcpdump, a network sniffer, have been modified by an intruder and contain a Trojan horse. These modified distributions began to appear in downloads from the HTTP server www.tcpdump.org on or around Nov 11, 2002. The CERT/CC issued an advisory (CA-2002-30) listing MD5 checksums and official distribution sites for libpcap and tcpdump. CERT Advisory CA-2002-30 Trojan Horse tcpdump and libpcap Distributions http://www.cert.org/advisories/CA-2002-30.html 4. Multiple Vulnerabilities in BIND The CERT/CC has documented multiple vulnerabilities in BIND, the popular domain name server and client library software package from the Internet Software Consortium (ISC). Some of these vulnerabilities may allow a remote intruder to execute arbitrary code with privileges of the the user running named (typically root). Several vulnerabilities are referenced in the advisory; they are listed here individually. CERT Advisory CA-2002-31 Multiple Vulnerabilities in BIND http://www.cert.org/advisories/CA-2002-31.html Vulnerability Note #852283 Cached malformed SIG record buffer overflow http://www.kb.cert.org/vuls/id/852283 Vulnerability Note #229595 Overly large OPT record assertion http://www.kb.cert.org/vuls/id/229595 Vulnerability Note #581682 ISC Bind 8 fails to properly dereference cache SIG RR elements invalid expiry times from the i
[INFOCON] - NIPC Daily Open Source Report for 27 November 2002
National Infrastructure Protection Center NIPC Daily Open Source Report for 27 November 2002 Daily Overview . Internet Security Systems has lowered its AlertCon Internet threat indicator to Level 1, which warrants routine security. (See Internet Alert Dashboard) . CERT announces Advisory CA-2002-34: Buffer Overflow in Solaris X Window Font Service, which could allow an attacker to execute arbitrary code or cause a denial of service. (See item 11) . According to ZDNet News, an Internet attack flooded domain name manager UltraDNS with a deluge of data late last week, causing administrators to scramble to keep up and running the servers that host .info and other domains. (See item 12) . According to the Toronto Star, the outbreak of a highly infectious virus, believed to be the Norwalk virus, has shut down a Toronto hospital's emergency room. (See item 14) . Reuters reports the Philippine government said Tuesday it has banned imports of ammonium nitrate, and will phase out its use by farmers within six months, since the widely available fertilizer is being used by militants to make bombs. (See item 13) NIPC Daily Report Fast Jump [click to jump to section of interest] Power Banking & Finance Transportation Gas & Oil Telecommunications Food Water Chemical Emergency Law Enforcement Government Operations Information Technology Cyber Threats and Vulnerabilities Internet Alert Dashboard General NIPC Information Power Sector 1. November 26, Associated Press - Electric cable damage worse than thought. Utility officials say damage done to underwater power cables in Long Island Sound is worse than first thought. Divers working over the weekend discovered that two more underwater power cables had been severed when a drifting barge dragged its anchor across them. Utility and environmental officials also said an oil-like sheen has been sighted on the water near the site where the cables have been leaking insulating fluid. The Long Island Power Authority shares ownership of the cable with Northeast Utilities (NU). NU spokesman Frank Poirot said all seven cables had been severed during a similar December 1996 incident in which a barge dragged its anchor across the conduits. The repairs in that incident, which Poirot said cost millions of dollars, took almost a year to complete. Source: http://www.newsday.com/news/local/longisland/ny-cable1126,0,7793125.stor y?coll=ny-linews-headlines Current Electricity Sector Threat Alert Levels: Physical: ELEVATED, Cyber: ELEVATED Scale: Low, Guarded, Elevated, High, Severe [Source: ISAC for the Electricity Sector (ES-ISAC) - http://esisac.com] [return to top] Banking and Finance Sector Nothing to report [return to top] Transportation Sector 2. November 26, U. S. Department of State - President Bush signs port security bill into law. President Bush signed into law November 25 a bill aimed at improving security at U.S. seaports and preventing terrorists from using the maritime transportation system to mount attacks on the United States. The "Maritime Transportation Security Act" will strengthen security through the required development of security plans for ports and an improved identification and screening system of port personnel, President Bush said in a prepared statement. Source: http://usinfo.state.gov/cgi-bin/washfile/display.pl?p=/products/washfile /latest&f=02112601.clt&t=/products/washfile/newsitem.shtml 3. November 25, Port of Los Angeles - Los Angeles mayor signs landmark port security agreement. On Tuesday, the last day of his Asian tourism and trade mission, Los Angeles Mayor Jim Hahn signed a major agreement to initiate a Port of Los Angeles international container security program. "This agreement will elevate security standards for containers moving between Hong Kong and Los Angeles," said Mayor Hahn. Mayor Hahn signed a Memorandum of Understanding (MOU) with Modern Terminals Limited Managing Director Erik Bogh Christensen to test new security enhancements - including tamper-proof locks and other security systems - for Port of Los