[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-038 Date: 15 April2002
DAILY BRIEF Number: DOB02-038 Date: 15 April 2002 NEWS TransCanada Pipeline Explodes in Manitoba A section of the TransCanada pipeline exploded on Sunday night near Brookdale, Manitoba. The natural gas explosion and ensuing fire led authorities to evacuate the few homes that were within an eight kilometer radius of the incident. The fire was brought under control within two hours. The cause of the explosion is still under investigation. (Source: The Globe and Mail, 15 April 2002) www.globeandmail.com Oil Spill in Detroit and Rouge Rivers The Great Lakes have been impacted by the largest oil spill in a decade. More than 10,000 gallons (37,800 litres) of oil has spilled into the Detroit and Rouge Rivers since Wednesday. The source of the spill is being investigated. (Source: The Ottawa Citizen, 15 April 2002) http://www.canada.com/ottawa/ottawacitizen/ Comment: At least 27 kilometers of Canadian and American coastline have been impacted by the spill. ICANN Convenes Industry-Heavy Security Panel The Internet Corporation for Assigned Names and Numbers (ICANN) has brought together industry leaders in a standing security committee. The board will provide threat assessments for domain name servers (DNS), monitor the security of physical and electronic components that comprise DNS and make security recommendations to ICANN. (Source: Newsbytes, 12 April 2002) www.newsbytes.com IN BRIEF Lieberman to Introduce New Homeland Defence Bill The Government Computer News reports that Senator Joseph Lieberman plans to introduce a bill that would place the Critical Infrastructure Assurance Office and the National Infrastructure Protection Center under a new Homeland Security Department. (Source: Government Computer News, 15 April 2002) www.gcn.com Murdoch Company Leaked Codes The Financial Times reports that NDS, a software subsidiary of Rupert Murdoch's pay-television empire, directed an employee to leak secret codes belonging to its closest rival to Internet pirates. Canal Plus and ITV Digital are claiming hundreds of millions of pounds in lost revenues from the piracy that allowed hackers to access films, sports and other content free. (Source: The Financial Times, 11 April 2002) http://news.ft.com Greatest Threat to E-Business Security from Eastern Europe and Russia The former head of data security for NATO's European HQ stated that the most significant threat to e-business security is now coming from teams of ex-KGB computer specialists working out of eastern Europe and Russia, according to a Sunday Tribune article cited by the Overseas Security Advisory Council. (Source: The Overseas Security Advisory Council, 11 April 2002) www.ds-osac.org CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Trend Micro reports on VBS_VCARD.A, which is a virus that appears as an electronic greeting card. It uses a message entered by the user and sends itself to MS Outlook addresses with the subject line You have a special Vcard and a random attachment taken from the infected system's Hard Drive including: vcrd01.vcrd, vcrd02.vcrd, vcrd03.vcrd and vcards.vbs http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_VCARD.A Sophos Anti-Virus reports on W32/MyLife-J, which is a virus that sends itself to MS Outlook addresses with the subject line sexyy Screen Saver and the attachment usa.scr. http://sophos.com/virusinfo/analyses/w32mylifej.html Symantec reports on VBS.Resreg@mm, which is a virus that sends itself to MS Outlook addresses with the subject line Free Access To Thousands Of MP3 and the attachment Freemp3s.vbs http:[EMAIL PROTECTED] Vulnerabilities SecurityFocus reports on multiple vulnerabilities in Microsoft Internet Information Server. For technical information on these vulnerabilities, go to the SecurityFocus link listed below and select Microsoft for the vendor. http://online.securityfocus.com/cgi-bin/vulns.pl?section=vendor SecurityFocus reports on a vulnerability in ASP-Nuke, which could cause the host to return sensitive system information. A user may modify their authentication cookie in such a way that, upon submitting the cookie, the host will return a list of all currently logged in users or the path to the web root. Click on the solution tab for patch information. http://online.SecurityFocus.com/cgi-bin/vulns-item.pl?section=discussionid= 4489 SecurityFocus reports on a vulnerability in ASP-Nuke that does not sufficiently sanitize potentially malicious characters, such as HTML tags, from user profile pages. As a result, it may be possible to insert arbitrary script code. The script will execute when the malicious profiles are viewed. Click on the solution tab for patch information. http://online.SecurityFocus.com/cgi-bin/vulns-item.pl?section=discussionid= 4481 SecurityFocus provides a report on vulnerabilities in SNMP request and trap handling which could result in a denial-of-service, service interruptions and unauthorized access.
[INFOCON] - News 04/17/02
_ London, Wednesday, April 17, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ IWS Sponsor National Center for Manufacturing Sciences http://www.ncms.org host of the InfraGard Manufacturing Industry Association http://trust.ncms.org _ [News Index] [1] UK plc reamed online [2] Argentina rules in favour of hackers [3] Hackers target Israel [4] Handhelds now target of virus attacks [5] (Hungary) New internet legislation outlaws all hacking [6] Technology: Web site privacy system approved [7] Net thieves caught in action [8] Companies watch employees' instant messages [9] Chipmaker says Microsoft antitrust sanctions would set industry back 20 years [10] IBM drops Internet patent bombshell [11] FTC accues 11 online firms of Net fraud [12] Privacy Worries, Net Activism Top Privacy Show Agenda [13] The Buck Stops Where? [14] McAfee Launches SecurityCenter [15] Can you trust an ethical hacker? [16] Internet Security Systems profit, revenues fall [17] Airport security has nowhere to go but up, experts say _ News _ [1] UK plc reamed online By John Leyden Posted: 16/04/2002 at 11:22 GMT A lack of investment in security systems is allowing British companies to fall victim to increasing severe security breaches. That's the main finding of the Department of Trade and Industry's (DTI) annual Information Security Breaches Survey, which concludes that the average cost of a security breach is ?30,000, with several companies reporting incidents which cost more than ?500,000. The survey, led by PricewaterhouseCoopers on behalf of the DTI, shows that three-quarters of UK businesses believe that they hold sensitive or critical information, but only one-quarter have a security policy in place to protect it. http://www.theregister.co.uk/content/55/24870.html http://news.zdnet.co.uk/story/0,,t269-s2108453,00.html [2] Argentina rules in favour of hackers Computer hackers may be the scourge of the digital age, hunted down by police across borders, but in Argentina they have found an unlikely ally - the very justice system they scorned. Warning of a dangerous legal void making digital crimes hard to prosecute, a judge has ruled that hacking is legal by default in Argentina. The decision came in the case of cyberpirates who defaced the Supreme Court's Web page. Arguing that the law only covered crimes on people, things and animals and not digital attacks, a federal court declared several Argentines known as X-Team innocent of charges they broke into the high court's Web page to accuse judges of covering up a human rights case. http://www.thisislondon.co.uk/dynamic/news/story.html?in_review_id=17 http://www.theregister.co.uk/content/6/24877.html [3] Hackers target Israel By James Middleton [16-04-2002] Middle East conflict moves into cyber space The conflict in the Middle East is being fought in cyberspace as well as on the ground, showing that hacking is developing into a recognised form of international warfare, according to a leading security analyst. http://www.vnunet.com/News/1130941 [4] Handhelds now target of virus attacks By Tom Venetis, posted Apr 16, 2002 As wireless handheld devices continue to grow in popularity among consumers, they are also becoming increasingly popular targets for virus writers and hackers. Although there have only been twelve reported cases of viruses that specifically target handheld devices such as mobile phones and PDAs, many are predicting that it will only be a short time before many more wireless viruses begin making an appearance. http://www.canadacomputes.com/v3/story/1,1017,8377,00.html?tag=81sb=121 [5] New internet legislation outlaws all hacking by Mr. Robert Smyth New amendments to Hungary's laws on internet crime have drawn criticism from
[INFOCON] - NIPC Daily Report 18 Apr 2002
NIPC Daily Report 18 April 2002 The NIPC Watch and Warning Unit compiles this report to inform recipients of issues impacting the integrity and capability of the nation's critical infrastructures. Power blackouts could stop flow of water in valley. A dispute between power and water utility companies in southern Nevada could lead to power blackouts this summer. Public water agencies are opposed to a $922 million power rate increase that they say would drive up the cost of providing water service to 800,000 people in the Las Vegas Valley. Nevada Power is concerned that there isn't enough power supply to meet demand, and warns that rolling blackouts are a possibility. A water district deputy general manager said reliable power is critical to reliable water delivery. Nevada Power claims water customers, including water service to fire hydrants, will never be in danger, and that the Southern Nevada Water Authority is considered a 'critical customer' that will not feel the effects of any power interruptions. (lasvegassun.com, 15 Apr) Cities struggling to fix sewer systems. Every day it rains or snows, 772 of the nation's older cities and towns face a health and environmental threat from outdated systems known as CSOs, for combined sewer overflows, single-pipe sewers that move both sewage and storm water to treatment plants. Their brick-lined sewers were built in the late 1800s and early 1900s, before the age of indoor plumbing, to prevent streets from flooding during downpours. In later years as toilets, sinks and bathtubs were added to homes, the waste was funnelled into the same storm sewers. The federal government in the 1970s required cities to lay separate storm and sewer lines. By then, hundreds of cities were left with sewers that work fine in dry conditions, but overflow into rivers and streams during wet weather with bacteria-laced discharges that kill fish, fuel algae blooms that taint waterways green, and leave a sickening smell. Now communities are struggling with a federal mandate to fix their systems - improvements that come with a high price tag but scant federal funds to help pay for them. The US Environmental Protection Agency estimates that it will take about $45 billion in new construction to address the problem over the coming years. (Associated Press, 17 Apr) Some airports will not get explosive detection machines by year's end. The undersecretary for transportation security told Congress on 17 April that airports without explosive detection machines at year's end will have checked luggage inspected by handheld equipment. While equipment will vary, ''all airport facilities will have comparable security.'' Some airports will use a combination of minivan-sized explosive detection machines and trace-detection devices. Other airports will have the handheld equipment that detects traces of explosive material. The explosive detection and the trace machines are the only equipment that will enable the nation's 429 commercial airports to meet a 31 December deadline for having all bags checked by machine for explosives. (Associated Press, 17 Apr) TVA reaches seams agreement with MISO. The Tennessee Valley Authority says it has reached agreements with neighboring electricity systems to allow seamless wholesale power trading across a vast section of the Southeast and Midwest. TVA said the so-called seams agreements were struck with the Midwest Independent Transmission System Operator and two large utilities in the South, the Southern Co. and Energy Corp. The FERC has strongly encouraged TVA to participate in RTO-development discussions in the region involving investor-owned utilities, municipally owned utilities, and rural electric cooperatives. TVA said it is continuing efforts to develop a Public Power Regional transmission Grid with such potential partners as East Kentucky Power Cooperative, Associated Electric Cooperative Inc. and Big Rivers Electric Corp. (Energy Info Source, 17 Apr) Entergy considering new nuclear plant. Entergy Corp. has notified the federal Nuclear Regulatory Commission that it is considering building a nuclear power plant in Port Gibson, Miss. Entergy Nuclear, a subsidiary of the New Orleans-based utility, on 16 April, became the third company to notify the federal Nuclear Regulatory Commission of plans to seek an ``early site permit'' for a new nuclear plant. The company said nuclear energy is an alternative to natural gas, which fuels most of the country's newest power plants. `Having the nuclear option available is in the best interest of our power consumers, Entergy and the nation's energy independence,'' the company said. Entergy began considering building a nuclear plant a year ago after a severe shortage of natural gas sent the price of natural gas-generated electricity soaring. The application will take about a year to prepare and cost the nuclear subsidiary about $9 million, including
[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-042 Date: 18 April2002
DAILY BRIEF Number: DOB02-042 Date: 18 April 2002 NEWS OCIPEP Issues Advisory - New Variant of Klez.A OCIPEP issued Advisory AV02-020 to bring attention to a new version of the worm W32.Klez.A@mm, which was first discovered on 25 October 2001. This new variant of Klez is currently spreading through Europe and the U.S. Comment: For more information, go to: http://www.ocipep-bpiepc.gc.ca/emergencies/advisories/AV02-020_e.html Canada Opts Out of American Plan to Defend Continent The Canadian government has announced that, for the moment, it will not join the U.S.-led North American defence plan and will remain responsible for its own defence. U.S. Defense Secretary Donald Rumsfeld announced yesterday the creation of a new military zone stretching from the Canadian Arctic to southern Mexico. Senior Canadian and U.S. military officials have been putting pressure on the Canadian government to join the Northern Command. Foreign Affairs Minister Bill Graham, however, has suggested that Canada could join at a later date and that Ottawa is content, for now, to limit its role in continental defence to NORAD. (Source: Globe and Mail, 18 April 2002) http://www.theglobeandmail.com/ Four Canadian Soldiers Killed in Afghanistan A U.S. fighter jet mistakenly bombed Canadian soldiers during a live-fire training exercise in Afghanistan, killing four and wounding eight. (Source: Globe and Mail, 18 April 2002) http://www.theglobeandmail.com/ IN BRIEF Bush Warns of More Terror Attacks While addressing military cadets, President Bush predicted that there will be an increase in terrorist activity as bin Laden's network tries to regroup and strike again. (Source: NanadoTimes, 17 April 2002) http://www.nandotimes.com/ One Alert System Seen As Ineffective A commentary by ZDNet argues that no single alerting system, such as the one recently unveiled by the Office of Homeland Security, is up to the task of describing the myriad of different cyber threats. (Source: ZDNet, 17 April 2002) http://zdnet.com.com/ Survival in an Insecure World David A. Fisher, a researcher with the Computer Emergency Response Team (CERT) at Carnegie Mellon University, has developed Easel, a new computer language that allows the simulation of unbounded systems even when given incomplete information about their state. The aim is to develop infrastructure systems that continue to perform in the face of cyber attacks. (Source: Scientific American, Issue: May 2002) http://www.scientificamerican.com/ Businesses First Line of Defence in Battling Cybercrime The head of a U.S. government task force has called on U.S. companies to act as the first line of defence against cyber terrorists and criminals, by investing heavily in the protection of their computer networks. (Source: Jacksonville.com, 17 April 2002) http://www.jacksonville.com/ CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Trendmicro provides a report on WORM_KLEZ.G, which is a modified variant of the worm WORM_KLEZ.G. It uses SMTP to propagate via email and is capable of spreading via shared drives/folders with read/write access. The subject line and body of the email may be randomly composed. The email receiver does not need to open the attachment for it to execute due to a known vulnerability in Internet Explorer-based email. http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.G Comment: OCIPEP has released Advisory AV02-020 regarding Klez.H and Klez.G. Please see the News section or go to: http://www.ocipep-bpiepc.gc.ca/emergencies/advisories/AV02-020_e.html Vulnerabilities SecurityFocus reports on a vulnerability in StepWeb Search Engine (SWS). A remote attacker could guess the location of the admin web page and gain access to admin functions thus enabling the addition of arbitrary search entries or access to search logs. No patch is available as of yet. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussionid= 4503 SecurityFocus reports on a vulnerability in SunShop that allows remote attackers to embed arbitrary script code into form fields. This may enable a remote attacker to perform actions as the administrative user of the shopping cart. View the solutions tab for patch information. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussionid= 4506 SecurityFocus reports on a vulnerability in Melange Chat System that could allow a local attacker to initiate a buffer overflow. View the solutions tab for patch information. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussionid= 4509 SecurityFocus reports on a vulnerability in ICQ. If a remote user attempts to access a malformed .hpf file (a file specific to ICQ that is created when a new user registers), ICQ will crash. No patch is available as of yet. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussionid= 4514 SecurityFocus reports on a vulnerability in Burning Board. A remote
[INFOCON] - GAO Information Security
[Interesting. WEN] Information Security: Subcommittee Post-Hearing Questions Concerning the Additional Actions Needed to Implement Reform Legislation. GAO-02-649R, April 16. http://www.gao.gov/cgi-bin/getrpt?GAO-02-649R IWS INFOCON Mailing List IWS - The Information Warfare Site http://www.iwar.org.uk
[INFOCON] - No INFOCON for at least a while
Dear All, Due to lack of time and funding the INFOCON list will be suspended until further notice (It might continue at the beginning of June depending on whether we will be able to sort out our finances till then, ...). Regards, WEN Wanja Eric Naef Webmaster Principal Researcher IWS - The Information Warfare Site http://www.iwar.org.uk IWS INFOCON Mailing List IWS - The Information Warfare Site http://www.iwar.org.uk
[INFOCON] - News 05/27/02
_ London, Monday, May 27, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ IWS Sponsor National Center for Manufacturing Sciences http://www.ncms.org host of the InfraGard Manufacturing Industry Association http://trust.ncms.org _ [News Index] [1] Face recognition kit fails in Fla airport [2] Qwest Glitch Exposes Customer Data [3] Navy Domain Hijacked By German Pornography Site [4] Football e-mails could hide viruses [5] Hackers gain entry to key state database [6] State CIOs aid White House in homeland security plan [7] Experian, Ford Still Unsure How Hacker Stole 13,000 Credit Reports [8] DARPA developing killer tech [9] Intrusion-detection net revived [10] Waiting for Wi-Fi: Europeans trail U.S. in wireless Net hubs [11] EU probes Microsoft over privacy law [12] Tips from a cyberterrorism expert [13] Regents OK AM security, computer centers [14] (UK) Government plans national strategy to fight cybercrime [15] (South Korea) Daum Files Suit Against Spammers [16] Spammers threaten UK Net user [17] Senate OKs stripped-down version of bioterrorism bill _ News _ [1] Face recognition kit fails in Fla airport By Thomas C Greene in Washington Posted: 27/05/2002 at 08:02 GMT Palm Beach International Airport security workers would be racking up heaps of overtime pay dealing with more than fifty false positives daily if their bosses were to install Visionics' terror-busting face recognition gear, the airport administrators have concluded. The kit had been installed free of charge for a trial run. The airport, not surprisingly, decided to test it on volunteers who work there over four weeks. Using fifteen volunteers and a data base of 250 snapshots, Palm Beach County administrators enjoyed a success rate of less than fifty per cent. That is, more than half the people the kit should have flagged slipped past undetected. http://www.theregister.co.uk/content/55/25444.html Biometric sensors beaten senseless in tests http://www.theregister.co.uk/content/55/25400.html The ACLU obtained a copy of the Palm Beach report and has posted it here. http://www.aclu.org/issues/privacy/FaceRec_data.pdf [2] Qwest Glitch Exposes Customer Data Critics say the phone company took too long to close a hole that left some long-distance phone bills and subscriber credit card numbers accessable to anyone. By Kevin Poulsen, May 23 2002 3:30PM Telecom giant Qwest Communications acknowledged Thursday that a glitch in its Web-based paperless billing system left some long-distance customer records exposed for over a week. Qwest offers long-distance customers a price break if they forgo printed statements and pay their bills with a credit card though the company's Web site. Subscribers who avail themselves of the service are offered a choice of logging in with a phone number and calling card PIN, or a user-specified name and password. http://online.securityfocus.com/news/431 [3] Navy Domain Hijacked By German Pornography Site By Brian McWilliams, Newsbytes May 23 2002 3:59PM Due to a domain registration snafu, two Internet addresses used by the U.S. Navy for recruiting new sailors have recently been commandeered by other sites, including a pornography site. Since late April, visitors to NavyDallas.com, formerly the home page of the Navy's Dallas recruiting district, have been redirected to How-to-find-porn.com, a portal that features links to numerous hardcore pornography sites. http://online.securityfocus.com/news/434 [4] Football e-mails could hide viruses Could David Beckham inspire the next virus attack? With the World Cup about to kick off, virus experts have warned computer users to be on their guard against infection. With millions of people using e-mail and the internet to keep up to date with the soccer action, anti-virus firm Sophos says screensavers, spreadsheets
[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-068 Date: 27 May 2002
OCIPEP DAILY BRIEF Number: DOB02-068 Date: 27 May 2002 OCIPEP Issues Paper on Mobile Telephone Services OCIPEP recently issued a paper entitled Commercial Mobile Telephone Services and the Canadian Emergency Management Community: Prospects and Challenges for the Coming Decade. The paper discusses the use of emerging commercial wireless technologies in emergency management in Canada. New mobile telecommunications products have been adopted by emergency management organizations because they are cost-effective and provide a wider range of services in comparison to traditional land mobile radio. The paper also describes the growing role of commercial mobile telephone services in emergency management, and identifies concerns relevant to emergency preparedness planning in Canada. Comment: The full report can be viewed at: http://www.ocipep-bpiepc.gc.ca/research/scie_tech/AndersonGow_1999-D005_e.ht ml Ottawa Police Issues Public Security Alert The Ottawa police over the weekend issued a public security alert, warning of a credible threat against a synagogue or other gathering place for the Jewish community in the city. The warning, which was based on an intelligence report received by the RCMP and Ottawa police, states that an attack is planned for some time in June. Police have increased patrols around possible targets including eleven synagogues and several Jewish community centres, offices and facilities. Mitchell Bellman, executive director of the Jewish Community Council of Ottawa, said the Jewish community intends to continue with all scheduled events, commenting that it is business as usual. (Source: The National Post, 25 May 2002) http://www.nationalpost.com/ IN BRIEF Insurance Policies to Cover Cost of G8 Protest Damage Insurance policies are expected to cover most damage that may be caused by protests during the June 26-27 G8 Summit in Calgary, according to an Insurance Bureau of Canada official. He stated that most all-perils policies would cover damage resulting from an event such as the G8 Summit. (Source: CBC News, 25 May 2002) http://calgary.cbc.ca/template/servlet/View?filename=meet020525 Water Systems on Reserves in Need of Repair A large number of water systems on reserves across Canada have a high risk of contamination, according to First Nations chiefs in Ontario. Quoting information from the Walkerton report indicating that 83 reserves have high-risk water systems, a spokesperson for the Chiefs of Ontario is asking the federal government to provide appropriate funding to help First Nations communities fix the problem. (Source: CBC News, 27 May 2002) http://www.cbc.ca/stories/2002/05/27/reserve_water020527 FBI Unable to Detect Terrorism: Media Report The FBI lacks the training and skills to detect domestic terrorism, according to a media report on Sunday. Following criticism of poor cooperation between the FBI and CIA, FBI director Robert Mueller has promised that no field agent's reports of a threat will be overlooked again. (Source: The Globe and Mail, 27 May 2002) http://www.globeandmail.ca Canada Not Immune to Terrorism: Former CSIS Director Canada's relationship with the U.S. makes it a potential target for Islamic extremists, according to Reid Morden, former director of the Canadian Security and Intelligence Service (CSIS). Although We haven't seen ourselves as anybody's enemy, Morden points out that Canada has not been untouched by terrorist activity. He cited events such as Air India Flight 182 and an extremist attack on the Turkish Embassy as examples. (Source: The Calgary Herald, 26 May 2002) http://www.canada.com/calgary/calgaryherald/ http://www.canada.com/calgary/calgaryherald/story.asp?id={C29BC45D-0BB7-4200 -B1B7-BCCD40B17EEC} CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Trend Micro reports on JS_NOCLOSE.E, which is a non-destructive Java Script that opens several windows upon execution, each connecting to a URL listed in its body. It then hides the opened windows so that the infected user can not close them. http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=JS_NOCLOSE.E Sophos reports on VBS/Redlof-A, which is a virus that infects HTM, HTML, ASP, PHP, JSP, HTT and VBS files by appending a VBScript containing an encrypted copy of the virus code to them. The virus exploits the MS VM ActiveX component vulnerability enabling the virus to be activated by viewing an infected HTML document at a remote site. http://sophos.com/virusinfo/analyses/vbsredlofa.html Sophos reports on WM97/Marker-AK, which is a variant of the WM97/Marker-A Word macro virus. It has no active malicious payload and does little more than replicate. http://sophos.com/virusinfo/analyses/wm97markerak.html McAfee reports on W97M/Hich.gen, which is a virus that disables Word virus protection features and the Esc key. It is a parasitic virus that can delete some or all of the contents of a document.
[INFOCON] - News 05/28/02
_ London, Tuesday, May 28, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ IWS Sponsor National Center for Manufacturing Sciences http://www.ncms.org host of the InfraGard Manufacturing Industry Association http://trust.ncms.org _ [News Index] [1] Webbed, Wired and Worried [2] Anti-virus evals waste precious resources [3] Chinese crackers prepare for cyber war [4] Aussies surf to top of web crime list [5] Excel hole opens PCs to hackers [6] Klez-H is the worst virus ever - official [7] Security researchers warn of worm blitzkriegs [8] An Education in Hacking [9] (UK) Time for openness over online fraud [10] Internet Gambling May Become Legal in Canada [11] Security Hole Strip Tease [12] Opera vuln gives up local files [13] E-gov security gateway in works [14] Music industry sues Napster-like Internet firm, Audiogalaxy [15] Dot-com stigma fails to turn off UK businesses [16] Hackers go wireless with greatest of ease [17] US plan to strike enemy with Valium _ News _ [1] Webbed, Wired and Worried By THOMAS L. FRIEDMAN Ever since I learned that Mohamed Atta made his reservation for Sept. 11 using his laptop and the American Airlines Web site, and that several of his colleagues used Travelocity.com, I've been wondering how the entrepreneurs of Silicon Valley were looking at the 9/11 tragedy - whether it was giving them any pause about the wired world they've been building and the assumptions they are building it upon. In a recent visit to Stanford University and Silicon Valley, I had a chance to pose these questions to techies. I found at least some of their libertarian, technology-will-solve-everything cockiness was gone. I found a much keener awareness that the unique web of technologies Silicon Valley was building before 9/11 - from the Internet to powerful encryption software - can be incredible force multipliers for individuals and small groups to do both good and evil. And I found an acknowledgment that all those technologies had been built with a high degree of trust as to how they would be used, and that that trust had been shaken. In its place is a greater appreciation that high-tech companies aren't just threatened by their competitors - but also by some of their users. http://www.nytimes.com/2002/05/26/opinion/26FRIE.html [2] Anti-virus evals waste precious resources By George Smith, SecurityFocus Online Posted: 27/05/2002 at 15:10 GMT In 1991, essayist Paul Fussell wrote, The current United States can be defined as an immense accumulation of not terribly acute or attentive people obliged to operate a uniquely complex technology, which, all other things being equal, always wins. http://www.theregister.co.uk/content/55/25454.html [Rubbish, rubbish, rubbish. A journalist who likes to call an event where some teenagers played around and did some cybergraffiti 'Cyberwar'??? I wonder if he were to write an article about some kids who did some graffiti in Wimbledon. I guess the title would be 'Wimbledon graffiti artists prepare for war'. It is interesting to see that journalists in such articles never mention any Chinese IW thinkers (like Shen Weiguang, Wang Pufeng, Dai Quingmin, ...) or mention the Echeng Reserve IW organisation, But I guess that would require some serious journalism (i.e. someone who checks his facts first). WEN] [3] Chinese crackers prepare for cyber war By Nick Farrell [24-05-2002] Students may launch attacks on vital western systems Chinese hackers could be readying themselves to launch a cyber attack on key western computer systems. The Institute for Strategic Studies, run by the US Army War College, has released a classified report warning the Defense Department, US diplomats and law enforcement agencies to be on the look out for Chinese student hacking attacks some time this summer. The Institute believes that the attacks will try to spread computer viruses and
[INFOCON] - NIPC Daily Report 29 May 02
[The daily report is a bit late as I spent 5 hours at a InfoSec company yesterday where they showed me an amazing software product which is light-years ahead of any other similar product. WEN] NIPC Daily Report29 May 2002 The NIPC Watch and Warning Unit compiles this report to inform recipients of issues impacting the integrity and capability of the nation's critical infrastructures. Giant Florida natural gas pipeline starts service. A 1.1 billion cubic foot capacity natural gas pipeline started delivering gas on 28 May. The pipeline, believed to be Florida's first new gas source in more than 40 years, is aimed at meeting the state's growing reliance on gas-fired power generation. The Gulfstream pipeline will initially supply enough gas to produce power for around 4.5 million Florida homes, a company spokesperson said. (Reuters, 28 May) PDAs make easy pickings for data thieves. A survey conducted by a security firm revealed that private and corporate secrets are all too frequently left unprotected. The survey showed that one in ten individual's bank accounts could be accessed if they lost their Personal Digital Assistant (PDA). Owners of PDAs, commonly download substantial slices of their personal and business lives onto their PDAs, but leave the information unencrypted and without password protection. PINs, passwords, customer details, bank accounts, credit card social security details are just some of the confidential and personal pieces of information stored by PDA owners. (The Register, 28 May) Klez-H is the worst virus ever. Klez-H is being called the worst virus ever, according to figures from the managed services firm MessageLabs. MessageLabs has blocked 775,000 copies of the pathogen since it first appeared on April 15. Klez-H overtakes the infamous SirCam worm. MessageLabs is blocking 20,000 Klez-H infected emails per day. Alex Shipp, MessageLabs chief ant-virus specialist, says the reason for Klez.H's 'success' lies in its ability to cover its tracks and deceive recipients. Klez-H is able to select random names from address books to use as the sender address, and also creates a large range of subject, text and attachment names, making it difficult to identify and track. (The Register, 27 May) IWS INFOCON Mailing List IWS - The Information Warfare Site http://www.iwar.org.uk
[INFOCON] - News 05/31/02
_ London, Friday, May 31, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ IWS Sponsor National Center for Manufacturing Sciences http://www.ncms.org host of the InfraGard Manufacturing Industry Association http://trust.ncms.org _ [News Index] [1] Ridge speaks out on restructuring homeland security agencies [2] Virus warning: SQL worm trumps Nimda and Code Red [3] Hackers Crack Copy Protection CD's [4] Japan space hackers nabbed for spying [5] (UK) Govt freezes e-tax filing [6] FBI agent blames outdated technology for failure to prevent terror attacks [7] Securing Privacy Part Four: Internet Issues [8] Notorious hacker hits TheNerds.net [9] The next hacker target: instant messaging [10] Low-tech solution to password problem [11] FBI director unveils plan for agency overhaul [12] FBI and CIA coming on-line with new powers [13] (AU) 'Spammer' punished for war hang-up [14] Hacker 'King Kimble' handed fraud conviction [15] (UK) Cypherpunks aim to torpedo RIP key seizure plan [16] Scientists set to unveil anti-terrorism ideas in late June [17] Congressional panel issues information security report [18] EU set to weaken Net privacy regime _ News _ [1] Ridge speaks out on restructuring homeland security agencies By Katherine McIntire Peters The White House is poised to recommend reorganizing federal agencies to more effectively control people and goods at U.S. borders and help local police, firefighters and health care workers respond after terrorist attacks. The recommendations are to be included in the homeland security strategy, which is being developed by the White House Office of Homeland Security. Homeland Security Director Tom Ridge discussed some of his thinking over lunch with editors and writers at National Journal Group, including Government Executive's Katherine McIntire Peters. Q: Thousands of people enter this country illegally every day. Most just walk across the border. This is after a decade of spending billions of dollars to increase staffing, equipment and intelligence on the border. How big a concern is that to you when you look at homeland security vulnerabilities, and what is a realistic way of dealing with it? A: We have 5,000 miles of border with Canada and 2,500 miles of border with Mexico. If you add the coastline, we've got about 95,000 miles of unprotected navigable border. That openness, that size, is obviously a point of vulnerability where we know we need to enhance security. http://www.govexec.com/dailyfed/0502/053002kp1.htm [2] Virus warning: SQL worm trumps Nimda and Code Red An internet worm that attacks Microsoft's SQL Server database has caused more attacks in the past week than last year's most notorious worms, Nimda and Code Red. http://www.silicon.com/bin/bladerunner?30REQEVENT=REQAUTH=2104614001REQSUB =REQINT1=53664 [3] Hackers Crack Copy Protection CD's By THE ASSOCIATED PRESS Filed at 7:17 p.m. ET SAN FRANCISCO (AP) -- Some music fans are trying to fake out CD copy protection technology with the stroke of a felt-tip pen. The tactic is being used in Europe, where Sony is trying out a copy protection method. That model won't be coming to America, the company says. The crack in the copy protection is the talk of the town on Internet message boards, though Digital Audio Disc Corporation, Sony Corp.'s CD manufacturing unit, is not amused. http://www.nytimes.com/aponline/technology/AP-Felt-Tip-Hackers.html?ex=10235 08800en=06d4d4bcbe8392c0ei=5040partner=MOREOVER [4] Japan space hackers nabbed for spying TOKYO, Japan (AP) --Three workers at a major Japanese aerospace company have been arrested for allegedly hacking into the computer network of Japan's space agency to spy on a rival company. http://europe.cnn.com/2002/WORLD/asiapcf/east/05/30/japan.spacehackers.ap/in dex.html
[INFOCON] - NIPC Daily Report 31 May 02
NIPC Daily Report31 May 2002 The NIPC Watch and Warning Unit compiles this report to inform recipients of issues impacting the integrity and capability of the nation's critical infrastructures. Debate over exposing chemical risks. The chemical industry in recent months has successfully lobbied the government to limit access to previously public data about chemical accidents, arguing that it would give terrorists a blueprint to launch an attack. The US chemical industry also has won growing support in law-enforcement circles to fight the terrorist threat with voluntary security improvements - and secrecy. Environmentalists, however, are determined to keep exposing the information, arguing that chemical companies are engaged in far riskier behavior by not adopting safer manufacturing methods. Although environmentalists concede that what they're doing could make it easier for terrorists to pick targets, they contend that an industrial accident could be as devastating as a planned assault. The question of which side might be taking greater chances with American lives remains unanswered. (The Wall Street Journal, 30 May) WWU Comment: Although this article refers to the chemical industry, it underscores the issue facing many industries trying to balance issues of the public's 'right to know' about hazardous conditions and properly securing sensitive data. Several concerns converge when considering the disclosure of information regarding security, materials, processes, and physical locations. Costs and other constraints associated with security and process upgrades can make them infeasible or at least improbable in the short-term. FBI warns of shoulder-fired missile threat. Although it has had no specific warnings, the FBI is alerting law enforcement agencies to be on the lookout for any signs of terrorist plans to use shoulder-fired missiles against US targets, especially commercial airliners. The FBI possesses no information indicating that al Qaeda is planning to use 'Stinger' missiles or any type of MANPAD [portable anti-aircraft] weapons system against commercial aircraft in the United States, the warning said. However, given al Qaeda's demonstrated objective to target the US airline industry, its access to US and Russian-made MANPAD systems, and recent apparent targeting of US-led military forces in Saudi Arabia, law enforcement agencies in the United States should remain alert to potential use of MANPADs against US aircraft. (CNN, 30 May) Klez infection persists. The Klez worm and its variants, including Klez.E and Klez.H, continue to spread at a dizzying rate, according to anti-virus experts. The Klez rampage has gotten so serious, recent media reports dubbed it the No. 1 virus of all time. Klez.A was first spotted Oct. 25, 2001, but didn't do much damage. Klez.E, which first appeared Jan. 17, was the first Klez variant that produced significant activity. The latest variant, known as Klez.H, was first seen April 17, 2002. Symantec has received 130,000 different submissions of the Klez worm since Klez.E's mid-January debut. This month alone, Symantec has received 70,000 total Klez submissions. By comparison, the worm known as W95.Hybris is the second most submitted as of May 2002, with a mere 3,600. Representatives from Norton Anti-virus stated that not every user of the company's Anti-Virus protection chooses to send samples for analysis, so the total number of infections is likely potentially much greater. (Newsbytes, 29 May) Security researchers warn about worm of the future. In a paper, How to Own the Internet in Your Spare Time, Stuart Stanford of Silicon Defense, Vern Paxson of ICSI Center for Internet Research, and Nicholas Weaver of University of California Berkeley, argue that internet worms, used as attack tools, will continue to pose a significant threat to systems and infrastructures. Based largely on analysis of the spread the Code Red and Nimda worms, they suggest that in the future, worms that are better engineered and more advanced will be able to spread in tens of seconds rather than hours, and be modified on the fly to circumvent anti-virus efforts. The paper also discusses the threat of a surreptitious worm that would move more slowly, but be much harder to detect and could arguably subvert upwards of 10,000,000 Internet hosts. The authors suggest that by using worms to gain control of millions of hosts on the Internet, the attacker could inflict several types of damage. First, the attacker could launch a diffuse distributed denial of service attack that could bring down e-commerce sites, news outlets, or command and control infrastructures. Second, the attacker could potentially access and exploit sensitive information on any of the millions of infected systems, such as passwords or archived e-mail. Finally, if the attacker can control the information on infected systems, he could corrupt or disrupt the information in order to sow confusion. (The
[INFOCON] - NCIX WEB SITE UPDATE ADVISORY #7-2002
-Original Message- From: Stephen F. Argubright [Sent: 31 May 2002 16:39 To: [EMAIL PROTECTED] Subject: NCIX WEB SITE UPDATE ADVISORY #7-2002 Dear Friends and Colleagues, 1. A new NCIX counterintelligence and security awareness poster, titled One Evil, may be viewed and ordered by linking to http://www.ncix.gov/pubs/posters/one_evil.html . 2. The NCIX outreach team has updated the booklet Be Alert! and it is now available by linking to http://www.ncix.gov/pubs/misc/pub_be_alert.html . Background: Using primarily Internet e-mail addresses from consumers who have requested NCIX counterintelligence and security awareness material, the NCIX has created an Internet address group to alert and inform its readers about new and updated information regarding the NCIX Web site. The advisories include information on NCIX regional seminars, the release of new awareness material, and other information of counterintelligence interest. Please feel free to use this updated information on your own Intranet and other information-sharing systems. Each advisory is assigned a sequential number for tracking purposes. As of this advisory, there are more than 2,400 official subscribers. If you are receiving these advisories from another source, but would like to receive them directly, please link to http://www.ncix.gov/feedback/pubreq.html , provide the appropriate contact information, check the Add to the NCIX Notification Service box, and submit. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
[INFOCON] - Some interesting GAO Reports
A collection of interesting GAO Reports (ranging from Information Security to Missile Defence to Drinking Water) from the last few months which are pilled up in my room in one corner ... WEN Coast Guard: Vessel Identification System Development Needs to Be Reassessed. GAO-02-477, May 24. http://www.gao.gov/cgi-bin/getrpt?GAO-02-477 1. Diffuse Security Threats: Technologies for Mail Sanitization Exist, But Challenges Remain. GAO-02-365, April 23. http://www.gao.gov/cgi-bin/getrpt?GAO-02-365 1. DOE Weapons Laboratories: Actions Needed to Strengthen EEO Oversight. GAO-02-391, April 22. http://www.gao.gov/cgi-bin/getrpt?GAO-02-391 2. Defense Budget: Need to Strengthen Guidance and Oversight of Contingency Operations Costs. GAO-02-450, May 21. http://www.gao.gov/cgi-bin/getrpt?GAO-02-450 3. Military Transformation: Army Actions Needed to Enhance Formation of Future Interim Brigade Combat Teams. GAO-02-442, May 17. http://www.gao.gov/cgi-bin/getrpt?GAO-02-442 3. Technology Transfer: NNSA Did Not Implement the Technology Infrastructure Pilot Program. GAO-02-708R, May 10. http://www.gao.gov/cgi-bin/getrpt?GAO-02-708R Information Security: Comments on the Proposed Federal Information Security Management Act of 2002, by Robert F. Dacey, director, information security issues, before a joint hearing of the Subcommittee on Government Efficiency, Financial Management, and Intergovernmental Relations and the Subcommittee on Technology and Procurement Policy, House Committee on Government Reform.GAO-02-677T, May 2. http://www.gao.gov/cgi-bin/getrpt?GAO-02-677T 4. Information Security: Additional Actions Needed to Fully Implement Reform Legislation. GAO-02-407, May 2. http://www.gao.gov/cgi-bin/getrpt?GAO-02-407 3. Transportation Infrastructure: Cost and Oversight Issues on Major Highway and Bridge Projects, by JayEtta Z. Hecker, dierctor, physical infrastructure issues, before the House Committee on Transportation and Infrastructure.GAO-02-702T, May 1. http://www.gao.gov/cgi-bin/getrpt?GAO-02-702T 9. Nuclear Security: Lessons to Be Learned from Implementing NNSA's Security Enhancements. GAO-02-358, March 29. http://www.gao.gov/cgi-bin/getrpt?GAO-02-358 Combating Terrorism: Key Aspects of a National Strategy to Enhance State and Local Preparedness, by Patricia Dalton, director, strategic issues, before the Subcommittee on Government Efficiency, Financial Management, and Intergovernmental Relations, House Committee on Government Reform, in Long Beach, California.GAO-02-549T, March 28. http://www.gao.gov/cgi-bin/getrpt?GAO-02-549T Combating Terrorism: Key Aspects of a National Strategy to Enhance State and Local Preparedness, by Randall Yim, managing director, national preparedness, before the Subcommittee on Government Efficiency, Financial Management, and Intergovernmental Relations, House Committee on Government Reform, in Albuquerque, New Mexico. GAO-02-548T, March 25. http://www.gao.gov/cgi-bin/getrpt?GAO-02-548T 1. Combating Terrorism: Intergovernmental Partnership in a National Strategy to Enhance State and Local Preparedness, by Paul Posner, managing director, strategic issues, before the Subcommittee on Government Efficiency, Financial Management, and Intergovernmental Relations, House Committee on Government Reform, in Tempe, Arizona.GAO-02-547T, March 22. http://www.gao.gov/cgi-bin/getrpt?GAO-02-547T 3. Security Breaches at Federal Buildings in Atlanta, Georgia, by Ronald Malfi, acting managing director, Office of Special Investigations, before the House Committee on Government Reform, in Atlanta, Georgia. GAO-02-668T, April 30. (statement not available on the Internet) http://www.gao.gov/cgi-bin/ordtab.pl 4. International Electronic Commerce: Definitions and Policy Implications. GAO-02-404, March 2002. http://www.gao.gov/cgi-bin/getrpt?GAO-02-404 1. National Preparedness: Technologies to Secure Federal Buildings, by Keith A. Rhodes, chief technologist, before the Subcommittee on Technology and Procurement Policy, House Committee on Government Reform.GAO-02-687T, April 25. http://www.gao.gov/cgi-bin/getrpt?GAO-02-687T 2. Information Security: Subcommittee Post-Hearing Questions Concerning the Additional Actions Needed to Implement Reform Legislation. GAO-02-649R, April 16. http://www.gao.gov/cgi-bin/getrpt?GAO-02-649R 2. Homeland Security: Responsibility and Accountability for Achieving National Goals, by David M. Walker, comptroller general of the United States, before the Senate Committee on Governmental Affairs. GAO-02-627T, April 11. http://www.gao.gov/cgi-bin/getrpt?GAO-02-627T 5. National Preparedness: Integration of Federal, State, Local, and Private Sector Efforts Is Critical to an Effective National Strategy for Homeland Security, by Randall Yim, managing director, national preparedness, before the Subcommittee on Economic Development, Public Buildings and Emergency Management, House Committee on Transportation and Infrastructure. GAO-02-621T, April 11.
