[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-038 Date: 15 April2002

[Wanja Eric Naef [IWS]]

DAILY BRIEF Number: DOB02-038 Date: 15 April 2002

NEWS

TransCanada Pipeline Explodes in Manitoba
A section of the TransCanada pipeline exploded on Sunday night near
Brookdale, Manitoba. The natural gas explosion and ensuing fire led
authorities to evacuate the few homes that were within an eight kilometer
radius of the incident. The fire was brought under control within two hours.
The cause of the explosion is still under investigation. (Source: The Globe
and Mail, 15 April 2002)
www.globeandmail.com

Oil Spill in Detroit and Rouge Rivers
The Great Lakes have been impacted by the largest oil spill in a decade.
More than 10,000 gallons (37,800 litres) of oil has spilled into the Detroit
and Rouge Rivers since Wednesday. The source of the spill is being
investigated. (Source: The Ottawa Citizen, 15 April 2002)
http://www.canada.com/ottawa/ottawacitizen/

Comment: At least 27 kilometers of Canadian and American coastline have been
impacted by the spill.

ICANN Convenes Industry-Heavy Security Panel
The Internet Corporation for Assigned Names and Numbers (ICANN) has brought
together industry leaders in a standing security committee. The board will
provide threat assessments for domain name servers (DNS), monitor the
security of physical and electronic components that comprise DNS and make
security recommendations to ICANN. (Source: Newsbytes, 12 April 2002)
www.newsbytes.com


IN BRIEF

Lieberman to Introduce New Homeland Defence Bill
The Government Computer News reports that Senator Joseph Lieberman plans to
introduce a bill that would place the Critical Infrastructure Assurance
Office and the National Infrastructure Protection Center under a new
Homeland Security Department. (Source: Government Computer News, 15 April
2002)
www.gcn.com

Murdoch Company Leaked Codes
The Financial Times reports that NDS, a software subsidiary of Rupert
Murdoch's pay-television empire, directed an employee to leak secret codes
belonging to its closest rival to Internet pirates. Canal Plus and ITV
Digital are claiming hundreds of millions of pounds in lost revenues from
the piracy that allowed hackers to access films, sports and other content
free. (Source: The Financial Times, 11 April 2002)
http://news.ft.com

Greatest Threat to E-Business Security from Eastern Europe and Russia
The former head of data security for NATO's European HQ stated that the most
significant threat to e-business security is now coming from teams of ex-KGB
computer specialists working out of eastern Europe and Russia, according to
a Sunday Tribune article cited by the Overseas Security Advisory Council.
(Source: The Overseas Security Advisory Council, 11 April 2002)
www.ds-osac.org


CYBER UPDATES
See: What's New for the latest Alerts, Advisories and Information Products

Threats

Trend Micro reports on VBS_VCARD.A, which is a virus that appears as an
electronic greeting card. It uses a message entered by the user and sends
itself to MS Outlook addresses with the subject line You have a special
Vcard and a random attachment taken from the infected system's Hard Drive
including: vcrd01.vcrd, vcrd02.vcrd, vcrd03.vcrd and vcards.vbs
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_VCARD.A


Sophos Anti-Virus reports on W32/MyLife-J, which is a virus that sends
itself to MS Outlook addresses with the subject line sexyy Screen Saver
and the attachment usa.scr.
http://sophos.com/virusinfo/analyses/w32mylifej.html


Symantec reports on VBS.Resreg@mm, which is a virus that sends itself to MS
Outlook addresses with the subject line Free Access To Thousands Of MP3
and the attachment Freemp3s.vbs
http:[EMAIL PROTECTED]

Vulnerabilities

SecurityFocus reports on multiple vulnerabilities in Microsoft Internet
Information Server. For technical information on these vulnerabilities, go
to the SecurityFocus link listed below and select Microsoft for the
vendor.
http://online.securityfocus.com/cgi-bin/vulns.pl?section=vendor


SecurityFocus reports on a vulnerability in ASP-Nuke, which could cause the
host to return sensitive system information. A user may modify their
authentication cookie in such a way that, upon submitting the cookie, the
host will return a list of all currently logged in users or the path to the
web root. Click on the solution tab for patch information.
http://online.SecurityFocus.com/cgi-bin/vulns-item.pl?section=discussionid=
4489


SecurityFocus reports on a vulnerability in ASP-Nuke that does not
sufficiently sanitize potentially malicious characters, such as HTML tags,
from user profile pages. As a result, it may be possible to insert arbitrary
script code. The script will execute when the malicious profiles are viewed.
Click on the solution tab for patch information.
http://online.SecurityFocus.com/cgi-bin/vulns-item.pl?section=discussionid=
4481


SecurityFocus provides a report on vulnerabilities in SNMP request and trap
handling which could result in a denial-of-service, service interruptions
and unauthorized access.

[INFOCON] - News 04/17/02

[Wanja Eric Naef [IWS]]

_

  London, Wednesday, April 17, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_

   IWS Sponsor

  National Center for Manufacturing Sciences
  http://www.ncms.org
 host of the
 InfraGard Manufacturing Industry Association
  http://trust.ncms.org
_


  
  [News Index]
  

[1] UK plc reamed online
[2] Argentina rules in favour of hackers
[3] Hackers target Israel
[4] Handhelds now target of virus attacks
[5] (Hungary) New internet legislation outlaws all hacking

[6] Technology: Web site privacy system approved
[7] Net thieves caught in action
[8] Companies watch employees' instant messages
[9] Chipmaker says Microsoft antitrust sanctions would set industry back 20
years
[10] IBM drops Internet patent bombshell

[11] FTC accues 11 online firms of Net fraud
[12] Privacy Worries, Net Activism Top Privacy Show Agenda
[13] The Buck Stops Where?
[14] McAfee Launches SecurityCenter
[15] Can you trust an ethical hacker?

[16] Internet Security Systems profit, revenues fall
[17] Airport security has nowhere to go but up, experts say

_

News
_


[1] UK plc reamed online
By John Leyden
Posted: 16/04/2002 at 11:22 GMT

A lack of investment in security systems is allowing British companies to
fall victim to increasing severe security breaches.

That's the main finding of the Department of Trade and Industry's (DTI)
annual Information Security Breaches Survey, which concludes that the
average cost of a security breach is ?30,000, with several companies
reporting incidents which cost more than ?500,000.

The survey, led by PricewaterhouseCoopers on behalf of the DTI, shows that
three-quarters of UK businesses believe that they hold sensitive or critical
information, but only one-quarter have a security policy in place to protect
it.

http://www.theregister.co.uk/content/55/24870.html

http://news.zdnet.co.uk/story/0,,t269-s2108453,00.html

 

[2] Argentina rules in favour of hackers

Computer hackers may be the scourge of the digital age, hunted down by
police across borders, but in Argentina they have found an unlikely ally -
the very justice system they scorned.

Warning of a dangerous legal void making digital crimes hard to prosecute,
a judge has ruled that hacking is legal by default in Argentina. The
decision came in the case of cyberpirates who defaced the Supreme Court's
Web page.

Arguing that the law only covered crimes on people, things and animals and
not digital attacks, a federal court declared several Argentines known as
X-Team innocent of charges they broke into the high court's Web page to
accuse judges of covering up a human rights case.

http://www.thisislondon.co.uk/dynamic/news/story.html?in_review_id=17

http://www.theregister.co.uk/content/6/24877.html

 

[3] Hackers target Israel

By James Middleton [16-04-2002]

Middle East conflict moves into cyber space

The conflict in the Middle East is being fought in cyberspace as well as on
the ground, showing that hacking is developing into a recognised form of
international warfare, according to a leading security analyst.

http://www.vnunet.com/News/1130941

 

[4] Handhelds now target of virus attacks
By Tom Venetis, posted Apr 16, 2002

 As wireless handheld devices continue to grow in popularity among
consumers, they are also becoming increasingly popular targets for virus
writers and hackers.

Although there have only been twelve reported cases of viruses that
specifically target handheld devices such as mobile phones and PDAs, many
are predicting that it will only be a short time before many more wireless
viruses begin making an appearance.

http://www.canadacomputes.com/v3/story/1,1017,8377,00.html?tag=81sb=121

 

[5] New internet legislation outlaws all hacking

by Mr. Robert Smyth

New amendments to Hungary's laws on internet crime have drawn criticism from

[INFOCON] - NIPC Daily Report 18 Apr 2002

[Wanja Eric Naef [IWS]]

NIPC Daily Report 18 April 2002

The NIPC Watch and Warning Unit compiles this report to inform 
recipients of issues impacting the integrity and capability of the 
nation's critical infrastructures.

Power blackouts could stop flow of water in valley.  A dispute between 
power and water utility companies in southern Nevada could lead to power 
blackouts this summer.  Public water agencies are opposed to a $922 
million power rate increase that they say would drive up the cost of 
providing water service to 800,000 people in the Las Vegas Valley. 
Nevada Power is concerned that there isn't enough power supply to meet 
demand, and warns that rolling blackouts are a possibility.  A water 
district deputy general manager said reliable power is critical to 
reliable water delivery.  Nevada Power claims water customers, 
including water service to fire hydrants, will never be in danger, and 
that the Southern Nevada Water Authority is considered a 'critical 
customer' that will not feel the effects of any power interruptions. 
(lasvegassun.com, 15 Apr)

Cities struggling to fix sewer systems. Every day it rains or snows, 772 
of the nation's older cities and towns face a health and environmental 
threat from outdated systems known as CSOs, for combined sewer 
overflows, single-pipe sewers that move both sewage and storm water to 
treatment plants. Their brick-lined sewers were built in the late 1800s 
and early 1900s, before the age of indoor plumbing, to prevent streets 
from flooding during downpours. In later years as toilets, sinks and 
bathtubs were added to homes, the waste was funnelled into the same 
storm sewers.  The federal government in the 1970s required cities to 
lay separate storm and sewer lines. By then, hundreds of cities were 
left with sewers that work fine in dry conditions, but overflow into 
rivers and streams during wet weather with bacteria-laced discharges 
that kill fish, fuel algae blooms that taint waterways green, and leave 
a sickening smell.  Now communities are struggling with a federal 
mandate to fix their systems - improvements that come with a high price 
tag but scant federal funds to help pay for them. The US Environmental 
Protection Agency estimates that it will take about $45 billion in new 
construction to address the problem over the coming years. (Associated 
Press, 17 Apr)

Some airports will not get explosive detection machines by year's end. 
The undersecretary for transportation security told Congress on 17 April 
that airports without explosive detection machines at year's end will 
have checked luggage inspected by handheld equipment.  While equipment 
will vary, ''all airport facilities will have comparable security.'' 
Some airports will use a combination of minivan-sized explosive 
detection machines and trace-detection devices. Other airports will have 
the handheld equipment that detects traces of explosive material. The 
explosive detection and the trace machines are the only equipment that 
will enable the nation's 429 commercial airports to meet a 31 December 
deadline for having all bags checked by machine for explosives. 
(Associated Press, 17 Apr)

TVA reaches seams agreement with MISO. The Tennessee Valley Authority 
says it has reached agreements with neighboring electricity systems to 
allow seamless wholesale power trading across a vast section of the 
Southeast and Midwest. TVA said the so-called seams agreements were 
struck with the Midwest Independent Transmission System Operator and two 
large utilities in the South, the Southern Co. and Energy Corp. The FERC 
has strongly encouraged TVA to participate in RTO-development 
discussions in the region involving investor-owned utilities, 
municipally owned utilities, and rural electric cooperatives.  TVA said 
it is continuing efforts to develop a Public Power Regional 
transmission Grid with such potential partners as East Kentucky Power 
Cooperative, Associated Electric Cooperative Inc. and Big Rivers 
Electric Corp. (Energy Info Source, 17 Apr)

Entergy considering new nuclear plant. Entergy Corp. has notified the 
federal Nuclear Regulatory Commission that it is considering building a 
nuclear power plant in Port Gibson, Miss.  Entergy Nuclear, a subsidiary 
of the New Orleans-based utility, on 16 April, became the third company 
to notify the federal Nuclear Regulatory Commission of plans to seek an 
``early site permit'' for a new nuclear plant.  The company said nuclear 
energy is an alternative to natural gas, which fuels most of the 
country's newest power plants. `Having the nuclear option available is 
in the best interest of our power consumers, Entergy and the nation's 
energy independence,'' the company said. Entergy began considering 
building a nuclear plant a year ago after a severe shortage of natural 
gas sent the price of natural gas-generated electricity soaring. The 
application will take about a year to prepare and cost the nuclear 
subsidiary about $9 million, including 

[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-042 Date: 18 April2002

[Wanja Eric Naef [IWS]]

DAILY BRIEF Number: DOB02-042 Date: 18 April 2002

NEWS

OCIPEP Issues Advisory - New Variant of Klez.A
OCIPEP issued Advisory AV02-020 to bring attention to a new version of the
worm W32.Klez.A@mm, which was first discovered on 25 October 2001. This new
variant of Klez is currently spreading through Europe and the U.S.

Comment: For more information, go to:
http://www.ocipep-bpiepc.gc.ca/emergencies/advisories/AV02-020_e.html

Canada Opts Out of American Plan to Defend Continent
The Canadian government has announced that, for the moment, it will not join
the U.S.-led North American defence plan and will remain responsible for its
own defence. U.S. Defense Secretary Donald Rumsfeld announced yesterday the
creation of a new military zone stretching from the Canadian Arctic to
southern Mexico. Senior Canadian and U.S. military officials have been
putting pressure on the Canadian government to join the Northern Command.
Foreign Affairs Minister Bill Graham, however, has suggested that Canada
could join at a later date and that Ottawa is content, for now, to limit its
role in continental defence to NORAD. (Source: Globe and Mail, 18 April
2002)
http://www.theglobeandmail.com/

Four Canadian Soldiers Killed in Afghanistan
A U.S. fighter jet mistakenly bombed Canadian soldiers during a live-fire
training exercise in Afghanistan, killing four and wounding eight. (Source:
Globe and Mail, 18 April 2002)
http://www.theglobeandmail.com/

IN BRIEF

Bush Warns of More Terror Attacks
While addressing military cadets, President Bush predicted that there will
be an increase in terrorist activity as bin Laden's network tries to regroup
and strike again. (Source: NanadoTimes, 17 April 2002)
http://www.nandotimes.com/

One Alert System Seen As Ineffective
A commentary by ZDNet argues that no single alerting system, such as the one
recently unveiled by the Office of Homeland Security, is up to the task of
describing the myriad of different cyber threats. (Source: ZDNet, 17 April
2002)
http://zdnet.com.com/

Survival in an Insecure World
David A. Fisher, a researcher with the Computer Emergency Response Team
(CERT) at Carnegie Mellon University, has developed Easel, a new computer
language that allows the simulation of unbounded systems even when given
incomplete information about their state. The aim is to develop
infrastructure systems that continue to perform in the face of cyber
attacks. (Source: Scientific American, Issue: May 2002)
http://www.scientificamerican.com/

Businesses First Line of Defence in Battling Cybercrime
The head of a U.S. government task force has called on U.S. companies to act
as the first line of defence against cyber terrorists and criminals, by
investing heavily in the protection of their computer networks. (Source:
Jacksonville.com, 17 April 2002)
http://www.jacksonville.com/

CYBER UPDATES
See: What's New for the latest Alerts, Advisories and Information Products

Threats

Trendmicro provides a report on WORM_KLEZ.G, which is a modified variant of
the worm WORM_KLEZ.G. It uses SMTP to propagate via email and is capable of
spreading via shared drives/folders with read/write access. The subject line
and body of the email may be randomly composed. The email receiver does not
need to open the attachment for it to execute due to a known vulnerability
in Internet Explorer-based email.
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.G

Comment: OCIPEP has released Advisory AV02-020 regarding Klez.H and Klez.G.
Please see the News section or go to:
http://www.ocipep-bpiepc.gc.ca/emergencies/advisories/AV02-020_e.html
Vulnerabilities

SecurityFocus reports on a vulnerability in StepWeb Search Engine (SWS). A
remote attacker could guess the location of the admin web page and gain
access to admin functions thus enabling the addition of arbitrary search
entries or access to search logs. No patch is available as of yet.
http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussionid=
4503


SecurityFocus reports on a vulnerability in SunShop that allows remote
attackers to embed arbitrary script code into form fields. This may enable a
remote attacker to perform actions as the administrative user of the
shopping cart. View the solutions tab for patch information.
http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussionid=
4506


SecurityFocus reports on a vulnerability in Melange Chat System that could
allow a local attacker to initiate a buffer overflow. View the solutions
tab for patch information.
http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussionid=
4509


SecurityFocus reports on a vulnerability in ICQ. If a remote user attempts
to access a malformed .hpf file (a file specific to ICQ that is created when
a new user registers), ICQ will crash. No patch is available as of yet.
http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussionid=
4514


SecurityFocus reports on a vulnerability in Burning Board. A remote 

[INFOCON] - GAO Information Security

[Wanja Eric Naef [IWS]]

[Interesting. WEN]

Information Security:  Subcommittee Post-Hearing Questions
Concerning the Additional Actions Needed to Implement Reform
Legislation.  GAO-02-649R, April 16.

http://www.gao.gov/cgi-bin/getrpt?GAO-02-649R



IWS INFOCON Mailing List
 IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - No INFOCON for at least a while

[Wanja Eric Naef [IWS]]

Dear All,

Due to lack of time and funding the INFOCON list 
will be suspended until further notice (It might continue 
at the beginning of June depending on whether we will be 
able to sort out our finances till then, ...).

Regards,

WEN

Wanja Eric Naef
Webmaster  Principal Researcher
IWS - The Information Warfare Site
http://www.iwar.org.uk





IWS INFOCON Mailing List
 IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - News 05/27/02

[Wanja Eric Naef [IWS]]

_

  London, Monday, May 27, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_

   IWS Sponsor

  National Center for Manufacturing Sciences
  http://www.ncms.org
 host of the
 InfraGard Manufacturing Industry Association
  http://trust.ncms.org
_


  
  [News Index]
  

[1] Face recognition kit fails in Fla airport
[2] Qwest Glitch Exposes Customer Data
[3] Navy Domain Hijacked By German Pornography Site
[4] Football e-mails could hide viruses
[5] Hackers gain entry to key state database

[6] State CIOs aid White House in homeland security plan
[7] Experian, Ford Still Unsure How Hacker Stole 13,000 Credit Reports
[8] DARPA developing killer tech
[9] Intrusion-detection net revived
[10] Waiting for Wi-Fi: Europeans trail U.S. in wireless Net hubs

[11] EU probes Microsoft over privacy law
[12] Tips from a cyberterrorism expert
[13] Regents OK AM security, computer centers
[14] (UK) Government plans national strategy to fight cybercrime
[15] (South Korea) Daum Files Suit Against Spammers

[16] Spammers threaten UK Net user
[17] Senate OKs stripped-down version of bioterrorism bill

_

News
_


[1] Face recognition kit fails in Fla airport
By Thomas C Greene in Washington
Posted: 27/05/2002 at 08:02 GMT

Palm Beach International Airport security workers would be racking up heaps
of overtime pay dealing with more than fifty false positives daily if their
bosses were to install Visionics' terror-busting face recognition gear, the
airport administrators have concluded.

The kit had been installed free of charge for a trial run. The airport, not
surprisingly, decided to test it on volunteers who work there over four
weeks. Using fifteen volunteers and a data base of 250 snapshots, Palm Beach
County administrators enjoyed a success rate of less than fifty per cent.
That is, more than half the people the kit should have flagged slipped past
undetected.

http://www.theregister.co.uk/content/55/25444.html

Biometric sensors beaten senseless in tests
http://www.theregister.co.uk/content/55/25400.html

The ACLU obtained a copy of the Palm Beach report and has posted it here.
http://www.aclu.org/issues/privacy/FaceRec_data.pdf

 

[2] Qwest Glitch Exposes Customer Data

Critics say the phone company took too long to close a hole that left some
long-distance phone bills and subscriber credit card numbers accessable to
anyone.
By Kevin Poulsen, May 23 2002 3:30PM

Telecom giant Qwest Communications acknowledged Thursday that a glitch in
its Web-based paperless billing system left some long-distance customer
records exposed for over a week.

Qwest offers long-distance customers a price break if they forgo printed
statements and pay their bills with a credit card though the company's Web
site. Subscribers who avail themselves of the service are offered a choice
of logging in with a phone number and calling card PIN, or a user-specified
name and password.

http://online.securityfocus.com/news/431

 

[3] Navy Domain Hijacked By German Pornography Site
By Brian McWilliams, Newsbytes May 23 2002 3:59PM

Due to a domain registration snafu, two Internet addresses used by the U.S.
Navy for recruiting new sailors have recently been commandeered by other
sites, including a pornography site.

Since late April, visitors to NavyDallas.com, formerly the home page of the
Navy's Dallas recruiting district, have been redirected to
How-to-find-porn.com, a portal that features links to numerous hardcore
pornography sites.

http://online.securityfocus.com/news/434

 

[4] Football e-mails could hide viruses

Could David Beckham inspire the next virus attack?

With the World Cup about to kick off, virus experts have warned computer
users to be on their guard against infection.
With millions of people using e-mail and the internet to keep up to date
with the soccer action, anti-virus firm Sophos says screensavers,
spreadsheets 

[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-068 Date: 27 May 2002

[Wanja Eric Naef [IWS]]

OCIPEP DAILY BRIEF Number: DOB02-068 Date: 27 May 2002

OCIPEP Issues Paper on Mobile Telephone Services

OCIPEP recently issued a paper entitled Commercial Mobile Telephone
Services and the Canadian Emergency Management Community: Prospects and
Challenges for the Coming Decade. The paper discusses the use of emerging
commercial wireless technologies in emergency management in Canada. New
mobile telecommunications products have been adopted by emergency management
organizations because they are cost-effective and provide a wider range of
services in comparison to traditional land mobile radio. The paper also
describes the growing role of commercial mobile telephone services in
emergency management, and identifies concerns relevant to emergency
preparedness planning in Canada.

Comment: The full report can be viewed at:
http://www.ocipep-bpiepc.gc.ca/research/scie_tech/AndersonGow_1999-D005_e.ht
ml

Ottawa Police Issues Public Security Alert

The Ottawa police over the weekend issued a public security alert, warning
of a credible threat against a synagogue or other gathering place for the
Jewish community in the city. The warning, which was based on an
intelligence report received by the RCMP and Ottawa police, states that an
attack is planned for some time in June. Police have increased patrols
around possible targets including eleven synagogues and several Jewish
community centres, offices and facilities. Mitchell Bellman, executive
director of the Jewish Community Council of Ottawa, said the Jewish
community intends to continue with all scheduled events, commenting that it
is business as usual. (Source: The National Post, 25 May 2002)
http://www.nationalpost.com/

IN BRIEF

Insurance Policies to Cover Cost of G8 Protest Damage
Insurance policies are expected to cover most damage that may be caused by
protests during the June 26-27 G8 Summit in Calgary, according to an
Insurance Bureau of Canada official. He stated that most all-perils policies
would cover damage resulting from an event such as the G8 Summit. (Source:
CBC News, 25 May 2002)
http://calgary.cbc.ca/template/servlet/View?filename=meet020525

Water Systems on Reserves in Need of Repair
A large number of water systems on reserves across Canada have a high risk
of contamination, according to First Nations chiefs in Ontario. Quoting
information from the Walkerton report indicating that 83 reserves have
high-risk water systems, a spokesperson for the Chiefs of Ontario is asking
the federal government to provide appropriate funding to help First Nations
communities fix the problem. (Source: CBC News, 27 May 2002)
http://www.cbc.ca/stories/2002/05/27/reserve_water020527

FBI Unable to Detect Terrorism: Media Report
The FBI lacks the training and skills to detect domestic terrorism,
according to a media report on Sunday. Following criticism of poor
cooperation between the FBI and CIA,
FBI director Robert Mueller has promised that no field agent's reports of a
threat will be overlooked again. (Source: The Globe and Mail, 27 May 2002)
http://www.globeandmail.ca

Canada Not Immune to Terrorism: Former CSIS Director
Canada's relationship with the U.S. makes it a potential target for Islamic
extremists, according to Reid Morden, former director of the Canadian
Security and Intelligence Service (CSIS). Although We haven't seen
ourselves as anybody's enemy, Morden points out that Canada has not been
untouched by terrorist activity. He cited events such as Air India Flight
182 and an extremist attack on the Turkish Embassy as examples. (Source: The
Calgary Herald, 26 May 2002)
http://www.canada.com/calgary/calgaryherald/
http://www.canada.com/calgary/calgaryherald/story.asp?id={C29BC45D-0BB7-4200
-B1B7-BCCD40B17EEC}


CYBER UPDATES
See: What's New for the latest Alerts, Advisories and Information Products

Threats

Trend Micro reports on JS_NOCLOSE.E, which is a non-destructive Java Script
that opens several windows upon execution, each connecting to a URL listed
in its body. It then hides the opened windows so that the infected user can
not close them.
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=JS_NOCLOSE.E


Sophos reports on VBS/Redlof-A, which is a virus that infects HTM, HTML,
ASP, PHP, JSP, HTT and VBS files by appending a VBScript containing an
encrypted copy of the virus code to them. The virus exploits the MS VM
ActiveX component vulnerability enabling the virus to be activated by
viewing an infected HTML document at a remote site.
http://sophos.com/virusinfo/analyses/vbsredlofa.html


Sophos reports on WM97/Marker-AK, which is a variant of the WM97/Marker-A
Word macro virus. It has no active malicious payload and does little more
than replicate.
http://sophos.com/virusinfo/analyses/wm97markerak.html


McAfee reports on W97M/Hich.gen, which is a virus that disables Word virus
protection features and the Esc key. It is a parasitic virus that can delete
some or all of the contents of a document.

[INFOCON] - News 05/28/02

[Wanja Eric Naef [IWS]]

_

  London, Tuesday, May 28, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_

   IWS Sponsor

  National Center for Manufacturing Sciences
  http://www.ncms.org
 host of the
 InfraGard Manufacturing Industry Association
  http://trust.ncms.org
_


  
  [News Index]
  

[1] Webbed, Wired and Worried
[2] Anti-virus evals waste precious resources
[3] Chinese crackers prepare for cyber war
[4] Aussies surf to top of web crime list
[5] Excel hole opens PCs to hackers

[6] Klez-H is the worst virus ever - official
[7] Security researchers warn of worm blitzkriegs
[8] An Education in Hacking
[9] (UK) Time for openness over online fraud
[10] Internet Gambling May Become Legal in Canada

[11] Security Hole Strip Tease
[12] Opera vuln gives up local files
[13] E-gov security gateway in works
[14] Music industry sues Napster-like Internet firm, Audiogalaxy
[15] Dot-com stigma fails to turn off UK businesses

[16] Hackers go wireless with greatest of ease
[17] US plan to strike enemy with Valium

_

News
_


[1] Webbed, Wired and Worried
By THOMAS L. FRIEDMAN

Ever since I learned that Mohamed Atta made his reservation for Sept. 11
using his laptop and the American Airlines Web site, and that several of his
colleagues used Travelocity.com, I've been wondering how the entrepreneurs
of Silicon Valley were looking at the 9/11 tragedy - whether it was giving
them any pause about the wired world they've been building and the
assumptions they are building it upon.

In a recent visit to Stanford University and Silicon Valley, I had a chance
to pose these questions to techies. I found at least some of their
libertarian, technology-will-solve-everything cockiness was gone. I found a
much keener awareness that the unique web of technologies Silicon Valley was
building before 9/11 - from the Internet to powerful encryption software -
can be incredible force multipliers for individuals and small groups to do
both good and evil. And I found an acknowledgment that all those
technologies had been built with a high degree of trust as to how they would
be used, and that that trust had been shaken. In its place is a greater
appreciation that high-tech companies aren't just threatened by their
competitors - but also by some of their users.

http://www.nytimes.com/2002/05/26/opinion/26FRIE.html

 

[2] Anti-virus evals waste precious resources
By George Smith, SecurityFocus Online
Posted: 27/05/2002 at 15:10 GMT

In 1991, essayist Paul Fussell wrote, The current United States can be
defined as an immense accumulation of not terribly acute or attentive people
obliged to operate a uniquely complex technology, which, all other things
being equal, always wins.

http://www.theregister.co.uk/content/55/25454.html

 

[Rubbish, rubbish, rubbish. A journalist who likes to call an event
where some teenagers played around and did some cybergraffiti 'Cyberwar'???
I wonder if he were to write an article about some kids who did some
graffiti in Wimbledon. I guess the title would be 'Wimbledon
graffiti artists prepare for war'. It is interesting to see
that journalists in such articles never mention any Chinese
IW thinkers (like Shen Weiguang, Wang Pufeng, Dai Quingmin, ...) or
mention the Echeng Reserve IW organisation,  But I guess that
would  require some serious journalism (i.e. someone who checks his
facts first). WEN]

[3] Chinese crackers prepare for cyber war

By Nick Farrell [24-05-2002]

Students may launch attacks on vital western systems

Chinese hackers could be readying themselves to launch a cyber attack on key
western computer systems.
The Institute for Strategic Studies, run by the US Army War College, has
released a classified report warning the Defense Department, US diplomats
and law enforcement agencies to be on the look out for Chinese student
hacking attacks some time this summer.

The Institute believes that the attacks will try to spread computer viruses
and 

[INFOCON] - NIPC Daily Report 29 May 02

[Wanja Eric Naef [IWS]]

[The daily report is a bit late as I spent 5 hours at a InfoSec 
company yesterday where they showed me an amazing software 
product which is light-years ahead of any other similar product. WEN]

NIPC Daily Report29 May 2002

The NIPC Watch and Warning Unit compiles this report to inform 
recipients of issues impacting the integrity and capability of the 
nation's critical infrastructures.

Giant Florida natural gas pipeline starts service.   A 1.1 billion cubic 
foot capacity natural gas pipeline started delivering gas on 28 May.  
The pipeline, believed to be Florida's first new gas source in more than 
40 years, is aimed at meeting the state's growing reliance on gas-fired 
power generation.  The Gulfstream pipeline will initially supply enough 
gas to produce power for around 4.5 million Florida homes, a company 
spokesperson said.  (Reuters, 28 May)

PDAs make easy pickings for data thieves.  A survey conducted by a 
security firm revealed that private and corporate secrets are all too 
frequently left unprotected.  The survey showed that one in ten 
individual's bank accounts could be accessed if they lost their Personal 
Digital Assistant (PDA). Owners of PDAs, commonly download substantial 
slices of their personal and business lives onto their PDAs, but leave 
the information unencrypted and without password protection.  PINs, 
passwords, customer details, bank accounts, credit card  social 
security details are just some of the confidential and personal pieces 
of information stored by PDA owners. (The Register, 28 May)

Klez-H is the worst virus ever.   Klez-H is being called the worst virus 
ever, according to figures from the managed services firm MessageLabs.  
MessageLabs has blocked 775,000 copies of the pathogen since it first 
appeared on April 15. Klez-H overtakes the infamous SirCam worm.  
MessageLabs is blocking 20,000 Klez-H infected emails per day.  Alex 
Shipp, MessageLabs chief ant-virus specialist, says the reason for 
Klez.H's 'success' lies in its ability to cover its tracks and deceive 
recipients.  Klez-H is able to select random names from address books 
to use as the sender address, and also creates a large range of subject, 
text and attachment names, making it difficult to identify and 
track. (The Register, 27 May)






IWS INFOCON Mailing List
 IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - News 05/31/02

[Wanja Eric Naef [IWS]]

_

  London, Friday, May 31, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_

   IWS Sponsor

  National Center for Manufacturing Sciences
  http://www.ncms.org
 host of the
 InfraGard Manufacturing Industry Association
  http://trust.ncms.org
_


  
  [News Index]
  

[1] Ridge speaks out on restructuring homeland security agencies
[2] Virus warning: SQL worm trumps Nimda and Code Red
[3] Hackers Crack Copy Protection CD's
[4] Japan space hackers nabbed for spying
[5] (UK) Govt freezes e-tax filing

[6] FBI agent blames outdated technology for failure to prevent terror
attacks
[7] Securing Privacy Part Four: Internet Issues
[8] Notorious hacker hits TheNerds.net
[9] The next hacker target: instant messaging
[10] Low-tech solution to password problem

[11] FBI director unveils plan for agency overhaul
[12] FBI and CIA coming on-line with new powers
[13] (AU) 'Spammer' punished for war hang-up
[14] Hacker 'King Kimble' handed fraud conviction
[15] (UK) Cypherpunks aim to torpedo RIP key seizure plan

[16] Scientists set to unveil anti-terrorism ideas in late June
[17] Congressional panel issues information security report
[18] EU set to weaken Net privacy regime

_

News
_


[1] Ridge speaks out on restructuring homeland security agencies
By Katherine McIntire Peters

The White House is poised to recommend reorganizing federal agencies to more
effectively control people and goods at U.S. borders and help local police,
firefighters and health care workers respond after terrorist attacks. The
recommendations are to be included in the homeland security strategy, which
is being developed by the White House Office of Homeland Security. Homeland
Security Director Tom Ridge discussed some of his thinking over lunch with
editors and writers at National Journal Group, including Government
Executive's Katherine McIntire Peters.

Q: Thousands of people enter this country illegally every day. Most just
walk across the border. This is after a decade of spending billions of
dollars to increase staffing, equipment and intelligence on the border. How
big a concern is that to you when you look at homeland security
vulnerabilities, and what is a realistic way of dealing with it?

A: We have 5,000 miles of border with Canada and 2,500 miles of border with
Mexico. If you add the coastline, we've got about 95,000 miles of
unprotected navigable border. That openness, that size, is obviously a point
of vulnerability where we know we need to enhance security.

http://www.govexec.com/dailyfed/0502/053002kp1.htm

 

[2] Virus warning: SQL worm trumps Nimda and Code Red

An internet worm that attacks Microsoft's SQL Server database has caused
more attacks in the past week than last year's most notorious worms, Nimda
and Code Red.

http://www.silicon.com/bin/bladerunner?30REQEVENT=REQAUTH=2104614001REQSUB
=REQINT1=53664

 

[3] Hackers Crack Copy Protection CD's
By THE ASSOCIATED PRESS

Filed at 7:17 p.m. ET

SAN FRANCISCO (AP) -- Some music fans are trying to fake out CD copy
protection technology with the stroke of a felt-tip pen.

The tactic is being used in Europe, where Sony is trying out a copy
protection method. That model won't be coming to America, the company says.

The crack in the copy protection is the talk of the town on Internet message
boards, though Digital Audio Disc Corporation, Sony Corp.'s CD manufacturing
unit, is not amused.

http://www.nytimes.com/aponline/technology/AP-Felt-Tip-Hackers.html?ex=10235
08800en=06d4d4bcbe8392c0ei=5040partner=MOREOVER

 

[4] Japan space hackers nabbed for spying

TOKYO, Japan (AP) --Three workers at a major Japanese aerospace company have
been arrested for allegedly hacking into the computer network of Japan's
space agency to spy on a rival company.

http://europe.cnn.com/2002/WORLD/asiapcf/east/05/30/japan.spacehackers.ap/in
dex.html

 

[INFOCON] - NIPC Daily Report 31 May 02

[Wanja Eric Naef [IWS]]

NIPC Daily Report31 May 2002

The NIPC Watch and Warning Unit compiles this report to inform recipients of
issues impacting the integrity and capability of the nation's critical
infrastructures.

Debate over exposing chemical risks. The chemical industry in recent months
has successfully lobbied the government to limit access to previously public
data about chemical accidents, arguing that it would give terrorists a
blueprint to launch an attack.  The US chemical industry also has won
growing support in law-enforcement circles to fight the terrorist threat
with voluntary security improvements - and secrecy. Environmentalists,
however, are determined to keep exposing the information, arguing that
chemical companies are engaged in far riskier behavior by not adopting safer
manufacturing methods.  Although environmentalists concede that what they're
doing could make it easier for terrorists to pick targets, they contend that
an industrial accident could be as devastating as a planned assault.  The
question of which side might be taking greater chances with American lives
remains unanswered. (The Wall Street Journal, 30 May)

WWU Comment: Although this article refers to the chemical industry, it
underscores the issue facing many industries trying to balance issues of the
public's 'right to know' about hazardous conditions and properly securing
sensitive data. Several concerns converge when considering the disclosure of
information regarding security, materials, processes, and physical
locations. Costs and other constraints associated with security and process
upgrades can make them infeasible or at least improbable in the short-term.

FBI warns of shoulder-fired missile threat.  Although it has had no specific
warnings, the FBI is alerting law enforcement agencies to be on the lookout
for any signs of terrorist plans to use shoulder-fired missiles against US
targets, especially commercial airliners. The FBI possesses no information
indicating that al Qaeda is planning to use 'Stinger' missiles or any type
of MANPAD [portable anti-aircraft] weapons system against commercial
aircraft in the United States, the warning said. However, given al Qaeda's
demonstrated objective to target the US airline industry, its access to US
and Russian-made MANPAD systems, and recent apparent targeting of US-led
military forces in Saudi Arabia, law enforcement agencies in the United
States should remain alert to potential use of MANPADs against US aircraft.
(CNN, 30 May)

Klez infection persists. The Klez worm and its variants, including Klez.E
and Klez.H, continue to spread at a dizzying rate, according to anti-virus
experts. The Klez rampage has gotten so serious, recent media reports dubbed
it the No. 1 virus of all time. Klez.A was first spotted Oct. 25, 2001, but
didn't do much damage.  Klez.E, which first appeared Jan. 17, was the first
Klez variant that produced significant activity. The latest variant, known
as Klez.H, was first seen April 17, 2002.  Symantec has received 130,000
different submissions of the Klez worm since Klez.E's mid-January debut.
This month alone, Symantec has received 70,000 total Klez submissions.  By
comparison, the worm known as W95.Hybris is the second most submitted as of
May 2002, with a mere 3,600. Representatives from Norton Anti-virus stated
that not every user of the company's Anti-Virus protection chooses to send
samples for analysis, so the total number of infections is likely
potentially much greater. (Newsbytes, 29 May)

Security researchers warn about worm of the future.  In a paper, How to Own
the Internet in Your Spare Time, Stuart Stanford of Silicon Defense, Vern
Paxson of ICSI Center for Internet Research, and Nicholas Weaver of
University of California Berkeley, argue that internet worms, used as attack
tools, will continue to pose a significant threat to systems and
infrastructures.  Based largely on analysis of the spread the Code Red and
Nimda worms, they suggest that in the future, worms that are better
engineered and more advanced will be able to spread in tens of seconds
rather than hours, and be modified on the fly to circumvent anti-virus
efforts.  The paper also discusses the threat of a surreptitious worm that
would move more slowly, but be much harder to detect and could arguably
subvert upwards of 10,000,000 Internet hosts.  The authors suggest that by
using worms to gain control of millions of hosts on the Internet, the
attacker could inflict several types of damage.  First, the attacker could
launch a diffuse distributed denial of service attack that could bring down
e-commerce sites, news outlets, or command and control infrastructures.
Second, the attacker could potentially access and exploit sensitive
information on any of the millions of infected systems, such as passwords or
archived e-mail.  Finally, if the attacker can control the information on
infected systems, he could corrupt or disrupt the information in order to
sow confusion. (The 

[INFOCON] - NCIX WEB SITE UPDATE ADVISORY #7-2002

[Wanja Eric Naef [IWS]]

-Original Message-
From: Stephen F. Argubright [Sent: 31 May 2002 16:39
To: [EMAIL PROTECTED]
Subject: NCIX WEB SITE UPDATE ADVISORY #7-2002


Dear Friends and Colleagues,

1.  A new NCIX counterintelligence and security awareness poster, titled One
Evil, may be viewed and ordered by linking to
http://www.ncix.gov/pubs/posters/one_evil.html  .

2. The NCIX outreach team has updated the booklet Be Alert! and it is now
available by linking to  http://www.ncix.gov/pubs/misc/pub_be_alert.html .

Background:  Using primarily Internet e-mail addresses from consumers who
have requested NCIX counterintelligence and security awareness
material, the NCIX  has created an Internet address group to alert and
inform its readers about new and updated information regarding the NCIX
Web site.   The advisories include information on NCIX regional seminars,
the release of new awareness material, and other information of
counterintelligence interest.  Please feel free to use this updated
information on your own Intranet and other information-sharing systems.
Each advisory is assigned a sequential number for tracking purposes.  As of
this advisory, there are more than 2,400 official subscribers.

If you are receiving these advisories from another source, but would like to
receive them directly, please link to
http://www.ncix.gov/feedback/pubreq.html , provide the appropriate contact
information, check the Add to the NCIX Notification Service box, and
submit.





IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - Some interesting GAO Reports

[Wanja Eric Naef [IWS]]

A collection of interesting GAO Reports (ranging from
Information Security to Missile Defence to Drinking Water)
from the last few months which are pilled up in my room in
one corner ... WEN

Coast Guard:  Vessel Identification System Development Needs to Be
Reassessed.  GAO-02-477, May 24.
http://www.gao.gov/cgi-bin/getrpt?GAO-02-477

1. Diffuse Security Threats:  Technologies for Mail Sanitization Exist,
But Challenges Remain.  GAO-02-365, April 23.
http://www.gao.gov/cgi-bin/getrpt?GAO-02-365

1. DOE Weapons Laboratories:  Actions Needed to Strengthen EEO
Oversight.  GAO-02-391, April 22.
http://www.gao.gov/cgi-bin/getrpt?GAO-02-391

2. Defense Budget:  Need to Strengthen Guidance and Oversight of
Contingency Operations Costs.  GAO-02-450, May 21.
http://www.gao.gov/cgi-bin/getrpt?GAO-02-450

3. Military Transformation:  Army Actions Needed to Enhance Formation
of Future Interim Brigade Combat Teams.  GAO-02-442, May 17.
http://www.gao.gov/cgi-bin/getrpt?GAO-02-442

3. Technology Transfer:  NNSA Did Not Implement the Technology
Infrastructure Pilot Program.  GAO-02-708R, May 10.
http://www.gao.gov/cgi-bin/getrpt?GAO-02-708R

Information Security:  Comments on the Proposed Federal Information
Security Management Act of 2002, by Robert F. Dacey, director,
information security issues, before a joint hearing of the Subcommittee
on Government Efficiency, Financial Management, and Intergovernmental
Relations and the Subcommittee on Technology and Procurement Policy,
House Committee on Government Reform.GAO-02-677T, May 2.
http://www.gao.gov/cgi-bin/getrpt?GAO-02-677T

4. Information Security:  Additional Actions Needed to Fully Implement
Reform Legislation.  GAO-02-407, May 2.
http://www.gao.gov/cgi-bin/getrpt?GAO-02-407

3. Transportation Infrastructure:  Cost and Oversight Issues on Major
Highway and Bridge Projects, by JayEtta Z. Hecker, dierctor, physical
infrastructure issues, before the House Committee on Transportation and
Infrastructure.GAO-02-702T, May 1.
http://www.gao.gov/cgi-bin/getrpt?GAO-02-702T

9. Nuclear Security:  Lessons to Be Learned from Implementing NNSA's
Security Enhancements. GAO-02-358, March 29.
http://www.gao.gov/cgi-bin/getrpt?GAO-02-358

Combating Terrorism: Key Aspects of a National Strategy to Enhance State and
Local Preparedness, by Patricia Dalton, director, strategic issues, before
the Subcommittee on Government Efficiency, Financial Management, and
Intergovernmental Relations, House Committee on Government Reform, in Long
Beach, California.GAO-02-549T, March 28.
http://www.gao.gov/cgi-bin/getrpt?GAO-02-549T

Combating Terrorism: Key Aspects of a National Strategy to Enhance State and
Local Preparedness, by Randall Yim, managing director, national
preparedness, before the Subcommittee on Government Efficiency, Financial
Management, and Intergovernmental Relations, House Committee on Government
Reform, in Albuquerque, New Mexico. GAO-02-548T, March 25.
http://www.gao.gov/cgi-bin/getrpt?GAO-02-548T

1. Combating Terrorism:  Intergovernmental Partnership in a National
Strategy to Enhance State and Local Preparedness, by Paul Posner, managing
director, strategic issues, before the Subcommittee on Government
Efficiency, Financial Management, and Intergovernmental Relations, House
Committee on Government Reform, in Tempe, Arizona.GAO-02-547T, March 22.
http://www.gao.gov/cgi-bin/getrpt?GAO-02-547T

3. Security Breaches at Federal Buildings in Atlanta, Georgia, by
Ronald Malfi, acting managing director, Office of Special
Investigations, before the House Committee on Government Reform, in
Atlanta, Georgia. GAO-02-668T, April 30.  (statement not available on
the Internet)
http://www.gao.gov/cgi-bin/ordtab.pl

4. International Electronic Commerce:  Definitions and Policy
Implications.  GAO-02-404, March 2002.
http://www.gao.gov/cgi-bin/getrpt?GAO-02-404


1. National Preparedness:  Technologies to Secure Federal Buildings, by
Keith A. Rhodes, chief technologist, before the Subcommittee on
Technology and Procurement Policy, House Committee on Government
Reform.GAO-02-687T, April 25.
http://www.gao.gov/cgi-bin/getrpt?GAO-02-687T

2. Information Security:  Subcommittee Post-Hearing Questions
Concerning the Additional Actions Needed to Implement Reform
Legislation.  GAO-02-649R, April 16.
http://www.gao.gov/cgi-bin/getrpt?GAO-02-649R


2. Homeland Security:  Responsibility and Accountability for Achieving
National Goals, by David M. Walker, comptroller general of the United
States, before the Senate Committee on Governmental Affairs.
GAO-02-627T, April 11.
http://www.gao.gov/cgi-bin/getrpt?GAO-02-627T

5. National Preparedness:  Integration of Federal, State, Local, and
Private Sector Efforts Is Critical to an Effective National Strategy for
Homeland Security, by Randall Yim, managing director, national
preparedness, before the Subcommittee on Economic Development, Public
Buildings and Emergency Management, House Committee on Transportation
and Infrastructure. GAO-02-621T, April 11.