Angeles-bound cargo before leaving for the United States. The agreement with Modern Terminals is significant because Hong Kong is the largest port in the world and is the largest point of embarkation for goods being shipped to Los Angeles, the busiest port in the U.S. Approximately one-third of the Hong Kong cargo bound for Los Angeles is processed by Modern Terminals. The pilot project will be partially funded by a congressional appropriation through the U.S. Department of Transportation under the "Operation Safe Commerce" program. Source: http://biz.yahoo.com/bw/021125/250481_1.html 4. November 23, Scripps Howard News Service - DOT says 'hazmat' cargo label may draw terrorists. Concerned that terrorists might use hazardous-materials warning signs as readily as emergency workers, federal officials are looking for more secure ways of identifying
[INFOCON] - (HS) New Security Department Reinforces NORTHCOMMission
Department of Defense Homeland Security http://www.defenselink.mil/specials/homeland/ -Original Message- From: DEFENSE PRESS SERVICE LIST On Behalf Of Press Service Sent: 26 November 2002 22:18 To: [EMAIL PROTECTED] Subject: New Security Department Reinforces NORTHCOM Mission By Master Sgt. Bob Haskell Special to the American Forces Press Service The National Guard has given the U.S. Northern Command a base that it can build on, one of that new organization's high- ranking officers said recently. Furthermore, the new Cabinet-level Department of Homeland Security will reinforce the Northern Command's mission of safeguarding this country, Air Force Maj. Gen. Dale Meyerrose maintained during a Nov. 13 summit on homeland security. President George W. Bush signed the legislation creating the new department on Nov. 25. Meyerrose is the director of architectures and integrations for the Northern Command that was stood up at Peterson Air Force Base in Colorado Springs, Colo., on Oct. 1. He is also director for command control systems at the North American Aerospace Defense Command's headquarters at Peterson. He is the chief information officer for both commands. Meyerrose is responsible for creating the communications and informational architecture so that Northern Command personnel can support and share information with civil authorities, including the FBI and the Federal Emergency Management Agency, when directed by the president and the secretary of defense. "I think it will only make our job easier," Meyerrose told reporters about the new Homeland Security Department that President George W. Bush has championed in the wake of the terrorist attacks of Sept. 11, 2001. The U.S. House of Representatives approved 299-121 on Nov. 13; the Senate decisively endorsed the homeland security bill 90-9 on Nov. 19. "It provides an organization at the national level which links what we do in the Department of Defense with other departments and, hopefully, down to the states and other jurisdictions," explained Meyerrose, one of the keynote speakers during the summit organized. The new department will include all, or parts of, 22 separate federal agencies, including Customs, the Coast Guard and the FEMA, in the largest governmental reorganization since the Department of Defense was formed in 1947. It will help, Meyerrose said, because "a lot of architecture, constructs and concepts of operation that need to be put in place are beyond the scope of the Department of Defense and Northern Command. That's where the Department of Homeland Security, of which we will be a supporting part, will come in handy." Nearly 200 people attended the conference, which explored ways in which computer-driven technology can help numerous agencies protect the United States. It is critical for all federal, state and local agencies to be able to communicate quickly so information can be transformed into action should this country be attacked again, Meyerrose and other speakers insisted. The challenge, Meyerrose explained, is finding the best way to transform a voice report from an emergency responder who is first on the scene of a terrorist attack or natural disaster into a digital format that provides reports to all coordinating agencies. "I need to change my foundation from 'need to know' to 'need to share'" without compromising the security of sensitive information that could help an enemy, observed Meyerrose, an Air Force Academy graduate who has been a communications officer for 27 years. "We must be able to move secret information from trusted environment to trusted environment," he added. The Northern Command, commanded by Air Force Gen. Ralph Eberhart, is primarily responsible for protecting the continental United States and its contiguous waters, from the Aleutian Islands in the Pacific Ocean to Puerto Rico and the U.S. Virgin Islands in the Caribbean, from external threats and attacks, Meyerrose stressed. It is also prepared, when ordered by the president or secretary of defense, to support a lead federal agency in case civil authorities cannot deal with a catastrophic domestic event such as the terrorist attacks against the World Trade Center and the Pentagon on Sept. 11, 2001. That is when it is critical for Northern Command to be able to communicate with the FBI or FEMA, Meyerrose added. "It is our belief that the unity of command embodied by NORTHCOM will allow this country to raise that capability to a new height," he said. Meyerrose said that he and his Northern Command colleagues would strive to improve the informational architecture by coordinating communications systems that already exist and by improving on procedures that are already in place. The National Guard already has established procedures that will help, he said, because 26 of the adjutants general in the 54 states and territories already serve in dual capacities as state military leaders and state emergency managers. "They have lots of exis