[INFOCON] - OCIPEP Advisory AV02-029 Multiple Vulnerabilities -Yahoo! Messenger
La version française suit THE OFFICE OF CRITICAL INFRASTRUCTURE PROTECTION AND EMERGENCY PREPAREDNESS * ADVISORY * Number: AV02-029 Date: 5 June 2002 ** Multiple Vulnerabilities - Yahoo! Messenger ** PURPOSE The CERT/CC is reporting multiple vulnerabilities in Yahoo! Messenger version 5,0,0,164 and prior for Microsoft Windows. ASSESSMENT There are multiple vulnerabilities in Yahoo! Messenger that may allow an attacker to execute arbitrary code with the privileges of the user on the victim system. OCIPEP has not received any reports of this vulnerability being exploited in Canadian systems. OCIPEP will continue monitoring all available sources of information about this vulnerability and will provide updated information should the potential for impact increase. SUGGESTED ACTION Users should upgrade to version Yahoo! Messenger 5,0,0,1065 or later. Please refer to the following link for additional information: http://www.cert.org/advisories/CA-2002-16.html CONTACT US For urgent matters or to report any incidents, please contact OCIPEP's Emergency Operations Centre at: Phone: (613) 991-7000 Fax:(613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP's Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca NOTICE TO READERS When the situation warrants, OCIPEP issues Advisories to communicate information about potential, imminent or actual threats, vulnerabilities or incidents assessed by OCIPEP as limited in scope but having possible impact on the Government of Canada or other sectors of Canada's critical infrastructure. Recipients are encouraged to consider the real or possible impact on their organisation of the information presented in the Advisory, and to take appropriate action. OCIPEP publications are based on information obtained from a variety of sources. The organisation makes every reasonable effort to ensure the accuracy, reliability, completeness and validity of the contents in its publications. However, it cannot guarantee the veracity of the information nor can it assume responsibility or liability for any consequences related to that information. It is recommended that OCIPEP publications be carefully considered within a proper context and in conjunction with information available from other sources, as appropriate. Unauthorized use of computer systems and mischief in relation to data are serious Criminal Code offences in Canada. Upon conviction of an indictable offence, an individual is liable to imprisonment for a term not to exceed ten years. All offences should be reported immediately to your local police service. == LE BUREAU DE LA PROTECTION DES INFRASTRUCTURES ESSENTIELLES ET DE LA PROTECTION CIVILE AVIS DE SÉCURITÉ Numéro: AV02-029 Date: 5 juin 2002 ** Vulnérabilités multiples du Yahoo! Messenger ** BUT Le CERT/CC signale de multiples vulnérabilités de la version 5,0,0,1064 et antérieures du Yahoo! Messenger, de Microsoft Windows. ÉVALUATION Il existe des vulnérabilités multiples du Yahoo! Messenger pouvant permettre à un intrus d'exécuter des codes arbitraires en utilisant les privilèges de l'utilisateur du système victime. Le BPIEPC n'a reçu aucune indication à l'effet que cette vulnératilité avait touché les systèmes canadiens. Le BPIEPC continuera à assurer la surveillance de toutes les sources d'information accessibles relativement à cette vulnérabilité et transmettra toute nouvelle information s'il y a augmentation des possibilités d'une incidence. MESURE PROPOSÉE Les utilisateurs devraient se procurer la version 5,0,0,1065 ou ultérieure de Yahoo! Messenger. Pour de plus amples renseignements, veuillez consulter le lien suivant : http://www.cert.org/advisories/CA-2002-16.html COMMENT COMMUNIQUER AVER NOUS En cas de questions urgentes, ou pour signaler des incidents, veuillez communiquer avec le Centre des opérations d'urgence du BPIEPC au: Téléphone :(613) 991-7000 Télécopieur : (613) 996-0995 Télécopieur sécuritaire : (613) 991-7094 Courriel : [EMAIL PROTECTED] Pour obtenir des renseignements généraux, veuillez communiquer avec la Division des communications du BPIEPC au: Téléphone :(613) 991-7035 ou 1-800-830-3118 Télécopieur : (613) 998-9589 Courriel : [EMAIL PROTECTED] Site Web : www.bpiepc-ocipep.gc.ca AVIS AUX LECTEURS Les avis de sécurité servent à communiquer des renseignements au sujet de menaces potentielles, imminentes ou réelles, de vulnérabilités ou d'incidents évalués par le BPIEPC, de
[INFOCON] - Conferences: TechNet 2002 (DC) LENS (London)
[If someone is going to the TechNet conference please let me know as I quite curious what they have to say about Network Centric Warfare Homeland Security. I won't be able to go as I am attending LENS in London. WEN] * Washington DC, USA, 11. - 13. June TechNet 2002 (free) TechNet International is an annual event sponsored by AFCEA International. The 3-day event is one of the nation's largest C4I conventions and expositions. http://www.technet2002.org/ Tuesday: 2:00 p.m. - 3:30 p.m. Network Centric Warfare: Approaches to Implementation * London, UK, 11. - 13. June LENS Forum The Second Global Forum for Law Enforcement National Security 'Security Governance and Homeland Defence - Learning Lessons, Creating Partnerships and Finding Solutions to Meet New Challenges' http://www.lensforum.com/Lens_index.htm IWS INFOCON Mailing List IWS - The Information Warfare Site http://www.iwar.org.uk
[INFOCON] - News 06/07/02
_ London, Friday, June 07, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ IWS Sponsor National Center for Manufacturing Sciences http://www.ncms.org host of the InfraGard Manufacturing Industry Association http://trust.ncms.org _ To subscribe - send an email to [EMAIL PROTECTED] with subscribe infocon in the body To unsubscribe - send an email to [EMAIL PROTECTED] with unsubscribe infocon in the body [News Index] * Department of Homeland Security [1] Bush proposes massive overhaul of homeland security agencies [2] Host of agencies will be affected by homeland security reorganization [3] Reorganization plan gains bipartisan support on Hill [4] Personnel reform, but no layoffs, envisioned for new department [5] Creating Cabinet agency no panacea for agencies' woes, critics say * Other News [6] Security through obsolescence [7] Clarke warns educators about need for better security [8] Hacker group defaces naval websites [9] Privacy still blights online retailers [10] Dead Men Tell No Passwords [11] Trend Micro strengthens hybrid worm defences [12] FBI wants to track your Web trail [13] Hacking puts 4,500 students' grades in doubt at Western High [14] Is Linux Ready for National Security? [15] Leaky Cyber Borders [16] Workers Arrested in Airport Security Crackdown [17] Ford says global terrorism is tougher to tackle than dealing with Cold War _ News _ [1] Bush proposes massive overhaul of homeland security agencies By Jason Peckenpaugh In what would be the biggest restructuring of government since World War II, President Bush proposed Thursday to move seven entire agencies and offices from several others into a new cabinet-level Department of Homeland Security. The new department would include the Federal Emergency Management Agency, Coast Guard, Transportation Security Administration, Customs Service, Immigration and Naturalization Service (including the Border Patrol), Animal and Plant Health Inspection Service, and Secret Service. Offices of some other agencies would also be absorbed, such as the Commerce Department's Critical Infrastructure Assurance Office; the National Domestic Preparedness Office and the National Infrastructure Protection Center at the FBI; and the Federal Protective Service and the Federal Computer Incident Response Capability at the General Services Administration. http://www.govexec.com/dailyfed/0602/060602ts1.htm Bush plan backs IT infrastructure http://www.fcw.com/fcw/articles/2002/0603/web-plan-06-06-02.asp Bush overhauls domestic security http://news.bbc.co.uk/hi/english/world/americas/newsid_203/2030516.stm Bush Announces Anti-Terror Agency http://www.foxnews.com/story/0,2933,54617,00.html Bush unveils security shake-up http://www.itv.com/news/World174074.html Bush Plans Mammoth Department of Homeland Security http://www.newsmax.com/archives/articles/2002/6/6/144125.shtml Bush unveils plan for domestic defense http://www.bayarea.com/mld/mercurynews/3417812.htm Bush Proposes Restructuring of Homeland Security http://www.nytimes.com/2002/06/06/politics/06CND-BUSH.html?ex=1024027200en= 25e823afa4b8db5dei=5040partner=MOREOVER Bush Speech: Audio http://www.whitehouse.gov/news/releases/2002/06/20020606-8.a.ram Video http://www.whitehouse.gov/deptofhomeland/remarks.v.ram Text http://www.whitehouse.gov/news/releases/2002/06/20020606-8.html General Section: http://www.whitehouse.gov/deptofhomeland/toc.html Url of the proposed Department of Homeland Security http://www.whitehouse.gov/deptofhomeland/ [2] Host of agencies will be affected by homeland security reorganization According to Bush administration briefing documents obtained by Government Executive Thursday, several agencies would be shifted into the proposed new Department of Homeland Security in their entirety; while parts of other agencies would be absorbed by the new entity. The following agencies would be absorbed into the new department: Federal Emergency
[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-079 Date: 11 June2002
OCIPEP DAILY BRIEF Number: DOB02-079 Date: 11 June 2002 NEWS OCIPEP Issues Advisory - Securing and Protecting Your Web Server With the recent increase of web site defacements with anti-G8 messages, OCIPEP has issued an advisory reminding system and network administrators to maintain secure web servers. Web site defacements are normally, but not exclusively, a result of buffer overflows, poor coding (CGI scripts) and improper configurations. The advisory lists some of the basic measures to protect against defacements, such as keeping operating systems and applications software patched, checking logs regularly and maintaining a current backup of the systems. Comment: OCIPEP's Advisory AV02-030 can be viewed at: http://www.ocipep.gc.ca/emergencies/advisories/AV02-030_e.html Homeland Security Department Will Be Big Spender The proposed U.S. Department of Homeland Security would have an annual procurement budget of US$5 billion, one of the largest in the country, according to David Litman, a senior procurement executive at the Transportation Department. A large portion of the procurement budget, about 20 percent, would come from the newly-created Transportation Security Administration, which has just awarded a US$5.5-billion contract to Boeing Services Company for the deployment of about 1,100 explosive-detection machines to screen passenger luggage. The Coast Guard and Customs Service will also require a large share of procurement dollars to continue their ongoing modernization programs. (Source: govexec.com, 10 June 2002) http://www.govexec.com/dailyfed/0602/061002g1.htm Comment: A full text of the Bush Administration's proposal for a Department of Homeland Security is available at: http://www.govexec.com/dailyfed/0602/060602bushproposal.htm IN BRIEF Increased Military Presence at G8 Summit The Canadian Forces will have about 5,000 soldiers in the Kananaskis area to help ensure security at the G8 Summit. Military fighter jets and helicopters will be in the air during the Summit, and the increase presence on the ground will be felt both in Calgary and in Kananaskis. (Source: CBC News, 10 June 2002) http://calgary.cbc.ca/template/servlet/View?filename=ml_6102002 State of Emergency Declared in Southern Alberta A state of emergency has been declared in parts of southern Alberta, where heavy rains have flooded homes and roads over the past three days. Some residents had to be moved to nearby schools, and it could be a week or more before they can go back to their homes. (Source: CBC News, 11 June 2002) http://www.cbc.ca/stories/2002/06/11/ab_floods020611 Dirty Bomb Would Produce Low Radiation Level Heart attacks resulting from the chaos created by the explosion of a dirty bomb would claim more victims than radiation poisoning, according to the American Institute of Physics' web site. Exposure to radiation levels would be low, and the initial death toll would come mostly from the explosion of the device itself. (Source: CNN.com, 10 June 2002) http://www.cnn.com/2002/HEALTH/06/10/dirty.bomb.health/index.html Restructuring Will Help Government Agencies Work With Private Sector The restructuring of U.S. cybercrime agencies will improve federal coordination with the private sector, according to White House cybersecurity chief Richard Clarke. The proposal outlined by President Bush would bring together the FBI's National Infrastructure Protection Center and the U.S. Commerce Department's Critical Infrastructure Assurance Office, which both work extensively with the private sector. (Source: Computerworld, 10 June 2002) http://www.computerworld.com/securitytopics/security/story/0,10801,71903,00. html CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Symantec reports on Backdoor.Latinus, which is a Trojan that can log keystrokes and send them to the hacker. http://securityresponse.symantec.com/avcenter/venc/data/backdoor.latinus.htm l Symantec reports on W32.Frethem.D@mm, which is a variant of W32.Frethem.B@mm worm that uses its own SMTP engine to propagate via e-mail. It arrives with the subject line Re: Your password! and the attachment decrypt-password.exe. http:[EMAIL PROTECTED] l Symantec reports on W32.Chier@mm, which is a worm that uses its own SMTP engine to propagate via e-mail. It arrives with the subject line Hi, i am username and the attachment p.exe. http:[EMAIL PROTECTED] Trend Micro reports on VBS_NEMITE.A, which is a VBScript worm embedded in an HTML file that propagates via e-mail. It arrives with the subject line HI and the attachment Syashin3.vbs. http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_NEMITE.A Sophos reports on Troj/DSS-A, which is a Trojan that is likely to arrive in an e-mail as an attachment called OPENME.EXE. http://sophos.com/virusinfo/analyses/trojdssa.html Vulnerabilities SecurityFocus reports on a buffer overflow vulnerability in Microsoft's ASP.NET StateServer process that could allow a remote
[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-080 Date: 12 June2002
DAILY BRIEF Number: DOB02-080 Date: 12 June 2002 NEWS Ottawa to Buy Smallpox Vaccine for All Canadians The Ottawa Citizen reports that the federal government will purchase millions of doses of the smallpox vaccine, enough to inoculate every Canadian. Dr. Ron St. John, executive director of Health Canada's Centre for Emergency Preparedness and Response, stated that negotiations were already underway to acquire the vaccines, which could cost up to $123 million. There are also plans to vaccinate epidemiologists and federal health workers who would be in the front line in the event of a smallpox outbreak. While he acknowledged that the possibility of a bioterrorist attack on Canada is extremely remote, Dr. St. John stressed that even a limited outbreak could turn into a national catastrophe. The vaccine is effective if given within four days of exposure to the virus. (Source: The Ottawa Citizen, 12 June 2002) http://www.canada.com/ottawa/ottawacitizen/story.asp?id={C693E8BE-C7CB-40AF- B28C-B27CF936D0E1} http://www.canada.com/ottawa/ottawacitizen/ Platform-Jumping Virus a New Challenge for Virus Writers A new virus that made the headlines last week has prompted a renewed interest in Unix and Linux viruses, according to anti-virus experts. A Symantec researcher explained that the Simile virus, which can jump from Windows to Unix operating systems, presents new challenges for virus writers. A McAfee analyst commented that Unix shell script viruses are relatively easy to create, yet powerful enough to create big problems. (Source: vnunet.com, 11 June 2002) http://www.vnunet.com/News/1132517 Comment: The same news source on 5 June published an article (http://www.vnunet.com/News/1132372) quoting Symantec and McAfee experts who had released an advisory after the discovery of the Simile/Etap virus. They called it a very complex virus that uses entry-point obscuring, metamorphism and polymorphic decryption, which makes it hard to detect. Typically, the majority of viruses are Windows based due in part to the proliferation of Microsoft Windows operating system in the market place. As the popularity of Unix-based operating systems increases in the general user population (i.e. Linux) it follows that we may see: (1) an increase in viruses that target the Unix/Linux operating systems and (2) viruses that have the ability to infect more than one type of operating system (i.e. Unix/Linux and Windows). IN BRIEF Transportation Delays Expected in Calgary During G8 Summit Most roads near Calgary International Airport will be closed to the public from June 25 to 28 as part of the Calgary Police's security restrictions during the G8 Summit. Air travellers are urged to allow at least an extra 30 minutes to reach the airport and to check with the G8 Summit information line for information on road closures. Service on the city's light rail system may also be affected. (Source: CBC News, 11 June 2002) http://calgary.cbc.ca/template/servlet/View?filename=sy_11062002 State of Emergency Declared in Flooded Alberta Communities Rain continued to fall in southern Alberta, and the worst may be yet to come, if warm weather accelerates melting of the snow that fell in the mountains, according to Dennis Chief Calf, fire chief and head of disaster services for the Blood Tribe Reserve. A state of emergency has been declared in the community of Pincher Creek and in the county of Lethbridge, while flood warnings are in effect in several other communities. (Source: CBC News, 11 June 2002) http://calgary.cbc.ca/template/servlet/View?filename=fd_11062002 FBI Investigates Dive Shops Scuba diving shops across the U.S. are being contacted by FBI agents concerned that terrorists may have been taking scuba diving training with the intention of blowing up ships, power plants, bridges and other structures that are waterfront. Agents are looking for unusual requests from potential trainees, such as limited-visibility diving and diving in a harbour, where water is turbulent and cloudy. (Source: The Toronto Star, 11 June 2002) http://www.thestar.com/NASApp/cs/ContentServer?pagename=thestar/Layout/Artic le_Type1c=Articlecid=1022100028330call_page= TS_Worldcall_pageid=968332188854call_pagepath=News/Worldcol=968350060724 Comment: This appears to be further to a May 23 information bulletin from the National Infrastructure Protection Center (NIPC) stating that various terrorist elements had sought to develop an offensive scuba diver capability. CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Central Command reports on Worm/Trilissa.D, which is a worm that propagates via Outlook e-mail. It arrives with the subject line Bush is a criminal! and the attachment Bush_you_are_guilty!!!.scr. http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_adp.ph p?p_refno=020611-11 Central Command reports on TR/Win32.Rewin, which is a Trojan horse that allows backdoor access to a victim's
[INFOCON] - Ridge Aims to Reduce U.S. Vulnerabilities to Terrorism
[At least life as a politician in DC will be interesting again as they will be facing the biggest turf war ever which could get quite nasty. The proposed Homeland Security Department will also have to survive 88 congressional committees and subcommittees. So one should really ask whether this will be worth the effort as the government's limited resources could be used to make current the agencies more efficient. There is something wrong with the system and it looks like that instead of changing the system, the administration just risks to create another layer of bureaucracy which might not really help to protect the nation. WEN] 10 June 2002 Ridge Aims to Reduce U.S. Vulnerabilities to Terrorism (Homeland Security Advisor Wants To Draw Lessons From 9-11)(3500) Homeland Security Advisor Tom Ridge wants to draw on the security expertise in the federal government to significantly reduce the vulnerability to terrorism and terrorist attack. Speaking June 10 to the National Association of Broadcasters Education Foundation in Washington, Ridge said: It's time for us to take the lessons learned from 9/11 and from our war on terrorism and apply them to homeland security. He said the new Cabinet-level Department of Homeland Security proposed by President Bush should be a clearinghouse for many of the best practices that we believe can be deployed to prevent terrorism. The new department, which must be approved by Congress, should have one single mission, Ridge said: to protect the American people and their way of life from terrorism. Drawing 170,000 existing personnel from now disparate sources, he said the new department will bring together everyone under the same roof, working toward the same goal and pushing in the same direction. Following is the transcript of Ridge's remarks: (begin transcript) THE WHITE HOUSE Office of the Press Secretary June 10, 2002 REMARKS BY HOMELAND SECURITY ADVISOR TOM RIDGE TO THE NATIONAL ASSOCIATION OF BROADCASTERS EDUCATION FOUNDATION 2002 SERVICE TO AMERICA SUMMIT Ronald Reagan Building Washington, D.C. GOVERNOR RIDGE: Thank you, Eddie. And good morning, ladies and gentlemen. I want to thank you for this invitation to spend some time with you this morning. I must applaud Eddie and the foundation for extending the invitation several weeks ago. Your timing was impeccable. (Laughter.) So I might consider to borrow your crystal ball in the future. But it is good to have the opportunity within a few short days after the President announced his vision and his plan to create a Cabinet-level Department of Homeland Security to spend some time with this organization. So I very much appreciate the opportunity to speak to your group at such an important time for our country. The nine months since the terrorist attacks have been a great time to be an American, in spite of the horror and the tragedy associated with the attacks. We have learned so much about what this country and its people are all about. And most of what we have learned, we have learned through you. Through your unblinking eyes and ears, the entire human drama was brought into our living rooms -- the heartbreaking losses, the heroic responses, the heartfelt prayers and words of comfort from a concerned nation. Many of your stations offered 24-hour coverage in the days following the attacks. And in doing so, you accepted the reality of lost ad revenues at a time when advertising was already scarce. No matter the cost, you continued to get the news out. At the same time, through your efforts, broadcasters helped this country raise in excess of $1 billion [$1 thousand million] for the victims of 9/11 and related causes -- an extraordinary contribution in and of itself. And you still found time to record and air PSAs [Public Service Announcements], answering the questions all Americans had: How can we help? You've even won over some old critics. Apparently, a former FCC [Federal Communications Commission] chairman about four decades ago in a speech to your group -- a fellow by the name of Newton Minow -- was very, very critical of the media. But recently he was reported to have said, and I quote, Television deserves a round of gratitude from the American people for the way they have handled this crisis. They deserve the highest praise. But most importantly, as Americans understand it, you did your job, keeping all of us informed and aware. Now I think broadcasters have a new challenge, reporting on homeland security. In many ways -- many, many ways -- this is a much more difficult story to report. It doesn't have very good sound or visuals. It's complicated. There are a lot of gray areas. There aren't too many photo opportunities. It can be under-reported, breeding false confidence, or over-reported, stoking unnecessary fears. But it is one of the most important, if not the most important, story of our lifetimes. It's the story of how we protect American lives and the American way of life, the most
[INFOCON] - NIPC Daily Report 13 June 2002
NIPC Daily Report 13 June 2002 The NIPC Watch and Warning Unit compiles this report to inform recipients of issues impacting the integrity and capability of the nation's critical infrastructures. . Microsoft discloses serious flaw in Web site software. Microsoft Corp. acknowledged a serious flaw Wednesday in its Internet server software that could allow sophisticated hackers to seize control of Web sites, steal information and use vulnerable computers to attack others. Microsoft made available a free patch for customers using versions of Internet Information Server software with Windows NT or Windows 2000 operating systems. The server software included in Microsoft's Windows XP operating system was not affected by the security flaw. A researcher with eEye Digital Security Inc., Riley Hassell, found the Web server flaw in mid-April during testing of eEye's own hacker-defense software, but the discovery was kept closely guarded under an agreement with Microsoft until Wednesday. Microsoft described the risk to Web servers as moderate, but top experts have for months recommended turning off the vulnerable feature, which is turned on automatically the first time the software is installed. Marc Maiffret, the self-described ``chief hacking officer'' for eEye, said malicious hackers would devise automated tools to scan the Internet and attack vulnerable computers rather than targeting machines individually. The same technique was used to spread the damaging ``Code Red'' and ``Nimda'' across the Internet last year, which infected nearly 1 million servers. ``It could readily be exploited with a worm,'' Maiffret said. ``It's kind of a scary thing.'' (AP-Washington, 12 Jun) NIPC WWU Comment: The flaw allows a remote buffer overflow in an HTR request. It affects MS Windows NT 4.0, IIS 4.0, and MS Windows 2000 IIS 5.0. NIPC recommends patching affected systems as soon as possible using the free patch provided by Microsoft. Patch is at www.microsoft.com Malaysia sets up cyber-warfare hub. The Malaysian Defense Ministry is commissioning a secure network infrastructure to safeguard information from unauthorized access. Minister Datuk Seri Najib Razak said the ministry was also setting up a cyber warfare center, which would look at both offensive and defensive information operations. Najib said that the cyber warfare center would provide surveillance of, and protection from, cyber threats, and if necessary, counter any threats from cyberspace. He said development of the network would be completed in about five years and would link all the information databases within the Defense Ministry and the armed forces. (New Straits Times Malaysia, 11 Jun) Chinese software firm discovers native e-mail virus. Beijing Ruixing global virus supervision center intercepted a domestically produced e-mail virus they have temporarily named Chinese Hacker. According to Ruixing, the virus is very infectious, fast, and has the ability to bypass anti-virus software and enter computer memory. Furthermore, according to Ruixing, even if anti-virus software can discover the virus, it cannot be destroyed. The virus infects through e-mail and, once resident on the computer memory, has a self-start function. The current version does not carry a destructive payload, but if an attacker added a destructive payload to the virus, it could pose a serious threat. (Xinhua, 11 Jun) Area residents can comment on possible routes for a new regional power transmission line. Bonneville Power Administration (BPA) officials say the 500,000-volt line is needed to carry more power to rapidly growing King County, in Washington State, or the next spell of sub-freezing winter weather could bring brownouts or other problems. BPA earlier picked a route along an existing BPA line through the Cedar River Watershed, which is the source of water for most King County residents. That raised strong objections from Seattle City officials and environmentalists, but the route hasn't been ruled out. (Southcountyjournal.com, 12 Jun) Poll urges Congress to pass energy plan. According to a recent poll conducted on 1,000 adults at the behest of the Alliance for Energy and Economic Growth, Americans feel more strongly about the need to enact an energy plan now than they did last fall. More than 8 of 10 Americans polled want Congress to pass comprehensive energy legislation now in order to ensure stable energy supplies and strengthen national security. These findings come as a House-Senate Conference Committee is being appointed to resolve differences in House and Senate passed energy bills. The Alliance for Energy and Economic Growth is a broad coalition of more than 1,300 energy producers and users, representing both large and small businesses, as well as labor unions. The Alliance is united in support of comprehensive energy legislation that will increase domestic energy supplies,
[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-080 Date: 13 June2002
DAILY BRIEF Number: DOB02-080 Date: 13 June 2002 NEWS Government Department Equipment Stolen Ottawa Police are investigating a break-in at a Citizenship and Immigration Canada office, in which thieves stole a number of weapons, including pepper spray canisters, batons, body armour and computers. Although the theft comes just days before large crowds of protestors are expected to come to Ottawa to stage protests against the G8 Summit, police had no evidence that the theft might be connected to the Summit. According to an Ottawa police spokesperson, the robbery looks like a regular break-in and that will be the focus of the investigation. Stolen computers did not contain sensitive information, according to Immigration officials. (Source: Ottawa Sun, 13 June 2002) http://www.canoe.ca/OttawaNews/os.os-06-13-0013.html Ontario Water Testing Lab Under Investigation An Ontario government investigation indicates that MDS Laboratory Services, a water-testing lab in London, Ontario, has failed to carry out proper tests on the drinking water used by 67 communities in southern Ontario. In cases where results may be doubtful, the government is advising waterworks to send samples to an accredited laboratory to verify the water quality. A spokesperson for MDS acknowledged that some problems had occurred during the recent Ontario Public Service Employees Union strike, but that all adverse results have been reported. (Source: CBC News, 13 June 2002) http://www.cbc.ca/stories/2002/06/12/tainted_water020612 IN BRIEF Peaceful Protest at G8 Foreign Ministers Meeting A protest staged in front of the Chateau Whistler, where the G8 foreign ministers were meeting, caused no disruption. Two of the 80 protesters were invited into the hotel to meet with Canadian Foreign Affairs Minister Bill Graham. (Source: CBC News, 13 June 2002) http://vancouver.cbc.ca/template/servlet/View?filename=bc_g8noon020612 Radiation Protection Drug Sales on the Increase Online sales of potassium iodide, a drug that mitigates potential effects from radiation exposures, have increased in the past few days after news of a terrorist plan to build and detonate a dirty bomb. While the drug may prevent the body from absorbing radioactive iodine, which causes several forms of cancer, it would not protect people from other dangers such as gamma radiation, according to a media report. Sales of fallout shelters have apparently increased as well. (Source: CNet News.com, 12 June 2002) http://news.com.com/2100-1023-935471.html?tag=fd_top CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Symantec reports on Backdoor.FTP_Bmail, which is a Trojan horse that disguises itself as a FTP downloader for e-mail software. http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ftp_bmail.h tml Trend Micro reports on WORM_WORTRON.10B, which is a worm generated by TROJ_WORTRON.10B that propagates via e-mail. http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_WORTRON. 10B Trend Micro reports on TROJ_WORTRON.10B, which is a Trojan horse and Worm Generator that can run on any Windows platform. http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_WORTRON. 10B Vulnerabilities CERT/CC reports on a vulnerability in Novell NetWare 5.1 that could allow a remote attacker to gain access to sensitive information about the server's configuration and passwords. Follow the link for details. http://www.kb.cert.org/vuls/id/159203 CERT/CC reports on remotely exploitable buffer overflow vulnerabilities in America Online's Instant Messenger (AIM) that cause a denial-of-service. Follow the link for details. http://www.kb.cert.org/vuls/id/912659 http://www.kb.cert.org/vuls/id/259435 CERT/CC reports on a vulnerability in Apache Tomcat web server that could allow a remote attacker to gain sensitive information about the server's configuration. Follow the link for details. http://www.kb.cert.org/vuls/id/116963 SecurityFocus reports on a denial-of-service vulnerability in X-Windows. No known patch is available at this time. http://online.securityfocus.com/bid/4966/discussion/ SecurityFocus reports on vulnerabilities in the Seanox DevWex Windows binary version that could allow a remote attacker to view arbitrary web-readable files, to execute arbitrary attacker-supplied instructions with the privileges of the webserver process (normally SYSTEM), or to cause the server to crash. View the Solution tab for upgrade information. http://online.securityfocus.com/bid/4978/discussion/ http://online.securityfocus.com/bid/4979/discussion/ SecurityFocus reports on a SQL injection vulnerability in Lokwa BB that could allow a remote attacker to view sensitive information and possibly access and reply to arbitrary private messages. No known patch is available at this time. http://online.securityfocus.com/bid/4981/discussion/ SecurityFocus reports on a vulnerability in W-Agora that could allow a remote
[INFOCON] - NIPC Daily Report 14 June, 2002
NIPC Daily Report 14 June, 2002 The NIPC Watch and Warning Unit compiles this report to inform recipients of issues impacting the integrity and capability of the nation's critical infrastructures. Press Release - FBI, SBA and Commerce Department Form Alliance to Promote Information Technology Security for America's Small Businesses. The nation's small businesses will have better access to computer and information technology security resources, and be able to assess their information security needs. The National Infrastructure Protection Center (NIPC), the Federal Bureau of Investigation (FBI), the U.S. Small Business Administration (SBA), and the Commerce Department's National Institute of Standards and Technology (NIST) signed a partnership agreement on 13 June. The agreement speaks to providing computer and information technology security to help small businesses across the nation safeguard their information systems. The interagency agreement was signed at the NIPC's Second Annual InfraGard National Congress in Niagara Falls, NY, and will serve to promote computer protection and security for America's small businesses and to identify information security vulnerabilities. (NIPC, Dept. of Commerce, Small Business Assoc., 13 Jun) First JPEG Virus Not a Threat. Anti-virus firms have discovered a Windows virus that infects JPEG image files, though the chances of it causing a major security risk any time soon are close to zero. W32/Perrun, as Networks Associates Inc. named the virus, was assessed as low risk, and has not been found in the wild. It is believed to be the first of its kind, said Vincent Gullotto. It's not a danger, but it shows that virus writers are looking at other methods of infection. In the last year, virus writers have started using other file types, such as PDFs and Flash animations, to spread viruses. Sending infected JPEGs to other, uninfected computers will not infect a computer, NAI confirmed. Image files do not have the ability to execute malicious code, so simply viewing a JPEG, without the infector running on the same machine, will not have any effect, other than slowing the machine down while the installed anti-virus software is scanning. (Computerwire.com, 14 Jun) Panel oks terror data sharing bill. The House Judiciary Committee approved a bill that would let the FBI and CIA share classified information about terrorist threats, with state and local police. The bill, known as the Homeland Security Information Sharing Act, HR 4598, would allow classified information to be given to state and local first responders after data about sources and methods of intelligence collection were removed. The information would be issued via law enforcement telecommunications systems. (ComputerUser.com 14 Jun) Feds Stockpile Anti-Radiation Pills. Federal agencies in Washington ordered 350,000 potassium iodide pills this week to protect people from cancer caused by radioactive iodine. The agencies are stockpiling the pills in case of a nuclear event. (Associated Press, 13 Jun) Petronas buys Indonesian oil producer. Malaysia's state oil and gas company, Petronas, has purchased U.S. firm Kerr-McGee Corporation's Indonesian subsidiary for $170 million. Kerr-McGee Indonesia's (KMI) oil and gas properties include a 30 percent non-operating interest in the Jabung block on Sumatra Island, which is scheduled to supply gas to Singapore. The acquisition of KMI marks a significant extension of Petronas' activities in Indonesia, providing it with its first oil production capability in the country, the Malaysian firm said. Gas flow from the Jabung block is due to start the third quarter of next year at an initial rate of 68 million standard cubic feet per day (mmscfd), with a plateau rate of 135 mmscfd by 2009. (Reuters, 14 Jun) RM IWS INFOCON Mailing List IWS - The Information Warfare Site http://www.iwar.org.uk
[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-082 Date: 14 June2002
OCIPEP DAILY BRIEF Number: DOB02-082 Date: 14 June 2002 NEWS OCIPEP Issues Advisory - New Worm-Frethem.E OCIPEP has issued Advisory AV02-031 concerning a variant of the Frethem worm that is spreading in the wild. Frethem.E contains its own SMTP engine and mails copies of itself to addresses in the Microsoft Windows address book and Outlook Express mail storage files. Comment: Advisory AV02-031 can be viewed at: http://www.ocipep-bpiepc.gc.ca/emergencies/advisories_e.html Explosion at U.S. Consulate in Pakistan Eight people were killed and 40 others wounded when a suspected suicide car bomber detonated an explosion outside the U.S. Consulate in Karachi. As well, the powerful explosion destroyed a boundary wall, shattered windows and left a large crater outside the building. All of the dead were Pakistani and most casualties were sustained by individuals on motorcycles and in cars near the site of the explosion. Eleven French nationals and three Pakistanis were killed last month by a car bomb in Karachi, and Pakistani police suspect that the bombing was carried out in response to Pakistan's decision to ally itself with the U.S.-led war on terrorism. (Source: CNN, 14 June 2002) http://edition.cnn.com/2002/WORLD/asiapcf/south/06/14/karachi.blast/index.html Report: Canada Put At Risk by U.S. Ties The Canadian Security Intelligence Service (CSIS) report to Parliament yesterday noted that Canada's military alliance, proximity and close relationship with the U.S. put Canada at risk of being targeted directly or indirectly by a terrorist network. The report stated that Canada could become a potential staging ground for terrorist attacks. (Source: Globe and Mail, 13 June 2002) http://www.theglobeandmail.com/servlet/GIS.Servlets.HTMLTemplate?tf=tgam/search/tgam/SearchFullStory .htmlcf= tgam/search/tgam/SearchFullStory.cfgconfigFileLoc=tgam/configencoded_keywords=CSISoption=start_r ow= 1current_row=1start_row_offset1=num_rows=1search_results_start=1 Comment: The complete CSIS report can be viewed: http://www.csis-scrs.gc.ca/eng/publicrp/pub2001_e.html Border Security Bypassed by G8 Protestors Activists have provided instructions on a web site that could assist individuals to transport gas masks, pepper spray and handcuffs across the border, without having to carry them across in person. American activists are urging protestors to mail items to Canada rather than risk having them confiscated by border security. (Source: Calgary Herald, 14 June 2002) http://www.canada.com/calgary/ Canadian Border Guards Receive Radiation Detectors In an effort to stem the transportation of radiological materials across the U.S.-Canadian border, all 3,600 Canadian customs officials will be outfitted with sophisticated Geiger counters. This equipment will alert officials to the presence of radiological materials that could be used in the fabrication of so called dirty bombs. (Source: National Post, 13 June 2002) http://www.canada.com/news/story.asp?id={2D938AA2-4D07-40E0-B3D2-6946128C850B} IN BRIEF Microsoft Issues Patches Four recently discovered security vulnerabilities prompted Microsoft Corporation to issue three security bulletins on June 12. One of the vulnerabilities, affecting Windows NT, Windows 2000 and Windows XP, was rated as critical. (Source: Microsoft, 13 June 2002) Comment: The three bulletins can be viewed at: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-029.asp http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-028.asp http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-030.asp Flooding in Southeast Manitoba Heavy rain has caused severe flooding in the southeast portion of Manitoba. Approximately 240 millimetres of rain has fallen since June 10, causing the worst flooding this area has seen in 45 years. Several communities have declared a state of emergency, and several roads and highways have been closed. Comment: For updates on this incident and others, click on the Incident Mapping button at the top of the Daily Brief. CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Symantec reports on Backdoor.Crat, which is a Trojan horse written in Delphi and compressed with Ezip. http://securityresponse.symantec.com/avcenter/venc/data/backdoor.crat.html McAfee Security reports on W32/Perrun, which is an appending JPEG infecting virus. http://vil.nai.com/vil/content/v_99522.htm Vulnerabilities Securiteam reports on buffer overflow vulnerabilities in the Oracle Net Listener and Report Server that could allow a remote attacker to gain complete control of a machine running the Oracle 9i Database. Follow the link for details. http://www.securiteam.com/securitynews/5OP0E0U7FI.html http://www.securiteam.com/securitynews/5PP0F0U7FA.html CERT/CC reports on a cross-site scripting vulnerability in Snitz Forums 2000 that
[INFOCON] - UNIRAS Briefing - 187/02 - Microsoft - CumulativePatches for Excel and Word for Windows (MS02-031)
-Original Message- From: UNIRAS (UK Govt CERT) Sent: 20 June 2002 12:25 To: Undisclosed Recipients Subject: UNIRAS Briefing - 187/02 - Microsoft - Cumulative Patches for Excel and Word for Windows (MS02-031) -BEGIN PGP SIGNED MESSAGE- - -- UNIRAS (UK Govt CERT) Briefing Notice - 187/02 dated 20.06.02 Time: 11:30 UNIRAS is part of NISCC(National Infrastructure Security Co-ordination Centre) - -- UNIRAS material is also available from its website at www.uniras.gov.uk and Information about NISCC is available from www.niscc.gov.uk - -- Title = Microsoft Security Bulletin - MS02-031: Cumulative Patches for Excel and Word for Windows Detail == - -BEGIN PGP SIGNED MESSAGE- - - -- Title: Cumulative Patches for Excel and Word for Windows (Q324458) Date: 19 June 2002 Software: Microsoft Office for Windows Impact: Run Code of Attacker's Choice Max Risk: Moderate Bulletin: MS02-031 Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-031.asp. - - -- Issue: == This is a set of cumulative patches that, when applied, applies all previously released fixes for these products. In addition, these patches eliminate four newly discovered vulnerabilities all of which could enable an attacker to run Macro code on a user's machine. The attacker's macro code could take any actions on the system that the user was able to. - An Excel macro execution vulnerability that relates to how inline macros that are associated with objects are handled. This vulnerability could enable macros to execute and bypass the Macro Security Model when the user clicked on an object in a workbook. - An Excel macro execution vulnerability that relates to how macros are handled in workbooks when those workbooks are opened via a hyperlink on a drawing shape. It is possible for macros in a workbook so invoked to run automatically. - An HTML script execution vulnerability that can occur when an Excel workbook with an XSL Stylesheet that contains HTML scripting is opened. The script within the XSL stylesheet could be run in the local computer zone. - A new variant of the Word Mail Merge vulnerability first addressed in MS00-071. This new variant could enable an attacker's macro code to run automatically if the user had Microsoft Access present on the system and chose to open a mail merge document that had been saved in HTML format. Mitigating Factors: Excel Inline Macros Vulnerability: - A successful attack exploiting this vulnerability would require that the user accept and open a workbook from an attacker and then click on an object within the workbook. Hyperlinked Excel Workbook Macro Bypass: - A successful attempt to exploit this vulnerability would require that the user accept and open an attacker's workbook and click on a drawing shape with a hyperlink. - An attacker's destination workbook would have to be accessible to the user, either on the local system on an accessible network location. Excel XSL Stylesheet Script Execution: - A user would have to accept and open an attacker's workbook to exploit this vulnerability. - In addition, the user would have to acknowledge a security warning by selecting the non-default option. Variant of MS00-071, Word Mail Merge Vulnerability: - The Word mail merge document would have to be saved in HTML format. As Word is not the default handler for HTML applications, the user would have to choose to open the document in Word, or acknowledge a security warning. - A successful attack requires that Access be installed locally. - The attacker's data source has to be accessible to the user across a network. Risk Rating: - Internet systems: Low - Intranet systems: Low - Client systems: Moderate Patch Availability: === - A patch is available to fix this vulnerability. Please read the Security Bulletin at http://www.microsoft.com/technet/security/bulletin/ms02-031.asp for information on obtaining this patch. Acknowledgment: === - Darryl Higa for reporting the Excel Inline Macros and Hyperlinked Excel Workbook Macro Bypass vulnerabilities. - The dH team and SECURITY.NNOV team (http://www.security.nnov.ru/) for reporting the variant of MS00-071. - - - THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-096 Date: 5 July 2002
DAILY BRIEF Number: DOB02-096 Date: 5 July 2002 http://www.ocipep.gc.ca/DOB/DOB02-096_e.html NEWS Ontario Names Canada's First Anti-Terror Chief Dr. James Young was appointed to the new position of Ontario Commissioner of Public Security yesterday. Dr. Young's duties include ensuring that the province is ready to respond to a terrorist strike, coordinating emergency response with U.S. and federal officials, and completing a survey of Ontario's critical infrastructure. Ontario is the first province in Canada to create such a commissioner. (Source: National Post, 4 July 2002) Click here for the source article Severe Storm Hits New Brunswick and Prince Edward Island New Brunswick was hit by a powerful thunder storm Thursday afternoon. Police are calling it a tornado, but Environment Canada has yet to confirm it. The storm caused damage to physical property but no injuries have been reported. (Source: CBC.ca, 5 July 2002) Click here for the source article Comment: New Brunswick Power says the storm left close to five thousand people without electricity across the northern half of the province. Many power outages were also reported in Prince Edward Island and 72 millimetres of rain caused some flooding. Evacuation in Labrador Continues Uncontrolled fires threatening Northwest River and Sheshatshiu kept two thousand people from returning to their homes last night. Officials say that the fire will be assessed again on Friday morning, but that the state of emergency won't be lifted before then. (Source: CBC.ca, 4 July 2002) Click here for the source article IN BRIEF Two Killed in Attack at Los Angeles Airport A gunman killed two people at the ticket counter of Israeli airline El Al at the Los Angeles airport before being killed by security officers. The FBI maintains that it is too early to call the attack a terrorist act. (Source: CBC.ca, 5 July 2002) Click here for the source article Long-Range Weather Predictions Lack Accuracy A study has shown that Environment Canada's weather forecasts five days into the future were accurate just 13 per cent of the time. This contrasts with same-day forecasting that was 72 per cent accurate. Environment Canada says that forecasting is more accurate now than it was ten years ago. (Source: CBC.ca, 5 July 2002) Click here for the source article Comment: Natural hazards, rather than human threats, have historically caused the greatest amount of damage and disruption to critical infrastructures (CI) in Canada. Severe weather has also necessitated extensive emergency management (EM) responses. More accurate weather forecasting would increase the effectiveness of risk management strategies for CI and EM. Falun Gong Hack Chinese Satellite Broadcasts On June 25, the Falun Gong successfully hacked into satellite television broadcasts in China's Shandong province and transmitted a banner reading 'Falun Gong is good' to local televisions during prime time. (Source: VNUNET.com, 1 July 2002) Click here for the source article CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Symantec reports on Backdoor.Assasin, which is a Trojan horse that allows unauthorized access to the infected computer. This Trojan also attempts to terminate the processes of many executables, including various firewall and antivirus programs. http://securityresponse.symantec.com/avcenter/venc/data/backdoor.assasin.html Vulnerabilities SecurityFocus posts an HP report on a local denial-of-service vulnerability in HP-UX 11.11 DCE Client IPv6. View the Solution tab for patch information. http://online.securityfocus.com/bid/5143/discussion/ SecurityFocus provides a report on vulnerabilities in multiple versions of Linux-Mandrake kernel 2.2 and 2.4. Follow the link for upgrade information. http://online.securityfocus.com/advisories/4262 SecurityFocus reports on a remote paragraph tag script injection vulnerability in Slashcode 2.2. View the Solution tab for upgrade information. http://online.securityfocus.com/bid/5140/discussion/ Tools There are no updates to report at this time. CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEPs Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEPs Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of