[INFOCON] - OCIPEP Advisory AV02-029 Multiple Vulnerabilities -Yahoo! Messenger

[Wanja Eric Naef [IWS]]

La version française suit


THE OFFICE OF CRITICAL INFRASTRUCTURE PROTECTION AND EMERGENCY PREPAREDNESS

*
   ADVISORY
*

Number: AV02-029
Date:   5 June 2002

**
Multiple Vulnerabilities - Yahoo! Messenger
**

PURPOSE
The CERT/CC is reporting multiple vulnerabilities in Yahoo! Messenger
version 5,0,0,164 and prior for Microsoft Windows.


ASSESSMENT
There are multiple vulnerabilities in Yahoo! Messenger that may allow an
attacker to execute arbitrary code with the privileges of the user on the
victim system.

OCIPEP has not received any reports of this vulnerability being exploited in
Canadian systems. OCIPEP will continue monitoring all available sources of
information about this vulnerability and will provide updated information
should the potential for impact increase.


SUGGESTED ACTION
Users should upgrade to version Yahoo! Messenger 5,0,0,1065 or later. Please
refer to the following link for additional information:
http://www.cert.org/advisories/CA-2002-16.html


CONTACT US
For urgent matters or to report any incidents, please contact OCIPEP's
Emergency Operations Centre at:

Phone:  (613) 991-7000
Fax:(613) 996-0995
Secure Fax: (613) 991-7094
Email:  [EMAIL PROTECTED]

For general information, please contact OCIPEP's Communications Division at:

Phone: (613) 991-7035 or 1-800-830-3118
Fax:   (613) 998-9589
Email: [EMAIL PROTECTED]
Web Site:  www.ocipep-bpiepc.gc.ca


NOTICE TO READERS
When the situation warrants, OCIPEP issues Advisories to communicate
information about potential, imminent or actual threats, vulnerabilities or
incidents assessed by OCIPEP as limited in scope but having possible impact
on the Government of Canada or other sectors of Canada's critical
infrastructure. Recipients are encouraged to consider the real or possible
impact on their organisation of the information presented in the Advisory,
and to take appropriate action.

OCIPEP publications are based on information obtained from a variety of
sources. The organisation makes every reasonable effort to ensure the
accuracy, reliability, completeness and validity of the contents in its
publications. However, it cannot guarantee the veracity of the information
nor can it assume responsibility or liability for any consequences related
to that information. It is recommended that OCIPEP publications be carefully
considered within a proper context and in conjunction with information
available from other sources, as appropriate.

Unauthorized use of computer systems and mischief in relation to data are
serious Criminal Code offences in Canada.  Upon conviction of an indictable
offence, an individual is liable to imprisonment for a term not to exceed
ten years.  All offences should be reported immediately to your local police
service.

==


LE BUREAU DE LA PROTECTION DES INFRASTRUCTURES ESSENTIELLES ET DE LA
PROTECTION CIVILE


AVIS DE SÉCURITÉ


Numéro: AV02-029
Date:   5 juin 2002

**
Vulnérabilités multiples du Yahoo! Messenger
**

BUT
Le CERT/CC signale de multiples vulnérabilités de la version 5,0,0,1064 et
antérieures du Yahoo! Messenger, de Microsoft Windows.


ÉVALUATION
Il existe des vulnérabilités multiples du Yahoo! Messenger pouvant permettre
à un intrus d'exécuter des codes arbitraires en utilisant les privilèges de
l'utilisateur du système victime.

Le BPIEPC n'a reçu aucune indication à l'effet que cette vulnératilité avait
touché les systèmes canadiens.  Le BPIEPC continuera à assurer la
surveillance de toutes les sources d'information accessibles relativement à
cette vulnérabilité et transmettra toute nouvelle information s'il y a
augmentation des possibilités d'une incidence.


MESURE PROPOSÉE
Les utilisateurs devraient se procurer la version 5,0,0,1065 ou ultérieure
de Yahoo! Messenger. Pour de plus amples renseignements, veuillez consulter
le lien suivant :
http://www.cert.org/advisories/CA-2002-16.html


COMMENT COMMUNIQUER AVER NOUS
En cas de questions urgentes, ou pour signaler des incidents, veuillez
communiquer avec le Centre des opérations d'urgence du BPIEPC au:

Téléphone :(613) 991-7000
Télécopieur :  (613) 996-0995
Télécopieur sécuritaire : (613) 991-7094
Courriel : [EMAIL PROTECTED]

Pour obtenir des renseignements généraux, veuillez communiquer avec la
Division des communications du BPIEPC au:

Téléphone :(613) 991-7035 ou 1-800-830-3118
Télécopieur :  (613) 998-9589
Courriel : [EMAIL PROTECTED]
Site Web : www.bpiepc-ocipep.gc.ca


AVIS AUX LECTEURS
Les avis de sécurité servent à communiquer des renseignements au sujet de
menaces potentielles, imminentes ou réelles, de vulnérabilités ou
d'incidents évalués par le BPIEPC, de 

[INFOCON] - Conferences: TechNet 2002 (DC) LENS (London)

[Wanja Eric Naef [IWS]]

[If someone is going to the TechNet conference please let me
know as I quite curious what they have to say about Network
Centric Warfare  Homeland Security. I won't be able to go
as I am attending LENS in London. WEN]

*

Washington DC, USA,  11. - 13. June 

TechNet 2002 (free)

TechNet International is an annual event sponsored by AFCEA 
International. The 3-day event is one of the nation's largest 
C4I conventions and expositions.

http://www.technet2002.org/

Tuesday:

2:00 p.m. - 3:30 p.m.
Network Centric Warfare: Approaches to Implementation


*

London, UK, 11. - 13. June 

LENS Forum

The Second Global Forum for Law Enforcement  National Security

'Security Governance and Homeland Defence - Learning Lessons, 
Creating Partnerships and Finding Solutions to Meet New Challenges'

http://www.lensforum.com/Lens_index.htm




IWS INFOCON Mailing List
 IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - News 06/07/02

[Wanja Eric Naef [IWS]]

_

  London, Friday, June 07, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_

   IWS Sponsor

  National Center for Manufacturing Sciences
  http://www.ncms.org
 host of the
 InfraGard Manufacturing Industry Association
  http://trust.ncms.org
_


To subscribe - send an email to [EMAIL PROTECTED] with subscribe
infocon in the body

To unsubscribe - send an email to [EMAIL PROTECTED] with unsubscribe
infocon in the body

  
  [News Index]
  

* Department of Homeland Security

[1] Bush proposes massive overhaul of homeland security agencies
[2] Host of agencies will be affected by homeland security reorganization
[3] Reorganization plan gains bipartisan support on Hill
[4] Personnel reform, but no layoffs, envisioned for new department
[5] Creating Cabinet agency no panacea for agencies' woes, critics say

* Other News

[6] Security through obsolescence
[7] Clarke warns educators about need for better security
[8] Hacker group defaces naval websites
[9] Privacy still blights online retailers
[10] Dead Men Tell No Passwords

[11] Trend Micro strengthens hybrid worm defences
[12] FBI wants to track your Web trail
[13] Hacking puts 4,500 students' grades in doubt at Western High
[14] Is Linux Ready for National Security?
[15] Leaky Cyber Borders

[16] Workers Arrested in Airport Security Crackdown
[17] Ford says global terrorism is tougher to tackle than dealing with Cold
War

_

News
_


[1] Bush proposes massive overhaul of homeland security agencies
By Jason Peckenpaugh

In what would be the biggest restructuring of government since World War II,
President Bush proposed Thursday to move seven entire agencies and offices
from several others into a new cabinet-level Department of Homeland
Security.

The new department would include the Federal Emergency Management Agency,
Coast Guard, Transportation Security Administration, Customs Service,
Immigration and Naturalization Service (including the Border Patrol), Animal
and Plant Health Inspection Service, and Secret Service.

Offices of some other agencies would also be absorbed, such as the Commerce
Department's Critical Infrastructure Assurance Office; the National Domestic
Preparedness Office and the National Infrastructure Protection Center at the
FBI; and the Federal Protective Service and the Federal Computer Incident
Response Capability at the General Services Administration.

http://www.govexec.com/dailyfed/0602/060602ts1.htm

Bush plan backs IT infrastructure
http://www.fcw.com/fcw/articles/2002/0603/web-plan-06-06-02.asp

Bush overhauls domestic security
http://news.bbc.co.uk/hi/english/world/americas/newsid_203/2030516.stm

Bush Announces Anti-Terror Agency
http://www.foxnews.com/story/0,2933,54617,00.html

Bush unveils security shake-up
http://www.itv.com/news/World174074.html

Bush Plans Mammoth Department of Homeland Security
http://www.newsmax.com/archives/articles/2002/6/6/144125.shtml

Bush unveils plan for domestic defense
http://www.bayarea.com/mld/mercurynews/3417812.htm

Bush Proposes Restructuring of Homeland Security
http://www.nytimes.com/2002/06/06/politics/06CND-BUSH.html?ex=1024027200en=
25e823afa4b8db5dei=5040partner=MOREOVER

Bush Speech:

Audio
http://www.whitehouse.gov/news/releases/2002/06/20020606-8.a.ram

Video
http://www.whitehouse.gov/deptofhomeland/remarks.v.ram

Text
http://www.whitehouse.gov/news/releases/2002/06/20020606-8.html

General Section:
http://www.whitehouse.gov/deptofhomeland/toc.html

Url of the proposed Department of Homeland Security
http://www.whitehouse.gov/deptofhomeland/

 

[2] Host of agencies will be affected by homeland security reorganization

According to Bush administration briefing documents obtained by Government
Executive Thursday, several agencies would be shifted into the proposed new
Department of Homeland Security in their entirety; while parts of other
agencies would be absorbed by the new entity.

The following agencies would be absorbed into the new department:

Federal Emergency 

[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-079 Date: 11 June2002

[Wanja Eric Naef [IWS]]

OCIPEP DAILY BRIEF Number: DOB02-079 Date: 11 June 2002

NEWS

OCIPEP Issues Advisory - Securing and Protecting Your Web Server
With the recent increase of web site defacements with anti-G8 messages,
OCIPEP has issued an advisory reminding system and network administrators to
maintain secure web servers. Web site defacements are normally, but not
exclusively, a result of buffer overflows, poor coding (CGI scripts) and
improper configurations. The advisory lists some of the basic measures to
protect against defacements, such as keeping operating systems and
applications software patched, checking logs regularly and maintaining a
current backup of the systems.

Comment: OCIPEP's Advisory AV02-030 can be viewed at:
http://www.ocipep.gc.ca/emergencies/advisories/AV02-030_e.html

Homeland Security Department Will Be Big Spender
The proposed U.S. Department of Homeland Security would have an annual
procurement budget of US$5 billion, one of the largest in the country,
according to David Litman, a senior procurement executive at the
Transportation Department. A large portion of the procurement budget, about
20 percent, would come from the newly-created Transportation Security
Administration, which has just awarded a US$5.5-billion contract to Boeing
Services Company for the deployment of about 1,100 explosive-detection
machines to screen passenger luggage. The Coast Guard and Customs Service
will also require a large share of procurement dollars to continue their
ongoing modernization programs. (Source: govexec.com, 10 June 2002)
http://www.govexec.com/dailyfed/0602/061002g1.htm

Comment: A full text of the Bush Administration's proposal for a Department
of Homeland Security is available at:
http://www.govexec.com/dailyfed/0602/060602bushproposal.htm


IN BRIEF

Increased Military Presence at G8 Summit
The Canadian Forces will have about 5,000 soldiers in the Kananaskis area to
help ensure security at the G8 Summit. Military fighter jets and helicopters
will be in the air during the Summit, and the increase presence on the
ground will be felt both in Calgary and in Kananaskis. (Source: CBC News, 10
June 2002) http://calgary.cbc.ca/template/servlet/View?filename=ml_6102002

State of Emergency Declared in Southern Alberta
A state of emergency has been declared in parts of southern Alberta, where
heavy rains have flooded homes and roads over the past three days. Some
residents had to be moved to nearby schools, and it could be a week or more
before they can go back to their homes. (Source: CBC News, 11 June 2002)
http://www.cbc.ca/stories/2002/06/11/ab_floods020611

Dirty Bomb Would Produce Low Radiation Level
Heart attacks resulting from the chaos created by the explosion of a dirty
bomb would claim more victims than radiation poisoning, according to the
American Institute of Physics' web site. Exposure to radiation levels would
be low, and the initial death toll would come mostly from the explosion of
the device itself. (Source: CNN.com, 10 June 2002)
http://www.cnn.com/2002/HEALTH/06/10/dirty.bomb.health/index.html

Restructuring Will Help Government Agencies Work With Private Sector
The restructuring of U.S. cybercrime agencies will improve federal
coordination with the private sector, according to White House cybersecurity
chief Richard Clarke. The proposal outlined by President Bush would bring
together the FBI's National Infrastructure Protection Center and the U.S.
Commerce Department's Critical Infrastructure Assurance Office, which both
work extensively with the private sector. (Source: Computerworld, 10 June
2002)
http://www.computerworld.com/securitytopics/security/story/0,10801,71903,00.
html


CYBER UPDATES
See: What's New for the latest Alerts, Advisories and Information Products

Threats

Symantec reports on Backdoor.Latinus, which is a Trojan that can log
keystrokes and send them to the hacker.
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.latinus.htm
l
Symantec reports on W32.Frethem.D@mm, which is a variant of W32.Frethem.B@mm
worm that uses its own SMTP engine to propagate via e-mail. It arrives with
the subject line Re: Your password! and the attachment
decrypt-password.exe.
http:[EMAIL PROTECTED]
l
Symantec reports on W32.Chier@mm, which is a worm that uses its own SMTP
engine to propagate via e-mail. It arrives with the subject line Hi, i am
username and the attachment p.exe.
http:[EMAIL PROTECTED]
Trend Micro reports on VBS_NEMITE.A, which is a VBScript worm embedded in an
HTML file that propagates via e-mail. It arrives with the subject line HI
and the attachment Syashin3.vbs.
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_NEMITE.A
Sophos reports on Troj/DSS-A, which is a Trojan that is likely to arrive in
an e-mail as an attachment called OPENME.EXE.
http://sophos.com/virusinfo/analyses/trojdssa.html


Vulnerabilities

SecurityFocus reports on a buffer overflow vulnerability in Microsoft's
ASP.NET StateServer process that could allow a remote 

[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-080 Date: 12 June2002

[Wanja Eric Naef [IWS]]

DAILY BRIEF Number: DOB02-080 Date: 12 June 2002

NEWS

Ottawa to Buy Smallpox Vaccine for All Canadians
The Ottawa Citizen reports that the federal government will purchase
millions of doses of the smallpox vaccine, enough to inoculate every
Canadian. Dr. Ron St. John, executive director of Health Canada's Centre for
Emergency Preparedness and Response, stated that negotiations were already
underway to acquire the vaccines, which could cost up to $123 million. There
are also plans to vaccinate epidemiologists and federal health workers who
would be in the front line in the event of a smallpox outbreak. While he
acknowledged that the possibility of a bioterrorist attack on Canada is
extremely remote, Dr. St. John stressed that even a limited outbreak could
turn into a national catastrophe. The vaccine is effective if given within
four days of exposure to the virus. (Source: The Ottawa Citizen, 12 June
2002)
http://www.canada.com/ottawa/ottawacitizen/story.asp?id={C693E8BE-C7CB-40AF-
B28C-B27CF936D0E1}
http://www.canada.com/ottawa/ottawacitizen/

Platform-Jumping Virus a New Challenge for Virus Writers
A new virus that made the headlines last week has prompted a renewed
interest in Unix and Linux viruses, according to anti-virus experts. A
Symantec researcher explained that the Simile virus, which can jump from
Windows to Unix operating systems, presents new challenges for virus
writers. A McAfee analyst commented that Unix shell script viruses are
relatively easy to create, yet powerful enough to create big problems.
(Source: vnunet.com, 11 June 2002)
http://www.vnunet.com/News/1132517

Comment: The same news source on 5 June published an article
(http://www.vnunet.com/News/1132372) quoting Symantec and McAfee experts who
had released an advisory after the discovery of the Simile/Etap virus. They
called it a very complex virus that uses entry-point obscuring,
metamorphism and polymorphic decryption, which makes it hard to detect.
Typically, the majority of viruses are Windows based due in part to the
proliferation of Microsoft Windows operating system in the market place. As
the popularity of Unix-based operating systems increases in the general user
population (i.e. Linux) it follows that we may see: (1) an increase in
viruses that target the Unix/Linux operating systems and (2) viruses that
have the ability to infect more than one type of operating system (i.e.
Unix/Linux and Windows).

IN BRIEF

Transportation Delays Expected in Calgary During G8 Summit
Most roads near Calgary International Airport will be closed to the public
from June 25 to 28 as part of the Calgary Police's security restrictions
during the G8 Summit. Air travellers are urged to allow at least an extra 30
minutes to reach the airport and to check with the G8 Summit information
line for information on road closures. Service on the city's light rail
system may also be affected. (Source: CBC News, 11 June 2002)
http://calgary.cbc.ca/template/servlet/View?filename=sy_11062002

State of Emergency Declared in Flooded Alberta Communities
Rain continued to fall in southern Alberta, and the worst may be yet to
come, if warm weather accelerates melting of the snow that fell in the
mountains, according to Dennis Chief Calf, fire chief and head of disaster
services for the Blood Tribe Reserve. A state of emergency has been declared
in the community of Pincher Creek and in the county of Lethbridge, while
flood warnings are in effect in several other communities. (Source: CBC
News, 11 June 2002)
http://calgary.cbc.ca/template/servlet/View?filename=fd_11062002

FBI Investigates Dive Shops
Scuba diving shops across the U.S. are being contacted by FBI agents
concerned that terrorists may have been taking scuba diving training with
the intention of blowing up ships, power plants, bridges and other
structures that are waterfront. Agents are looking for unusual requests from
potential trainees, such as limited-visibility diving and diving in a
harbour, where water is turbulent and cloudy. (Source: The Toronto Star, 11
June 2002)
http://www.thestar.com/NASApp/cs/ContentServer?pagename=thestar/Layout/Artic
le_Type1c=Articlecid=1022100028330call_page=
TS_Worldcall_pageid=968332188854call_pagepath=News/Worldcol=968350060724

Comment: This appears to be further to a May 23 information bulletin from
the National Infrastructure Protection Center (NIPC) stating that various
terrorist elements had sought to develop an offensive scuba diver
capability.





CYBER UPDATES
See: What's New for the latest Alerts, Advisories and Information Products

Threats

Central Command reports on Worm/Trilissa.D, which is a worm that propagates
via Outlook e-mail. It arrives with the subject line Bush is a criminal!
and the attachment Bush_you_are_guilty!!!.scr.
http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_adp.ph
p?p_refno=020611-11


Central Command reports on TR/Win32.Rewin, which is a Trojan horse that
allows backdoor access to a victim's 

[INFOCON] - Ridge Aims to Reduce U.S. Vulnerabilities to Terrorism

[Wanja Eric Naef [IWS]]

[At least life as a politician in DC will be interesting
again as they will be facing the biggest turf war ever 
which could get quite nasty. The proposed Homeland 
Security Department will also have to survive 88 
congressional committees and subcommittees. So one 
should really ask whether this will be worth the effort 
as the government's limited resources could be used 
to make current the agencies more efficient. There is 
something wrong with the system and it looks like that 
instead of changing the system, the administration just risks 
to create another layer of bureaucracy which might not really
help to protect the nation.  WEN]

10 June 2002 
Ridge Aims to Reduce U.S. Vulnerabilities to Terrorism
(Homeland Security Advisor Wants To Draw Lessons From 9-11)(3500)

Homeland Security Advisor Tom Ridge wants to draw on the security
expertise in the federal government to significantly reduce the
vulnerability to terrorism and terrorist attack.

Speaking June 10 to the National Association of Broadcasters Education
Foundation in Washington, Ridge said: It's time for us to take the
lessons learned from 9/11 and from our war on terrorism and apply them
to homeland security.

He said the new Cabinet-level Department of Homeland Security proposed
by President Bush should be a clearinghouse for many of the best
practices that we believe can be deployed to prevent terrorism.

The new department, which must be approved by Congress, should have
one single mission, Ridge said: to protect the American people and
their way of life from terrorism.

Drawing 170,000 existing personnel from now disparate sources, he said
the new department will bring together everyone under the same roof,
working toward the same goal and pushing in the same direction.

Following is the transcript of Ridge's remarks:

(begin transcript)

THE WHITE HOUSE
Office of the Press Secretary
June 10, 2002

REMARKS BY HOMELAND SECURITY ADVISOR TOM RIDGE
TO THE NATIONAL ASSOCIATION OF BROADCASTERS EDUCATION FOUNDATION
2002 SERVICE TO AMERICA SUMMIT

Ronald Reagan Building
Washington, D.C.

GOVERNOR RIDGE: Thank you, Eddie. And good morning, ladies and
gentlemen. I want to thank you for this invitation to spend some time
with you this morning. I must applaud Eddie and the foundation for
extending the invitation several weeks ago. Your timing was
impeccable. (Laughter.) So I might consider to borrow your crystal
ball in the future.

But it is good to have the opportunity within a few short days after
the President announced his vision and his plan to create a
Cabinet-level Department of Homeland Security to spend some time with
this organization. So I very much appreciate the opportunity to speak
to your group at such an important time for our country.

The nine months since the terrorist attacks have been a great time to
be an American, in spite of the horror and the tragedy associated with
the attacks. We have learned so much about what this country and its
people are all about. And most of what we have learned, we have
learned through you.

Through your unblinking eyes and ears, the entire human drama was
brought into our living rooms -- the heartbreaking losses, the heroic
responses, the heartfelt prayers and words of comfort from a concerned
nation. Many of your stations offered 24-hour coverage in the days
following the attacks. And in doing so, you accepted the reality of
lost ad revenues at a time when advertising was already scarce. No
matter the cost, you continued to get the news out.

At the same time, through your efforts, broadcasters helped this
country raise in excess of $1 billion [$1 thousand million] for the
victims of 9/11 and related causes -- an extraordinary contribution in
and of itself. And you still found time to record and air PSAs [Public
Service Announcements], answering the questions all Americans had: How
can we help?

You've even won over some old critics. Apparently, a former FCC
[Federal Communications Commission] chairman about four decades ago in
a speech to your group -- a fellow by the name of Newton Minow -- was
very, very critical of the media. But recently he was reported to have
said, and I quote, Television deserves a round of gratitude from the
American people for the way they have handled this crisis. They
deserve the highest praise. But most importantly, as Americans
understand it, you did your job, keeping all of us informed and aware.

Now I think broadcasters have a new challenge, reporting on homeland
security. In many ways -- many, many ways -- this is a much more
difficult story to report. It doesn't have very good sound or visuals.
It's complicated. There are a lot of gray areas. There aren't too many
photo opportunities. It can be under-reported, breeding false
confidence, or over-reported, stoking unnecessary fears.

But it is one of the most important, if not the most important, story
of our lifetimes. It's the story of how we protect American lives and
the American way of life, the most 

[INFOCON] - NIPC Daily Report 13 June 2002

[Wanja Eric Naef [IWS]]

NIPC Daily Report 13 June 2002

The NIPC Watch and Warning Unit compiles this report to inform recipients of
issues impacting the integrity and capability of the nation's critical
infrastructures.
   .

Microsoft discloses serious flaw in Web site software. Microsoft Corp.
acknowledged a serious flaw Wednesday in its Internet server software that
could allow sophisticated hackers to seize control of Web sites, steal
information and use vulnerable computers to attack others. Microsoft made
available a free patch for customers using versions of Internet Information
Server software with Windows NT or Windows 2000 operating systems.  The
server software included in Microsoft's Windows XP operating system was not
affected by the security flaw.  A researcher with eEye Digital Security
Inc., Riley Hassell, found the Web server flaw in mid-April during testing
of eEye's own hacker-defense software, but the discovery was kept closely
guarded under an agreement with Microsoft until Wednesday.  Microsoft
described the risk to Web servers as moderate, but top experts have for
months recommended turning off the vulnerable feature, which is turned on
automatically the first time the software is installed.  Marc Maiffret, the
self-described ``chief hacking officer'' for eEye, said malicious hackers
would devise automated tools to scan the Internet and attack vulnerable
computers rather than targeting machines individually.  The same technique
was used to spread the damaging ``Code Red'' and ``Nimda'' across the
Internet last year, which infected nearly 1 million servers.  ``It could
readily be exploited with a worm,'' Maiffret said. ``It's kind of a scary
thing.'' (AP-Washington, 12 Jun)

NIPC WWU Comment: The flaw allows a remote buffer overflow in an HTR
request.  It affects MS Windows NT 4.0, IIS 4.0, and MS Windows 2000 IIS
5.0.  NIPC recommends patching affected systems as soon as possible using
the free patch provided by Microsoft.  Patch is at www.microsoft.com

Malaysia sets up cyber-warfare hub. The Malaysian Defense Ministry is
commissioning a secure network infrastructure to safeguard information from
unauthorized access.  Minister Datuk Seri Najib Razak said the ministry was
also setting up a cyber warfare center, which would look at both offensive
and defensive information operations.  Najib said that the cyber warfare
center would provide surveillance of, and protection from, cyber threats,
and if necessary, counter any threats from cyberspace.  He said development
of the network would be completed in about five years and would link all the
information databases within the Defense Ministry and the armed forces. (New
Straits Times Malaysia, 11 Jun)

Chinese software firm discovers native e-mail virus. Beijing Ruixing global
virus supervision center intercepted a domestically produced e-mail virus
they have temporarily named Chinese Hacker.  According to Ruixing, the
virus is very infectious, fast, and has the ability to bypass anti-virus
software and enter computer memory.  Furthermore, according to Ruixing, even
if anti-virus software can discover the virus, it cannot be destroyed.  The
virus infects through e-mail and, once resident on the computer memory, has
a self-start function.  The current version does not carry a destructive
payload, but if an attacker added a destructive payload to the virus, it
could pose a serious threat. (Xinhua, 11 Jun)

Area residents can comment on possible routes for a new regional power
transmission line.  Bonneville Power Administration (BPA) officials say the
500,000-volt line is needed to carry more power to rapidly growing King
County, in Washington State, or the next spell of sub-freezing winter
weather could bring brownouts or other problems. BPA earlier picked a route
along an existing BPA line through the Cedar River Watershed, which is the
source of water for most King County residents. That raised strong
objections from Seattle City officials and environmentalists, but the route
hasn't been ruled out.  (Southcountyjournal.com, 12 Jun)

Poll urges Congress to pass energy plan.  According to a recent poll
conducted on 1,000 adults at the behest of the Alliance for Energy and
Economic Growth, Americans feel more strongly about the need to enact an
energy plan now than they did last fall. More than 8 of 10 Americans polled
want Congress to pass comprehensive energy legislation now in order to
ensure stable energy supplies and strengthen national security. These
findings come as a House-Senate Conference Committee is being appointed to
resolve differences in House and Senate passed energy bills. The Alliance
for Energy and Economic Growth is a broad coalition of more than 1,300
energy producers and users, representing both large and small businesses, as
well as labor unions.  The Alliance is united in support of comprehensive
energy legislation that will increase domestic energy supplies, 

[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-080 Date: 13 June2002

[Wanja Eric Naef [IWS]]

DAILY BRIEF Number: DOB02-080 Date: 13 June 2002

NEWS

Government Department Equipment Stolen
Ottawa Police are investigating a break-in at a Citizenship and Immigration
Canada office, in which thieves stole a number of weapons, including pepper
spray canisters, batons, body armour and computers. Although the theft comes
just days before large crowds of protestors are expected to come to Ottawa
to stage protests against the G8 Summit, police had no evidence that the
theft might be connected to the Summit. According to an Ottawa police
spokesperson, the robbery looks like a regular break-in and that will be
the focus of the investigation. Stolen computers did not contain sensitive
information, according to Immigration officials. (Source: Ottawa Sun, 13
June 2002)
http://www.canoe.ca/OttawaNews/os.os-06-13-0013.html

Ontario Water Testing Lab Under Investigation
An Ontario government investigation indicates that MDS Laboratory Services,
a water-testing lab in London, Ontario, has failed to carry out proper tests
on the drinking water used by 67 communities in southern Ontario. In cases
where results may be doubtful, the government is advising waterworks to send
samples to an accredited laboratory to verify the water quality. A
spokesperson for MDS acknowledged that some problems had occurred during the
recent Ontario Public Service Employees Union strike, but that all adverse
results have been reported. (Source: CBC News, 13 June 2002)
http://www.cbc.ca/stories/2002/06/12/tainted_water020612


IN BRIEF

Peaceful Protest at G8 Foreign Ministers Meeting
A protest staged in front of the Chateau Whistler, where the G8 foreign
ministers were meeting, caused no disruption. Two of the 80 protesters were
invited into the hotel to meet with Canadian Foreign Affairs Minister Bill
Graham. (Source: CBC News, 13 June 2002)
http://vancouver.cbc.ca/template/servlet/View?filename=bc_g8noon020612

Radiation Protection Drug Sales on the Increase
Online sales of potassium iodide, a drug that mitigates potential effects
from radiation exposures, have increased in the past few days after news of
a terrorist plan to build and detonate a dirty bomb. While the drug may
prevent the body from absorbing radioactive iodine, which causes several
forms of cancer, it would not protect people from other dangers such as
gamma radiation, according to a media report. Sales of fallout shelters have
apparently increased as well. (Source: CNet News.com, 12 June 2002)
http://news.com.com/2100-1023-935471.html?tag=fd_top


CYBER UPDATES
See: What's New for the latest Alerts, Advisories and Information Products

Threats

Symantec reports on Backdoor.FTP_Bmail, which is a Trojan horse that
disguises itself as a FTP downloader for e-mail software.
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ftp_bmail.h
tml


Trend Micro reports on WORM_WORTRON.10B, which is a worm generated by
TROJ_WORTRON.10B that propagates via e-mail.
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_WORTRON.
10B


Trend Micro reports on TROJ_WORTRON.10B, which is a Trojan horse and Worm
Generator that can run on any Windows platform.
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_WORTRON.
10B

Vulnerabilities

CERT/CC reports on a vulnerability in Novell NetWare 5.1 that could allow a
remote attacker to gain access to sensitive information about the server's
configuration and passwords. Follow the link for details.
http://www.kb.cert.org/vuls/id/159203


CERT/CC reports on remotely exploitable buffer overflow vulnerabilities in
America Online's Instant Messenger (AIM) that cause a denial-of-service.
Follow the link for details.
http://www.kb.cert.org/vuls/id/912659
http://www.kb.cert.org/vuls/id/259435


CERT/CC reports on a vulnerability in Apache Tomcat web server that could
allow a remote attacker to gain sensitive information about the server's
configuration. Follow the link for details.
http://www.kb.cert.org/vuls/id/116963


SecurityFocus reports on a denial-of-service vulnerability in X-Windows. No
known patch is available at this time.
http://online.securityfocus.com/bid/4966/discussion/


SecurityFocus reports on vulnerabilities in the Seanox DevWex Windows binary
version that could allow a remote attacker to view arbitrary web-readable
files, to execute arbitrary attacker-supplied instructions with the
privileges of the webserver process (normally SYSTEM), or to cause the
server to crash. View the Solution tab for upgrade information.
http://online.securityfocus.com/bid/4978/discussion/
http://online.securityfocus.com/bid/4979/discussion/


SecurityFocus reports on a SQL injection vulnerability in Lokwa BB that
could allow a remote attacker to view sensitive information and possibly
access and reply to arbitrary private messages. No known patch is available
at this time.
http://online.securityfocus.com/bid/4981/discussion/


SecurityFocus reports on a vulnerability in W-Agora that could allow a
remote 

[INFOCON] - NIPC Daily Report 14 June, 2002

[Wanja Eric Naef [IWS]]

NIPC Daily Report 14 June, 2002

The NIPC Watch and Warning Unit compiles this report to inform recipients of issues 
impacting the
integrity and capability of the nation's critical infrastructures.

Press Release - FBI, SBA and Commerce Department Form Alliance to Promote Information 
Technology
Security for America's Small Businesses.  The nation's small businesses will have 
better access to
computer and information technology security resources, and be able to assess their 
information
security needs.  The National Infrastructure Protection Center (NIPC), the Federal 
Bureau of
Investigation (FBI), the U.S. Small Business Administration (SBA), and the Commerce 
Department's
National Institute of Standards and Technology (NIST) signed a partnership agreement 
on 13 June.
The agreement speaks to providing computer and information technology security to help 
small
businesses across the nation safeguard their information systems.  The interagency 
agreement was
signed at the NIPC's Second Annual InfraGard National Congress in Niagara Falls, NY, 
and will serve
to promote computer protection and security for America's small businesses and to 
identify
information security vulnerabilities. (NIPC, Dept. of Commerce, Small Business Assoc., 
13 Jun)

First JPEG Virus Not a Threat.  Anti-virus firms have discovered a Windows virus that 
infects JPEG
image files, though the chances of it causing a major security risk any time soon are 
close to zero.
W32/Perrun, as Networks Associates Inc. named the virus, was assessed as low risk, and 
has not been
found in the wild. It is believed to be the first of its kind, said Vincent 
Gullotto. It's not a
danger, but it shows that virus writers are looking at other methods of infection. In 
the last
year, virus writers have started using other file types, such as PDFs and Flash 
animations, to
spread viruses. Sending infected JPEGs to other, uninfected computers will not infect 
a computer,
NAI confirmed. Image files do not have the ability to execute malicious code, so 
simply viewing a
JPEG, without the infector running on the same machine, will not have any effect, 
other than slowing
the machine down while the installed anti-virus software is scanning.  
(Computerwire.com, 14 Jun)

Panel oks terror data sharing bill. The House Judiciary Committee approved a bill that 
would let the
FBI and CIA share classified information about terrorist threats, with state and local 
police.  The
bill, known as the Homeland Security Information Sharing Act, HR 4598, would allow 
classified
information to be given to state and local first responders after data about sources 
and methods of
intelligence collection were removed. The information would be issued via law 
enforcement
telecommunications systems.  (ComputerUser.com 14 Jun)

Feds Stockpile Anti-Radiation Pills. Federal agencies in Washington ordered 350,000 
potassium iodide
pills this week to protect people from cancer caused by radioactive iodine. The 
agencies are
stockpiling the pills in case of a nuclear event.  (Associated Press, 13 Jun)

Petronas buys Indonesian oil producer.  Malaysia's state oil and gas company, 
Petronas, has
purchased U.S. firm Kerr-McGee Corporation's Indonesian subsidiary for $170 million. 
Kerr-McGee
Indonesia's (KMI) oil and gas properties include a 30 percent non-operating interest 
in the Jabung
block on Sumatra Island, which is scheduled to supply gas to Singapore. The 
acquisition of KMI
marks a significant extension of Petronas' activities in Indonesia, providing it with 
its first oil
production capability in the country, the Malaysian firm said.  Gas flow from the 
Jabung block is
due to start the third quarter of next year at an initial rate of 68 million standard 
cubic feet per
day (mmscfd), with a plateau rate of 135 mmscfd by 2009.  (Reuters, 14 Jun)

RM




IWS INFOCON Mailing List
 IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-082 Date: 14 June2002

[Wanja Eric Naef [IWS]]

OCIPEP DAILY BRIEF Number: DOB02-082 Date: 14 June 2002

NEWS

OCIPEP Issues Advisory - New Worm-Frethem.E
OCIPEP has issued Advisory AV02-031 concerning a variant of the Frethem worm that is 
spreading in
the wild. Frethem.E contains its own SMTP engine and mails copies of itself to 
addresses in the
Microsoft Windows address book and Outlook Express mail storage files.

Comment: Advisory AV02-031 can be viewed at:
http://www.ocipep-bpiepc.gc.ca/emergencies/advisories_e.html

Explosion at U.S. Consulate in Pakistan
Eight people were killed and 40 others wounded when a suspected suicide car bomber 
detonated an
explosion outside the U.S. Consulate in Karachi. As well, the powerful explosion 
destroyed a
boundary wall, shattered windows and left a large crater outside the building. All of 
the dead were
Pakistani and most casualties were sustained by individuals on motorcycles and in cars 
near the site
of the explosion. Eleven French nationals and three Pakistanis were killed last month 
by a car bomb
in Karachi, and Pakistani police suspect that the bombing was carried out in response 
to Pakistan's
decision to ally itself with the U.S.-led war on terrorism. (Source: CNN, 14 June 2002)
http://edition.cnn.com/2002/WORLD/asiapcf/south/06/14/karachi.blast/index.html

Report: Canada Put At Risk by U.S. Ties
The Canadian Security Intelligence Service (CSIS) report to Parliament yesterday noted 
that Canada's
military alliance, proximity and close relationship with the U.S. put Canada at risk 
of being
targeted directly or indirectly by a terrorist network. The report stated that Canada 
could become
a potential staging ground for terrorist attacks. (Source: Globe and Mail, 13 June 
2002)
http://www.theglobeandmail.com/servlet/GIS.Servlets.HTMLTemplate?tf=tgam/search/tgam/SearchFullStory
.htmlcf=
tgam/search/tgam/SearchFullStory.cfgconfigFileLoc=tgam/configencoded_keywords=CSISoption=start_r
ow=
1current_row=1start_row_offset1=num_rows=1search_results_start=1

Comment: The complete CSIS report can be viewed:
http://www.csis-scrs.gc.ca/eng/publicrp/pub2001_e.html

Border Security Bypassed by G8 Protestors
Activists have provided instructions on a web site that could assist individuals to 
transport gas
masks, pepper spray and handcuffs across the border, without having to carry them 
across in person.
American activists are urging protestors to mail items to Canada rather than risk 
having them
confiscated by border security. (Source: Calgary Herald, 14 June 2002)
http://www.canada.com/calgary/

Canadian Border Guards Receive Radiation Detectors
In an effort to stem the transportation of radiological materials across the 
U.S.-Canadian border,
all 3,600 Canadian customs officials will be outfitted with sophisticated Geiger 
counters. This
equipment will alert officials to the presence of radiological materials that could be 
used in the
fabrication of so called dirty bombs. (Source: National Post, 13 June 2002)
http://www.canada.com/news/story.asp?id={2D938AA2-4D07-40E0-B3D2-6946128C850B}

IN BRIEF

Microsoft Issues Patches
Four recently discovered security vulnerabilities prompted Microsoft Corporation to 
issue three
security bulletins on June 12. One of the vulnerabilities, affecting Windows NT, 
Windows 2000 and
Windows XP, was rated as critical. (Source: Microsoft, 13 June 2002)

Comment: The three bulletins can be viewed at:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-029.asp
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-028.asp
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-030.asp

Flooding in Southeast Manitoba
Heavy rain has caused severe flooding in the southeast portion of Manitoba. 
Approximately 240
millimetres of rain has fallen since June 10, causing the worst flooding this area has 
seen in 45
years. Several communities have declared a state of emergency, and several roads and 
highways have
been closed.

Comment: For updates on this incident and others, click on the Incident Mapping button 
at the top of
the Daily Brief.

CYBER UPDATES
See: What's New for the latest Alerts, Advisories and Information Products

Threats

Symantec reports on Backdoor.Crat, which is a Trojan horse written in Delphi and 
compressed with
Ezip.
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.crat.html


McAfee Security reports on W32/Perrun, which is an appending JPEG infecting virus.
http://vil.nai.com/vil/content/v_99522.htm

Vulnerabilities

Securiteam reports on buffer overflow vulnerabilities in the Oracle Net Listener and 
Report Server
that could allow a remote attacker to gain complete control of a machine running the 
Oracle 9i
Database. Follow the link for details.
http://www.securiteam.com/securitynews/5OP0E0U7FI.html
http://www.securiteam.com/securitynews/5PP0F0U7FA.html


CERT/CC reports on a cross-site scripting vulnerability in Snitz Forums 2000 that 

[INFOCON] - UNIRAS Briefing - 187/02 - Microsoft - CumulativePatches for Excel and Word for Windows (MS02-031)

[Wanja Eric Naef [IWS]]

-Original Message-
From: UNIRAS (UK Govt CERT) 
Sent: 20 June 2002 12:25
To: Undisclosed Recipients
Subject: UNIRAS Briefing - 187/02 - Microsoft - Cumulative Patches for
Excel and Word for Windows (MS02-031)


 
-BEGIN PGP SIGNED MESSAGE-

- --
   UNIRAS (UK Govt CERT) Briefing Notice - 187/02 dated 20.06.02  Time: 11:30
 UNIRAS is part of NISCC(National Infrastructure Security Co-ordination Centre)
- -- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
 Information about NISCC is available from www.niscc.gov.uk
- --

Title
=

Microsoft Security Bulletin - MS02-031:

Cumulative Patches for Excel and Word for Windows 

Detail
== 

- -BEGIN PGP SIGNED MESSAGE-

- - --
Title:  Cumulative Patches for Excel and Word for Windows 
(Q324458)
Date:   19 June 2002
Software:   Microsoft Office for Windows
Impact: Run Code of Attacker's Choice
Max Risk:   Moderate
Bulletin:   MS02-031

Microsoft encourages customers to review the Security Bulletin at: 
http://www.microsoft.com/technet/security/bulletin/MS02-031.asp.
- - --

Issue:
==
This is a set of cumulative patches that, when applied, applies all
previously released fixes for these products. 

In addition, these patches eliminate four newly discovered
vulnerabilities all of which could enable an attacker to run Macro
code on a user's machine. The attacker's macro code could take
any actions on the system that the user was able to. 

 - An Excel macro execution vulnerability that relates to how inline
   macros that are associated with objects are handled. This
   vulnerability could enable macros to execute and bypass the
   Macro Security Model when the user clicked on an object in
   a workbook.  

 - An Excel macro execution vulnerability that relates to how macros
   are handled in workbooks when those workbooks are opened via a
   hyperlink on a drawing shape. It is possible for macros in a
   workbook so invoked to run automatically. 

 - An HTML script execution vulnerability that can occur when
   an Excel workbook with an XSL Stylesheet that contains HTML
   scripting is opened. The script within the XSL stylesheet
   could be run in the local computer zone. 

 - A new variant of the Word Mail Merge vulnerability first
   addressed in MS00-071. This new variant could enable an
   attacker's macro code to run automatically if the user had
   Microsoft Access present on the system and chose to open a
   mail merge document that had been saved in HTML format.

Mitigating Factors:

Excel Inline Macros Vulnerability: 

 - A successful attack exploiting this vulnerability would require
   that the user accept and open a workbook from an attacker and
   then click on an object within the workbook. 

Hyperlinked Excel Workbook Macro Bypass: 

 - A successful attempt to exploit this vulnerability would require
   that the user accept and open an attacker's workbook and click on
   a drawing shape with a hyperlink. 

 - An attacker's destination workbook would have to be accessible to
   the user, either on the local system on an accessible network
   location. 

Excel XSL Stylesheet Script Execution: 

 - A user would have to accept and open an attacker's workbook to
   exploit this vulnerability. 

 - In addition, the user would have to acknowledge a security
   warning by selecting the non-default option. 

Variant of MS00-071, Word Mail Merge Vulnerability: 

 - The Word mail merge document would have to be saved in HTML
   format. As Word is not the default handler for HTML
   applications, the user would have to choose to open the document
   in Word, or acknowledge a security warning. 

 - A successful attack requires that Access be installed locally. 

 - The attacker's data source has to be accessible to the user 
   across a network.

Risk Rating:

 - Internet systems: Low
 - Intranet systems: Low
 - Client systems: Moderate

Patch Availability:
===
 - A patch is available to fix this vulnerability. Please read the 
   Security Bulletin at
   http://www.microsoft.com/technet/security/bulletin/ms02-031.asp
   for information on obtaining this patch.

Acknowledgment:
===
 - Darryl Higa for reporting the Excel Inline Macros and 
   Hyperlinked Excel Workbook Macro Bypass vulnerabilities. 

 - The dH team and SECURITY.NNOV team (http://www.security.nnov.ru/)
   for reporting the variant of MS00-071.

- - -

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS 

[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-096 Date: 5 July 2002

[Wanja Eric Naef [IWS]]

DAILY BRIEF Number: DOB02-096 Date: 5 July 2002

http://www.ocipep.gc.ca/DOB/DOB02-096_e.html

NEWS

Ontario Names Canada's First Anti-Terror Chief
Dr. James Young was appointed to the new position of Ontario Commissioner of
Public Security yesterday. Dr. Young's duties include ensuring that the province
is ready to respond to a terrorist strike, coordinating emergency response with
U.S. and federal officials, and completing a survey of Ontario's critical
infrastructure. Ontario is the first province in Canada to create such a
commissioner. (Source: National Post, 4 July 2002)
Click here for the source article


Severe Storm Hits New Brunswick and Prince Edward Island
New Brunswick was hit by a powerful thunder storm Thursday afternoon. Police are
calling it a tornado, but Environment Canada has yet to confirm it. The storm
caused damage to physical property but no injuries have been reported. (Source:
CBC.ca, 5 July 2002)
Click here for the source article


Comment: New Brunswick Power says the storm left close to five thousand people
without electricity across the northern half of the province. Many power outages
were also reported in Prince Edward Island and 72 millimetres of rain caused
some flooding.