[INFOCON] - JMU : R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe/ see also: http://www.jmu.edu/computing/security/ R.U.N.S.A.F.E. Did you know that with one wrong mouse click you could make it possible for someone to read all your email, documents, or instant messages? That they could also view your grades, online bank accounts, or change your course schedule? That they could read or change anything on your computer? Or anything accessed from it? That they could turn on your computer's microphone to listen in on conversations? That they could use your computer for a computer crime for which you may be blamed? Did you know a newly installed Windows XP, 2000, NT, or Linux computer is likely vulnerable to the same type of compromise just by being attached to the network? Did you know several such incidents have occurred on computers at JMU...from Windows 95 and Macintosh desktops to Windows NT and Unix servers? That they've been used to attack other computers and divulge information? Did you know all our computers are scanned constantly from around the world by people hoping to take advantage of them? Did you know that your behavior impacts your neighbors' security and their behavior yours? The Internet, paired with today's software, provides us astonishing capabilities for sharing and communication. However, these same capabilities also provide access and computer power to more than 300 million people around the world...some of whom may not share our behavioral expectations. Examples, such as random acts of vandalism, can be found in any local newspaper. The threats associated with online folks' behavior are very different from similar threats in the physical world. Using the same freedom and functionality we treasure, they can communicate with our computers almost instantaneously, almost anonymously, and en masse from around the world. They don't even need to be a computer expert. It only takes one person to write a destructive program to enable many people without technical knowledge to cause problems, just as all of us use word processors and web browsers without knowing how they work or being able to write one ourselves. While the risks associated with these threats can be decreased by limiting communications, limiting computer functionality, and increasing the complexity involved with our computing environment, they can't be eliminated because security is never absolute. Moreover, the more we wish to maintain our current freedom in communications and computing, the more necessary it is that we individually take steps to take care of ourselves and reduce the need for outside controls and limitations. The only person ultimately in control of a computer is the operator in front of the keyboard. That person presently has the freedom to run any software he or she wants and communicate with anyone around the world. Each of us must do his or her part to help ensure the integrity of our network by operating our computers safely. Our computers can do almost anything we tell them to do. Unfortunately, this versatility makes them very complicated. A certain amount of awareness and skill is necessary to operate such a complicated device safely on a world wide network. The goal of the R.U.N.S.A.F.E. program is to help you attain the knowledge and skills necessary for safely operating an Internet connected computer. The information and associated steps listed on this page are key components to everyone's online security. Everyone should understand them and be able to take the actions described. R.U.N.S.A.F.E. workshops are offered once per semester that describe the incidents we've seen at JMU, the threats we're exposed to, and that teach the defensive concepts and procedures described here. Onsite workshops are also available to groups. (contact Gary Flynn to schedule one). Click here to download the RUNSAFE workshop PowerPoint presentation. If you don't have PowerPoint, you can get a free viewer from Microsoft here. A sixteen minute RUNSAFE awareness video is available. It can be downloaded here. The material is copyrighted by Jim Blackburn but may be used for educational purposes. The file is 161 MB in size. R.U.N.S.A.F.E. Goal for All Computer Operators on the JMU network: Understand the material on this page. Run anti-virus software and update it weekly. Preferably the campus supported Norton Anti-virus. Treat email attachments and other unknown programs with caution. Use the Windows Update Site on every new installation and monthly thereafter. Choose strong passwords for your own desktop and on servers which you may use and keep them confidential. Use care if you enable Microsoft File Sharing. Visit the Hot Topics! page at least monthly. For all server operators (Windows/Unix/Mac/Whatever) and all unix desktop operators: Set up new computers with the network cable disconnected. Turn off all services running on the newly installed computer. Connect to network and download and install patches. Turn on onl