[INFOCON] - OCIPEP Daily Brief Number: DOB02-108 Date: 23 July2002
http://www.ocipep.gc.ca/DOB/DOB02-108_e.html DAILY BRIEF Number: DOB02-108 Date: 23 July 2002 NEWS OCIPEP Issues Advisory - PHP Vulnerability OCIPEP released Advisory AV02-037 today to bring attention to a vulnerability in versions 4.2.0 or 4.2.1 of PHP. PHP is an HTML-based scripting language commonly used by web servers, databases and many other applications. The vulnerability can allow a remote attacker to cause a denial-of-service and possibly execute arbitrary code on the local system. Canada, U.S. Tighten Border Security Canada and the U.S. announced yesterday that they will put in place five new joint security teams to tighten border security. The announcement came at a cross-border crime forum in Banff, Alberta, where 100 law enforcement officials from both sides of the border were meeting, along with U.S. Attorney General John Ashcroft and Canada's Solicitor General Lawrence MacAulay. The Integrated Border Enforcement Teams (IBETs) will operate in Ontario and Quebec, but MacAulay said that the teams can and will move. The multi-agency IBETs are made up of police, customs and immigration officials and work with local, state and provincial law authorities. Although, IBETs were first created in 1996, their development has taken on new urgency following September 11. The federal government has set aside $135 million over five years for a total of 14 teams. (Source: CBC News, 23 July 2002) Click here for the source article Comment: The IBETs created this week cover the areas of Valleyfield, Champlain and the eastern regions of Quebec, as well as the Thousand Islands area in Ontario. Media sources do not disclose information about the number or location of IBETs that existed before yesterday's announcement. U.S. Energy Infrastructure Security Report The United States Energy Association (USEA), an association of energy industry groups, released a report called the National Energy Security Post 9/11, which examines the vulnerabilities of U.S. energy supply and infrastructure, and makes recommendations for future policy decisions. The report considers the security of exploration, transmission, production, generation, distribution, and storage facilities for petroleum, natural gas, coal, nuclear energy, and electricity. The report also concluded that a single federal agency should administer U.S. energy infrastructure security. Comment: The report does not suggest which single agency should administer U.S. energy infrastructure security. Copies of the report can be viewed at: http://www.usea.org/USEAReport.pdf. Israel Blocks Palestinian Internet Service Provider Israeli Defense Forces (IDF) troops took over the offices of Palnet, the leading Palestinian Internet service provider, shutting down the firm's operations. The move reduced Internet access to a trickle in the West Bank and Gaza. The strike is part of a larger effort by the Israeli military to disable the Palestinians' communications and media infrastructure. The IDF has recently alluded to the ways in which terrorists are using the Internet to plot and plan. In June, the IDF posted to its web site a discussion allegedly taken from the Hamas site in which members debated whether arsenic, rat poison or cyanide would be most effective in killing Americans. (Source: Wired News, 18 July 2002) Click here for the source article Comment: The cessation of Palnet services may lessen the ability of hackers that use Palnet to threaten public and private IT systems viewed as pro-Israeli or based in states that are viewed as pro-Israeli. Alternatively, however, the IDF action may prompt sympathetic attacks on IT systems perceived as pro-Israeli from pro-Palestinian hackers that operate outside Palnet. IN BRIEF National System Sought for U.S. Emergency Preparedness Under President Bush's national strategy for emergency preparedness and response, the proposed Department of Homeland Security would build and oversee a comprehensive national system for incident management, which would clarify the roles of federal, state and local agencies in responding to terrorist attacks or natural disasters. (Source: FCW.COM, 22 July 2002) Click here for the source article Anti-Israeli Hacker Defaces U.S. Army Site An attacker defaced a page on the U.S. Army Research Laboratory's web site Friday with a message criticizing the military organization for supplying weapons to Israel. (Source: Extreme Tech, 29 July 2002) Click here for the source article Broadband Usage to Increase A report by In-Stat says that broadband Internet subscriptions will increase by 16 million in a year, bringing the total number of people in the world with fast Internet access to more than 46 million by the end of the year. (Source: BBC News, 23 July 2002) Click here for the source article CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Symantec reports on W32.Kitro.E.Worm, which is a worm that inserts a VB Script on the computer
[INFOCON] - NIPC Daily Report 07/23/02
NIPC Daily Report 07/23/02 Are hacking defenses winning the war? The Computer Emergency Response Team (CERT) states that cybercrime is on the rise and that 26,800 incidents were reported during the first six months of 2002. The methods that hackers use to attack computers have improved over the past year. Malware tools combined with other hacker tools represent a significant threat to Web services and have become an intrinsic part of the Internet. Denial of service (DoS) attacks are still the most common threat. These DoS attacks utilize numerous systems to target a domain. The Web services are a vulnerable, yet critical business service, and exploitation of these services could lead to revenue loss. (NewsFactor, 18 Jul) The year of the Web worm. The Internet was hit by the Code Red worm in 2001, and the effects have caused many experts to fear that malware could cripple the Internet. This fear rose with an Internet traffic slow-down that initially was attributed to rising worm infections. The slow-down is believed to have been caused by a train crash in Baltimore, MD that cut communication cables. Still, the major outbreak of Code Red has not caused the Internet to become more secure, and more known vulnerabilities have surfaced this year than last year at this time. In addition, the theoretical Warhol worm is also intensifying fears that the Internet may be crippled with proliferation of malware that can spread almost instantaneously. (BBC, 19 Jul) WWU Comment: Although the Internet traffic slow-down is believed to have been caused by a train crash in Baltimore, MD and not malware, this is indicative of the potential for coordinated, compound cyber and physical attacks, referred to as swarming attacks, that is an emerging threat to US critical infrastructure. Fire department reviewing procedures. The New York City Fire Department is conducting a major review of its procedures. The study of departmental procedures, due out in August 2002, is expected to propose roughly two dozen far-reaching changes in light of the terrorist attacks. The findings are closely guarded, but experts interviewed for the study said they have discussed different evacuation techniques such as rooftop rescues, the need to protect senior officers by keeping them farther from the scene of a catastrophe, and the importance of tighter, more disciplined command procedures. (Associated Press, 22 Jul) Boeing awarded $23 million FAA air security contract. The Federal Aviation Administration (FAA) awarded Boeing Co. with a $23 million, 21-month contract on 17 July 2002 to investigate merging air traffic control and communication technologies to increase security. The FAA hopes to provide air traffic controllers and security personnel with timely information about the status of in-flight aircraft. Boeing will incorporate satellite technology and Connexion, in-flight Internet service, into its research. (Forbes, 18 Jul) IWS INFOCON Mailing List IWS - The Information Warfare Site http://www.iwar.org.uk
[INFOCON] - NIST Draft on Wireless Network Security: 802.11,Bluetooth, and Handheld Devices
[It looks really good and it is high time that such document is published to create more awareness about 'wireless insecurity'. WEN] The Computer Security Division (CSD) of the National Institute of Standards and Technology (NIST - http://www.nist.gov/) has posted draft Special Publication SP 800-48 Wireless Network Security: 802.11, Bluetooth, and Handheld Devices on the Computer Security Resource Center (CSRC - http://csrc.nist.gov/) web site for public comment (or go to the CSRC Drafts publications page: http://csrc.nist.gov/publications/drafts.html). The draft document examines the benefits and security risks of 802.11 Wireless Local Area Networks (WLAN), Bluetooth Ad Hoc Networks, and Handheld Devices such as Personal Digital Assistants (PDA). The document also provides practical guidelines and recommendations for mitigating the risks associated with these technologies. NIST is particularly interested in comments on the technical and operational countermeasure recommendations. Questions or comments on this document can be emailed to Tom Karygiannis at [EMAIL PROTECTED] NIST will be accepting comments on this document until September 1, 2002. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-110 Date: 25 July2002
DAILY BRIEF Number: DOB02-110 Date: 25 July 2002 http://www.ocipep.gc.ca/DOB/DOB02-110_e.html NEWS Possible Lessons for Ottawa from September 11 Ottawa's fire, police and ambulance branches rely on telephones for inter-service communication. Steve Kanellakos, the city's manager of emergency protective services, says that this is a problem and would like to see the three services sharing a single communications centre with a common radio system. (Source: Ottawa Citizen, 25 July 2002) Click here for the source article Comment: Recent media reports concerning the response of emergency personnel on September 11 to the World Trade Center state that a lack of communications between fire and police services may have led to the deaths of many firefighters. IN BRIEF Web TV Users Rerouted to 911 Services An e-mail with the subject line NEAT has led Web TV users to download a program that re-sets their dial-up number to call 911 emergency services. (Source: CNET News.com, 23 July 2002) Click here for the source article Asteroid Monitored for Potential Impact with Earth Astronomers are monitoring a newly sighted two-kilometre-wide asteroid after initial calculations suggested that there is a chance it could hit the Earth. NASA's Near Earth Object program ranked the asteroid as meriting careful monitoring, but not concern. (Source: CBC News, 24 July 2002) Click here for the source article Survey: Major Cyber Attack Very Likely A recent survey conducted by the Business Software Alliance concluded that nearly half of the U.S. security professionals surveyed believe that a major cyber attack will happen in the coming year. The survey indicates that only 19 percent of businesses in the U.S. have taken the necessary precautions for a major Internet attack and that 45 percent were unprepared. (Source: CNET News.com, 24 July 2002) Click here for the source article Comment: The report, U.S. Business Cyber Security Study, can be viewed at: http://www.bsa.org/security/resources/1 Public Safety Wireless Network Conference Report The ninth annual LI NYC (Long Island/NYC) Emergency Management Conference reviewed the events of 11 September 2001 in New York City. The subsequent report highlights, among other themes, the ways in which increased interoperability of wireless networks can save lives. The report can be viewed at: http://www.pswn.gov/library/docs/lessons_WTC.doc Scientist to Market Hacker-Proof Hard Disk A Japanese scientific researcher claims that a new hard drive with two heads may make it impossible for hackers to access and rewrite data on systems. (Source: PC WORLD.COM, 22 July 2002) Click here for the source article Comment: The hard disk is not going to stop all types of web site defacements or exploits. For example, Code Red did not access the hard-disk, it changed the web sites' home pages in the system memory. Pentagon Relinquishes Wireless Frequencies The Pentagon has agreed to shift some military communications to other frequencies, freeing up space for advanced mobile phones and other wireless products. (Source: CNN.com, 24 July 2002) Click here for the source article CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Sophos reports on WM97/Pri-AE, which is a Word 97 Macro virus that propagates via Outlook e-mail. It arrives with the subject line Message From username and the message body This document is very Important and you've GOT to read this !!!. http://sophos.com/virusinfo/analyses/wm97priae.html Trend Micro reports on WORM_URICK.A, which is a worm that propagates via Outlook e-mail. It arrives with the subject line A Windows Trick and the attachment %Variable filename%. http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_URICK.A Computer Associates reports on Assilem.M, which is a Word97 and 2000 macro virus that does not have an overly destructive payload. On the 23rd of any month, it displays a Chinese message. http://www3.ca.com/virusinfo/virus.asp?ID=12628 Vulnerabilities SecurityFocus reports on a remotely exploitable vulnerability in PHP Interpreter versions 3.0 thru 4.2.2 that could allow an attacker to cause a denial-of-service. No known patch is available at this time. http://online.securityfocus.com/bid/5280/discussion/ CERT/CC reports on a remotely exploitable buffer overflow vulnerability in Sun iPlanet and ONE Web Servers' search engine versions 4.1 6.0 that could allow an attacker to execute arbitrary code on the system. Follow the link for patch information. http://www.kb.cert.org/vuls/id/612843 SecurityFocus reports on a locally exploitable vulnerability in Sun PC NetLink 1.0, 1.1 and 1.2 that could allow an attacker to gain access to sensitive files. View the Solution tab for a workaround. http://online.securityfocus.com/bid/5281/discussion/ http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F27807 Additional vulnerabilities were reported in the following products: Pablo
[INFOCON] - Special NCMS Report - Business Continuity Planning
[I would recommend to read the Business Continuity Planning interview with David Spinks as David is very knowledgeable in this area. http://trust.ncms.org/interviewCO0702.htm WEN] To: MfgTrust; MfgTrustIG Subject: Special NCMS Report - Business Continuity Planning Dear NCMS Alliance Partners: We thought this month's Corner.Office article, interview, and resources pages on Business Continuity Planning were especially relevant to the theme of the NCMS InfraGard Manufacturing Industry Association. So, we decided to share them with you this month, and not restrict distribution to members only, as is the usual case with Corner.Office features. You are invited to view the article below. To access the accompanying expert interview and Resources pages on Business Continuity Planning, please go to http://trust.ncms.org, Publications Index tab. John Sheridan July 2002 Corner.Office Corner.Office is a monthly exclusive members-only feature of the NCMS InfraGard Manufacturing Industry Association Infrastructure assurance for manufacturers Powered by NCMS This month -BUSINESS CONTINUITY PLANNING (BCP) A safety net for businesses Editor's Preface Every business faces minor downtimes, and major unknowns; hence it is important to have plans in place which guarantee business contingency. Before the September 2001 attack on America quite a few business people said that they saw BCP as an inefficient use of resources, i.e. an expenditure which does not bring any return on investments. But statistics tell a different story, and events like 9-11 serve as drastic reminders that it is vital for every company to have plans in place to ensure business continuity, and the continuity of our suppliers and logistics - especially as globalization and our interdependence continues to grow. BCP cost relatively little in comparison what the company could potentially lose in a major incident. Therefore it seems highly prudent that organizations of all sizes seriously research and develop a plausible and efficient BCP. This month's Corner.Office features a special in-depth interview with David Spinks, Director - Information Assurance for Europe, Middle East and Africa at EDS (http://www.eds.com). He is responsible for EDS' portfolio of Information Assurance services across all those markets. Mr. Spinks is also chairman of the E-commerce Security Special Interest Group, an active member of the Guild of Security Controllers, a member of the British Computer Society Committee and co-author of the guide E-commerce - a World of Opportunity. He has spoken to audiences all over the world on subjects such as the impact of e-commerce on the supplier chain, business continuity planning after year 2000 and information security: the real threats. Because we thought this article, interview, and resources pages were especially timely and relevant, we will be sharing them broadly this month. Thus, you will find these materials posted on our public web site (http://trust.ncms.org, Publications Index tab), and not just on the NCMS members-only site. John Sheridan ([EMAIL PROTECTED]) BUSINESS CONTINUITY PLANNING According to the Info Security News Magazine (2000), an effective BCP and disaster recovery plan can reduce losses by 90% in the event of an incident. According to another study 81% of CEOs indicated their company plans would not be able to cope with a catastrophic event like the September 2001 attacks. There are numerous examples of companies suffering due to poor Business Contingency Planning. In the 1993 World Trade Center bombing, 150 companies went out of business (out of 350 affected)-scarcely an encouraging statistic. But an incident does not need to be a dramatic terrorist attack to have a massive impact on an organisation. For instance, in the case of fires, 44% of businesses fail to reopen and 33% of these failed to survive beyond 3 years. The examples could be continued endlessly. The bottom line is businesses need to have plans in place to cope with incidents (whether they be major terrorist attacks or a minor hardware problem) and thereby avoid major business interruptions. The Business Continuity Management Process Before even starting to create a Business Continuity Plan it is of vital importance to get the full support of the management and governance of your organization. Without it will be very difficult push BCP plans through the entire company. Furthermore directors should be involved in the strategic design of the BCP as it will help to create a realistic plan which will be focused on the business interests of the company. After that one should start to man the team which will be responsible for designing the BCP and to initiate the business continuity management process. This is important as the team will serve as central focus point during the entire Business Continuity Management Process. It is also important to set a time scale for the BCP
[INFOCON] - US Joint experiment explores future warfare
We're forward thinking and forward looking. We're trying to harness the power of information and information sphere technologies to better prepare the U.S. Joint Forces for war about five years from now, he said. During Spiral 3, held the first two weeks in June, military members from all service branches worked together, planning and becoming familiar with the computer-based tools linked to the simulation. One of the experiment's objectives is obtaining information superiority over an adversary. The goal is to rapidly access, share and process information in order to develop plans and execute them -- almost simultaneously. The computer-based tools make that possible. [Information superiority is certainly important, but what is more important is to translate Information Superiority into Decision Superiority as in this will give the US forces an enormous advantage over the enemy. WEN] -Original Message- From: ARMY LINK NEWS LIST ArmyLINK News Story Sent: 30 July 2002 15:22 To: [EMAIL PROTECTED] Subject: Joint experiment explores future warfare by Master Sgt. Debra Bingham Joint experiment explores future warfare by Master Sgt. Debra Bingham SUFFOLK, Va. (Army News Service, July 30, 2002) -- There's an experiment underway at the U.S. Joint Forces Command at Suffolk, Va., and dozens of locations around the country, but you won't find any test tubes or beakers in this laboratory. The experiment, Millennium Challenge 2002, is designed to simulate a realistic battlefield in the year 2007. Part of a Department of Defense-wide transformation process, MC02 will explore new methods of planning, organizing and fighting in a joint service environment, officials said. The MC02 experiment is taking place at 17 simulation sites and nine live sites across the country. It's the largest joint military experiment and exercise of its kind in history, with more than 13,500 military and civilian personnel participating. MC02 runs July 24-Aug 15. Lt. Gen. B.B. Bell, Commanding General of III Corps and Fort Hood, is wearing a different hat during MC02. He's serving as the commander of the Joint Task Force Headquarters. About 200 soldiers from Fort Hood, Texas, worked with Bell at Suffolk prior to the exercise start for a final planning and rehearsal exercise called Spiral 3. Bell said he is excited about the role Fort Hood soldiers are playing in helping the U.S. Joint Forces Command and Department of Defense explore innovative concepts for battle and command and control. We're forward thinking and forward looking. We're trying to harness the power of information and information sphere technologies to better prepare the U.S. Joint Forces for war about five years from now, he said. During Spiral 3, held the first two weeks in June, military members from all service branches worked together, planning and becoming familiar with the computer-based tools linked to the simulation. One of the experiment's objectives is obtaining information superiority over an adversary. The goal is to rapidly access, share and process information in order to develop plans and execute them -- almost simultaneously. The computer-based tools make that possible. During the experiment, operators can quickly retrieve information from military and governmental agencies, as well as economic and academic sources. These tools give us instant communication, instant collaboration and enormous capability to retrieve data to help us in our decision making process, Bell said Computer tools also enable commanders and staff to simultaneously talk with each other. Hundreds of people can be brought together in a virtual auditorium for an interactive meeting, without the attendees leaving their workspaces. Bell said the aim is to tap into the knowledge base of people sitting in the auditorium. It's quite probable that some great thinker, one who is normally buried in an office somewhere, will have an idea or concept or know something about the enemy that is so important to us that we'll be able to grab it and bring it into our thinking immediately, Bell said. Spiral 3 gave participants a chance to master computer tools and allowed them to leap into the future. Bell said mastering the computer skills was not as difficult as changing traditional military decision-making mindsets and finding new approaches and answers to problems. We've got to reconfigure ourselves, both in terms of the way we would perceive fighting today and project ourselves to the way the Joint Forces Command believes we would be able to fight 5 years from now, Bell said. Part of that new way of thinking is being explored in a concept called Rapid Decisive Operations. RDO brings a vast knowledge base, command and control elements and operations together to bring about a desired effect on an adversary. Bell said it means moving away from traditional, time-consuming sequential operations, where plans are issued from the top and trickle down to subordinate levels, to a
[INFOCON] - OCIPEP AV02-038 - OpenSSL
-Original Message- From: Opscen (OCIPEP / GEOCC) Sent: 30 July 2002 18:22 To: OCIPEP EXTERNAL DISTRIBUTION LISTS Subject: OCIPEP AV02-038 - OpenSSL La version française suit THE OFFICE OF CRITICAL INFRASTRUCTURE PROTECTION AND EMERGENCY PREPAREDNESS * ADVISORY * Number: AV02-038 Date: 30 July 2002 * Vulnerability - OpenSSL * PURPOSE The CERT/CC is reporting on a vulnerability in multiple versions of OpenSSL. ASSESSMENT The vulnerability can allow a remote attacker to cause a denial of service and possibly execute arbitrary code on the local system. SUGGESTED ACTION Contact the vendor of the affected software for patches and updates. Further details on this issue can be found in the CERT/CC advisory at: http://www.cert.org/advisories/CA-2002-23.html CONTACT US For urgent matters or to report any incidents, please contact OCIPEP's Emergency Operations Centre at: Phone: (613) 991-7000 Fax:(613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP's Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca NOTICE TO READERS When the situation warrants, OCIPEP issues Advisories to communicate information about potential, imminent or actual threats, vulnerabilities or incidents assessed by OCIPEP as limited in scope but having possible impact on the Government of Canada or other sectors of Canada's critical infrastructure. Recipients are encouraged to consider the real or possible impact on their organization of the information presented in the Advisory, and to take appropriate action. The information in this Advisory has been drawn from a from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. Unauthorized use of computer systems and mischief in relation to data are serious Criminal Code offences in Canada. Upon conviction of an indictable offence, an individual is liable to imprisonment for a term not to exceed ten years. All offences should be reported immediately to your local police service. == LE BUREAU DE LA PROTECTION DES INFRASTRUCTURES ESSENTIELLES ET DE LA PROTECTION CIVILE AVIS DE SÉCURITÉ Numéro: AV02-038 Date: 30 Juillet 2002 * Vulnérabilité - OpenSSL * BUT Le CERT/CC signale l'existence d'une vulnérabilité dans plusieurs éditions de OpenSSL. ÉVALUATION La vulnérabilité peut permettre à un utilisateur hostile de porter déni de service et d'exécuter des codes arbitraires à distance. MESURE PROPOSÉE Veuillez communiquer avec le fournisseur du logiciel visé pour les rustines et les mises à jour. Pour plus de précisions, vous pouvez consulter l'avis du CERT/CC au: http://www.cert.org/advisories/CA-2002-23.html COMMENT COMMUNIQUER AVER NOUS En cas de questions urgentes, ou pour signaler des incidents, veuillez communiquer avec le Centre des opérations d'urgence du BPIEPC au : Téléphone :(613) 991-7000 Télécopieur : (613) 996-0995 Télécopieur sécuritaire : (613) 991-7094 Courriel : [EMAIL PROTECTED] Pour obtenir des renseignements généraux, veuillez communiquer avec la Division des communications du BPIEPC au : Téléphone :(613) 991-7035 ou 1-800-830-3118 Télécopieur : (613) 998-9589 Courriel : [EMAIL PROTECTED] Site Web : www.bpiepc-ocipep.gc.ca AVIS AUX LECTEURS Les avis de sécurité servent à communiquer des renseignements au sujet de menaces potentielles, imminentes ou réelles, de vulnérabilités ou d'incidents évalués par le BPIEPC, de portée limitée, mais ayant des effets possibles sur le gouvernement du Canada ou d'autres secteurs des infrastructures essentielles du Canada. Les avis de sécurité peuvent contenir des renseignements et des analyses non disponibles dans le domaine public. Les destinataires sont invités à envisager les effets réels ou possibles sur leur organisation des renseignements présentés dans les avis de sécurité et à prendre des mesures appropriées. Les renseignements contenus dans cet avis de sécurité du BPIEPC sont tirés de diverses sources extérieures. Le BPIEPC déploie tous les efforts raisonnables pour assurer l'exactitude, la fiabilité et l'actualité du contenu, mais il ne peut offrir aucune assurance à cet égard. L'utilisation non autorisé des systèmes informatiques et les dommages relatifs aux données constituent une faute grave au Code criminel canadien. Si une personne est trouvée coupable d'une telle faute, elle est passible d'emprisonnement pour une période n'exédant pas dix ans. Toutes fautes devraient être signalées immédiatement à
[INFOCON] - News 09/11/02
_ London, Wednesday, September 11, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ IWS Sponsor IQPC Defence Conference: Information Operations 2002 25-26/09/02 Information Operations 2002: Analysing development in defensive and offensive information operations, critical infrastructure protection, information assurance and perception management. September 25 - 26, 2002. London, UK (Pre-Conference Masterclass: 24th September 2002) Information Operations 2002 Conference Web Site http://www.iqpc-defence.com/GB-1826 _ [News Index] [1] Experts Say Attack Anniversary Cyberthreats Unfounded [2] F-Secure Virus Descriptions: Chet Worm [3] TSA chief: Don't ease airport security deadlines [4] Insecurity plagues US emergency alert system [5] AltaVista and Google to fight Chinese censorship [6] NIPC: Possible Threats to U.S. Interests [7] Energy Utilities Ramp Up Security [8] Comment: Clued-up staff preserve evidence [9] Script Kiddies 2002 - A continued threat to online business [10] Focus on Iran and Syria, Not Iraq, Graham Says [11] Intel's new chip for security Renaissance [12] Solace in a virtual world: Memorials on the Web [13] Java flaws burn Internet Explorer [14] Cybersecurity firms not profiting as expected [15] Baltimore Cops Get Connected [16] Microsoft buys security software company [17] Exploring XML Encryption, Part 2 _ News _ ``If Osama was going to double-click us to death he would have done it six weeks ago. He's low-tech. He likes flying aircraft into skyscrapers,'' the computer expert said. [1] Experts Say Attack Anniversary Cyberthreats Unfounded By REUTERS Filed at 8:15 p.m. ET SAN FRANCISCO (Reuters) - Fears of a cyberattack inspired by the Sept. 11 attacks faded on Tuesday, a day ahead of the anniversary, with the only threat to emerge a year-old virus hoax called ``World Trade Center Survivor.'' Experts predicted that Wednesday is likely to be just another day on the Internet, and if anything a quiet day for cybercriminals. http://www.nytimes.com/reuters/technology/tech-attack-tech-cyberthreat.html?ex=1 032408000en=30425ec0fc30e7cdei=5040partner=MOREOVER [2] F-Secure Virus Descriptions: Chet Worm Radar Alert LEVEL 2 NAME: Chet SIZE: 26628 ORIGIN: Russia ALIAS: W32/Chet@MM, Anniv911, 11september, September11 This mass-mailer worm was found on September 10th, 2002. As it contains serious bugs, this worm will fail to function on most systems and can not be considered to be a realistic threat at this time. Many things inside the worm's code suggest that it originates from Russia. The worm tries to spread via an attachment file called 11september.exe. When this file is executed, the worm will attempt to send the following e-mail to each address found from the Windows address book: http://www.f-secure.com/v-descs/chet.shtml [3] TSA chief: Don't ease airport security deadlines By Matthew Weinstock Lawmakers should not ease up on deadlines to bolster security at the nation's airports, James Loy, acting administrator of the Transportation Security Adminis tration, said Tuesday. Testifying before the Senate Commerce, Science and Transportation Committee, Loy acknowledged that about 10 percent of airports would not meet a Dec. 31 deadline to screen all checked baggage for explosives. Still, Loy does not support a wholesale delay in the deadline. Rather, Loy wants to work out extensions with those 30 to 35 airports that are not expected to meet the current deadline, establishing more realistic timeframes and developing interim strategies for screening baggage. Those interim strategies could include more hand searches and the use of bomb-sniffing dogs. TSA officials are uncertain if legislation is needed to grant the extensions, but Loy made it clear that he wants to work with Congress to come up with a viable solution. http://www.govexec.com/dailyfed/0902/091002w1.htm [4] Insecurity plagues US emergency alert system By Kevin Poulsen, SecurityFocus
[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-142 Date: 11September 2002
http://www.ocipep.gc.ca/DOB/DOB02-142_e.html DAILY BRIEF Number: DOB02-142 Date: 11 September 2002 NEWS U.S. raises colour-coded level one notch On the eve of the anniversary of September 11, Attorney General John Ashcroft reported in a televised news conference that the U.S. government elevated the colour-coded terrorist alert to orange, which translates to a high level of alert. This is the first time the level has been changed since the implementation of the colour-coded alert system came into effect last March. The move was made after U.S. intelligence agencies uncovered the specific threats against its interests abroad and less credible information concerning potential terrorist attacks on American soil. The information also came from a senior al-Qaeda member who is being held by another government. In Canada, the RCMP is urging Canadians to remain vigilant on September 11; even though they claim that there is no cause for alarm since no threats to Canadian interests have been reported. A DND spokesperson stated that personnel of the Canadian Forces are always ready to respond to any threat to the nation's security either at home or abroad. (Sources: canada.com, cbc.ca, 10-11 September 2002) Click here for the source article - 1 Click here for the source article - 2 Comment: The change in threat level was the subject of a press conference given by the U.S. Director of Homeland Security and the Attorney General, which can be viewed at: http://www.whitehouse.gov/news/releases/2002/09/20020910-5.html The U.S. National Infrastructure Protection Center issued an advisory pertaining to possible threats to U.S. interests, which can be viewed at: http://www.nipc.gov/warnings/advisories/2002/02-007.htm Ontario seeks volunteers for emergency response teams Minister of Public Safety and Security Bob Runciman announced that the Province of Ontario plans to spend $1 million a year to recruit and train volunteers in community emergency response. Mr. Runciman stated that we are working with the municipalities to develop a made in Ontario community volunteer emergency response that will be a vital component of the province's overall emergency and disaster management strategy. The new venture, called Community Emergency Response Volunteers, will recruit teams of volunteers from various neighbourhoods, including retired police officers and firefighters, paramedics and possibly senior citizens. Emergency Measures Ontario will be funding the program for the first year and will be responsible for training volunteers in the areas of basic medical skills, search and rescue, and disaster response. The provincial government will be contributing 50 percent of the funding in the following years. (Source, globeandmail.ca, 10 September 2002) Click here for the source article Comment: The press release, issued by the Minister of Public Safety and Security's office, pertaining to the establishment of the Community Emergency Response Volunteers can be viewed at: http://www.newswire.ca/government/ontario/english/releases/September2002/10/c974 9.html Transportation Minister deems Canadian ports secure Transportation Minister David Collenette sought to address concerns raised by police, intelligence and customs officials that Canadian ports have been infiltrated by organized crime, creating opportunities for terrorism. The Minister contends that although security at Canadian ports is not perfect, it has been enhanced since 11 September 2001. (Source: canada.com, 10 September 2002) Click here for the source article Comment: The OCIPEP Daily Brief DOB02-131, issued on 26 August 2002, noted that Transport Canada has ordered a detailed study of threats to Canada's marine infrastructure following reports released by the Criminal Intelligence Service Canada (CISC) and the Senate Standing Committee on National Security and Defence that highlight the presence of organized crime in Canadian ports. IN BRIEF Oil slick off the coast of Newfoundland Federal environment officials have charged the captain of a Bahamian-registered bulk carrier vessel with the illegal dumping of oil. The captain of the TEMCAP SEA made a brief court appearance in St.John's yesterday and was released on a $50,000 bail. Officials from Environment Canada stated that more charges were pending. The investigation was triggered after a satellite spotted the 116-kilometre-long and 200-metre-wide slick south of the Burin Peninsula. (Source: cbc.ca, 10 September, 2002) Click here for the source article Tests confirm second human in Canada infected with West Nile virus Tests have confirmed that a man from the Windsor area has been infected with the West Nile virus, bringing the total of humans in Canada infected with the mosquito-borne virus to two. (Source: ctv.ca, 10 September 2002) Click here for the source article Comment: OCIPEP Operations is monitoring the situation with respect to the West Nile virus. For more information, please consult the OCIPEP
[INFOCON] - Survey Shows Progress in Upgrading Information SystemSecurity
09 September 2002 Survey Shows Progress in Upgrading Information System Security (Thirty percent of organizations may be unprepared to withstand cyberattack) (730) Increasing numbers of corporations are improving their security measures to withstand a terrorist attack on their information technology (IT) systems, according to a survey released September 9. Nevertheless, though the awareness of the potential for such attacks is high, 30 percent of the IT specialists responding said their firms are not properly prepared for cyberspace sabotage. The survey was conducted jointly by the Internet Security Alliance, the National Association of Manufacturers and RedSiren Technologies, a private information security company. The Internet Security Alliance is a coalition of government, academic and private specialists concerned with protection of the nations IT infrastructure. The survey of more than 225 information security specialists found that almost half their companies have increased spending to guard against an attack while 60 percent have adopted new or improved guidelines on how to respond to an attack. The survey is available in full at http://www.redsiren.com/survey.html Further information about IT security efforts is available at http://www.isalliance.org/ The Internet Security Alliance publishes a guide on security strategies that may be requested at http://www.isalliance.org/news/requestform.phtml Following is the text of the news release. (begin text) Internet Security Alliance National Association of Manufacturers RedSiren GLOBAL COMPUTER SECURITY SURVEY FINDS ONE-THIRD OF COMPANIES MAY NOT BE ABLE TO FEND OFF CYBERATTACKS WASHINGTON, Sept. 9, 2002 - A new survey of information security specialists at organizations around the world finds that - despite a high level of awareness of the risk of computer attacks even before the events of last September 11th - almost one-third of the companies surveyed say they may still not be adequately equipped to deal with an attack on their computer networks by cyberterrorists. Conducted jointly by the Internet Security Alliance (ISAlliance), the National Association of Manufacturers (NAM) and RedSiren Technologies Inc., the survey asked respondents to compare their companies' attitudes regarding information security issues, both today and prior to last year's terrorist attacks on the World Trade Center and the Pentagon. The survey found that: --30 percent of respondents said their firms do not have adequate plans for dealing with information security and cyberterrorism issues, down from 39 percent last year; --33 percent said information security is not a visible priority at the executive or board level of their organizations; --39 percent said information security plans are not regularly communicated to or reviewed by top corporate executives; yet --88 percent said their companies now recognize information security as an issue essential to the survivability of their business, up from 82 percent prior to the attacks. The survey was conducted from Aug. 12-23, targeting corporate information security specialists around the world. More than 225 responses were recorded from throughout North America, Europe, the Middle East and Pacific Rim regions. Based on these results, our challenge is to educate companies about the need for taking added preventative steps now, as well as the hard-nosed reality that this situation will not change. Enterprises of all sizes have to remain active and vigilant on an ongoing basis if they are going to protect against cyberattacks on their systems, said Doug Goodall, RedSiren's president and chief executive officer. Information security needs to be a top priority for any successful business, from the executive level to the IT manager, said Dave McCurdy, ISAlliance's executive director. Businesses rely more on the Internet and e-commerce than ever before and confronting new and emerging cyber-threats without sound IT security practices is not sound corporate management. The ISAlliance is the publisher of Common Sense Guide for Senior Managers: Top Ten Recommended Information Security Practices. Forty-eight percent of respondents said that the September 2001 attacks had made them more concerned about cyberterrorism and its impact on their organizations; 49 percent reported no change in attitude at all. This seems to indicate a bit of a disconnect between the perception of the general threat of cyberterrorism and specific concern about one's own organization, said Tom Orlowski, vice president, Information Systems, at NAM. It may reflect a mentality that 'it'll never happen to me.' In today's world, that may be a dangerous complacency. Almost half of the respondents (47 percent) said their companies have increased spending on information security since last year, and 38 percent said that trend would continue in 2003. New or improved information security measures implemented in the past year ranged from cyber insurance
[INFOCON] - OCIPEP: Release of U.S. National Strategy to SecureCyberspace
Release of U.S. National Strategy to Secure Cyberspace Introduction Today, President George Bush's Administration released a draft version of the National Strategy to Secure Cyberspace. The last U.S. Cyberspace Strategy was released by the Clinton Administration in 2000. The new strategy reflects not only an administration change but also the lessons learned from September 11. Richard Clarke, Special Advisor to the President for Cyberspace Security, has led the development of the strategy and will outline its contents at an event today at Stanford University. As a demonstration of the close Canada-U.S. cooperation in this area, Margaret Purdy, Associate Deputy Minister of National Defence with responsibility for OCIPEP, will be speaking at the release. She will emphasize the special importance of a coordinated Canada-U.S. approach to ensuring the security of our shared infrastructure and the need for global cooperation on cybersecurity issues. The Strategy, which can be found at http://www.securecyberspace.gov, is a living document involving ongoing public and private sector input. It is intended as a road map of what the government, industry and individuals must do to secure networks. The President is expected to approve the first version before the end of the year, and the President's Critical Infrastructure Protection Board (PCIPB) will periodically issue new releases of the Strategy. Overview of the Strategy There are two fundamental shifts that underlie the Strategy. First, everyone in the country, not just the government, must be responsible to secure their own portion of cyberspace. There is a clear message that threats to cyberspace cannot be handled exclusively by government, military and enforcement agencies. Universities, different sectors of the economy and owners of critical infrastructures such as electricity grids and telecommunications are encouraged to secure their own networks. Second, the nation must move away from the threat paradigm to a vulnerability paradigm. Before the terrorist attacks on the U.S. last September, the government was expected to warn of encroaching threats and advise as to the best protection measures. The strategy proposes that the government's role in securing networks should not be to regulate or dictate but to empower all Americans to secure their portions of cyberspace. The government intends to: educate and create awareness among users and owners of cyberspace of the risks and vulnerabilities; produce new and more secure technologies; develop a large and well-qualified cybersecurity workforce through training and education; foster responsibility of individuals, enterprises and sectors for security at all levels through the use of market forces, public-private partnerships, and in the last resort, through regulation and legislation; improve federal cybersecurity to make it a model for other sectors; and develop early warning and efficient sharing of information both within and between public and private sectors so that attacks are detected quickly and responded to efficiently. The document is divided into five sections: home users and small business; large enterprise; critical sectors including government, private sector and academia; national priorities; and global issues. Each level lays out strategic goals for that set of user and highlights ongoing programs, recommendations and topics for discussion to further develop the strategic goals. There are also appended critical infrastructure sector plans for Banking and Finance, Electric, Oil and Gas, Water, Transportation (Rail), Information and Communications, and Chemicals. These plans can be found at http://www.ciao.gov or http://www.pcis.org. The strategy also specifically recommends enhanced cooperation with Canada: The United States should work together with Canada and Mexico to identify and implement best practices for security of the many shared critical North American information infrastructures. (R5-3) In brief, some other relevant recommendations for the various sections are: (reference Summary of Recommendations in the Strategy) Federal government to conduct a comprehensive program performance review of the National Information Assurance Program (NIAP) with a vision to extending it to all government IT procurement. (R3-1 2) Academic institutions to establish one or more Information Sharing and Analysis Center(s) (ISAC) to deal with cyber attacks and vulnerabilities. (R3-14) Creation of private sector ISACs for each sector, conduct sector technology and RD gaps analysis, and development of sector best practices. (R3-15,16 17) Internet Service Providers (ISP) to consider adopting a code of good conduct governing their cybersecurity practices. (R4-3). The Federal government to complete the installation of the Cyber Warning Information Network (CWIN) to key government and non-government cybersecurity operations centers for analysis and warning information and crisis coordination. (R4-40)
[INFOCON] - News 09/19/02
_ London, Thursday, September 19, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ IWS Sponsor IQPC Defence Conference: Information Operations 2002 25-26/09/02 Information Operations 2002: Analysing development in defensive and offensive information operations, critical infrastructure protection, information assurance and perception management. September 25 - 26, 2002. London, UK (Pre-Conference Masterclass: 24th September 2002) Information Operations 2002 Conference Web Site http://www.iqpc-defence.com/GB-1826 _ [News Index] [1] Cybersecurity Plan Offends No One [2] Administration unveils cybersecurity plan [3] President Bush Announced His Appointment of 24 Individuals to Serve as Members of the National Infrastructure Advisory Committee [4] A Short History of Computer Viruses and Attacks [5] White House balks at Senate confirmation for e-gov chief [6] Pentagon's anti-terrorism battle takes a covert turn [7] Probe: U.S. Knew of Jet Terror Plots [8] Group says Microsoft isn't living up to antitrust settlement [9] Fed cybersecurity initiative boosts TCPA [10] Bird's-Eye View of What Irks Bush [11] Web firms take second shot at success [12] Detecting and Removing Trojans and Malicious Code from Win2K [13] Slapped Silly [14] A Gathering of Big Crypto Brains [15] Falun Gong 'TV hackers' on trial [16] Can Bon Jovi Foil the Pirates? [17] Senate stuck in slow motion on homeland security bill _ News _ [1] Cybersecurity Plan Offends No One The White House's strategy to secure cyberspace adopts a hands-off approach. Critics say that's not enough. By Kevin Poulsen, Sep 18 2002 6:26PM PALO ALTO, Calif.--The White House formally unveiled a public draft of its national cybersecurity plan at Stanford University here Wednesday to an invitation-only audience of technology company CEO's and security industry bigwigs, and a crush of media. Introducing it as the product of an unprecedented partnership between the private sector and government, Richard Clarke, chairman of the President's Critical Infrastructure Protection Board (PCIPB), said the National Strategy to Secure Cyberspace is a step towards preventing serious cyber attacks in the future. On this issue, when we know there are vulnerabilities, and we know some of the solutions, let us work together as a country... to solve these vulnerabilities before there's a major disaster. http://online.securityfocus.com/news/677 [2] Administration unveils cybersecurity plan By Bara Vaida and Stephen M. Lawton for National Journal's Technology Daily PALO ALTO, Calif.- Borrowing on imagery from the Sept. 11, 2001, terrorist attacks, the Nimda and Code Red computer viruses and veiled threats yet to come, the White House on Wednesday unveiled its national cyber-security plan at a press conference here. What was originally expected to be a blueprint of how the administration plans to fight cyber threats, the document is a rough draft that will be the subject of public comment for the next 60 days, said Richard Clarke, the president's cybersecurity adviser. The government cannot dictate, cannot mandate, cannot alone secure cyberspace, Clarke said. He characterized the theme of the document as moving away from who, what, when, how and shifting to a vulnerability paradigm. http://www.govexec.com/dailyfed/0902/091802td1.htm More: Cybersecurity plan lacks muscle http://news.com.com/2100-1023-958545.html?tag=cd_mh US cyber defence plan lacks teeth, claim critics http://www.cw360.com/bin/bladerunner?REQSESS=irD17TS2149REQEVENT=CARTI=115898; CARTT=1CCAT=2CCHAN=22CFLAV=1 Two cheers for US cyber-security plan http://news.bbc.co.uk/1/hi/business/2268188.stm Cyber Security Report Spreads Burden http://www.cbsnews.com/stories/2002/09/17/tech/main522287.shtml Critics Rap Bush Cyber-Security Plan http://www.eweek.com/article2/0,3959,541172,00.asp White House cybersecurity plan avoids mandates http://www.iht.com/articles/71144.html [3] President Bush Announced His Appointment of 24 Individuals to Serve as