Evacuation in Labrador Continues
Uncontrolled fires threatening Northwest River and Sheshatshiu kept two thousand
people from returning to their homes last night. Officials say that the fire
will be assessed again on Friday morning, but that the state of emergency won't
be lifted before then. (Source: CBC.ca, 4 July 2002)
Click here for the source article

IN BRIEF

Two Killed in Attack at Los Angeles Airport
A gunman killed two people at the ticket counter of Israeli airline El Al at the
Los Angeles airport before being killed by security officers. The FBI maintains
that it is too early to call the attack a terrorist act. (Source: CBC.ca, 5 July
2002)
Click here for the source article

Long-Range Weather Predictions Lack Accuracy
A study has shown that Environment Canada's weather forecasts five days into the
future were accurate just 13 per cent of the time. This contrasts with same-day
forecasting that was 72 per cent accurate. Environment Canada says that
forecasting is more accurate now than it was ten years ago. (Source: CBC.ca, 5
July 2002)
Click here for the source article

Comment: Natural hazards, rather than human threats, have historically caused
the greatest amount of damage and disruption to critical infrastructures (CI) in
Canada. Severe weather has also necessitated extensive emergency management (EM)
responses. More accurate weather forecasting would increase the effectiveness of
risk management strategies for CI and EM.

Falun Gong Hack Chinese Satellite Broadcasts
On June 25, the Falun Gong successfully hacked into satellite television
broadcasts in China's Shandong province and transmitted a banner reading 'Falun
Gong is good' to local televisions during prime time. (Source: VNUNET.com, 1
July 2002)
Click here for the source article

CYBER UPDATES
See: What's New for the latest Alerts, Advisories and Information Products

Threats

Symantec reports on Backdoor.Assasin, which is a Trojan horse that allows
unauthorized access to the infected computer. This Trojan also attempts to
terminate the processes of many executables, including various firewall and
antivirus programs.
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.assasin.html

Vulnerabilities

SecurityFocus posts an HP report on a local denial-of-service vulnerability in
HP-UX 11.11 DCE Client IPv6. View the Solution tab for patch information.
http://online.securityfocus.com/bid/5143/discussion/


SecurityFocus provides a report on vulnerabilities in multiple versions of
Linux-Mandrake kernel 2.2 and 2.4. Follow the link for upgrade information.
http://online.securityfocus.com/advisories/4262


SecurityFocus reports on a remote paragraph tag script injection vulnerability
in Slashcode 2.2. View the Solution tab for upgrade information.
http://online.securityfocus.com/bid/5140/discussion/

Tools
There are no updates to report at this time.

CONTACT US

For additions to, or removals from the distribution list for this product, or to
report a change in contact information, please send to:
Email: [EMAIL PROTECTED]

For urgent matters or to report any incidents, please contact OCIPEP’s Emergency
Operations Centre at:

Phone: (613) 991-7000
Fax: (613) 996-0995
Secure Fax: (613) 991-7094
Email: [EMAIL PROTECTED]

For general information, please contact OCIPEP’s Communications Division at:

Phone: (613) 991-7035 or 1-800-830-3118
Fax: (613) 998-9589
Email: [EMAIL PROTECTED]
Web Site: www.ocipep-bpiepc.gc.ca

Disclaimer
The information in the OCIPEP Daily Brief has been drawn from a variety of
external sources. Although OCIPEP makes reasonable efforts to ensure the
accuracy, currency and reliability of the content, OCIPEP does not offer any
guarantee in that regard. The links provided are solely for the convenience of

[INFOCON] - OCIPEP Daily Brief Number: DOB02-108 Date: 23 July2002

[Wanja Eric Naef [IWS]]

http://www.ocipep.gc.ca/DOB/DOB02-108_e.html

DAILY BRIEF Number: DOB02-108 Date: 23 July 2002

NEWS

OCIPEP Issues Advisory - PHP Vulnerability
OCIPEP released Advisory AV02-037 today to bring attention to a vulnerability in
versions 4.2.0 or 4.2.1 of PHP. PHP is an HTML-based scripting language commonly
used by web servers, databases and many other applications. The vulnerability
can allow a remote attacker to cause a denial-of-service and possibly execute
arbitrary code on the local system.

Canada, U.S. Tighten Border Security
Canada and the U.S. announced yesterday that they will put in place five new
joint security teams to tighten border security. The announcement came at a
cross-border crime forum in Banff, Alberta, where 100 law enforcement officials
from both sides of the border were meeting, along with U.S. Attorney General
John Ashcroft and Canada's Solicitor General Lawrence MacAulay. The Integrated
Border Enforcement Teams (IBETs) will operate in Ontario and Quebec, but
MacAulay said that the teams can and will move. The multi-agency IBETs are made
up of police, customs and immigration officials and work with local, state and
provincial law authorities. Although, IBETs were first created in 1996, their
development has taken on new urgency following September 11. The federal
government has set aside $135 million over five years for a total of 14 teams.
(Source: CBC News, 23 July 2002)
Click here for the source article


Comment: The IBETs created this week cover the areas of Valleyfield, Champlain
and the eastern regions of Quebec, as well as the Thousand Islands area in
Ontario. Media sources do not disclose information about the number or location
of IBETs that existed before yesterday's announcement.

U.S. Energy Infrastructure Security Report
The United States Energy Association (USEA), an association of energy industry
groups, released a report called the National Energy Security Post 9/11, which
examines the vulnerabilities of U.S. energy supply and infrastructure, and makes
recommendations for future policy decisions. The report considers the security
of exploration, transmission, production, generation, distribution, and storage
facilities for petroleum, natural gas, coal, nuclear energy, and electricity.
The report also concluded that a single federal agency should administer U.S.
energy infrastructure security.

Comment: The report does not suggest which single agency should administer U.S.
energy infrastructure security. Copies of the report can be viewed at:
http://www.usea.org/USEAReport.pdf.

Israel Blocks Palestinian Internet Service Provider
Israeli Defense Forces (IDF) troops took over the offices of Palnet, the leading
Palestinian Internet service provider, shutting down the firm's operations. The
move reduced Internet access to a trickle in the West Bank and Gaza. The strike
is part of a larger effort by the Israeli military to disable the Palestinians'
communications and media infrastructure. The IDF has recently alluded to the
ways in which terrorists are using the Internet to plot and plan. In June, the
IDF posted to its web site a discussion allegedly taken from the Hamas site in
which members debated whether arsenic, rat poison or cyanide would be most
effective in killing Americans. (Source: Wired News, 18 July 2002)
Click here for the source article


Comment: The cessation of Palnet services may lessen the ability of hackers that
use Palnet to threaten public and private IT systems viewed as pro-Israeli or
based in states that are viewed as pro-Israeli. Alternatively, however, the IDF
action may prompt sympathetic attacks on IT systems perceived as pro-Israeli
from pro-Palestinian hackers that operate outside Palnet.

IN BRIEF

National System Sought for U.S. Emergency Preparedness
Under President Bush's national strategy for emergency preparedness and
response, the proposed Department of Homeland Security would build and oversee a
comprehensive national system for incident management, which would clarify the
roles of federal, state and local agencies in responding to terrorist attacks or
natural disasters. (Source: FCW.COM, 22 July 2002)
Click here for the source article


Anti-Israeli Hacker Defaces U.S. Army Site
An attacker defaced a page on the U.S. Army Research Laboratory's web site
Friday with a message criticizing the military organization for supplying
weapons to Israel. (Source: Extreme Tech, 29 July 2002)
Click here for the source article


Broadband Usage to Increase
A report by In-Stat says that broadband Internet subscriptions will increase by
16 million in a year, bringing the total number of people in the world with fast
Internet access to more than 46 million by the end of the year. (Source: BBC
News, 23 July 2002)
Click here for the source article






CYBER UPDATES
See: What's New for the latest Alerts, Advisories and Information Products

Threats

Symantec reports on W32.Kitro.E.Worm, which is a worm that inserts a VB Script
on the computer 

[INFOCON] - NIPC Daily Report 07/23/02

[Wanja Eric Naef [IWS]]

NIPC Daily Report 07/23/02

Are hacking defenses winning the war? The Computer Emergency Response Team
(CERT) states that cybercrime is on the rise and that 26,800 incidents were
reported during the first six months of 2002. The methods that hackers use
to attack computers have improved over the past year. Malware tools combined
with other hacker tools represent a significant threat to Web services and
have become an intrinsic part of the Internet. Denial of service (DoS)
attacks are still the most common threat. These DoS attacks utilize numerous
systems to target a domain. The Web services are a vulnerable, yet critical
business service, and exploitation of these services could lead to revenue
loss. (NewsFactor, 18 Jul)

The year of the Web worm. The Internet was hit by the Code Red worm in 2001,
and the effects have caused many experts to fear that malware could cripple
the Internet. This fear rose with an Internet traffic slow-down that
initially was attributed to rising worm infections. The slow-down is
believed to have been caused by a train crash in Baltimore, MD that cut
communication cables. Still, the major outbreak of Code Red has not caused
the Internet to become more secure, and more known vulnerabilities have
surfaced this year than last year at this time. In addition, the theoretical
Warhol worm is also intensifying fears that the Internet may be crippled
with proliferation of malware that can spread almost instantaneously. (BBC,
19 Jul)

WWU Comment: Although the Internet traffic slow-down is believed to have
been caused by a train crash in Baltimore, MD and not malware, this is
indicative of the potential for coordinated, compound cyber and physical
attacks, referred to as swarming attacks, that is an emerging threat to US
critical infrastructure.

Fire department reviewing procedures. The New York City Fire Department is
conducting a major review of its procedures.  The study of departmental
procedures, due out in August 2002, is expected to propose roughly two dozen
far-reaching changes in light of the terrorist attacks. The findings are
closely guarded, but experts interviewed for the study said they have
discussed different evacuation techniques such as rooftop rescues, the need
to protect senior officers by keeping them farther from the scene of a
catastrophe, and the importance of tighter, more disciplined command
procedures. (Associated Press, 22 Jul)

Boeing awarded $23 million FAA air security contract. The Federal Aviation
Administration (FAA) awarded Boeing Co. with a $23 million, 21-month
contract on 17 July 2002 to investigate merging air traffic control and
communication technologies to increase security. The FAA hopes to provide
air traffic controllers and security personnel with timely information about
the status of in-flight aircraft.  Boeing will incorporate satellite
technology and Connexion, in-flight Internet service, into its research.
(Forbes, 18 Jul)



IWS INFOCON Mailing List
 IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - NIST Draft on Wireless Network Security: 802.11,Bluetooth, and Handheld Devices

[Wanja Eric Naef [IWS]]

[It looks really good and it is high time that such document is published
to create more awareness about 'wireless insecurity'. WEN]

The Computer Security Division (CSD) of the National Institute of Standards and
Technology (NIST - http://www.nist.gov/) has posted draft Special Publication SP
800-48 Wireless Network Security: 802.11, Bluetooth, and Handheld Devices on
the Computer Security Resource Center (CSRC - http://csrc.nist.gov/) web site
for public comment (or go to the CSRC Drafts publications page:
http://csrc.nist.gov/publications/drafts.html). The draft document examines the
benefits and security risks of 802.11 Wireless Local Area Networks (WLAN),
Bluetooth Ad Hoc Networks, and Handheld Devices such as Personal Digital
Assistants (PDA). The document also provides practical guidelines and
recommendations for mitigating the risks associated with these technologies.
NIST is particularly interested in comments on the technical and operational
countermeasure recommendations. Questions or comments on this document can be
emailed to Tom Karygiannis at [EMAIL PROTECTED] NIST will be accepting comments
on this document until September 1, 2002.




IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-110 Date: 25 July2002

[Wanja Eric Naef [IWS]]

DAILY BRIEF Number: DOB02-110 Date: 25 July 2002

http://www.ocipep.gc.ca/DOB/DOB02-110_e.html

NEWS

Possible Lessons for Ottawa from September 11
Ottawa's fire, police and ambulance branches rely on telephones for
inter-service communication. Steve Kanellakos, the city's manager of emergency
protective services, says that this is a problem and would like to see the three
services sharing a single communications centre with a common radio system.
(Source: Ottawa Citizen, 25 July 2002)
Click here for the source article


Comment: Recent media reports concerning the response of emergency personnel on
September 11 to the World Trade Center state that a lack of communications
between fire and police services may have led to the deaths of many
firefighters.


IN BRIEF

Web TV Users Rerouted to 911 Services
An e-mail with the subject line NEAT has led Web TV users to download a
program that re-sets their dial-up number to call 911 emergency services.
(Source: CNET News.com, 23 July 2002)
Click here for the source article


Asteroid Monitored for Potential Impact with Earth
Astronomers are monitoring a newly sighted two-kilometre-wide asteroid after
initial calculations suggested that there is a chance it could hit the Earth.
NASA's Near Earth Object program ranked the asteroid as meriting careful
monitoring, but not concern. (Source: CBC News, 24 July 2002)
Click here for the source article


Survey: Major Cyber Attack Very Likely
A recent survey conducted by the Business Software Alliance concluded that
nearly half of the U.S. security professionals surveyed believe that a major
cyber attack will happen in the coming year. The survey indicates that only 19
percent of businesses in the U.S. have taken the necessary precautions for a
major Internet attack and that 45 percent were unprepared. (Source: CNET
News.com, 24 July 2002)
Click here for the source article


Comment: The report, U.S. Business Cyber Security Study, can be viewed at:
http://www.bsa.org/security/resources/1


Public Safety Wireless Network Conference Report
The ninth annual LI NYC (Long Island/NYC) Emergency Management Conference
reviewed the events of 11 September 2001 in New York City. The subsequent report
highlights, among other themes, the ways in which increased interoperability of
wireless networks can save lives. The report can be viewed at:
http://www.pswn.gov/library/docs/lessons_WTC.doc

Scientist to Market Hacker-Proof Hard Disk
A Japanese scientific researcher claims that a new hard drive with two heads may
make it impossible for hackers to access and rewrite data on systems. (Source:
PC WORLD.COM, 22 July 2002)
Click here for the source article

Comment: The hard disk is not going to stop all types of web site defacements or
exploits. For example, Code Red did not access the hard-disk, it changed the web
sites' home pages in the system memory.


Pentagon Relinquishes Wireless Frequencies
The Pentagon has agreed to shift some military communications to other
frequencies, freeing up space for advanced mobile phones and other wireless
products. (Source: CNN.com, 24 July 2002)
Click here for the source article






CYBER UPDATES
See: What's New for the latest Alerts, Advisories and Information Products

Threats

Sophos reports on WM97/Pri-AE, which is a Word 97 Macro virus that propagates
via Outlook e-mail. It arrives with the subject line Message From username
and the message body This document is very Important and you've GOT to read
this !!!. http://sophos.com/virusinfo/analyses/wm97priae.html


Trend Micro reports on WORM_URICK.A, which is a worm that propagates via Outlook
e-mail. It arrives with the subject line A Windows Trick and the attachment
%Variable filename%.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_URICK.A


Computer Associates reports on Assilem.M, which is a Word97 and 2000 macro virus
that does not have an overly destructive payload. On the 23rd of any month, it
displays a Chinese message.
http://www3.ca.com/virusinfo/virus.asp?ID=12628

Vulnerabilities

SecurityFocus reports on a remotely exploitable vulnerability in PHP Interpreter
versions 3.0 thru 4.2.2 that could allow an attacker to cause a
denial-of-service. No known patch is available at this time.
http://online.securityfocus.com/bid/5280/discussion/


CERT/CC reports on a remotely exploitable buffer overflow vulnerability in Sun
iPlanet and ONE Web Servers' search engine versions 4.1  6.0 that could allow
an attacker to execute arbitrary code on the system. Follow the link for patch
information.
http://www.kb.cert.org/vuls/id/612843


SecurityFocus reports on a locally exploitable vulnerability in Sun PC NetLink
1.0, 1.1 and 1.2 that could allow an attacker to gain access to sensitive files.
View the Solution tab for a workaround.
http://online.securityfocus.com/bid/5281/discussion/
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F27807


Additional vulnerabilities were reported in the following products:


Pablo 

[INFOCON] - Special NCMS Report - Business Continuity Planning

[Wanja Eric Naef [IWS]]

[I would recommend to read the Business Continuity Planning
interview with David Spinks as David is very knowledgeable 
in this area. http://trust.ncms.org/interviewCO0702.htm WEN]

To: MfgTrust; MfgTrustIG
Subject: Special NCMS Report - Business Continuity Planning

Dear NCMS Alliance Partners:
We thought this month's Corner.Office article, interview, and resources
pages on Business Continuity Planning were especially relevant to the theme
of the NCMS InfraGard Manufacturing Industry Association. So, we decided to
share them with you this month, and not restrict distribution to members
only, as is the usual case with Corner.Office features. 

You are invited to view the article below. To access the accompanying expert
interview and Resources pages on Business Continuity Planning, please go to
http://trust.ncms.org, Publications Index tab.

John Sheridan


July 2002 Corner.Office

Corner.Office is a monthly exclusive members-only feature of the 
NCMS InfraGard Manufacturing Industry Association
Infrastructure assurance for manufacturers
Powered by NCMS


This month -BUSINESS CONTINUITY PLANNING (BCP)
A safety net for businesses 


Editor's Preface
Every business faces minor downtimes, and major unknowns; hence it is
important to have plans in place which guarantee business contingency.
Before the September 2001 attack on America quite a few business people said
that they saw BCP as an inefficient use of resources, i.e. an expenditure
which does not bring any return on investments. But statistics tell a
different story, and events like 9-11 serve as drastic reminders that it is
vital for every company to have plans in place to ensure business
continuity, and the continuity of our suppliers and logistics - especially
as globalization and our interdependence continues to grow. BCP cost
relatively little in comparison what the company could potentially lose in a
major incident. Therefore it seems highly prudent that organizations of all
sizes seriously research and develop a plausible and efficient BCP.

This month's Corner.Office features a special in-depth interview with David
Spinks, Director - Information Assurance for Europe, Middle East and Africa
at EDS (http://www.eds.com). He is responsible for EDS' portfolio of
Information Assurance services across all those markets. Mr. Spinks is also
chairman of the E-commerce Security Special Interest Group, an active member
of the Guild of Security Controllers, a member of the British Computer
Society Committee and co-author of the guide E-commerce - a World of
Opportunity. He has spoken to audiences all over the world on subjects such
as the impact of e-commerce on the supplier chain, business continuity
planning after year 2000 and information security: the real threats.

Because we thought this article, interview, and resources pages were
especially timely and relevant, we will be sharing them broadly this month.
Thus, you will find these materials posted on our public web site
(http://trust.ncms.org, Publications Index tab), and not just on the NCMS
members-only site.  

 John Sheridan ([EMAIL PROTECTED])


BUSINESS CONTINUITY PLANNING 


According to the Info Security News Magazine (2000), an effective BCP and
disaster recovery plan can reduce losses by 90% in the event of an incident.
According to another study 81% of CEOs indicated their company plans would
not be able to cope with a catastrophic event like the September 2001
attacks. 

There are numerous examples of companies suffering due to poor Business
Contingency Planning.  In the 1993 World Trade Center bombing, 150 companies
went out of business (out of 350 affected)-scarcely an encouraging
statistic. But an incident does not need to be a dramatic terrorist attack
to have a massive impact on an organisation.  For instance, in the case of
fires, 44% of businesses fail to reopen and 33% of these failed to survive
beyond 3 years. The examples could be continued endlessly. The bottom line
is businesses need to have plans in place to cope with incidents (whether
they be major terrorist attacks or a minor hardware problem) and thereby
avoid major business interruptions.
 

The Business Continuity Management Process

Before even starting to create a Business Continuity Plan it is of vital
importance to get the full support of the management and governance of your
organization. Without it will be very difficult push BCP plans through the
entire company.  Furthermore directors should be involved in the strategic
design of the BCP as it will help to create a realistic plan which will be
focused on the business interests of the company. 

After that one should start to man the team which will be responsible for
designing the BCP and to initiate the business continuity management
process. This is important as the team will serve as central focus point
during the entire Business Continuity Management Process. It is also
important to set a time scale for the BCP 

[INFOCON] - US Joint experiment explores future warfare

[Wanja Eric Naef [IWS]]

We're forward thinking and forward looking. We're trying to harness the power
of information and information sphere technologies to better prepare the U.S.
Joint Forces for war about five years from now, he said. During Spiral 3, held
the first two weeks in June, military members from all service branches worked
together, planning and becoming familiar with the computer-based tools linked
to the simulation.

One of the experiment's objectives is obtaining information superiority over an
adversary. The goal is to rapidly access, share and process information in order
to develop plans and execute them -- almost simultaneously. The computer-based
tools make that possible.

[Information superiority is certainly important, but what is more important is
to translate Information Superiority into Decision Superiority as in this will
give the US forces an enormous advantage over the enemy. WEN]

-Original Message-
From: ARMY LINK NEWS LIST
ArmyLINK News Story
Sent: 30 July 2002 15:22
To: [EMAIL PROTECTED]
Subject: Joint experiment explores future warfare

by Master Sgt. Debra Bingham

Joint experiment explores future warfare
by Master Sgt. Debra Bingham


SUFFOLK, Va. (Army News Service, July 30, 2002) -- There's an experiment
underway at the U.S. Joint Forces Command at Suffolk, Va., and dozens of
locations around the country, but you won't find any test tubes or beakers in
this laboratory.

The experiment, Millennium Challenge 2002, is designed to simulate a realistic
battlefield in the year 2007.

Part of a Department of Defense-wide transformation process, MC02 will explore
new methods of planning, organizing and fighting in a joint service environment,
officials said.

The MC02 experiment is taking place at 17 simulation sites and nine live sites
across the country. It's the largest joint military experiment and exercise of
its kind in history, with more than 13,500 military and civilian personnel
participating. MC02 runs July 24-Aug 15.

Lt. Gen. B.B. Bell, Commanding General of III Corps and Fort Hood, is wearing a
different hat during MC02. He's serving as the commander of the Joint Task Force
Headquarters. About 200 soldiers from Fort Hood, Texas, worked with Bell at
Suffolk prior to the exercise start for a final planning and rehearsal exercise
called Spiral 3.

Bell said he is excited about the role Fort Hood soldiers are playing in helping
the U.S. Joint Forces Command and Department of Defense explore innovative
concepts for battle and command and control.

We're forward thinking and forward looking. We're trying to harness the power
of information and information sphere technologies to better prepare the U.S.
Joint Forces for war about five years from now, he said.

During Spiral 3, held the first two weeks in June, military members from all
service branches worked together, planning and becoming familiar with the
computer-based tools linked to the simulation.

One of the experiment's objectives is obtaining information superiority over an
adversary. The goal is to rapidly access, share and process information in order
to develop plans and execute them -- almost simultaneously. The computer-based
tools make that possible.

During the experiment, operators can quickly retrieve information from military
and governmental agencies, as well as economic and academic sources. These
tools give us instant communication, instant collaboration and enormous
capability to retrieve data to help us in our decision making process, Bell
said

Computer tools also enable commanders and staff to simultaneously talk with each
other. Hundreds of people can be brought together in a virtual auditorium for an
interactive meeting, without the attendees leaving their workspaces.

Bell said the aim is to tap into the knowledge base of people sitting in the
auditorium. It's quite probable that some great thinker, one who is normally
buried in an office somewhere, will have an idea or concept or know something
about the enemy that is so important to us that we'll be able to grab it and
bring it into our thinking immediately, Bell said.

Spiral 3 gave participants a chance to master computer tools and allowed them to
leap into the future. Bell said mastering the computer skills was not as
difficult as changing traditional military decision-making mindsets and finding
new approaches and answers to problems.

We've got to reconfigure ourselves, both in terms of the way we would perceive
fighting today and project ourselves to the way the Joint Forces Command
believes we would be able to fight 5 years from now, Bell said.

Part of that new way of thinking is being explored in a concept called Rapid
Decisive Operations. RDO brings a vast knowledge base, command and control
elements and operations together to bring about a desired effect on an
adversary.

Bell said it means moving away from traditional, time-consuming sequential
operations, where plans are issued from the top and trickle down to subordinate
levels, to a 

[INFOCON] - OCIPEP AV02-038 - OpenSSL

[Wanja Eric Naef [IWS]]

-Original Message-
From: Opscen (OCIPEP / GEOCC)
Sent: 30 July 2002 18:22
To: OCIPEP EXTERNAL DISTRIBUTION LISTS
Subject: OCIPEP AV02-038 - OpenSSL


La version française suit


THE OFFICE OF CRITICAL INFRASTRUCTURE PROTECTION AND EMERGENCY PREPAREDNESS

*
ADVISORY
*

Number: AV02-038
Date:   30 July 2002

*
Vulnerability - OpenSSL
*

PURPOSE
The CERT/CC is reporting on a vulnerability in multiple versions of OpenSSL.



ASSESSMENT
The vulnerability can allow a remote attacker to cause a denial of service
and possibly execute arbitrary code on the local system.


SUGGESTED ACTION
Contact the vendor of the affected software for patches and updates. Further
details on this issue can be found in the CERT/CC advisory at:
http://www.cert.org/advisories/CA-2002-23.html


CONTACT US
For urgent matters or to report any incidents, please contact OCIPEP's
Emergency Operations Centre at:

Phone:  (613) 991-7000
Fax:(613) 996-0995
Secure Fax: (613) 991-7094
Email:  [EMAIL PROTECTED]

For general information, please contact OCIPEP's Communications Division at:

Phone: (613) 991-7035 or 1-800-830-3118
Fax:   (613) 998-9589
Email: [EMAIL PROTECTED]
Web Site:  www.ocipep-bpiepc.gc.ca


NOTICE TO READERS
When the situation warrants, OCIPEP issues Advisories to communicate
information about potential, imminent or actual threats, vulnerabilities or
incidents assessed by OCIPEP as limited in scope but having possible impact
on the Government of Canada or other sectors of Canada's critical
infrastructure. Recipients are encouraged to consider the real or possible
impact on their organization of the information presented in the Advisory,
and to take appropriate action.

The information in this Advisory has been drawn from a from a variety of
external sources. Although OCIPEP makes reasonable efforts to ensure the
accuracy, currency and reliability of the content, OCIPEP does not offer any
guarantee in that regard.

Unauthorized use of computer systems and mischief in relation to data are
serious Criminal Code offences in Canada.  Upon conviction of an indictable
offence, an individual is liable to imprisonment for a term not to exceed
ten years.  All offences should be reported immediately to your local police
service.


==


LE BUREAU DE LA PROTECTION DES INFRASTRUCTURES ESSENTIELLES ET DE LA
PROTECTION CIVILE


AVIS DE SÉCURITÉ


Numéro: AV02-038
Date:   30 Juillet 2002

*
Vulnérabilité - OpenSSL
*

BUT
Le CERT/CC signale l'existence d'une vulnérabilité dans plusieurs éditions
de OpenSSL.


ÉVALUATION
La vulnérabilité peut permettre à un utilisateur hostile de porter déni de
service et d'exécuter des codes arbitraires à distance.


MESURE PROPOSÉE
Veuillez communiquer avec le fournisseur du logiciel visé pour les rustines
et les mises à jour. Pour plus de précisions, vous pouvez consulter l'avis
du CERT/CC au: http://www.cert.org/advisories/CA-2002-23.html


COMMENT COMMUNIQUER AVER NOUS
En cas de questions urgentes, ou pour signaler des incidents, veuillez
communiquer avec le Centre des opérations d'urgence du BPIEPC au :

Téléphone :(613) 991-7000
Télécopieur :  (613) 996-0995
Télécopieur sécuritaire : (613) 991-7094
Courriel : [EMAIL PROTECTED]

Pour obtenir des renseignements généraux, veuillez communiquer avec la
Division des communications du BPIEPC au :

Téléphone :(613) 991-7035 ou 1-800-830-3118
Télécopieur :  (613) 998-9589
Courriel : [EMAIL PROTECTED]
Site Web : www.bpiepc-ocipep.gc.ca


AVIS AUX LECTEURS
Les avis de sécurité servent à communiquer des renseignements au sujet de
menaces potentielles, imminentes ou réelles, de vulnérabilités ou
d'incidents évalués par le BPIEPC, de portée limitée, mais ayant des effets
possibles sur le gouvernement du Canada ou d'autres secteurs des
infrastructures essentielles du Canada. Les avis de sécurité peuvent
contenir des renseignements et des analyses non disponibles dans le domaine
public. Les destinataires sont invités à envisager les effets réels ou
possibles sur leur organisation des renseignements présentés dans les avis
de sécurité et à prendre des mesures appropriées.

Les renseignements contenus dans cet avis de sécurité du BPIEPC sont tirés
de diverses sources extérieures. Le BPIEPC déploie tous les efforts
raisonnables pour assurer l'exactitude, la fiabilité et l'actualité du
contenu, mais il ne peut offrir aucune assurance à cet égard.

L'utilisation non autorisé des systèmes informatiques et les dommages
relatifs aux données constituent une faute grave au Code criminel canadien.
Si une personne est trouvée coupable d'une telle faute, elle est passible
d'emprisonnement pour une période n'exédant pas dix ans. Toutes fautes
devraient être signalées immédiatement à 

[INFOCON] - News 09/11/02

[Wanja Eric Naef [IWS]]

_

  London, Wednesday, September 11, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_

   IWS Sponsor

IQPC Defence Conference: Information Operations 2002 25-26/09/02

Information Operations 2002: Analysing development in defensive and
offensive information operations, critical infrastructure protection,
information assurance and perception management.

September 25 - 26, 2002. London, UK (Pre-Conference Masterclass:
24th September 2002)

Information Operations 2002 Conference Web Site
http://www.iqpc-defence.com/GB-1826

_


  
  [News Index]
  

[1] Experts Say Attack Anniversary Cyberthreats Unfounded
[2] F-Secure Virus Descriptions: Chet Worm
[3] TSA chief: Don't ease airport security deadlines
[4] Insecurity plagues US emergency alert system
[5] AltaVista and Google to fight Chinese censorship

[6] NIPC: Possible Threats to U.S. Interests
[7] Energy Utilities Ramp Up Security
[8] Comment: Clued-up staff preserve evidence
[9] Script Kiddies 2002 - A continued threat to online business
[10] Focus on Iran and Syria, Not Iraq, Graham Says

[11] Intel's new chip for security Renaissance
[12] Solace in a virtual world: Memorials on the Web
[13] Java flaws burn Internet Explorer
[14] Cybersecurity firms not profiting as expected
[15] Baltimore Cops Get Connected

[16] Microsoft buys security software company
[17] Exploring XML Encryption, Part 2

_

News
_


``If Osama was going to double-click us to death he would have done it six weeks
ago. He's low-tech. He likes flying aircraft into skyscrapers,'' the computer
expert said.

[1] Experts Say Attack Anniversary Cyberthreats Unfounded
By REUTERS

Filed at 8:15 p.m. ET

SAN FRANCISCO (Reuters) - Fears of a cyberattack inspired by the Sept. 11
attacks faded on Tuesday, a day ahead of the anniversary, with the only threat
to emerge a year-old virus hoax called ``World Trade Center Survivor.''

Experts predicted that Wednesday is likely to be just another day on the
Internet, and if anything a quiet day for cybercriminals.

http://www.nytimes.com/reuters/technology/tech-attack-tech-cyberthreat.html?ex=1
032408000en=30425ec0fc30e7cdei=5040partner=MOREOVER

 

[2] F-Secure Virus Descriptions: Chet Worm

Radar Alert LEVEL 2
NAME: Chet
SIZE: 26628
ORIGIN: Russia
ALIAS: W32/Chet@MM, Anniv911, 11september, September11

This mass-mailer worm was found on September 10th, 2002. As it contains serious
bugs, this worm will fail to function on most systems and can not be considered
to be a realistic threat at this time.

Many things inside the worm's code suggest that it originates from Russia.

The worm tries to spread via an attachment file called 11september.exe. When
this file is executed, the worm will attempt to send the following e-mail to
each address found from the Windows address book:

http://www.f-secure.com/v-descs/chet.shtml

 

[3] TSA chief: Don't ease airport security deadlines
By Matthew Weinstock

Lawmakers should not ease up on deadlines to bolster security at the nation's
airports, James Loy, acting administrator of the Transportation Security Adminis
tration, said Tuesday.

Testifying before the Senate Commerce, Science and Transportation Committee, Loy
acknowledged that about 10 percent of airports would not meet a Dec. 31 deadline
to screen all checked baggage for explosives. Still, Loy does not support a
wholesale delay in the deadline. Rather, Loy wants to work out extensions with
those 30 to 35 airports that are not expected to meet the current deadline,
establishing more realistic timeframes and developing interim strategies for
screening baggage.

Those interim strategies could include more hand searches and the use of
bomb-sniffing dogs. TSA officials are uncertain if legislation is needed to
grant the extensions, but Loy made it clear that he wants to work with Congress
to come up with a viable solution.

http://www.govexec.com/dailyfed/0902/091002w1.htm

 

[4] Insecurity plagues US emergency alert system
By Kevin Poulsen, SecurityFocus 

[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-142 Date: 11September 2002

[Wanja Eric Naef [IWS]]

http://www.ocipep.gc.ca/DOB/DOB02-142_e.html

DAILY BRIEF Number: DOB02-142 Date: 11 September 2002

NEWS

U.S. raises colour-coded level one notch

On the eve of the anniversary of September 11, Attorney General John Ashcroft
reported in a televised news conference that the U.S. government elevated the
colour-coded terrorist alert to orange, which translates to a high level of
alert. This is the first time the level has been changed since the
implementation of the colour-coded alert system came into effect last March. The
move was made after U.S. intelligence agencies uncovered the specific threats
against its interests abroad and less credible information concerning potential
terrorist attacks on American soil. The information also came from a senior
al-Qaeda member who is being held by another government. In Canada, the RCMP is
urging Canadians to remain vigilant on September 11; even though they claim that
there is no cause for alarm since no threats to Canadian interests have been
reported. A DND spokesperson stated that personnel of the Canadian Forces are
always ready to respond to any threat to the nation's security either at home or
abroad.

(Sources: canada.com, cbc.ca, 10-11 September 2002)
Click here for the source article - 1
Click here for the source article - 2

Comment: The change in threat level was the subject of a press conference given
by the U.S. Director of Homeland Security and the Attorney General, which can be
viewed at: http://www.whitehouse.gov/news/releases/2002/09/20020910-5.html

The U.S. National Infrastructure Protection Center issued an advisory pertaining
to possible threats to U.S. interests, which can be viewed at:
http://www.nipc.gov/warnings/advisories/2002/02-007.htm

Ontario seeks volunteers for emergency response teams

Minister of Public Safety and Security Bob Runciman announced that the Province
of Ontario plans to spend $1 million a year to recruit and train volunteers in
community emergency response. Mr. Runciman stated that we are working with the
municipalities to develop a made in Ontario community volunteer emergency
response that will be a vital component of the province's overall emergency and
disaster management strategy. The new venture, called Community Emergency
Response Volunteers, will recruit teams of volunteers from various
neighbourhoods, including retired police officers and firefighters, paramedics
and possibly senior citizens. Emergency Measures Ontario will be funding the
program for the first year and will be responsible for training volunteers in
the areas of basic medical skills, search and rescue, and disaster response. The
provincial government will be contributing 50 percent of the funding in the
following years. (Source, globeandmail.ca, 10 September 2002)
Click here for the source article


Comment: The press release, issued by the Minister of Public Safety and
Security's office, pertaining to the establishment of the Community Emergency
Response Volunteers can be viewed at:
http://www.newswire.ca/government/ontario/english/releases/September2002/10/c974
9.html

Transportation Minister deems Canadian ports secure
Transportation Minister David Collenette sought to address concerns raised by
police, intelligence and customs officials that Canadian ports have been
infiltrated by organized crime, creating opportunities for terrorism. The
Minister contends that although security at Canadian ports is not perfect, it
has been enhanced since 11 September 2001. (Source: canada.com, 10 September
2002)
Click here for the source article


Comment: The OCIPEP Daily Brief DOB02-131, issued on 26 August 2002, noted that
Transport Canada has ordered a detailed study of threats to Canada's marine
infrastructure following reports released by the Criminal Intelligence Service
Canada (CISC) and the Senate Standing Committee on National Security and Defence
that highlight the presence of organized crime in Canadian ports.


IN BRIEF

Oil slick off the coast of Newfoundland
Federal environment officials have charged the captain of a Bahamian-registered
bulk carrier vessel with the illegal dumping of oil. The captain of the TEMCAP
SEA made a brief court appearance in St.John's yesterday and was released on a
$50,000 bail. Officials from Environment Canada stated that more charges were
pending. The investigation was triggered after a satellite spotted the
116-kilometre-long and 200-metre-wide slick south of the Burin Peninsula.
(Source: cbc.ca, 10 September, 2002)
Click here for the source article


Tests confirm second human in Canada infected with West Nile virus
Tests have confirmed that a man from the Windsor area has been infected with the
West Nile virus, bringing the total of humans in Canada infected with the
mosquito-borne virus to two. (Source: ctv.ca, 10 September 2002)
Click here for the source article


Comment: OCIPEP Operations is monitoring the situation with respect to the West
Nile virus. For more information, please consult the OCIPEP 

[INFOCON] - Survey Shows Progress in Upgrading Information SystemSecurity

[Wanja Eric Naef [IWS]]

09 September 2002

Survey Shows Progress in Upgrading Information System Security
(Thirty percent of organizations may be unprepared to withstand
cyberattack) (730)

Increasing numbers of corporations are improving their security
measures to withstand a terrorist attack on their information
technology (IT) systems, according to a survey released September 9.
Nevertheless, though the awareness of the potential for such attacks
is high, 30 percent of the IT specialists responding said their firms
are not properly prepared for cyberspace sabotage.

The survey was conducted jointly by the Internet Security Alliance,
the National Association of Manufacturers and RedSiren Technologies, a
private information security company. The Internet Security Alliance
is a coalition of government, academic and private specialists
concerned with protection of the nation’s IT infrastructure.

The survey of more than 225 information security specialists found
that almost half their companies have increased spending to guard
against an attack while 60 percent have adopted new or improved
guidelines on how to respond to an attack.

The survey is available in full at http://www.redsiren.com/survey.html

Further information about IT security efforts is available at
http://www.isalliance.org/

The Internet Security Alliance publishes a guide on security
strategies that may be requested at
http://www.isalliance.org/news/requestform.phtml

Following is the text of the news release.

(begin text)

Internet Security Alliance
National Association of Manufacturers
RedSiren

GLOBAL COMPUTER SECURITY SURVEY FINDS ONE-THIRD OF COMPANIES MAY NOT
BE ABLE TO FEND OFF CYBERATTACKS

WASHINGTON, Sept. 9, 2002 - A new survey of information security
specialists at organizations around the world finds that - despite a
high level of awareness of the risk of computer attacks even before
the events of last September 11th - almost one-third of the companies
surveyed say they may still not be adequately equipped to deal with an
attack on their computer networks by cyberterrorists.

Conducted jointly by the Internet Security Alliance (ISAlliance), the
National Association of Manufacturers (NAM) and RedSiren Technologies
Inc., the survey asked respondents to compare their companies'
attitudes regarding information security issues, both today and prior
to last year's terrorist attacks on the World Trade Center and the
Pentagon. The survey found that:

--30 percent of respondents said their firms do not have adequate
plans for dealing with information security and cyberterrorism issues,
down from 39 percent last year;

--33 percent said information security is not a visible priority at
the executive or board level of their organizations;

--39 percent said information security plans are not regularly
communicated to or reviewed by top corporate executives; yet

--88 percent said their companies now recognize information security
as an issue essential to the survivability of their business, up from
82 percent prior to the attacks.

The survey was conducted from Aug. 12-23, targeting corporate
information security specialists around the world. More than 225
responses were recorded from throughout North America, Europe, the
Middle East and Pacific Rim regions.

Based on these results, our challenge is to educate companies about
the need for taking added preventative steps now, as well as the
hard-nosed reality that this situation will not change. Enterprises of
all sizes have to remain active and vigilant on an ongoing basis if
they are going to protect against cyberattacks on their systems, said
Doug Goodall, RedSiren's president and chief executive officer.

Information security needs to be a top priority for any successful
business, from the executive level to the IT manager, said Dave
McCurdy, ISAlliance's executive director. Businesses rely more on the
Internet and e-commerce than ever before and confronting new and
emerging cyber-threats without sound IT security practices is not
sound corporate management. The ISAlliance is the publisher of
Common Sense Guide for Senior Managers: Top Ten Recommended
Information Security Practices.

Forty-eight percent of respondents said that the September 2001
attacks had made them more concerned about cyberterrorism and its
impact on their organizations; 49 percent reported no change in
attitude at all. This seems to indicate a bit of a disconnect between
the perception of the general threat of cyberterrorism and specific
concern about one's own organization, said Tom Orlowski, vice
president, Information Systems, at NAM. It may reflect a mentality
that 'it'll never happen to me.' In today's world, that may be a
dangerous complacency.

Almost half of the respondents (47 percent) said their companies have
increased spending on information security since last year, and 38
percent said that trend would continue in 2003. New or improved
information security measures implemented in the past year ranged from
cyber insurance 

[INFOCON] - OCIPEP: Release of U.S. National Strategy to SecureCyberspace

[Wanja Eric Naef [IWS]]

Release of U.S. National Strategy to Secure Cyberspace

Introduction

Today, President George Bush's Administration released a draft version of the
National Strategy to Secure Cyberspace. The last U.S. Cyberspace Strategy was
released by the Clinton Administration in 2000. The new strategy reflects not
only an administration change but also the lessons learned from September 11.

Richard Clarke, Special Advisor to the President for Cyberspace Security, has
led the development of the strategy and will outline its contents at an event
today at Stanford University. As a demonstration of the close Canada-U.S.
cooperation in this area, Margaret Purdy, Associate Deputy Minister of National
Defence with responsibility for OCIPEP, will be speaking at the release. She
will emphasize the special importance of a coordinated Canada-U.S. approach to
ensuring the security of our shared infrastructure and the need for global
cooperation on cybersecurity issues.

The Strategy, which can be found at http://www.securecyberspace.gov, is a
living document involving ongoing public and private sector input. It is
intended as a road map of what the government, industry and individuals must do
to secure networks. The President is expected to approve the first version
before the end of the year, and the President's Critical Infrastructure
Protection Board (PCIPB) will periodically issue new releases of the Strategy.

Overview of the Strategy

There are two fundamental shifts that underlie the Strategy. First, everyone in
the country, not just the government, must be responsible to secure their own
portion of cyberspace. There is a clear message that threats to cyberspace
cannot be handled exclusively by government, military and enforcement agencies.
Universities, different sectors of the economy and owners of critical
infrastructures such as electricity grids and telecommunications are encouraged
to secure their own networks.

Second, the nation must move away from the threat paradigm to a vulnerability
paradigm. Before the terrorist attacks on the U.S. last September, the
government was expected to warn of encroaching threats and advise as to the best
protection measures. The strategy proposes that the government's role in
securing networks should not be to regulate or dictate but to empower all
Americans to secure their portions of cyberspace. The government intends to:

educate and create awareness among users and owners of cyberspace of the risks
and vulnerabilities;
produce new and more secure technologies;
develop a large and well-qualified cybersecurity workforce through training and
education;
foster responsibility of individuals, enterprises and sectors for security at
all levels through the use of market forces, public-private partnerships, and in
the last resort, through regulation and legislation;
improve federal cybersecurity to make it a model for other sectors; and
develop early warning and efficient sharing of information both within and
between public and private sectors so that attacks are detected quickly and
responded to efficiently.
The document is divided into five sections: home users and small business; large
enterprise; critical sectors including government, private sector and academia;
national priorities; and global issues. Each level lays out strategic goals for
that set of user and highlights ongoing programs, recommendations and topics for
discussion to further develop the strategic goals. There are also appended
critical infrastructure sector plans for Banking and Finance, Electric, Oil and
Gas, Water, Transportation (Rail), Information and Communications, and
Chemicals. These plans can be found at http://www.ciao.gov or
http://www.pcis.org.

The strategy also specifically recommends enhanced cooperation with Canada:

The United States should work together with Canada and Mexico to identify and
implement best practices for security of the many shared critical North American
information infrastructures. (R5-3)

In brief, some other relevant recommendations for the various sections are:
(reference Summary of Recommendations in the Strategy)

Federal government to conduct a comprehensive program performance review of the
National Information Assurance Program (NIAP) with a vision to extending it to
all government IT procurement. (R3-1  2)

Academic institutions to establish one or more Information Sharing and Analysis
Center(s) (ISAC) to deal with cyber attacks and vulnerabilities. (R3-14)
Creation of private sector ISACs for each sector, conduct sector technology and
RD gaps analysis, and development of sector best practices. (R3-15,16  17)
Internet Service Providers (ISP) to consider adopting a code of good conduct
governing their cybersecurity practices. (R4-3).

The Federal government to complete the installation of the Cyber Warning
Information Network (CWIN) to key government and non-government cybersecurity
operations centers for analysis and warning information and crisis coordination.
(R4-40)

[INFOCON] - News 09/19/02

[Wanja Eric Naef [IWS]]

_

  London, Thursday, September 19, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_

   IWS Sponsor

IQPC Defence Conference: Information Operations 2002 25-26/09/02

Information Operations 2002: Analysing development in defensive and
offensive information operations, critical infrastructure protection,
information assurance and perception management.

September 25 - 26, 2002. London, UK (Pre-Conference Masterclass:
24th September 2002)

Information Operations 2002 Conference Web Site
http://www.iqpc-defence.com/GB-1826


_


  
  [News Index]
  

[1] Cybersecurity Plan Offends No One
[2] Administration unveils cybersecurity plan
[3] President Bush Announced His Appointment of 24 Individuals to Serve as
Members of the National Infrastructure Advisory Committee
[4] A Short History of Computer Viruses and Attacks
[5] White House balks at Senate confirmation for e-gov chief

[6] Pentagon's anti-terrorism battle takes a covert turn
[7] Probe: U.S. Knew of Jet Terror Plots
[8] Group says Microsoft isn't living up to antitrust settlement
[9] Fed cybersecurity initiative boosts TCPA
[10] Bird's-Eye View of What Irks Bush

[11] Web firms take second shot at success
[12] Detecting and Removing Trojans and Malicious Code from Win2K
[13] Slapped Silly
[14] A Gathering of Big Crypto Brains
[15] Falun Gong 'TV hackers' on trial

[16] Can Bon Jovi Foil the Pirates?
[17] Senate stuck in slow motion on homeland security bill

_

News
_


[1] Cybersecurity Plan Offends No One

The White House's strategy to secure cyberspace adopts a hands-off approach.
Critics say that's not enough.
By Kevin Poulsen, Sep 18 2002 6:26PM

PALO ALTO, Calif.--The White House formally unveiled a public draft of its
national cybersecurity plan at Stanford University here Wednesday to an
invitation-only audience of technology company CEO's and security industry
bigwigs, and a crush of media.

Introducing it as the product of an unprecedented partnership between the
private sector and government, Richard Clarke, chairman of the President's
Critical Infrastructure Protection Board (PCIPB), said the National Strategy to
Secure Cyberspace is a step towards preventing serious cyber attacks in the
future. On this issue, when we know there are vulnerabilities, and we know some
of the solutions, let us work together as a country... to solve these
vulnerabilities before there's a major disaster.

http://online.securityfocus.com/news/677

 

[2] Administration unveils cybersecurity plan
By Bara Vaida and Stephen M. Lawton for National Journal's Technology Daily

PALO ALTO, Calif.- Borrowing on imagery from the Sept. 11, 2001, terrorist
attacks, the Nimda and Code Red computer viruses and veiled threats yet to
come, the White House on Wednesday unveiled its national cyber-security plan at
a press conference here.

What was originally expected to be a blueprint of how the administration plans
to fight cyber threats, the document is a rough draft that will be the subject
of public comment for the next 60 days, said Richard Clarke, the president's
cybersecurity adviser.

The government cannot dictate, cannot mandate, cannot alone secure cyberspace,
Clarke said. He characterized the theme of the document as moving away from
who, what, when, how and shifting to a vulnerability paradigm.

http://www.govexec.com/dailyfed/0902/091802td1.htm

More:

Cybersecurity plan lacks muscle
http://news.com.com/2100-1023-958545.html?tag=cd_mh

US cyber defence plan lacks teeth, claim critics
http://www.cw360.com/bin/bladerunner?REQSESS=irD17TS2149REQEVENT=CARTI=115898;
CARTT=1CCAT=2CCHAN=22CFLAV=1

Two cheers for US cyber-security plan
http://news.bbc.co.uk/1/hi/business/2268188.stm

Cyber Security Report Spreads Burden
http://www.cbsnews.com/stories/2002/09/17/tech/main522287.shtml

Critics Rap Bush Cyber-Security Plan
http://www.eweek.com/article2/0,3959,541172,00.asp

White House cybersecurity plan avoids mandates
http://www.iht.com/articles/71144.html

 

[3] President Bush Announced His Appointment of 24 Individuals to Serve as

[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-148 Date: 19September 2002

[Wanja Eric Naef [IWS]]

OCIPEP DAILY BRIEF Number: DOB02-148 Date: 19 September 2002

http://www.ocipep.gc.ca/DOB/DOB02-148_e.html

NEWS

U.S. National Strategy to Secure Cyberspace - Links Update
Details of the draft strategy were first reported yesterday in DOB02-146. The
OCIPEP Information Note regarding the draft strategy can be viewed at:
http://www.ocipep.gc.ca/emergencies/info_notes/IN02_006_e.html
The draft National Strategy to Secure Cyberspace can be viewed at:
http://www.whitehouse.gov/pcipb/cyberstrategy-draft.pdf


IN BRIEF

Prime Minister assures that Kyoto will not be lethal for economy
While speaking at a Liberal fundraiser in Calgary, the Prime Minister came to
the defence of the Kyoto protocol yesterday evening, making assurances that it
would not cause any catastrophes in the job market and investment sectors as
voiced by several provincial government leaders, particularly Alberta. With the
support of Canadian business leaders and oil companies, the Alberta government
began a $1.5-million anti-Kyoto public relations campaign yesterday. (Source:
thestar.com, 19 September 2002)
Click here for the source article

Halifax plans to clean up harbour
Halifax Regional Council will raise $210 million of the $315 million required to
fund the Halifax Harbour Solutions Project. This project aims to construct three
sewage treatment plants to process raw sewage before it is dumped in the
harbour. The Nova Scotia government has pledged to contribute $30 million to the
project and it is hoped that the remainder of the funds will be provided by the
federal government. (Source: THE GLOBE AND MAIL, 18 September 2002)
Click here for the source article


Comment: The clean-up of the heavily polluted Halifax Harbour has been a
difficult issue for the Nova Scotia provincial government for the past 20 years.
The dumping of untreated sanitary and storm wastewater into the harbour has
caused numerous problems, including widespread bacterial contamination and the
prohibition of shellfish harvesting in the harbour. The web page for the Halifax
Harbour Solutions Project can be viewed at:
http://www.region.halifax.ns.ca/harboursol/project_summary.html

Winnipeg sewage dumping to be investigated
This week's accidental dumping of raw sewage in Manitoba's Red River will be
investigated by federal fisheries officials to determine if charges will be laid
under the federal Fisheries Act. The act prohibits the dumping of harmful
material into a body of water which contains fish. The investigation will focus
on whether negligence was a factor in this incident. (Source: CBC Manitoba, 18
September 2002)
Click here for the source article


Comment: Details of this incident were first reported yesterday in DOB02-147 .
Winnipeg residents have been advised to continue using their water and sewer
services as usual.

Internet cable: Growing popularity in the U.S.
According to an U.S. research company, cable modems remain the primary means
used by North Americans for connecting to the Internet. The study revealed that
58 percent of high-speed Internet users in the U.S. were accessing the web via
cable compared to one third of consumers using digital subscriber lines (DSL) .
The research company noted that in Canada, there are more DSL users in central
and eastern Canada compared to more cable users in western Canada. (Source: THE
GLOBE AND MAIL, 18 September, 2002)
Click here for the source article


CYBER UPDATES
See: What's New for the latest Alerts, Advisories and Information Products

Threats

McAfee Security reports on BackDoor-AKR, which is a Trojan horse that copies
itself to Windows system directory as internat.dic and Windows directory as
notepad.jmp. It opens TCP port 3721 to allow a remote attacker to connect to the
infected system and perform various tasks.
http://vil.nai.com/vil/content/v_99695.htm


McAfee Security reports on Jekord, which is a Trojan horse written in Borland
Delphi that reads through the victim's browser history files and cookie data. It
may attempt to mail information to its creator.
http://vil.nai.com/vil/content/v_99701.htm


Trend Micro reports on VBS_INA.A, which is a VBScript malware that uses Outlook
e-mail to propagate copies of the batch file malware, BAT_INA.A. It arrives with
the subject line hehe, isn't that fascinating... and the attachment
BAT.INA.BAT.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_INA.A

Vulnerabilities

SecurityFocus reports on a remotely exploitable denial-of-service vulnerability
in MS Windows XP Professional and .NET Standard Server Beta 3. View the
Solution tab for workaround information.
http://online.securityfocus.com/bid/5713/discussion/


SecurityFocus reports on a remotely exploitable keystroke injection
vulnerability in MS Windows RDP that could allow an attacker to inject
maliciously crafted packets into a session. View the Solution tab for
workaround information.
http://online.securityfocus.com/bid/5712/discussion/


SecurityFocus reports on a locally 

[INFOCON] - News 09/24/02 (last one till Friday)

[Wanja Eric Naef [IWS]]

[Today's issue is delayed as I was attending an IO/IA workshop
in London. There will be no Infocon News till maybe Thursday/Friday
as London is under a massive 'infrastructure attack' per 20.00
tonight (not by any Al Qaeda terrorists or any cyberterrorists,
but by striking tube (underground) workers. WEN]

Travellers braced for Tube strike
http://news.bbc.co.uk/1/hi/england/2277687.stm

  _

  London, Tuesday, September 24, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_

   IWS Sponsor

IQPC Defence Conference: Information Operations 2002 25-26/09/02

Information Operations 2002: Analysing development in defensive and
offensive information operations, critical infrastructure protection,
information assurance and perception management.

September 25 - 26, 2002. London, UK (Pre-Conference Masterclass:
24th September 2002)

Information Operations 2002 Conference Web Site
http://www.iqpc-defence.com/GB-1826


_


  
  [News Index]
  

[1] FBI cyber chief heralds interagency cooperation
[2] Military Space Operations:  Planning, Funding, and Acquisition ...
[3] At least 100 countries building cyber weapons - expert
[4] Third slapper worm hits the street
[5] ICANN closes in on .org successor

[6] FBI agent: Break down the intelligence 'wall'
[7] Philip Morris sues Internet sites
[8] Internet phone calling: A firm fails to connect
[9] Privacy Advocate Voices Mobile Spam Concerns
[10] Canadians more wired about shopping on Net

[11] Justice Department formalizes information sharing guidelines
[12] Computers vulnerable at Oregon department
[13] When is hacking a crime?
[14] Linux hacker tracked to Surbiton...
[15] Microsoft tweaks Xbox to thwart hackers

[16] Sun Crypto curves into open source project
[17] From bipartisan beginnings, homeland bill now a divider

_

News
_


[I hope this time the cooperation will work better than last time.
Ron Dick seems to be keen on two way information sharing:

From a July Statement for the Record of Ronald L. Dick, Before the
House Committee on Governmental Reform,
Government Efficiency, Financial Management and
Intergovernmental Relations Subcommittee

Dick:

'... At the NIPC we continue to seek partnerships which promote two-way
information sharing. As Director Mueller stated in a speech on July 16th,
Prevention of terrorist attacks is by far and away our most urgent priority.
We can only prevent attacks on our critical infrastructures by building an
intelligence base, analyzing that information, and providing timely, actionable
threat-related products to our public and private sector partners. We welcome
the efforts of your Committee in improving information sharing, and I look
forward to addressing any questions you might have.'

The future will show whether this will be possible or not. All I can say:
actions
speak louder than words. Good luck. WEN]

[1] FBI cyber chief heralds interagency cooperation
By Bara Vaida, National Journal's Technology Daily

Ron Dick, the director of the FBI's National Infrastructure Protection Center,
said the FBI's new effort to partner with the Secret Service on investigating
cyber crimes is aimed at marshalling resources.

At the launch of the national cybersecurity protection plan last week, the FBI
and Secret Service announced a new pilot program where several field offices of
both agencies agreed to work together on investigating cyber crimes to determine
who is behind a particular attack.

If you look at what we've done with the Infragard program and what they've done
with the Electronic Crimes Task Force...we can leverage the capabilities of both
staffs, said Dick in an interview with National Journal's Technology Daily.

Full story: http://www.govexec.com/dailyfed/0902/092302td1.htm

 

[Interesting report. WEN]

The United States is increasingly dependent on space for its security
and well being. The Department of Defense's (DOD) space systems
collect information on capabilities and intentions of potential adversaries.
They enable military forces to be warned of a missile attack and to
communicate and navigate while avoiding hostile action. And they provide

[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-151 Date: 24September 2002

[Wanja Eric Naef [IWS]]

DAILY BRIEF Number: DOB02-151 Date: 24 September 2002

http://www.ocipep.gc.ca/DOB/DOB02-151_e.html

NEWS

Derailed CN train spills fuel in Quebec
A Canadian National (CN) train, en route from Toronto to Senneterre, derailed in
the Mauricie Region of Quebec on Sunday night. Diesel fuel spilled from one of
the train cars onto the tracks and the ground nearby. A CN spokesperson stated
that an investigation is in progress to determine the cause of the derailment
and whether the fuel spill will be harmful to the environment. No injuries were
reported. (Source: canada.com, 23 September 2002)
Click here for the source article


Comment: There does not appear to be significant damage from the spill of
approximately 7,000 gallons (26,498 litres) of diesel. A team was on the scene
on Monday to start the clean-up process. Service on the rail line is expected to
resume on Wednesday.

NIPC releases hacktivisim assessment
On 23 September 2002, the U.S. National Infrastructure Protection Center (NIPC)
released an assessment entitled Hacktivism in Connection with Protest Events of
September 2002, which warns of the potential for hacktivism in conjunction with
the upcoming World Bank and IMF meetings to be held in Washington, DC this week.
The NIPC recommends that recipients monitor their information systems and
networks for computer intrusions during the events listed above. The assessment
can be viewed at: http://www.nipc.gov/warnings/assessments/2002/02-002.htm

U.S releases National Security Strategy
On 17 September 2002, the Bush Administration released its latest national
strategy to protect American interests. The National Security Strategy largely
abandons the concept of military deterrence-which dominated defence policies
during the Cold War years-for a forward-reaching, pre-emptive strategy against
hostile states and terrorist groups. The strategy document also outlines a
policy of multilateralism to: defuse regional conflicts; prevent enemies from
using weapons of mass destruction against the United States, it allies and
friends; support and promote a new era of global economic growth through free
markets and free trade; expand the development of open societies and build the
infrastructure of democracy; reduce the toll of HIV/AIDS and other infectious
diseases; and, transform the U.S. military to meet 21st century challenges.

Comment: The latest strategy is an enclosed document to the Homeland Security
Strategy released on 6 June 2002 and overarches the recently released National
Strategy to Secure Cyberspace. For the complete text of the National Security
Strategy of the United States of America please see
http://www.whitehouse.gov/nsc/nss.html




IN BRIEF

West Nile (WN) virus
According to the chair of Toronto's Board of Health, the WN virus has hit
Ontario and the Greater Toronto area faster than anticipated. The board is
considering alternatives to chemical fogging, including the use of
non-chemical larvicide or synthetic hormones. (Source: thestar.com, 24 September
2002)
Click here for the source article


Comment: Additional information on the WN virus can be found on the OCIPEP web
site at: http://www.ocipep.gc.ca/otherlinks/hlinx_e.html

New version of Slapper worm starts spreading
A new version of the Slapper B worm, dubbed Slapper C, has started infecting
servers. Patches are available for all variants of the worm. (Source:
vnunet.com, 24 September 2002)
Click here for the source article


Ontario hydro bills increase sharply
Consumers in Ontario have been paying an average of 30 percent more for their
electricity over the summer months, according to a media report. Energy
suppliers credit higher summer temperatures for the increase in the market price
of energy. (Source: globeandmail.ca, 24 September 2002)
Click here for the source article


Comment: The OCIPEP Daily Brief DOB02-116, released on 2 August 2002, noted that
higher than usual temperatures this past summer, coupled with high use of air
conditioners, had prompted Ontario's electricity distributor to warn residents
that they should consider cutting back their energy consumption to reduce the
load on the system.

Homeowners may receive $1,000 from Ottawa to help conserve energy
As part of the consumer portion of Canada's draft plan to put into action the
Kyoto Protocol, federal officials stated that Ottawa is considering offering
homeowners rebates as high as $1,000 if they make their homes more energy
efficient. (Source: globeandmail.ca, 23 September 2002)
Click here for the source article


U.S. planning to revert back to code yellow
Government officials believe that President Bush may decide to lower the
Homeland Security alert level back from orange (high) to yellow (elevated) in
the next few days. (Source: nandotimes.com, 23 September 2002)
Click here for the source article


FBI and Secret Service join forces to investigate cyber crimes
During the launching of the National Strategy to Secure Cyberspace last week, it
was announced 

[INFOCON] - (Admin) How to unsubscribe

[Wanja Eric Naef [IWS]]

Dear All,

Even though the unsubscribe instructions are included in the 
daily newsletter, some people still do not know how to do it.

Below please find the instructions on how to unsubscribe:

***

To unsubscribe - send an email to [EMAIL PROTECTED] with 
unsubscribe infocon in the body



Also, please do not hassle any government agencies with unsubscribe 
requests (they are busy enough) if you get their news, ... through 
the Infocon list (all email from the infocon mailing list have 
'[INFOCON] -' in the subject line and hence should be easily 
identifiable).

Thank you.

Regards,

WEN

Wanja Eric Naef
Webmaster  Principal Researcher
IWS - The Information Warfare Site
http://www.iwar.org.uk 






IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - GAO: Information Sharing Activities Face ContinuedManagement Challenges

[Wanja Eric Naef [IWS]]

Homeland Security:  Information Sharing Activities Face Continued
Management Challenges, statement for the record by David M. Walker,
comptroller general of the United States, before a joint hearing of the
Senate Select Committee on Intelligence and the House Permanent Select
Committee on Intelligence.  GAO-02-1122T, September 23. 

http://www.gao.gov/cgi-bin/getrpt?GAO-02-1122T 

 Today, governments at all levels, as well as private sector
entities,
recognize that they have a greater role to play in protecting the nation
from terrorist attacks. To achieve this collective goal, homeland
security
stakeholders must more effectively work together to strengthen the
process by which critical information can be shared, analyzed,
integrated
and disseminated to help prevent or minimize terrorist activities. The
work
of these committees and of others in Congress and the Administration in
crafting solutions to leverage agencies' abilities and willingness to
share
timely, useful information is critical to the fundamental transformation
required in our homeland security community to ensure an affordable,
sustainable and broad-based response to new and emerging threats to our
country. 


 In my testimony today, I will discuss (1) some of the challenges to
effective information sharing, including the fragmentation of
information analysis responsibilities, and technology and collaboration
challenges, and
(2) GAO's views on addressing these challenges through transformational
strategies, including strengthening the risk management framework;
refining the national strategy, policy, and guidance structures to
emphasize
collaboration and integration among homeland security stakeholders to
achieve common goals; and bolstering the fundamental management
foundation integral to effective public sector performance and
accountability. The statement also includes an appendix that lists GAO's
recommendations on combating terrorism and the status of their
implementation, as well as a list of related products. 






IWS INFOCON Mailing List
 IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - News 10/03/02

[Wanja Eric Naef [IWS]]

_

  London, Thursday, October 15, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_

  
To subscribe - send an email to [EMAIL PROTECTED] with subscribe
infocon in the body

To unsubscribe - send an email to [EMAIL PROTECTED] with
unsubscribe
infocon in the body

_


  
  [News Index]
  

[1] House lawmaker renews push for cybersecurity measures
[2] Report on blonds won't wash  
[3] The Book on Mitnick Is by Mitnick
[4] Pro-Islamic militant hacker groups boost attacks security company
says
[5] Gartner slams MS security after latest flaw

[6] A radical rethink of international relations  
[7] Professor stresses Net security awareness
[8] Bugbear virus threat increases
[9] Pentagon contempt is hurting the cause  
[10] Internet rekindles 'Nigerian scam'

[11] New U.S. strategy in Afghanistan: winning hearts and minds  
[12] Help! MS issues another critical security fix
[13] Hong Kong news site hacked
[14] Plan aimed at Iraqi commanders raises doubts
[15] FBI names 20 most unwanted security flaws

[16] P2P network funded by US government
[17] Quantum cryptography takes to the skies

_

News
_


[1] House lawmaker renews push for cybersecurity measures
By Maureen Sirhal, National Journal's Technology Daily 

A key House lawmaker is moving to reauthorize legislation that would
impose security requirements on federal agencies through two different
vehicles, signaling what he sees as the urgency of extending information
security measures before Congress adjourns.

The House Government Reform Technology and Procurement Policy
Subcommittee on Tuesday approved legislation to promote online
government and included in that bill, H.R. 2458, a provision-based on
the Federal Information Security Act (FISMA)-to permanently reauthorize
2000 Government Information Security Reform Act (GISRA) and institute
other cybersecurity requirements for agencies. 

Subcommittee Chairman Tom Davis, a Virginia Republican, added the FISMA
language to the e-government bill even though he already has won House
passage of the proposal as part of another measure, H.R. 5005, that
would create a Homeland Security Department. A Senate e-government bill,
S. 803, also contains a provision to permanently reauthorize GISRA.

http://www.govexec.com/dailyfed/1002/100102td1.htm 

 

(This story has nothing to do with IA, but it is a brilliant example
of how some media folks pick up stories without checking the facts.
I still remember the rather ridiculous printer virus story during the
Gulf War WEN)

'... Jeffrey Schneider, a spokesman for ABC News, said that the anchors
got the information from an ABC producer in London who said that he had
read it in a British newspaper. ...'


[2] Report on blonds won't wash  
Lawrence K. Altman The New York Times 
Thursday, October 3, 2002  
 
Forecast demise of fair hair had no roots in truth
 
NEW YORK NEW YORK: Apparently it fell into the category too good to
check.

Last week, several British newspapers reported that the World Health
Organization had found in a study that blonds would become extinct
within 200 years because blondness was caused by a recessive gene that
was dying out. The reports were repeated by anchors for ABC and CNN.
There was only one problem: The health organization says that it never
reported that blonds would become extinct and that it had never done a
study on the subject. WHO has no knowledge of how these news reports
originated, the organization, a Geneva-based agency of the United
Nations, declared. The agency added that it would like to stress that
we have no opinion of the future existence of blonds.

http://www.iht.com/articles/72474.html 

 

[3] The Book on Mitnick Is by Mitnick 
By Michelle Delio  

2:00 a.m. Oct. 3, 2002 PDT 
Six months ago, the world's most notorious hacker was wondering if he'd
ever be able to live down his reputation as a serial killer of corporate
computer systems. 

Kevin Mitnick was unemployed, depressed and in danger of losing his
treasured amateur radio license. He was starting to think that even

[INFOCON] - GAO CIP: Commercial Satellite Security

[Wanja Eric Naef [IWS]]

(Interesting report about a part of the critical infrastructure which is
not mentioned very often. WEN)

Key sentence for CIP planner:

...In addition, we are recommending that commercial satellites be
identified as a critical infrastructure sector (or as part of an already
identified critical infrastructure sector) in the national CIP strategy,
to help ensure that these assets are protected from unauthorized access
and disruption. ...

GAO: Critical Infrastructure Protection:  Commercial Satellite Security
Should Be More Fully Addressed.  GAO-02-781, August 30.
http://www.gao.gov/cgi-bin/getrpt?GAO-02-781   

Vulnerabilities:

 Satellites are vulnerable to various threats. Protecting satellite
systems against these threats requires attention to (1) the satellite;
(2) the satellite control ground stations, which perform tracking and
control functions to ensure that satellites remain in the proper orbits
and which monitor satellite performance; (3) the communications ground
stations, which
process the data being sent to and from satellites; and (4)
communications
links between satellites and ground stations-both those that transmit
the
tracking and control information and those that transmit the data.
Security
threats to any part of the system could put government and commercial
functions at significant risk. Accordingly, at your request, we reviewed
(1) what security techniques are available to protect satellite systems
from
unauthorized use, disruption, or damage; (2) how federal agencies reduce
the risk associated with their use of commercial satellite systems; and
(3) what federal critical infrastructure protection (CIP) efforts are
being
undertaken to address satellite system security through improved
government and private-sector cooperation. To accomplish these
objectives, we reviewed technical documents, policy, and directives and
interviewed pertinent officials from federal agencies and the private
sector
involved in developing, operating, maintaining, and protecting satellite
systems. ...


Results:

 Techniques to protect satellite systems from unauthorized use and
disruption include the use of robust hardware on satellites, physical
security and logical access controls2 at ground stations, and encryption
of
the signals for tracking and controlling the satellite and of the data
being
sent to and from satellites. 


Recommendation:

Because of the importance of the satellite industry to our nation, we
recommend that steps be taken to promote appropriate revisions to
existing policy and the development of new policy regarding the security
of
satellite systems, to ensure that federal agencies appropriately address
the
use of commercial satellites, including the sensitivity of information,
security techniques, and enforcement mechanisms. In addition, we are
recommending that commercial satellites be identified as a critical
infrastructure sector (or as part of an already identified critical
infrastructure sector) in the national CIP strategy, to help ensure that
these assets are protected from unauthorized access and disruption.





IWS INFOCON Mailing List
 IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - Announcing 2 NEW Computer Security SpecialPublications -- NIST

[Wanja Eric Naef [IWS]]

-Original Message-
From: [EMAIL PROTECTED]  On Behalf Of Patrick O'Reilly
Sent: 03 October 2002 18:12
To: Multiple recipients of list
Subject: Announcing 2 NEW Computer Security Special Publications -- NIST

The National Institute of Standards and Technology (NIST) is releasing
new guidelines for dealing with two of the most common sources of
security: poorly configured Web servers and email systems.  Special
Publication 800-44, Guidelines on Securing Public Web Servers, and
Special Publication 800-45, Guidelines on Electronic Mail Security, are
part of a series of guidance developed by the NIST Computer Security
Division and available through the Computer Security Resource Center Web
site (http://csrc.nist.gov/publications/nistpubs/).  NIST serves as the
primary technical security resource for civilian agencies under the
Computer Security Act of 1987.

The two guides are intended primarily for a technical audience, such as
systems administrators who are responsible for installing, configuring,
and maintaining e-mail systems and public Web servers.  The guides
provide not only generic guidance on how to secure such systems, but
also specific examples of applying the guidance to secure some of the
most popular email and Web products, for both Microsoft Windows and Unix
operating systems.  To assist the reader, the guides also contain
numerous pointers and references to related material.

Any questions or comments can be sent to Wayne Jansen ([EMAIL PROTECTED]).




IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-158 Date: 03 October2002

[Wanja Eric Naef [IWS]]

DAILY BRIEF Number: DOB02-158 Date: 03 October 2002
 
http://www.ocipep.gc.ca/DOB/DOB02-158_e.html 

NEWS 

Kyoto and Beyond
A report prepared for The David Suzuki Foundation and the Canadian
Climate Action Network (CANet) entitled Kyoto and Beyond: The Low
Emission Path to Innovation and Efficiency proposes several measures
that are key to meeting Kyoto requirements. These include energy
conservation; efficiency improvements; decreasing electric heat usage;
industrial cogeneration; increased usage of wind and other renewable
sources; and, in the long term, increased imports of hydroelectricity.
The report can be viewed in PDF format at the following address:
http://www.davidsuzuki.org/files/Kyoto_Beyond_LR.pdf

Comment: There has been considerable media attention lately to the issue
of alternate means of power production. The Conservation Council of New
Brunswick (CCNB) and CANet stated Wednesday that rebuilding nuclear
power plants and using them as an alternative to carbon
dioxide-producing fossil fuels wouldn't necessarily assist Canada in
reaching Kyoto Protocol targets. A spokesperson from the CCNB contends
that the province's nuclear power generating station at Point Lepreau
has outlived its usefulness and that funding the extension of its
lifespan will only serve to delay the development of alternative methods
of energy production. As reported in the OCIPEP Daily Brief DOB02-152,
released 25 September 2002, New Brunswick Power is looking to make
substantial renovations to keep the Point Lepreau nuclear generating
station operational past its planned closing date in 2006. 
http://www.web.net/~ccnb/news/current/kyoto_press.htm
http://www.web.net/~ccnb/news/current/kyoto_stmnt.htm

Hurricane Lili halts U.S. gulf refinery production
Hurricane Lili is affecting the U.S. oil production industry as
refineries in Port Arthur, Texas, and Louisiana, including the Louisiana
Offshore Oil Port (the largest oil port in the U.S.), are shutting down
because of the storm. Such closures are depleting the market of more
than 500,000 barrels of oil per day. (Source: Forbes.com, 02 October
2002)
Click here for the source article


Comment: Hurricane Lili has been downgraded to a category 2 hurricane. A
projected track of the hurricane shows that Lili will be situated south
of the Ontario/Great Lakes area by October 5. The projected track can be
viewed on the Environment Canada's web site at:
http://www.ns.ec.gc.ca/weather/hurricane/current6.html

EPA releases Homeland Security Strategy
On October 2, the U.S. Environmental Protection Agency (EPA) released
its Strategic Plan for Homeland Security, which is intended to support
the U.S. President's National Strategy for Homeland Security and the
efforts undertaken by the new Department of Homeland Security. The plan
divides the EPA's homeland security responsibilities into four areas:
critical infrastructure protection; preparedness, response, and
recovery; communication and information; and, protection of EPA
personnel and infrastructure. For each mission area, goals, tactics, and
results are outlined. The EPA's homeland security responsibilities
include protection of water infrastructure; cleanup following biological
or chemical attacks; reducing the vulnerability of the chemical
industry and hazardous materials sector of the nation's critical
infrastructure; and, involvement in response to and recovery from
radiological attacks. (Source: www.epa.gov, October 2, 2002)
Click here for the source article


Comment: The EPA noted in the plan that although it had lead agency
status in several homeland security areas, that status was subject to
change along with its Homeland Security Strategy, as the Department of
Homeland Security may absorb some of those responsibilities as it
develops. The EPA has bolstered its response, preparedness and recovery
capabilities since 11 September 2001 by providing training and better
equipping response teams, issuing water system security grants and
announcing plans for a center to coordinate research in areas such as
building decontamination, rapid risk assessment and drinking water
protection. For the full text of the EPA's Strategic Plan for Homeland
Security, please go to:
http://www.epa.gov/epahome/downloads/epa_homeland_security_strategic_pla
n.pdf



 

IN BRIEF  

Ontario hydro dam alert system will be improved
The Ontario Energy Minister stated yesterday that the government has
ordered modifications to their computerized warning system at the
province's hydroelectric dams following a tragic accident near Calabogie
that caused the death of a mother and son in June 2002. 

Comment: The Members' Statements regarding hydro dam safety can be
viewed at: http://hansardindex.ontla.on.ca/hansardeissue/37-3/l035a.htm.


Bruce power tables environmental impact study for restart of two nuclear
reactors 
The Canadian Nuclear Safety Commission (CNSC) has released an
Environmental Assessment (EA) Study Report for public comment. The study
was 

[INFOCON] - Strategic, Space Commands Merge

[Wanja Eric Naef [IWS]]

... Here, today, you begin to effect a real transformation-a
transformation that will improve our command and control, our
intelligence and our planning-in short, a fundamental step forward to
better meet the security environment that will define the 21st Century.
...

***

Strategic, Space Commands Merge
By Petty Officer 1st Class Sonja Chambers
Special to the American Forces Press Service 

OFFUTT AIR FORCE BASE, Neb., Oct. 1, 2002 - Two U.S. unified commands
merged Tuesday to form a new global command with global responsibilities
in a new strategic environment. 

During an afternoon ceremony in the Bennie L. Davis Maintenance
Facility, a new U.S. Strategic Command was established through the
merger with U.S. Space Command and tasked with space operations,
information operations, computer network operations, and strategic
defense and attack missions. 

During the ceremony, Adm. James O. Ellis Jr., U.S. Strategic Command
chief, cased the colors and stood down the old command. Air Force Gen.
Richard B. Myers, chairman of the Joint Chiefs of Staff, then activated
the new command, incorporating portions of U.S. Space Command. That
command, based at Peterson AFB, Colo., ceased to exist. 

The new StratCom represents the transformation that provides a single
commander, with a global perspective, to support the President and the
Secretary of Defense, said Myers. With a B-2 Spirit stealth bomber, one
of the most potent reminders of the nation's deterrence strength, parked
behind several troop formations to the rear of the facility, and a
60-foot U.S. flag behind him, Ellis took command of the new StratCom. 

This new command is going to have all the responsibilities of its
predecessors, but an entirely new mission focus, greatly expanded forces
and you might even say several infinite areas of responsibility, Myers
said. The command will focus on the military's ability to respond to
threats around the world and offer a wider range of strategic options. 

United States Strategic Command provides a single warfighting combatant
command with a global perspective, focused on exploiting the strong and
growing synergy between the domain of space and strategic capabilities,
Ellis said. 

The merger of the commands is part of the Bush administration's plan to
transform the U.S. military as part of the nation's national military
strategy. The new StratCom will continue to be responsible for providing
strategic deterrence for the nation, but now, it will also assume space
missions and responsibilities. 

Here today you begin to affect a real transformation, said Deputy
Defense Secretary Paul Wolfowitz. A transformation that will improve
our command and control, our intelligence and our planning. In short, a
fundamental step forward to better meet the security environment that
will define the 21st century. 

The command exercises combatant command and control of assigned task
forces and service components that support the command's mission. During
day-to-day operations, service component commanders retain primary
responsibility for maintaining the readiness of USSTRATCOM forces and
performing their assigned functions. 

Organizations include the following task force and service elements:
aerial refueling, airborne communications, Army Space forces, ballistic
missile submarines, bomber and reconnaissance aircraft, Joint Task Force
- Computer Network Operations, the Joint Information Operations Center,
land-based intercontinental ballistic missiles, the Naval Network and
Space Operations Command, and Space Air Force. 

Related Sites of Interest:

U.S. Strategic Command Web site 
http://www.stratcom.af.mil/ 

Establishment of U.S. Strategic Command: Remarks as Prepared for
Delivery by Deputy Secretary of Defense Paul Wolfowitz, Offutt AFB,
Omaha, Neb., Oct. 1, 2002 
http://www.defenselink.mil/speeches/2002/s20021001-depsecdef2.html 

AFPS News Article: Northern Command Established in Colorado 
  AFRTS Radio Report:   Rumsfeld says SPACECOM/STRATCOM merger to
improve combat effectiveness
http://www.defenselink.mil/news/Oct2002/n10022002_200210024.html 


**


Establishment of U.S. Strategic Command 
Remarks as Prepared for Delivery by Deputy Secretary of Defense Paul
Wolfowitz, Offutt AFB, Omaha, NE, Tuesday, October 1, 2002. 






[Chairman of the Joint Chiefs of Staff] General Myers has thoroughly and
commendably recognized the many distinguished guests who join us today.
But, let me add my personal greetings to Governor Johanns, Senators Exon
and Karnes, [U.S. Stratcom Commander]Admiral Ellis, our honored
veterans, and, most of all, the men and women here who serve us so
faithfully and so well. Please join me in showing our appreciation.

Along with the big Air Force presence here on the plains of Nebraska,
I'd point out how 

[INFOCON] - NIPC ADVISORY 02-008

[Wanja Eric Naef [IWS]]

--- NATIONAL INFRASTRUCTURE PROTECTION CENTER
“W32.Bugbear@mm or  I-Worm.Tanatos”
NIPC ADVISORY 02-008
October 3, 2002

The National Infrastructure Protection Center (NIPC) is issuing this
advisory to heighten the awareness of an e-mail-borne worm known as
W32.Bugbear or I-Worm.Tanatos.  This network-aware worm, which is being
circulated as an e-mail attachment, appears to target machines running
Microsoft software.  The worm is attached to e-mails with a wide variety
of subject lines such as bad news, Membership Confirmation, Market
Update Report, and Your Gift, and appears to use randomly generated
names to avoid detection by anti-virus software, as well as multiple
file extensions to disguise the fact that it is an executable file.
W32/Bugbear-A tries to copy itself to all types of shared network
resources.  The anti-virus industry has reported that this worm has
infected over 22,000 systems in the past 24 hours and is continuing to
grow.   Due to its keystroke logging and backdoor capabilities, the worm
is capable of intercepting victim’s Internet activity, for example,
credit-card information, banking information, usernames and passwords. 
The NIPC is urging all infected owners to change logins and passwords
after the infection has been reported and removed.   System
administrators should be aware that attackers could exploit these
vulnerabilities to gain remote access which could enable the attacker to
take any action desired, such as installing malicious code; running
programs; and, reconfiguring, adding, changing, or deleting files.  


Description:

The Bugbear worm arrives in victims' in-boxes in the form of a random
e-mail. The only constant signature of the worm has been the size of the
attachment, which to date has been 50,688 bytes.  The virus installs a
Trojan horse component called “PWS-Hooker” on infected machines.  The
Trojan program searches for and tries to disable a number of common
Windows processes, and popular anti-virus and firewall software.  The
actual infected file arrives as an attachment. The subject line, name of
the attachment, and text in the body of the message can vary; the
attachment name typically has a double extension, such as “.doc.pif.”  
The worm may also attempt to determine the presence of an Apache 1.3.26
web server and relay this information to an external email address; it
continuously looks for and terminates processes by listening to port
36794/tcp and port 137/udp.  When a remote system is restarted, the
worm's file gets control and infects a system. 

The worm exploits the MIME and IFRAME vulnerability in versions of
Microsoft Internet Explorer 5.01 and 5.5.  However, users running
Internet Explorer 5.01 service pack 2 are not affected by this
vulnerability. These vulnerabilities may allow an executable attachment
to run automatically, even if the user does not double-click on the
attachment.  An option in Microsoft Internet Explorer executive preview
pane allows users to view e-mail without clicking on the email.  Users
can delete the e-mail before viewing in the preview pane by turning the
option off until appropriate patches have been applied.

Microsoft has issued a patch to secure against these attacks. The patch
can be downloaded from Microsoft Security Bulletin MS01-027:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/bulletin/ms01-27.asp
(This patch was released to fix a number of vulnerabilities in
Microsoft's software, including the ones exploited by this worm.)

Several anti-virus software vendors have updated their signature files
to recognize this worm in an attempt to stop the infection upon
contact.  In some cases, anti-virus software will remove an active
infection from your system. Additional information obtained at:
 
Central Command
http://www.centralcommand.com

    McAfee
http://www.nai.com

Symantec
http://symatec.com

Sophos
http://sophos.com

Recommendation:

The NIPC strongly urges the community to consider applying patches from
Microsoft to secure against these attacks.   All versions of Windows are
vulnerable to this worm's ability to arrive via open file sharing. Users
of Macintosh, Linux, and Unix are not at risk.  Users of Internet
 Explorer 6 should be safe from the e-mail portion of this worm. 


The NIPC encourages recipients of this advisory to report computer
intrusions to their local FBI office
(http://www.fbi.gov/contact/fo/fo.htm) and other appropriate
authorities.  Recipients may report incidents online to
http://www.nipc.gov/incident/cirr.htm.  The NIPC Watch and Warning Unit
can be reached at (202) 323-3204/3205/3206 or [EMAIL PROTECTED]
---
 




IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - [netsec-letter] #21, Securing Cyberspace -- Commentson the National Strategy

[Wanja Eric Naef [IWS]]

The latest netsec-letter contains some interesting comments regarding
'The National Strategy to Secure Cyberspace'

Good mailing list.

To subscribe, send a blank e-mail to:
[EMAIL PROTECTED]

WEN

-Original Message-
From: Fred Avolio 
Sent: 04 October 2002 17:43
To: [EMAIL PROTECTED]
Subject: [netsec-letter] #21, Securing Cyberspace -- Comments on the
National Strategy

NetSec Letter #21, 2 October 2002
Securing Cyberspace -- Comments on the National Strategy
Fred Avolio, Avolio Consulting, Inc., http://www.avolio.com/

On September 18, the (US) President's Critical Infrastructure
Protection Board released a draft for comment of The National
Strategy to Secure Cyberspace. Security vendors jumped on the band
wagon, bragging about their involvement in the process (as if
involvement from CEOs and Senior VPs will solve security problems).
The government has scheduled Town Hall meetings in which the
slightly more educated will hear comments from the uneducated about
this document. This month, I'll make some comments, observations, and
recommendations.

Comments

It is not clear (to me) where they got the ideas for the cyberspace.
Maybe there are references, and I just missed them. Nevertheless, they
are all commonly prescribed good practices. Unfortunately, the reader
will have to sift through a lot of boilerplate and government-speak,
an unclear and laborious writing style that attempts to say everything
it possibly can, as if the writer were paid by the word. (Government
writers believe this is necessary, and will not be persuaded
otherwise, thinking that there are special requirements for them.) 

Also, it is aimed at the lowest common denominator -- the person who
knows nothing about the need for Internet security -- and so goes into
great detail to make the case for the need for computer and network
security. I suspect this is overkill, but for the person who just
arrived from another star system where people are polite and mind
their own businesses, it won't hurt. I recommend anyone who knows
anything about security to just skip to page 61, the summary of
recommendations. The writers used some old data (the insider threat
at 70% is from a 2 year old study, I believe), but what they say is
mostly correct. 

Observations

The document does not recommend government regulation, invoking
federalism. Government will encourage through example and purchasing.
Also, it is primarily an awareness program. This is reminiscent of the
Smokey Bear campaign of the USDA Forest Service. Every boomer
generation kid knows Only YOU can prevent forest fires, and knows
that dealing with a campfire, you drown it, stir, and drown again. I
know it, even though I never, ever camped when a child. Did it help?
Well, *I've* never started a forest fire, so maybe. 

Every home user should read the guidelines for the individual and
small office. It is all good stuff. True, it has all been said
before. Maybe if the government says it people will do it, but
probably not.

The guidelines for the large enterprise, again, are things companies
should know, should have heard, and should be doing already. Again,
maybe they will if the government suggests it. I don't think so. An
example: it took seat belt laws to get them in all cars. Drivers were
not asking for them (and still some people don't use them). For
companies, it all comes down to profit and loss. In many large
enterprises -- and in the Federal Government -- security is always
second place to usability.

The guidelines for the Federal Government itself are the most
bothersome. For example, establish an Office of Information Security
Support Services within the Federal government... In typical
government fashion, it solves a problem by adding more bureaucracy. A
concern I have is that the guidelines look at the Government (also
Large Enterprise) as one single entity that can be understood and
controlled, if not tamed. Until we start thinking about
compartmentalizing organizations -- protecting little offices from
*everyone else* -- the problem will remain unmanageable. No government
office or agency (e.g., the OISSS -- blech), no matter how big, can
make sure the entire US Federal Government cyberspace is secure or
that each agency and department in the government is following
regulations.

Recommendations

Here's what *I* think is needed, and not addressed, unless I missed it
(and I might have in all this text).

First, consider regulation of U.S. Internet Service Providers (ISPs),
with the goal of raising the bar of security for their networks and
the customers. There are many things that most ISPs can do, from
supporting strong user authentication for access to services, to
encouraging the use of VPNs (rather then discouraging, by rejecting
IPSec packets).

Next, ISPs will require a certain level of security from enterprise
and broadband customers, through adherence to and adoption of
recognized good security. Perhaps dial-up users are below the radar on
this, but every 

[INFOCON] - News 10/04/02

[Wanja Eric Naef [IWS]]

_

  London, Friday, October 04, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk 

_

To subscribe - send an email to [EMAIL PROTECTED] with subscribe
infocon in the body

To unsubscribe - send an email to [EMAIL PROTECTED] with
unsubscribe
infocon in the body

_


  
  [News Index]
  

[1] Report: Satellites at Risk of Hacks
[2] Hackers deface State Department site
[3] Microsoft says 1 percent of bugs cause half of all software errors
[4] Senate cybersecurity bill hits snag
[5] Army looking to outsource

[6] (CA) Federal proposal tells only part of cybercrime story
[7] Bill aims at foreign Web censorship
[8] Bush steps up demand for action on homeland security bill
[9] Northcom faces obstacles at launch
[10] State again target of hacking

[11] Allies Drop Leaflets Warning Iraqis
[12] 'Cowboy' WLANs letting industry down, analyst warns
[13] U.N. arms inspectors run into a few bugs
[14] House Passes Net Gambling Bill
[15] Teaming up against cyberthreats

[16] Klez-H enjoying its final days on infamy?
[17] Assessing Internet Security Risk, Part Four: Custom Web
Applications

_

News
_


[1] Report: Satellites at Risk of Hacks

Want to find the most-ignored cybersecurity hole in America's critical
infrastructure? Congressional investigators say, Look up! 
By Kevin Poulsen, Oct 3 2002 4:42PM

Critical commercial satellite systems relied upon by federal agencies,
civilians and the Pentagon are potentially vulnerable to a variety of
sophisticated hack attacks that could cause service disruptions, or even
send a satellite spinning out of control, according to a new report by
the General Accounting Office, the investigative arm of Congress. 

The GAO report, dated August 30th but not released publicly until
Thursday, criticizes the White House for not taking the vulnerabilities
into account in its national cybersecurity planning, a criticism it also
extends back to the Clinton administration.

http://online.securityfocus.com/news/942 

See also:

http://www.mail-archive.com/infocon@infowarrior.org/msg00249.html 

 

[2] Hackers deface State Department site

Unidentified hackers scrawled virtual obscenities on a State Department
Web site, forcing the department to close the site down, spokesman
Richard Boucher said Thursday. The obscenities appeared Wednesday on the
Web site www.usinfo.state.gov, which is designed to provide information
to computer users outside the United States. Boucher did not describe
the obscenities or know if they were politically motivated.

http://zdnet.com.com/2110-1105-960706.html 

http://news.com.com/2110-1001-960706.html?tag=cdshrt 

http://www.washingtonpost.com/wp-dyn/articles/A39528-2002Oct3.html 


A FoGIS (http://www.fogis.de) member spotted the following:

State Press Briefing 03.10.02

QUESTION:  Yeah, I have tried yesterday afternoon and this morning to
get into your overseas website and have been unsuccessful.  Are you 
all having trouble with that?

MR. BOUCHER:  One of our sites was hacked.  The International
Information website, the usinfo.state.gov site, which is run by the
Bureau of International Information Programs, largely directed at
foreign audiences, was temporarily shut down after the main page was
defaced on October 2nd.  This affects this particular site only.  Our
main site, www.state.gov remains open and most embassy sites from
overseas are not affected.