[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-148 Date: 19September 2002
OCIPEP DAILY BRIEF Number: DOB02-148 Date: 19 September 2002 http://www.ocipep.gc.ca/DOB/DOB02-148_e.html NEWS U.S. National Strategy to Secure Cyberspace - Links Update Details of the draft strategy were first reported yesterday in DOB02-146. The OCIPEP Information Note regarding the draft strategy can be viewed at: http://www.ocipep.gc.ca/emergencies/info_notes/IN02_006_e.html The draft National Strategy to Secure Cyberspace can be viewed at: http://www.whitehouse.gov/pcipb/cyberstrategy-draft.pdf IN BRIEF Prime Minister assures that Kyoto will not be lethal for economy While speaking at a Liberal fundraiser in Calgary, the Prime Minister came to the defence of the Kyoto protocol yesterday evening, making assurances that it would not cause any catastrophes in the job market and investment sectors as voiced by several provincial government leaders, particularly Alberta. With the support of Canadian business leaders and oil companies, the Alberta government began a $1.5-million anti-Kyoto public relations campaign yesterday. (Source: thestar.com, 19 September 2002) Click here for the source article Halifax plans to clean up harbour Halifax Regional Council will raise $210 million of the $315 million required to fund the Halifax Harbour Solutions Project. This project aims to construct three sewage treatment plants to process raw sewage before it is dumped in the harbour. The Nova Scotia government has pledged to contribute $30 million to the project and it is hoped that the remainder of the funds will be provided by the federal government. (Source: THE GLOBE AND MAIL, 18 September 2002) Click here for the source article Comment: The clean-up of the heavily polluted Halifax Harbour has been a difficult issue for the Nova Scotia provincial government for the past 20 years. The dumping of untreated sanitary and storm wastewater into the harbour has caused numerous problems, including widespread bacterial contamination and the prohibition of shellfish harvesting in the harbour. The web page for the Halifax Harbour Solutions Project can be viewed at: http://www.region.halifax.ns.ca/harboursol/project_summary.html Winnipeg sewage dumping to be investigated This week's accidental dumping of raw sewage in Manitoba's Red River will be investigated by federal fisheries officials to determine if charges will be laid under the federal Fisheries Act. The act prohibits the dumping of harmful material into a body of water which contains fish. The investigation will focus on whether negligence was a factor in this incident. (Source: CBC Manitoba, 18 September 2002) Click here for the source article Comment: Details of this incident were first reported yesterday in DOB02-147 . Winnipeg residents have been advised to continue using their water and sewer services as usual. Internet cable: Growing popularity in the U.S. According to an U.S. research company, cable modems remain the primary means used by North Americans for connecting to the Internet. The study revealed that 58 percent of high-speed Internet users in the U.S. were accessing the web via cable compared to one third of consumers using digital subscriber lines (DSL) . The research company noted that in Canada, there are more DSL users in central and eastern Canada compared to more cable users in western Canada. (Source: THE GLOBE AND MAIL, 18 September, 2002) Click here for the source article CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats McAfee Security reports on BackDoor-AKR, which is a Trojan horse that copies itself to Windows system directory as internat.dic and Windows directory as notepad.jmp. It opens TCP port 3721 to allow a remote attacker to connect to the infected system and perform various tasks. http://vil.nai.com/vil/content/v_99695.htm McAfee Security reports on Jekord, which is a Trojan horse written in Borland Delphi that reads through the victim's browser history files and cookie data. It may attempt to mail information to its creator. http://vil.nai.com/vil/content/v_99701.htm Trend Micro reports on VBS_INA.A, which is a VBScript malware that uses Outlook e-mail to propagate copies of the batch file malware, BAT_INA.A. It arrives with the subject line hehe, isn't that fascinating... and the attachment BAT.INA.BAT. http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_INA.A Vulnerabilities SecurityFocus reports on a remotely exploitable denial-of-service vulnerability in MS Windows XP Professional and .NET Standard Server Beta 3. View the Solution tab for workaround information. http://online.securityfocus.com/bid/5713/discussion/ SecurityFocus reports on a remotely exploitable keystroke injection vulnerability in MS Windows RDP that could allow an attacker to inject maliciously crafted packets into a session. View the Solution tab for workaround information. http://online.securityfocus.com/bid/5712/discussion/ SecurityFocus reports on a locally
[INFOCON] - News 09/24/02 (last one till Friday)
[Today's issue is delayed as I was attending an IO/IA workshop in London. There will be no Infocon News till maybe Thursday/Friday as London is under a massive 'infrastructure attack' per 20.00 tonight (not by any Al Qaeda terrorists or any cyberterrorists, but by striking tube (underground) workers. WEN] Travellers braced for Tube strike http://news.bbc.co.uk/1/hi/england/2277687.stm _ London, Tuesday, September 24, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ IWS Sponsor IQPC Defence Conference: Information Operations 2002 25-26/09/02 Information Operations 2002: Analysing development in defensive and offensive information operations, critical infrastructure protection, information assurance and perception management. September 25 - 26, 2002. London, UK (Pre-Conference Masterclass: 24th September 2002) Information Operations 2002 Conference Web Site http://www.iqpc-defence.com/GB-1826 _ [News Index] [1] FBI cyber chief heralds interagency cooperation [2] Military Space Operations: Planning, Funding, and Acquisition ... [3] At least 100 countries building cyber weapons - expert [4] Third slapper worm hits the street [5] ICANN closes in on .org successor [6] FBI agent: Break down the intelligence 'wall' [7] Philip Morris sues Internet sites [8] Internet phone calling: A firm fails to connect [9] Privacy Advocate Voices Mobile Spam Concerns [10] Canadians more wired about shopping on Net [11] Justice Department formalizes information sharing guidelines [12] Computers vulnerable at Oregon department [13] When is hacking a crime? [14] Linux hacker tracked to Surbiton... [15] Microsoft tweaks Xbox to thwart hackers [16] Sun Crypto curves into open source project [17] From bipartisan beginnings, homeland bill now a divider _ News _ [I hope this time the cooperation will work better than last time. Ron Dick seems to be keen on two way information sharing: From a July Statement for the Record of Ronald L. Dick, Before the House Committee on Governmental Reform, Government Efficiency, Financial Management and Intergovernmental Relations Subcommittee Dick: '... At the NIPC we continue to seek partnerships which promote two-way information sharing. As Director Mueller stated in a speech on July 16th, Prevention of terrorist attacks is by far and away our most urgent priority. We can only prevent attacks on our critical infrastructures by building an intelligence base, analyzing that information, and providing timely, actionable threat-related products to our public and private sector partners. We welcome the efforts of your Committee in improving information sharing, and I look forward to addressing any questions you might have.' The future will show whether this will be possible or not. All I can say: actions speak louder than words. Good luck. WEN] [1] FBI cyber chief heralds interagency cooperation By Bara Vaida, National Journal's Technology Daily Ron Dick, the director of the FBI's National Infrastructure Protection Center, said the FBI's new effort to partner with the Secret Service on investigating cyber crimes is aimed at marshalling resources. At the launch of the national cybersecurity protection plan last week, the FBI and Secret Service announced a new pilot program where several field offices of both agencies agreed to work together on investigating cyber crimes to determine who is behind a particular attack. If you look at what we've done with the Infragard program and what they've done with the Electronic Crimes Task Force...we can leverage the capabilities of both staffs, said Dick in an interview with National Journal's Technology Daily. Full story: http://www.govexec.com/dailyfed/0902/092302td1.htm [Interesting report. WEN] The United States is increasingly dependent on space for its security and well being. The Department of Defense's (DOD) space systems collect information on capabilities and intentions of potential adversaries. They enable military forces to be warned of a missile attack and to communicate and navigate while avoiding hostile action. And they provide
[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-151 Date: 24September 2002
DAILY BRIEF Number: DOB02-151 Date: 24 September 2002 http://www.ocipep.gc.ca/DOB/DOB02-151_e.html NEWS Derailed CN train spills fuel in Quebec A Canadian National (CN) train, en route from Toronto to Senneterre, derailed in the Mauricie Region of Quebec on Sunday night. Diesel fuel spilled from one of the train cars onto the tracks and the ground nearby. A CN spokesperson stated that an investigation is in progress to determine the cause of the derailment and whether the fuel spill will be harmful to the environment. No injuries were reported. (Source: canada.com, 23 September 2002) Click here for the source article Comment: There does not appear to be significant damage from the spill of approximately 7,000 gallons (26,498 litres) of diesel. A team was on the scene on Monday to start the clean-up process. Service on the rail line is expected to resume on Wednesday. NIPC releases hacktivisim assessment On 23 September 2002, the U.S. National Infrastructure Protection Center (NIPC) released an assessment entitled Hacktivism in Connection with Protest Events of September 2002, which warns of the potential for hacktivism in conjunction with the upcoming World Bank and IMF meetings to be held in Washington, DC this week. The NIPC recommends that recipients monitor their information systems and networks for computer intrusions during the events listed above. The assessment can be viewed at: http://www.nipc.gov/warnings/assessments/2002/02-002.htm U.S releases National Security Strategy On 17 September 2002, the Bush Administration released its latest national strategy to protect American interests. The National Security Strategy largely abandons the concept of military deterrence-which dominated defence policies during the Cold War years-for a forward-reaching, pre-emptive strategy against hostile states and terrorist groups. The strategy document also outlines a policy of multilateralism to: defuse regional conflicts; prevent enemies from using weapons of mass destruction against the United States, it allies and friends; support and promote a new era of global economic growth through free markets and free trade; expand the development of open societies and build the infrastructure of democracy; reduce the toll of HIV/AIDS and other infectious diseases; and, transform the U.S. military to meet 21st century challenges. Comment: The latest strategy is an enclosed document to the Homeland Security Strategy released on 6 June 2002 and overarches the recently released National Strategy to Secure Cyberspace. For the complete text of the National Security Strategy of the United States of America please see http://www.whitehouse.gov/nsc/nss.html IN BRIEF West Nile (WN) virus According to the chair of Toronto's Board of Health, the WN virus has hit Ontario and the Greater Toronto area faster than anticipated. The board is considering alternatives to chemical fogging, including the use of non-chemical larvicide or synthetic hormones. (Source: thestar.com, 24 September 2002) Click here for the source article Comment: Additional information on the WN virus can be found on the OCIPEP web site at: http://www.ocipep.gc.ca/otherlinks/hlinx_e.html New version of Slapper worm starts spreading A new version of the Slapper B worm, dubbed Slapper C, has started infecting servers. Patches are available for all variants of the worm. (Source: vnunet.com, 24 September 2002) Click here for the source article Ontario hydro bills increase sharply Consumers in Ontario have been paying an average of 30 percent more for their electricity over the summer months, according to a media report. Energy suppliers credit higher summer temperatures for the increase in the market price of energy. (Source: globeandmail.ca, 24 September 2002) Click here for the source article Comment: The OCIPEP Daily Brief DOB02-116, released on 2 August 2002, noted that higher than usual temperatures this past summer, coupled with high use of air conditioners, had prompted Ontario's electricity distributor to warn residents that they should consider cutting back their energy consumption to reduce the load on the system. Homeowners may receive $1,000 from Ottawa to help conserve energy As part of the consumer portion of Canada's draft plan to put into action the Kyoto Protocol, federal officials stated that Ottawa is considering offering homeowners rebates as high as $1,000 if they make their homes more energy efficient. (Source: globeandmail.ca, 23 September 2002) Click here for the source article U.S. planning to revert back to code yellow Government officials believe that President Bush may decide to lower the Homeland Security alert level back from orange (high) to yellow (elevated) in the next few days. (Source: nandotimes.com, 23 September 2002) Click here for the source article FBI and Secret Service join forces to investigate cyber crimes During the launching of the National Strategy to Secure Cyberspace last week, it was announced
[INFOCON] - (Admin) How to unsubscribe
Dear All, Even though the unsubscribe instructions are included in the daily newsletter, some people still do not know how to do it. Below please find the instructions on how to unsubscribe: *** To unsubscribe - send an email to [EMAIL PROTECTED] with unsubscribe infocon in the body Also, please do not hassle any government agencies with unsubscribe requests (they are busy enough) if you get their news, ... through the Infocon list (all email from the infocon mailing list have '[INFOCON] -' in the subject line and hence should be easily identifiable). Thank you. Regards, WEN Wanja Eric Naef Webmaster Principal Researcher IWS - The Information Warfare Site http://www.iwar.org.uk IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
[INFOCON] - GAO: Information Sharing Activities Face ContinuedManagement Challenges
Homeland Security: Information Sharing Activities Face Continued Management Challenges, statement for the record by David M. Walker, comptroller general of the United States, before a joint hearing of the Senate Select Committee on Intelligence and the House Permanent Select Committee on Intelligence. GAO-02-1122T, September 23. http://www.gao.gov/cgi-bin/getrpt?GAO-02-1122T Today, governments at all levels, as well as private sector entities, recognize that they have a greater role to play in protecting the nation from terrorist attacks. To achieve this collective goal, homeland security stakeholders must more effectively work together to strengthen the process by which critical information can be shared, analyzed, integrated and disseminated to help prevent or minimize terrorist activities. The work of these committees and of others in Congress and the Administration in crafting solutions to leverage agencies' abilities and willingness to share timely, useful information is critical to the fundamental transformation required in our homeland security community to ensure an affordable, sustainable and broad-based response to new and emerging threats to our country. In my testimony today, I will discuss (1) some of the challenges to effective information sharing, including the fragmentation of information analysis responsibilities, and technology and collaboration challenges, and (2) GAO's views on addressing these challenges through transformational strategies, including strengthening the risk management framework; refining the national strategy, policy, and guidance structures to emphasize collaboration and integration among homeland security stakeholders to achieve common goals; and bolstering the fundamental management foundation integral to effective public sector performance and accountability. The statement also includes an appendix that lists GAO's recommendations on combating terrorism and the status of their implementation, as well as a list of related products. IWS INFOCON Mailing List IWS - The Information Warfare Site http://www.iwar.org.uk
[INFOCON] - News 10/03/02
_ London, Thursday, October 15, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ To subscribe - send an email to [EMAIL PROTECTED] with subscribe infocon in the body To unsubscribe - send an email to [EMAIL PROTECTED] with unsubscribe infocon in the body _ [News Index] [1] House lawmaker renews push for cybersecurity measures [2] Report on blonds won't wash [3] The Book on Mitnick Is by Mitnick [4] Pro-Islamic militant hacker groups boost attacks security company says [5] Gartner slams MS security after latest flaw [6] A radical rethink of international relations [7] Professor stresses Net security awareness [8] Bugbear virus threat increases [9] Pentagon contempt is hurting the cause [10] Internet rekindles 'Nigerian scam' [11] New U.S. strategy in Afghanistan: winning hearts and minds [12] Help! MS issues another critical security fix [13] Hong Kong news site hacked [14] Plan aimed at Iraqi commanders raises doubts [15] FBI names 20 most unwanted security flaws [16] P2P network funded by US government [17] Quantum cryptography takes to the skies _ News _ [1] House lawmaker renews push for cybersecurity measures By Maureen Sirhal, National Journal's Technology Daily A key House lawmaker is moving to reauthorize legislation that would impose security requirements on federal agencies through two different vehicles, signaling what he sees as the urgency of extending information security measures before Congress adjourns. The House Government Reform Technology and Procurement Policy Subcommittee on Tuesday approved legislation to promote online government and included in that bill, H.R. 2458, a provision-based on the Federal Information Security Act (FISMA)-to permanently reauthorize 2000 Government Information Security Reform Act (GISRA) and institute other cybersecurity requirements for agencies. Subcommittee Chairman Tom Davis, a Virginia Republican, added the FISMA language to the e-government bill even though he already has won House passage of the proposal as part of another measure, H.R. 5005, that would create a Homeland Security Department. A Senate e-government bill, S. 803, also contains a provision to permanently reauthorize GISRA. http://www.govexec.com/dailyfed/1002/100102td1.htm (This story has nothing to do with IA, but it is a brilliant example of how some media folks pick up stories without checking the facts. I still remember the rather ridiculous printer virus story during the Gulf War WEN) '... Jeffrey Schneider, a spokesman for ABC News, said that the anchors got the information from an ABC producer in London who said that he had read it in a British newspaper. ...' [2] Report on blonds won't wash Lawrence K. Altman The New York Times Thursday, October 3, 2002 Forecast demise of fair hair had no roots in truth NEW YORK NEW YORK: Apparently it fell into the category too good to check. Last week, several British newspapers reported that the World Health Organization had found in a study that blonds would become extinct within 200 years because blondness was caused by a recessive gene that was dying out. The reports were repeated by anchors for ABC and CNN. There was only one problem: The health organization says that it never reported that blonds would become extinct and that it had never done a study on the subject. WHO has no knowledge of how these news reports originated, the organization, a Geneva-based agency of the United Nations, declared. The agency added that it would like to stress that we have no opinion of the future existence of blonds. http://www.iht.com/articles/72474.html [3] The Book on Mitnick Is by Mitnick By Michelle Delio 2:00 a.m. Oct. 3, 2002 PDT Six months ago, the world's most notorious hacker was wondering if he'd ever be able to live down his reputation as a serial killer of corporate computer systems. Kevin Mitnick was unemployed, depressed and in danger of losing his treasured amateur radio license. He was starting to think that even
[INFOCON] - GAO CIP: Commercial Satellite Security
(Interesting report about a part of the critical infrastructure which is not mentioned very often. WEN) Key sentence for CIP planner: ...In addition, we are recommending that commercial satellites be identified as a critical infrastructure sector (or as part of an already identified critical infrastructure sector) in the national CIP strategy, to help ensure that these assets are protected from unauthorized access and disruption. ... GAO: Critical Infrastructure Protection: Commercial Satellite Security Should Be More Fully Addressed. GAO-02-781, August 30. http://www.gao.gov/cgi-bin/getrpt?GAO-02-781 Vulnerabilities: Satellites are vulnerable to various threats. Protecting satellite systems against these threats requires attention to (1) the satellite; (2) the satellite control ground stations, which perform tracking and control functions to ensure that satellites remain in the proper orbits and which monitor satellite performance; (3) the communications ground stations, which process the data being sent to and from satellites; and (4) communications links between satellites and ground stations-both those that transmit the tracking and control information and those that transmit the data. Security threats to any part of the system could put government and commercial functions at significant risk. Accordingly, at your request, we reviewed (1) what security techniques are available to protect satellite systems from unauthorized use, disruption, or damage; (2) how federal agencies reduce the risk associated with their use of commercial satellite systems; and (3) what federal critical infrastructure protection (CIP) efforts are being undertaken to address satellite system security through improved government and private-sector cooperation. To accomplish these objectives, we reviewed technical documents, policy, and directives and interviewed pertinent officials from federal agencies and the private sector involved in developing, operating, maintaining, and protecting satellite systems. ... Results: Techniques to protect satellite systems from unauthorized use and disruption include the use of robust hardware on satellites, physical security and logical access controls2 at ground stations, and encryption of the signals for tracking and controlling the satellite and of the data being sent to and from satellites. Recommendation: Because of the importance of the satellite industry to our nation, we recommend that steps be taken to promote appropriate revisions to existing policy and the development of new policy regarding the security of satellite systems, to ensure that federal agencies appropriately address the use of commercial satellites, including the sensitivity of information, security techniques, and enforcement mechanisms. In addition, we are recommending that commercial satellites be identified as a critical infrastructure sector (or as part of an already identified critical infrastructure sector) in the national CIP strategy, to help ensure that these assets are protected from unauthorized access and disruption. IWS INFOCON Mailing List IWS - The Information Warfare Site http://www.iwar.org.uk
[INFOCON] - Announcing 2 NEW Computer Security SpecialPublications -- NIST
-Original Message- From: [EMAIL PROTECTED] On Behalf Of Patrick O'Reilly Sent: 03 October 2002 18:12 To: Multiple recipients of list Subject: Announcing 2 NEW Computer Security Special Publications -- NIST The National Institute of Standards and Technology (NIST) is releasing new guidelines for dealing with two of the most common sources of security: poorly configured Web servers and email systems. Special Publication 800-44, Guidelines on Securing Public Web Servers, and Special Publication 800-45, Guidelines on Electronic Mail Security, are part of a series of guidance developed by the NIST Computer Security Division and available through the Computer Security Resource Center Web site (http://csrc.nist.gov/publications/nistpubs/). NIST serves as the primary technical security resource for civilian agencies under the Computer Security Act of 1987. The two guides are intended primarily for a technical audience, such as systems administrators who are responsible for installing, configuring, and maintaining e-mail systems and public Web servers. The guides provide not only generic guidance on how to secure such systems, but also specific examples of applying the guidance to secure some of the most popular email and Web products, for both Microsoft Windows and Unix operating systems. To assist the reader, the guides also contain numerous pointers and references to related material. Any questions or comments can be sent to Wayne Jansen ([EMAIL PROTECTED]). IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-158 Date: 03 October2002
DAILY BRIEF Number: DOB02-158 Date: 03 October 2002 http://www.ocipep.gc.ca/DOB/DOB02-158_e.html NEWS Kyoto and Beyond A report prepared for The David Suzuki Foundation and the Canadian Climate Action Network (CANet) entitled Kyoto and Beyond: The Low Emission Path to Innovation and Efficiency proposes several measures that are key to meeting Kyoto requirements. These include energy conservation; efficiency improvements; decreasing electric heat usage; industrial cogeneration; increased usage of wind and other renewable sources; and, in the long term, increased imports of hydroelectricity. The report can be viewed in PDF format at the following address: http://www.davidsuzuki.org/files/Kyoto_Beyond_LR.pdf Comment: There has been considerable media attention lately to the issue of alternate means of power production. The Conservation Council of New Brunswick (CCNB) and CANet stated Wednesday that rebuilding nuclear power plants and using them as an alternative to carbon dioxide-producing fossil fuels wouldn't necessarily assist Canada in reaching Kyoto Protocol targets. A spokesperson from the CCNB contends that the province's nuclear power generating station at Point Lepreau has outlived its usefulness and that funding the extension of its lifespan will only serve to delay the development of alternative methods of energy production. As reported in the OCIPEP Daily Brief DOB02-152, released 25 September 2002, New Brunswick Power is looking to make substantial renovations to keep the Point Lepreau nuclear generating station operational past its planned closing date in 2006. http://www.web.net/~ccnb/news/current/kyoto_press.htm http://www.web.net/~ccnb/news/current/kyoto_stmnt.htm Hurricane Lili halts U.S. gulf refinery production Hurricane Lili is affecting the U.S. oil production industry as refineries in Port Arthur, Texas, and Louisiana, including the Louisiana Offshore Oil Port (the largest oil port in the U.S.), are shutting down because of the storm. Such closures are depleting the market of more than 500,000 barrels of oil per day. (Source: Forbes.com, 02 October 2002) Click here for the source article Comment: Hurricane Lili has been downgraded to a category 2 hurricane. A projected track of the hurricane shows that Lili will be situated south of the Ontario/Great Lakes area by October 5. The projected track can be viewed on the Environment Canada's web site at: http://www.ns.ec.gc.ca/weather/hurricane/current6.html EPA releases Homeland Security Strategy On October 2, the U.S. Environmental Protection Agency (EPA) released its Strategic Plan for Homeland Security, which is intended to support the U.S. President's National Strategy for Homeland Security and the efforts undertaken by the new Department of Homeland Security. The plan divides the EPA's homeland security responsibilities into four areas: critical infrastructure protection; preparedness, response, and recovery; communication and information; and, protection of EPA personnel and infrastructure. For each mission area, goals, tactics, and results are outlined. The EPA's homeland security responsibilities include protection of water infrastructure; cleanup following biological or chemical attacks; reducing the vulnerability of the chemical industry and hazardous materials sector of the nation's critical infrastructure; and, involvement in response to and recovery from radiological attacks. (Source: www.epa.gov, October 2, 2002) Click here for the source article Comment: The EPA noted in the plan that although it had lead agency status in several homeland security areas, that status was subject to change along with its Homeland Security Strategy, as the Department of Homeland Security may absorb some of those responsibilities as it develops. The EPA has bolstered its response, preparedness and recovery capabilities since 11 September 2001 by providing training and better equipping response teams, issuing water system security grants and announcing plans for a center to coordinate research in areas such as building decontamination, rapid risk assessment and drinking water protection. For the full text of the EPA's Strategic Plan for Homeland Security, please go to: http://www.epa.gov/epahome/downloads/epa_homeland_security_strategic_pla n.pdf IN BRIEF Ontario hydro dam alert system will be improved The Ontario Energy Minister stated yesterday that the government has ordered modifications to their computerized warning system at the province's hydroelectric dams following a tragic accident near Calabogie that caused the death of a mother and son in June 2002. Comment: The Members' Statements regarding hydro dam safety can be viewed at: http://hansardindex.ontla.on.ca/hansardeissue/37-3/l035a.htm. Bruce power tables environmental impact study for restart of two nuclear reactors The Canadian Nuclear Safety Commission (CNSC) has released an Environmental Assessment (EA) Study Report for public comment. The study was
[INFOCON] - Strategic, Space Commands Merge
... Here, today, you begin to effect a real transformation-a transformation that will improve our command and control, our intelligence and our planning-in short, a fundamental step forward to better meet the security environment that will define the 21st Century. ... *** Strategic, Space Commands Merge By Petty Officer 1st Class Sonja Chambers Special to the American Forces Press Service OFFUTT AIR FORCE BASE, Neb., Oct. 1, 2002 - Two U.S. unified commands merged Tuesday to form a new global command with global responsibilities in a new strategic environment. During an afternoon ceremony in the Bennie L. Davis Maintenance Facility, a new U.S. Strategic Command was established through the merger with U.S. Space Command and tasked with space operations, information operations, computer network operations, and strategic defense and attack missions. During the ceremony, Adm. James O. Ellis Jr., U.S. Strategic Command chief, cased the colors and stood down the old command. Air Force Gen. Richard B. Myers, chairman of the Joint Chiefs of Staff, then activated the new command, incorporating portions of U.S. Space Command. That command, based at Peterson AFB, Colo., ceased to exist. The new StratCom represents the transformation that provides a single commander, with a global perspective, to support the President and the Secretary of Defense, said Myers. With a B-2 Spirit stealth bomber, one of the most potent reminders of the nation's deterrence strength, parked behind several troop formations to the rear of the facility, and a 60-foot U.S. flag behind him, Ellis took command of the new StratCom. This new command is going to have all the responsibilities of its predecessors, but an entirely new mission focus, greatly expanded forces and you might even say several infinite areas of responsibility, Myers said. The command will focus on the military's ability to respond to threats around the world and offer a wider range of strategic options. United States Strategic Command provides a single warfighting combatant command with a global perspective, focused on exploiting the strong and growing synergy between the domain of space and strategic capabilities, Ellis said. The merger of the commands is part of the Bush administration's plan to transform the U.S. military as part of the nation's national military strategy. The new StratCom will continue to be responsible for providing strategic deterrence for the nation, but now, it will also assume space missions and responsibilities. Here today you begin to affect a real transformation, said Deputy Defense Secretary Paul Wolfowitz. A transformation that will improve our command and control, our intelligence and our planning. In short, a fundamental step forward to better meet the security environment that will define the 21st century. The command exercises combatant command and control of assigned task forces and service components that support the command's mission. During day-to-day operations, service component commanders retain primary responsibility for maintaining the readiness of USSTRATCOM forces and performing their assigned functions. Organizations include the following task force and service elements: aerial refueling, airborne communications, Army Space forces, ballistic missile submarines, bomber and reconnaissance aircraft, Joint Task Force - Computer Network Operations, the Joint Information Operations Center, land-based intercontinental ballistic missiles, the Naval Network and Space Operations Command, and Space Air Force. Related Sites of Interest: U.S. Strategic Command Web site http://www.stratcom.af.mil/ Establishment of U.S. Strategic Command: Remarks as Prepared for Delivery by Deputy Secretary of Defense Paul Wolfowitz, Offutt AFB, Omaha, Neb., Oct. 1, 2002 http://www.defenselink.mil/speeches/2002/s20021001-depsecdef2.html AFPS News Article: Northern Command Established in Colorado AFRTS Radio Report: Rumsfeld says SPACECOM/STRATCOM merger to improve combat effectiveness http://www.defenselink.mil/news/Oct2002/n10022002_200210024.html ** Establishment of U.S. Strategic Command Remarks as Prepared for Delivery by Deputy Secretary of Defense Paul Wolfowitz, Offutt AFB, Omaha, NE, Tuesday, October 1, 2002. [Chairman of the Joint Chiefs of Staff] General Myers has thoroughly and commendably recognized the many distinguished guests who join us today. But, let me add my personal greetings to Governor Johanns, Senators Exon and Karnes, [U.S. Stratcom Commander]Admiral Ellis, our honored veterans, and, most of all, the men and women here who serve us so faithfully and so well. Please join me in showing our appreciation. Along with the big Air Force presence here on the plains of Nebraska, I'd point out how
[INFOCON] - NIPC ADVISORY 02-008
--- NATIONAL INFRASTRUCTURE PROTECTION CENTER W32.Bugbear@mm or I-Worm.Tanatos NIPC ADVISORY 02-008 October 3, 2002 The National Infrastructure Protection Center (NIPC) is issuing this advisory to heighten the awareness of an e-mail-borne worm known as W32.Bugbear or I-Worm.Tanatos. This network-aware worm, which is being circulated as an e-mail attachment, appears to target machines running Microsoft software. The worm is attached to e-mails with a wide variety of subject lines such as bad news, Membership Confirmation, Market Update Report, and Your Gift, and appears to use randomly generated names to avoid detection by anti-virus software, as well as multiple file extensions to disguise the fact that it is an executable file. W32/Bugbear-A tries to copy itself to all types of shared network resources. The anti-virus industry has reported that this worm has infected over 22,000 systems in the past 24 hours and is continuing to grow. Due to its keystroke logging and backdoor capabilities, the worm is capable of intercepting victims Internet activity, for example, credit-card information, banking information, usernames and passwords. The NIPC is urging all infected owners to change logins and passwords after the infection has been reported and removed. System administrators should be aware that attackers could exploit these vulnerabilities to gain remote access which could enable the attacker to take any action desired, such as installing malicious code; running programs; and, reconfiguring, adding, changing, or deleting files. Description: The Bugbear worm arrives in victims' in-boxes in the form of a random e-mail. The only constant signature of the worm has been the size of the attachment, which to date has been 50,688 bytes. The virus installs a Trojan horse component called PWS-Hooker on infected machines. The Trojan program searches for and tries to disable a number of common Windows processes, and popular anti-virus and firewall software. The actual infected file arrives as an attachment. The subject line, name of the attachment, and text in the body of the message can vary; the attachment name typically has a double extension, such as .doc.pif. The worm may also attempt to determine the presence of an Apache 1.3.26 web server and relay this information to an external email address; it continuously looks for and terminates processes by listening to port 36794/tcp and port 137/udp. When a remote system is restarted, the worm's file gets control and infects a system. The worm exploits the MIME and IFRAME vulnerability in versions of Microsoft Internet Explorer 5.01 and 5.5. However, users running Internet Explorer 5.01 service pack 2 are not affected by this vulnerability. These vulnerabilities may allow an executable attachment to run automatically, even if the user does not double-click on the attachment. An option in Microsoft Internet Explorer executive preview pane allows users to view e-mail without clicking on the email. Users can delete the e-mail before viewing in the preview pane by turning the option off until appropriate patches have been applied. Microsoft has issued a patch to secure against these attacks. The patch can be downloaded from Microsoft Security Bulletin MS01-027: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/bulletin/ms01-27.asp (This patch was released to fix a number of vulnerabilities in Microsoft's software, including the ones exploited by this worm.) Several anti-virus software vendors have updated their signature files to recognize this worm in an attempt to stop the infection upon contact. In some cases, anti-virus software will remove an active infection from your system. Additional information obtained at: Central Command http://www.centralcommand.com McAfee http://www.nai.com Symantec http://symatec.com Sophos http://sophos.com Recommendation: The NIPC strongly urges the community to consider applying patches from Microsoft to secure against these attacks. All versions of Windows are vulnerable to this worm's ability to arrive via open file sharing. Users of Macintosh, Linux, and Unix are not at risk. Users of Internet Explorer 6 should be safe from the e-mail portion of this worm. The NIPC encourages recipients of this advisory to report computer intrusions to their local FBI office (http://www.fbi.gov/contact/fo/fo.htm) and other appropriate authorities. Recipients may report incidents online to http://www.nipc.gov/incident/cirr.htm. The NIPC Watch and Warning Unit can be reached at (202) 323-3204/3205/3206 or [EMAIL PROTECTED] --- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
[INFOCON] - [netsec-letter] #21, Securing Cyberspace -- Commentson the National Strategy
The latest netsec-letter contains some interesting comments regarding 'The National Strategy to Secure Cyberspace' Good mailing list. To subscribe, send a blank e-mail to: [EMAIL PROTECTED] WEN -Original Message- From: Fred Avolio Sent: 04 October 2002 17:43 To: [EMAIL PROTECTED] Subject: [netsec-letter] #21, Securing Cyberspace -- Comments on the National Strategy NetSec Letter #21, 2 October 2002 Securing Cyberspace -- Comments on the National Strategy Fred Avolio, Avolio Consulting, Inc., http://www.avolio.com/ On September 18, the (US) President's Critical Infrastructure Protection Board released a draft for comment of The National Strategy to Secure Cyberspace. Security vendors jumped on the band wagon, bragging about their involvement in the process (as if involvement from CEOs and Senior VPs will solve security problems). The government has scheduled Town Hall meetings in which the slightly more educated will hear comments from the uneducated about this document. This month, I'll make some comments, observations, and recommendations. Comments It is not clear (to me) where they got the ideas for the cyberspace. Maybe there are references, and I just missed them. Nevertheless, they are all commonly prescribed good practices. Unfortunately, the reader will have to sift through a lot of boilerplate and government-speak, an unclear and laborious writing style that attempts to say everything it possibly can, as if the writer were paid by the word. (Government writers believe this is necessary, and will not be persuaded otherwise, thinking that there are special requirements for them.) Also, it is aimed at the lowest common denominator -- the person who knows nothing about the need for Internet security -- and so goes into great detail to make the case for the need for computer and network security. I suspect this is overkill, but for the person who just arrived from another star system where people are polite and mind their own businesses, it won't hurt. I recommend anyone who knows anything about security to just skip to page 61, the summary of recommendations. The writers used some old data (the insider threat at 70% is from a 2 year old study, I believe), but what they say is mostly correct. Observations The document does not recommend government regulation, invoking federalism. Government will encourage through example and purchasing. Also, it is primarily an awareness program. This is reminiscent of the Smokey Bear campaign of the USDA Forest Service. Every boomer generation kid knows Only YOU can prevent forest fires, and knows that dealing with a campfire, you drown it, stir, and drown again. I know it, even though I never, ever camped when a child. Did it help? Well, *I've* never started a forest fire, so maybe. Every home user should read the guidelines for the individual and small office. It is all good stuff. True, it has all been said before. Maybe if the government says it people will do it, but probably not. The guidelines for the large enterprise, again, are things companies should know, should have heard, and should be doing already. Again, maybe they will if the government suggests it. I don't think so. An example: it took seat belt laws to get them in all cars. Drivers were not asking for them (and still some people don't use them). For companies, it all comes down to profit and loss. In many large enterprises -- and in the Federal Government -- security is always second place to usability. The guidelines for the Federal Government itself are the most bothersome. For example, establish an Office of Information Security Support Services within the Federal government... In typical government fashion, it solves a problem by adding more bureaucracy. A concern I have is that the guidelines look at the Government (also Large Enterprise) as one single entity that can be understood and controlled, if not tamed. Until we start thinking about compartmentalizing organizations -- protecting little offices from *everyone else* -- the problem will remain unmanageable. No government office or agency (e.g., the OISSS -- blech), no matter how big, can make sure the entire US Federal Government cyberspace is secure or that each agency and department in the government is following regulations. Recommendations Here's what *I* think is needed, and not addressed, unless I missed it (and I might have in all this text). First, consider regulation of U.S. Internet Service Providers (ISPs), with the goal of raising the bar of security for their networks and the customers. There are many things that most ISPs can do, from supporting strong user authentication for access to services, to encouraging the use of VPNs (rather then discouraging, by rejecting IPSec packets). Next, ISPs will require a certain level of security from enterprise and broadband customers, through adherence to and adoption of recognized good security. Perhaps dial-up users are below the radar on this, but every
[INFOCON] - News 10/04/02
_ London, Friday, October 04, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ To subscribe - send an email to [EMAIL PROTECTED] with subscribe infocon in the body To unsubscribe - send an email to [EMAIL PROTECTED] with unsubscribe infocon in the body _ [News Index] [1] Report: Satellites at Risk of Hacks [2] Hackers deface State Department site [3] Microsoft says 1 percent of bugs cause half of all software errors [4] Senate cybersecurity bill hits snag [5] Army looking to outsource [6] (CA) Federal proposal tells only part of cybercrime story [7] Bill aims at foreign Web censorship [8] Bush steps up demand for action on homeland security bill [9] Northcom faces obstacles at launch [10] State again target of hacking [11] Allies Drop Leaflets Warning Iraqis [12] 'Cowboy' WLANs letting industry down, analyst warns [13] U.N. arms inspectors run into a few bugs [14] House Passes Net Gambling Bill [15] Teaming up against cyberthreats [16] Klez-H enjoying its final days on infamy? [17] Assessing Internet Security Risk, Part Four: Custom Web Applications _ News _ [1] Report: Satellites at Risk of Hacks Want to find the most-ignored cybersecurity hole in America's critical infrastructure? Congressional investigators say, Look up! By Kevin Poulsen, Oct 3 2002 4:42PM Critical commercial satellite systems relied upon by federal agencies, civilians and the Pentagon are potentially vulnerable to a variety of sophisticated hack attacks that could cause service disruptions, or even send a satellite spinning out of control, according to a new report by the General Accounting Office, the investigative arm of Congress. The GAO report, dated August 30th but not released publicly until Thursday, criticizes the White House for not taking the vulnerabilities into account in its national cybersecurity planning, a criticism it also extends back to the Clinton administration. http://online.securityfocus.com/news/942 See also: http://www.mail-archive.com/infocon@infowarrior.org/msg00249.html [2] Hackers deface State Department site Unidentified hackers scrawled virtual obscenities on a State Department Web site, forcing the department to close the site down, spokesman Richard Boucher said Thursday. The obscenities appeared Wednesday on the Web site www.usinfo.state.gov, which is designed to provide information to computer users outside the United States. Boucher did not describe the obscenities or know if they were politically motivated. http://zdnet.com.com/2110-1105-960706.html http://news.com.com/2110-1001-960706.html?tag=cdshrt http://www.washingtonpost.com/wp-dyn/articles/A39528-2002Oct3.html A FoGIS (http://www.fogis.de) member spotted the following: State Press Briefing 03.10.02 QUESTION: Yeah, I have tried yesterday afternoon and this morning to get into your overseas website and have been unsuccessful. Are you all having trouble with that? MR. BOUCHER: One of our sites was hacked. The International Information website, the usinfo.state.gov site, which is run by the Bureau of International Information Programs, largely directed at foreign audiences, was temporarily shut down after the main page was defaced on October 2nd. This affects this particular site only. Our main site, www.state.gov remains open and most embassy sites from overseas are not affected. The defacement was on the main page. The investigation is being coordinated by State's Internal Computer Incident Response Team. It's not possible to surmise any intent of the intruders beyond vandalism At this point. The affected site was hosted by a service outside the Department. At no time were any inside computers or classified information or sensitive information in any danger of compromise. We're fixing the website and trying to put it back up and running as soon as possible. QUESTION: What was the defacement? MR. BOUCHER: I don't have information here. [3] Microsoft says 1 percent of bugs cause half of all software errors SEATTLE (Reuters) - One percent of the bugs in
[INFOCON] - UNIRAS Brief - 330/02 - Microsoft - Vulnerabilitiesin File Decompression Functions, Windows Help Facility, Unix 3.