The defacement was on the main page.  The investigation is being
coordinated by State's Internal Computer Incident Response Team.  
It's not possible to surmise any intent of the intruders beyond
vandalism 
At this point.

The affected site was hosted by a service outside the Department.  At
no time were any inside computers or classified information or
sensitive information in any danger of compromise.  We're fixing the
website and trying to put it back up and running as soon as possible.

QUESTION:  What was the defacement?

MR. BOUCHER:  I don't have information here.

 

[3] Microsoft says 1 percent of bugs cause half of all software errors
 
SEATTLE (Reuters) - One percent of the bugs in 

[INFOCON] - UNIRAS Brief - 330/02 - Microsoft - Vulnerabilitiesin File Decompression Functions, Windows Help Facility, Unix 3.

[Wanja Eric Naef [IWS]]

-Original Message-
From: UNIRAS (UK Govt CERT
Sent: 07 October 2002 14:29
To: [EMAIL PROTECTED]
Subject: UNIRAS Brief - 330/02 - Microsoft - Vulnerabilities in File
Decompression Functions, Windows Help Facility, Unix 3.0 Interix SDK +
Patch for SQL Server

 
-BEGIN PGP SIGNED MESSAGE-

-

--
   UNIRAS (UK Govt CERT) Briefing Notice - 330/02 dated 07.10.02  Time:
14:05
 UNIRAS is part of NISCC(National Infrastructure Security Co-ordination
Centre)
-

-- 
  UNIRAS material is also available from its website at
www.uniras.gov.uk and
 Information about NISCC is available from www.niscc.gov.uk
-

--

Title
=

Four Microsoft Security Bulletins:

1. MS02-054:Unchecked Buffer in File Decompression Functions Could Lead
to Code Execution

2. MS02-055:Unchecked Buffer in Windows Help Facility Could Enable Code
Execution 

3. MS02-056:Cumulative Patch for SQL Server 

4. MS02-057: Flaw in Services for Unix 3.0 Interix SDK Could Allow Code
Execution

Detail
== 

1. 

Microsoft Security Bulletin - MS02-054:
Unchecked Buffer in File Decompression Functions Could Lead to Code
Execution

Full Bulletin available at:
http://www.microsoft.com/technet/security/bulletin/MS02-054.asp


=

2. 

Microsoft Security Bulletin - MS02-055:
Unchecked Buffer in Windows Help Facility Could Enable Code Execution 

Full Bulletin available at:
http://www.microsoft.com/technet/security/bulletin/MS02-055.asp


=

3.

Microsoft Security Bulletin - MS02-056:
Cumulative Patch for SQL Server 

Full Bulletin available at:
http://www.microsoft.com/technet/security/bulletin/MS02-056.asp


=

4.

Microsoft Security Bulletin - MS02-057:
Flaw in Services for Unix 3.0 Interix SDK Could Allow Code Execution

Full Bulletin available at:
http://www.microsoft.com/technet/security/bulletin/MS02-057.asp


=




Reprinted with permission of Microsoft Corporation.
-

--

For additional information or assistance, please contact the HELP Desk
by 
telephone or Not Protectively Marked information may be sent via EMail
to:

[EMAIL PROTECTED]
Tel: 020 7821 1330 Ext 4511
Fax: 020 7821 1686

-

--
UNIRAS wishes to acknowledge the contributions of Microsoft for the
information
contained in this Briefing. 
-

--
This Briefing contains the information released by the original author.
Some 
of the information may have changed since it was released. If the
vulnerability 
affects you, it may be prudent to retrieve the advisory from the
canonical site 
to ensure that you receive the most current information concerning that
problem.

Reference to any specific commercial product, process, or service by
trade 
name, trademark manufacturer, or otherwise, does not constitute or imply

its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The
views 
and opinions of authors expressed within this notice shall not be used
for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they
shall 
not be liable for any loss or damage whatsoever, arising from or in
connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams
(FIRST) 
and has contacts with other international Incident Response Teams (IRTs)
in 
order to foster cooperation and coordination in incident prevention, to
prompt 
rapid reaction to incidents, and to promote information sharing amongst
its 
members and the community at large. 
-

--
End of UNIRAS Briefing
-BEGIN PGP SIGNATURE-
Version: PGP 7.0.4

iQCVAwUBPaGFP4pao72zK539AQH+DgP/fIPpAxOm+T9D/D1e2Prwu6VfPvP/pa7Q
dk7aic2UXfTs6cyB3uVFr0+rqUCYX3ht8xujz7ZY68hcbcUXmvoHHkztDigCqwXv
DQP3qgeMm3OXPv17iAsA6rcqyzM38ivQuFOJoG1uG15+WTt2hIWTWxq3bGGNRwab
IFxC7HxkOvM=
=tWBz
-END PGP SIGNATURE-




IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - News 10/15/02

[Wanja Eric Naef [IWS]]

_

  London, Tuesday, October 15, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to [EMAIL PROTECTED] with subscribe
infocon in the body

To unsubscribe - send an email to [EMAIL PROTECTED] with
unsubscribe
infocon in the body

-

_


  
  [News Index]
  

[1] Bluetooth may leave PDAs wide open
[2] Security tops list of reasons not to deploy Web Services
[3] Former FBI chief takes on encryption
[4] Outlook Express flaw helps hackers
[5] Terror Czar: The War Is Digital  

[6] Task force urges distributed intelligence
[7] Sendmail downloads hit by random hack
[8] How to hack people
[9] (HS) Tough decisions
[10] US Copyright Office wakes up to flaws in anti-hacking law

[11] China clamps down on Net cafes - again
[12] FBI to build forensics center in Silicon Valley
[13] Bush advisor: Cybercrime costs us billions
[14] Linux firewalls: IT Manager's top picks
[15] Mozilla's 'Code of Silence' Isn't

[16] Lawmakers focus on security-related technology issues
[17] House committee votes to create E-gov administrator

_

News
_


[1] Bluetooth may leave PDAs wide open
15:26 Thursday 10th October 2002
Peter Judge   

RSA 2002: If you have Bluetooth, make sure security is enabled, or
others might snoop your contacts or even make calls from your phone 
Bluetooth-enabled phones and PDAs may have a gaping security gap, which
could allow other people to read data such as personal contacts and
appointments, and even make phone calls using the owner's identity. Some
of these devices are shipped with the security features in Bluetooth
disabled, allowing other Bluetooth devices access, according to RSA
Security. 

I have stood at the RSA booth in conferences, with my phone paging for
other devices, and watched other people's devices show up, said Magnus
Nystrom, technical director of RSA Security. Many devices simply allowed
access without demanding a pairing code, said Nystrom, and would have
allowed him to examine the personal data of passers-by, or even to make
calls with their phones. 

http://news.zdnet.co.uk/story/0,,t460-s2123677,00.html 

http://www.theregister.co.uk/content/55/27572.html 

http://www.washingtonpost.com/wp-dyn/articles/A11227-2002Oct11.html 

 

[2] Security tops list of reasons not to deploy Web Services
By ComputerWire
Posted: 11/10/2002 at 08:54 GMT
 
End-to-end security of web services forms the most significant barrier
to implementation by organizations, but this is not expected to hinder
future development. 

A biannual survey of North American developers by Evans Data found 24%
of respondents list security concerns as the number one reason for not
rolling out web services - a growth of five percentage points since
Evans previous survey, conduced in March.

http://www.theregister.co.uk/content/55/27560.html 

 

[3] Former FBI chief takes on encryption
11:43 Tuesday 15th October 2002
Declan McCullugh, CNET News.com   


Louis Freeh may have lost his battle against allowing encryption when he
was at the FBI, but he is continuing the fight now he's left the federal
agency 
When Louis Freeh ran the FBI, he loved nothing more than launching into
a heartfelt rant against the dangers of encryption technology. 

In dozens of hearings and public speeches, the FBI director would urge
Congress to limit encryption products, such as Web browsers and email
scrambling utilities, that did not include backdoors for government
surveillance. 

http://news.zdnet.co.uk/story/0,,t269-s2123893,00.html 

 

[4] Outlook Express flaw helps hackers 
 
Oops, we did it again. Again...
 
Microsoft has warned Outlook Express users that a software flaw could
allow an online vandal to control their computers.

A critical vulnerability in the email reader could allow an attacker to
send a specially formatted message that would crash the software and
potentially take control of the 

[INFOCON] - CRYPTO-GRAM, October 15, 2002

[Wanja Eric Naef [IWS]]

-Original Message-
From: Bruce Schneier [mailto:[EMAIL PROTECTED]] 
Sent: 15 October 2002 23:50
To: [EMAIL PROTECTED]
Subject: CRYPTO-GRAM, October 15, 2002

  CRYPTO-GRAM

October 15, 2002

   by Bruce Schneier
Founder and CTO
   Counterpane Internet Security, Inc.
[EMAIL PROTECTED]
  http://www.counterpane.com


A free monthly newsletter providing summaries, analyses, insights, and 
commentaries on computer security and cryptography.

Back issues are available at 
http://www.counterpane.com/crypto-gram.html.  To subscribe, visit 
http://www.counterpane.com/crypto-gram.html or send a blank message 
to [EMAIL PROTECTED]

Copyright (c) 2002 by Counterpane Internet Security, Inc.


** *** * *** *** *

In this issue:
  National Strategy to Secure Cyberspace
  More on AES Cryptanalysis
  Crypto-Gram Reprints
  The Doghouse:  GreatEncryption
  News
  Counterpane News
  One-Time Pads
  Comments from Readers


** *** * *** *** *

 National Strategy to Secure Cyberspace



On 18 September, the White House officially released its National 
Strategy to Secure Cyberspace.  Well, it didn't really release it on 
that date; versions had been leaking here and there for a while.  And 
it really isn't a national strategy; it's just a draft for 
comment.  But still, it's something.

No, it isn't.  The week it was released I got all sorts of calls from 
reporters asking me what I thought of the report, whether the 
recommendations made sense, and why certain things were omitted.  My 
primary reaction was: Who cares?  It doesn't matter what the report
says.

For some reason, Richard Clarke continues to believe that he can 
increase cybersecurity in this country by asking nicely.  This 
government has tried this sort of thing again and again, and it never 
works.  This National Strategy document isn't law, and it doesn't 
contain any mandates to government agencies.  It has lots of 
recommendations.  It has all sorts of processes.  It has yet another 
list of suggested best practices.  It's simply another document in my 
increasingly tall pile of recommendations to make everything 
better.  (The Clinton Administration had theirs, the National Plan for 
Information Systems Protection.  And both the GAO and the OMB have 
published cyber-strategy documents.)  But plans, no matter how detailed 
and how accurate they are, don't secure anything; action does.

And consensus doesn't secure anything.  Preliminary drafts of the plan 
included strong words about wireless insecurity, which were removed 
because the wireless industry didn't want to look bad for not doing 
anything about it.  Preliminary drafts included a suggestion that ISPs 
provide all their users with personal firewalls; that was taken out 
because ISPs didn't want to look bad for not already doing something 
like that.

And so on.  This is what you get with a PR document.  You get lots of 
varying input from all sorts of special interests, and you end up with 
a document that offends no one because it demands nothing.

The worst part of it is that some of the people involved in writing the 
document were high-powered, sincere security practitioners.  It must 
have been a hard wake-up call for them to learn how things work in 
Washington.  You can tell that a lot of thought and effort went into 
this document, and the fact that it was gutted at the behest of special 
interests is shameful...but typical.

So now everyone gets to feel good about doing his or her part for 
security, and nothing changes.

Security is a commons.  Like air and water and radio spectrum, any 
individual's use of it affects us all.  The way to prevent people from 
abusing a commons is to regulate it.  Companies didn't stop dumping 
toxic wastes into rivers because the government asked them 
nicely.  Companies stopped because the government made it illegal to do
so.

In his essay on the topic, Marcus Ranum pointed out that consensus 
doesn't work in security design.  Consensus security results in some 
good decisions, but mostly bad ones.  By itself consensus isn't
harmful; it is the compromises that are almost always harmful, because 
the more parties you have in the discussion, the more interests there 
are that conflict with security.  Consensus doesn't work because the 
one crucial party in these negotiations -- the attackers -- aren't 
sitting around the negotiating table with everyone else.  And the 
hackers don't negotiate anyhow.  In other words, it doesn't matter if 
you achieve consensus...; whether it works or not is subject to a 
different set of rules, ones over which your wishes exercise zero
control.

If the U.S. government wants something done, they should pass a 
law.  That's what governments do.  It's like pollution; don't mandate 
specific technologies, legislate results.  Make companies liable 

[INFOCON] - News 10/23/02

[Wanja Eric Naef [IWS]]

_

  London, Wednesday, October 23, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to [EMAIL PROTECTED] with subscribe
infocon in the body

To unsubscribe - send an email to [EMAIL PROTECTED] with
unsubscribe
infocon in the body

-

_


  
  [News Index]
  

[1] Attack on Net servers fails
[2] Could a Worm Take Over the Net in Minutes?
[3] Less noise at the CIA  
[4] Inside ICANN - The Jonathan Cohen Interview - part 1
[5] Software security--a matter of trust

[6] Army making strides in intell
[7] Web of deceit
[8] Web Vandalism on the Rise
[9] E-tailers join up to fight online fraud
[10] UK ISPs balk at giving customer data to police

[11] PsyOps leaflets may be dropped again
[12] PSYOPS battalion heading to Iraq?
[13] Encryption gets business boost
[14] PGP reborn makes its pitch for the mainstream
[15] Army mobilized on Objective Force

[16] Customs planning classified net
[17] Agencies collaborate with industry on nuclear supercomputer

_

News
_

(It is very difficult to attack such systems as there are too many
redundancies. Such an attack would only have a chance of success if it
lasted for a long time as other DNS servers would then be unable to
update their lists. What I am interested in is to know what would happen
if the US decided to cut off some countries and removed their domains
from the root DNS, would there be an impact? Does anyone know? WEN)

'... Still, the results were not severe. According to Matrix NetSystems,
the peak of the attack saw the average reachability for the entire DNS
network dropped only to 94 percent from its normal levels near 100
percent.  ...'

[1] Attack on Net servers fails 

By Robert Lemos 
Staff Writer, CNET News.com
October 22, 2002, 7:40 PM PT

An attempt to cripple the computers that serve as the address books for
the Internet failed Monday. 

The so-called distributed denial-of-service attack leveled a barrage of
data at the 13 domain-name service root servers beginning around 1 p.m.
PDT Monday and apparently is ongoing, according to Internet performance
measurement company Matrix NetSystems. Traffic from several Internet
service providers have been slightly delayed, but because the domain
name system is spread out and because the 13 root servers are the last
resort for address searches, the attack had almost no effect on the
Internet itself.

http://news.com.com/2100-1001-963005.html 

Net backbone comes under cyberattack
http://www.boston.com/dailyglobe2/296/business/Net_backbone_comes_under_
cyberattack+.shtml 

Key Internet servers hit by attack
http://www.cnn.com/2002/TECH/internet/10/23/internet.attack.ap/index.htm
l

Hackers' bid to cripple Internet fails 
http://www.abc.net.au/news/scitech/2002/10/item20021023130601_1.htm 

Root server DoS attack slows net
http://www.theregister.co.uk/content/6/27731.html 
 
 

(The paper is quite a cybergeddon scenario, but it is still interesting
to read. Luckily reality looks different as most (but not all)
virus/worm creators are quite lame, i.e. Nimda, Cod Red were quite
primitive compared to what would have been possible. I would be really
surprised if someone came up with a perfect virus or worm. Nevertheless,
I would not be surprised if the military were working on such a program
in research labs as it got potential. WEN)

[2] Could a Worm Take Over the Net in Minutes?

Could a Worm Take Over the Net in Minutes?
 
Researchers are warning of dangerous new worms that would be almost
impossible to stop, but not everyone is convinced.

Ellen Messmer, Network World
Tuesday, October 22, 2002

Computer science researchers are predicting new types of dangerous worms
that would be able to infect Web servers, browsers, and other software
so quickly that the working Internet itself could be taken over in a
matter of minutes.

Though still in the realm of theory, the killer worms described in a
research paper entitled, How to Own the Internet in Your Spare Time,
are triggering some skepticism but 

[INFOCON] - News 10/18/02

[Wanja Eric Naef [IWS]]

_

  London, Friday, October 18, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to [EMAIL PROTECTED] with subscribe
infocon in the body

To unsubscribe - send an email to [EMAIL PROTECTED] with
unsubscribe
infocon in the body

-

_


  
  [News Index]
  

[1] Barriers block efforts to guard privacy  
[2] www.formatex.org/isbook/callforpaper  
[3] Online sourcing fails to deliver
[4] Clarke Solicits Cyber-Security Input at MIT
[5] Senate passes cyber RD funding

[6] Can a Hacker Outfox Microsoft?  
[7] Glitches irk online bill payers
[8] Al Qaeda shifts strategy
[9] Where The E-Commerce Jobs Are
[10] UK firm touts alternative to digital certs

[11] Spammers crack through Windows
[12] U.S. Attorney's Office in Dallas forms cybercrime unit
[13] MasterCard bites back on Aust credit card hacking
[14] Symantec on a roll, thanks to security boom
[15] Secure Linux desktop begins shipping to UK police force

[16] Agencies collaborate to beef up airport security
[17] Customs accused of failing to protect against nuclear smuggling

_

News
_


[1] Barriers block efforts to guard privacy  
John Schwartz The New York Times 
Friday, October 18, 2002  
 
 
NEW YORK Businesses, responding to lawmakers and consumers, say they are
giving customers more control over the ways their personal information
is used and sold.

But in fact, many companies all but frustrate their customers' attempts
to exercise that control.

Barbara Bechtold of Sacramento, California, recounts the unending
process of trying to keep companies from selling her e-mail address and
the details of her credit card accounts, insurance policies and mortgage
inquiries. When she tried to tell Pacific Bell not to share information
that some phone companies sell - including calling habits - she said she
found herself confronted with an automated voice. Most people, faced
with too much twiddling and clicking, will get disgusted and say, 'Oh,
forget it!' rather than try to get off those lists, Bechtold said.

http://www.iht.com/articles/74120.html 

 

[2] www.formatex.org/isbook/callforpaper.htm

-Original Message-
From: ISBOOK 2002 [mailto:isbook2002;formatex.org] 
Sent: 17 October 2002 18:22
To: Wanja Eric Naef [IWS]
Subject: reminder chapters submission

Dear Colleagues,

this is to remind that deadline for chapters submission for our
forthcoming
edition Techno-legal aspects of Information Society and New Economy:an
Overview, is November 25th 2002. You can see the preliminary list of
accetped contributions to date at the edition website
www.formatex.org/isbook/callforpaper.htm , which already include a
number of
very reputed national (Spain) and international authors:

Thank you for your attention

Jose Antonio Mesa Gonzalez
Formatex

*-*-*-*-*-*-*-*-*-*-*

Estimados amigos,

os recordamos que la fecha límite para el envio de propuestas
(Capítulos)
para nuestra proximo libro titulado Techno-Legal aspects of Information
Society and New Education: an Overview es el 25 de Noviembre de 2002.
Podeis ver una lista preliminar del contenido que hasta ahora tiene la
edición en la web de la misma, que cuenta ya con algunos autores muy
destacados tanto a nivel nacional como internacional:

www.formatex.org/isbook/callforpaper.htm

Un cordial saludo a todos.

Jose Antonio Mesa Gonzalez
Formatex

 

[3] Online sourcing fails to deliver 
by  Daniel Thomas 
Thursday 17 October 2002  
 
Online sourcing is delivering far lower savings to business than
expected because of hidden costs inherent in the new purchasing model,
Forrester Research has warned.
 
In a report released last week, the analyst firm said that European
companies have failed to achieve the levels of cost savings hoped for
from online sourcing initiatives. 

Forrester puts the failures down to fudged price comparisons and weak
purchasing compliance. 

David Metcalfe, senior analyst at Forrester, said companies should

[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-168 Date: 18 October2002

[Wanja Eric Naef [IWS]]

OCIPEP DAILY BRIEF Number: DOB02-168 Date: 18 October 2002

http://www.ocipep.gc.ca/DOB/DOB02-168_e.html

NEWS 

OCIPEP issues Incident Analysis
OCIPEP issued Incident Analysis IA02-001, on 17 October 2002, of the
lessons learned following the 11 September 2001 terrorist attacks in New
York and Washington. The Incident Analysis, titled The September 11,
2001 Terrorist Attacks - Critical Infrastructure Protection Lessons
Learned is meant to assist Canadian critical infrastructure (CI) owners
and operators with their business continuity planning and emergency
management (EM) preparations by identifying critical infrastructure
protection (CIP) and EM lessons that can be learned from these tragic
events. The analysis is based on open source information and feedback
provided by CIP and EM partners. 

Alberta emergency preparedness questioned - Auditor General of Alberta
annual report
According to the Auditor General of Alberta annual report, released 17
October 2002, Alberta is currently ill-equipped to cope with natural
disasters or other emergencies. The report states that the Province's
Government Emergency Operations Centre (GEOC) has poor security, is not
big enough and is generally unsuitable as a command centre. The report
suggests that the task of making the province disaster-resistant is
rendered more difficult by several factors, including: the devolution of
responsibility for emergency preparedness to municipalities (creating
greater potential for variation in plans); the difficulty of
coordinating effective emergency preparedness amongst the large number
of stakeholders, including provincial government departments, municipal
governments, First Nations, industry and the federal government; and the
increase in the risk of diseases, such as foot-and-mouth and mad cow
disease, and threats of domestic terrorism. (Source: Auditor General of
Alberta, 17 October 2002)

To view the full Auditor General of Alberta report, got to
http://www.oag.ab.ca/ and click on the Annual Reports link. The section
of the document related to emergency preparedness is recommendation no.
46. 

OCIPEP Comment: Alberta's current legislation regarding emergency
preparedness is generally regarded to be one of Canada's most
comprehensive and far-reaching pieces of provincial emergency management
(EM) legislation. (As acknowledged in the Auditor's report, Alberta's
legislation compels municipalities to have an emergency response plan in
place, to review it every two years and to exercise it every four
years.) This most recent AG's report may have the benefit of bringing
attention to any outstanding issues related to EM in Alberta. The
requirement for a new Alberta Government Emergency Operations Centre has
been identified for some time now and is part of on-going discussions on
co-location with OCIPEP's Alberta Regional Office. Correctives actions
have been initiated for some time by officials of ADS in regard to
coordination of plans at both the municipal and provincial levels. A
provincial template for emergency plans has been in place for some time
now for use by provincial departments and District Officers of ADS work
with municipal officials in reviewing their plans on a regular basis.
Additionally these plans will be evaluated in accordance with an
approved standardized exercise template, now being implemented. Since
September 11, 2001, Alberta has worked with multiple stakeholders,
including federal partners and the private sector in developing a
counter-terrorism process for the province.

Instant message programs are high security risks: Analysis
Information Security e-zine provides an analysis of instant message (IM)
services available on the Internet indicating that these services are
potentially vulnerable to hacker attacks and that most users are not
aware of the security risks associated with IM and other peer-to-peer
applications. The article states that because IM is so widely available
and because it has few security features, IT security managers need to
find ways to curb its use in the workplace. Instant messaging
vulnerabilities can be used by hackers to gain access to workstations,
and from there to the internal network. The analysis describes features
of the four most popular IM applications and their associated
vulnerabilities. (Source: infosecuritymag.com, August 2002)
Click here for the source article


OCIPEP Comment: OCIPEP Daily Brief DOB02-070, released 29 May 2002,
reported that IM services were particularly vulnerable to hacker exploit
attempts. Interestingly, this latest analysis was published shortly
after several financial services firms formed the Financial Services
Instant Messaging Association (FIMA) earlier this summer. The committee
has a stated goal of fostering technical harmony among IM providers
Yahoo, AOL, MSN and others. For the finance industry, IM is vital for
internal and client communications; a lack of IM interoperability has
been a source of increasing frustration. (Source: 

[INFOCON] - News 10/22/02

[Wanja Eric Naef [IWS]]

_

  London, Tuesday, October 22, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to [EMAIL PROTECTED] with subscribe
infocon in the body

To unsubscribe - send an email to [EMAIL PROTECTED] with
unsubscribe
infocon in the body

-

_


  
  [News Index]
  

[1] E-gov lays security net
[2] Hundreds of Navy computers 'missing'
[3] Army locks down wireless LAN
[4] Lack of training your biggest threat
[5] Guidelines for Reporting Security Incidents

[6] Agency adds do-it-yourself security
[7] Privacy Czar: Past Haunts Present  
[8] Comeback of the hacker king
[9] E-card Sneakware Delivers Web Porn
[10] Hackers, government join in fight for Internet freedom

[11] VPNs? There must be better ways to wireless security
[12] Professor's Case: Unlock Crypto  
[13] MS patches insecurity trio
[14] Report says visa process improved after terrorist attacks
[15] Busting Pop-up Spam

[16] Security Concerns in Licensing Agreements, Part Two: Negotiating
[17] Agencies' IT budgets on 'roller coaster,' group says
[18] FTC forces spammer to refund domain fees
[19] Government security experts urge Whitehall to adopt US cryptography
[20] Why Dotcoms Failed (and What You Can Learn From Them)

[21] An E-Mayor for Virtual L.A. City  
[22] A tough case to crack

_

News
_


[1] E-gov lays security net
Efforts form homeland security foundation
BY Dibya Sarkar 
Oct. 21, 2002 

By most accounts, homeland security is the top concern among mayors and
other local officials, who say they have no choice but to shift funds
for overtime costs, preparation and training, and enhanced security
measures at the expense of other programs. Those expenses, coupled with
the troubled economy and promised federal dollars that haven't yet
arrived, may force municipalities to scale back or even scrub some
programs.

http://www.fcw.com/fcw/articles/2002/1021/pol-egov-10-21-02.asp 

 

[2] Hundreds of Navy computers 'missing'
11:25 Monday 21st October 2002
Reuters

The US Navy has lost track of many computers that may have handled
classified data, finds an audit. And this may be just the tip of the
iceberg 
The US Pacific Fleet's warships and submarines were missing nearly 600
computers as of late July, including at least 14 known to have handled
classified data, an internal Navy report obtained on Friday said.

The fleet, based in Pearl Harbor, Hawaii, sought to prevent release of
the Naval Audit Service report, even though it was not classified.

http://news.zdnet.co.uk/story/0,,t269-s2124182,00.html 

http://www.cw360.com/bin/bladerunner?REQUNIQ=1035289799REQSESS=Jc622399
REQHOST=site12131REQEVENT=CFLAV=1CCAT=2CCHAN=22CSESS=6680898CSEAR
CH=CTOPIC=CPAGEN=Article%20PageCPAGET=-9CARTI=116804CARTT=14 

 

[3] Army locks down wireless LAN
Texas base uses formula of strength through diversity
BY Paul Korzeniowski 
Oct. 21
 
Fort Sam Houston is a prime candidate for wireless networks. The San
Antonio installation is home to the commanders of the Army's medical
systems and supports various military training services, including
battle simulation. Because other tactical groups often conduct tests at
the site, a network may be installed for a week, a few months or even a
year.

http://www.fcw.com/fcw/articles/2002/1021/spec-army-10-21-02.asp 

 

[4] Lack of training your biggest threat
By David Southgate
TechRepublic
October 17, 2002
 
Contrary to popular belief, corporate sabotage is among the least likely
causes of computer security breaches. 

According to an April 2002 survey by the Computer Security Institute,
sabotage accounted for just 8 percent of system attacks in 2002.
Security breaches are more often due to errors by end users or
administrators. The inadvertent gaffes are the main culprits for
introducing viruses, allowing denial of service attacks, and opening
entryways to supposedly secured data. 

[INFOCON] - EPIC Alert 9.20

[Wanja Eric Naef [IWS]]

-Original Message-
From: [EMAIL PROTECTED]
[mailto:epic_news-admin;mailman.epic.org] On Behalf Of EPIC News
Sent: 24 October 2002 22:15
To: [EMAIL PROTECTED]
Subject: EPIC Alert 9.20


 ==

     @@@    @@     @
 @ @  @   @   @@ @   @ @ @  @@
   @@@@   @   @  @ @@@   @@@ @
 @ @  @   @   @   @  @ @ @  @@
   @ @@@  @   @      @   @   @

 ==
 Volume 9.20   October 24, 2002
 --

  Published by the
Electronic Privacy Information Center (EPIC)
  Washington, D.C.

   http://www.epic.org/alert/EPIC_Alert_9.20.html

===
Table of Contents
===

[1] EPIC FOIA Lawsuit Seeks USA PATRIOT Act Information
[2] EPIC Files Comments at FCC to Protect Telephone Privacy
[3] Public Protest Over Data Retention Increases in Europe
[4] DC City Council Discusses Regulation of Surveillance Cameras
[5] National Academies Report on Sensitive but Unclassified
[6] California Leads States in Privacy Protection
[7] EPIC Bookstore - CTRL [SPACE]
[8] Upcoming Conferences and Events

===
[1] EPIC FOIA Lawsuit Seeks USA PATRIOT Act Information
===

The Electronic Privacy Information Center today filed a Freedom of
Information Act (FOIA) lawsuit asking a federal court to order the
Department of Justice to account for its use of the extraordinary new
surveillance powers granted to it by Congress last year.  The records
requested concern the government's implementation of the USA PATRIOT
Act, legislation that was passed in the wake of the September 11
terrorist attacks.  By amending laws such as the Foreign Intelligence
Surveillance Act (FISA), the USA PATRIOT Act vastly expanded the
government's authority to obtain personal information about those
living in the United States, including United States citizens.

EPIC and the American Civil Liberties Union filed the lawsuit as
attorneys for their organizations and for the American Booksellers
Foundation for Free Expression and the Freedom to Read Foundation,
citing concerns that the new surveillance laws threaten the First
Amendment-protected activities of librarians, library patrons,
booksellers and their customers, and investigative journalists.  The
FOIA request, which was submitted to DOJ and the FBI on August 21,
seeks general information about the use of new surveillance powers,
including the number of times the government has:

   Directed a library, bookstore or newspaper to produce tangible
   things, e.g, the titles of books an individual has purchased or
   borrowed or the identity of individuals who have purchased or
   borrowed certain books;

   Initiated surveillance of Americans under the expanded Foreign
   Intelligence Surveillance Act;

   Conducted sneak and peek searches, which allow law enforcement
   to enter people's homes and search their belongings without
   informing them until long after;

   Authorized the use of devices to trace the telephone calls or
   e-mails of people who are not suspected of any crime;

   Investigated American citizens or permanent legal residents on
   the basis of activities protected by the First Amendment (e.g.,
   writing a letter to the editor or attending a rally).

Some of the information was previously sought by the House Judiciary
Committee, and last week Rep. James Sensenbrenner (R-WI), the Chairman
of the Committee, reported that he had received some of the
information in classified form.

The EPIC/ACLU court complaint is available at:

  http://www.epic.org/privacy/terrorism/patriot_foia_complaint.pdf

Information on the USA PATRIOT Act is available at:

  http://www.epic.org/privacy/terrorism/usapatriot/

===
[2] EPIC Files Comments at FCC to Protect Telephone Privacy
===

On October 21, EPIC filed comments with the Federal Communications
Commission (FCC) urging it to protect the privacy of telephone
customers when a telecommunications company goes out of business or
wants to sell customer information as a business asset.

The comments relate to the use by telecommunications carriers of
customer proprietary network information (CPNI), which includes the
name, telephone number, call information and services subscribed to by
a telephone 

[INFOCON] - (HS) Hart-Rudman Task Force on Homeland Security

[Wanja Eric Naef [IWS]]

A Year after 9/11, America Still Unprepared for a Terrorist Attack,
Warns New Hart-Rudman Task Force on Homeland Security .

Executive summary:

http://www.cfr.org/publication.php?id=5100.xml 

Full text:

http://www.cfr.org/publication.php?id=5099

http://www.cfr.org/pdf/Homeland_Security_TF.pdf  



Council on Foreign Relations


Executive summary:

America Still Unprepared - America Still in Danger,
An Independent Task Force

Sponsored by the Council on Foreign Relations

October 25, 2002 - A year after 9/11, America remains dangerously
unprepared to prevent and respond to a catastrophic attack on U.S. soil,
concludes a blue-ribbon panel led by former Senators Warren Rudman and
Gary Hart-co-chairs of the now famous Commission on National Security
that warned of such a terrorist attack three years ago.

The Independent Task Force, which came to this sober conclusion and
which makes recommendations for emergency action, included two former
secretaries of state, two Nobel laureates, two former chairmen of the
Joint Chiefs of Staff, a former director of the CIA and FBI, and some of
the nation's most distinguished financial, legal, and medical experts.
One of the country's leading authorities on homeland security, Council
Senior Fellow Stephen Flynn, directed the Task Force.

If the nation does not respond more urgently to address its
vulnerabilities, the Task Force warns, the next attack could result in
even greater casualties and widespread disruption to our lives and
economy.

The critical need to make specific preparatory acts is made even more
imperative by the prospect that the United States might go to war with
Iraq and that Saddam Hussein might threaten the use of weapons of mass
destruction in America.

The Task Force credits the Bush administration, Congress, governors and
mayors for taking important measures since 9/11 to respond to the risk
of catastrophic terrorism, and does not seek to apportion blame about
what has not been done or not done quickly enough. The report is aimed,
rather, at closing the gap between our intelligence estimates and
analysis-which acknowledge immediate danger on the one hand-and our
capacity to prevent, mitigate and respond to these attacks on the other.

Among the risks that still confront the United States:

650,000 local and state police officials continue to operate in a
virtual intelligence vacuum including having no access to terrorist
watch lists provided by the U.S. Department of State to immigration and
consular officials. 

While 50,000 federal screeners are being hired at the nation's airports
to check passengers, only the tiniest percentage of containers, ships,
trucks, and trains that enter the United States each day are subject to
examination-and a weapon of mass destruction could well be hidden among
this cargo. 
First responders-police, fire, emergency medical personnel-are not ready
to respond to a chemical or biological attack. Their radios can't talk
with one another and they lack the training and protective gear to
protect themselves and the public in an emergency. The consequence of
this could be the unnecessary loss of thousands of American lives. 

An adversary intent on disrupting America's reliance on energy need not
target oilfields in the Middle East. The homeland infrastructure for
refining and distributing energy to support our daily lives remains
largely unprotected to sabotage. 

Our own ill-prepared response has the capacity to hurt us to a much
greater extent than any single attack by a terrorist. America is a
powerful and resilient nation and terrorists are not supermen. But the
risk of self-inflicted harm to our liberties and way of life is greatest
during and immediately following a national trauma. 

To deal with these and other weaknesses, the Task Force makes a number
of recommendations for emergency action, including the following:

Make first responders ready to respond by immediately providing federal
funds to clear the backlog of requests for protective gear, training,
and communications equipment. State and local budgets cannot bankroll
these necessities in the near term. 

Recalibrate the agenda for transportation security; the vulnerabilities
are greater and the stakes are higher in the sea and land modes than in
commercial aviation. 

Strengthen the capacity of local, state, and federal public heath and
agricultural agencies to detect and conduct disease outbreak
investigations. The key to mitigating casualties associated with a
biological attack against people or the food supply is to identify the
source of infection as early as possible. 

Empower front line agents to intercept terrorists by establishing
24-hour operations centers in each state that can provide access to
terrorist watch list information via real time intergovernmental links
between local and federal law enforcement 

Fund, equip, and train National Guard units around the country to ensure
they can support the new state homeland security plans under 

[INFOCON] - News 10/17/02

[Wanja Eric Naef [IWS]]

_

  London, Thursday, October 17, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to [EMAIL PROTECTED] with subscribe
infocon in the body

To unsubscribe - send an email to [EMAIL PROTECTED] with
unsubscribe
infocon in the body

-

_


  
  [News Index]
  

[1] DARPA developing info awareness
[2] Beneath the Threat of Cyber-Terror
[3] Existing technologies could bridge information gaps
[4] Existing technologies could bridge information gaps
[5] Security Expert Gives Operating Systems Poor Security Grade

[6] Senate moves closer to homeland security compromise
[7] World Cybercrime Experts See Need for Laws, Ties  
[8] A Deadly Cocktail of Cyber and Physical Attack
[9] (UK) Police put Linux on trial
[10] More Americans go online

[11] Copyrights, Wrongs Get a Review  
[12] Online industry ignorant of new laws
[13] Symantec warns of security hole in firewall products
[14] Handy future for online security
[15] MS beta site cracked

[16] Identifying and Tracking Emerging and Subversive Worms Using ...
[17] Energy Department rolls out e-gov plan
[18] Westminster man sentenced in trade-secrets case

_

News
_


[1] DARPA developing info awareness
BY Dan Caterinicchia 
Oct. 17, 2002 

The Defense Advanced Research Projects Agency is developing a total
information awareness system to enable national security analysts to
detect, classify, track, understand and pre-empt terrorist attacks
against the United States.

The system, parts of which are already operational, will bring together
other systems and technologies to help military and intelligence
analysts make decisions related to national security, said Robert Popp,
deputy director of DARPA's Information Awareness Office, which is
heading up the effort.

http://www.fcw.com/fcw/articles/2002/1014/web-darpa-10-17-02.asp 

 

(FUD, FUD FUD, ... I am amazed to which experts journalists go sometimes
and believe everything. For example I am not a PsyOps experts (I am very
interested in Influence Operations, but I do not consider myself a
subject expert), but I have been contacted by British print and radio
press and a US TV news network to comment about  which I usually
kindly reject (even though I have to admit the prime time US news thing
was tempting).



... A well-orchestrated terrorist group like Al Qaeda would have the
capabilities, the allegiances, the technical skill-sets... they've
already demonstrated that ability, Schwartau said. Whatever the
hackers know, the bad guys can know, if they choose to know it. ...



H what a statement! I still love Securitynewsportal's comments to a
similar statement few months ago which said:
 
'The Al Qaeda could also be preparing to fly to the moon under their own
power... but reality and the laws of gravity dictate that they might
have a hard time... There is a significant difference between what
people 'want' to do and what they are 'able' to do... The drunken
hamster wants to date a blonde 19 year old beauty queen... Want to guess
what his chances for success are ?'

*

... Goggans says a terrorist-caused blackout could have deadly effects.
Are you on an iron lung? Are you in the area of a major hospital? Who
knows what could happen? A lot of things are really dependent on power,
he said. ...

*

I really wonder sometimes: there were major blackout (naturally not
caused by cyberterrorists) and people managed to survive.

***

'... Meanwhile, the chance for cyber-terrorists to easily break in to
wireless systems is growing all the time. While the tech sector remains
extremely weak, wireless is booming. ...'

*

Gee, do I have to be afraid now that Bin Laden is going to wardrive
around Wimbledon to break into my PC?  Such articles are not
constructive as they do not help to educate the average John  Jane Doe
on the street about real
security issues and some journalists should think twice before
publishing such rubbish. WEN)

[2] Beneath the Threat of Cyber-Terror

By 

[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-167 Date: 17 October2002

[Wanja Eric Naef [IWS]]

http://www.ocipep.gc.ca/DOB/DOB02-167_e.html 

OCIPEP DAILY BRIEF Number: DOB02-167 Date: 17 October 2002

NEWS 

Canada's environment threatened by U.S. greenhouse emissions
A report entitled America's Gas Tank, the high cost of Canada's oil and
gas export strategy, jointly issued by the Natural Resources Defence
Council and the Sierra Club of Canada, states that Canada's oil and gas
drilling boom of the past decade, which resulted in the exportation of
commodities to the U.S., has been destroying Canada's wilderness with
greenhouse emissions. (Source: sierraclub.ca; nrdc.org, 16 October 2002)
Click here for the source article - 1
Click here for the source article - 2

OCIPEP Comment: The report can be viewed at the following address:
http://www.nrdc.org/land/use/gastank/gastank.pdf

Infrastructure partnerships proposed
A former director of the Critical Infrastructure Protection program at
the U.S. Department of Energy proposed that the U.S. Office of Homeland
Security sponsor regional Partnerships for Homeland Security, similar
to Pacific Northwest Economic Region (PNWER), which includes five U.S.
states and three Canadian provinces. (Source: computerworld.com, 16
October 2002)
Click here for the source article


OCIPEP comment: As reported in OCIPEP Daily Brief DOB02-120, released 9
August, members of PNWER took part in the Blue Cascades exercise, which
sought to assess the region's ability to respond to a terrorist attack
on critical infrastructures. The scenario resulted in a prolonged power
failure that could have lasted over weeks or months. Participants found
that Blue Cascades met its objectives in highlighting regional
infrastructure interdependencies and the preparedness gap, which must be
addressed in order to create a disaster resistant region. 

CDC recommends smallpox vaccination for hospital staff
As reported in OCIPEP Daily Brief DOB02-166, released October 16, the
Advisory Committee on Immunization Practices (ACIP) of the Centers for
Disease Control and Prevention (CDC) is meeting to pursue a policy on
the potential U.S. responses to a smallpox attack. The ACIP voted 8-1 to
endorse a plan for a mass vaccination of about half a million health
care workers for smallpox. The decision is a revision of an earlier ACIP
recommendation, which suggested the vaccination of just 10,000-20,000
emergency health care workers at regional hospitals designated as
smallpox treatment centres. Under the new plan, vaccinations would be
offered to health care workers at U.S. hospitals capable of handling
smallpox cases. The newly-endorsed recommendation comes closer to,
although not mirroring, the White House proposal, under which health
care workers, first responders and the general public would be offered
vaccinations, in that order. The White House, which will make the final
decision on the vaccination policy, has been weighing the potential
benefits of mass pre-attack vaccination against the health and liability
risks posed by administering the smallpox vaccine to millions of people.
(Source: cnn.com, 16 October 2002; msnbc.com, 17 October 2002)
Click here for the source article - 1
Click here for the source article - 2


OCIPEP comment: According to Health Canada, the ring vaccination
approach remains Canada's intended response to a smallpox outbreak; the
mass vaccination approach is not recommended due to its many risks. The
vaccine for smallpox is not yet approved by the U.S. Food and Drug
Administration (FDA), and can have minor to severe effects on its
recipients. People who have: lowered immune systems (very young and very
old), human immunodeficiency virus (HIV), cancer, transplanted organs,
and/or eczema are especially susceptible to adverse reactions from the
vaccine. Side effects can include extensive skin reactions, systematic
vaccinia infections and encephalitis. It is estimated that approximately
one in one million people die from smallpox vaccine-induced
complications. Additional information on small pox and small pox
vaccination can be found at
http://www.hc-sc.gc.ca/english/epr/smallpox.html

International handbook for critical information infrastructure
protection released
Earlier this year, the Comprehensive Risk Analysis and Management
Network released its annual International Critical Information
Infrastructure Protection (CIIP) Handbook. It focuses on aspects of CIIP
related to security policy and methodology. The security policy
perspective evaluates policy efforts for the protection of critical
information infrastructure in eight countries, including Canada. The
methodological perspective discusses selected methods and models to
analyze and evaluate various aspects of critical information
infrastructure. The International Critical Information Infrastructure
Protection Handbook can be viewed online or ordered from
http://www.isn.ethz.ch/crn/extended/index.cfm?service=handbook 
(Source : Comprehensive Risk Analysis and Management Network) 

OCIPEP comment: Though the information in 

[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-174 Date: 28 October2002

[Wanja Eric Naef [IWS]]

OCIPEP DAILY BRIEF Number: DOB02-174 Date: 28 October 2002

http://www.ocipep.gc.ca/DOB/DOB02-174_e.html 
 
NEWS 

OCIPEP issues Advisory AV02-046
On 25 October 2002, OCIPEP issued Advisory AV02-046, subsequent to
CERT/CC's report of a new remote buffer overflow in the Kerboros
Administration Daemon. The remote vulnerability could result in the
execution of arbitrary code or commands. It is recommended that users
contact the vendor of the affected software for patches and updates.

OCIPEP Comment: The latest OCIPEP Advisories can be viewed at:
http://www.ocipep.gc.ca/home/index_e.html#upd

Amtrak increases security
U.S. passenger railroad operator Amtrak has increased security of its
trains and stations following last week's FBI warning about possible
terrorist attacks on trains. The increase in security measures, however,
should not be evident to passengers, according to Amtrak President David
Gunn. (Source: abcnews.go.com, 25 October 2002)
Click here for the source article


OCIPEP Comment: As reported in OCIPEP Daily Brief DOB02-173 released 25
October 2002, in response to the threat of terrorist activity, U.S.
officials had begun implementing additional protective measures
including increased presence of law enforcement officers, increased
surveillance of critical areas and improved physical protections. OCIPEP
has no information on specific threats to Canadian critical
infrastructure.

West Nile virus detected in U.K.
In the U.K., the Guardian reports this morning that scientists may have
recently found traces of the virus in dead birds. If confirmed, this
would constitute the first occurrence of the West Nile virus in that
country. (Source: guardian.co.uk, 28 October 2002)
Click here for the source article


OCIPEP Comment: There have been two confirmed West Nile virus deaths in
Canada, while at least 188 people have died in the U.S. to date.
According to reports, meteorologists are predicting a mild winter and
possibly a warm wet spring, conditions that will allow mosquitoes to
thrive next year, increasing the chances that the virus could spread to
most provinces.



 

IN BRIEF  

APEC leaders unite to fight terrorism 
On Sunday, as the Asia-Pacific Economic Cooperation (APEC) forum in
Mexico concluded, APEC leaders endorsed a declaration made by their
senior ministers who said that terrorism in all its forms is a threat
to economic stability in APEC as well as a threat to regional peace and
stability. (Source: economist.com, 28 October 2002)
Click here for the source article


Europe cleans up after windstorm 
A powerful windstorm struck Britain and northwestern Europe on 27
October, bringing with it gusts of up to 150 km/hr, which uprooted trees
and cancelled air, sea and rail travel. Officials said buildings
sustained structural damage. The storm also blew down power lines,
knocking out electricity to thousands of people in England and Wales.
Air France and British Airways cancelled dozens of flights, while ferry
trips to the European mainland were cancelled. Officials in the U.K.
estimate the damage could total up to $150 million. (Source: cbc.ca, 28
October 2002)
Click here for the source article


Series of earthquakes awaken Sicily's Mount Etna
As many as 200 small earthquakes hit the region of Catania, with the
strongest registered at a magnitude of 4.2 on the Richter scale. As a
result, after months of tranquility, Mount Etna erupted spewing lava and
ashes, igniting fires in forests nearby. (Source: reuters.com, 28
October, 2002)





CYBER UPDATES
See: What's New for the latest Alerts, Advisories and Information
Products  

See : News - OCIPEP issues Advisory AV02-046

Threats

Central Command reports on BDS/Nethief.XP.C, which is a Trojan horse
that could allow someone with malicious intent backdoor access to a
computer. If executed, it adds the file IExplorer.exe to the
\windows\%syste% directory and stays resident in memory. It arrives with
the subject line Iraqi FM: US Wants Change in International Law,
Subordinate World to US Hegemony and the attachment IExplorer.exe.
http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_ad
p.php?p_refno=021024-12


Central Command reports on Worm/FriendGreet, which is a worm that
arrives in a user inbox as an electronic greeting card from
http://www.friendgreetings.com; with the subject line RECIPIENT you
have an E-Card from SENDER. If a user clicks on the URL provided, the
page is loaded and the user is prompted to download and run an
msi-installer and to accept 2 separate End User License Agreements
(EULA). If the user agrees, the program will install itself as the
program Friend Greetings.msi or Friend%20Greetings.msi and then send
itself out to all contacts in the user's address book.
http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_ad
p.php?p_refno=021025-10

Vulnerabilities

SecuriTeam reports on a remotely exploitable denial-of-service
vulnerability in IBM Infoprint Remote Management. No known 

[INFOCON] - News 10/29/02

[Wanja Eric Naef [IWS]]

 _

  London, Tuesday, October 29, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to [EMAIL PROTECTED] with subscribe
infocon in the body

To unsubscribe - send an email to [EMAIL PROTECTED] with
unsubscribe
infocon in the body

-

_


  
  [News Index]
  

[1] Of mad snipers and cyber- terrorists
[2] Government, industry debate international IT security center
[3] 'We are the worst security risk' - sys admins confess
[4] RPT-Pro-Islamic hackers gear up for cyber war-experts
[5] Reuters accused of hack attack

[6] Pentagon computers tougher for hackers
[7] Talking security
[8] Universities asked to avert student file sharing
[9] E-Commerce Patent Disputes Erupt
[10] Kournikova virus writer loses appeal and faces 150 hours' community
service

[11] Report: Market forces not enough to improve security
[12] Mexico summit urges anti-piracy action
[13] Perspective: Privacy advocates lose an ally
[14] Australian team patents new firewall technology
[15] Hackers claim to have cracked new secure Xbox

[16] Army vendor team advances FCS
[17] Attack of the Mod Squads

_

News
_


[1] Of mad snipers and cyber- terrorists
By Thomas C Greene in Washington
Posted: 29/10/2002 at 01:34 GMT

Last Monday the Internet was attacked in what one Washington official
described as the most sophisticated and largest assault in its
history. Eight of thirteen root DNS servers got whacked simultaneously
with a distributed denial of service attack. Had the assault not been
shut down in an hour, the constant interchange of e-mail spam and
viruses might have been slowed; the ability of millions to BS idly with
strangers in IRC might have been impeded; e-commerce orders of bulk dog
food might have gone unfulfilled; and millions of teenagers might have
been denied their daily downloads of porn and warez and MP3s. 

None of this happened, of course. Somehow, the Internet survived. It
survived against the dire warnings of White House alarm divas Richard
Clarke and Howard Schmidt. It survived against the patently faked
predictions of Gartner Experts who recently conducted devastating cyber
'war games' but sleazily neglected to involve a blue team and sleazily
neglected to emphasize this curious fact. Had there been people working
against the Gartner pseudo attack squads, as there would be in the real
world, their pseudo results would have been vastly different.

http://www.theregister.co.uk/content/55/27819.html

See also
 
Mock cyberwar fails to end mock civilization 

http://theregister.co.uk/content/archive/26675.html 

 

[2] Government, industry debate international IT security center
By William New, National Journal's Technology Daily

BRUSSELS, BELGIUM - U.S. and European officials and businesses on Monday
debated the merits of a proposal to establish a global center for
information technology security based on the center that united them in
their fight against the much-anticipated Y2K computer bug.

Harris Miller, president of the Information Technology Association of
America, raised the issue here at the U.S.-EU IT Security Forum. There
is still no mechanism globally that allows governments on an
instantaneous basis, and industry on an instantaneous basis across
industries, to communicate regularly or in the case of a crisis about
cyber security, he said in an interview.

Miller said that like the Y2K center, the proposed International
Information Security Coordination Center could be a small and
inexpensive operation. The players are in place, but the coordination
center is necessary to get all the players on the same page, to get the
communications network established, he said.

http://www.govexec.com/dailyfed/1002/102802tdpm2.htm 

 

[3] 'We are the worst security risk' - sys admins confess
By John Leyden
Posted: 28/10/2002 at 12:04 GMT

More than half of all senior IT managers (58 per cent) think that their
own IT departments offer the largest 

[INFOCON] - The Economist: Survey - digital security

[Wanja Eric Naef [IWS]]

(This week's Economist has a special section on Information Security
which is well worth a read as it is well researched (in comparison to
the usual cybergeddon article). 

P.S. I have been contacted by a Pentagon Reporter who is looking for a
PsyOps expert. He is 'writing a story about possible PSYOPS should the
U.S. decide to invade Iraq. The story would look at past operations,
particularly Panama, and the challenge of carrying out such an operation
in the teeming city of Baghdad. Would like to talk to either operators
or experts in the field.'  If any list member is interested please let
me know. WEN)


On digital terrorism:

'... It is true that utility companies and other operators of critical
infrastructure are increasingly connected to the Internet. But just
because an electricity company's customers can pay their bills online,
it does not necessarily follow that the company's critical control
systems are vulnerable to attack. Control systems are usually kept
entirely separate from other systems, for good reason. They tend to be
obscure, old-fashioned systems that are incompatible with Internet
technology anyhow. Even authorised users require specialist knowledge to
operate them. And telecoms firms, hospitals and businesses usually have
contingency plans to deal with power failures or flooding. ...'

'... Like eco-warriors, he observes, those in the security industry-be
they vendors trying to boost sales, academics chasing grants, or
politicians looking for bigger budgets-have a built-in incentive to
overstate the risks.
...' (Nice quote which is so true. WEN)


Senior Management Support for InfoSec

'...A second, related misperception is that security can be left to the
specialists in the systems department. It cannot. It requires the
co-operation and support of senior management. Deciding which assets
need the most protection, and determining the appropriate balance
between cost and risk, are strategic decisions that only senior
management should make. ...

... Senior executives do not understand the threats or the technologies.
It seems magical to them, says Mr Charney. Worse, it's a moving
target, making budgeting difficult. ...

Threats/Risk:

'... Even senior managers who are aware of the problem tend to worry
about the wrong things, such as virus outbreaks and malicious hackers.
They overlook the bigger problems associated with internal security,
disgruntled ex-employees, network links to supposedly trustworthy
customers and suppliers, theft of laptop or handheld computers and
insecure wireless access points set up by employees. ...'

'... One of the biggest threats to security, however, may be
technological progress itself, as organisations embrace new technologies
without taking the associated risks into account. ...'

Virus:

'... Viruses are a nuisance, but the coverage they receive is
disproportionate to the danger they pose. ...'

Firewalls:

'... Firewalls are no panacea, however, and may give users a false sense
of security. To be effective, they must be properly configured, and must
be regularly updated as new threats and vulnerabilities are discovered.
...'

IDS:

'... Compared with anti-virus software and firewalls, detection is a
relatively immature technology, and many people believe it is more
trouble than it is worth. The difficulty is tuning an IDS correctly, so
that it spots mischievous behaviour reliably without sounding too many
false alarms. ...'

MS:

'... Microsoft's policy of tight integration between its products, which
both enhances ease of use and discourages the use of rival software
makers' products, also conflicts with the need for security. ...'

'... The Windows operating system is the largest piece of software ever
written, so implementing security retrospectively is a daunting task.
...'


Human Element of Security:

'... If correctly handled, a management-based, rather than a solely
technology-based, approach to security can be highly cost-effective.
...'

'... But there are other, more subtle ways in which management and
security interact. More than anything else, information security is
about work flow, says Ross Anderson of Cambridge University's Computer
Laboratory. The way to improve security, he says, is to think about
people and processes rather than to buy a shiny new box. ...'

Biometrics:

'...The first is that the technology is not as secure as its proponents
claim. ...'

'... The second and more important problem is that biometric technology,
even when it works, strengthens only one link in the security chain.
...'

'... In short, biometrics are no panacea. The additional security they
provide rarely justifies the cost. ...'

Bottom Line:

'... Security, in sum, depends on balancing cost and risk through the
appropriate use of both technology and policy. The tricky part is
defining what appropriate means in a particular context. It will
always be a balancing act. Too little can be dangerous and costly-but so
can too much. ...'

[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-175 Date: 29 October2002

[Wanja Eric Naef [IWS]]

OCIPEP DAILY BRIEF Number: DOB02-175 Date: 29 October 2002
 
http://www.ocipep.gc.ca/DOB/DOB02-175_e.html  

NEWS 

New act to make Ontario's drinking water safe
New legislation aimed at ensuring Ontario has cleaner, safer drinking
water will be unveiled by Ontario Premier Ernie Eves today. The Safe
Drinking Water Act will look to impose rigorous standards for operators
dealing with treatment, testing and distribution of Ontario's drinking
water. Justice Dennis O'Connor recommended the creation of the new act
following his inquiry into the Walkerton E. coli tragedy that killed
seven and sickened 2,300 people in the spring of 2000. (Source: the
star.com, 29 October 2002)
Click here for the source article

OCIPEP Comment: As reported in OCIPEP Daily Brief DOB02-154, released 27
September 2002, a report released by the Environmental Commissioner of
Ontario (ECO) was critical of Ontario's response to water treatment and
security. 

Proposal for global IT security centre
On Monday, members of the U.S. - E.U. Information Technology Security
Forum discussed the establishment of the International Security
Coordination Center, a global centre for IT security, which would be
based on the centre that was created to deal with Y2K-related events.
The centre would allow industry and governments to communicate regularly
on issues pertaining to cyber security and to react quickly during a
crisis. (Source: GovExec.com, 28 October 2002)
Click here for the source article


OCIPEP Comment: As part of their eEurope 2005 program, the European
Commission is expected to announce a European cybersecurity task force
that will function as a response centre. The centre is to be operational
by the end of 2003. Other potential actions concerning strengthening IT
security include enhancing the widespread use of smartcards by the end
of 2004 and developing a European Virus Alert System by the end of 2003.
To see the European Commission recommendations on eSecurity, go to:
http://europa.eu.int/information_society/newsroom/documents/catalogue_en
.pdf. The eEurope 2005 actions can be found on page 16 of the PDF file.

IT security a corporate priority: Report
META Group, Inc., an IT consulting service, recently announced its
findings pertaining to IT security spending in the year ahead. These
findings were extracted from its 2003 Worldwide IT Benchmark Report, an
annual survey of technology trends and economics. According to the
study, despite META Group's predicted near 5 percent decrease in overall
corporate IT spending in 2003, Chief Information Officers (CIO) have
incrementally increased investments in security, a trend set in motion
even before 11 September 2001. The report forecasts that spending on IT
security and business continuity will be almost evenly split [among]
infrastructure, business continuity, and information security. It goes
on to state that, despite current economic conditions and smaller
budgets, developing a comprehensive security and privacy architecture
has become the focus for virtually all public-sector CIOs, even though
most of their non-IT colleagues do not share the same sense of urgency.
(Source: itWorldCanada.com, 28 October 2002)
Click here for the source article


OCIPEP Comment: To obtain a copy of the report, go to:
http://www.metagroup.com/cgi-bin/inetcgi/commerce/productDetails.jsp?oid
=33569



 

IN BRIEF  

Australia's foreign minister warns Canada about terrorism
After meeting with Foreign Affairs Minister Bill Graham on Monday,
Australia's foreign minister, Alexander Downer, warned that Canada
should remain vigilant at all times against terrorist attacks. He voiced
that no country is safe from terrorism and that the recent deadly
attacks in Bali, Indonesia, should be a lesson to all countries,
including Canada. (Source: the star.com, 28 October 2002)
Click here for the source article

Reuters accused of hacking
Reports indicate that Swedish software company Intentia will file
criminal charges against the Reuters news agency for allegedly hacking
into the company's computer system to retrieve financial data that had
not yet been publicly released. Reuters reportedly published information
on Intentia's third quarter profits just minutes before it was issued by
the company. (Source: ZD Net Australia, 29 October 2002)
Click here for the source article


Pro-Islamic hackers ready for cyber war: Experts
The number of politically motivated computer attacks have risen sharply
this month, according to British security firm mi2g. Hacking groups
sympathetic to Islamic interests have increased their activities, which
are primarily directed at computer systems in the U.S., U.K., India and
Israel. (Source: REUTERS.com, 29 October 2002)
Click here for the source article





CYBER UPDATES
See: What's New for the latest Alerts, Advisories and Information
Products  

Threats

Central Command reports on VBS/WhyHoPo, which is a Visual Basic Script
that copies itself to multiple directory locations when it is run. 

[INFOCON] - (MIL) USAF Transforming Our Air and SpaceCapabilities

[Wanja Eric Naef [IWS]]

(Interesting speech by the secretary of the USAF. It looks at how the
USAF is changing and stresses the importance of Space Dominance'. WEN)  


'... While the war on terror presents unprecedented challenges, the
future has never been brighter for airmen. We are entering a new age of
air and space power. There is now a growing consensus as a result of our
successes in Iraq, the Balkans and Afghanistan that air and space
capabilities can dramatically assist our joint forces to achieve victory
swiftly and decisively regardless of distance or of terrain or of
adversary. While we've been very successful in the past decade, our
potential adversaries have come to accept our overwhelming military
strength and as a result have grown increasingly less willing to engage
our forces directly. We face a new reality. One in which our traditional
defenses - deterrence and the protective barriers afforded by friendly
neighbors and two large oceans may be of limited effect.

This new reality highlights the absolute necessity of transforming our
air and space capabilities. ...'

'... Today's force in many ways is a transition force. Our legacy
aircraft systems were built with specialized roles and they were very
good. We have limited networking, limited all-weather delivery and
limited stand off and our sensors are only partially integrated. ...'

'... We are developing a range of systems that fulfill these objectives,
from multi-mission command-and-control aircraft, smart tankers, an
entire generation of unmanned vehicles, including Global Hawks, UCAVs
(unmanned combat aerial vehicles) , armed scout Predators and shortly,
hunter-killer UAVs (unmanned aerial vehicles). We are also developing a
small diameter bomb and the airborne laser, to name just a few. ...'

'... We are developing a range of systems that fulfill these objectives,
from multi-mission command-and-control aircraft, smart tankers, an
entire generation of unmanned vehicles, including Global Hawks, UCAVs
(unmanned combat aerial vehicles) , armed scout Predators and shortly,
hunter-killer UAVs (unmanned aerial vehicles). ...'

* Space Dominance:

'... We also realize that soon will come a time when space systems will
grow beyond their traditional role as force enhancers and then will play
a more active role in preventing, fighting and winning wars. Our
adversaries have noted the advantages we have gained from space, and
given the total interdependence we see in air and space power, we cannot
risk the loss of space superiority. We must and will continue our
efforts to protect our space assets and prepare ourselves to counter any
enemy's space assets. ...'

'... While space capabilities have been an essential contributor in
recent operations, we must modernize to maintain our war fighting
advantage. In the early stages of space age, most capabilities were used
by a limited group of users and they were highly classified. The current
space regime is decidedly different. The forms and distinctions between
black programs, white space, military, civil and commercial are growing
increasingly blurred and we must ensure our space architectures remain
capable of supporting our military missions as well as our civil users
who rely on them for the swift flow of information and commercial
applications. ...'


-

Transforming Our Air and Space Capabilities

Dr. James G. Roche, Secretary of the Air Force

Remarks to the Air Force Association National Convention luncheon,
Washington, D.C., Sept, 18, 2002

First, let me say hello. I recognize that between the end of this whole
thing and you only stand me, so I will try to make this mercifully
brief. I would like to say thank you to some of my predecessors,
Secretary (Robert C.) Seamans (Jr.), Secretary (John L.) McLucas,
Secretary Whit Peters and Secretary Pete Aldridge. Thank you for being
here. You make me feel like the PhD student who has to defend his thesis
in front of people who know what they are talking about, which is
usually what I don't have to do. You make it very tough. 

Thank you, Tom, for that gracious if incomplete introduction. For those
of you who don't know, Tom only told you what I do as a sideline. My
real job, as many of you AFA aficionados realize is the holder of the
Thomas McKee Chair of Pro Bono Public Speaking. I do believe that I am
the only person he's talked into speaking at more AFA events. There is
only one person he's done it more to, and that is the individual who is
currently occupying the Air Force Association Chair in Oratorical Arts
and Aircraft Designation, Gen. John Jumper.

I want to salute you and your great team at the Air Force Association
for putting together a wonderful program this week. You've had a chance
to discuss many of the issues we are working on in the Air Force today,
to celebrate the achievements of our best and brightest and to admire
the great rhetorical skills and taxonomic creativity of our chief of

[INFOCON] - News 10/30/02

[Wanja Eric Naef [IWS]]

 _

  London, Wednesday, October 30, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to [EMAIL PROTECTED] with subscribe
infocon in the body

To unsubscribe - send an email to [EMAIL PROTECTED] with
unsubscribe
infocon in the body

-

_


  
  [News Index]
  

[1] 12th Annual EICAR Conference: Call For Papers
[2] Don't Touch that Dial
[3] Defense, cybersecurity officials praise 'open source' software
[4] China prevented repeat cyber attack on US
[5] Politicians, police recruited to talk up IT security

[6] Responsible Disclosure by Corporate Fiat
[7] Homeland goes interstate route
[8] Q  A Kevin Mitnick
[9] MS gets top security rating for Win2k, makes big noise
[10] OMB issues draft standards to increase info-sharing, cut IT costs

[11] NIST details certification process
[12] Transcom chief touts IT
[13] Tech firms seek to play role in military transformation effort
[14] Defense procurement system prone to security lapses
[15] Sniper leaves a mark

[16] Brussels to spend €250k on Linux migration study
[17] Introducing Network Attached Encryption
[18] Wireless WarDrive: Wee Bit of Fun  
[19] Reuters says it wasn't hacking
[20] Greeting card email is not a worm

[21] Home-based cybersecurity defense won't work
[22] Nowhere to Hide
[23] Lawsuit to Test USA Patriot Act
[24] CIA warns of Net terror threat
[25] Online sales decline for first time

[26] A new threat to ICANN authority?
[27] Dear Saddam, How Can I Help?  
[28] Technology: Military conference highlights information systems
[29] Golden Age of IT Hasn't Arrived Yet
[30] DoCoMo gets defaced
[31] Is a larger Net attack on the way?
[32] Employee surveillance unaffected by terror threat
[33] FIPS testing finds lots of mistakes in crypto IT


_

News
_


[1] 12th Annual EICAR Conference: Call For Papers

12th Annual EICAR Conference: Call For Papers

The Conference will be held May 10-13 in Copenhagen, with three streams
of interest:

-Malware

-Critical Infrastructure Protection (CIP)

-IT-Law and Forensics

with contributions from industry, government, and research. With the
goal 
of keeping abreast of new developments, EICAR will be a forum for 
discussions on subjects past, present and future, pertaining to 
IT-Security in an Insecure Web.

Papers can be submitted through to December 1st, 2002.

For more information on formatting, panels, area chairs and other
things, 
check out

http://conference.EICAR.org

Submission of Papers to Area Chairs December 1, 2002 
Notifications to Authors of Acceptance and Reviewers' Comments January
15, 2003 

Submission of Camera-Ready Papers February 1, 2003 
First Round Registration March 1, 2003 


 

(I have seen a prototyp of such a phone due for release in January and
it looks amazing as it got so many features, but unfortuntely it looks
like they missed out the security bit. WEN)

[2] Don't Touch that Dial

Mobile phones packing Java virtual machines are gaining in popularity,
and are headed for American shores. Will they be the next arena for
malicious hacking? 

By Michael Fitzgerald, Oct 29 2002 9:05AM

Java phones are coming to the U.S., bringing with them a second chance
for 
mobile applications, and, experts caution, a new platform for malicious 
code. 

It's going to be an issue, says Tony Davis, acting CEO of Tira
Wireless, a 
Toronto startup that certifies and publishes J2ME (Java 2 MicroEdition) 
applications. Davis already uses a Trojan horse program when he makes
sales 
calls. When I meet with European carriers, I pull up a phone and show
them 
a car racing game that's actually not just that, it's sending a huge
amount 
of traffic back and forth, Davis says. I tell them, your customer is
going 
to get a bill for 500 pounds at the end of the month, and who are they
going 
to come after? You.

http://online.securityfocus.com/news/1531 

 

[3] Defense, cybersecurity officials praise 'open source' software
By Drew 

[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-176 Date: 30 October2002

[Wanja Eric Naef [IWS]]

http://www.ocipep.gc.ca/DOB/DOB02-176_e.html
 
OCIPEP DAILY BRIEF Number: DOB02-176 Date: 30 October 2002
 
NEWS 

New act to make Ontario's drinking water safe - Update
As reported in the OCIPEP Daily Brief DOB02-175 released 29 October
2002, the Safe Drinking Water Act was unveiled yesterday by the Ontario
provincial government. The law will call for: licenses for all labs; a
new position of chief provincial inspector; annual reports by the
government to the legislature; and, new standards for water testing,
treatment, distribution and quality. Early reaction to the bill has been
mixed, with NDP MPP Marilyn Churley, the architect of the initial draft
of the Safe Drinking Water Act, unhappy that the Conservative government
version doesn't deal with source protection. Ontario Premier Ernie Eves
said the government intends to follow Justice O'Connor's advice that it
amend the Environmental Protection Act to cover source water protection.
(Source: thestar.com, 30 October 2002) 
Click here for the source article

OCIPEP Comment: Justice O'Connor's reports, made in the wake of the
Walkerton tragedy, contained 121 recommendations to improve the safety
and security of Ontario's drinking water. With regard to water source
protection, the report stated that a strong source-protection program
lowers risk cost-effectively, because keeping contaminants out of
drinking water sources is an efficient way of keeping them out of the
drinking water. 

Windows 2000 earns Common Criteria certification
The Microsoft Windows 2000 operating system was awarded a Common
Criteria certification, a document that spells out common security
criteria recognized by 15 countries, including Canada and the U.K.
Windows 2000 was certified at Evaluation Assurance Level 4, meaning that
it was methodically designed, tested and reviewed.  (Source: news.com,
29 October 2002)
Click here for the source article


U.S. Department of Commerce releases certification and accreditation
guidelines
The U.S. Department of Commerce has released the first of three sections
of information security guidelines designed to fix the inconsistent and
flawed security assessments for systems used by government agencies.
Some current security certification procedures are excessively complex,
outdated and costly to implement, according to the National Institute
of Standards and Technology (NIST). A NIST researcher stresses that
there is a need to move toward the adoption of a standardized process,
which would allow federal agencies to better understand how their
partners are dealing with the security issues. The other two sections
of guidelines, one dealing with system controls, and the other with
verification procedures and techniques, will be released next spring.
(Source: computerworld.com, 29 October 2002)
Click here for the source article


OCIPEP Comment: A draft copy (PDF version) of the Guidelines for the
Security Certification and Accreditation of Federal Information
Technology Systems can be viewed at:
http://csrc.nist.gov/sec-cert/SP-800-37-v1.0.pdf

According to recent reports, although leading software companies have
recently committed themselves to improving the latent security of the
products they bring to market, there remains a significant threat to the
security of information networks due to poorly secured software.
According to @Stake, a U.S. security consultancy, 70 percent of security
defects are due to flaws in software design. Microsoft recently publicly
committed itself to ensuring the security of its products. However,
according to analysts, the work the programmers are doing now will not
be reflected in the company's products for a year or two. (Source:
economist.com, 26 October, 2002)
http://www.economist.com/surveys/displayStory.cfm?Story_id=1389575

 

IN BRIEF  

Alberta forest fires cost $300M
The cost of fighting forest fires in Alberta this year was over $300
million, five times more than budgeted, according to a provincial fire
information officer. The continuing droughts, as well as the evacuation
of residents from several communities and road closures, were factors
that contributed to the record expenses. (Source: cbc.ca, 29 October
2002)
Click here for the source article


CIA report warns against cyberterrorism
In a report to the Senate Intelligence Committee, the Central
Intelligence Agency (CIA) warns that groups such as Sunni extremists,
Hezbollah and Aleph-formerly known as Aum Shinrikyo-may join al-Qaeda to
wage cyberwarfare against the U.S. (Source: news.com, 29 October 2002)
Click here for the source article

Port Simpson - Update
The B.C. Provincial Emergency Program has issued its tenth and final
update concerning the power outage and roadway access closure at Port
Simpson, 55 km north of Prince Rupert. Power has been restored since
October 22, and community officials indicate they are past the crisis
stage and have moved into recovery operations. A meeting will be held
today to address the road restoration, which was 

[INFOCON] - (CIA) CSI's Studies in Intelligence (UnclassifiedStudies Volume 46, Number 3, 2002)

[Wanja Eric Naef [IWS]]

(It contains some interesting articles. I would recommend to have a look
at The Coming Revolution in Intelligence Analysis and the counterpoint
article In addition to that there is also an article about PsyOps during
WWII: The Information War in the Pacific, 1945. WEN)

http://www.cia.gov/csi/studies/vol46no3/index.html 

INTELLIGENCE TODAY AND TOMORROW
Policymakers and the Intelligence Community
Supporting US Foreign Policy in the Post-9/11 World
Richard N. Haass

Understanding Our Craft
Wanted: A Definition of Intelligence
Michael Warner

The Coming Revolution in Intelligence Analysis
What To do When Traditional Models Fail
Carmen A. Medina

Counterpoint to The Coming Revolution in Intelligence Analysis 
Evolution Beats Revolution in Analysis
Steven R. Ward

Sorting Out National Interests
Ways To Make Analysis Relevant But Not Prescriptive
Fulton T. Armstrong

HISTORICAL PERSPECTIVES
Work Force Evolution
One Woman's Contribution to Social Change at CIA
Dawn Ellison

Paths to Peace
The Information War in the Pacific, 1945
Josette H. Williams

INTELLIGENCE IN RECENT LITERATURE
God's Eye: Aerial Photography and the Katyn Forest
Reviewed by Benjamin B. Fischer

From Munich to Pearl Harbor: Roosevelt's America and 
the Origins of the Second World War
Reviewed by Michael Warner.

Secrets of Victory: The Office of Censorship and The American Press and 
Radio in World War II
Reviewed by Robert J. Hanyok

COMMENTARY
Response to Two Strategic Intelligence Mistakes in Korea, 1950
A Personal Perspective
Thomas J. Patton






IWS INFOCON Mailing List
 IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - UNIRAS Brief - 383/02 - NISCC - Potential craftedpackets vulnerability in firewalls

[Wanja Eric Naef [IWS]]

-Original Message-
From: UNIRAS (UK Govt CERT) [mailto:uniras;niscc.gov.uk] 
Sent: 31 October 2002 14:28
To: [EMAIL PROTECTED]
Subject: UNIRAS Brief - 383/02 - NISCC - Potential crafted packets
vulnerability in firewalls

 
-BEGIN PGP SIGNED MESSAGE-

-

--
   UNIRAS (UK Govt CERT) Briefing Notice - 383/02 dated 31.10.02  Time:
14:25
 UNIRAS is part of NISCC(National Infrastructure Security Co-ordination
Centre)
-

-- 
  UNIRAS material is also available from its website at
www.uniras.gov.uk and
 Information about NISCC is available from www.niscc.gov.uk
-

--

Title
=

NISCC Security Advisory:

Potential crafted packets vulnerability in firewalls

Detail
== 

There have been reports to several major CERTs of attacks that can
bypass packet
filter firewalls. There has also been discussion on Bugtraq (see 
http://online.securityfocus.com/archive/1/296558/2002-10-19/2002-10-25/1
). 
In this thread  the Linux 2.4.19, Sun Solaris 5.8, FreeBSD 4.5 and
Microsoft 
Windows NT 4.0 are identified as vulnerable.

These attacks use specially crafted TCP packets with the SYN
(synchronise)
and FIN (final) flags set. Although crafted packets of this kind are not

uncommon in probes on firewalls as a means of identifying the operating
system,
it appears that some packet filter firewalls will forward such packets
because
the FIN flag is interpreted as a request to end the TCP session, while
the 
targeted host on the internal network interprets the SYN flags as a
request to
start a TCP session. This technique has been used to effect a SYN flood
denial
of service attack on the targeted host.

To prevent this type of attack, packets that do not form part of the
normal TCP 
state should be filtered. Expected states are packets with the following
flags 
set: SYN,  ACK (acknowledgement), SYN/ACK, RST (reset), RST/ACK, FIN and
FIN/ACK.
The PSH (push) and URG (urgent) flags may also be set in packets but
they are 
used to prioritise processing of a packet. It follows that flag
combinations such
as SYN/FIN, SYN/RST, RST/FIN and a packet with no flags set (called
null) should
be treated as anomalous and should be filtered.

Certain types of firewall are not vulnerable to this type of attack,
namely circuit
gateway (or proxy) or application proxy firewalls. These firewalls do
not forward
TCP packets; they establish a separate connection between the firewall
and the
recipient for the services proxied.

If your firewall does not support filtering of TCP flags and is a packet
filter
firewall, you should contact your firewall vendor to determine if your
firewall
is vulnerable. A workaround solution in case the firewall is vulnerable
is to install 
another firewall in front of the vulnerable firewall that does provide
flage filtering 
functionality.

-

--

For additional information or assistance, please contact the HELP Desk
by 
telephone or Not Protectively Marked information may be sent via EMail
to:

[EMAIL PROTECTED]
Tel: 020 7821 1330 Ext 4511
Fax: 020 7821 1686

-

--
Reference to any specific commercial product, process, or service by
trade 
name, trademark manufacturer, or otherwise, does not constitute or imply

its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The
views 
and opinions of authors expressed within this notice shall not be used
for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they
shall 
not be liable for any loss or damage whatsoever, arising from or in
connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams
(FIRST) 
and has contacts with other international Incident Response Teams (IRTs)
in 
order to foster cooperation and coordination in incident prevention, to
prompt 
rapid reaction to incidents, and to promote information sharing amongst
its 
members and the community at large. 
-

--
End of UNIRAS Briefing
-BEGIN PGP SIGNATURE-
Version: PGP 7.0.4

iQCVAwUBPcE4gIpao72zK539AQHWRQQAt8vYN7Lns+NPQaP4ISH0e5Ppn/W3uo7i
CATo9Ukr/aCQ+rHC5X3zH2lyM8tz4F9ze7R2v1wOwgNMNFDK8TgjLmhlPV/NB9R5
LnXlUiulAJ5PytNn6osEDRzXzX77QKyTOuD2c/yAOqJGyPiShKMgpWgp72B0Jz37
0LsLQDo7hN8=
=4RHU
-END PGP SIGNATURE-




IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - News 11/04/02

[Wanja Eric Naef [IWS]]

_

  London, Monday, November 04, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to [EMAIL PROTECTED] with subscribe
infocon in the body

To unsubscribe - send an email to [EMAIL PROTECTED] with
unsubscribe
infocon in the body

-

_


  
  [News Index]
  

[1] FBI director says industry must do more to prevent cyberattacks
[2] Agencies, companies urged to set guidelines for fighting
cyberterrorism
[3] Root-Server Attack Traced to South Korea, U.S.
[4] Personal data travels far
[5] Microsoft dodges bullet  

[6] But some shut their Windows  
[7] Open source courses through DOD
[8] European police say they can't keep up with cyber criminals
[9] Feds pursue secrecy for corporate victims of hacking
[10] SPAMMER HAMMERED BY VERIZON BAN

[11] Scary Movie
[12] IG: State Department flunks systems security
[13] U.S. fears terrorists will imitate snipers
[14] State CIOs see accord with feds
[15] 'Sensitive' label strikes nerve

[16] How to get certified security for Win2k, by Microsoft
[17] Proof Win2K is still insecure by design
[18] Pentagon completes 'playbooks' for terrorism scenarios
[19] A New Cryptography Uses the Quirks of Photon Streams

[20] U.S. should fund RD for secure Internet protocols, Clarke says
[21] New worm aims to infest Australian systems
[22] New Wi-Fi security would do little for public 'hot spots'
[23] Popular Linksys Router Vulnerable to Attack

_

News
_


[1] FBI director says industry must do more to prevent cyberattacks
By Shane Harris

FBI Director Robert Mueller Thursday implored industry technology
executives to do a better job securing the Internet and other data
networks by reporting incidences of online crime to the bureau. 

You're not enabling us to do [our] job by withholding reports about
criminals who successfully penetrate companies' data networks or attack
their systems, Mueller told those attending a Falls Church, Va. forum on
combating online crime and cyberterrorism. Corporations are reluctant to
report such attacks to law enforcement agencies for fear of revealing
their systems' vulnerabilities. They worry the information could give
competitors an edge, or invite more attacks by criminals once they
discover the weaknesses. 

http://www.govexec.com/dailyfed/1002/103102h1.htm 

FBI seeks help vs. Cybercrime 
http://www.fcw.com/fcw/articles/2002/1028/web-fbi-11-01-02.asp 

 

[2] Agencies, companies urged to set guidelines for fighting
cyberterrorism
By Molly M. Peterson, National Journal's Technology Daily

The war on cyberterrorism requires law enforcement agencies and the
private sector to develop guidelines and protocols for sharing
information about network vulnerabilities and cyber attacks, government
and industry leaders said Thursday.

Face-to-face relationships are great, but we need to go beyond that,
Chris Painter, deputy chief of the Justice Department's Computer Crime
and Intellectual Property Section (CCIPS), said during a cyber-security
forum at Computer Sciences Corp. headquarters in Falls Church, Va. 

Painter led one of several workshops in which law enforcement and
private-sector officials discussed obstacles to information sharing.
Conference organizers said they closed those workshops to the media in
order to encourage participants to discuss problems and ideas with as
much candor as possible.

http://www.govexec.com/dailyfed/1102/110102td1.htm 

 

[3] Root-Server Attack Traced to South Korea, U.S. 
  
By Brian Krebs
washingtonpost.com Staff Writer
Thursday, October 31, 2002; 3:30 PM 

Last week's attacks on the Internet's backbone likely emanated from
computers in the United States and South Korea, FBI Director Robert
Mueller today said. 

The investigation is ongoing, Mueller said at an Internet security
conference in Falls Church, Va. He did not offer more details on the
investigation, nor did he outline the evidence investigators have
gathered so far.

[INFOCON] - News 11/05/02

[Wanja Eric Naef [IWS]]

_

  London, Tuesday, November 05, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to [EMAIL PROTECTED] with subscribe
infocon in the body

To unsubscribe - send an email to [EMAIL PROTECTED] with
unsubscribe
infocon in the body

-

_


  
  [News Index]
  

[1] (InfraGard) Combating cybercrime
[2] 'You're still guilty,' judge in Sun et al antitrust case tells MS
[3] Homeland security wish list set  
[4] 'War' over digital privacy bill heats up  
[5] Hacker turncoat opines on computer security

[6] Mozilla riddled with security holes
[7] First-of-its-kind center to train cybersleuths
[8] Braid fails to unpick the Web
[9] Kofi Annan's IT challenge to Silicon Valley
[10] Court rules against AOL on Net privacy

[11] Homeland security IT official to resign
[12] Hackers stick California city with $30,000 phone bill
[13] Unbreakable Crypto: Who Needs It?
[14] Chinese province issues swipe IDs to Internet cafe users
[15] Axe man hacks man over hacking fears

[16] Defense Department studying nonlethal chemicals
[17] Agencies to test Adobe technology for online transactions
[18] Intercepts: Rumsfeld Sinks 'CINCs'
[19] Feds Getting IT Together
[20] (UK) Government websites under fire

[21] Latest Linux takes control of access

_

News
_


[1] Combating cybercrime 

11/04/02

Chris Seper 
Plain Dealer Reporter

FBI agent Stan Paulson overhears companies chatter about security
breaches and hackers and other criminals probing their computer systems
and does nothing about it. 

By looking the other way, he upholds the tenets of an organization that
has helped improve Internet security throughout the country. 
 
InfraGard, founded by the Cleveland FBI's office in 1996, has used
confidentiality, FBI clout and offers of expert training to convince
companies to work together and reveal details about cyberspace attacks
on their systems. 

http://www.cleveland.com/business/plaindealer/index.ssf?/xml/story.ssf/h
tml_standard.xsl?/base/business/103631949234480.xml 

InfraGard
http://www.infragard.net/

InfraGard Manufacturing Industry Association 
http://trust.ncms.org/ 

NIPC
http://www.nipc.gov/ 

 

[2] 'You're still guilty,' judge in Sun et al antitrust case tells MS
By John Lettice
Posted: 05/11/2002 at 11:19 GMT

US District Judge J Frederick Motz has rejected a Microsoft attempt to –
effectively – have a string of prior convictions expunged from its
record. Yesterday the Maryland judge denied a request by Microsoft
attorneys to re-open 395 of Judge Penfield Jackson's 412 findings of
fact, so for the moment at least Jackson's conclusions can be used in
the case Motz is dealing with.

http://www.theregister.co.uk/content/4/27935.html

 

[3] Homeland security wish list set
BY Judi Hasson 
Nov. 4, 2002 

Although the debate over creating a Homeland Security Department is
stalled in Congress, officials have quietly drawn up a list of their top
priorities to jump-start the agency if and when lawmakers approve it.

Jim Flyzik, a senior adviser at the Office of Homeland Security, said
Oct. 23 that the first priority would be consolidating the 58 government
watch lists of suspected terrorists into a single list.

http://www.fcw.com/fcw/articles/2002/1104/pol-custom1-11-04-02.asp

 

[4] 'War' over digital privacy bill heats up  
Kent Hoover   Washington Bureau Chief 

Frustrated by their inability to stop the unauthorized sharing of music
and movies over the Internet, the entertainment industry wants
permission from Congress to declare technological war on peer-to-peer
networks.
 
Legislation introduced by Rep. Howard Berman, D-Calif., would enhance
the ability of copyright owners to use anti-piracy technology to block
distribution of their works on file-sharing networks. The bill exempts
copyright owners from anti-hacking laws as long as they do not delete or
alter computer files.

[INFOCON] - News 11/07/02

[Wanja Eric Naef [IWS]]

_

  London, Thursday, November 07, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to [EMAIL PROTECTED] with subscribe
infocon in the body

To unsubscribe - send an email to [EMAIL PROTECTED] with
unsubscribe
infocon in the body

-

_


  
  [News Index]
  

[1] Hackers may get U.S. funds to fight China's Web curbs
[2] Stage Set for Homeland Act  
[3] U.S., Reacting to Pentagon Spy Case, Expels 4 Cuban Envoys
[4] UK workers in the dark over IT security 
[5] Testing the limits of biometrics

[6] Officials worried about ability to inform public of terrorism
[7] Mitnick's 'Lost Chapter' Found  
[8] Action: Virtual Sit-In Against the WTO
[9] Australians warned over e-biz virus threat
[10] Math whiz cracks encryption code

[11] MS ruling leaked through security blunder
[12] Russian firm warns of Roron virus
[13] OMB seeks security at the start
[14] Tool sought to ID data links
[15] Think tanks think about post dotcom future

[16] Complete Snort-based IDS Architecture, Part One
[17] Shipyards, depots unable to calculate cost of Navy intranet

_

News
_


[1] Hackers may get U.S. funds to fight China's Web curbs 
  
By Murray Hiebert
THE WALL STREET JOURNAL 
 
Nov. 7 - If some lawmakers in the U.S. get their way, freedom-promoting
computer hackers soon may receive a bucketful of money to battle China's
Internet-censoring police.

http://www.msnbc.com/news/831383.asp 

 

[2] Stage Set for Homeland Act  

By Ryan Singel  |   

09:00 AM Nov. 06, 2002 PT

As Congress prepares to reconvene in a lame-duck session after Tuesday's
election, one of the largest pieces of legislation on the Senate's
agenda is the controversial and deadlocked Homeland Security Act, which
the House passed Sept. 9. 

A little-known amendment in the Senate version of the bill makes it much
easier for ISPs to disclose e-mail communications without being served
with a warrant, which had been prohibited before the Patriot Act of
2001.

http://www.wired.com/news/privacy/0,1848,56234,00.html

 

[3] U.S., Reacting to Pentagon Spy Case, Expels 4 Cuban Envoys
By TIM GOLDEN

The Bush administration has ordered the expulsion of two Cuban diplomats
from Washington and has moved to expel two others at the United Nations
for what American officials described yesterday as serious espionage
activities against the United States.

State Department officials called the action against the two envoys in
Washington retaliation for the case of Ana B. Montes, a senior Pentagon
intelligence analyst who pleaded guilty earlier this year to spying for
Fidel Castro's government.

http://www.nytimes.com/2002/11/07/international/americas/07CUBA.html?ex=
1037336400en=d342247e51d5bb78ei=5040partner=MOREOVER

 

[4] UK workers in the dark over IT security
By Rachel Fielding [07-11-2002]
Formal training remains dangerously inadequate
 
  
Companies are leaving themselves open to security breaches because their
IT security training is woefully inadequate, new research has revealed. 
Three-quarters of staff in the UK admit that they have never received
any formal training from their employer on how to use the internet and
email at work in a way that minimises network security problems.

http://www.pcw.co.uk/News/1136635 

 

[5] Testing the limits of biometrics
BY Dibya Sarkar 
Nov. 6, 2002 

Biometric technologies have expanded greatly in the past decade and
especially following the attacks of Sept. 11. With recently enacted
federal statutes and many more bills promoting their use, the market
could reach $2 billion in revenues in four years. 

But there are few judicial developments regarding collection of
biometric identifiers, even as public policy debates have swelled over
their use and their potential to invade people's privacy.

[INFOCON] - OCIPEP AV02-047 Trojan Horse: tcpdump and libpcapDistributions

[Wanja Eric Naef \(IWS\)]

-Original Message-
From: Opscen (OCIPEP / GEOCC) [mailto:Opscen;OCIPEP-BPIEPC.GC.CA] 
Sent: 14 November 2002 00:57
To: OCIPEP EXTERNAL DISTRIBUTION LISTS
Subject: AV02-047 Trojan Horse: tcpdump and libpcap Distributions
Importance: High

THE OFFICE OF CRITICAL INFRASTRUCTURE PROTECTION AND EMERGENCY
PREPAREDNESS

*
ADVISORY
*

Number: AV02-047
Date:   13 November 2002

***
Trojan Horse: tcpdump and libpcap Distributions
***

PURPOSE
This advisory brings attention to the CERT/CC ADVISORY CA-2002-30, with
reports 
that several of the released source code distribution packages of
tcpdump, a

network sniffer, and libpcap, a packet acquisition library, were
modified by
an 
intruder and contain a Trojan horse.


ASSESSMENT
The malicious code runs when the affected tcpdump source code is
compiled.
The 
Trojan horse  contains a fixed host and a fixed IP address embedded in
the
code. 
The intruder operating from or impersonating the fixed remote address
could
gain unauthorised remote access with privileges of the user who compiled
the
source code.


SUGGESTED ACTION
It is recommend that a copy of the source code be attained from a
trusted
site. 
Please refer to 
http://www.cert.org/advisories/CA-2002-30.html for further details


CONTACT US
For urgent matters or to report any incidents, please contact OCIPEP's
Emergency 
Operations Centre at:

Phone:  (613) 991-7000
Fax:(613) 996-0995
Secure Fax: (613) 991-7094
Email:  [EMAIL PROTECTED]

For general information, please contact OCIPEP's Communications Division
at:

Phone: (613) 944-4875 or 1-800-830-3118
Fax:   (613) 998-9589
Email: [EMAIL PROTECTED]
Web Site:  www.ocipep-bpiepc.gc.ca


NOTICE TO READERS
When the situation warrants, OCIPEP issues Advisories to communicate
information 
about potential, imminent or actual threats, vulnerabilities or
incidents
assessed 
by OCIPEP as limited in scope but having possible impact on the
Government
of Canada 
or other sectors of Canada's critical infrastructure. Recipients are
encouraged to 
consider the real or possible impact on their organization of the
information 
presented in the Advisory, and to take appropriate action.

The information in this OCIPEP Advisory has been drawn from a from a
variety
of 
external sources. Although OCIPEP makes reasonable efforts to ensure the
accuracy, 
currency and reliability of the content, OCIPEP does not offer any
guarantee
in that 
regard.