-Original Message- From: UNIRAS (UK Govt CERT Sent: 07 October 2002 14:29 To: [EMAIL PROTECTED] Subject: UNIRAS Brief - 330/02 - Microsoft - Vulnerabilities in File Decompression Functions, Windows Help Facility, Unix 3.0 Interix SDK + Patch for SQL Server -BEGIN PGP SIGNED MESSAGE- - -- UNIRAS (UK Govt CERT) Briefing Notice - 330/02 dated 07.10.02 Time: 14:05 UNIRAS is part of NISCC(National Infrastructure Security Co-ordination Centre) - -- UNIRAS material is also available from its website at www.uniras.gov.uk and Information about NISCC is available from www.niscc.gov.uk - -- Title = Four Microsoft Security Bulletins: 1. MS02-054:Unchecked Buffer in File Decompression Functions Could Lead to Code Execution 2. MS02-055:Unchecked Buffer in Windows Help Facility Could Enable Code Execution 3. MS02-056:Cumulative Patch for SQL Server 4. MS02-057: Flaw in Services for Unix 3.0 Interix SDK Could Allow Code Execution Detail == 1. Microsoft Security Bulletin - MS02-054: Unchecked Buffer in File Decompression Functions Could Lead to Code Execution Full Bulletin available at: http://www.microsoft.com/technet/security/bulletin/MS02-054.asp = 2. Microsoft Security Bulletin - MS02-055: Unchecked Buffer in Windows Help Facility Could Enable Code Execution Full Bulletin available at: http://www.microsoft.com/technet/security/bulletin/MS02-055.asp = 3. Microsoft Security Bulletin - MS02-056: Cumulative Patch for SQL Server Full Bulletin available at: http://www.microsoft.com/technet/security/bulletin/MS02-056.asp = 4. Microsoft Security Bulletin - MS02-057: Flaw in Services for Unix 3.0 Interix SDK Could Allow Code Execution Full Bulletin available at: http://www.microsoft.com/technet/security/bulletin/MS02-057.asp = Reprinted with permission of Microsoft Corporation. - -- For additional information or assistance, please contact the HELP Desk by telephone or Not Protectively Marked information may be sent via EMail to: [EMAIL PROTECTED] Tel: 020 7821 1330 Ext 4511 Fax: 020 7821 1686 - -- UNIRAS wishes to acknowledge the contributions of Microsoft for the information contained in this Briefing. - -- This Briefing contains the information released by the original author. Some of the information may have changed since it was released. If the vulnerability affects you, it may be prudent to retrieve the advisory from the canonical site to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by UNIRAS or NISCC. The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. Neither UNIRAS or NISCC shall also accept responsibility for any errors or omissions contained within this briefing notice. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this notice. UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large. - -- End of UNIRAS Briefing -BEGIN PGP SIGNATURE- Version: PGP 7.0.4 iQCVAwUBPaGFP4pao72zK539AQH+DgP/fIPpAxOm+T9D/D1e2Prwu6VfPvP/pa7Q dk7aic2UXfTs6cyB3uVFr0+rqUCYX3ht8xujz7ZY68hcbcUXmvoHHkztDigCqwXv DQP3qgeMm3OXPv17iAsA6rcqyzM38ivQuFOJoG1uG15+WTt2hIWTWxq3bGGNRwab IFxC7HxkOvM= =tWBz -END PGP SIGNATURE- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
[INFOCON] - News 10/15/02
_ London, Tuesday, October 15, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ - To subscribe - send an email to [EMAIL PROTECTED] with subscribe infocon in the body To unsubscribe - send an email to [EMAIL PROTECTED] with unsubscribe infocon in the body - _ [News Index] [1] Bluetooth may leave PDAs wide open [2] Security tops list of reasons not to deploy Web Services [3] Former FBI chief takes on encryption [4] Outlook Express flaw helps hackers [5] Terror Czar: The War Is Digital [6] Task force urges distributed intelligence [7] Sendmail downloads hit by random hack [8] How to hack people [9] (HS) Tough decisions [10] US Copyright Office wakes up to flaws in anti-hacking law [11] China clamps down on Net cafes - again [12] FBI to build forensics center in Silicon Valley [13] Bush advisor: Cybercrime costs us billions [14] Linux firewalls: IT Manager's top picks [15] Mozilla's 'Code of Silence' Isn't [16] Lawmakers focus on security-related technology issues [17] House committee votes to create E-gov administrator _ News _ [1] Bluetooth may leave PDAs wide open 15:26 Thursday 10th October 2002 Peter Judge RSA 2002: If you have Bluetooth, make sure security is enabled, or others might snoop your contacts or even make calls from your phone Bluetooth-enabled phones and PDAs may have a gaping security gap, which could allow other people to read data such as personal contacts and appointments, and even make phone calls using the owner's identity. Some of these devices are shipped with the security features in Bluetooth disabled, allowing other Bluetooth devices access, according to RSA Security. I have stood at the RSA booth in conferences, with my phone paging for other devices, and watched other people's devices show up, said Magnus Nystrom, technical director of RSA Security. Many devices simply allowed access without demanding a pairing code, said Nystrom, and would have allowed him to examine the personal data of passers-by, or even to make calls with their phones. http://news.zdnet.co.uk/story/0,,t460-s2123677,00.html http://www.theregister.co.uk/content/55/27572.html http://www.washingtonpost.com/wp-dyn/articles/A11227-2002Oct11.html [2] Security tops list of reasons not to deploy Web Services By ComputerWire Posted: 11/10/2002 at 08:54 GMT End-to-end security of web services forms the most significant barrier to implementation by organizations, but this is not expected to hinder future development. A biannual survey of North American developers by Evans Data found 24% of respondents list security concerns as the number one reason for not rolling out web services - a growth of five percentage points since Evans previous survey, conduced in March. http://www.theregister.co.uk/content/55/27560.html [3] Former FBI chief takes on encryption 11:43 Tuesday 15th October 2002 Declan McCullugh, CNET News.com Louis Freeh may have lost his battle against allowing encryption when he was at the FBI, but he is continuing the fight now he's left the federal agency When Louis Freeh ran the FBI, he loved nothing more than launching into a heartfelt rant against the dangers of encryption technology. In dozens of hearings and public speeches, the FBI director would urge Congress to limit encryption products, such as Web browsers and email scrambling utilities, that did not include backdoors for government surveillance. http://news.zdnet.co.uk/story/0,,t269-s2123893,00.html [4] Outlook Express flaw helps hackers Oops, we did it again. Again... Microsoft has warned Outlook Express users that a software flaw could allow an online vandal to control their computers. A critical vulnerability in the email reader could allow an attacker to send a specially formatted message that would crash the software and potentially take control of the
[INFOCON] - CRYPTO-GRAM, October 15, 2002
-Original Message- From: Bruce Schneier [mailto:[EMAIL PROTECTED]] Sent: 15 October 2002 23:50 To: [EMAIL PROTECTED] Subject: CRYPTO-GRAM, October 15, 2002 CRYPTO-GRAM October 15, 2002 by Bruce Schneier Founder and CTO Counterpane Internet Security, Inc. [EMAIL PROTECTED] http://www.counterpane.com A free monthly newsletter providing summaries, analyses, insights, and commentaries on computer security and cryptography. Back issues are available at http://www.counterpane.com/crypto-gram.html. To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a blank message to [EMAIL PROTECTED] Copyright (c) 2002 by Counterpane Internet Security, Inc. ** *** * *** *** * In this issue: National Strategy to Secure Cyberspace More on AES Cryptanalysis Crypto-Gram Reprints The Doghouse: GreatEncryption News Counterpane News One-Time Pads Comments from Readers ** *** * *** *** * National Strategy to Secure Cyberspace On 18 September, the White House officially released its National Strategy to Secure Cyberspace. Well, it didn't really release it on that date; versions had been leaking here and there for a while. And it really isn't a national strategy; it's just a draft for comment. But still, it's something. No, it isn't. The week it was released I got all sorts of calls from reporters asking me what I thought of the report, whether the recommendations made sense, and why certain things were omitted. My primary reaction was: Who cares? It doesn't matter what the report says. For some reason, Richard Clarke continues to believe that he can increase cybersecurity in this country by asking nicely. This government has tried this sort of thing again and again, and it never works. This National Strategy document isn't law, and it doesn't contain any mandates to government agencies. It has lots of recommendations. It has all sorts of processes. It has yet another list of suggested best practices. It's simply another document in my increasingly tall pile of recommendations to make everything better. (The Clinton Administration had theirs, the National Plan for Information Systems Protection. And both the GAO and the OMB have published cyber-strategy documents.) But plans, no matter how detailed and how accurate they are, don't secure anything; action does. And consensus doesn't secure anything. Preliminary drafts of the plan included strong words about wireless insecurity, which were removed because the wireless industry didn't want to look bad for not doing anything about it. Preliminary drafts included a suggestion that ISPs provide all their users with personal firewalls; that was taken out because ISPs didn't want to look bad for not already doing something like that. And so on. This is what you get with a PR document. You get lots of varying input from all sorts of special interests, and you end up with a document that offends no one because it demands nothing. The worst part of it is that some of the people involved in writing the document were high-powered, sincere security practitioners. It must have been a hard wake-up call for them to learn how things work in Washington. You can tell that a lot of thought and effort went into this document, and the fact that it was gutted at the behest of special interests is shameful...but typical. So now everyone gets to feel good about doing his or her part for security, and nothing changes. Security is a commons. Like air and water and radio spectrum, any individual's use of it affects us all. The way to prevent people from abusing a commons is to regulate it. Companies didn't stop dumping toxic wastes into rivers because the government asked them nicely. Companies stopped because the government made it illegal to do so. In his essay on the topic, Marcus Ranum pointed out that consensus doesn't work in security design. Consensus security results in some good decisions, but mostly bad ones. By itself consensus isn't harmful; it is the compromises that are almost always harmful, because the more parties you have in the discussion, the more interests there are that conflict with security. Consensus doesn't work because the one crucial party in these negotiations -- the attackers -- aren't sitting around the negotiating table with everyone else. And the hackers don't negotiate anyhow. In other words, it doesn't matter if you achieve consensus...; whether it works or not is subject to a different set of rules, ones over which your wishes exercise zero control. If the U.S. government wants something done, they should pass a law. That's what governments do. It's like pollution; don't mandate specific technologies, legislate results. Make companies liable
[INFOCON] - News 10/23/02
_ London, Wednesday, October 23, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ - To subscribe - send an email to [EMAIL PROTECTED] with subscribe infocon in the body To unsubscribe - send an email to [EMAIL PROTECTED] with unsubscribe infocon in the body - _ [News Index] [1] Attack on Net servers fails [2] Could a Worm Take Over the Net in Minutes? [3] Less noise at the CIA [4] Inside ICANN - The Jonathan Cohen Interview - part 1 [5] Software security--a matter of trust [6] Army making strides in intell [7] Web of deceit [8] Web Vandalism on the Rise [9] E-tailers join up to fight online fraud [10] UK ISPs balk at giving customer data to police [11] PsyOps leaflets may be dropped again [12] PSYOPS battalion heading to Iraq? [13] Encryption gets business boost [14] PGP reborn makes its pitch for the mainstream [15] Army mobilized on Objective Force [16] Customs planning classified net [17] Agencies collaborate with industry on nuclear supercomputer _ News _ (It is very difficult to attack such systems as there are too many redundancies. Such an attack would only have a chance of success if it lasted for a long time as other DNS servers would then be unable to update their lists. What I am interested in is to know what would happen if the US decided to cut off some countries and removed their domains from the root DNS, would there be an impact? Does anyone know? WEN) '... Still, the results were not severe. According to Matrix NetSystems, the peak of the attack saw the average reachability for the entire DNS network dropped only to 94 percent from its normal levels near 100 percent. ...' [1] Attack on Net servers fails By Robert Lemos Staff Writer, CNET News.com October 22, 2002, 7:40 PM PT An attempt to cripple the computers that serve as the address books for the Internet failed Monday. The so-called distributed denial-of-service attack leveled a barrage of data at the 13 domain-name service root servers beginning around 1 p.m. PDT Monday and apparently is ongoing, according to Internet performance measurement company Matrix NetSystems. Traffic from several Internet service providers have been slightly delayed, but because the domain name system is spread out and because the 13 root servers are the last resort for address searches, the attack had almost no effect on the Internet itself. http://news.com.com/2100-1001-963005.html Net backbone comes under cyberattack http://www.boston.com/dailyglobe2/296/business/Net_backbone_comes_under_ cyberattack+.shtml Key Internet servers hit by attack http://www.cnn.com/2002/TECH/internet/10/23/internet.attack.ap/index.htm l Hackers' bid to cripple Internet fails http://www.abc.net.au/news/scitech/2002/10/item20021023130601_1.htm Root server DoS attack slows net http://www.theregister.co.uk/content/6/27731.html (The paper is quite a cybergeddon scenario, but it is still interesting to read. Luckily reality looks different as most (but not all) virus/worm creators are quite lame, i.e. Nimda, Cod Red were quite primitive compared to what would have been possible. I would be really surprised if someone came up with a perfect virus or worm. Nevertheless, I would not be surprised if the military were working on such a program in research labs as it got potential. WEN) [2] Could a Worm Take Over the Net in Minutes? Could a Worm Take Over the Net in Minutes? Researchers are warning of dangerous new worms that would be almost impossible to stop, but not everyone is convinced. Ellen Messmer, Network World Tuesday, October 22, 2002 Computer science researchers are predicting new types of dangerous worms that would be able to infect Web servers, browsers, and other software so quickly that the working Internet itself could be taken over in a matter of minutes. Though still in the realm of theory, the killer worms described in a research paper entitled, How to Own the Internet in Your Spare Time, are triggering some skepticism but
[INFOCON] - News 10/18/02
_ London, Friday, October 18, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ - To subscribe - send an email to [EMAIL PROTECTED] with subscribe infocon in the body To unsubscribe - send an email to [EMAIL PROTECTED] with unsubscribe infocon in the body - _ [News Index] [1] Barriers block efforts to guard privacy [2] www.formatex.org/isbook/callforpaper [3] Online sourcing fails to deliver [4] Clarke Solicits Cyber-Security Input at MIT [5] Senate passes cyber RD funding [6] Can a Hacker Outfox Microsoft? [7] Glitches irk online bill payers [8] Al Qaeda shifts strategy [9] Where The E-Commerce Jobs Are [10] UK firm touts alternative to digital certs [11] Spammers crack through Windows [12] U.S. Attorney's Office in Dallas forms cybercrime unit [13] MasterCard bites back on Aust credit card hacking [14] Symantec on a roll, thanks to security boom [15] Secure Linux desktop begins shipping to UK police force [16] Agencies collaborate to beef up airport security [17] Customs accused of failing to protect against nuclear smuggling _ News _ [1] Barriers block efforts to guard privacy John Schwartz The New York Times Friday, October 18, 2002 NEW YORK Businesses, responding to lawmakers and consumers, say they are giving customers more control over the ways their personal information is used and sold. But in fact, many companies all but frustrate their customers' attempts to exercise that control. Barbara Bechtold of Sacramento, California, recounts the unending process of trying to keep companies from selling her e-mail address and the details of her credit card accounts, insurance policies and mortgage inquiries. When she tried to tell Pacific Bell not to share information that some phone companies sell - including calling habits - she said she found herself confronted with an automated voice. Most people, faced with too much twiddling and clicking, will get disgusted and say, 'Oh, forget it!' rather than try to get off those lists, Bechtold said. http://www.iht.com/articles/74120.html [2] www.formatex.org/isbook/callforpaper.htm -Original Message- From: ISBOOK 2002 [mailto:isbook2002;formatex.org] Sent: 17 October 2002 18:22 To: Wanja Eric Naef [IWS] Subject: reminder chapters submission Dear Colleagues, this is to remind that deadline for chapters submission for our forthcoming edition Techno-legal aspects of Information Society and New Economy:an Overview, is November 25th 2002. You can see the preliminary list of accetped contributions to date at the edition website www.formatex.org/isbook/callforpaper.htm , which already include a number of very reputed national (Spain) and international authors: Thank you for your attention Jose Antonio Mesa Gonzalez Formatex *-*-*-*-*-*-*-*-*-*-* Estimados amigos, os recordamos que la fecha límite para el envio de propuestas (Capítulos) para nuestra proximo libro titulado Techno-Legal aspects of Information Society and New Education: an Overview es el 25 de Noviembre de 2002. Podeis ver una lista preliminar del contenido que hasta ahora tiene la edición en la web de la misma, que cuenta ya con algunos autores muy destacados tanto a nivel nacional como internacional: www.formatex.org/isbook/callforpaper.htm Un cordial saludo a todos. Jose Antonio Mesa Gonzalez Formatex [3] Online sourcing fails to deliver by Daniel Thomas Thursday 17 October 2002 Online sourcing is delivering far lower savings to business than expected because of hidden costs inherent in the new purchasing model, Forrester Research has warned. In a report released last week, the analyst firm said that European companies have failed to achieve the levels of cost savings hoped for from online sourcing initiatives. Forrester puts the failures down to fudged price comparisons and weak purchasing compliance. David Metcalfe, senior analyst at Forrester, said companies should
[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-168 Date: 18 October2002
OCIPEP DAILY BRIEF Number: DOB02-168 Date: 18 October 2002 http://www.ocipep.gc.ca/DOB/DOB02-168_e.html NEWS OCIPEP issues Incident Analysis OCIPEP issued Incident Analysis IA02-001, on 17 October 2002, of the lessons learned following the 11 September 2001 terrorist attacks in New York and Washington. The Incident Analysis, titled The September 11, 2001 Terrorist Attacks - Critical Infrastructure Protection Lessons Learned is meant to assist Canadian critical infrastructure (CI) owners and operators with their business continuity planning and emergency management (EM) preparations by identifying critical infrastructure protection (CIP) and EM lessons that can be learned from these tragic events. The analysis is based on open source information and feedback provided by CIP and EM partners. Alberta emergency preparedness questioned - Auditor General of Alberta annual report According to the Auditor General of Alberta annual report, released 17 October 2002, Alberta is currently ill-equipped to cope with natural disasters or other emergencies. The report states that the Province's Government Emergency Operations Centre (GEOC) has poor security, is not big enough and is generally unsuitable as a command centre. The report suggests that the task of making the province disaster-resistant is rendered more difficult by several factors, including: the devolution of responsibility for emergency preparedness to municipalities (creating greater potential for variation in plans); the difficulty of coordinating effective emergency preparedness amongst the large number of stakeholders, including provincial government departments, municipal governments, First Nations, industry and the federal government; and the increase in the risk of diseases, such as foot-and-mouth and mad cow disease, and threats of domestic terrorism. (Source: Auditor General of Alberta, 17 October 2002) To view the full Auditor General of Alberta report, got to http://www.oag.ab.ca/ and click on the Annual Reports link. The section of the document related to emergency preparedness is recommendation no. 46. OCIPEP Comment: Alberta's current legislation regarding emergency preparedness is generally regarded to be one of Canada's most comprehensive and far-reaching pieces of provincial emergency management (EM) legislation. (As acknowledged in the Auditor's report, Alberta's legislation compels municipalities to have an emergency response plan in place, to review it every two years and to exercise it every four years.) This most recent AG's report may have the benefit of bringing attention to any outstanding issues related to EM in Alberta. The requirement for a new Alberta Government Emergency Operations Centre has been identified for some time now and is part of on-going discussions on co-location with OCIPEP's Alberta Regional Office. Correctives actions have been initiated for some time by officials of ADS in regard to coordination of plans at both the municipal and provincial levels. A provincial template for emergency plans has been in place for some time now for use by provincial departments and District Officers of ADS work with municipal officials in reviewing their plans on a regular basis. Additionally these plans will be evaluated in accordance with an approved standardized exercise template, now being implemented. Since September 11, 2001, Alberta has worked with multiple stakeholders, including federal partners and the private sector in developing a counter-terrorism process for the province. Instant message programs are high security risks: Analysis Information Security e-zine provides an analysis of instant message (IM) services available on the Internet indicating that these services are potentially vulnerable to hacker attacks and that most users are not aware of the security risks associated with IM and other peer-to-peer applications. The article states that because IM is so widely available and because it has few security features, IT security managers need to find ways to curb its use in the workplace. Instant messaging vulnerabilities can be used by hackers to gain access to workstations, and from there to the internal network. The analysis describes features of the four most popular IM applications and their associated vulnerabilities. (Source: infosecuritymag.com, August 2002) Click here for the source article OCIPEP Comment: OCIPEP Daily Brief DOB02-070, released 29 May 2002, reported that IM services were particularly vulnerable to hacker exploit attempts. Interestingly, this latest analysis was published shortly after several financial services firms formed the Financial Services Instant Messaging Association (FIMA) earlier this summer. The committee has a stated goal of fostering technical harmony among IM providers Yahoo, AOL, MSN and others. For the finance industry, IM is vital for internal and client communications; a lack of IM interoperability has been a source of increasing frustration. (Source:
[INFOCON] - News 10/22/02
_ London, Tuesday, October 22, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ - To subscribe - send an email to [EMAIL PROTECTED] with subscribe infocon in the body To unsubscribe - send an email to [EMAIL PROTECTED] with unsubscribe infocon in the body - _ [News Index] [1] E-gov lays security net [2] Hundreds of Navy computers 'missing' [3] Army locks down wireless LAN [4] Lack of training your biggest threat [5] Guidelines for Reporting Security Incidents [6] Agency adds do-it-yourself security [7] Privacy Czar: Past Haunts Present [8] Comeback of the hacker king [9] E-card Sneakware Delivers Web Porn [10] Hackers, government join in fight for Internet freedom [11] VPNs? There must be better ways to wireless security [12] Professor's Case: Unlock Crypto [13] MS patches insecurity trio [14] Report says visa process improved after terrorist attacks [15] Busting Pop-up Spam [16] Security Concerns in Licensing Agreements, Part Two: Negotiating [17] Agencies' IT budgets on 'roller coaster,' group says [18] FTC forces spammer to refund domain fees [19] Government security experts urge Whitehall to adopt US cryptography [20] Why Dotcoms Failed (and What You Can Learn From Them) [21] An E-Mayor for Virtual L.A. City [22] A tough case to crack _ News _ [1] E-gov lays security net Efforts form homeland security foundation BY Dibya Sarkar Oct. 21, 2002 By most accounts, homeland security is the top concern among mayors and other local officials, who say they have no choice but to shift funds for overtime costs, preparation and training, and enhanced security measures at the expense of other programs. Those expenses, coupled with the troubled economy and promised federal dollars that haven't yet arrived, may force municipalities to scale back or even scrub some programs. http://www.fcw.com/fcw/articles/2002/1021/pol-egov-10-21-02.asp [2] Hundreds of Navy computers 'missing' 11:25 Monday 21st October 2002 Reuters The US Navy has lost track of many computers that may have handled classified data, finds an audit. And this may be just the tip of the iceberg The US Pacific Fleet's warships and submarines were missing nearly 600 computers as of late July, including at least 14 known to have handled classified data, an internal Navy report obtained on Friday said. The fleet, based in Pearl Harbor, Hawaii, sought to prevent release of the Naval Audit Service report, even though it was not classified. http://news.zdnet.co.uk/story/0,,t269-s2124182,00.html http://www.cw360.com/bin/bladerunner?REQUNIQ=1035289799REQSESS=Jc622399 REQHOST=site12131REQEVENT=CFLAV=1CCAT=2CCHAN=22CSESS=6680898CSEAR CH=CTOPIC=CPAGEN=Article%20PageCPAGET=-9CARTI=116804CARTT=14 [3] Army locks down wireless LAN Texas base uses formula of strength through diversity BY Paul Korzeniowski Oct. 21 Fort Sam Houston is a prime candidate for wireless networks. The San Antonio installation is home to the commanders of the Army's medical systems and supports various military training services, including battle simulation. Because other tactical groups often conduct tests at the site, a network may be installed for a week, a few months or even a year. http://www.fcw.com/fcw/articles/2002/1021/spec-army-10-21-02.asp [4] Lack of training your biggest threat By David Southgate TechRepublic October 17, 2002 Contrary to popular belief, corporate sabotage is among the least likely causes of computer security breaches. According to an April 2002 survey by the Computer Security Institute, sabotage accounted for just 8 percent of system attacks in 2002. Security breaches are more often due to errors by end users or administrators. The inadvertent gaffes are the main culprits for introducing viruses, allowing denial of service attacks, and opening entryways to supposedly secured data.
[INFOCON] - EPIC Alert 9.20
-Original Message- From: [EMAIL PROTECTED] [mailto:epic_news-admin;mailman.epic.org] On Behalf Of EPIC News Sent: 24 October 2002 22:15 To: [EMAIL PROTECTED] Subject: EPIC Alert 9.20 == @@@ @@ @ @ @ @ @ @@ @ @ @ @ @@ @@@@ @ @ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @@ @ @@@ @ @ @ @ @ == Volume 9.20 October 24, 2002 -- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_9.20.html === Table of Contents === [1] EPIC FOIA Lawsuit Seeks USA PATRIOT Act Information [2] EPIC Files Comments at FCC to Protect Telephone Privacy [3] Public Protest Over Data Retention Increases in Europe [4] DC City Council Discusses Regulation of Surveillance Cameras [5] National Academies Report on Sensitive but Unclassified [6] California Leads States in Privacy Protection [7] EPIC Bookstore - CTRL [SPACE] [8] Upcoming Conferences and Events === [1] EPIC FOIA Lawsuit Seeks USA PATRIOT Act Information === The Electronic Privacy Information Center today filed a Freedom of Information Act (FOIA) lawsuit asking a federal court to order the Department of Justice to account for its use of the extraordinary new surveillance powers granted to it by Congress last year. The records requested concern the government's implementation of the USA PATRIOT Act, legislation that was passed in the wake of the September 11 terrorist attacks. By amending laws such as the Foreign Intelligence Surveillance Act (FISA), the USA PATRIOT Act vastly expanded the government's authority to obtain personal information about those living in the United States, including United States citizens. EPIC and the American Civil Liberties Union filed the lawsuit as attorneys for their organizations and for the American Booksellers Foundation for Free Expression and the Freedom to Read Foundation, citing concerns that the new surveillance laws threaten the First Amendment-protected activities of librarians, library patrons, booksellers and their customers, and investigative journalists. The FOIA request, which was submitted to DOJ and the FBI on August 21, seeks general information about the use of new surveillance powers, including the number of times the government has: Directed a library, bookstore or newspaper to produce tangible things, e.g, the titles of books an individual has purchased or borrowed or the identity of individuals who have purchased or borrowed certain books; Initiated surveillance of Americans under the expanded Foreign Intelligence Surveillance Act; Conducted sneak and peek searches, which allow law enforcement to enter people's homes and search their belongings without informing them until long after; Authorized the use of devices to trace the telephone calls or e-mails of people who are not suspected of any crime; Investigated American citizens or permanent legal residents on the basis of activities protected by the First Amendment (e.g., writing a letter to the editor or attending a rally). Some of the information was previously sought by the House Judiciary Committee, and last week Rep. James Sensenbrenner (R-WI), the Chairman of the Committee, reported that he had received some of the information in classified form. The EPIC/ACLU court complaint is available at: http://www.epic.org/privacy/terrorism/patriot_foia_complaint.pdf Information on the USA PATRIOT Act is available at: http://www.epic.org/privacy/terrorism/usapatriot/ === [2] EPIC Files Comments at FCC to Protect Telephone Privacy === On October 21, EPIC filed comments with the Federal Communications Commission (FCC) urging it to protect the privacy of telephone customers when a telecommunications company goes out of business or wants to sell customer information as a business asset. The comments relate to the use by telecommunications carriers of customer proprietary network information (CPNI), which includes the name, telephone number, call information and services subscribed to by a telephone
[INFOCON] - (HS) Hart-Rudman Task Force on Homeland Security
A Year after 9/11, America Still Unprepared for a Terrorist Attack, Warns New Hart-Rudman Task Force on Homeland Security . Executive summary: http://www.cfr.org/publication.php?id=5100.xml Full text: http://www.cfr.org/publication.php?id=5099 http://www.cfr.org/pdf/Homeland_Security_TF.pdf Council on Foreign Relations Executive summary: America Still Unprepared - America Still in Danger, An Independent Task Force Sponsored by the Council on Foreign Relations October 25, 2002 - A year after 9/11, America remains dangerously unprepared to prevent and respond to a catastrophic attack on U.S. soil, concludes a blue-ribbon panel led by former Senators Warren Rudman and Gary Hart-co-chairs of the now famous Commission on National Security that warned of such a terrorist attack three years ago. The Independent Task Force, which came to this sober conclusion and which makes recommendations for emergency action, included two former secretaries of state, two Nobel laureates, two former chairmen of the Joint Chiefs of Staff, a former director of the CIA and FBI, and some of the nation's most distinguished financial, legal, and medical experts. One of the country's leading authorities on homeland security, Council Senior Fellow Stephen Flynn, directed the Task Force. If the nation does not respond more urgently to address its vulnerabilities, the Task Force warns, the next attack could result in even greater casualties and widespread disruption to our lives and economy. The critical need to make specific preparatory acts is made even more imperative by the prospect that the United States might go to war with Iraq and that Saddam Hussein might threaten the use of weapons of mass destruction in America. The Task Force credits the Bush administration, Congress, governors and mayors for taking important measures since 9/11 to respond to the risk of catastrophic terrorism, and does not seek to apportion blame about what has not been done or not done quickly enough. The report is aimed, rather, at closing the gap between our intelligence estimates and analysis-which acknowledge immediate danger on the one hand-and our capacity to prevent, mitigate and respond to these attacks on the other. Among the risks that still confront the United States: 650,000 local and state police officials continue to operate in a virtual intelligence vacuum including having no access to terrorist watch lists provided by the U.S. Department of State to immigration and consular officials. While 50,000 federal screeners are being hired at the nation's airports to check passengers, only the tiniest percentage of containers, ships, trucks, and trains that enter the United States each day are subject to examination-and a weapon of mass destruction could well be hidden among this cargo. First responders-police, fire, emergency medical personnel-are not ready to respond to a chemical or biological attack. Their radios can't talk with one another and they lack the training and protective gear to protect themselves and the public in an emergency. The consequence of this could be the unnecessary loss of thousands of American lives. An adversary intent on disrupting America's reliance on energy need not target oilfields in the Middle East. The homeland infrastructure for refining and distributing energy to support our daily lives remains largely unprotected to sabotage. Our own ill-prepared response has the capacity to hurt us to a much greater extent than any single attack by a terrorist. America is a powerful and resilient nation and terrorists are not supermen. But the risk of self-inflicted harm to our liberties and way of life is greatest during and immediately following a national trauma. To deal with these and other weaknesses, the Task Force makes a number of recommendations for emergency action, including the following: Make first responders ready to respond by immediately providing federal funds to clear the backlog of requests for protective gear, training, and communications equipment. State and local budgets cannot bankroll these necessities in the near term. Recalibrate the agenda for transportation security; the vulnerabilities are greater and the stakes are higher in the sea and land modes than in commercial aviation. Strengthen the capacity of local, state, and federal public heath and agricultural agencies to detect and conduct disease outbreak investigations. The key to mitigating casualties associated with a biological attack against people or the food supply is to identify the source of infection as early as possible. Empower front line agents to intercept terrorists by establishing 24-hour operations centers in each state that can provide access to terrorist watch list information via real time intergovernmental links between local and federal law enforcement Fund, equip, and train National Guard units around the country to ensure they can support the new state homeland security plans under
[INFOCON] - News 10/17/02
_ London, Thursday, October 17, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ - To subscribe - send an email to [EMAIL PROTECTED] with subscribe infocon in the body To unsubscribe - send an email to [EMAIL PROTECTED] with unsubscribe infocon in the body - _ [News Index] [1] DARPA developing info awareness [2] Beneath the Threat of Cyber-Terror [3] Existing technologies could bridge information gaps [4] Existing technologies could bridge information gaps [5] Security Expert Gives Operating Systems Poor Security Grade [6] Senate moves closer to homeland security compromise [7] World Cybercrime Experts See Need for Laws, Ties [8] A Deadly Cocktail of Cyber and Physical Attack [9] (UK) Police put Linux on trial [10] More Americans go online [11] Copyrights, Wrongs Get a Review [12] Online industry ignorant of new laws [13] Symantec warns of security hole in firewall products [14] Handy future for online security [15] MS beta site cracked [16] Identifying and Tracking Emerging and Subversive Worms Using ... [17] Energy Department rolls out e-gov plan [18] Westminster man sentenced in trade-secrets case _ News _ [1] DARPA developing info awareness BY Dan Caterinicchia Oct. 17, 2002 The Defense Advanced Research Projects Agency is developing a total information awareness system to enable national security analysts to detect, classify, track, understand and pre-empt terrorist attacks against the United States. The system, parts of which are already operational, will bring together other systems and technologies to help military and intelligence analysts make decisions related to national security, said Robert Popp, deputy director of DARPA's Information Awareness Office, which is heading up the effort. http://www.fcw.com/fcw/articles/2002/1014/web-darpa-10-17-02.asp (FUD, FUD FUD, ... I am amazed to which experts journalists go sometimes and believe everything. For example I am not a PsyOps experts (I am very interested in Influence Operations, but I do not consider myself a subject expert), but I have been contacted by British print and radio press and a US TV news network to comment about which I usually kindly reject (even though I have to admit the prime time US news thing was tempting). ... A well-orchestrated terrorist group like Al Qaeda would have the capabilities, the allegiances, the technical skill-sets... they've already demonstrated that ability, Schwartau said. Whatever the hackers know, the bad guys can know, if they choose to know it. ... H what a statement! I still love Securitynewsportal's comments to a similar statement few months ago which said: 'The Al Qaeda could also be preparing to fly to the moon under their own power... but reality and the laws of gravity dictate that they might have a hard time... There is a significant difference between what people 'want' to do and what they are 'able' to do... The drunken hamster wants to date a blonde 19 year old beauty queen... Want to guess what his chances for success are ?' * ... Goggans says a terrorist-caused blackout could have deadly effects. Are you on an iron lung? Are you in the area of a major hospital? Who knows what could happen? A lot of things are really dependent on power, he said. ... * I really wonder sometimes: there were major blackout (naturally not caused by cyberterrorists) and people managed to survive. *** '... Meanwhile, the chance for cyber-terrorists to easily break in to wireless systems is growing all the time. While the tech sector remains extremely weak, wireless is booming. ...' * Gee, do I have to be afraid now that Bin Laden is going to wardrive around Wimbledon to break into my PC? Such articles are not constructive as they do not help to educate the average John Jane Doe on the street about real security issues and some journalists should think twice before publishing such rubbish. WEN) [2] Beneath the Threat of Cyber-Terror By
[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-167 Date: 17 October2002
http://www.ocipep.gc.ca/DOB/DOB02-167_e.html OCIPEP DAILY BRIEF Number: DOB02-167 Date: 17 October 2002 NEWS Canada's environment threatened by U.S. greenhouse emissions A report entitled America's Gas Tank, the high cost of Canada's oil and gas export strategy, jointly issued by the Natural Resources Defence Council and the Sierra Club of Canada, states that Canada's oil and gas drilling boom of the past decade, which resulted in the exportation of commodities to the U.S., has been destroying Canada's wilderness with greenhouse emissions. (Source: sierraclub.ca; nrdc.org, 16 October 2002) Click here for the source article - 1 Click here for the source article - 2 OCIPEP Comment: The report can be viewed at the following address: http://www.nrdc.org/land/use/gastank/gastank.pdf Infrastructure partnerships proposed A former director of the Critical Infrastructure Protection program at the U.S. Department of Energy proposed that the U.S. Office of Homeland Security sponsor regional Partnerships for Homeland Security, similar to Pacific Northwest Economic Region (PNWER), which includes five U.S. states and three Canadian provinces. (Source: computerworld.com, 16 October 2002) Click here for the source article OCIPEP comment: As reported in OCIPEP Daily Brief DOB02-120, released 9 August, members of PNWER took part in the Blue Cascades exercise, which sought to assess the region's ability to respond to a terrorist attack on critical infrastructures. The scenario resulted in a prolonged power failure that could have lasted over weeks or months. Participants found that Blue Cascades met its objectives in highlighting regional infrastructure interdependencies and the preparedness gap, which must be addressed in order to create a disaster resistant region. CDC recommends smallpox vaccination for hospital staff As reported in OCIPEP Daily Brief DOB02-166, released October 16, the Advisory Committee on Immunization Practices (ACIP) of the Centers for Disease Control and Prevention (CDC) is meeting to pursue a policy on the potential U.S. responses to a smallpox attack. The ACIP voted 8-1 to endorse a plan for a mass vaccination of about half a million health care workers for smallpox. The decision is a revision of an earlier ACIP recommendation, which suggested the vaccination of just 10,000-20,000 emergency health care workers at regional hospitals designated as smallpox treatment centres. Under the new plan, vaccinations would be offered to health care workers at U.S. hospitals capable of handling smallpox cases. The newly-endorsed recommendation comes closer to, although not mirroring, the White House proposal, under which health care workers, first responders and the general public would be offered vaccinations, in that order. The White House, which will make the final decision on the vaccination policy, has been weighing the potential benefits of mass pre-attack vaccination against the health and liability risks posed by administering the smallpox vaccine to millions of people. (Source: cnn.com, 16 October 2002; msnbc.com, 17 October 2002) Click here for the source article - 1 Click here for the source article - 2 OCIPEP comment: According to Health Canada, the ring vaccination approach remains Canada's intended response to a smallpox outbreak; the mass vaccination approach is not recommended due to its many risks. The vaccine for smallpox is not yet approved by the U.S. Food and Drug Administration (FDA), and can have minor to severe effects on its recipients. People who have: lowered immune systems (very young and very old), human immunodeficiency virus (HIV), cancer, transplanted organs, and/or eczema are especially susceptible to adverse reactions from the vaccine. Side effects can include extensive skin reactions, systematic vaccinia infections and encephalitis. It is estimated that approximately one in one million people die from smallpox vaccine-induced complications. Additional information on small pox and small pox vaccination can be found at http://www.hc-sc.gc.ca/english/epr/smallpox.html International handbook for critical information infrastructure protection released Earlier this year, the Comprehensive Risk Analysis and Management Network released its annual International Critical Information Infrastructure Protection (CIIP) Handbook. It focuses on aspects of CIIP related to security policy and methodology. The security policy perspective evaluates policy efforts for the protection of critical information infrastructure in eight countries, including Canada. The methodological perspective discusses selected methods and models to analyze and evaluate various aspects of critical information infrastructure. The International Critical Information Infrastructure Protection Handbook can be viewed online or ordered from http://www.isn.ethz.ch/crn/extended/index.cfm?service=handbook (Source : Comprehensive Risk Analysis and Management Network) OCIPEP comment: Though the information in
[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-174 Date: 28 October2002
OCIPEP DAILY BRIEF Number: DOB02-174 Date: 28 October 2002 http://www.ocipep.gc.ca/DOB/DOB02-174_e.html NEWS OCIPEP issues Advisory AV02-046 On 25 October 2002, OCIPEP issued Advisory AV02-046, subsequent to CERT/CC's report of a new remote buffer overflow in the Kerboros Administration Daemon. The remote vulnerability could result in the execution of arbitrary code or commands. It is recommended that users contact the vendor of the affected software for patches and updates. OCIPEP Comment: The latest OCIPEP Advisories can be viewed at: http://www.ocipep.gc.ca/home/index_e.html#upd Amtrak increases security U.S. passenger railroad operator Amtrak has increased security of its trains and stations following last week's FBI warning about possible terrorist attacks on trains. The increase in security measures, however, should not be evident to passengers, according to Amtrak President David Gunn. (Source: abcnews.go.com, 25 October 2002) Click here for the source article OCIPEP Comment: As reported in OCIPEP Daily Brief DOB02-173 released 25 October 2002, in response to the threat of terrorist activity, U.S. officials had begun implementing additional protective measures including increased presence of law enforcement officers, increased surveillance of critical areas and improved physical protections. OCIPEP has no information on specific threats to Canadian critical infrastructure. West Nile virus detected in U.K. In the U.K., the Guardian reports this morning that scientists may have recently found traces of the virus in dead birds. If confirmed, this would constitute the first occurrence of the West Nile virus in that country. (Source: guardian.co.uk, 28 October 2002) Click here for the source article OCIPEP Comment: There have been two confirmed West Nile virus deaths in Canada, while at least 188 people have died in the U.S. to date. According to reports, meteorologists are predicting a mild winter and possibly a warm wet spring, conditions that will allow mosquitoes to thrive next year, increasing the chances that the virus could spread to most provinces. IN BRIEF APEC leaders unite to fight terrorism On Sunday, as the Asia-Pacific Economic Cooperation (APEC) forum in Mexico concluded, APEC leaders endorsed a declaration made by their senior ministers who said that terrorism in all its forms is a threat to economic stability in APEC as well as a threat to regional peace and stability. (Source: economist.com, 28 October 2002) Click here for the source article Europe cleans up after windstorm A powerful windstorm struck Britain and northwestern Europe on 27 October, bringing with it gusts of up to 150 km/hr, which uprooted trees and cancelled air, sea and rail travel. Officials said buildings sustained structural damage. The storm also blew down power lines, knocking out electricity to thousands of people in England and Wales. Air France and British Airways cancelled dozens of flights, while ferry trips to the European mainland were cancelled. Officials in the U.K. estimate the damage could total up to $150 million. (Source: cbc.ca, 28 October 2002) Click here for the source article Series of earthquakes awaken Sicily's Mount Etna As many as 200 small earthquakes hit the region of Catania, with the strongest registered at a magnitude of 4.2 on the Richter scale. As a result, after months of tranquility, Mount Etna erupted spewing lava and ashes, igniting fires in forests nearby. (Source: reuters.com, 28 October, 2002) CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products See : News - OCIPEP issues Advisory AV02-046 Threats Central Command reports on BDS/Nethief.XP.C, which is a Trojan horse that could allow someone with malicious intent backdoor access to a computer. If executed, it adds the file IExplorer.exe to the \windows\%syste% directory and stays resident in memory. It arrives with the subject line Iraqi FM: US Wants Change in International Law, Subordinate World to US Hegemony and the attachment IExplorer.exe. http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_ad p.php?p_refno=021024-12 Central Command reports on Worm/FriendGreet, which is a worm that arrives in a user inbox as an electronic greeting card from http://www.friendgreetings.com; with the subject line RECIPIENT you have an E-Card from SENDER. If a user clicks on the URL provided, the page is loaded and the user is prompted to download and run an msi-installer and to accept 2 separate End User License Agreements (EULA). If the user agrees, the program will install itself as the program Friend Greetings.msi or Friend%20Greetings.msi and then send itself out to all contacts in the user's address book. http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_ad p.php?p_refno=021025-10 Vulnerabilities SecuriTeam reports on a remotely exploitable denial-of-service vulnerability in IBM Infoprint Remote Management. No known
[INFOCON] - News 10/29/02
_ London, Tuesday, October 29, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ - To subscribe - send an email to [EMAIL PROTECTED] with subscribe infocon in the body To unsubscribe - send an email to [EMAIL PROTECTED] with unsubscribe infocon in the body - _ [News Index] [1] Of mad snipers and cyber- terrorists [2] Government, industry debate international IT security center [3] 'We are the worst security risk' - sys admins confess [4] RPT-Pro-Islamic hackers gear up for cyber war-experts [5] Reuters accused of hack attack [6] Pentagon computers tougher for hackers [7] Talking security [8] Universities asked to avert student file sharing [9] E-Commerce Patent Disputes Erupt [10] Kournikova virus writer loses appeal and faces 150 hours' community service [11] Report: Market forces not enough to improve security [12] Mexico summit urges anti-piracy action [13] Perspective: Privacy advocates lose an ally [14] Australian team patents new firewall technology [15] Hackers claim to have cracked new secure Xbox [16] Army vendor team advances FCS [17] Attack of the Mod Squads _ News _ [1] Of mad snipers and cyber- terrorists By Thomas C Greene in Washington Posted: 29/10/2002 at 01:34 GMT Last Monday the Internet was attacked in what one Washington official described as the most sophisticated and largest assault in its history. Eight of thirteen root DNS servers got whacked simultaneously with a distributed denial of service attack. Had the assault not been shut down in an hour, the constant interchange of e-mail spam and viruses might have been slowed; the ability of millions to BS idly with strangers in IRC might have been impeded; e-commerce orders of bulk dog food might have gone unfulfilled; and millions of teenagers might have been denied their daily downloads of porn and warez and MP3s. None of this happened, of course. Somehow, the Internet survived. It survived against the dire warnings of White House alarm divas Richard Clarke and Howard Schmidt. It survived against the patently faked predictions of Gartner Experts who recently conducted devastating cyber 'war games' but sleazily neglected to involve a blue team and sleazily neglected to emphasize this curious fact. Had there been people working against the Gartner pseudo attack squads, as there would be in the real world, their pseudo results would have been vastly different. http://www.theregister.co.uk/content/55/27819.html See also Mock cyberwar fails to end mock civilization http://theregister.co.uk/content/archive/26675.html [2] Government, industry debate international IT security center By William New, National Journal's Technology Daily BRUSSELS, BELGIUM - U.S. and European officials and businesses on Monday debated the merits of a proposal to establish a global center for information technology security based on the center that united them in their fight against the much-anticipated Y2K computer bug. Harris Miller, president of the Information Technology Association of America, raised the issue here at the U.S.-EU IT Security Forum. There is still no mechanism globally that allows governments on an instantaneous basis, and industry on an instantaneous basis across industries, to communicate regularly or in the case of a crisis about cyber security, he said in an interview. Miller said that like the Y2K center, the proposed International Information Security Coordination Center could be a small and inexpensive operation. The players are in place, but the coordination center is necessary to get all the players on the same page, to get the communications network established, he said. http://www.govexec.com/dailyfed/1002/102802tdpm2.htm [3] 'We are the worst security risk' - sys admins confess By John Leyden Posted: 28/10/2002 at 12:04 GMT More than half of all senior IT managers (58 per cent) think that their own IT departments offer the largest
[INFOCON] - The Economist: Survey - digital security
(This week's Economist has a special section on Information Security which is well worth a read as it is well researched (in comparison to the usual cybergeddon article). P.S. I have been contacted by a Pentagon Reporter who is looking for a PsyOps expert. He is 'writing a story about possible PSYOPS should the U.S. decide to invade Iraq. The story would look at past operations, particularly Panama, and the challenge of carrying out such an operation in the teeming city of Baghdad. Would like to talk to either operators or experts in the field.' If any list member is interested please let me know. WEN) On digital terrorism: '... It is true that utility companies and other operators of critical infrastructure are increasingly connected to the Internet. But just because an electricity company's customers can pay their bills online, it does not necessarily follow that the company's critical control systems are vulnerable to attack. Control systems are usually kept entirely separate from other systems, for good reason. They tend to be obscure, old-fashioned systems that are incompatible with Internet technology anyhow. Even authorised users require specialist knowledge to operate them. And telecoms firms, hospitals and businesses usually have contingency plans to deal with power failures or flooding. ...' '... Like eco-warriors, he observes, those in the security industry-be they vendors trying to boost sales, academics chasing grants, or politicians looking for bigger budgets-have a built-in incentive to overstate the risks. ...' (Nice quote which is so true. WEN) Senior Management Support for InfoSec '...A second, related misperception is that security can be left to the specialists in the systems department. It cannot. It requires the co-operation and support of senior management. Deciding which assets need the most protection, and determining the appropriate balance between cost and risk, are strategic decisions that only senior management should make. ... ... Senior executives do not understand the threats or the technologies. It seems magical to them, says Mr Charney. Worse, it's a moving target, making budgeting difficult. ... Threats/Risk: '... Even senior managers who are aware of the problem tend to worry about the wrong things, such as virus outbreaks and malicious hackers. They overlook the bigger problems associated with internal security, disgruntled ex-employees, network links to supposedly trustworthy customers and suppliers, theft of laptop or handheld computers and insecure wireless access points set up by employees. ...' '... One of the biggest threats to security, however, may be technological progress itself, as organisations embrace new technologies without taking the associated risks into account. ...' Virus: '... Viruses are a nuisance, but the coverage they receive is disproportionate to the danger they pose. ...' Firewalls: '... Firewalls are no panacea, however, and may give users a false sense of security. To be effective, they must be properly configured, and must be regularly updated as new threats and vulnerabilities are discovered. ...' IDS: '... Compared with anti-virus software and firewalls, detection is a relatively immature technology, and many people believe it is more trouble than it is worth. The difficulty is tuning an IDS correctly, so that it spots mischievous behaviour reliably without sounding too many false alarms. ...' MS: '... Microsoft's policy of tight integration between its products, which both enhances ease of use and discourages the use of rival software makers' products, also conflicts with the need for security. ...' '... The Windows operating system is the largest piece of software ever written, so implementing security retrospectively is a daunting task. ...' Human Element of Security: '... If correctly handled, a management-based, rather than a solely technology-based, approach to security can be highly cost-effective. ...' '... But there are other, more subtle ways in which management and security interact. More than anything else, information security is about work flow, says Ross Anderson of Cambridge University's Computer Laboratory. The way to improve security, he says, is to think about people and processes rather than to buy a shiny new box. ...' Biometrics: '...The first is that the technology is not as secure as its proponents claim. ...' '... The second and more important problem is that biometric technology, even when it works, strengthens only one link in the security chain. ...' '... In short, biometrics are no panacea. The additional security they provide rarely justifies the cost. ...' Bottom Line: '... Security, in sum, depends on balancing cost and risk through the appropriate use of both technology and policy. The tricky part is defining what appropriate means in a particular context. It will always be a balancing act. Too little can be dangerous and costly-but so can too much. ...'