Unauthorized use of computer systems and mischief in relation to data
are
serious 
Criminal Code offences in Canada. Upon conviction of an indictable
offence,
an 
individual is liable to imprisonment for a term not to exceed ten years.
Any

suspected criminal activity should be reported to local law enforcement
organizations. 
The RCMP National Operations Centre (NOC) provides a 24/7 service to
receive
such 
reports or to redirect callers to local law enforcement organizations.
The
NOC can be 
reached at (613) 993-4460. National security concerns should be reported
to
the 
Canadian Security Intelligence Service (CSIS).

==


LE BUREAU DE LA PROTECTION DES INFRASTRUCTURES ESSENTIELLES ET DE LA
PROTECTION CIVILE


AVIS DE SÉCURITÉ


Numéro: AV02-047
Date:   13 novembre 2002

**
Cheval de Troie : distributions tcpdump et libpcap
**

BUT
Cet avis attire votre attention sur l'avis de sécurité CERT/CC ADVISORY
CA-2002-30 
qui signale que plusieurs distributions de codes sources divulgués des
progiciels 
tcpdump, un programme renifleur pour réseaux, et libpcap, une
bibliothèque 
d'acquisition de paquets, ont été modifiées par un intrus et contiennent
un
Cheval 
de Troie. 


ÉVALUATION
Le code malicieux se met en marche lorsque le code source tcpdump
concerné
est 
compilé. Le Cheval de Troie contient une adresse Internet et une adresse
IP
fixes 
enfouies dans le code. L'intrus qui exploite ou qui se fait passer pour
l'adresse 
Internet fixe pourrait obtenir un accès à distance non autorisé en
utilisant
les 
privilèges d'accès de l'usager qui a compilé le code source.


MESURE PROPOSÉE
Il est recommandé d'obtenir une copie du code source d'un site de
confiance.
Pour 
de plus amples renseignements, veuillez consulter 
http://www.cert.org/advisories/CA-2002-30.html (en anglais seulement).


COMMENT COMMUNIQUER AVEC NOUS
En cas de questions urgentes, ou pour signaler des incidents, veuillez
communiquer 
avec le Centre des opérations d'urgence du BPIEPC au :

Téléphone :(613) 991-7000
Télécopieur :  (613) 996-0995
Télécopieur sécuritaire : (613) 991-7094
Courriel : [EMAIL PROTECTED]

Pour obtenir des renseignements généraux, veuillez communiquer avec la
Division des 
communications du BPIEPC au :

[INFOCON] - News 11/15/02

[Wanja Eric Naef \(IWS\)]

_

  London, Friday, November 15, 2002

_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_

CURRENT THREAT LEVELS 

• Electricity Sector Physical: Elevated (Yellow) 
• Electricity Sector Cyber: Elevated (Yellow) 
• Homeland Security Elevated (Yellow) 
• DOE Security Condition: 3, modified  
• NRC Security Level: III (Yellow) (3 of 5)

-

To subscribe - send an email to [EMAIL PROTECTED] with subscribe
infocon in the body

To unsubscribe - send an email to [EMAIL PROTECTED] with
unsubscribe infocon in the body

-

_


  
  [News Index]
  

[1] Controversial provisions could delay Senate homeland vote
[2] Homeland Security bill would reorganize federal first responder
programs
[3] The government wants you -- to be a cyber-security soldier
[4] Briton fights extradition in hacking
[5] How To Protect Yourself From Wireless Computer Hackers

[6] Security adviser presses for new intelligence analysis agency
[7] Consortium demos secure network
[8] MS Takes Hard Line on Security  
[9] Linux, Open Source have 'more security problems than Windows'
[10] Russians wage cyberwar to disrupt separatists

[11] Popular packet sniffing packages contaminated by Trojan
[12] FBI warns of risk of al-Qaida attack
[13] Al Qaeda's New Tactics
[14] Study Makes Less of Hack Threat  
[15] US gov's 'ultimate database' run by a felon

[16] FTC drawing the line on spammers
[17] When firewalls and intrusion detection just aren't enough
[18] IT directors unsure of tech benefits
[19] Alien Autopsy: Reverse Engineering Win32 Trojans on Linux
[20] Air Force piloting SIPRNET portal

[21] Air Force planning enterprise C4ISR review
[22] Air Force rolling out XML e-forms

_

News
_


[1] Controversial provisions could delay Senate homeland vote
By Brody Mullins and April Fulton, Congress Daily 

While senators remain focused on debate over personnel rules for the new
Homeland Security Department, that issue is far from the only
controversial matter remaining in the bill. From vaccine liability
protections to a delay in an airport baggage-screening deadline, the
GOP-drafted bill that passed the House Wednesday and heads to the Senate
Thursday includes contentious measures quietly written into the bill as
the congressional session draws to a close. 

Senate leaders, determined to create the Homeland Security Department
before the year's end, are likely to accept most of the provisions.
Still, the new debates could push a final vote on the underlying bill
into next week. ,P Governmental Affairs Committee Chairman Joseph
Lieberman, D-Conn., who wrote the Democrats' version of the bill, said
he is especially concerned about the latest GOP bill, because it
contains a number of special-interest provisions that are being sprung
on the Senate without prior warning or consideration. This is really not
the time for that. 

http://www.govexec.com/dailyfed/1102/111402cdam1.htm

 

[2] Homeland Security bill would reorganize federal first responder
programs 
By Jason Peckenpaugh 

The White House and the Senate have agreed to a major shake-up of
federal programs that provide anti-terrorism training to thousands of
“first responders” in state and local governments as part of the
homeland security bill now being considered by the Senate. 

The reorganization, which is part of the homeland security bill passed
Wednesday by the House, takes anti-terrorism training duties away from
the Federal Emergency Management Agency and puts them in the Border and
Transportation Security division of the Homeland Security Department. 

Specifically, the deal carves out the Office of National Preparedness
from FEMA and places it under the Office of Domestic Preparedness (ODP),
which will take the lead in training and equipping thousands of “first
responders” in the new department. The ODP is currently in the Justice
Department, but it would move to the Border and Transportation Security
Division of the Homeland Security Department under 

[INFOCON] - (HS) Ridge: Terrorist Threat Persists Rummy onDARPA's Info Awareness Experiment

[Wanja Eric Naef \(IWS\)]

'... Intelligence officials have made enormous progress in combining
domestic and foreign intelligence-gathering capabilities. They're now
gathering more information and in the past couple of weeks, Ridge said,
they're reporting more chatter. ...'

(The Economist - 'The World In 2003' has a good one page article titled
'The Spy who failed me' which gives a good overview of the current
problems intelligence agencies face. WEN) - some quotes from the
article:

... The end of the Soviet Union led some to opine that spying was no
longer a useful instrument of peace. In fact, in a world of rogue states
and terrorists that strike without warning, it is sometimes the only
instrument. ...

... Many experts believe that the powers of the CIA director should be
increased -- giving him greater control over the intelligence budget ...

... Getting fresh-faced boys and girls from Iowa to cruise the cocktail
party isn't going to do it (human intelligence) 

... In addition to intelligence gathering, equally in need of a
shake-ups is how the secrets are analysed. This will be harder. The
trouble is that the United States intelligence 'community' is no
community at all ...

*

U.S. officials are taking the threats voiced in the tape against the
president, vice president and defense secretary very, very seriously,
Ridge said. All terrorist organizations, from time to time, look to
assassination as a means of bringing terror and destruction to a country
or a community.

(Interesting statement because as far as I remember the secret service
has been cutting down on their counter sniper and counter assault teams
within the presidential protection corps, but hopefully they changed
their mind again. WEN)

*

Ridge: Terrorist Threat Persists; Nation Must Be Prepared
By Linda D. Kozaryn
American Forces Press Service 

WASHINGTON, Nov. 18, 2002 - The spectacular attack in Indonesia, the
limited attack in Kuwait and the assault on the French tanker off the
shores of Yemen all show terrorists' capabilities, Homeland Security
Adviser Tom Ridge said Nov. 17. 

The bottom line is that they've demonstrated an ability to attack
countries and people in various forms, and we have to be alert and aware
and be as well-prepared to interdict and prevent all of those potential
forms of attack, Ridge said on CNN's Late Edition. 

The FBI's latest bulletin, issued last week by the National
Infrastructure Protection Center, warned of possible spectacular
attacks that would have high symbolic value, cause mass casualties and
severe damage to the U.S. economy and create maximum psychological
trauma. 

Ridge said the FBI had summarized threat information received over the
past six to eight weeks. The warning, he noted, was a reminder to law
enforcement officials and the public that terrorists could certainly try
to bring harm, death and destruction like they did a year ago. 

U.S. officials review the national threat level each day, Ridge noted.
Right now, both within government and in the private sector, there's a
range of protective measures you can take within the yellow level, he
said. We are at the upper end of that range. 

The White House established the Homeland Security Advisory System as a
means of disseminating information regarding the risk of terrorist acts
to federal, state and local authorities and to the public. Five threat
levels are designated by colors: low is green; guarded, blue; elevated,
yellow; high, orange; severe, red. 

Intelligence officials have made enormous progress in combining domestic
and foreign intelligence-gathering capabilities. They're now gathering
more information and in the past couple of weeks, Ridge said, they're
reporting more chatter. 

We must remember that we're getting more information because we have
nearly 2,700 al Qaeda operatives detained around the world, Ridge
noted. So we're getting more information, both about the threat and
about operational capability. 

Information is being shared with the public, but sometimes, with an
abundance of caution, he said. Sometimes it's not corroborated, and we
want to go back and see if we can find it verified more completely. 

If officials have specific information about the time, place, venue and
means of attack, Ridge said, they would take action. 

Sources of information include public statements from the al Qaeda
leadership such as the audiotape aired recently by Al Jazeera television
network. Ridge said the U.S. intelligence community believes it's likely
the tape is the voice of Osama bin Laden. 


Whether or not the speaker is the terrorist leader, he said, the hate
and venom contained in the tape is what led to the Sept. 11 attack on
the United States. Whenever such a speaker reiterates his conditions,
threats and age-old complaints, we understand it is from an evil heart,
a hateful heart and an evil mind and an evil man, and we just have to
deal with it. 

Responding to those critical of the administration for failing to
capture or kill 

[INFOCON] - (HS) President Hails Passage of Homeland SecurityDepartment Legislation

[Wanja Eric Naef \(IWS\)]

(The new bureaucratic monster is coming! I am looking forward to the
turf wars. WEN)

*

White House:

President Hails Passage of Homeland Security Department Legislation 
Statement by the President 

The United States Congress Has Taken An Historic and Bold Step forward
to protect the American people by passing legislation to create the
Department of Homeland Security. This landmark legislation, the most
extensive reorganization of the Federal Government since the 1940s, will
help our Nation meet the emerging threats of terrorism in the 21st
Century. 

This bill includes the major components of my proposal - providing for
intelligence analysis and infrastructure protection, strengthening our
borders, improving the use of science and technology to counter weapons
of mass destruction, and creating a comprehensive response and recovery
division. 

I commend the employees who will move into this new department for their
hard work and dedication to the war on terrorism. Setting up this new
department will take time, but I know we will meet the challenge
together. 

I look forward to signing this important legislation. 

###

*

AP News flash:

WASHINGTON (AP) - The Senate voted decisively Tuesday to create a
Homeland Security Department, delivering a triumph to President Bush
and setting the stage for the biggest government reshuffling in a
half-century as a way to thwart and respond to terrorist attacks.

**

CNN:

Senate approves homeland bill
Tuesday, November 19, 2002 Posted: 8:23 PM EST (0123 GMT)

WASHINGTON (CNN) -- Capping months of debate, the Senate Tuesday
approved 90-9 a bill that would create a Department of Homeland Security
-- a massive reorganization of the federal government sparked by the
devastating September 11, 2001 terrorist attacks. 

The measure heads to the White House, where President Bush has promised
to sign the legislation into law, possibly next week said a spokesman
for the Office of Homeland Security. 

Creation of the Cabinet-level department dedicated to protecting the
United States from terrorist attacks is expected to take years and will
combine about 170,000 federal workers from 22 agencies. 

The push for a new Cabinet-level department originally came from
Democrats and was initially opposed by the administration. 

http://www.cnn.com/2002/ALLPOLITICS/11/19/homeland.security/index.html

**

GOVEXEC:

Bush, Senate GOP win big on homeland security bill 

By Brody Mullins, CongressDaily 

President Bush won a hard-fought victory Tuesday on homeland security
legislation when the Senate rejected a key Democratic amendment that
would have delayed approval of a Homeland Security Department until next
month at the earliest.

The 52-47 vote also cleared the way for final approval of the bill later
Tuesday after a four-month partisan fight.

http://www.govexec.com/dailyfed/1102/111902cd1.htm 











IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - News 11/20/02

[Wanja Eric Naef \(IWS\)]

_

  London, Wednesday, November 20, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to [EMAIL PROTECTED] with subscribe
infocon in the body

To unsubscribe - send an email to [EMAIL PROTECTED] with
unsubscribe infocon in the body

-

_


  
  [News Index]
  

[1] U.S. fails cybersecurity review--again
[2] Experts: Don't dismiss cyberattack warning
[3] Cyber center planned
[4] Senate approves Homeland bill
[5] Business Week Online Special - Enhancing Computer Security

[6] Caught in a BIND
[7] Navy restructuring CIO's office
[8] A case in point
[9] Internet Provisions in Security Bill
[10] Don't trust that spam: Ignore 'Nigerian scam'

[11] At a stroke, MS cuts critical vuln reports
[12] Bill's secrecy provisions stick
[13] Security Through Soundbyte: The 'Cybersecurity Intelligence' Game
[14] Local officials give homeland bill mixed reviews
[15] CIA searching out technologies to boost national security

[16] Internet, E-Commerce Boom Despite Economic Woes
[17] Liberty Alliance Updates Specs
[18] Hill OKs security research
[19] Northcom orders C4ISR, info ops work

_

News
_


[1] U.S. fails cybersecurity review--again 

By Reuters 
November 19, 2002, 3:04 PM PT

The U.S. government flunked a computer-security review for the third
consecutive year on Tuesday, showing no improvement despite increased
attention from high-level officials. 

Government agencies that oversee military forces, prosecute criminals,
coordinate emergency response efforts and set financial policy all
received failing grades from congressional investigators. 

The Department of Transportation, whose computer systems guide
commercial aircraft and allocate millions of dollars in highway funding,
received the lowest score, 28 out of a possible 100. 

Stung by a series of electronic break-ins and Internet-based attacks,
Congress has voted to triple spending on cybersecurity research efforts
while the Bush administration is pulling together a much-publicized set
of guidelines for businesses and individuals.

http://news.com.com/2100-1001-966444.html?tag=lh 

See also:
http://www.mail-archive.com/infocon@infowarrior.org/msg00321.html 


 

(There is quite a difference between developing an 'expertise in
computer science' and launch a strategic CNO campaign. Just ask some IO
people from Kelly AFB or Fort Mead and they will agree. AQ claims lots
of things and it certainly makes sense that they research this area, but
there is a major difference between 'looking into something' and
actually having the capability of doing something like that. It takes
quite a bit more than a mouse click to bring down an economy. So, I
would still say that at the moment any kinetic force is far more
powerful than any ping of death. WEN)   

[2] Experts: Don't dismiss cyberattack warning

By DAN VERTON 
NOVEMBER 18, 2002

Security experts and two former CIA officials said today that warnings
of cyberattacks by al-Qaeda against western economic targets should not
be taken lightly. 

Vince Cannistraro, the former chief of counterterrorism at the CIA, said
that a number of Islamists, some of them close to al-Qaeda, have
developed expertise in computer science. 

And some are well schooled in how to carry out cyberattacks, he said.
We know from material retrieved from [al-Qaeda] camps in Afghanistan
that this is true. But their expertise seems mostly dedicated to
communicating securely among al-Qaeda cells. Cyberattacks would probably
render them less secure by focusing attention on their location. 

In an exclusive interview with Computerworld on Monday, Sheikh Omar
Bakri Muhammad, a London-based fundamentalist Islamic cleric with known
ties to Osama bin Laden, said al-Qaeda and various other fundamentalist
Muslim groups around the world are actively planning to use the Internet
as a weapon in their defensive jihad, or holy war, against the West. 

http://computerworld.com/securitytopics/security/story/0,10801,76000,00.
html 

Update: 

[INFOCON] - EPIC Alert 9.23

[Wanja Eric Naef \(IWS\)]

-Original Message-
On Behalf Of EPIC News
Sent: 19 November 2002 23:54
To: [EMAIL PROTECTED]
Subject: EPIC Alert 9.23


 ==

     @@@    @@     @
 @ @  @   @   @@ @   @ @ @  @@
   @@@@   @   @  @ @@@   @@@ @
 @ @  @   @   @   @  @ @ @  @@
   @ @@@  @   @      @   @   @

 ==
 Volume 9.23  November 19, 2002
 --

  Published by the
Electronic Privacy Information Center (EPIC)
  Washington, D.C.

   http://www.epic.org/alert/EPIC_Alert_9.23.html

===
Table of Contents
===

[1] Public Protest Over Pentagon Surveillance System Mounts
[2] Appeals Court Permits Broader Electronic Surveillance
[3] Homeland Security Bill Limits Open Government
[4] Circuit Court Approves Faxed Warrants
[5] DC City Council Attacks Camera System, Adopts Regulations
[6] California Passes Database Privacy Legislation
[7] EPIC Bookstore - Data Protection Law
[8] Upcoming Conferences and Events

===
[1] Public Protest Over Pentagon Surveillance System Mounts
===

The Pentagon's proposed Total Information Awareness (TIA)
surveillance system is coming under increasing attack.  In an open
letter sent yesterday, a coalition of over 30 civil liberties groups
urged Senators Thomas Daschle (D-SD) and Trent Lott (R-MS) to act
immediately to stop the development of this unconstitutional system of
public surveillance.  Newspapers across the country have written
editorials castigating the program.  The New York Times has said that
Congress should shut down the program pending a thorough
investigation.  The Washington Post wrote, The defense secretary
should appoint an outside committee to oversee it before it proceeds.
William Safire's recent column, which played a major role in igniting
the public outcry, called the surveillance system a supersnooper's
dream.

The TIA project is part of the Defense Advanced Research Projects
Agency (DARPA)'s Information Awareness Office, headed by John
Poindexter.  The surveillance system purports to capture a person's
information signature so that the government can track potential
terrorists and criminals involved in low-intensity/low-density
forms of warfare and crime.  The goal of the system is to track
individuals by collecting as much information about them as possible
and using computer algorithms and human analysis to detect potential
activity.  The project calls for the development of revolutionary
technology for ultra-large all-source information repositories, which
would contain information from multiple sources to create a virtual,
centralized, grand database.  This database would be populated by
transaction data contained in current databases, such as financial
records, medical records, communication records, and travel records,
as well as new sources of information.  Intelligence data would also
be fed into the database.

A key component of the project is the development of data mining or
knowledge discovery tools that will sift through the massive amount
of information to find patterns and associations.  The surveillance
plan will also improve the power of search tools such as Project
Genoa, which Poindexter's former employer Syntek Technologies
assisted in developing.  The Defense Department aims to fund the
development of more such tools and data mining technology to help
analysts understand and even preempt future action.  A further
crucial component is the development of biometric technology to
enable the identification and tracking of individuals.  DARPA has
already funded its Human ID at a Distance program, which aims to
positively identify people from a distance through technologies such
as face recognition and gait recognition.  A nationwide
identification system might also be of great assistance to such a
project by providing an easy means to track individuals across
multiple information sources.

The initial plan calls for a five year research project into these
various technologies.  According to the announcement soliciting
industry proposals, the interim goal is to build leave-behind
prototypes with a limited number of proof-of-concept demonstrations
in extremely high risk, high payoff areas.  The FBI and the
Transportation Security Administration (TSA) are also working on data
mining projects that will merge commercial databases, public

[INFOCON] - USAF: Why worry about computer security?

[Wanja Eric Naef \(IWS\)]

Why worry about computer security?

by Master Sgt. Keith Korzeniowski and Jack Worthy
45th Communications Squadron

11/20/2002 - PATRICK AIR FORCE BASE, Fla. (AFPN) -- Before going to bed
at night, do you leave your front door unlocked? When parking your car,
do you leave the keys in the ignition? Probably not. You automatically
take precautions to secure valuables. 

Information is a valuable asset for our national security. In the
computer age, information has become the lifeblood of many companies. 

Failure to safeguard information as you would your home or other assets
is ludicrous. Unfortunately, according to a 1999 study done by the
University of California all too often security measures are either
minimized or ignored by 26 percent of the entire information technology
and automated information system communities. 

For those in the know, the need for computer security measures is
apparent. Even though data assets can be lost, damaged or destroyed by
various causes, information systems tend to be susceptible for several
reasons. 

First, computer components are relatively fragile. Hardware can be
damaged more easily than, for example, tools in an auto repair shop.
Data files are extremely fragile compared to other organizational
assets. Second, computer systems are targets for disgruntled employees,
protestors and even criminals. Finally, decentralization of facilities
and use of distributed processing have increased vulnerability of
information and computers. 

There are many ways to protect and prevent access to computer systems,
from physical security involving locks and guards, to measures embedded
in the system itself. Since end users have access, each represents a
potential vulnerability. Many security measures begin with you. 

Here are some guidelines: 

* Know your unit information systems security officer, and information
assurance awareness manager, and phone numbers for the network control
center's C4 help desk. 

* Ensure your system is certified and accredited. Systems designated to
handle classified information must complete an emission security
assessment before processing is authorized. 

* Practice good password creation and protection. Ensure passwords
contain at least eight characters, including upper and lower case alpha,
numeric and special characters, and are exclusive to your system. 

* Use a password-protected screensaver when leaving your computer
unattended. 

* Share information only with people and systems authorized to receive
it. 

* Always scan disks, e-mail attachments and downloaded files using the
latest antiviral product and signature file. 

* Know the sensitivity level of the information you're processing,
requirements for protecting it, and security limitations of systems used
to transmit it. Sanitize processing and storage devices. 

* Know the basics of data contamination, malicious logic, and virus
prevention and detection. 

*Avoid virus hoaxes and chain letters. 

The telecommunications monitoring and assessment program governs consent
to monitoring. Notification of consent is approved through signed
permission and is placed on DOD computers, personal digital assistants,
local area networks, external modems, phones, fax machines, text pagers,
phone directories, and land mobile radios. 

Being a base network user is like being a member of the local community,
which provides services to its citizens. Just as a community has laws,
the network has policies. 

First, e-mail is for official use only. Policy is addressed in Air Force
Instruction 33-119, Electronic Mail Management and Use. Forbidden
activities include sending or receiving e-mail for commercial or
personal financial gain, and sending harassing, intimidating, or
offensive material to or about others. 

Like e-mail, Internet or Web access provided by the network is for
official use only. AFI 33-129, Transmission of Information via the
Internet, provides guidance on proper use of the Internet. Do not
transmit offensive language or materials, such as hate literature and
sexually harassing items, and obscene language or material, including
pornography and other sexually explicit items. The AFI also prohibits
obtaining, installing, copying, storing or using software in violation
of the vendor's license agreement. Before downloading software from the
Internet, keep in mind much of the freeware or shareware is only free
for personal use. Licenses for many programs exclude use by the
government or commercial companies. 

If you break the law in your community you can face serious
consequences. What may be less known is that violating network policies
also has consequences. A captain at Wright Patterson AFB, Ohio, was
sentenced to nine months' confinement, a $10,000 fine and a reprimand
for conduct unbecoming an officer for using an Air Force computer to
download and store pornographic images. 

The base network is an unclassified system and a shared resource. One
careless user sending a classified e-mail 

[INFOCON] - News 11/25/02

[Wanja Eric Naef \(IWS\)]

(Due to a power outage there was no Infocon on Friday. WEN)

_

  London, Monday, November 25, 2002 
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to [EMAIL PROTECTED] with subscribe
infocon in the body

To unsubscribe - send an email to [EMAIL PROTECTED] with
unsubscribe infocon in the body

-

_


  
  [News Index]
  

[1] Homeland Security organized along administration's proposal
[2] War with Iraq will mean virus outbreak, hacker says
[3] Academy seizes computers from nearly 100 mids
[4] White House science team outlines anti-terrorism focus
[5] Tech Insider: Total information unawareness

[6] Sept. 11 showed work needed on Internet
[7] Pentagon backs off on Net ID tags
[8] Preparing for a Different Kind of Cyberattack
[9] Net auctions targeted for crackdown
[10] No two cyber-policies are alike

[11] When Washington Mimics Sci Fi
[12] Security Alert: New Wi-Fi Security Scheme Allows DoS
[13] Comdex's Secure Side
[14] Court to decide Kazaa's US liability
[15] Congress responds to concerns, but conflict could delay action

[16] Why is mi2g so unpopular?
[17] Internet security journalist hacks Saddam's e-mail
[18] Microsoft warns of security hole
[19] SQL Injection and Oracle
[20] Researchers: Pull plug on battery attacks

[21] Marines move toward PKI
_

News
_

_

CURRENT THREAT LEVELS 
_


Electricity Sector Physical: Elevated (Yellow) 

Electricity Sector Cyber: Elevated (Yellow) 

Homeland Security Elevated (Yellow) 
DOE Security Condition: 3, modified  

NRC Security Level: III (Yellow) (3 of 5)


   


[1] Homeland Security organized along administration's proposal
By Tanya N. Ballard

The Homeland Security Department approved by Congress this week looks
much like the department President Bush proposed five months ago. 

The new department will merge at least 170,000 federal employees from 22
agencies who perform a vast array of missions, from agricultural
research to port security to disaster assistance. Under H.R. 5005, the
Homeland Security Department would include the Transportation Security
Administration, Customs Service, Immigration and Naturalization Service,
Secret Service, Coast Guard and Federal Emergency Management Agency. The
agencies will be reorganized into four directorates within the
department: Information Analysis and Infrastructure Protection, Science
and Technology, Border and Transportation Security, and Emergency
Preparedness and Response. 

The information analysis unit would absorb all of the functions of the
FBI's National Infrastructure Protection Center, the Defense
Department's National Communications System, the Commerce Department's
Critical Infrastructure Assurance Office, the Energy Department's
National Infrastructure Simulation and Analysis Center, and the General
Services Administration's Federal Computer Incident Response Center.

http://www.govexec.com/dailyfed/1102/112002t1.htm

 

(FUD. A bragging teenager who is rather a lame virus writer, but
naturally the journalist believes him that he is able to write a
'Uebervirus'. WEN)

[2] War with Iraq will mean virus outbreak, hacker says

By DAN VERTON 
NOVEMBER 20, 2002

Content Type: Story 
Source: Computerworld
  
A Malaysian virus writer who is sympathetic to the cause of the al-Qaeda
terrorist group and Iraq and who has been connected to at least five
other malicious code outbreaks is threatening to release a megavirus if
the U.S. launches a military attack against Iraq. 
The virus writer, who goes by the handle Melhacker and is believed to
have the real name of Vladimor Chamlkovic, is thought to have written or
been involved in the development of the VBS.OsamaLaden@mm, Melhack,
Kamil, BleBla.J and Nedal worms. 

However, in an exclusive interview today with Computerworld, 

[INFOCON] - News 11/27/02

[Wanja Eric Naef \(IWS\)]

_

  London, Wednesday, November 27, 2002   
   _

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to [EMAIL PROTECTED] with subscribe
infocon in the body

To unsubscribe - send an email to [EMAIL PROTECTED] with
unsubscribe infocon in the body

-

_


  
  [News Index]
  

[1] Most homeland security agencies to move by March, White House says
[2] Intelligence experts pan call for domestic spying agency
[3] Lawmaker urges Bush to fill key homeland positions
[4] FEMA debuts DisasterHelp.gov
[5] Secure Programming with .NET

[6] Free Chinese Net users - Amnesty
[7] AKO offers secure portal lessons
[8] Hackers Fight Censorship, Human Rights Violations
[9] Firms to splash cash on IT security
[10] Winning the Cybersecurity War

[11] Justice Department outlines security roadmap for chemical plants
[12] RIAA punishing Navy cadets 'because it can'
[13] Court finds limits to California jurisdiction in cyberspace
[14] Lawyers Fear Misuse of Cyber Murder Law
[15] The seven deadly sins of e-tailers

[16] Command to score joint C2
[17] RealPlayer security fix is faulty
[18] Possessed! The Solaris font daemon
[19] Feds break massive identity fraud

_

CURRENT THREAT LEVELS 
_


Electricity Sector Physical: Elevated (Yellow) 

Electricity Sector Cyber: Elevated (Yellow) 

Homeland Security Elevated (Yellow) 

DOE Security Condition: 3, modified  

NRC Security Level: III (Yellow) (3 of 5) 

_

News
_


[1] Most homeland security agencies to move by March, White House says
By Jason Peckenpaugh

The White House released its initial plan for organizing the Homeland
Security Department on Monday, including a time frame for moving
agencies to the new department.

Pending Senate confirmation, Homeland Security Secretary-designate Tom
Ridge will take office on Jan. 24, and nearly all of the agencies slated
to move to the department will transfer on March 1. All agency transfers
will be completed by Sept. 30, 2003 according to the plan, which was
required under the Homeland Security Act that President Bush signed
Monday.

The plan does not state whether any employees will move offices when
their agencies are transferred. The White House is looking for office
space in the Washington area, and District of Columbia politicians,
including Del. Eleanor Holmes Norton, D-D.C., have argued the new
department's headquarters should be in the District. Northern Virginia
offers additional sites for the potential headquarters, according to
Rep. James Moran, D-Va. Because we built more than in Maryland and the
District, we have more office space and you can get very good prices,
he said in a recent interview with Government Executive.

http://www.govexec.com/dailyfed/1102/112602p1.htm

 

[2] Intelligence experts pan call for domestic spying agency
By Drew Clark, National Journal's Technology Daily 

A new domestic spying agency would neither serve the interests of police
or spying agencies nor ameliorate Americans' fears about enhanced
electronic surveillance by the government, a panel of intelligence
experts largely agreed, for different reasons, on Friday.

The proposal, reportedly discussed in the White House, is one of the
recommendations of the Gilmore Commission, an advisory panel on
terrorism and weapons of mass destruction. The issue gained renewed
attention with a Nov. 18 decision of a secret court that expanded the
government's authority to use intelligence information in criminal
prosecutions.

Attorney General John Ashcroft praised the decision, but civil liberties
advocates said it represented a new avenue for spying on Americans.

http://www.govexec.com/dailyfed/1102/112602td1.htm

 

[3] Lawmaker urges Bush to fill key homeland positions
From National Journal's Technology Daily 

A key House 

[INFOCON] - (MIL) Electronic Warfare: Comprehensive StrategyStill Needed for Suppressing Enemy Air Defenses

[Wanja Eric Naef \(IWS\)]

(During the Kosovo campaign the Americans were very keen on German EW
Tornado aircrafts as they lacked EW equipment. According to GAO the US
military has still not beefed up their EW capabilities. The GAO report
is not bad, but it does not take into account other problems
(operational procedures, ...) which also hinder mission success. WEN)

Electronic Warfare:  Comprehensive Strategy Still Needed for Suppressing
Enemy Air Defenses.  

GAO-03-51, November 25 
http://www.gao.gov/cgi-bin/getrpt?GAO-03-51

Highlights
http://www.gao.gov/highlights/d0351high.pdf


What GAO Recommends

GAO continues to recommend that the Secretary of Defense develop a
comprehensive, crossservice strategy to close the gap between DOD's
suppression capabilities and needs. In addition, an effective
coordinating
entity is needed to develop and monitor implementation of the strategy.
In answer to a draft of GAO's report, DOD concurred with its
recommendations. Staff changes are being made to address crosscutting
issues, and an integrated product team process established to form a
comprehensive approach to the electronic warfare mission.




... In conducting military operations, U.S. aircraft are often at great
risk from enemy air defenses, such as surface-to-air missiles. The
services use
specialized aircraft to neutralize, destroy, or temporarily degrade
enemy
air defense systems through either electronic warfare or physical
attack. ...

... According to DOD, countries have sought to make their air defenses
more
resistant to suppression. ...

... However, according to the Defense Intelligence Agency, these
aircraft were unable to destroy their integrated air defense system
because Yugoslav forces often engaged in elaborate efforts to protect
their air defense assets. ...

... Since our January 2001 report,5 the services have had some success
in
improving their suppression capabilities, but they have not reached a
level
needed to counter future threats. ...

... The Air Force recently upgraded the HARM Targeting System and is
procuring additional systems. The upgrade (known as R-6) provides better
and faster targeting information to the missile, but even with this pod
the
F-16CJ still lacks some of the capabilities of the retired F-4G. ...

... The services have already identified serious reliability problems
with
current self-protection systems on U.S. combat aircraft, including
jammers, radar warning receivers, and countermeasures dispensers. Most
of the current systems use older technology and have logistics support
problems due to obsolescence. Also, as we reported last year,7 the
selfprotection systems on strike aircraft may have more problems than
the
services estimate. ...
 

... The services have initiated additional research and development
efforts to improve their ability to suppress enemy air defenses, but
they face
technology challenges and/or a lack of funding priority for many of
these
programs. ...

... The air defense suppression mission continues to be essential for
maintaining air superiority. Over the past several years, however, the
quantity and quality of the services' suppression equipment have
declined
while enemy air defense tactics and equipment have improved. DOD has
recognized a gap exists in suppression capabilities but has made little
progress in closing it. In our view, progress in improving capabilities
has
been hampered by the lack of a comprehensive strategy, cross-service
coordination, and funding commitments that address the overall
suppression needs. DOD relies on individual service programs to fill the
void, but these programs have not historically received a high priority,
resulting in the now existing capability gap. We continue to believe
that a
formal coordinating entity needs to be established to bring the services
together to develop an integrated, cost-effective strategy for
addressing
overall joint air defense suppression needs. A strategy is needed to
identify mission objectives and guide efforts to develop effective and
integratedsolutions for improving suppression capabilities. ...


Recommendations for Executive Action

... To close the gap between enemy air defense suppression needs and
capabilities, we recommend that the Secretary of Defense establish a
coordinating entity and joint comprehensive strategy to address the gaps
that need to be filled in the enemy air defense suppression mission. The
strategy should provide the means to identify and prioritize promising
technologies, determine the funding, time frames, and responsibilities
needed to develop and acquire systems, and establish evaluation
mechanisms to track progress in achieving objectives. ...





IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - CERT Summary CS-2002-04

[Wanja Eric Naef \(IWS\)]

CERT Summary CS-2002-04

   November 26, 2002

   Each  quarter, the CERT Coordination Center (CERT/CC) issues the CERT
   Summary  to  draw  attention  to  the types of attacks reported to
our
   incident  response  team,  as  well  as  other noteworthy incident
and
   vulnerability information. The summary includes pointers to sources
of
   information for dealing with the problems.

   Past CERT summaries are available from:

  CERT Summaries
  http://www.cert.org/summaries/
 
__

Recent Activity

   Since the last regularly scheduled CERT summary, issued in August
2002
   (CS-2002-03),   we   have   seen   trojan  horses  for  three
popular
   distributions,  new  self-propagating malicious code
(Apache/mod_ssl),
   and  multiple  vulnerabilities  in BIND. In addition, we have issued
a
   new PGP Key.

   For  more  current  information  on  activity  being  reported  to
the
   CERT/CC,  please  visit the CERT/CC Current Activity page. The
Current
   Activity  page  is  a  regularly updated summary of the most
frequent,
   high-impact  types  of  security  incidents  and vulnerabilities
being
   reported  to the CERT/CC. The information on the Current Activity
page
   is reviewed and updated as reporting trends change.

  CERT/CC Current Activity
  http://www.cert.org/current/current_activity.html


1. Apache/mod_ssl Worm

   Over  the  past  several  months,  we  have  received reports of
a
   self-propagating  malicious  code  that  exploits  a
vulnerability
   (VU#102795)  in  OpenSSL. Reports received by the CERT/CC
indicate
   that  the  Apache/mod_ssl  worm  has already infected thousands
of
   systems.  Over  a  month  earlier,  the CERT/CC issued an
advisory
   (CA-2002-23) describing four remotely exploitable buffer
overflows
   in OpenSSL.

CERT Advisory CA-2002-27
Apache/mod_ssl Worm
http://www.cert.org/advisories/CA-2002-27.html

CERT Advisory CA-2002-23
Multiple Vulnerabilities in OpenSSL
http://www.cert.org/advisories/CA-2002-23.html

Vulnerability Note #102795
OpenSSL  servers contain a buffer overflow during the 
SSL2 handshake process
http://www.kb.cert.org/vuls/id/102795


2. Trojan Horse Sendmail Distribution

   The  CERT/CC  has  received  confirmation  that some copies of
the
   source  code  for  the  Sendmail  package have been modified by
an
   intruder  to  contain a Trojan horse. These copies began to
appear
   in  downloads  from  the  FTP server ftp.sendmail.org on or
around
   September  28,  2002.  On  October  8, 2002, the CERT/CC issued
an
   advisory   (CA-2002-28)   describing  various  methods  to
verify
   software authenticity.

CERT Advisory CA-2002-28
Trojan Horse Sendmail Distribution
http://www.cert.org/advisories/CA-2002-28.html


3. Trojan Horse tcpdump and libpcap Distributions

   The  CERT/CC  has  received reports that some copies of the
source
   code  for  libpcap,  a  packet acquisition library, and tcpdump,
a
   network  sniffer,  have been modified by an intruder and contain
a
   Trojan  horse.  These  modified  distributions  began to appear
in
   downloads  from  the  HTTP server www.tcpdump.org on or around
Nov
   11,  2002. The CERT/CC issued an advisory (CA-2002-30) listing
MD5
   checksums and official distribution sites for libpcap and
tcpdump.

CERT Advisory CA-2002-30
Trojan Horse tcpdump and libpcap Distributions
http://www.cert.org/advisories/CA-2002-30.html


4. Multiple Vulnerabilities in BIND

   The  CERT/CC  has documented multiple vulnerabilities in BIND,
the
   popular  domain  name  server  and client library software
package
   from  the  Internet  Software  Consortium  (ISC).  Some  of
these
   vulnerabilities  may  allow a remote intruder to execute
arbitrary
   code  with  privileges  of  the  the user running named
(typically
   root).  Several  vulnerabilities  are  referenced in the
advisory;
   they are listed here individually.

CERT Advisory CA-2002-31
Multiple Vulnerabilities in BIND
http://www.cert.org/advisories/CA-2002-31.html

Vulnerability Note #852283
Cached malformed SIG record buffer overflow
http://www.kb.cert.org/vuls/id/852283

Vulnerability Note #229595
Overly large OPT record assertion
http://www.kb.cert.org/vuls/id/229595

Vulnerability Note #581682
ISC Bind 8 fails to properly dereference cache SIG RR 
elements invalid expiry times from the 

[INFOCON] - NIPC Daily Open Source Report for 27 November 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 27 November 2002

Daily Overview

.   Internet Security Systems has lowered its AlertCon Internet
threat indicator to Level 1, which warrants routine security.  (See
Internet Alert Dashboard)

.   CERT announces Advisory CA-2002-34: Buffer Overflow in Solaris X
Window Font Service, which could allow an attacker to execute arbitrary
code or cause a denial of service.  (See item 11) 

.   According to ZDNet News, an Internet attack flooded domain name
manager UltraDNS with a deluge of data late last week, causing
administrators to scramble to keep up and running the servers that host
.info and other domains.  (See item 12)

.   According to the Toronto Star, the outbreak of a highly
infectious virus, believed to be the Norwalk virus, has shut down a
Toronto hospital's emergency room.  (See item 14)

.   Reuters reports the Philippine government said Tuesday it has
banned imports of ammonium nitrate, and will phase out its use by
farmers within six months, since the widely available fertilizer is
being used by militants to make bombs.  (See item 13)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking  Finance
Transportation

Gas  Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

1.  November 26, Associated Press - Electric cable damage worse than
thought.  Utility officials say damage done to underwater power cables
in Long Island Sound is worse than first thought.  Divers working over
the weekend discovered that two more underwater power cables had been
severed when a drifting barge dragged its anchor across them.  Utility
and environmental officials also said an oil-like sheen has been sighted
on the water near the site where the cables have been leaking insulating
fluid.  The Long Island Power Authority shares ownership of the cable
with Northeast Utilities (NU).  NU spokesman Frank Poirot said all seven
cables had been severed during a similar December 1996 incident in which
a barge dragged its anchor across the conduits.  The repairs in that
incident, which Poirot said cost millions of dollars, took almost a year
to complete.  Source:
http://www.newsday.com/news/local/longisland/ny-cable1126,0,7793125.stor
y?coll=ny-linews-headlines

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Cyber: ELEVATED
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -  http://esisac.com]

[return to top]

Banking and Finance Sector

Nothing to report

[return to top]

Transportation Sector

2.  November 26, U. S. Department of State - President Bush signs
port security bill into law.  President Bush signed into law November 25
a bill aimed at improving security at U.S. seaports and preventing
terrorists from using the maritime transportation system to mount
attacks on the United States.  The Maritime Transportation Security
Act will strengthen security through the required development of
security plans for ports and an improved identification and screening
system of port personnel, President Bush said in a prepared statement.
Source:
http://usinfo.state.gov/cgi-bin/washfile/display.pl?p=/products/washfile
/latestf=02112601.cltt=/products/washfile/newsitem.shtml 

3.  November 25, Port of Los Angeles - Los Angeles mayor signs
landmark port security agreement.  On Tuesday, the last day of his Asian
tourism and trade mission, Los Angeles Mayor Jim Hahn signed a major
agreement to initiate a Port of Los Angeles international container
security program.  This agreement will elevate security standards for
containers moving between Hong Kong and Los Angeles, said Mayor Hahn.
Mayor Hahn signed a Memorandum of Understanding (MOU) with Modern
Terminals Limited Managing Director Erik Bogh Christensen to test new
security enhancements - including tamper-proof locks and other security
systems - for Port of Los Angeles-bound cargo before leaving for the
United States.  The agreement with Modern Terminals is significant
because Hong Kong is the largest port in the world and is the largest
point of embarkation for goods being shipped to Los Angeles, the busiest
port in the U.S.  Approximately one-third of the Hong Kong cargo bound
for Los Angeles is processed by Modern Terminals.  The pilot project
will be partially funded by a congressional appropriation through the
U.S. Department of Transportation under the Operation Safe Commerce
program.  Source: http://biz.yahoo.com/bw/021125/250481_1.html 

4.  November 23, Scripps Howard News Service - DOT says 'hazmat'
cargo label may draw terrorists.  Concerned that terrorists might use
hazardous-materials warning signs as readily as emergency workers,
federal officials are looking for more secure ways of identifying what's

[INFOCON] - (HS) New Security Department Reinforces NORTHCOMMission

[Wanja Eric Naef \(IWS\)]

Department of Defense Homeland Security
http://www.defenselink.mil/specials/homeland/ 


-Original Message-
From: DEFENSE PRESS SERVICE LIST On Behalf Of Press Service
Sent: 26 November 2002 22:18
To: [EMAIL PROTECTED]
Subject: New Security Department Reinforces NORTHCOM Mission

By Master Sgt. Bob Haskell
Special to the American Forces Press Service

The National Guard has given the U.S. Northern Command a base
that it can build on, one of that new organization's high-
ranking officers said recently.

Furthermore, the new Cabinet-level Department of Homeland
Security will reinforce the Northern Command's mission of
safeguarding this country, Air Force Maj. Gen. Dale Meyerrose
maintained during a Nov. 13 summit on homeland security.

President George W. Bush signed the legislation creating the new
department on Nov. 25. Meyerrose is the director of
architectures and integrations for the Northern Command that was
stood up at Peterson Air Force Base in Colorado Springs, Colo.,
on Oct. 1. He is also director for command control systems at
the North American Aerospace Defense Command's headquarters at
Peterson. He is the chief information officer for both commands.

Meyerrose is responsible for creating the communications and
informational architecture so that Northern Command personnel
can support and share information with civil authorities,
including the FBI and the Federal Emergency Management Agency,
when directed by the president and the secretary of defense.

I think it will only make our job easier, Meyerrose told
reporters about the new Homeland Security Department that
President George W. Bush has championed in the wake of the
terrorist attacks of Sept. 11, 2001. The U.S. House of
Representatives approved 299-121 on Nov. 13; the Senate
decisively endorsed the homeland security bill 90-9 on Nov. 19.

It provides an organization at the national level which links
what we do in the Department of Defense with other departments
and, hopefully, down to the states and other jurisdictions,
explained Meyerrose, one of the keynote speakers during the
summit organized.

The new department will include all, or parts of, 22 separate
federal agencies, including Customs, the Coast Guard and the
FEMA, in the largest governmental reorganization since the
Department of Defense was formed in 1947.

It will help, Meyerrose said, because a lot of architecture,
constructs and concepts of operation that need to be put in
place are beyond the scope of the Department of Defense and
Northern Command. That's where the Department of Homeland
Security, of which we will be a supporting part, will come in
handy.

Nearly 200 people attended the conference, which explored ways
in which computer-driven technology can help numerous agencies
protect the United States. It is critical for all federal, state
and local agencies to be able to communicate quickly so
information can be transformed into action should this country
be attacked again, Meyerrose and other speakers insisted.

The challenge, Meyerrose explained, is finding the best way to
transform a voice report from an emergency responder who is
first on the scene of a terrorist attack or natural disaster
into a digital format that provides reports to all coordinating
agencies.

 I need to change my foundation from 'need to know' to 'need to
share' without compromising the security of sensitive
information that could help an enemy, observed Meyerrose, an Air
Force Academy graduate who has been a communications officer for
27 years. We must be able to move secret information from
trusted environment to trusted environment, he added.