[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-175 Date: 29 October2002
OCIPEP DAILY BRIEF Number: DOB02-175 Date: 29 October 2002 http://www.ocipep.gc.ca/DOB/DOB02-175_e.html NEWS New act to make Ontario's drinking water safe New legislation aimed at ensuring Ontario has cleaner, safer drinking water will be unveiled by Ontario Premier Ernie Eves today. The Safe Drinking Water Act will look to impose rigorous standards for operators dealing with treatment, testing and distribution of Ontario's drinking water. Justice Dennis O'Connor recommended the creation of the new act following his inquiry into the Walkerton E. coli tragedy that killed seven and sickened 2,300 people in the spring of 2000. (Source: the star.com, 29 October 2002) Click here for the source article OCIPEP Comment: As reported in OCIPEP Daily Brief DOB02-154, released 27 September 2002, a report released by the Environmental Commissioner of Ontario (ECO) was critical of Ontario's response to water treatment and security. Proposal for global IT security centre On Monday, members of the U.S. - E.U. Information Technology Security Forum discussed the establishment of the International Security Coordination Center, a global centre for IT security, which would be based on the centre that was created to deal with Y2K-related events. The centre would allow industry and governments to communicate regularly on issues pertaining to cyber security and to react quickly during a crisis. (Source: GovExec.com, 28 October 2002) Click here for the source article OCIPEP Comment: As part of their eEurope 2005 program, the European Commission is expected to announce a European cybersecurity task force that will function as a response centre. The centre is to be operational by the end of 2003. Other potential actions concerning strengthening IT security include enhancing the widespread use of smartcards by the end of 2004 and developing a European Virus Alert System by the end of 2003. To see the European Commission recommendations on eSecurity, go to: http://europa.eu.int/information_society/newsroom/documents/catalogue_en .pdf. The eEurope 2005 actions can be found on page 16 of the PDF file. IT security a corporate priority: Report META Group, Inc., an IT consulting service, recently announced its findings pertaining to IT security spending in the year ahead. These findings were extracted from its 2003 Worldwide IT Benchmark Report, an annual survey of technology trends and economics. According to the study, despite META Group's predicted near 5 percent decrease in overall corporate IT spending in 2003, Chief Information Officers (CIO) have incrementally increased investments in security, a trend set in motion even before 11 September 2001. The report forecasts that spending on IT security and business continuity will be almost evenly split [among] infrastructure, business continuity, and information security. It goes on to state that, despite current economic conditions and smaller budgets, developing a comprehensive security and privacy architecture has become the focus for virtually all public-sector CIOs, even though most of their non-IT colleagues do not share the same sense of urgency. (Source: itWorldCanada.com, 28 October 2002) Click here for the source article OCIPEP Comment: To obtain a copy of the report, go to: http://www.metagroup.com/cgi-bin/inetcgi/commerce/productDetails.jsp?oid =33569 IN BRIEF Australia's foreign minister warns Canada about terrorism After meeting with Foreign Affairs Minister Bill Graham on Monday, Australia's foreign minister, Alexander Downer, warned that Canada should remain vigilant at all times against terrorist attacks. He voiced that no country is safe from terrorism and that the recent deadly attacks in Bali, Indonesia, should be a lesson to all countries, including Canada. (Source: the star.com, 28 October 2002) Click here for the source article Reuters accused of hacking Reports indicate that Swedish software company Intentia will file criminal charges against the Reuters news agency for allegedly hacking into the company's computer system to retrieve financial data that had not yet been publicly released. Reuters reportedly published information on Intentia's third quarter profits just minutes before it was issued by the company. (Source: ZD Net Australia, 29 October 2002) Click here for the source article Pro-Islamic hackers ready for cyber war: Experts The number of politically motivated computer attacks have risen sharply this month, according to British security firm mi2g. Hacking groups sympathetic to Islamic interests have increased their activities, which are primarily directed at computer systems in the U.S., U.K., India and Israel. (Source: REUTERS.com, 29 October 2002) Click here for the source article CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Central Command reports on VBS/WhyHoPo, which is a Visual Basic Script that copies itself to multiple directory locations when it is run.
[INFOCON] - (MIL) USAF Transforming Our Air and SpaceCapabilities
(Interesting speech by the secretary of the USAF. It looks at how the USAF is changing and stresses the importance of Space Dominance'. WEN) '... While the war on terror presents unprecedented challenges, the future has never been brighter for airmen. We are entering a new age of air and space power. There is now a growing consensus as a result of our successes in Iraq, the Balkans and Afghanistan that air and space capabilities can dramatically assist our joint forces to achieve victory swiftly and decisively regardless of distance or of terrain or of adversary. While we've been very successful in the past decade, our potential adversaries have come to accept our overwhelming military strength and as a result have grown increasingly less willing to engage our forces directly. We face a new reality. One in which our traditional defenses - deterrence and the protective barriers afforded by friendly neighbors and two large oceans may be of limited effect. This new reality highlights the absolute necessity of transforming our air and space capabilities. ...' '... Today's force in many ways is a transition force. Our legacy aircraft systems were built with specialized roles and they were very good. We have limited networking, limited all-weather delivery and limited stand off and our sensors are only partially integrated. ...' '... We are developing a range of systems that fulfill these objectives, from multi-mission command-and-control aircraft, smart tankers, an entire generation of unmanned vehicles, including Global Hawks, UCAVs (unmanned combat aerial vehicles) , armed scout Predators and shortly, hunter-killer UAVs (unmanned aerial vehicles). We are also developing a small diameter bomb and the airborne laser, to name just a few. ...' '... We are developing a range of systems that fulfill these objectives, from multi-mission command-and-control aircraft, smart tankers, an entire generation of unmanned vehicles, including Global Hawks, UCAVs (unmanned combat aerial vehicles) , armed scout Predators and shortly, hunter-killer UAVs (unmanned aerial vehicles). ...' * Space Dominance: '... We also realize that soon will come a time when space systems will grow beyond their traditional role as force enhancers and then will play a more active role in preventing, fighting and winning wars. Our adversaries have noted the advantages we have gained from space, and given the total interdependence we see in air and space power, we cannot risk the loss of space superiority. We must and will continue our efforts to protect our space assets and prepare ourselves to counter any enemy's space assets. ...' '... While space capabilities have been an essential contributor in recent operations, we must modernize to maintain our war fighting advantage. In the early stages of space age, most capabilities were used by a limited group of users and they were highly classified. The current space regime is decidedly different. The forms and distinctions between black programs, white space, military, civil and commercial are growing increasingly blurred and we must ensure our space architectures remain capable of supporting our military missions as well as our civil users who rely on them for the swift flow of information and commercial applications. ...' - Transforming Our Air and Space Capabilities Dr. James G. Roche, Secretary of the Air Force Remarks to the Air Force Association National Convention luncheon, Washington, D.C., Sept, 18, 2002 First, let me say hello. I recognize that between the end of this whole thing and you only stand me, so I will try to make this mercifully brief. I would like to say thank you to some of my predecessors, Secretary (Robert C.) Seamans (Jr.), Secretary (John L.) McLucas, Secretary Whit Peters and Secretary Pete Aldridge. Thank you for being here. You make me feel like the PhD student who has to defend his thesis in front of people who know what they are talking about, which is usually what I don't have to do. You make it very tough. Thank you, Tom, for that gracious if incomplete introduction. For those of you who don't know, Tom only told you what I do as a sideline. My real job, as many of you AFA aficionados realize is the holder of the Thomas McKee Chair of Pro Bono Public Speaking. I do believe that I am the only person he's talked into speaking at more AFA events. There is only one person he's done it more to, and that is the individual who is currently occupying the Air Force Association Chair in Oratorical Arts and Aircraft Designation, Gen. John Jumper. I want to salute you and your great team at the Air Force Association for putting together a wonderful program this week. You've had a chance to discuss many of the issues we are working on in the Air Force today, to celebrate the achievements of our best and brightest and to admire the great rhetorical skills and taxonomic creativity of our chief of
[INFOCON] - News 10/30/02
_ London, Wednesday, October 30, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ - To subscribe - send an email to [EMAIL PROTECTED] with subscribe infocon in the body To unsubscribe - send an email to [EMAIL PROTECTED] with unsubscribe infocon in the body - _ [News Index] [1] 12th Annual EICAR Conference: Call For Papers [2] Don't Touch that Dial [3] Defense, cybersecurity officials praise 'open source' software [4] China prevented repeat cyber attack on US [5] Politicians, police recruited to talk up IT security [6] Responsible Disclosure by Corporate Fiat [7] Homeland goes interstate route [8] Q A Kevin Mitnick [9] MS gets top security rating for Win2k, makes big noise [10] OMB issues draft standards to increase info-sharing, cut IT costs [11] NIST details certification process [12] Transcom chief touts IT [13] Tech firms seek to play role in military transformation effort [14] Defense procurement system prone to security lapses [15] Sniper leaves a mark [16] Brussels to spend 250k on Linux migration study [17] Introducing Network Attached Encryption [18] Wireless WarDrive: Wee Bit of Fun [19] Reuters says it wasn't hacking [20] Greeting card email is not a worm [21] Home-based cybersecurity defense won't work [22] Nowhere to Hide [23] Lawsuit to Test USA Patriot Act [24] CIA warns of Net terror threat [25] Online sales decline for first time [26] A new threat to ICANN authority? [27] Dear Saddam, How Can I Help? [28] Technology: Military conference highlights information systems [29] Golden Age of IT Hasn't Arrived Yet [30] DoCoMo gets defaced [31] Is a larger Net attack on the way? [32] Employee surveillance unaffected by terror threat [33] FIPS testing finds lots of mistakes in crypto IT _ News _ [1] 12th Annual EICAR Conference: Call For Papers 12th Annual EICAR Conference: Call For Papers The Conference will be held May 10-13 in Copenhagen, with three streams of interest: -Malware -Critical Infrastructure Protection (CIP) -IT-Law and Forensics with contributions from industry, government, and research. With the goal of keeping abreast of new developments, EICAR will be a forum for discussions on subjects past, present and future, pertaining to IT-Security in an Insecure Web. Papers can be submitted through to December 1st, 2002. For more information on formatting, panels, area chairs and other things, check out http://conference.EICAR.org Submission of Papers to Area Chairs December 1, 2002 Notifications to Authors of Acceptance and Reviewers' Comments January 15, 2003 Submission of Camera-Ready Papers February 1, 2003 First Round Registration March 1, 2003 (I have seen a prototyp of such a phone due for release in January and it looks amazing as it got so many features, but unfortuntely it looks like they missed out the security bit. WEN) [2] Don't Touch that Dial Mobile phones packing Java virtual machines are gaining in popularity, and are headed for American shores. Will they be the next arena for malicious hacking? By Michael Fitzgerald, Oct 29 2002 9:05AM Java phones are coming to the U.S., bringing with them a second chance for mobile applications, and, experts caution, a new platform for malicious code. It's going to be an issue, says Tony Davis, acting CEO of Tira Wireless, a Toronto startup that certifies and publishes J2ME (Java 2 MicroEdition) applications. Davis already uses a Trojan horse program when he makes sales calls. When I meet with European carriers, I pull up a phone and show them a car racing game that's actually not just that, it's sending a huge amount of traffic back and forth, Davis says. I tell them, your customer is going to get a bill for 500 pounds at the end of the month, and who are they going to come after? You. http://online.securityfocus.com/news/1531 [3] Defense, cybersecurity officials praise 'open source' software By Drew
[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-176 Date: 30 October2002
http://www.ocipep.gc.ca/DOB/DOB02-176_e.html OCIPEP DAILY BRIEF Number: DOB02-176 Date: 30 October 2002 NEWS New act to make Ontario's drinking water safe - Update As reported in the OCIPEP Daily Brief DOB02-175 released 29 October 2002, the Safe Drinking Water Act was unveiled yesterday by the Ontario provincial government. The law will call for: licenses for all labs; a new position of chief provincial inspector; annual reports by the government to the legislature; and, new standards for water testing, treatment, distribution and quality. Early reaction to the bill has been mixed, with NDP MPP Marilyn Churley, the architect of the initial draft of the Safe Drinking Water Act, unhappy that the Conservative government version doesn't deal with source protection. Ontario Premier Ernie Eves said the government intends to follow Justice O'Connor's advice that it amend the Environmental Protection Act to cover source water protection. (Source: thestar.com, 30 October 2002) Click here for the source article OCIPEP Comment: Justice O'Connor's reports, made in the wake of the Walkerton tragedy, contained 121 recommendations to improve the safety and security of Ontario's drinking water. With regard to water source protection, the report stated that a strong source-protection program lowers risk cost-effectively, because keeping contaminants out of drinking water sources is an efficient way of keeping them out of the drinking water. Windows 2000 earns Common Criteria certification The Microsoft Windows 2000 operating system was awarded a Common Criteria certification, a document that spells out common security criteria recognized by 15 countries, including Canada and the U.K. Windows 2000 was certified at Evaluation Assurance Level 4, meaning that it was methodically designed, tested and reviewed. (Source: news.com, 29 October 2002) Click here for the source article U.S. Department of Commerce releases certification and accreditation guidelines The U.S. Department of Commerce has released the first of three sections of information security guidelines designed to fix the inconsistent and flawed security assessments for systems used by government agencies. Some current security certification procedures are excessively complex, outdated and costly to implement, according to the National Institute of Standards and Technology (NIST). A NIST researcher stresses that there is a need to move toward the adoption of a standardized process, which would allow federal agencies to better understand how their partners are dealing with the security issues. The other two sections of guidelines, one dealing with system controls, and the other with verification procedures and techniques, will be released next spring. (Source: computerworld.com, 29 October 2002) Click here for the source article OCIPEP Comment: A draft copy (PDF version) of the Guidelines for the Security Certification and Accreditation of Federal Information Technology Systems can be viewed at: http://csrc.nist.gov/sec-cert/SP-800-37-v1.0.pdf According to recent reports, although leading software companies have recently committed themselves to improving the latent security of the products they bring to market, there remains a significant threat to the security of information networks due to poorly secured software. According to @Stake, a U.S. security consultancy, 70 percent of security defects are due to flaws in software design. Microsoft recently publicly committed itself to ensuring the security of its products. However, according to analysts, the work the programmers are doing now will not be reflected in the company's products for a year or two. (Source: economist.com, 26 October, 2002) http://www.economist.com/surveys/displayStory.cfm?Story_id=1389575 IN BRIEF Alberta forest fires cost $300M The cost of fighting forest fires in Alberta this year was over $300 million, five times more than budgeted, according to a provincial fire information officer. The continuing droughts, as well as the evacuation of residents from several communities and road closures, were factors that contributed to the record expenses. (Source: cbc.ca, 29 October 2002) Click here for the source article CIA report warns against cyberterrorism In a report to the Senate Intelligence Committee, the Central Intelligence Agency (CIA) warns that groups such as Sunni extremists, Hezbollah and Aleph-formerly known as Aum Shinrikyo-may join al-Qaeda to wage cyberwarfare against the U.S. (Source: news.com, 29 October 2002) Click here for the source article Port Simpson - Update The B.C. Provincial Emergency Program has issued its tenth and final update concerning the power outage and roadway access closure at Port Simpson, 55 km north of Prince Rupert. Power has been restored since October 22, and community officials indicate they are past the crisis stage and have moved into recovery operations. A meeting will be held today to address the road restoration, which was
[INFOCON] - (CIA) CSI's Studies in Intelligence (UnclassifiedStudies Volume 46, Number 3, 2002)
(It contains some interesting articles. I would recommend to have a look at The Coming Revolution in Intelligence Analysis and the counterpoint article In addition to that there is also an article about PsyOps during WWII: The Information War in the Pacific, 1945. WEN) http://www.cia.gov/csi/studies/vol46no3/index.html INTELLIGENCE TODAY AND TOMORROW Policymakers and the Intelligence Community Supporting US Foreign Policy in the Post-9/11 World Richard N. Haass Understanding Our Craft Wanted: A Definition of Intelligence Michael Warner The Coming Revolution in Intelligence Analysis What To do When Traditional Models Fail Carmen A. Medina Counterpoint to The Coming Revolution in Intelligence Analysis Evolution Beats Revolution in Analysis Steven R. Ward Sorting Out National Interests Ways To Make Analysis Relevant But Not Prescriptive Fulton T. Armstrong HISTORICAL PERSPECTIVES Work Force Evolution One Woman's Contribution to Social Change at CIA Dawn Ellison Paths to Peace The Information War in the Pacific, 1945 Josette H. Williams INTELLIGENCE IN RECENT LITERATURE God's Eye: Aerial Photography and the Katyn Forest Reviewed by Benjamin B. Fischer From Munich to Pearl Harbor: Roosevelt's America and the Origins of the Second World War Reviewed by Michael Warner. Secrets of Victory: The Office of Censorship and The American Press and Radio in World War II Reviewed by Robert J. Hanyok COMMENTARY Response to Two Strategic Intelligence Mistakes in Korea, 1950 A Personal Perspective Thomas J. Patton IWS INFOCON Mailing List IWS - The Information Warfare Site http://www.iwar.org.uk
[INFOCON] - UNIRAS Brief - 383/02 - NISCC - Potential craftedpackets vulnerability in firewalls
-Original Message- From: UNIRAS (UK Govt CERT) [mailto:uniras;niscc.gov.uk] Sent: 31 October 2002 14:28 To: [EMAIL PROTECTED] Subject: UNIRAS Brief - 383/02 - NISCC - Potential crafted packets vulnerability in firewalls -BEGIN PGP SIGNED MESSAGE- - -- UNIRAS (UK Govt CERT) Briefing Notice - 383/02 dated 31.10.02 Time: 14:25 UNIRAS is part of NISCC(National Infrastructure Security Co-ordination Centre) - -- UNIRAS material is also available from its website at www.uniras.gov.uk and Information about NISCC is available from www.niscc.gov.uk - -- Title = NISCC Security Advisory: Potential crafted packets vulnerability in firewalls Detail == There have been reports to several major CERTs of attacks that can bypass packet filter firewalls. There has also been discussion on Bugtraq (see http://online.securityfocus.com/archive/1/296558/2002-10-19/2002-10-25/1 ). In this thread the Linux 2.4.19, Sun Solaris 5.8, FreeBSD 4.5 and Microsoft Windows NT 4.0 are identified as vulnerable. These attacks use specially crafted TCP packets with the SYN (synchronise) and FIN (final) flags set. Although crafted packets of this kind are not uncommon in probes on firewalls as a means of identifying the operating system, it appears that some packet filter firewalls will forward such packets because the FIN flag is interpreted as a request to end the TCP session, while the targeted host on the internal network interprets the SYN flags as a request to start a TCP session. This technique has been used to effect a SYN flood denial of service attack on the targeted host. To prevent this type of attack, packets that do not form part of the normal TCP state should be filtered. Expected states are packets with the following flags set: SYN, ACK (acknowledgement), SYN/ACK, RST (reset), RST/ACK, FIN and FIN/ACK. The PSH (push) and URG (urgent) flags may also be set in packets but they are used to prioritise processing of a packet. It follows that flag combinations such as SYN/FIN, SYN/RST, RST/FIN and a packet with no flags set (called null) should be treated as anomalous and should be filtered. Certain types of firewall are not vulnerable to this type of attack, namely circuit gateway (or proxy) or application proxy firewalls. These firewalls do not forward TCP packets; they establish a separate connection between the firewall and the recipient for the services proxied. If your firewall does not support filtering of TCP flags and is a packet filter firewall, you should contact your firewall vendor to determine if your firewall is vulnerable. A workaround solution in case the firewall is vulnerable is to install another firewall in front of the vulnerable firewall that does provide flage filtering functionality. - -- For additional information or assistance, please contact the HELP Desk by telephone or Not Protectively Marked information may be sent via EMail to: [EMAIL PROTECTED] Tel: 020 7821 1330 Ext 4511 Fax: 020 7821 1686 - -- Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by UNIRAS or NISCC. The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. Neither UNIRAS or NISCC shall also accept responsibility for any errors or omissions contained within this briefing notice. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this notice. UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large. - -- End of UNIRAS Briefing -BEGIN PGP SIGNATURE- Version: PGP 7.0.4 iQCVAwUBPcE4gIpao72zK539AQHWRQQAt8vYN7Lns+NPQaP4ISH0e5Ppn/W3uo7i CATo9Ukr/aCQ+rHC5X3zH2lyM8tz4F9ze7R2v1wOwgNMNFDK8TgjLmhlPV/NB9R5 LnXlUiulAJ5PytNn6osEDRzXzX77QKyTOuD2c/yAOqJGyPiShKMgpWgp72B0Jz37 0LsLQDo7hN8= =4RHU -END PGP SIGNATURE- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
[INFOCON] - News 11/04/02
_ London, Monday, November 04, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ - To subscribe - send an email to [EMAIL PROTECTED] with subscribe infocon in the body To unsubscribe - send an email to [EMAIL PROTECTED] with unsubscribe infocon in the body - _ [News Index] [1] FBI director says industry must do more to prevent cyberattacks [2] Agencies, companies urged to set guidelines for fighting cyberterrorism [3] Root-Server Attack Traced to South Korea, U.S. [4] Personal data travels far [5] Microsoft dodges bullet [6] But some shut their Windows [7] Open source courses through DOD [8] European police say they can't keep up with cyber criminals [9] Feds pursue secrecy for corporate victims of hacking [10] SPAMMER HAMMERED BY VERIZON BAN [11] Scary Movie [12] IG: State Department flunks systems security [13] U.S. fears terrorists will imitate snipers [14] State CIOs see accord with feds [15] 'Sensitive' label strikes nerve [16] How to get certified security for Win2k, by Microsoft [17] Proof Win2K is still insecure by design [18] Pentagon completes 'playbooks' for terrorism scenarios [19] A New Cryptography Uses the Quirks of Photon Streams [20] U.S. should fund RD for secure Internet protocols, Clarke says [21] New worm aims to infest Australian systems [22] New Wi-Fi security would do little for public 'hot spots' [23] Popular Linksys Router Vulnerable to Attack _ News _ [1] FBI director says industry must do more to prevent cyberattacks By Shane Harris FBI Director Robert Mueller Thursday implored industry technology executives to do a better job securing the Internet and other data networks by reporting incidences of online crime to the bureau. You're not enabling us to do [our] job by withholding reports about criminals who successfully penetrate companies' data networks or attack their systems, Mueller told those attending a Falls Church, Va. forum on combating online crime and cyberterrorism. Corporations are reluctant to report such attacks to law enforcement agencies for fear of revealing their systems' vulnerabilities. They worry the information could give competitors an edge, or invite more attacks by criminals once they discover the weaknesses. http://www.govexec.com/dailyfed/1002/103102h1.htm FBI seeks help vs. Cybercrime http://www.fcw.com/fcw/articles/2002/1028/web-fbi-11-01-02.asp [2] Agencies, companies urged to set guidelines for fighting cyberterrorism By Molly M. Peterson, National Journal's Technology Daily The war on cyberterrorism requires law enforcement agencies and the private sector to develop guidelines and protocols for sharing information about network vulnerabilities and cyber attacks, government and industry leaders said Thursday. Face-to-face relationships are great, but we need to go beyond that, Chris Painter, deputy chief of the Justice Department's Computer Crime and Intellectual Property Section (CCIPS), said during a cyber-security forum at Computer Sciences Corp. headquarters in Falls Church, Va. Painter led one of several workshops in which law enforcement and private-sector officials discussed obstacles to information sharing. Conference organizers said they closed those workshops to the media in order to encourage participants to discuss problems and ideas with as much candor as possible. http://www.govexec.com/dailyfed/1102/110102td1.htm [3] Root-Server Attack Traced to South Korea, U.S. By Brian Krebs washingtonpost.com Staff Writer Thursday, October 31, 2002; 3:30 PM Last week's attacks on the Internet's backbone likely emanated from computers in the United States and South Korea, FBI Director Robert Mueller today said. The investigation is ongoing, Mueller said at an Internet security conference in Falls Church, Va. He did not offer more details on the investigation, nor did he outline the evidence investigators have gathered so far.
[INFOCON] - News 11/05/02
_ London, Tuesday, November 05, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ - To subscribe - send an email to [EMAIL PROTECTED] with subscribe infocon in the body To unsubscribe - send an email to [EMAIL PROTECTED] with unsubscribe infocon in the body - _ [News Index] [1] (InfraGard) Combating cybercrime [2] 'You're still guilty,' judge in Sun et al antitrust case tells MS [3] Homeland security wish list set [4] 'War' over digital privacy bill heats up [5] Hacker turncoat opines on computer security [6] Mozilla riddled with security holes [7] First-of-its-kind center to train cybersleuths [8] Braid fails to unpick the Web [9] Kofi Annan's IT challenge to Silicon Valley [10] Court rules against AOL on Net privacy [11] Homeland security IT official to resign [12] Hackers stick California city with $30,000 phone bill [13] Unbreakable Crypto: Who Needs It? [14] Chinese province issues swipe IDs to Internet cafe users [15] Axe man hacks man over hacking fears [16] Defense Department studying nonlethal chemicals [17] Agencies to test Adobe technology for online transactions [18] Intercepts: Rumsfeld Sinks 'CINCs' [19] Feds Getting IT Together [20] (UK) Government websites under fire [21] Latest Linux takes control of access _ News _ [1] Combating cybercrime 11/04/02 Chris Seper Plain Dealer Reporter FBI agent Stan Paulson overhears companies chatter about security breaches and hackers and other criminals probing their computer systems and does nothing about it. By looking the other way, he upholds the tenets of an organization that has helped improve Internet security throughout the country. InfraGard, founded by the Cleveland FBI's office in 1996, has used confidentiality, FBI clout and offers of expert training to convince companies to work together and reveal details about cyberspace attacks on their systems. http://www.cleveland.com/business/plaindealer/index.ssf?/xml/story.ssf/h tml_standard.xsl?/base/business/103631949234480.xml InfraGard http://www.infragard.net/ InfraGard Manufacturing Industry Association http://trust.ncms.org/ NIPC http://www.nipc.gov/ [2] 'You're still guilty,' judge in Sun et al antitrust case tells MS By John Lettice Posted: 05/11/2002 at 11:19 GMT US District Judge J Frederick Motz has rejected a Microsoft attempt to effectively have a string of prior convictions expunged from its record. Yesterday the Maryland judge denied a request by Microsoft attorneys to re-open 395 of Judge Penfield Jackson's 412 findings of fact, so for the moment at least Jackson's conclusions can be used in the case Motz is dealing with. http://www.theregister.co.uk/content/4/27935.html [3] Homeland security wish list set BY Judi Hasson Nov. 4, 2002 Although the debate over creating a Homeland Security Department is stalled in Congress, officials have quietly drawn up a list of their top priorities to jump-start the agency if and when lawmakers approve it. Jim Flyzik, a senior adviser at the Office of Homeland Security, said Oct. 23 that the first priority would be consolidating the 58 government watch lists of suspected terrorists into a single list. http://www.fcw.com/fcw/articles/2002/1104/pol-custom1-11-04-02.asp [4] 'War' over digital privacy bill heats up Kent Hoover Washington Bureau Chief Frustrated by their inability to stop the unauthorized sharing of music and movies over the Internet, the entertainment industry wants permission from Congress to declare technological war on peer-to-peer networks. Legislation introduced by Rep. Howard Berman, D-Calif., would enhance the ability of copyright owners to use anti-piracy technology to block distribution of their works on file-sharing networks. The bill exempts copyright owners from anti-hacking laws as long as they do not delete or alter computer files.
[INFOCON] - News 11/07/02
_ London, Thursday, November 07, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ - To subscribe - send an email to [EMAIL PROTECTED] with subscribe infocon in the body To unsubscribe - send an email to [EMAIL PROTECTED] with unsubscribe infocon in the body - _ [News Index] [1] Hackers may get U.S. funds to fight China's Web curbs [2] Stage Set for Homeland Act [3] U.S., Reacting to Pentagon Spy Case, Expels 4 Cuban Envoys [4] UK workers in the dark over IT security [5] Testing the limits of biometrics [6] Officials worried about ability to inform public of terrorism [7] Mitnick's 'Lost Chapter' Found [8] Action: Virtual Sit-In Against the WTO [9] Australians warned over e-biz virus threat [10] Math whiz cracks encryption code [11] MS ruling leaked through security blunder [12] Russian firm warns of Roron virus [13] OMB seeks security at the start [14] Tool sought to ID data links [15] Think tanks think about post dotcom future [16] Complete Snort-based IDS Architecture, Part One [17] Shipyards, depots unable to calculate cost of Navy intranet _ News _ [1] Hackers may get U.S. funds to fight China's Web curbs By Murray Hiebert THE WALL STREET JOURNAL Nov. 7 - If some lawmakers in the U.S. get their way, freedom-promoting computer hackers soon may receive a bucketful of money to battle China's Internet-censoring police. http://www.msnbc.com/news/831383.asp [2] Stage Set for Homeland Act By Ryan Singel | 09:00 AM Nov. 06, 2002 PT As Congress prepares to reconvene in a lame-duck session after Tuesday's election, one of the largest pieces of legislation on the Senate's agenda is the controversial and deadlocked Homeland Security Act, which the House passed Sept. 9. A little-known amendment in the Senate version of the bill makes it much easier for ISPs to disclose e-mail communications without being served with a warrant, which had been prohibited before the Patriot Act of 2001. http://www.wired.com/news/privacy/0,1848,56234,00.html [3] U.S., Reacting to Pentagon Spy Case, Expels 4 Cuban Envoys By TIM GOLDEN The Bush administration has ordered the expulsion of two Cuban diplomats from Washington and has moved to expel two others at the United Nations for what American officials described yesterday as serious espionage activities against the United States. State Department officials called the action against the two envoys in Washington retaliation for the case of Ana B. Montes, a senior Pentagon intelligence analyst who pleaded guilty earlier this year to spying for Fidel Castro's government. http://www.nytimes.com/2002/11/07/international/americas/07CUBA.html?ex= 1037336400en=d342247e51d5bb78ei=5040partner=MOREOVER [4] UK workers in the dark over IT security By Rachel Fielding [07-11-2002] Formal training remains dangerously inadequate Companies are leaving themselves open to security breaches because their IT security training is woefully inadequate, new research has revealed. Three-quarters of staff in the UK admit that they have never received any formal training from their employer on how to use the internet and email at work in a way that minimises network security problems. http://www.pcw.co.uk/News/1136635 [5] Testing the limits of biometrics BY Dibya Sarkar Nov. 6, 2002 Biometric technologies have expanded greatly in the past decade and especially following the attacks of Sept. 11. With recently enacted federal statutes and many more bills promoting their use, the market could reach $2 billion in revenues in four years. But there are few judicial developments regarding collection of biometric identifiers, even as public policy debates have swelled over their use and their potential to invade people's privacy.
[INFOCON] - OCIPEP AV02-047 Trojan Horse: tcpdump and libpcapDistributions
-Original Message- From: Opscen (OCIPEP / GEOCC) [mailto:Opscen;OCIPEP-BPIEPC.GC.CA] Sent: 14 November 2002 00:57 To: OCIPEP EXTERNAL DISTRIBUTION LISTS Subject: AV02-047 Trojan Horse: tcpdump and libpcap Distributions Importance: High THE OFFICE OF CRITICAL INFRASTRUCTURE PROTECTION AND EMERGENCY PREPAREDNESS * ADVISORY * Number: AV02-047 Date: 13 November 2002 *** Trojan Horse: tcpdump and libpcap Distributions *** PURPOSE This advisory brings attention to the CERT/CC ADVISORY CA-2002-30, with reports that several of the released source code distribution packages of tcpdump, a network sniffer, and libpcap, a packet acquisition library, were modified by an intruder and contain a Trojan horse. ASSESSMENT The malicious code runs when the affected tcpdump source code is compiled. The Trojan horse contains a fixed host and a fixed IP address embedded in the code. The intruder operating from or impersonating the fixed remote address could gain unauthorised remote access with privileges of the user who compiled the source code. SUGGESTED ACTION It is recommend that a copy of the source code be attained from a trusted site. Please refer to http://www.cert.org/advisories/CA-2002-30.html for further details CONTACT US For urgent matters or to report any incidents, please contact OCIPEP's Emergency Operations Centre at: Phone: (613) 991-7000 Fax:(613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP's Communications Division at: Phone: (613) 944-4875 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca NOTICE TO READERS When the situation warrants, OCIPEP issues Advisories to communicate information about potential, imminent or actual threats, vulnerabilities or incidents assessed by OCIPEP as limited in scope but having possible impact on the Government of Canada or other sectors of Canada's critical infrastructure. Recipients are encouraged to consider the real or possible impact on their organization of the information presented in the Advisory, and to take appropriate action. The information in this OCIPEP Advisory has been drawn from a from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. Unauthorized use of computer systems and mischief in relation to data are serious Criminal Code offences in Canada. Upon conviction of an indictable offence, an individual is liable to imprisonment for a term not to exceed ten years. Any suspected criminal activity should be reported to local law enforcement organizations. The RCMP National Operations Centre (NOC) provides a 24/7 service to receive such reports or to redirect callers to local law enforcement organizations. The NOC can be reached at (613) 993-4460. National security concerns should be reported to the Canadian Security Intelligence Service (CSIS). == LE BUREAU DE LA PROTECTION DES INFRASTRUCTURES ESSENTIELLES ET DE LA PROTECTION CIVILE AVIS DE SÉCURITÉ Numéro: AV02-047 Date: 13 novembre 2002 ** Cheval de Troie : distributions tcpdump et libpcap ** BUT Cet avis attire votre attention sur l'avis de sécurité CERT/CC ADVISORY CA-2002-30 qui signale que plusieurs distributions de codes sources divulgués des progiciels tcpdump, un programme renifleur pour réseaux, et libpcap, une bibliothèque d'acquisition de paquets, ont été modifiées par un intrus et contiennent un Cheval de Troie. ÉVALUATION Le code malicieux se met en marche lorsque le code source tcpdump concerné est compilé. Le Cheval de Troie contient une adresse Internet et une adresse IP fixes enfouies dans le code. L'intrus qui exploite ou qui se fait passer pour l'adresse Internet fixe pourrait obtenir un accès à distance non autorisé en utilisant les privilèges d'accès de l'usager qui a compilé le code source. MESURE PROPOSÉE Il est recommandé d'obtenir une copie du code source d'un site de confiance. Pour de plus amples renseignements, veuillez consulter http://www.cert.org/advisories/CA-2002-30.html (en anglais seulement). COMMENT COMMUNIQUER AVEC NOUS En cas de questions urgentes, ou pour signaler des incidents, veuillez communiquer avec le Centre des opérations d'urgence du BPIEPC au : Téléphone :(613) 991-7000 Télécopieur : (613) 996-0995 Télécopieur sécuritaire : (613) 991-7094 Courriel : [EMAIL PROTECTED] Pour obtenir des renseignements généraux, veuillez communiquer avec la Division des communications du BPIEPC au :
[INFOCON] - News 11/15/02
_ London, Friday, November 15, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ CURRENT THREAT LEVELS Electricity Sector Physical: Elevated (Yellow) Electricity Sector Cyber: Elevated (Yellow) Homeland Security Elevated (Yellow) DOE Security Condition: 3, modified NRC Security Level: III (Yellow) (3 of 5) - To subscribe - send an email to [EMAIL PROTECTED] with subscribe infocon in the body To unsubscribe - send an email to [EMAIL PROTECTED] with unsubscribe infocon in the body - _ [News Index] [1] Controversial provisions could delay Senate homeland vote [2] Homeland Security bill would reorganize federal first responder programs [3] The government wants you -- to be a cyber-security soldier [4] Briton fights extradition in hacking [5] How To Protect Yourself From Wireless Computer Hackers [6] Security adviser presses for new intelligence analysis agency [7] Consortium demos secure network [8] MS Takes Hard Line on Security [9] Linux, Open Source have 'more security problems than Windows' [10] Russians wage cyberwar to disrupt separatists [11] Popular packet sniffing packages contaminated by Trojan [12] FBI warns of risk of al-Qaida attack [13] Al Qaeda's New Tactics [14] Study Makes Less of Hack Threat [15] US gov's 'ultimate database' run by a felon [16] FTC drawing the line on spammers [17] When firewalls and intrusion detection just aren't enough [18] IT directors unsure of tech benefits [19] Alien Autopsy: Reverse Engineering Win32 Trojans on Linux [20] Air Force piloting SIPRNET portal [21] Air Force planning enterprise C4ISR review [22] Air Force rolling out XML e-forms _ News _ [1] Controversial provisions could delay Senate homeland vote By Brody Mullins and April Fulton, Congress Daily While senators remain focused on debate over personnel rules for the new Homeland Security Department, that issue is far from the only controversial matter remaining in the bill. From vaccine liability protections to a delay in an airport baggage-screening deadline, the GOP-drafted bill that passed the House Wednesday and heads to the Senate Thursday includes contentious measures quietly written into the bill as the congressional session draws to a close. Senate leaders, determined to create the Homeland Security Department before the year's end, are likely to accept most of the provisions. Still, the new debates could push a final vote on the underlying bill into next week. ,P Governmental Affairs Committee Chairman Joseph Lieberman, D-Conn., who wrote the Democrats' version of the bill, said he is especially concerned about the latest GOP bill, because it contains a number of special-interest provisions that are being sprung on the Senate without prior warning or consideration. This is really not the time for that. http://www.govexec.com/dailyfed/1102/111402cdam1.htm [2] Homeland Security bill would reorganize federal first responder programs By Jason Peckenpaugh The White House and the Senate have agreed to a major shake-up of federal programs that provide anti-terrorism training to thousands of first responders in state and local governments as part of the homeland security bill now being considered by the Senate. The reorganization, which is part of the homeland security bill passed Wednesday by the House, takes anti-terrorism training duties away from the Federal Emergency Management Agency and puts them in the Border and Transportation Security division of the Homeland Security Department. Specifically, the deal carves out the Office of National Preparedness from FEMA and places it under the Office of Domestic Preparedness (ODP), which will take the lead in training and equipping thousands of first responders in the new department. The ODP is currently in the Justice Department, but it would move to the Border and Transportation Security Division of the Homeland Security Department under
[INFOCON] - (HS) Ridge: Terrorist Threat Persists Rummy onDARPA's Info Awareness Experiment
'... Intelligence officials have made enormous progress in combining domestic and foreign intelligence-gathering capabilities. They're now gathering more information and in the past couple of weeks, Ridge said, they're reporting more chatter. ...' (The Economist - 'The World In 2003' has a good one page article titled 'The Spy who failed me' which gives a good overview of the current problems intelligence agencies face. WEN) - some quotes from the article: ... The end of the Soviet Union led some to opine that spying was no longer a useful instrument of peace. In fact, in a world of rogue states and terrorists that strike without warning, it is sometimes the only instrument. ... ... Many experts believe that the powers of the CIA director should be increased -- giving him greater control over the intelligence budget ... ... Getting fresh-faced boys and girls from Iowa to cruise the cocktail party isn't going to do it (human intelligence) ... In addition to intelligence gathering, equally in need of a shake-ups is how the secrets are analysed. This will be harder. The trouble is that the United States intelligence 'community' is no community at all ... * U.S. officials are taking the threats voiced in the tape against the president, vice president and defense secretary very, very seriously, Ridge said. All terrorist organizations, from time to time, look to assassination as a means of bringing terror and destruction to a country or a community. (Interesting statement because as far as I remember the secret service has been cutting down on their counter sniper and counter assault teams within the presidential protection corps, but hopefully they changed their mind again. WEN) * Ridge: Terrorist Threat Persists; Nation Must Be Prepared By Linda D. Kozaryn American Forces Press Service WASHINGTON, Nov. 18, 2002 - The spectacular attack in Indonesia, the limited attack in Kuwait and the assault on the French tanker off the shores of Yemen all show terrorists' capabilities, Homeland Security Adviser Tom Ridge said Nov. 17. The bottom line is that they've demonstrated an ability to attack countries and people in various forms, and we have to be alert and aware and be as well-prepared to interdict and prevent all of those potential forms of attack, Ridge said on CNN's Late Edition. The FBI's latest bulletin, issued last week by the National Infrastructure Protection Center, warned of possible spectacular attacks that would have high symbolic value, cause mass casualties and severe damage to the U.S. economy and create maximum psychological trauma. Ridge said the FBI had summarized threat information received over the past six to eight weeks. The warning, he noted, was a reminder to law enforcement officials and the public that terrorists could certainly try to bring harm, death and destruction like they did a year ago. U.S. officials review the national threat level each day, Ridge noted. Right now, both within government and in the private sector, there's a range of protective measures you can take within the yellow level, he said. We are at the upper end of that range. The White House established the Homeland Security Advisory System as a means of disseminating information regarding the risk of terrorist acts to federal, state and local authorities and to the public. Five threat levels are designated by colors: low is green; guarded, blue; elevated, yellow; high, orange; severe, red. Intelligence officials have made enormous progress in combining domestic and foreign intelligence-gathering capabilities. They're now gathering more information and in the past couple of weeks, Ridge said, they're reporting more chatter. We must remember that we're getting more information because we have nearly 2,700 al Qaeda operatives detained around the world, Ridge noted. So we're getting more information, both about the threat and about operational capability. Information is being shared with the public, but sometimes, with an abundance of caution, he said. Sometimes it's not corroborated, and we want to go back and see if we can find it verified more completely. If officials have specific information about the time, place, venue and means of attack, Ridge said, they would take action. Sources of information include public statements from the al Qaeda leadership such as the audiotape aired recently by Al Jazeera television network. Ridge said the U.S. intelligence community believes it's likely the tape is the voice of Osama bin Laden. Whether or not the speaker is the terrorist leader, he said, the hate and venom contained in the tape is what led to the Sept. 11 attack on the United States. Whenever such a speaker reiterates his conditions, threats and age-old complaints, we understand it is from an evil heart, a hateful heart and an evil mind and an evil man, and we just have to deal with it. Responding to those critical of the administration for failing to capture or kill
[INFOCON] - (HS) President Hails Passage of Homeland SecurityDepartment Legislation
(The new bureaucratic monster is coming! I am looking forward to the turf wars. WEN) * White House: President Hails Passage of Homeland Security Department Legislation Statement by the President The United States Congress Has Taken An Historic and Bold Step forward to protect the American people by passing legislation to create the Department of Homeland Security. This landmark legislation, the most extensive reorganization of the Federal Government since the 1940s, will help our Nation meet the emerging threats of terrorism in the 21st Century. This bill includes the major components of my proposal - providing for intelligence analysis and infrastructure protection, strengthening our borders, improving the use of science and technology to counter weapons of mass destruction, and creating a comprehensive response and recovery division. I commend the employees who will move into this new department for their hard work and dedication to the war on terrorism. Setting up this new department will take time, but I know we will meet the challenge together. I look forward to signing this important legislation. ### * AP News flash: WASHINGTON (AP) - The Senate voted decisively Tuesday to create a Homeland Security Department, delivering a triumph to President Bush and setting the stage for the biggest government reshuffling in a half-century as a way to thwart and respond to terrorist attacks. ** CNN: Senate approves homeland bill Tuesday, November 19, 2002 Posted: 8:23 PM EST (0123 GMT) WASHINGTON (CNN) -- Capping months of debate, the Senate Tuesday approved 90-9 a bill that would create a Department of Homeland Security -- a massive reorganization of the federal government sparked by the devastating September 11, 2001 terrorist attacks. The measure heads to the White House, where President Bush has promised to sign the legislation into law, possibly next week said a spokesman for the Office of Homeland Security. Creation of the Cabinet-level department dedicated to protecting the United States from terrorist attacks is expected to take years and will combine about 170,000 federal workers from 22 agencies. The push for a new Cabinet-level department originally came from Democrats and was initially opposed by the administration. http://www.cnn.com/2002/ALLPOLITICS/11/19/homeland.security/index.html ** GOVEXEC: Bush, Senate GOP win big on homeland security bill By Brody Mullins, CongressDaily President Bush won a hard-fought victory Tuesday on homeland security legislation when the Senate rejected a key Democratic amendment that would have delayed approval of a Homeland Security Department until next month at the earliest. The 52-47 vote also cleared the way for final approval of the bill later Tuesday after a four-month partisan fight. http://www.govexec.com/dailyfed/1102/111902cd1.htm IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
[INFOCON] - News 11/20/02
_ London, Wednesday, November 20, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ - To subscribe - send an email to [EMAIL PROTECTED] with subscribe infocon in the body To unsubscribe - send an email to [EMAIL PROTECTED] with unsubscribe infocon in the body - _ [News Index] [1] U.S. fails cybersecurity review--again [2] Experts: Don't dismiss cyberattack warning [3] Cyber center planned [4] Senate approves Homeland bill [5] Business Week Online Special - Enhancing Computer Security [6] Caught in a BIND [7] Navy restructuring CIO's office [8] A case in point [9] Internet Provisions in Security Bill [10] Don't trust that spam: Ignore 'Nigerian scam' [11] At a stroke, MS cuts critical vuln reports [12] Bill's secrecy provisions stick [13] Security Through Soundbyte: The 'Cybersecurity Intelligence' Game [14] Local officials give homeland bill mixed reviews [15] CIA searching out technologies to boost national security [16] Internet, E-Commerce Boom Despite Economic Woes [17] Liberty Alliance Updates Specs [18] Hill OKs security research [19] Northcom orders C4ISR, info ops work _ News _ [1] U.S. fails cybersecurity review--again By Reuters November 19, 2002, 3:04 PM PT The U.S. government flunked a computer-security review for the third consecutive year on Tuesday, showing no improvement despite increased attention from high-level officials. Government agencies that oversee military forces, prosecute criminals, coordinate emergency response efforts and set financial policy all received failing grades from congressional investigators. The Department of Transportation, whose computer systems guide commercial aircraft and allocate millions of dollars in highway funding, received the lowest score, 28 out of a possible 100. Stung by a series of electronic break-ins and Internet-based attacks, Congress has voted to triple spending on cybersecurity research efforts while the Bush administration is pulling together a much-publicized set of guidelines for businesses and individuals. http://news.com.com/2100-1001-966444.html?tag=lh See also: http://www.mail-archive.com/infocon@infowarrior.org/msg00321.html (There is quite a difference between developing an 'expertise in computer science' and launch a strategic CNO campaign. Just ask some IO people from Kelly AFB or Fort Mead and they will agree. AQ claims lots of things and it certainly makes sense that they research this area, but there is a major difference between 'looking into something' and actually having the capability of doing something like that. It takes quite a bit more than a mouse click to bring down an economy. So, I would still say that at the moment any kinetic force is far more powerful than any ping of death. WEN) [2] Experts: Don't dismiss cyberattack warning By DAN VERTON NOVEMBER 18, 2002 Security experts and two former CIA officials said today that warnings of cyberattacks by al-Qaeda against western economic targets should not be taken lightly. Vince Cannistraro, the former chief of counterterrorism at the CIA, said that a number of Islamists, some of them close to al-Qaeda, have developed expertise in computer science. And some are well schooled in how to carry out cyberattacks, he said. We know from material retrieved from [al-Qaeda] camps in Afghanistan that this is true. But their expertise seems mostly dedicated to communicating securely among al-Qaeda cells. Cyberattacks would probably render them less secure by focusing attention on their location. In an exclusive interview with Computerworld on Monday, Sheikh Omar Bakri Muhammad, a London-based fundamentalist Islamic cleric with known ties to Osama bin Laden, said al-Qaeda and various other fundamentalist Muslim groups around the world are actively planning to use the Internet as a weapon in their defensive jihad, or holy war, against the West. http://computerworld.com/securitytopics/security/story/0,10801,76000,00. html Update:
[INFOCON] - EPIC Alert 9.23
-Original Message- On Behalf Of EPIC News Sent: 19 November 2002 23:54 To: [EMAIL PROTECTED] Subject: EPIC Alert 9.23 == @@@ @@ @ @ @ @ @ @@ @ @ @ @ @@ @@@@ @ @ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @@ @ @@@ @ @ @ @ @ == Volume 9.23 November 19, 2002 -- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_9.23.html === Table of Contents === [1] Public Protest Over Pentagon Surveillance System Mounts [2] Appeals Court Permits Broader Electronic Surveillance [3] Homeland Security Bill Limits Open Government [4] Circuit Court Approves Faxed Warrants [5] DC City Council Attacks Camera System, Adopts Regulations [6] California Passes Database Privacy Legislation [7] EPIC Bookstore - Data Protection Law [8] Upcoming Conferences and Events === [1] Public Protest Over Pentagon Surveillance System Mounts === The Pentagon's proposed Total Information Awareness (TIA) surveillance system is coming under increasing attack. In an open letter sent yesterday, a coalition of over 30 civil liberties groups urged Senators Thomas Daschle (D-SD) and Trent Lott (R-MS) to act immediately to stop the development of this unconstitutional system of public surveillance. Newspapers across the country have written editorials castigating the program. The New York Times has said that Congress should shut down the program pending a thorough investigation. The Washington Post wrote, The defense secretary should appoint an outside committee to oversee it before it proceeds. William Safire's recent column, which played a major role in igniting the public outcry, called the surveillance system a supersnooper's dream. The TIA project is part of the Defense Advanced Research Projects Agency (DARPA)'s Information Awareness Office, headed by John Poindexter. The surveillance system purports to capture a person's information signature so that the government can track potential terrorists and criminals involved in low-intensity/low-density forms of warfare and crime. The goal of the system is to track individuals by collecting as much information about them as possible and using computer algorithms and human analysis to detect potential activity. The project calls for the development of revolutionary technology for ultra-large all-source information repositories, which would contain information from multiple sources to create a virtual, centralized, grand database. This database would be populated by transaction data contained in current databases, such as financial records, medical records, communication records, and travel records, as well as new sources of information. Intelligence data would also be fed into the database. A key component of the project is the development of data mining or knowledge discovery tools that will sift through the massive amount of information to find patterns and associations. The surveillance plan will also improve the power of search tools such as Project Genoa, which Poindexter's former employer Syntek Technologies assisted in developing. The Defense Department aims to fund the development of more such tools and data mining technology to help analysts understand and even preempt future action. A further crucial component is the development of biometric technology to enable the identification and tracking of individuals. DARPA has already funded its Human ID at a Distance program, which aims to positively identify people from a distance through technologies such as face recognition and gait recognition. A nationwide identification system might also be of great assistance to such a project by providing an easy means to track individuals across multiple information sources. The initial plan calls for a five year research project into these various technologies. According to the announcement soliciting industry proposals, the interim goal is to build leave-behind prototypes with a limited number of proof-of-concept demonstrations in extremely high risk, high payoff areas. The FBI and the Transportation Security Administration (TSA) are also working on data mining projects that will merge commercial databases, public
[INFOCON] - USAF: Why worry about computer security?
Why worry about computer security? by Master Sgt. Keith Korzeniowski and Jack Worthy 45th Communications Squadron 11/20/2002 - PATRICK AIR FORCE BASE, Fla. (AFPN) -- Before going to bed at night, do you leave your front door unlocked? When parking your car, do you leave the keys in the ignition? Probably not. You automatically take precautions to secure valuables. Information is a valuable asset for our national security. In the computer age, information has become the lifeblood of many companies. Failure to safeguard information as you would your home or other assets is ludicrous. Unfortunately, according to a 1999 study done by the University of California all too often security measures are either minimized or ignored by 26 percent of the entire information technology and automated information system communities. For those in the know, the need for computer security measures is apparent. Even though data assets can be lost, damaged or destroyed by various causes, information systems tend to be susceptible for several reasons. First, computer components are relatively fragile. Hardware can be damaged more easily than, for example, tools in an auto repair shop. Data files are extremely fragile compared to other organizational assets. Second, computer systems are targets for disgruntled employees, protestors and even criminals. Finally, decentralization of facilities and use of distributed processing have increased vulnerability of information and computers. There are many ways to protect and prevent access to computer systems, from physical security involving locks and guards, to measures embedded in the system itself. Since end users have access, each represents a potential vulnerability. Many security measures begin with you. Here are some guidelines: * Know your unit information systems security officer, and information assurance awareness manager, and phone numbers for the network control center's C4 help desk. * Ensure your system is certified and accredited. Systems designated to handle classified information must complete an emission security assessment before processing is authorized. * Practice good password creation and protection. Ensure passwords contain at least eight characters, including upper and lower case alpha, numeric and special characters, and are exclusive to your system. * Use a password-protected screensaver when leaving your computer unattended. * Share information only with people and systems authorized to receive it. * Always scan disks, e-mail attachments and downloaded files using the latest antiviral product and signature file. * Know the sensitivity level of the information you're processing, requirements for protecting it, and security limitations of systems used to transmit it. Sanitize processing and storage devices. * Know the basics of data contamination, malicious logic, and virus prevention and detection. *Avoid virus hoaxes and chain letters. The telecommunications monitoring and assessment program governs consent to monitoring. Notification of consent is approved through signed permission and is placed on DOD computers, personal digital assistants, local area networks, external modems, phones, fax machines, text pagers, phone directories, and land mobile radios. Being a base network user is like being a member of the local community, which provides services to its citizens. Just as a community has laws, the network has policies. First, e-mail is for official use only. Policy is addressed in Air Force Instruction 33-119, Electronic Mail Management and Use. Forbidden activities include sending or receiving e-mail for commercial or personal financial gain, and sending harassing, intimidating, or offensive material to or about others. Like e-mail, Internet or Web access provided by the network is for official use only. AFI 33-129, Transmission of Information via the Internet, provides guidance on proper use of the Internet. Do not transmit offensive language or materials, such as hate literature and sexually harassing items, and obscene language or material, including pornography and other sexually explicit items. The AFI also prohibits obtaining, installing, copying, storing or using software in violation of the vendor's license agreement. Before downloading software from the Internet, keep in mind much of the freeware or shareware is only free for personal use. Licenses for many programs exclude use by the government or commercial companies. If you break the law in your community you can face serious consequences. What may be less known is that violating network policies also has consequences. A captain at Wright Patterson AFB, Ohio, was sentenced to nine months' confinement, a $10,000 fine and a reprimand for conduct unbecoming an officer for using an Air Force computer to download and store pornographic images. The base network is an unclassified system and a shared resource. One careless user sending a classified e-mail
[INFOCON] - News 11/25/02
(Due to a power outage there was no Infocon on Friday. WEN) _ London, Monday, November 25, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ - To subscribe - send an email to [EMAIL PROTECTED] with subscribe infocon in the body To unsubscribe - send an email to [EMAIL PROTECTED] with unsubscribe infocon in the body - _ [News Index] [1] Homeland Security organized along administration's proposal [2] War with Iraq will mean virus outbreak, hacker says [3] Academy seizes computers from nearly 100 mids [4] White House science team outlines anti-terrorism focus [5] Tech Insider: Total information unawareness [6] Sept. 11 showed work needed on Internet [7] Pentagon backs off on Net ID tags [8] Preparing for a Different Kind of Cyberattack [9] Net auctions targeted for crackdown [10] No two cyber-policies are alike [11] When Washington Mimics Sci Fi [12] Security Alert: New Wi-Fi Security Scheme Allows DoS [13] Comdex's Secure Side [14] Court to decide Kazaa's US liability [15] Congress responds to concerns, but conflict could delay action [16] Why is mi2g so unpopular? [17] Internet security journalist hacks Saddam's e-mail [18] Microsoft warns of security hole [19] SQL Injection and Oracle [20] Researchers: Pull plug on battery attacks [21] Marines move toward PKI _ News _ _ CURRENT THREAT LEVELS _ Electricity Sector Physical: Elevated (Yellow) Electricity Sector Cyber: Elevated (Yellow) Homeland Security Elevated (Yellow) DOE Security Condition: 3, modified NRC Security Level: III (Yellow) (3 of 5) [1] Homeland Security organized along administration's proposal By Tanya N. Ballard The Homeland Security Department approved by Congress this week looks much like the department President Bush proposed five months ago. The new department will merge at least 170,000 federal employees from 22 agencies who perform a vast array of missions, from agricultural research to port security to disaster assistance. Under H.R. 5005, the Homeland Security Department would include the Transportation Security Administration, Customs Service, Immigration and Naturalization Service, Secret Service, Coast Guard and Federal Emergency Management Agency. The agencies will be reorganized into four directorates within the department: Information Analysis and Infrastructure Protection, Science and Technology, Border and Transportation Security, and Emergency Preparedness and Response. The information analysis unit would absorb all of the functions of the FBI's National Infrastructure Protection Center, the Defense Department's National Communications System, the Commerce Department's Critical Infrastructure Assurance Office, the Energy Department's National Infrastructure Simulation and Analysis Center, and the General Services Administration's Federal Computer Incident Response Center. http://www.govexec.com/dailyfed/1102/112002t1.htm (FUD. A bragging teenager who is rather a lame virus writer, but naturally the journalist believes him that he is able to write a 'Uebervirus'. WEN) [2] War with Iraq will mean virus outbreak, hacker says By DAN VERTON NOVEMBER 20, 2002 Content Type: Story Source: Computerworld A Malaysian virus writer who is sympathetic to the cause of the al-Qaeda terrorist group and Iraq and who has been connected to at least five other malicious code outbreaks is threatening to release a megavirus if the U.S. launches a military attack against Iraq. The virus writer, who goes by the handle Melhacker and is believed to have the real name of Vladimor Chamlkovic, is thought to have written or been involved in the development of the VBS.OsamaLaden@mm, Melhack, Kamil, BleBla.J and Nedal worms. However, in an exclusive interview today with Computerworld,
[INFOCON] - News 11/27/02
_ London, Wednesday, November 27, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ - To subscribe - send an email to [EMAIL PROTECTED] with subscribe infocon in the body To unsubscribe - send an email to [EMAIL PROTECTED] with unsubscribe infocon in the body - _ [News Index] [1] Most homeland security agencies to move by March, White House says [2] Intelligence experts pan call for domestic spying agency [3] Lawmaker urges Bush to fill key homeland positions [4] FEMA debuts DisasterHelp.gov [5] Secure Programming with .NET [6] Free Chinese Net users - Amnesty [7] AKO offers secure portal lessons [8] Hackers Fight Censorship, Human Rights Violations [9] Firms to splash cash on IT security [10] Winning the Cybersecurity War [11] Justice Department outlines security roadmap for chemical plants [12] RIAA punishing Navy cadets 'because it can' [13] Court finds limits to California jurisdiction in cyberspace [14] Lawyers Fear Misuse of Cyber Murder Law [15] The seven deadly sins of e-tailers [16] Command to score joint C2 [17] RealPlayer security fix is faulty [18] Possessed! The Solaris font daemon [19] Feds break massive identity fraud _ CURRENT THREAT LEVELS _ Electricity Sector Physical: Elevated (Yellow) Electricity Sector Cyber: Elevated (Yellow) Homeland Security Elevated (Yellow) DOE Security Condition: 3, modified NRC Security Level: III (Yellow) (3 of 5) _ News _ [1] Most homeland security agencies to move by March, White House says By Jason Peckenpaugh The White House released its initial plan for organizing the Homeland Security Department on Monday, including a time frame for moving agencies to the new department. Pending Senate confirmation, Homeland Security Secretary-designate Tom Ridge will take office on Jan. 24, and nearly all of the agencies slated to move to the department will transfer on March 1. All agency transfers will be completed by Sept. 30, 2003 according to the plan, which was required under the Homeland Security Act that President Bush signed Monday. The plan does not state whether any employees will move offices when their agencies are transferred. The White House is looking for office space in the Washington area, and District of Columbia politicians, including Del. Eleanor Holmes Norton, D-D.C., have argued the new department's headquarters should be in the District. Northern Virginia offers additional sites for the potential headquarters, according to Rep. James Moran, D-Va. Because we built more than in Maryland and the District, we have more office space and you can get very good prices, he said in a recent interview with Government Executive. http://www.govexec.com/dailyfed/1102/112602p1.htm [2] Intelligence experts pan call for domestic spying agency By Drew Clark, National Journal's Technology Daily A new domestic spying agency would neither serve the interests of police or spying agencies nor ameliorate Americans' fears about enhanced electronic surveillance by the government, a panel of intelligence experts largely agreed, for different reasons, on Friday. The proposal, reportedly discussed in the White House, is one of the recommendations of the Gilmore Commission, an advisory panel on terrorism and weapons of mass destruction. The issue gained renewed attention with a Nov. 18 decision of a secret court that expanded the government's authority to use intelligence information in criminal prosecutions. Attorney General John Ashcroft praised the decision, but civil liberties advocates said it represented a new avenue for spying on Americans. http://www.govexec.com/dailyfed/1102/112602td1.htm [3] Lawmaker urges Bush to fill key homeland positions From National Journal's Technology Daily A key House
[INFOCON] - (MIL) Electronic Warfare: Comprehensive StrategyStill Needed for Suppressing Enemy Air Defenses
(During the Kosovo campaign the Americans were very keen on German EW Tornado aircrafts as they lacked EW equipment. According to GAO the US military has still not beefed up their EW capabilities. The GAO report is not bad, but it does not take into account other problems (operational procedures, ...) which also hinder mission success. WEN) Electronic Warfare: Comprehensive Strategy Still Needed for Suppressing Enemy Air Defenses. GAO-03-51, November 25 http://www.gao.gov/cgi-bin/getrpt?GAO-03-51 Highlights http://www.gao.gov/highlights/d0351high.pdf What GAO Recommends GAO continues to recommend that the Secretary of Defense develop a comprehensive, crossservice strategy to close the gap between DOD's suppression capabilities and needs. In addition, an effective coordinating entity is needed to develop and monitor implementation of the strategy. In answer to a draft of GAO's report, DOD concurred with its recommendations. Staff changes are being made to address crosscutting issues, and an integrated product team process established to form a comprehensive approach to the electronic warfare mission. ... In conducting military operations, U.S. aircraft are often at great risk from enemy air defenses, such as surface-to-air missiles. The services use specialized aircraft to neutralize, destroy, or temporarily degrade enemy air defense systems through either electronic warfare or physical attack. ... ... According to DOD, countries have sought to make their air defenses more resistant to suppression. ... ... However, according to the Defense Intelligence Agency, these aircraft were unable to destroy their integrated air defense system because Yugoslav forces often engaged in elaborate efforts to protect their air defense assets. ... ... Since our January 2001 report,5 the services have had some success in improving their suppression capabilities, but they have not reached a level needed to counter future threats. ... ... The Air Force recently upgraded the HARM Targeting System and is procuring additional systems. The upgrade (known as R-6) provides better and faster targeting information to the missile, but even with this pod the F-16CJ still lacks some of the capabilities of the retired F-4G. ... ... The services have already identified serious reliability problems with current self-protection systems on U.S. combat aircraft, including jammers, radar warning receivers, and countermeasures dispensers. Most of the current systems use older technology and have logistics support problems due to obsolescence. Also, as we reported last year,7 the selfprotection systems on strike aircraft may have more problems than the services estimate. ... ... The services have initiated additional research and development efforts to improve their ability to suppress enemy air defenses, but they face technology challenges and/or a lack of funding priority for many of these programs. ... ... The air defense suppression mission continues to be essential for maintaining air superiority. Over the past several years, however, the quantity and quality of the services' suppression equipment have declined while enemy air defense tactics and equipment have improved. DOD has recognized a gap exists in suppression capabilities but has made little progress in closing it. In our view, progress in improving capabilities has been hampered by the lack of a comprehensive strategy, cross-service coordination, and funding commitments that address the overall suppression needs. DOD relies on individual service programs to fill the void, but these programs have not historically received a high priority, resulting in the now existing capability gap. We continue to believe that a formal coordinating entity needs to be established to bring the services together to develop an integrated, cost-effective strategy for addressing overall joint air defense suppression needs. A strategy is needed to identify mission objectives and guide efforts to develop effective and integratedsolutions for improving suppression capabilities. ... Recommendations for Executive Action ... To close the gap between enemy air defense suppression needs and capabilities, we recommend that the Secretary of Defense establish a coordinating entity and joint comprehensive strategy to address the gaps that need to be filled in the enemy air defense suppression mission. The strategy should provide the means to identify and prioritize promising technologies, determine the funding, time frames, and responsibilities needed to develop and acquire systems, and establish evaluation mechanisms to track progress in achieving objectives. ... IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
[INFOCON] - CERT Summary CS-2002-04
CERT Summary CS-2002-04 November 26, 2002 Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT Summary to draw attention to the types of attacks reported to our incident response team, as well as other noteworthy incident and vulnerability information. The summary includes pointers to sources of information for dealing with the problems. Past CERT summaries are available from: CERT Summaries http://www.cert.org/summaries/ __ Recent Activity Since the last regularly scheduled CERT summary, issued in August 2002 (CS-2002-03), we have seen trojan horses for three popular distributions, new self-propagating malicious code (Apache/mod_ssl), and multiple vulnerabilities in BIND. In addition, we have issued a new PGP Key. For more current information on activity being reported to the CERT/CC, please visit the CERT/CC Current Activity page. The Current Activity page is a regularly updated summary of the most frequent, high-impact types of security incidents and vulnerabilities being reported to the CERT/CC. The information on the Current Activity page is reviewed and updated as reporting trends change. CERT/CC Current Activity http://www.cert.org/current/current_activity.html 1. Apache/mod_ssl Worm Over the past several months, we have received reports of a self-propagating malicious code that exploits a vulnerability (VU#102795) in OpenSSL. Reports received by the CERT/CC indicate that the Apache/mod_ssl worm has already infected thousands of systems. Over a month earlier, the CERT/CC issued an advisory (CA-2002-23) describing four remotely exploitable buffer overflows in OpenSSL. CERT Advisory CA-2002-27 Apache/mod_ssl Worm http://www.cert.org/advisories/CA-2002-27.html CERT Advisory CA-2002-23 Multiple Vulnerabilities in OpenSSL http://www.cert.org/advisories/CA-2002-23.html Vulnerability Note #102795 OpenSSL servers contain a buffer overflow during the SSL2 handshake process http://www.kb.cert.org/vuls/id/102795 2. Trojan Horse Sendmail Distribution The CERT/CC has received confirmation that some copies of the source code for the Sendmail package have been modified by an intruder to contain a Trojan horse. These copies began to appear in downloads from the FTP server ftp.sendmail.org on or around September 28, 2002. On October 8, 2002, the CERT/CC issued an advisory (CA-2002-28) describing various methods to verify software authenticity. CERT Advisory CA-2002-28 Trojan Horse Sendmail Distribution http://www.cert.org/advisories/CA-2002-28.html 3. Trojan Horse tcpdump and libpcap Distributions The CERT/CC has received reports that some copies of the source code for libpcap, a packet acquisition library, and tcpdump, a network sniffer, have been modified by an intruder and contain a Trojan horse. These modified distributions began to appear in downloads from the HTTP server www.tcpdump.org on or around Nov 11, 2002. The CERT/CC issued an advisory (CA-2002-30) listing MD5 checksums and official distribution sites for libpcap and tcpdump. CERT Advisory CA-2002-30 Trojan Horse tcpdump and libpcap Distributions http://www.cert.org/advisories/CA-2002-30.html 4. Multiple Vulnerabilities in BIND The CERT/CC has documented multiple vulnerabilities in BIND, the popular domain name server and client library software package from the Internet Software Consortium (ISC). Some of these vulnerabilities may allow a remote intruder to execute arbitrary code with privileges of the the user running named (typically root). Several vulnerabilities are referenced in the advisory; they are listed here individually. CERT Advisory CA-2002-31 Multiple Vulnerabilities in BIND http://www.cert.org/advisories/CA-2002-31.html Vulnerability Note #852283 Cached malformed SIG record buffer overflow http://www.kb.cert.org/vuls/id/852283 Vulnerability Note #229595 Overly large OPT record assertion http://www.kb.cert.org/vuls/id/229595 Vulnerability Note #581682 ISC Bind 8 fails to properly dereference cache SIG RR elements invalid expiry times from the
[INFOCON] - NIPC Daily Open Source Report for 27 November 2002
National Infrastructure Protection Center NIPC Daily Open Source Report for 27 November 2002 Daily Overview . Internet Security Systems has lowered its AlertCon Internet threat indicator to Level 1, which warrants routine security. (See Internet Alert Dashboard) . CERT announces Advisory CA-2002-34: Buffer Overflow in Solaris X Window Font Service, which could allow an attacker to execute arbitrary code or cause a denial of service. (See item 11) . According to ZDNet News, an Internet attack flooded domain name manager UltraDNS with a deluge of data late last week, causing administrators to scramble to keep up and running the servers that host .info and other domains. (See item 12) . According to the Toronto Star, the outbreak of a highly infectious virus, believed to be the Norwalk virus, has shut down a Toronto hospital's emergency room. (See item 14) . Reuters reports the Philippine government said Tuesday it has banned imports of ammonium nitrate, and will phase out its use by farmers within six months, since the widely available fertilizer is being used by militants to make bombs. (See item 13) NIPC Daily Report Fast Jump [click to jump to section of interest] Power Banking Finance Transportation Gas Oil Telecommunications Food Water Chemical Emergency Law Enforcement Government Operations Information Technology Cyber Threats and Vulnerabilities Internet Alert Dashboard General NIPC Information Power Sector 1. November 26, Associated Press - Electric cable damage worse than thought. Utility officials say damage done to underwater power cables in Long Island Sound is worse than first thought. Divers working over the weekend discovered that two more underwater power cables had been severed when a drifting barge dragged its anchor across them. Utility and environmental officials also said an oil-like sheen has been sighted on the water near the site where the cables have been leaking insulating fluid. The Long Island Power Authority shares ownership of the cable with Northeast Utilities (NU). NU spokesman Frank Poirot said all seven cables had been severed during a similar December 1996 incident in which a barge dragged its anchor across the conduits. The repairs in that incident, which Poirot said cost millions of dollars, took almost a year to complete. Source: http://www.newsday.com/news/local/longisland/ny-cable1126,0,7793125.stor y?coll=ny-linews-headlines Current Electricity Sector Threat Alert Levels: Physical: ELEVATED, Cyber: ELEVATED Scale: Low, Guarded, Elevated, High, Severe [Source: ISAC for the Electricity Sector (ES-ISAC) - http://esisac.com] [return to top] Banking and Finance Sector Nothing to report [return to top] Transportation Sector 2. November 26, U. S. Department of State - President Bush signs port security bill into law. President Bush signed into law November 25 a bill aimed at improving security at U.S. seaports and preventing terrorists from using the maritime transportation system to mount attacks on the United States. The Maritime Transportation Security Act will strengthen security through the required development of security plans for ports and an improved identification and screening system of port personnel, President Bush said in a prepared statement. Source: http://usinfo.state.gov/cgi-bin/washfile/display.pl?p=/products/washfile /latestf=02112601.cltt=/products/washfile/newsitem.shtml 3. November 25, Port of Los Angeles - Los Angeles mayor signs landmark port security agreement. On Tuesday, the last day of his Asian tourism and trade mission, Los Angeles Mayor Jim Hahn signed a major agreement to initiate a Port of Los Angeles international container security program. This agreement will elevate security standards for containers moving between Hong Kong and Los Angeles, said Mayor Hahn. Mayor Hahn signed a Memorandum of Understanding (MOU) with Modern Terminals Limited Managing Director Erik Bogh Christensen to test new security enhancements - including tamper-proof locks and other security systems - for Port of Los Angeles-bound cargo before leaving for the United States. The agreement with Modern Terminals is significant because Hong Kong is the largest port in the world and is the largest point of embarkation for goods being shipped to Los Angeles, the busiest port in the U.S. Approximately one-third of the Hong Kong cargo bound for Los Angeles is processed by Modern Terminals. The pilot project will be partially funded by a congressional appropriation through the U.S. Department of Transportation under the Operation Safe Commerce program. Source: http://biz.yahoo.com/bw/021125/250481_1.html 4. November 23, Scripps Howard News Service - DOT says 'hazmat' cargo label may draw terrorists. Concerned that terrorists might use hazardous-materials warning signs as readily as emergency workers, federal officials are looking for more secure ways of identifying what's
[INFOCON] - (HS) New Security Department Reinforces NORTHCOMMission
Department of Defense Homeland Security http://www.defenselink.mil/specials/homeland/ -Original Message- From: DEFENSE PRESS SERVICE LIST On Behalf Of Press Service Sent: 26 November 2002 22:18 To: [EMAIL PROTECTED] Subject: New Security Department Reinforces NORTHCOM Mission By Master Sgt. Bob Haskell Special to the American Forces Press Service The National Guard has given the U.S. Northern Command a base that it can build on, one of that new organization's high- ranking officers said recently. Furthermore, the new Cabinet-level Department of Homeland Security will reinforce the Northern Command's mission of safeguarding this country, Air Force Maj. Gen. Dale Meyerrose maintained during a Nov. 13 summit on homeland security. President George W. Bush signed the legislation creating the new department on Nov. 25. Meyerrose is the director of architectures and integrations for the Northern Command that was stood up at Peterson Air Force Base in Colorado Springs, Colo., on Oct. 1. He is also director for command control systems at the North American Aerospace Defense Command's headquarters at Peterson. He is the chief information officer for both commands. Meyerrose is responsible for creating the communications and informational architecture so that Northern Command personnel can support and share information with civil authorities, including the FBI and the Federal Emergency Management Agency, when directed by the president and the secretary of defense. I think it will only make our job easier, Meyerrose told reporters about the new Homeland Security Department that President George W. Bush has championed in the wake of the terrorist attacks of Sept. 11, 2001. The U.S. House of Representatives approved 299-121 on Nov. 13; the Senate decisively endorsed the homeland security bill 90-9 on Nov. 19. It provides an organization at the national level which links what we do in the Department of Defense with other departments and, hopefully, down to the states and other jurisdictions, explained Meyerrose, one of the keynote speakers during the summit organized. The new department will include all, or parts of, 22 separate federal agencies, including Customs, the Coast Guard and the FEMA, in the largest governmental reorganization since the Department of Defense was formed in 1947. It will help, Meyerrose said, because a lot of architecture, constructs and concepts of operation that need to be put in place are beyond the scope of the Department of Defense and Northern Command. That's where the Department of Homeland Security, of which we will be a supporting part, will come in handy. Nearly 200 people attended the conference, which explored ways in which computer-driven technology can help numerous agencies protect the United States. It is critical for all federal, state and local agencies to be able to communicate quickly so information can be transformed into action should this country be attacked again, Meyerrose and other speakers insisted. The challenge, Meyerrose explained, is finding the best way to transform a voice report from an emergency responder who is first on the scene of a terrorist attack or natural disaster into a digital format that provides reports to all coordinating agencies. I need to change my foundation from 'need to know' to 'need to share' without compromising the security of sensitive information that could help an enemy, observed Meyerrose, an Air Force Academy graduate who has been a communications officer for 27 years. We must be able to move secret information from trusted environment to trusted environment, he added. The Northern Command, commanded by Air Force Gen. Ralph Eberhart, is primarily responsible for protecting the continental United States and its contiguous waters, from the Aleutian Islands in the Pacific Ocean to Puerto Rico and the U.S. Virgin Islands in the Caribbean, from external threats and attacks, Meyerrose stressed. It is also prepared, when ordered by the president or secretary of defense, to support a lead federal agency in case civil authorities cannot deal with a catastrophic domestic event such as the terrorist attacks against the World Trade Center and the Pentagon on Sept. 11, 2001. That is when it is critical for Northern Command to be able to communicate with the FBI or FEMA, Meyerrose added. It is our belief that the unity of command embodied by NORTHCOM will allow this country to raise that capability to a new height, he said. Meyerrose said that he and his Northern Command colleagues would strive to improve the informational architecture by coordinating communications systems that already exist and by improving on procedures that are already in place. The National Guard already has established procedures that will help, he said, because 26 of the adjutants general in the 54 states and territories already serve in dual capacities as state military leaders and state emergency managers. They have lots of existing