The Northern Command, commanded by Air Force Gen. Ralph
Eberhart, is primarily responsible for protecting the
continental United States and its contiguous waters, from the
Aleutian Islands in the Pacific Ocean to Puerto Rico and the
U.S. Virgin Islands in the Caribbean, from external threats and
attacks, Meyerrose stressed.

It is also prepared, when ordered by the president or secretary
of defense, to support a lead federal agency in case civil
authorities cannot deal with a catastrophic domestic event such
as the terrorist attacks against the World Trade Center and the
Pentagon on Sept. 11, 2001. That is when it is critical for
Northern Command to be able to communicate with the FBI or FEMA,
Meyerrose added.

 It is our belief that the unity of command embodied by
NORTHCOM will allow this country to raise that capability to a
new height, he said.

Meyerrose said that he and his Northern Command colleagues would
strive to improve the informational architecture by coordinating
communications systems that already exist and by improving on
procedures that are already in place.

The National Guard already has established procedures that will
help, he said, because 26 of the adjutants general in the 54
states and territories already serve in dual capacities as state
military leaders and state emergency managers.

 They have lots of existing 

[INFOCON] - JMU : R.U.N.S.A.F.E.

[Wanja Eric Naef \(IWS\)]

http://www.jmu.edu/computing/runsafe/ 

see also:

http://www.jmu.edu/computing/security/ 


R.U.N.S.A.F.E.

Did you know that with one wrong mouse click you could make it possible
for someone to read all your email, documents, or instant messages? That
they could also view your grades, online bank accounts, or change your
course schedule? That they could read or change anything on your
computer? Or anything accessed from it? That they could turn on your
computer's microphone to listen in on conversations? That they could use
your computer for a computer crime for which you may be blamed?

Did you know a newly installed Windows XP, 2000, NT, or Linux computer
is likely vulnerable to the same type of compromise just by being
attached to the network? 

Did you know several such incidents have occurred on computers at
JMU...from Windows 95 and Macintosh desktops to Windows NT and Unix
servers? That they've been used to attack other computers and divulge
information? Did you know all our computers are scanned constantly from
around the world by people hoping to take advantage of them?

Did you know that your behavior impacts your neighbors' security and
their behavior yours?

The Internet, paired with today's software, provides us astonishing
capabilities for sharing and communication. However, these same
capabilities also provide access and computer power to more than 300
million people around the world...some of whom may not share our
behavioral expectations. Examples, such as random acts of vandalism, can
be found in any local newspaper. 

The threats associated with online folks' behavior are very different
from similar threats in the physical world. Using the same freedom and
functionality we treasure, they can communicate with our computers
almost instantaneously, almost anonymously, and en masse from around the
world. They don't even need to be a computer expert. It only takes one
person to write a destructive program to enable many people without
technical knowledge to cause problems, just as all of us use word
processors and web browsers without knowing how they work or being able
to write one ourselves.

While the risks associated with these threats can be decreased by
limiting communications, limiting computer functionality, and increasing
the complexity involved with our computing environment, they can't be
eliminated because security is never absolute. Moreover, the more we
wish to maintain our current freedom in communications and computing,
the more necessary it is that we individually take steps to take care of
ourselves and reduce the need for outside controls and limitations. 

The only person ultimately in control of a computer is the operator in
front of the keyboard. That person presently has the freedom to run any
software he or she wants and communicate with anyone around the world.
Each of us must do his or her part to help ensure the integrity of our
network by operating our computers safely.

Our computers can do almost anything we tell them to do. Unfortunately,
this versatility makes them very complicated. A certain amount of
awareness and skill is necessary to operate such a complicated device
safely on a world wide network. The goal of the R.U.N.S.A.F.E. program
is to help you attain the knowledge and skills necessary for safely
operating an Internet connected computer.

The information and associated steps listed on this page are key
components to everyone's online security. Everyone should understand
them and be able to take the actions described. R.U.N.S.A.F.E. workshops
are offered once per semester that describe the incidents we've seen at
JMU, the threats we're exposed to, and that teach the defensive concepts
and procedures described here. Onsite workshops are also available to
groups. (contact Gary Flynn to schedule one).

Click here to download the RUNSAFE  workshop PowerPoint presentation. If
you don't have PowerPoint, you can get a free viewer from Microsoft
here.

A sixteen minute RUNSAFE awareness video is available. It can be
downloaded here. The material is copyrighted by Jim Blackburn but may be
used  for educational purposes. The file is 161 MB in size.

R.U.N.S.A.F.E. Goal for All Computer Operators on the JMU network:
Understand the material on this page.  
Run anti-virus software and update it weekly. Preferably the campus
supported Norton Anti-virus. 
Treat email attachments and other unknown programs with caution. 
Use the Windows Update Site on every new installation and monthly
thereafter. 
Choose strong passwords for your own desktop and on servers which you
may use and keep them confidential. 
Use care if you enable Microsoft File Sharing. 
Visit the Hot Topics! page at least monthly. 
For all server operators (Windows/Unix/Mac/Whatever) and all unix
desktop operators: 
Set up new computers with the network cable disconnected. 
Turn off all services running on the newly installed computer. 
Connect to network and download and install patches. 
Turn on 

[INFOCON] - NIPC Daily Open Source Report for 29 November 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 29 November 2002

Daily Overview

•   The L.A. Times reports that a suicide car bombing at a resort
hotel in Msumarini, Kenya killed at least 16 people Thursday at the same
time that two missiles narrowly missed an Israeli charter jet taking off
nearby.  (See item 15)

•   According to the BBC, Ohio State University scientists have
simulated attacks on key Internet hubs which illlustrate how vulnerable
the worldwide network is to disruption by disaster or terrorist action.
(See item 14)

•   According to the New York Times, the identity-theft case
announced this week is even more troubling because the threat came from
company insiders who were able to steal the same types of materials that
terrorists would aim to gather.  (See item 1)

•   According to Wired News, a report presented to the United
Nations on Monday states the security of wireless networks is of
“critical concern,” since wireless local area networks are more prone to
hacker attacks than fixed-line networks.  (See item 7)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking  Finance
Transportation

Gas  Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

Nothing to report.

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Cyber: ELEVATED
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -  http://esisac.com]

[return to top]

Banking and Finance Sector

1.  November 27, New York Times – Identity-theft case exposes
insider threat.  Many law enforcement and security experts say the
large-scale identity theft case announced this week simply provides a
startlingly large window onto a problem that not only threatens people's
sense of privacy and invulnerability, but also poses questions about the
priority many companies place on security.  Officials said there was no
evidence of a terrorist connection to the fraud.  But the case raises
the specter of terrorists' gaining what appears to have been cheap and
easy access to material that can be used to create false identities
within the United States, experts said.  Joanna P. Crane, the manager of
the Federal Trade Commission's identity theft program, which was created
in January 1999, said that the entire episode was troubling because what
was stolen was exactly the material that terrorists would aim to gather.
The case, many security experts say, also shows what they have long
contended: that insiders are a bigger threat than outside hackers,
because they have access to closely held passwords, and knowledge of the
systems they are seeking to manipulate.  Source:
http://www.nytimes.com/2002/11/27/nyregion/27CRED.html 

[return to top]

Transportation Sector

2.  November 27, New York Times – Airlines' official warns on
security costs. Carol B. Hallett, president of the Air Transport
Association, an airline trade association, said Tuesday that unless the
industry's problems are fixed soon, it might be necessary to nationalize
the airlines.  Hallett, speaking at an industry luncheon, said that such
a step would have costs that were “intolerable,” but that the burden of
security fees was destroying the airlines.  Fees that are supposedly
charged to passengers are essentially paid by the airlines, Hallett
contended, because the surcharge imposed by the federal government that
is supposed to pay for additional security prevents the airlines from
charging more for tickets and therefore cuts into airlines' revenue.
Failing to fix the root causes of the industry's dire situation could
mean that the nationalization of the industry becomes necessary, Hallett
said.  Source:
http://www.nytimes.com/2002/11/27/business/27ATA.html?ex=1039410686ei=1
en=2aeab3e5c35e31ae 

3.  November 27, New York Times – McGreevey pitches DMV plan as
vital to New Jersey's security.  Surrounding himself with law
enforcement officials and terrorism experts, New Jersey Gov. James E.
McGreevey Wednesday promoted his $200 million plan to overhaul the
state's Department of Motor Vehicles as a vital matter of security,
saying it would help prevent criminals and terrorists from obtaining
fraudulent state identification.  McGreevey said that under the plan,
surveillance cameras would be installed and additional police officers
assigned to the state's 45 motor vehicles offices, where internal
security staffing has dwindled during the past decade and dozens of
employees have been arrested on charges of document fraud.  Under the
proposal, in 2004 the state would begin issuing digitized licenses,
which would have fingerprints or electronic retina scans to discourage
counterfeiting.  Source:
http://www.nytimes.com/2002/11/27/nyregion/27MOTO.html?ex=103948ei=
1en=c0d0a74b7236f611 

[INFOCON] - NIPC Daily Open Source Report for 3 December 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 3 December 2002

Daily Overview

.   CNN reports a statement attributed to al-Qaeda claimed
responsibility Monday for last week's terrorist attacks on Israeli
targets in Kenya.  (See item 13)

.   IDG.net reports President George W. Bush signed the Cyber
Security Research and Development Act into law on Wednesday, providing
$880 million to fund a variety of IT-security based programs.  (See item
11)

.   CNN reports the Carnival cruise ship Fascination returned from a
three-day sail Monday carrying more than seven dozen people who had
contracted a gastrointestinal virus; this is possibly the third
Norwalk-related cruise cancellation from a Florida port in recent weeks.
(See item 14)

.   ABC news reports South Korean activists have attacked the White
House computer server with electronic mail bombs to protest the
acquittal of two U.S. soldiers accused of killing two schoolgirls in a
road accident.  (See item 12)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking  Finance
Transportation

Gas  Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

1.  December 2, Platts Global Energy - Switzerland changes nuke
liability regulation after 9/11.  Switzerland has changed the country's
nuclear energy liability regulations, and has increased the government's
liability in case of terrorism attacks on nuclear power plants.  Under
the new regulation, the government is liable for SFr500-mil to SFr1-bil
($741-mil to $1.483-bil), the Swiss government said in a statement.
After the events of Sep 11, 2001, private insurance companies have
reduced their liability to SFr500-mil for attacks on nuclear power
plants.  To cover the cost, operators of nuclear power plants in
Switzerland have to swallow a hike of 12.7% in their insurance premiums.
Source: http://www.platts.com/archives/94036.html 

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Cyber: ELEVATED
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -  http://esisac.com]

[return to top]

Banking and Finance Sector

Nothing to report.

[return to top]

Transportation Sector

2.  December 2, U.S. Customs Service - U.S. Customs 24-hour rule
begins Monday.  U.S. Customs Commissioner Robert C. Bonner announced
Monday that the new 24-hour rule requiring advance cargo manifests from
sea carriers goes into effect on Monday, December 2.  Under the new
rule, Customs will grant sea carriers a 60-day grace period to fully
implement the program.  Over the next two months we strongly encourage
rapidly increasing compliance by all parties that are required to take
action under the regulation.  By quickly implementing the '24-hour
rule,' we can together do a better job of protecting the American people
and the global trading system as a whole, said Commissioner Bonner.
Customs will continue to provide many types of assistance at both the
local (port) level and at the Headquarters level, to assist companies in
the operational transition to the new procedures.  Knowing the contents
of a container before it is loaded onto a ship bound for the U.S. is a
critical part of our efforts to guard against the terrorist threat.
Source: http://www.customs.ustreas.gov/hot-new/pressrel/2002/1202-00.htm

3.  December 2, Federal Computer Week - TSA preps smart ID pilot
programs.  The Transportation Security Administration (TSA) is ramping
up its smart card-based programs designed to put identification into the
hands of transportation workers nationwide and allow frequent travelers
to get through airports quickly.  TSA is preparing to launch two
regional pilot projects for its Transportation Worker Identification
Credential (TWIC) System that will provide workers at airports, ports,
railways and other locations with secure access to buildings and
systems.  TWIC is a system of information systems, said Elaine
Charney, TSA's TWIC program manager.  The goal is to produce an
integrated system that can support one identification card, which then
can be used across all transportation industries, she said.  TSA
officials will soon begin the three-month planning phase of the TWIC
pilot project in the Philadelphia/Wilmington, Del., region, Charney
said, and soon after will begin the planning phase for the Los
Angeles/Long Beach, Calif., region pilot project.   Source:
http://www.fcw.com/fcw/articles/2002/1202/news-tsa-12-02-02.asp 

4.  December 1, Houston Chronicle (Texas) - Port security a concern
despite recent upgrades.  The Port of Houston's civilian and military
officials consistently say Ship Channel security is tighter than any
time since World War II.  Still, each week, two or three intruders --
usually fishermen or port construction 

[INFOCON] - News 12/02/02

[Wanja Eric Naef \(IWS\)]

_

  London, Monday, December 02, 2002  
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to [EMAIL PROTECTED] with subscribe
infocon in the body

To unsubscribe - send an email to [EMAIL PROTECTED] with
unsubscribe infocon in the body

-

_

  
[CURRENT THREAT LEVELS]
  

Electricity Sector Physical: Elevated (Yellow) 

Electricity Sector Cyber: Elevated (Yellow) 

Homeland Security Elevated (Yellow) 
DOE Security Condition: 3, modified  

NRC Security Level: III (Yellow) (3 of 5) 


  
  [News Index]
  

[1] B2-ORM Mailing List
[2] Homeland department could transform tech industry
[3] Pentagon distributes software for modeling effects of attacks
[4] Schneier: No magic security dust
[5] Total Info System Totally Touchy  

[6] Lax Security: ID Theft Made Easy  
[7] Net security: Steady as she goes
[8] Cisco backtracks on security functionality
[9] S Koreans launch cyber attack on US over schoolgirls' deaths
[10] Ten more tips for safe xmas e-tail

[11] Intercepts
[12] Computer virus insults victims
[13] The Insecurity of Computer Security
[14] Tech industry speculates about candidates for security jobs
[15] WLAN security is still work in progress

[16] Irish ISP blocks web site over dispute
[17] Bugbear remains top virus threat
[18] 'Critical' MS server flaw may affect few sites
[19] First hackers sighted in high speed mobile phone arena

_

News
_


[1] B2-ORM Mailing List

is an international email user group focused on the sharing of
information on the implementation of Basel II compliant Operational Risk
Management solutions in the Financial Services industry.

Why not join today? Simply send an email to :

mailto:[EMAIL PROTECTED]

The next three years will place enormous strain on the resources of
Operational Risk staff in the worlds Financial Services organisations.
Why not learn from others and share information?  Good practice guides,
white papers and other essential information may be found on the groups
web site and downloaded to your own system.

Topics to be discussed include:

Business Continuity Management (new International Standard)
The role of Information Security, Audit and Compliance
Interfaces with Outsource and other service providers.
Six Sigma errors and defects management
Money Laundering and Fraud Risk
Interfaces to Credit and Market Risk

 

[2] Homeland department could transform tech industry
By William New, National Journal's Technology Daily 

The creation of a Homeland Security Department may presage more than
better domestic security. It could mark the transformation of the
technology industry from an economically flat maker of consumer-oriented
products into a thriving, but more secretive, machine that creates
security-oriented products and services. 

The homeland security opportunity [for tech companies] is unprecedented
in the civilian side of government, said Bruce McConnell, a
Washington-based technology consultant. The art form is to build
relationships early on with the most influential component agencies ...
who will define the architecture for years to come. 

President Bush signed the legislation, H.R. 5005, on Nov. 25. It will
take effect in 60 days, but fundamental questions such as funding
remain. New jobs in the department also must be filled and congressional
oversight of the Cabinet-level agency defined. 

http://www.govexec.com/dailyfed/1102/112702td1.htm

 

[3] Pentagon distributes software for modeling effects of attacks
By Bryan Bender, Global Security Newswire 

The Defense Department has licensed to a few select nongovernmental
organizations previously unavailable software that can model the effects
of releases of nuclear, chemical, biological or radiological weapons and
materials. 

The Heritage Foundation, Natural 

[INFOCON] - NIPC Daily Open Source Report for 2 December 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 2 December 2002

Daily Overview

.   CNN reports the U.S. Transportation Security Administration has
warned airports to review their missile attack measures after Thursday's
attempt to shoot down a passenger plane in Kenya.  (See item 4)

.   The Sacramento Bee reports Lawrence Livermore National
Laboratory is developing a process to measure substances normally
occurring in the air to provide a control for systems that monitor
biological agents.  (See item 14)

.   The Huntsville Times reports Tanner, Alabama has a new water
treatment plant that filters viruses, one of only 100 such facilities
worldwide.  (See item 8)

.   The GAO has published a report which recommends changes to the
manner in which data regarding terrorism funding is collected and
reported.  (See item 9)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking  Finance
Transportation

Gas  Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

1.  November 29, Platts Energy News - Explosion at Germany's
Brunsbuttel nuke generator.  There was an explosion at the Brunsbuttel
nuclear power plant in northern Germany on Wednesday evening, a
spokesman for the energy ministry of Schleswig-Holstein said Friday.
The 806MW reactor is currently offline following a safety incident last
December.  The explosion happened in a generator in the non-nuclear
party of the plant.  No one was injured.  The extent of the damage is
not yet known, but the spokesman said Brunsbuttel was likely to remain
offline longer than anticipated as a result of the generator fault.  The
explosion happened when the explosive gases condensed and then exploded,
and the BKA (German federal crime office) is investigating.  Brunsbuttel
has been offline since Feb 18, 2002, shut down in order to probe
circumstances surrounding a radioactive leak on Dec 14, 2001.  Source:
http://www.platts.com/archives/94003.htm 

2.  November 26, Fortune Magazine - Power failure: massive debt
burdens the energy industry.  In the past several years of boom and
expansion, power companies borrowed approximately $600 billion; some of
which was used in speculative trading operations, but most went to buy
other power companies or build natural-gas power plants.  About $90
billion of this debt must be repaid or renegotiated by 2006.  Few
companies are able to repay this - the collapse of energy trading has
put them in a cash crunch, and several are close to bankruptcy.  In
addition, the overbuilding has lowered cost of energy and the economic
downturn has meant that the country is not using as much power as
expected.  As a result, power prices are severely depressed.  Possible
buyers, should bankruptcy occur, are buyout firms, financial investors,
and European utilities.  Also, various local utility companies, bought
out in the 1990s, may opt to buy some of the assets.  Source:
http://www.energycentral.com/sections/newsroom/nr_article.cfm?id=3482610


Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Cyber: ELEVATED
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -  http://esisac.com]

[return to top]

Banking and Finance Sector

3.  November 27, Associated Press - New York bank pleads guilty to
charges.  Broadway National Bank pleaded guilty to three felony charges
of not reporting suspicious banking activity between 1996 and 1998, and
will pay a $4 million fine.  Authorities said the case marked the first
prosecution of a bank for failing to establish an anti-money laundering
program and failing to file required suspicious activity reports.
U.S. Customs Special Agent Nelson Chen said $123 million was illegally
moved through the bank - most of it the proceeds of drug trafficking -
after some criminal organizations learned Broadway was not following
proper procedures.  Source:
http://story.news.yahoo.com/news?tmpl=storyu=/ap/20021127/ap_on_bi_ge/b
ank_plea_3  

[return to top]

Transportation Sector

4.  December 1, CNN - Airports asked to review missile attack
measures.  After Thursday's attempted missile attack on a passenger
plane in Kenya, the U.S. Transportation Security Administration (TSA)
asked officials at U.S. airports to review measures to protect against
similar attacks.  TSA spokesman Robert Johnson told CNN Saturday that
the TSA notification went to all federal security directors (TSA
employees who direct security at airports), who were then to notify
security at individual airports.  Unknown attackers launched two
shoulder-fired missiles at an Israeli charter flight as the Boeing 757
was taking off from Mombasa airport.  The missiles missed their target
and authorities later found two launchers and two unused missiles near
the 

[INFOCON] - News 12/04/02

[Wanja Eric Naef \(IWS\)]

_

  London, Wednesday, December 04, 2002  
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to [EMAIL PROTECTED] with subscribe
infocon in the body

To unsubscribe - send an email to [EMAIL PROTECTED] with
unsubscribe infocon in the body

-

_


  
  [News Index]
  

[1] Homeland defense commander stresses 'need to share' information
[2] Homeland agency charged with outreach
[3] PGP goes back to its roots
[4] Virus payloads bigger, nastier
[5] Barbarians at the Gate: An Introduction to Distributed Denial of
Service Attacks

[6] NetNames cock-up blamed for eBay detagging
[7] Iowa governor dismisses CIO
[8] OMB finds security leverage
[9] GSA's center of activity
[10] Cautionary tales

[11] Does Research Support Dumping Linux?
[12] E-government bill wins praise from tech officials
[13] Infiltrating agency ops
[14] New opportunities for NIST
[15] Traveler smart card poses security concerns

[16] Wennergren named Navy CIO
[17] ISS Goes Public With Vulnerability Disclosure Guidelines
[18] Firewalls face next challenge
[19] Vendors complete tougher ICSA 4.0 firewall tests

_

CURRENT THREAT LEVELS 
_

Electricity Sector Physical: Elevated (Yellow) 

Electricity Sector Cyber: Elevated (Yellow) 

Homeland Security Elevated (Yellow) 
DOE Security Condition: 3, modified  

NRC Security Level: III (Yellow) (3 of 5) 

_

News
_


[1] Homeland defense commander stresses 'need to share' information
By Molly M. Peterson, National Journal's Technology Daily 

Officials at the newly established U.S. Northern Command may have to
consider abandoning the military's traditional system for classifying
information as they build crucial lines of communication with federal,
state and local homeland security agencies, the Northern Command's chief
information officer said recently.

Speaking to reporters at a homeland security summit late last month,
Maj. Gen. Dale Meyerrose said inter-agency information sharing is a
blossoming requirement for the Northern Command, which is
headquartered at Peterson Air Force Base in Colorado Springs, Colo. The
command is charged with consolidating the military's homeland defense
and civil-support missions. 

The Defense Department's current classification system allows military
offices to share information on a need-to-know basis, and requires
security clearances and background checks for access to information with
such labels as top secret and classified. But Meyerrose said that
system could hinder the Northern Command's ability to share real-time
information with civilian agencies that classify their information
differently. 

http://www.govexec.com/dailyfed/1202/120302td1.htm

 

[2] Homeland agency charged with outreach
Security strategy at risk if coordination fails
BY Diane Frank, Megan Lisagor and Dibya Sarkar 
Dec. 2, 2002 

When President Bush signed the Homeland Security Department into law
last week, he triggered activity on two fronts.

Internally is the much-publicized effort to bring 170,000 employees from
nearly two dozen agencies into a single department, if only virtually.

Externally is the often overlooked effort to coordinate the department's
work with a multitude of organizations across state and local government
and the private sector. This second front, many observers say, is
equally vital - and equally at risk for failure.

http://www.fcw.com/fcw/articles/2002/1202/news-home-12-02-02.asp 

 

[3] PGP goes back to its roots
By ComputerWire
Posted: 04/12/2002 at 10:03 GMT
 
PGP Corp this week delivered its first set of product upgrades since the
company was spun out of Network Associates Inc this August, and
delivered on its promise to publish the source code to the pioneering
cryptography software, writes Kevin Murphy. 

PGP sees 8.0 

[INFOCON] - NIPC Daily Open Source Report for 4 December 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 4 December 2002

Daily Overview

.   The Washington Post reports the nature of identity theft has
changed and today is more likely to come from insiders going after a
massive amount of information rather than a thief stealing an
individual's wallet.  (See item 2)

.   NEPA News reports that Carnegie Mellon University and the
University of Pittsburgh are freely providing software to health
organizations to assist in the early warning of a bioterrorist attack.
(See item 16)

.   The Land  Livestock Post reports that Texas AM University has
published an internet website to assist meat and poultry processors
quickly find information on food safety.  (See item 7)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking  Finance
Transportation

Gas  Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

1.  December 3, Platts Global Energy - Outage cuts UK-France flows
by 500MW until Dec 10.  A problem with a transformer is likely to cut
capacity transfer on the UK-France power link by 500MW in both
directions until Dec 10 at the earliest, a spokesman for UK transmission
system operator National Grid said Tuesday.  The problem with the
transformer at Sellindge converter station in Kent, on the UK side of
the link, occurred in the early hours of Monday morning, he said.  The
best guess of link operators National Grid and French transmission
system operator RTE was that it will return to its full capacity
transfer level of 2,000MW on or around Dec 10, he said.  The grid
operators were investigating the problem with the transformer, he said.
Source: www.platts.com/stories/electricpower3.html 

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Cyber: ELEVATED
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -  http://esisac.com]

[return to top]

Banking and Finance Sector

2.  December 3, Washington Post - Identity theft more often an
inside job.  The nature of identity theft has changed and the threat
today is more likely than ever to come from insiders - employees with
access to large financial databases who can loot personal accounts -
than from a thief stealing a wallet or pilfering your mail.  Banks,
companies that take credit cards and credit-rating bureaus themselves
don't do enough to protect consumers, critics say.  Law enforcement
experts now estimate that half of all such cases come from thefts of
business databanks as more and more information is stored in computers
that aren't properly safeguarded.  There is a shift by identity thieves
from going after single individuals to going after a mass amount of
information, said Joanna Crane, identity-fraud program manager at the
Federal Trade Commission. There's an awful lot of bribery of insiders
going on.  Source:
http://www.washingtonpost.com/wp-dyn/articles/A1026-2002Dec2.html 

[return to top]

Transportation Sector

3.  December 3, U.S. Customs Service - Customs announces CSI
deployment at Le Havre.  U.S. Customs Commissioner Robert C. Bonner
announced Tuesday the deployment of four U.S. Customs officers to the
French port of Le Havre, marking the latest step in the agency's
Container Security Initiative (CSI).  CSI is designed to prevent
terrorists from infiltrating the world's sea cargo environment by
improving security at key seaports worldwide.  To date, nine countries
have agreed to participate with U.S. Customs under CSI.  These
agreements cover 15 ports, all among the top 20 ports that handle
shipments bound for the United States.  Source:
http://www.customs.ustreas.gov/hot-new/pressrel/2002/1203-00.htm 

4.  December 1, Dallas Morning News - International shipping
vehicles vulnerable to terrorist attacks.  With al-Qaeda stepping up its
sporadic attacks on western targets, there is a consensus among
terrorism experts that international shipping is increasingly vulnerable
to extreme tactics.  The risk extends beyond the big, obvious targets to
the thousands of ferryboats that move cars, cargo and commuters from
port to port, often with minimal security, in the United States and
Europe.  Steven Flynn, a former U.S. Coast Guard commander who is now a
senior fellow with the Council on Foreign Relations, contends that one
serious incident involving containers brought into the United States by
ship would prompt the public to demand the entire system be shut down,
crippling global commerce.  The impact of a shipping shutdown would be
disastrous for the U.S. economy, Flynn said.  While U.S.
counter-terrorism officials grapple with this potential hazard, their
European counterparts have imposed high security alerts in recent months
because of intelligence indicating that terrorists plan to target one of

[INFOCON] - NIPC Daily Open Source Report for 5 December 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 5 December 2002

Daily Overview

.   CERT announces Vulnerability Note VU#140977: SSH Secure Shell
for Workstations contains a buffer overflow in URL handling feature that
may allow an attacker to execute arbitrary code.  (See item 9)

.   CERT announces Vulnerability Note VU#740169: Cyrus IMAP Server
contains a buffer overflow vulnerability that may allow a remote
attacker to execute arbitrary code on the mail server.  (See item 10)

.   Business Wire reports that in a recent strategic simulation of a
terror attack designed to assess America's vulnerability through its
ports, business and government leaders found that such an attack could
potentially cripple global trade and have a devastating impact on the
nation's economy.  (See item 2)

.   CBS reports a huge, fast-moving storm has spread ice and snow
from the Texas Panhandle to Virginia, making highways slippery and
knocking out power to thousands of customers, and is expected to dump
heavy snow and ice tomorrow in Washington, D.C., Philadelphia, and New
England.  (See item 11)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking  Finance
Transportation

Gas  Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

1.  December 4, Associated Press - Governor extends National Guard
security at nuclear plants until March.  Pennsylvania Gov. Mark
Schweiker said the National Guard and state police will patrol the
state's five nuclear power plants at least until March 2003.  In a
November 2001 disaster emergency proclamation, Schweiker directed the
National Guard to join state police at the plants.  On Tuesday,
Schweiker for the fifth time extended the proclamation, which had been
set to expire this week.  Source:
http://pennlive.com/newsflash/pa/index.ssf?/newsflash/get_story.ssf?/cgi
-free/getstory_ssf.cgi?d0741_BC_PA-BRF--NuclearSecurinewsnewsflash-pe
nnsylvania 

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Cyber: ELEVATED
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -  http://esisac.com]

[return to top]

Banking and Finance Sector

Nothing to report.

[return to top]

Transportation Sector

2.  December 4, Business Wire - Wargame reveals that threats to port
security call for integrated public/private action.  In a strategic
simulation of a terror attack designed to thoroughly assess America's
vulnerability through its ports, a group of business and government
leaders found that such an attack could potentially cripple global trade
and have a devastating impact on the nation's economy.  The group
focused on ways to improve detection before a weapon gets to a U.S.
port, as well as help businesses to build resiliency into their
operations.  The two-day Port Security Wargame took place October 2-3,
2002 in Washington, D.C., with 85 leaders from a range of government and
industry organizations, who have a critical stake in port security.  The
results of the wargame revealed that at current preparedness levels, a
dirty bomb attack through the ports could cost U.S. businesses as much
as $58 billion.  Source: http://biz.yahoo.com/bw/021204/42263_1.html 

3.  December 2, Vancouver Sun - Canadian Coast Guard reports vast
security gaps.  The Canadian Coast Guard is unable to adequately protect
Canada's coastlines from terrorists, says Coast Guard Commissioner John
Adams.  The CCG, which acts as the country's coastal eyes and ears
through a series of radar stations and at-sea surveillance, relies
largely on an honor system to obtain information on the whereabouts of
incoming vessels.  So the coast guard knows of vessels in Canadian
waters only if they want us to know, according to Adams.  Adams' blunt
assessment echoes the conclusions of a Senate report in September that
said Canada's coastlines are vulnerable to terrorists and their weapons
of mass destruction.  While the coast guard has the ability to track
suspicious boats near busy waterways, its hands are tied in areas such
as the central and northern British Columbia coast where there is no
radar capability.  Until this year, the Prince Rupert, B.C. station
tracked vessels using a Second World War-style table map over which
little wooden boats were moved around manually.  Adams painted a grim
picture of the coast guard's state, saying the service still can do its
job but needs a $400-million infusion in the next three to five years
just to renew an aging fleet of vessels. Source:
http://www.nationalpost.com/search/site/story.asp?id=44830E03-754B-47D8-
982F-8963219D538C

[return to top]

Gas and Oil Sector

Nothing to report.

[return to top]

Telecommunications Sector

Nothing to report.

[return to top]

Food Sector

4.  December 4, 

[INFOCON] - News 12/06/02

[Wanja Eric Naef \(IWS\)]

_

  London, Friday, December 06, 2002  
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to [EMAIL PROTECTED] with subscribe
infocon in the body

To unsubscribe - send an email to [EMAIL PROTECTED] with
unsubscribe infocon in the body

-

_


  
  [News Index]
  

[1] An electronic Maginot Line
[2] Government shows Sklyarov video in court
[3] Does Cybercrime Still Pay?
[4] Travel sector's poor security exposed it to hacking risks
[5] I shut radio site, boasts teen hacker

[6] PGP Lifts Its Hood
[7] Cyber hype
[8] 'Mangled mess of trees and power lines'
[9] Trouble With Trojans
[10] Agencies focus on better cargo security to fight terrorism

[11] New technologies key to Defense transformation, says official 
[12] Investors suppress tech wreck memories
[13] Arguments heard over file-swapping
[14] Lagel worm wipes files
[15] Defense to influence tech industry to develop systems useful to
military

[16] Bill pushes security, but no money so far
[17] Final curtain for Aussie hacker site
[18] Bush signs Webcast Act
[19] Integrated IT network in new agency worth expense
[20] UK still vulnerable to hackers

[21] Al Qaeda Web site targets Israel




CURRENT THREAT LEVELS 
_


Electricity Sector Physical: Elevated (Yellow) 

Electricity Sector Cyber: Elevated (Yellow) 

Homeland Security Elevated (Yellow) 

DOE Security Condition: 3, modified  

NRC Security Level: III (Yellow) (3 of 5) 

_

News
_

(Partial FUD with a nice title which I think is unintentionally ironic.
Someone within Rep. Sherwood Boehlert press staff should have done a bit
more research before publishing the article. For example, CIAO was
awarded a new name Computer Information Assurance Organization
(www.ciao.gov). But back to the title, the French build the Maginot line
between 1929 and 1940 to slow down  stop potential German attacks,
which was a sound idea, but unfortunately they left a massive
'backdoor'. So the Nazis just bypassed the line which made entire line
rather useless. Hence I would never expect too much from an 'electronic
Maginot Line'. WEN)

[1] An electronic Maginot Line

Cyber security legislation a necessity

By Sherwood Boehlert 

Recent reports of two individuals using a few computer keystrokes to
steal the financial identities of 30,000 Americans point up a growing
weakness in the U.S. - cybersecurity. And in the hands of a terrorist,
the damage wrought by computers could be far worse than identity theft.
Although the issue has not received much attention in the media,
Congress has taken some key steps in the past year to counter the
emerging cyberterrorist threat. 

Cyberterrorism may sound like the stuff of science fiction or like a
minor inconvenience, but it is neither. In a world in which our
telecommunications and financial systems, our business transactions, our
electric and water utilities and our emergency response systems all rely
on computer networks, a focused cyberattack could wreak havoc and
threaten lives. It is not an exaggeration to say that the day-to-day
functioning of our society is only as secure as the most vulnerable
computer terminal with access to the Internet.

And those terminals are vulnerable. In addition to the recent identify
thefts, in the first half of 2002, there were 43,136 reported computer
break-ins - more than double the number reported in all of the year
2000, according to the Computer Emergency Response Team, a federally
funded group at Carnegie-Mellon University that acts as central
repository for break-in reports. The group defines break-in
conservatively, so each reported incident may affect thousands of
computers. Even more troubling was the recent concerted attack on the
servers that run the Internet - a sophisticated effort that originated
overseas. 

http://www.house.gov/science/press/107/boehlert.htm
http://www.house.gov/science/press/107/boehlert.htm 

[INFOCON] - NCIX: week of action against warmongering

[Wanja Eric Naef \(IWS\)]

-Original Message-
Sent: 06 December 2002 20:41
Subject: NCIX WEB SITE UPDATE ADVISORY #24-2002

Dear Friends and Colleagues: 

According to the Federal Bureau of Investigation (FBI), a loose network
of antiwar groups is planning a week of action against warmongering to
occur December 15 - 21, 2002.  Organizers, who have expressed strong
opposition to possible U.S. military action against Iraq, are advocating
explicit and direct attack upon the war machine, and have called for
attacks on the headquarter facilities and other assets of oil companies
and defense contractors, singling out Boeing and Lockheed Martin. 
Department of Defense (DoD) assets also represent potential targets for
attack.  Organizers have referenced an October 14, 2002 incident in San
Jose, California, in which DoD recruiting offices were damaged and a DoD
recruiting van was set on fire.   Activists may also target major media
companies by sanitizing newspaper vending machines, jamming or
hijacking radio and television signals, or attacking broadcast towers
and damaging equipment. 
Potential victims should be alert to any suspicious activities that may
be associated with this week-long protest. 

Information regarding potential threats should be reported to local law
enforcement and the nearest FBI Joint Terrorism Task Force. 






IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - Plans Being Made to Protect U.S. InformationInfrastructure

[Wanja Eric Naef \(IWS\)]

Plans Being Made to Protect U.S. Information Infrastructure
(Communications industry preparing list of recommendations) (1140)

Representatives from the U.S. communications industry are pushing a
deadline to develop a list of recommendations to ensure the safety of
the nation's information and communications infrastructure in the
event of terrorist attacks or disasters.

The Network Reliability and Interoperability Council (NRIC), chartered
by the Federal Communications Commission is set to develop a list of
best practices to put forth to the U.S. communications industry by
December 20.

Speaking at an NRIC session December 6, Richard C. Notebaert, council
chairman and chairman and CEO of Qwest Communications International,
said, Today's meeting illustrates the industry commitment to work
together and share best practices in an effort to improve network
reliability and strengthen the nation's communications network against
terrorist attacks and natural disasters.

The panel is considering best practices to protect and secure both the
physical and cyber networks. FCC Chairman Michael Powell is urging
companies throughout the country to adopt the best practices
voluntarily.

Following is the text of the FCC press release.

(begin text)

NEWS

Federal Communications Commission 
December 6, 2002

HOMELAND SECURITY: COMMUNICATIONS INDUSTRY CONSIDERS MEASURES TO
PROTECT NATION'S COMMUNICATIONS SERVICES AGAINST ATTACK

Washington, D.C. - Representatives from across the communications
industry came together today to consider recommendations to protect
and strengthen the nation's communications infrastructure against
terrorist attacks or national disasters.

The measures were considered by the Network Reliability and
Interoperability Council (NRIC) VI which held its quarterly meeting
today at the FCC. NRIC is composed of representatives from the
telecommunications, cable, wireless, satellite and ISP industries.

The 56-member Council will review some 300 best practices - many of
which are currently being practiced by industry members - for
widespread adoption and implementation across the industry. Best
practices range from increasing physical security at communications
facilities to process changes and training to increased protection of
proprietary information. NRIC members have until December 20, 2002 to
vote on recommendations to the industry that these best practices
voluntarily be implemented.

FCC Chairman Michael Powell said, Homeland Security is a critical
issue that touches every consumer in America. People want to know that
in an emergency their calls will go through and they can reach loved
ones. Every bit as important, our nation's communications network must
be secure and protected to ensure that public safety, health, and law
enforcement officials are able to respond and ensure the flow of
information.

Richard C. Notebaert, NRIC chairman and chairman and CEO of Qwest
Communications International, said, Today's meeting illustrates the
industry commitment to work together and share best practices in an
effort to improve network reliability and strengthen the nation's
communications network against terrorist attacks and natural
disasters.

The telecommunications industry has taken a leadership role in
proactively identifying and protecting our nation's communications
infrastructure. Many of the best practices we have heard today are
actively being implemented by many companies. I strongly urge the
industry to adopt as many of these Best Practices as appropriate to
ensure the protection and reliability of our nation's communications
system, Powell continued.

In developing its best practices, NRIC's Physical Security Focus
Group, led by Karl Rauscher, director, network reliability office,
Lucent Technologies Bell Labs, and NRIC's Cyber Security Focus Group,
led by Dr. Bill Hancock, vice president, Cable  Wireless, underwent a
rigorous process that included a detailed vulnerability and threat
assessment and identified the best practices currently in use by the
industry to take necessary steps to improve security and mitigate
associated risks.

The items considered today include:

Best Practices for Securing the Physical Network: 

--Technology. Best practices for the application of new technologies
to better mitigate the effects of an attack.

--Access Controls. Best practices for access control methods and
procedures to help ensure that unauthorized personnel do not have
access to critical network infrastructures. Best practices include the
development of formal procedures for assigning facility access and
constructing physical barriers to prevent vehicular and pedestrian
tailgating, electronic surveillance at critical access points and
changes to landscaping and outdoor lighting.

--Personnel. Best practices for security procedures and associated
training including recognizing and reporting suspicious items and
handling of proprietary information.

--Design and Construction. Best practices for new 

[INFOCON] - NIPC Software Firm Investigation Serves as a GeneralInformation Security Reminder

[Wanja Eric Naef \(IWS\)]

http://www.nipc.gov/publications/infobulletins/2002/ib02-011.htm


National Infrastructure Protection Center  

Software Firm Investigation Serves as a General Information Security
Reminder
Information Bulletin 02-011
December 6, 2002 

NIPC Information Bulletins communicate issues that pertain to the
critical national infrastructure and are for informational purposes
only. 

The US Attorney's Office announced today that it searched the
Massachusetts offices of Ptech Inc. in connection with allegations
relating to an ongoing financial crime investigation. 

Media coverage of this issue has been strong and immediate, focused in
part on the fact that Ptech software is used by a customer base that
includes financial services and government market segments. News outlets
questioned whether the company's software might have been tampered with
for use in some nefarious purpose. In this specific regard, two things
are worth noting. First, the US Attorney's announcement in no way
alleges that Ptech's products present any security threat. Second, based
upon information available to it, the NIPC is not aware of any
information or indication that Ptech software contains viruses,
malicious codes, or otherwise performs in an anomalous fashion. 

Media and public sensitivity to this case, however, demonstrates a
greater point which is unrelated to any specific company or product.
Therefore, the NIPC is taking this opportunity to remind the public that
sophisticated cyberattack capabilities can be extremely difficult to
detect and that nothing can guarantee the complete safety of any
software. There is no substitute for the full range of information
security practices within any organization including: 

 An assessment of the value of the information assets to be protected, 

 An assessment of the likely threats, natural and man-made, to these
assets, 

 Regular analyses of the vulnerabilities of the information systems in
use, including not only the technical but also the human elements of
those systems, 

 An integrated assessment of the information security risk (threat,
vulnerabilities, and asset loss) along with a cost-effect plan to
mitigate those risks. 

The following web sites contain more information on best practices in
information security
http://www.nipc.gov/publications.htm
http://www.cert.org/
www.sans.org
www.fedcirc.gov
www.nist.gov


The NIPC encourages individuals to report information concerning
suspicious activity to their local FBI office,
http://www.fbi.gov/contact/fo/fo.htm , the NIPC, or to other appropriate
authorities. Individuals may report incidents online at
http://www.nipc.gov/incident/cirr.htm, and can reach the NIPC Watch and
Warning Unit at (202) 323-3205, Tol1 Free at 1-888-585-9078, or by email
to [EMAIL PROTECTED]






IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - News 12/09/02

[Wanja Eric Naef \(IWS\)]

_

  London, Monday, December 09, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to [EMAIL PROTECTED] with subscribe
infocon in the body

To unsubscribe - send an email to [EMAIL PROTECTED] with
unsubscribe infocon in the body

-

_


  
  [News Index]
  

[1] Homeland security budget boost not yet a reality
[2] DOD still working on change
[3] Exploring intuitive decision-making
[4] Feds Label Wi-Fi a Terrorist Tool  
[5] FBI seeks to link joint terrorism task forces

[6] CfP ECIW 2003
[7] Organised Net crime rising sharply - top UK cop
[8] Threat grows of cyber attack by terrorists groups
[9] Complex Networks Too Easy to Hack  
[10] Navy preps XML policy

[11] Drop that E-Book or I'll Shoot!
[12] DOD extends global net
[13] Microsoft: IE hole worse than reported
[14] Security hole exposes Tower Records
[15] Israel, FBI Find Suspected Credit Hacker

[16] Hacker 'DVD Jon' Goes on Trial  
[17] Virus Throttle a Hopeful Defense  
[18] Scientists seek revamped federal supercomputing effort
[19] .Net.uk domain granted stay of execution
[20] New cybersecurity institute to fight online crime

_

CURRENT THREAT LEVELS 
_


Electricity Sector  Physical: Elevated (Yellow) 

Electricity Sector  Cyber: Elevated (Yellow) 

Homeland Security Elevated (Yellow) 
DOE  Security Condition: 3, modified  

NRC  Security Level: III (Yellow) (3 of 5)

_

News
_


[1] Homeland security budget boost not yet a reality
By Shane Harris

A year ago, as the federal government mounted a massive homeland
security effort at the same time the commercial technology market was
collapsing, Uncle Sam became the most attractive information technology
customer in America. In February, President Bush requested $52 billion
in new IT spending for fiscal 2003. Hungry would-be federal contractors,
hoping that a hefty chunk of the money would go to purchasing
leading-edge commercial products for homeland security, set up shop
inside the Beltway.

But aside from an initial jolt of emergency funding after the Sept. 11
attacks-about $1 billion of which was spent on IT-technology spending in
2002 didn't seem to have much to do with homeland security. By and
large, agencies are only beginning to understand what they want to buy,
and are focusing on basic technologies, not the new wave of products
many companies had assumed they would purchase. Why? 

For most of 2002, agencies were preoccupied adjusting to their
post-Sept. 11 missions; some were preparing for a massive reorganization
under the proposed Homeland Security Department. Because they're
struggling just to figure out what homeland security is, they've had
less time to shop for new technologies to help them ensure it, says
George Molaski, former chief information officer of the Transportation
Department and now a consultant. 

http://www.govexec.com/dailyfed/1202/120602h2.htm 

 

(Any Information Operation needs to be based on a well developed and
tested doctrine to be really effective. Just have a look at the
development of air warfare doctrine which took a long time to mature
until it became a 'decisive weapon'. WEN)

... The notion of network-centric warfare does little to prepare
soldiers and sailors for actual combat against a real enemy, Van Riper
said. Instead of focusing on IT, he said, the services must develop new
concepts of effective military operations. Don't put your faith in the
technology, he said after the conference, You've got to do the
thinking first. ...

[2] DOD still working on change
BY Nancy Ferris 
Dec. 9, 2002 
  
The military is embracing the idea of network-centric warfare, but
Defense Department officials need to change their mind-sets if they want
to make it stick, according to the man who first championed the concept.

Much of what they focus on is becoming irrelevant, said