[INFOCON] - JMU : R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe/ see also: http://www.jmu.edu/computing/security/ R.U.N.S.A.F.E. Did you know that with one wrong mouse click you could make it possible for someone to read all your email, documents, or instant messages? That they could also view your grades, online bank accounts, or change your course schedule? That they could read or change anything on your computer? Or anything accessed from it? That they could turn on your computer's microphone to listen in on conversations? That they could use your computer for a computer crime for which you may be blamed? Did you know a newly installed Windows XP, 2000, NT, or Linux computer is likely vulnerable to the same type of compromise just by being attached to the network? Did you know several such incidents have occurred on computers at JMU...from Windows 95 and Macintosh desktops to Windows NT and Unix servers? That they've been used to attack other computers and divulge information? Did you know all our computers are scanned constantly from around the world by people hoping to take advantage of them? Did you know that your behavior impacts your neighbors' security and their behavior yours? The Internet, paired with today's software, provides us astonishing capabilities for sharing and communication. However, these same capabilities also provide access and computer power to more than 300 million people around the world...some of whom may not share our behavioral expectations. Examples, such as random acts of vandalism, can be found in any local newspaper. The threats associated with online folks' behavior are very different from similar threats in the physical world. Using the same freedom and functionality we treasure, they can communicate with our computers almost instantaneously, almost anonymously, and en masse from around the world. They don't even need to be a computer expert. It only takes one person to write a destructive program to enable many people without technical knowledge to cause problems, just as all of us use word processors and web browsers without knowing how they work or being able to write one ourselves. While the risks associated with these threats can be decreased by limiting communications, limiting computer functionality, and increasing the complexity involved with our computing environment, they can't be eliminated because security is never absolute. Moreover, the more we wish to maintain our current freedom in communications and computing, the more necessary it is that we individually take steps to take care of ourselves and reduce the need for outside controls and limitations. The only person ultimately in control of a computer is the operator in front of the keyboard. That person presently has the freedom to run any software he or she wants and communicate with anyone around the world. Each of us must do his or her part to help ensure the integrity of our network by operating our computers safely. Our computers can do almost anything we tell them to do. Unfortunately, this versatility makes them very complicated. A certain amount of awareness and skill is necessary to operate such a complicated device safely on a world wide network. The goal of the R.U.N.S.A.F.E. program is to help you attain the knowledge and skills necessary for safely operating an Internet connected computer. The information and associated steps listed on this page are key components to everyone's online security. Everyone should understand them and be able to take the actions described. R.U.N.S.A.F.E. workshops are offered once per semester that describe the incidents we've seen at JMU, the threats we're exposed to, and that teach the defensive concepts and procedures described here. Onsite workshops are also available to groups. (contact Gary Flynn to schedule one). Click here to download the RUNSAFE workshop PowerPoint presentation. If you don't have PowerPoint, you can get a free viewer from Microsoft here. A sixteen minute RUNSAFE awareness video is available. It can be downloaded here. The material is copyrighted by Jim Blackburn but may be used for educational purposes. The file is 161 MB in size. R.U.N.S.A.F.E. Goal for All Computer Operators on the JMU network: Understand the material on this page. Run anti-virus software and update it weekly. Preferably the campus supported Norton Anti-virus. Treat email attachments and other unknown programs with caution. Use the Windows Update Site on every new installation and monthly thereafter. Choose strong passwords for your own desktop and on servers which you may use and keep them confidential. Use care if you enable Microsoft File Sharing. Visit the Hot Topics! page at least monthly. For all server operators (Windows/Unix/Mac/Whatever) and all unix desktop operators: Set up new computers with the network cable disconnected. Turn off all services running on the newly installed computer. Connect to network and download and install patches. Turn on
[INFOCON] - NIPC Daily Open Source Report for 29 November 2002
National Infrastructure Protection Center NIPC Daily Open Source Report for 29 November 2002 Daily Overview The L.A. Times reports that a suicide car bombing at a resort hotel in Msumarini, Kenya killed at least 16 people Thursday at the same time that two missiles narrowly missed an Israeli charter jet taking off nearby. (See item 15) According to the BBC, Ohio State University scientists have simulated attacks on key Internet hubs which illlustrate how vulnerable the worldwide network is to disruption by disaster or terrorist action. (See item 14) According to the New York Times, the identity-theft case announced this week is even more troubling because the threat came from company insiders who were able to steal the same types of materials that terrorists would aim to gather. (See item 1) According to Wired News, a report presented to the United Nations on Monday states the security of wireless networks is of critical concern, since wireless local area networks are more prone to hacker attacks than fixed-line networks. (See item 7) NIPC Daily Report Fast Jump [click to jump to section of interest] Power Banking Finance Transportation Gas Oil Telecommunications Food Water Chemical Emergency Law Enforcement Government Operations Information Technology Cyber Threats and Vulnerabilities Internet Alert Dashboard General NIPC Information Power Sector Nothing to report. Current Electricity Sector Threat Alert Levels: Physical: ELEVATED, Cyber: ELEVATED Scale: Low, Guarded, Elevated, High, Severe [Source: ISAC for the Electricity Sector (ES-ISAC) - http://esisac.com] [return to top] Banking and Finance Sector 1. November 27, New York Times Identity-theft case exposes insider threat. Many law enforcement and security experts say the large-scale identity theft case announced this week simply provides a startlingly large window onto a problem that not only threatens people's sense of privacy and invulnerability, but also poses questions about the priority many companies place on security. Officials said there was no evidence of a terrorist connection to the fraud. But the case raises the specter of terrorists' gaining what appears to have been cheap and easy access to material that can be used to create false identities within the United States, experts said. Joanna P. Crane, the manager of the Federal Trade Commission's identity theft program, which was created in January 1999, said that the entire episode was troubling because what was stolen was exactly the material that terrorists would aim to gather. The case, many security experts say, also shows what they have long contended: that insiders are a bigger threat than outside hackers, because they have access to closely held passwords, and knowledge of the systems they are seeking to manipulate. Source: http://www.nytimes.com/2002/11/27/nyregion/27CRED.html [return to top] Transportation Sector 2. November 27, New York Times Airlines' official warns on security costs. Carol B. Hallett, president of the Air Transport Association, an airline trade association, said Tuesday that unless the industry's problems are fixed soon, it might be necessary to nationalize the airlines. Hallett, speaking at an industry luncheon, said that such a step would have costs that were intolerable, but that the burden of security fees was destroying the airlines. Fees that are supposedly charged to passengers are essentially paid by the airlines, Hallett contended, because the surcharge imposed by the federal government that is supposed to pay for additional security prevents the airlines from charging more for tickets and therefore cuts into airlines' revenue. Failing to fix the root causes of the industry's dire situation could mean that the nationalization of the industry becomes necessary, Hallett said. Source: http://www.nytimes.com/2002/11/27/business/27ATA.html?ex=1039410686ei=1 en=2aeab3e5c35e31ae 3. November 27, New York Times McGreevey pitches DMV plan as vital to New Jersey's security. Surrounding himself with law enforcement officials and terrorism experts, New Jersey Gov. James E. McGreevey Wednesday promoted his $200 million plan to overhaul the state's Department of Motor Vehicles as a vital matter of security, saying it would help prevent criminals and terrorists from obtaining fraudulent state identification. McGreevey said that under the plan, surveillance cameras would be installed and additional police officers assigned to the state's 45 motor vehicles offices, where internal security staffing has dwindled during the past decade and dozens of employees have been arrested on charges of document fraud. Under the proposal, in 2004 the state would begin issuing digitized licenses, which would have fingerprints or electronic retina scans to discourage counterfeiting. Source: http://www.nytimes.com/2002/11/27/nyregion/27MOTO.html?ex=103948ei= 1en=c0d0a74b7236f611
[INFOCON] - NIPC Daily Open Source Report for 3 December 2002
National Infrastructure Protection Center NIPC Daily Open Source Report for 3 December 2002 Daily Overview . CNN reports a statement attributed to al-Qaeda claimed responsibility Monday for last week's terrorist attacks on Israeli targets in Kenya. (See item 13) . IDG.net reports President George W. Bush signed the Cyber Security Research and Development Act into law on Wednesday, providing $880 million to fund a variety of IT-security based programs. (See item 11) . CNN reports the Carnival cruise ship Fascination returned from a three-day sail Monday carrying more than seven dozen people who had contracted a gastrointestinal virus; this is possibly the third Norwalk-related cruise cancellation from a Florida port in recent weeks. (See item 14) . ABC news reports South Korean activists have attacked the White House computer server with electronic mail bombs to protest the acquittal of two U.S. soldiers accused of killing two schoolgirls in a road accident. (See item 12) NIPC Daily Report Fast Jump [click to jump to section of interest] Power Banking Finance Transportation Gas Oil Telecommunications Food Water Chemical Emergency Law Enforcement Government Operations Information Technology Cyber Threats and Vulnerabilities Internet Alert Dashboard General NIPC Information Power Sector 1. December 2, Platts Global Energy - Switzerland changes nuke liability regulation after 9/11. Switzerland has changed the country's nuclear energy liability regulations, and has increased the government's liability in case of terrorism attacks on nuclear power plants. Under the new regulation, the government is liable for SFr500-mil to SFr1-bil ($741-mil to $1.483-bil), the Swiss government said in a statement. After the events of Sep 11, 2001, private insurance companies have reduced their liability to SFr500-mil for attacks on nuclear power plants. To cover the cost, operators of nuclear power plants in Switzerland have to swallow a hike of 12.7% in their insurance premiums. Source: http://www.platts.com/archives/94036.html Current Electricity Sector Threat Alert Levels: Physical: ELEVATED, Cyber: ELEVATED Scale: Low, Guarded, Elevated, High, Severe [Source: ISAC for the Electricity Sector (ES-ISAC) - http://esisac.com] [return to top] Banking and Finance Sector Nothing to report. [return to top] Transportation Sector 2. December 2, U.S. Customs Service - U.S. Customs 24-hour rule begins Monday. U.S. Customs Commissioner Robert C. Bonner announced Monday that the new 24-hour rule requiring advance cargo manifests from sea carriers goes into effect on Monday, December 2. Under the new rule, Customs will grant sea carriers a 60-day grace period to fully implement the program. Over the next two months we strongly encourage rapidly increasing compliance by all parties that are required to take action under the regulation. By quickly implementing the '24-hour rule,' we can together do a better job of protecting the American people and the global trading system as a whole, said Commissioner Bonner. Customs will continue to provide many types of assistance at both the local (port) level and at the Headquarters level, to assist companies in the operational transition to the new procedures. Knowing the contents of a container before it is loaded onto a ship bound for the U.S. is a critical part of our efforts to guard against the terrorist threat. Source: http://www.customs.ustreas.gov/hot-new/pressrel/2002/1202-00.htm 3. December 2, Federal Computer Week - TSA preps smart ID pilot programs. The Transportation Security Administration (TSA) is ramping up its smart card-based programs designed to put identification into the hands of transportation workers nationwide and allow frequent travelers to get through airports quickly. TSA is preparing to launch two regional pilot projects for its Transportation Worker Identification Credential (TWIC) System that will provide workers at airports, ports, railways and other locations with secure access to buildings and systems. TWIC is a system of information systems, said Elaine Charney, TSA's TWIC program manager. The goal is to produce an integrated system that can support one identification card, which then can be used across all transportation industries, she said. TSA officials will soon begin the three-month planning phase of the TWIC pilot project in the Philadelphia/Wilmington, Del., region, Charney said, and soon after will begin the planning phase for the Los Angeles/Long Beach, Calif., region pilot project. Source: http://www.fcw.com/fcw/articles/2002/1202/news-tsa-12-02-02.asp 4. December 1, Houston Chronicle (Texas) - Port security a concern despite recent upgrades. The Port of Houston's civilian and military officials consistently say Ship Channel security is tighter than any time since World War II. Still, each week, two or three intruders -- usually fishermen or port construction
[INFOCON] - News 12/02/02
_ London, Monday, December 02, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ - To subscribe - send an email to [EMAIL PROTECTED] with subscribe infocon in the body To unsubscribe - send an email to [EMAIL PROTECTED] with unsubscribe infocon in the body - _ [CURRENT THREAT LEVELS] Electricity Sector Physical: Elevated (Yellow) Electricity Sector Cyber: Elevated (Yellow) Homeland Security Elevated (Yellow) DOE Security Condition: 3, modified NRC Security Level: III (Yellow) (3 of 5) [News Index] [1] B2-ORM Mailing List [2] Homeland department could transform tech industry [3] Pentagon distributes software for modeling effects of attacks [4] Schneier: No magic security dust [5] Total Info System Totally Touchy [6] Lax Security: ID Theft Made Easy [7] Net security: Steady as she goes [8] Cisco backtracks on security functionality [9] S Koreans launch cyber attack on US over schoolgirls' deaths [10] Ten more tips for safe xmas e-tail [11] Intercepts [12] Computer virus insults victims [13] The Insecurity of Computer Security [14] Tech industry speculates about candidates for security jobs [15] WLAN security is still work in progress [16] Irish ISP blocks web site over dispute [17] Bugbear remains top virus threat [18] 'Critical' MS server flaw may affect few sites [19] First hackers sighted in high speed mobile phone arena _ News _ [1] B2-ORM Mailing List is an international email user group focused on the sharing of information on the implementation of Basel II compliant Operational Risk Management solutions in the Financial Services industry. Why not join today? Simply send an email to : mailto:[EMAIL PROTECTED] The next three years will place enormous strain on the resources of Operational Risk staff in the worlds Financial Services organisations. Why not learn from others and share information? Good practice guides, white papers and other essential information may be found on the groups web site and downloaded to your own system. Topics to be discussed include: Business Continuity Management (new International Standard) The role of Information Security, Audit and Compliance Interfaces with Outsource and other service providers. Six Sigma errors and defects management Money Laundering and Fraud Risk Interfaces to Credit and Market Risk [2] Homeland department could transform tech industry By William New, National Journal's Technology Daily The creation of a Homeland Security Department may presage more than better domestic security. It could mark the transformation of the technology industry from an economically flat maker of consumer-oriented products into a thriving, but more secretive, machine that creates security-oriented products and services. The homeland security opportunity [for tech companies] is unprecedented in the civilian side of government, said Bruce McConnell, a Washington-based technology consultant. The art form is to build relationships early on with the most influential component agencies ... who will define the architecture for years to come. President Bush signed the legislation, H.R. 5005, on Nov. 25. It will take effect in 60 days, but fundamental questions such as funding remain. New jobs in the department also must be filled and congressional oversight of the Cabinet-level agency defined. http://www.govexec.com/dailyfed/1102/112702td1.htm [3] Pentagon distributes software for modeling effects of attacks By Bryan Bender, Global Security Newswire The Defense Department has licensed to a few select nongovernmental organizations previously unavailable software that can model the effects of releases of nuclear, chemical, biological or radiological weapons and materials. The Heritage Foundation, Natural
[INFOCON] - NIPC Daily Open Source Report for 2 December 2002
National Infrastructure Protection Center NIPC Daily Open Source Report for 2 December 2002 Daily Overview . CNN reports the U.S. Transportation Security Administration has warned airports to review their missile attack measures after Thursday's attempt to shoot down a passenger plane in Kenya. (See item 4) . The Sacramento Bee reports Lawrence Livermore National Laboratory is developing a process to measure substances normally occurring in the air to provide a control for systems that monitor biological agents. (See item 14) . The Huntsville Times reports Tanner, Alabama has a new water treatment plant that filters viruses, one of only 100 such facilities worldwide. (See item 8) . The GAO has published a report which recommends changes to the manner in which data regarding terrorism funding is collected and reported. (See item 9) NIPC Daily Report Fast Jump [click to jump to section of interest] Power Banking Finance Transportation Gas Oil Telecommunications Food Water Chemical Emergency Law Enforcement Government Operations Information Technology Cyber Threats and Vulnerabilities Internet Alert Dashboard General NIPC Information Power Sector 1. November 29, Platts Energy News - Explosion at Germany's Brunsbuttel nuke generator. There was an explosion at the Brunsbuttel nuclear power plant in northern Germany on Wednesday evening, a spokesman for the energy ministry of Schleswig-Holstein said Friday. The 806MW reactor is currently offline following a safety incident last December. The explosion happened in a generator in the non-nuclear party of the plant. No one was injured. The extent of the damage is not yet known, but the spokesman said Brunsbuttel was likely to remain offline longer than anticipated as a result of the generator fault. The explosion happened when the explosive gases condensed and then exploded, and the BKA (German federal crime office) is investigating. Brunsbuttel has been offline since Feb 18, 2002, shut down in order to probe circumstances surrounding a radioactive leak on Dec 14, 2001. Source: http://www.platts.com/archives/94003.htm 2. November 26, Fortune Magazine - Power failure: massive debt burdens the energy industry. In the past several years of boom and expansion, power companies borrowed approximately $600 billion; some of which was used in speculative trading operations, but most went to buy other power companies or build natural-gas power plants. About $90 billion of this debt must be repaid or renegotiated by 2006. Few companies are able to repay this - the collapse of energy trading has put them in a cash crunch, and several are close to bankruptcy. In addition, the overbuilding has lowered cost of energy and the economic downturn has meant that the country is not using as much power as expected. As a result, power prices are severely depressed. Possible buyers, should bankruptcy occur, are buyout firms, financial investors, and European utilities. Also, various local utility companies, bought out in the 1990s, may opt to buy some of the assets. Source: http://www.energycentral.com/sections/newsroom/nr_article.cfm?id=3482610 Current Electricity Sector Threat Alert Levels: Physical: ELEVATED, Cyber: ELEVATED Scale: Low, Guarded, Elevated, High, Severe [Source: ISAC for the Electricity Sector (ES-ISAC) - http://esisac.com] [return to top] Banking and Finance Sector 3. November 27, Associated Press - New York bank pleads guilty to charges. Broadway National Bank pleaded guilty to three felony charges of not reporting suspicious banking activity between 1996 and 1998, and will pay a $4 million fine. Authorities said the case marked the first prosecution of a bank for failing to establish an anti-money laundering program and failing to file required suspicious activity reports. U.S. Customs Special Agent Nelson Chen said $123 million was illegally moved through the bank - most of it the proceeds of drug trafficking - after some criminal organizations learned Broadway was not following proper procedures. Source: http://story.news.yahoo.com/news?tmpl=storyu=/ap/20021127/ap_on_bi_ge/b ank_plea_3 [return to top] Transportation Sector 4. December 1, CNN - Airports asked to review missile attack measures. After Thursday's attempted missile attack on a passenger plane in Kenya, the U.S. Transportation Security Administration (TSA) asked officials at U.S. airports to review measures to protect against similar attacks. TSA spokesman Robert Johnson told CNN Saturday that the TSA notification went to all federal security directors (TSA employees who direct security at airports), who were then to notify security at individual airports. Unknown attackers launched two shoulder-fired missiles at an Israeli charter flight as the Boeing 757 was taking off from Mombasa airport. The missiles missed their target and authorities later found two launchers and two unused missiles near the
[INFOCON] - News 12/04/02
_ London, Wednesday, December 04, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ - To subscribe - send an email to [EMAIL PROTECTED] with subscribe infocon in the body To unsubscribe - send an email to [EMAIL PROTECTED] with unsubscribe infocon in the body - _ [News Index] [1] Homeland defense commander stresses 'need to share' information [2] Homeland agency charged with outreach [3] PGP goes back to its roots [4] Virus payloads bigger, nastier [5] Barbarians at the Gate: An Introduction to Distributed Denial of Service Attacks [6] NetNames cock-up blamed for eBay detagging [7] Iowa governor dismisses CIO [8] OMB finds security leverage [9] GSA's center of activity [10] Cautionary tales [11] Does Research Support Dumping Linux? [12] E-government bill wins praise from tech officials [13] Infiltrating agency ops [14] New opportunities for NIST [15] Traveler smart card poses security concerns [16] Wennergren named Navy CIO [17] ISS Goes Public With Vulnerability Disclosure Guidelines [18] Firewalls face next challenge [19] Vendors complete tougher ICSA 4.0 firewall tests _ CURRENT THREAT LEVELS _ Electricity Sector Physical: Elevated (Yellow) Electricity Sector Cyber: Elevated (Yellow) Homeland Security Elevated (Yellow) DOE Security Condition: 3, modified NRC Security Level: III (Yellow) (3 of 5) _ News _ [1] Homeland defense commander stresses 'need to share' information By Molly M. Peterson, National Journal's Technology Daily Officials at the newly established U.S. Northern Command may have to consider abandoning the military's traditional system for classifying information as they build crucial lines of communication with federal, state and local homeland security agencies, the Northern Command's chief information officer said recently. Speaking to reporters at a homeland security summit late last month, Maj. Gen. Dale Meyerrose said inter-agency information sharing is a blossoming requirement for the Northern Command, which is headquartered at Peterson Air Force Base in Colorado Springs, Colo. The command is charged with consolidating the military's homeland defense and civil-support missions. The Defense Department's current classification system allows military offices to share information on a need-to-know basis, and requires security clearances and background checks for access to information with such labels as top secret and classified. But Meyerrose said that system could hinder the Northern Command's ability to share real-time information with civilian agencies that classify their information differently. http://www.govexec.com/dailyfed/1202/120302td1.htm [2] Homeland agency charged with outreach Security strategy at risk if coordination fails BY Diane Frank, Megan Lisagor and Dibya Sarkar Dec. 2, 2002 When President Bush signed the Homeland Security Department into law last week, he triggered activity on two fronts. Internally is the much-publicized effort to bring 170,000 employees from nearly two dozen agencies into a single department, if only virtually. Externally is the often overlooked effort to coordinate the department's work with a multitude of organizations across state and local government and the private sector. This second front, many observers say, is equally vital - and equally at risk for failure. http://www.fcw.com/fcw/articles/2002/1202/news-home-12-02-02.asp [3] PGP goes back to its roots By ComputerWire Posted: 04/12/2002 at 10:03 GMT PGP Corp this week delivered its first set of product upgrades since the company was spun out of Network Associates Inc this August, and delivered on its promise to publish the source code to the pioneering cryptography software, writes Kevin Murphy. PGP sees 8.0
[INFOCON] - NIPC Daily Open Source Report for 4 December 2002
National Infrastructure Protection Center NIPC Daily Open Source Report for 4 December 2002 Daily Overview . The Washington Post reports the nature of identity theft has changed and today is more likely to come from insiders going after a massive amount of information rather than a thief stealing an individual's wallet. (See item 2) . NEPA News reports that Carnegie Mellon University and the University of Pittsburgh are freely providing software to health organizations to assist in the early warning of a bioterrorist attack. (See item 16) . The Land Livestock Post reports that Texas AM University has published an internet website to assist meat and poultry processors quickly find information on food safety. (See item 7) NIPC Daily Report Fast Jump [click to jump to section of interest] Power Banking Finance Transportation Gas Oil Telecommunications Food Water Chemical Emergency Law Enforcement Government Operations Information Technology Cyber Threats and Vulnerabilities Internet Alert Dashboard General NIPC Information Power Sector 1. December 3, Platts Global Energy - Outage cuts UK-France flows by 500MW until Dec 10. A problem with a transformer is likely to cut capacity transfer on the UK-France power link by 500MW in both directions until Dec 10 at the earliest, a spokesman for UK transmission system operator National Grid said Tuesday. The problem with the transformer at Sellindge converter station in Kent, on the UK side of the link, occurred in the early hours of Monday morning, he said. The best guess of link operators National Grid and French transmission system operator RTE was that it will return to its full capacity transfer level of 2,000MW on or around Dec 10, he said. The grid operators were investigating the problem with the transformer, he said. Source: www.platts.com/stories/electricpower3.html Current Electricity Sector Threat Alert Levels: Physical: ELEVATED, Cyber: ELEVATED Scale: Low, Guarded, Elevated, High, Severe [Source: ISAC for the Electricity Sector (ES-ISAC) - http://esisac.com] [return to top] Banking and Finance Sector 2. December 3, Washington Post - Identity theft more often an inside job. The nature of identity theft has changed and the threat today is more likely than ever to come from insiders - employees with access to large financial databases who can loot personal accounts - than from a thief stealing a wallet or pilfering your mail. Banks, companies that take credit cards and credit-rating bureaus themselves don't do enough to protect consumers, critics say. Law enforcement experts now estimate that half of all such cases come from thefts of business databanks as more and more information is stored in computers that aren't properly safeguarded. There is a shift by identity thieves from going after single individuals to going after a mass amount of information, said Joanna Crane, identity-fraud program manager at the Federal Trade Commission. There's an awful lot of bribery of insiders going on. Source: http://www.washingtonpost.com/wp-dyn/articles/A1026-2002Dec2.html [return to top] Transportation Sector 3. December 3, U.S. Customs Service - Customs announces CSI deployment at Le Havre. U.S. Customs Commissioner Robert C. Bonner announced Tuesday the deployment of four U.S. Customs officers to the French port of Le Havre, marking the latest step in the agency's Container Security Initiative (CSI). CSI is designed to prevent terrorists from infiltrating the world's sea cargo environment by improving security at key seaports worldwide. To date, nine countries have agreed to participate with U.S. Customs under CSI. These agreements cover 15 ports, all among the top 20 ports that handle shipments bound for the United States. Source: http://www.customs.ustreas.gov/hot-new/pressrel/2002/1203-00.htm 4. December 1, Dallas Morning News - International shipping vehicles vulnerable to terrorist attacks. With al-Qaeda stepping up its sporadic attacks on western targets, there is a consensus among terrorism experts that international shipping is increasingly vulnerable to extreme tactics. The risk extends beyond the big, obvious targets to the thousands of ferryboats that move cars, cargo and commuters from port to port, often with minimal security, in the United States and Europe. Steven Flynn, a former U.S. Coast Guard commander who is now a senior fellow with the Council on Foreign Relations, contends that one serious incident involving containers brought into the United States by ship would prompt the public to demand the entire system be shut down, crippling global commerce. The impact of a shipping shutdown would be disastrous for the U.S. economy, Flynn said. While U.S. counter-terrorism officials grapple with this potential hazard, their European counterparts have imposed high security alerts in recent months because of intelligence indicating that terrorists plan to target one of
[INFOCON] - NIPC Daily Open Source Report for 5 December 2002
National Infrastructure Protection Center NIPC Daily Open Source Report for 5 December 2002 Daily Overview . CERT announces Vulnerability Note VU#140977: SSH Secure Shell for Workstations contains a buffer overflow in URL handling feature that may allow an attacker to execute arbitrary code. (See item 9) . CERT announces Vulnerability Note VU#740169: Cyrus IMAP Server contains a buffer overflow vulnerability that may allow a remote attacker to execute arbitrary code on the mail server. (See item 10) . Business Wire reports that in a recent strategic simulation of a terror attack designed to assess America's vulnerability through its ports, business and government leaders found that such an attack could potentially cripple global trade and have a devastating impact on the nation's economy. (See item 2) . CBS reports a huge, fast-moving storm has spread ice and snow from the Texas Panhandle to Virginia, making highways slippery and knocking out power to thousands of customers, and is expected to dump heavy snow and ice tomorrow in Washington, D.C., Philadelphia, and New England. (See item 11) NIPC Daily Report Fast Jump [click to jump to section of interest] Power Banking Finance Transportation Gas Oil Telecommunications Food Water Chemical Emergency Law Enforcement Government Operations Information Technology Cyber Threats and Vulnerabilities Internet Alert Dashboard General NIPC Information Power Sector 1. December 4, Associated Press - Governor extends National Guard security at nuclear plants until March. Pennsylvania Gov. Mark Schweiker said the National Guard and state police will patrol the state's five nuclear power plants at least until March 2003. In a November 2001 disaster emergency proclamation, Schweiker directed the National Guard to join state police at the plants. On Tuesday, Schweiker for the fifth time extended the proclamation, which had been set to expire this week. Source: http://pennlive.com/newsflash/pa/index.ssf?/newsflash/get_story.ssf?/cgi -free/getstory_ssf.cgi?d0741_BC_PA-BRF--NuclearSecurinewsnewsflash-pe nnsylvania Current Electricity Sector Threat Alert Levels: Physical: ELEVATED, Cyber: ELEVATED Scale: Low, Guarded, Elevated, High, Severe [Source: ISAC for the Electricity Sector (ES-ISAC) - http://esisac.com] [return to top] Banking and Finance Sector Nothing to report. [return to top] Transportation Sector 2. December 4, Business Wire - Wargame reveals that threats to port security call for integrated public/private action. In a strategic simulation of a terror attack designed to thoroughly assess America's vulnerability through its ports, a group of business and government leaders found that such an attack could potentially cripple global trade and have a devastating impact on the nation's economy. The group focused on ways to improve detection before a weapon gets to a U.S. port, as well as help businesses to build resiliency into their operations. The two-day Port Security Wargame took place October 2-3, 2002 in Washington, D.C., with 85 leaders from a range of government and industry organizations, who have a critical stake in port security. The results of the wargame revealed that at current preparedness levels, a dirty bomb attack through the ports could cost U.S. businesses as much as $58 billion. Source: http://biz.yahoo.com/bw/021204/42263_1.html 3. December 2, Vancouver Sun - Canadian Coast Guard reports vast security gaps. The Canadian Coast Guard is unable to adequately protect Canada's coastlines from terrorists, says Coast Guard Commissioner John Adams. The CCG, which acts as the country's coastal eyes and ears through a series of radar stations and at-sea surveillance, relies largely on an honor system to obtain information on the whereabouts of incoming vessels. So the coast guard knows of vessels in Canadian waters only if they want us to know, according to Adams. Adams' blunt assessment echoes the conclusions of a Senate report in September that said Canada's coastlines are vulnerable to terrorists and their weapons of mass destruction. While the coast guard has the ability to track suspicious boats near busy waterways, its hands are tied in areas such as the central and northern British Columbia coast where there is no radar capability. Until this year, the Prince Rupert, B.C. station tracked vessels using a Second World War-style table map over which little wooden boats were moved around manually. Adams painted a grim picture of the coast guard's state, saying the service still can do its job but needs a $400-million infusion in the next three to five years just to renew an aging fleet of vessels. Source: http://www.nationalpost.com/search/site/story.asp?id=44830E03-754B-47D8- 982F-8963219D538C [return to top] Gas and Oil Sector Nothing to report. [return to top] Telecommunications Sector Nothing to report. [return to top] Food Sector 4. December 4,
[INFOCON] - News 12/06/02
_ London, Friday, December 06, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ - To subscribe - send an email to [EMAIL PROTECTED] with subscribe infocon in the body To unsubscribe - send an email to [EMAIL PROTECTED] with unsubscribe infocon in the body - _ [News Index] [1] An electronic Maginot Line [2] Government shows Sklyarov video in court [3] Does Cybercrime Still Pay? [4] Travel sector's poor security exposed it to hacking risks [5] I shut radio site, boasts teen hacker [6] PGP Lifts Its Hood [7] Cyber hype [8] 'Mangled mess of trees and power lines' [9] Trouble With Trojans [10] Agencies focus on better cargo security to fight terrorism [11] New technologies key to Defense transformation, says official [12] Investors suppress tech wreck memories [13] Arguments heard over file-swapping [14] Lagel worm wipes files [15] Defense to influence tech industry to develop systems useful to military [16] Bill pushes security, but no money so far [17] Final curtain for Aussie hacker site [18] Bush signs Webcast Act [19] Integrated IT network in new agency worth expense [20] UK still vulnerable to hackers [21] Al Qaeda Web site targets Israel CURRENT THREAT LEVELS _ Electricity Sector Physical: Elevated (Yellow) Electricity Sector Cyber: Elevated (Yellow) Homeland Security Elevated (Yellow) DOE Security Condition: 3, modified NRC Security Level: III (Yellow) (3 of 5) _ News _ (Partial FUD with a nice title which I think is unintentionally ironic. Someone within Rep. Sherwood Boehlert press staff should have done a bit more research before publishing the article. For example, CIAO was awarded a new name Computer Information Assurance Organization (www.ciao.gov). But back to the title, the French build the Maginot line between 1929 and 1940 to slow down stop potential German attacks, which was a sound idea, but unfortunately they left a massive 'backdoor'. So the Nazis just bypassed the line which made entire line rather useless. Hence I would never expect too much from an 'electronic Maginot Line'. WEN) [1] An electronic Maginot Line Cyber security legislation a necessity By Sherwood Boehlert Recent reports of two individuals using a few computer keystrokes to steal the financial identities of 30,000 Americans point up a growing weakness in the U.S. - cybersecurity. And in the hands of a terrorist, the damage wrought by computers could be far worse than identity theft. Although the issue has not received much attention in the media, Congress has taken some key steps in the past year to counter the emerging cyberterrorist threat. Cyberterrorism may sound like the stuff of science fiction or like a minor inconvenience, but it is neither. In a world in which our telecommunications and financial systems, our business transactions, our electric and water utilities and our emergency response systems all rely on computer networks, a focused cyberattack could wreak havoc and threaten lives. It is not an exaggeration to say that the day-to-day functioning of our society is only as secure as the most vulnerable computer terminal with access to the Internet. And those terminals are vulnerable. In addition to the recent identify thefts, in the first half of 2002, there were 43,136 reported computer break-ins - more than double the number reported in all of the year 2000, according to the Computer Emergency Response Team, a federally funded group at Carnegie-Mellon University that acts as central repository for break-in reports. The group defines break-in conservatively, so each reported incident may affect thousands of computers. Even more troubling was the recent concerted attack on the servers that run the Internet - a sophisticated effort that originated overseas. http://www.house.gov/science/press/107/boehlert.htm http://www.house.gov/science/press/107/boehlert.htm
[INFOCON] - NCIX: week of action against warmongering
-Original Message- Sent: 06 December 2002 20:41 Subject: NCIX WEB SITE UPDATE ADVISORY #24-2002 Dear Friends and Colleagues: According to the Federal Bureau of Investigation (FBI), a loose network of antiwar groups is planning a week of action against warmongering to occur December 15 - 21, 2002. Organizers, who have expressed strong opposition to possible U.S. military action against Iraq, are advocating explicit and direct attack upon the war machine, and have called for attacks on the headquarter facilities and other assets of oil companies and defense contractors, singling out Boeing and Lockheed Martin. Department of Defense (DoD) assets also represent potential targets for attack. Organizers have referenced an October 14, 2002 incident in San Jose, California, in which DoD recruiting offices were damaged and a DoD recruiting van was set on fire. Activists may also target major media companies by sanitizing newspaper vending machines, jamming or hijacking radio and television signals, or attacking broadcast towers and damaging equipment. Potential victims should be alert to any suspicious activities that may be associated with this week-long protest. Information regarding potential threats should be reported to local law enforcement and the nearest FBI Joint Terrorism Task Force. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
[INFOCON] - Plans Being Made to Protect U.S. InformationInfrastructure
Plans Being Made to Protect U.S. Information Infrastructure (Communications industry preparing list of recommendations) (1140) Representatives from the U.S. communications industry are pushing a deadline to develop a list of recommendations to ensure the safety of the nation's information and communications infrastructure in the event of terrorist attacks or disasters. The Network Reliability and Interoperability Council (NRIC), chartered by the Federal Communications Commission is set to develop a list of best practices to put forth to the U.S. communications industry by December 20. Speaking at an NRIC session December 6, Richard C. Notebaert, council chairman and chairman and CEO of Qwest Communications International, said, Today's meeting illustrates the industry commitment to work together and share best practices in an effort to improve network reliability and strengthen the nation's communications network against terrorist attacks and natural disasters. The panel is considering best practices to protect and secure both the physical and cyber networks. FCC Chairman Michael Powell is urging companies throughout the country to adopt the best practices voluntarily. Following is the text of the FCC press release. (begin text) NEWS Federal Communications Commission December 6, 2002 HOMELAND SECURITY: COMMUNICATIONS INDUSTRY CONSIDERS MEASURES TO PROTECT NATION'S COMMUNICATIONS SERVICES AGAINST ATTACK Washington, D.C. - Representatives from across the communications industry came together today to consider recommendations to protect and strengthen the nation's communications infrastructure against terrorist attacks or national disasters. The measures were considered by the Network Reliability and Interoperability Council (NRIC) VI which held its quarterly meeting today at the FCC. NRIC is composed of representatives from the telecommunications, cable, wireless, satellite and ISP industries. The 56-member Council will review some 300 best practices - many of which are currently being practiced by industry members - for widespread adoption and implementation across the industry. Best practices range from increasing physical security at communications facilities to process changes and training to increased protection of proprietary information. NRIC members have until December 20, 2002 to vote on recommendations to the industry that these best practices voluntarily be implemented. FCC Chairman Michael Powell said, Homeland Security is a critical issue that touches every consumer in America. People want to know that in an emergency their calls will go through and they can reach loved ones. Every bit as important, our nation's communications network must be secure and protected to ensure that public safety, health, and law enforcement officials are able to respond and ensure the flow of information. Richard C. Notebaert, NRIC chairman and chairman and CEO of Qwest Communications International, said, Today's meeting illustrates the industry commitment to work together and share best practices in an effort to improve network reliability and strengthen the nation's communications network against terrorist attacks and natural disasters. The telecommunications industry has taken a leadership role in proactively identifying and protecting our nation's communications infrastructure. Many of the best practices we have heard today are actively being implemented by many companies. I strongly urge the industry to adopt as many of these Best Practices as appropriate to ensure the protection and reliability of our nation's communications system, Powell continued. In developing its best practices, NRIC's Physical Security Focus Group, led by Karl Rauscher, director, network reliability office, Lucent Technologies Bell Labs, and NRIC's Cyber Security Focus Group, led by Dr. Bill Hancock, vice president, Cable Wireless, underwent a rigorous process that included a detailed vulnerability and threat assessment and identified the best practices currently in use by the industry to take necessary steps to improve security and mitigate associated risks. The items considered today include: Best Practices for Securing the Physical Network: --Technology. Best practices for the application of new technologies to better mitigate the effects of an attack. --Access Controls. Best practices for access control methods and procedures to help ensure that unauthorized personnel do not have access to critical network infrastructures. Best practices include the development of formal procedures for assigning facility access and constructing physical barriers to prevent vehicular and pedestrian tailgating, electronic surveillance at critical access points and changes to landscaping and outdoor lighting. --Personnel. Best practices for security procedures and associated training including recognizing and reporting suspicious items and handling of proprietary information. --Design and Construction. Best practices for new
[INFOCON] - NIPC Software Firm Investigation Serves as a GeneralInformation Security Reminder
http://www.nipc.gov/publications/infobulletins/2002/ib02-011.htm National Infrastructure Protection Center Software Firm Investigation Serves as a General Information Security Reminder Information Bulletin 02-011 December 6, 2002 NIPC Information Bulletins communicate issues that pertain to the critical national infrastructure and are for informational purposes only. The US Attorney's Office announced today that it searched the Massachusetts offices of Ptech Inc. in connection with allegations relating to an ongoing financial crime investigation. Media coverage of this issue has been strong and immediate, focused in part on the fact that Ptech software is used by a customer base that includes financial services and government market segments. News outlets questioned whether the company's software might have been tampered with for use in some nefarious purpose. In this specific regard, two things are worth noting. First, the US Attorney's announcement in no way alleges that Ptech's products present any security threat. Second, based upon information available to it, the NIPC is not aware of any information or indication that Ptech software contains viruses, malicious codes, or otherwise performs in an anomalous fashion. Media and public sensitivity to this case, however, demonstrates a greater point which is unrelated to any specific company or product. Therefore, the NIPC is taking this opportunity to remind the public that sophisticated cyberattack capabilities can be extremely difficult to detect and that nothing can guarantee the complete safety of any software. There is no substitute for the full range of information security practices within any organization including: An assessment of the value of the information assets to be protected, An assessment of the likely threats, natural and man-made, to these assets, Regular analyses of the vulnerabilities of the information systems in use, including not only the technical but also the human elements of those systems, An integrated assessment of the information security risk (threat, vulnerabilities, and asset loss) along with a cost-effect plan to mitigate those risks. The following web sites contain more information on best practices in information security http://www.nipc.gov/publications.htm http://www.cert.org/ www.sans.org www.fedcirc.gov www.nist.gov The NIPC encourages individuals to report information concerning suspicious activity to their local FBI office, http://www.fbi.gov/contact/fo/fo.htm , the NIPC, or to other appropriate authorities. Individuals may report incidents online at http://www.nipc.gov/incident/cirr.htm, and can reach the NIPC Watch and Warning Unit at (202) 323-3205, Tol1 Free at 1-888-585-9078, or by email to [EMAIL PROTECTED] IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
[INFOCON] - News 12/09/02
_ London, Monday, December 09, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ - To subscribe - send an email to [EMAIL PROTECTED] with subscribe infocon in the body To unsubscribe - send an email to [EMAIL PROTECTED] with unsubscribe infocon in the body - _ [News Index] [1] Homeland security budget boost not yet a reality [2] DOD still working on change [3] Exploring intuitive decision-making [4] Feds Label Wi-Fi a Terrorist Tool [5] FBI seeks to link joint terrorism task forces [6] CfP ECIW 2003 [7] Organised Net crime rising sharply - top UK cop [8] Threat grows of cyber attack by terrorists groups [9] Complex Networks Too Easy to Hack [10] Navy preps XML policy [11] Drop that E-Book or I'll Shoot! [12] DOD extends global net [13] Microsoft: IE hole worse than reported [14] Security hole exposes Tower Records [15] Israel, FBI Find Suspected Credit Hacker [16] Hacker 'DVD Jon' Goes on Trial [17] Virus Throttle a Hopeful Defense [18] Scientists seek revamped federal supercomputing effort [19] .Net.uk domain granted stay of execution [20] New cybersecurity institute to fight online crime _ CURRENT THREAT LEVELS _ Electricity Sector Physical: Elevated (Yellow) Electricity Sector Cyber: Elevated (Yellow) Homeland Security Elevated (Yellow) DOE Security Condition: 3, modified NRC Security Level: III (Yellow) (3 of 5) _ News _ [1] Homeland security budget boost not yet a reality By Shane Harris A year ago, as the federal government mounted a massive homeland security effort at the same time the commercial technology market was collapsing, Uncle Sam became the most attractive information technology customer in America. In February, President Bush requested $52 billion in new IT spending for fiscal 2003. Hungry would-be federal contractors, hoping that a hefty chunk of the money would go to purchasing leading-edge commercial products for homeland security, set up shop inside the Beltway. But aside from an initial jolt of emergency funding after the Sept. 11 attacks-about $1 billion of which was spent on IT-technology spending in 2002 didn't seem to have much to do with homeland security. By and large, agencies are only beginning to understand what they want to buy, and are focusing on basic technologies, not the new wave of products many companies had assumed they would purchase. Why? For most of 2002, agencies were preoccupied adjusting to their post-Sept. 11 missions; some were preparing for a massive reorganization under the proposed Homeland Security Department. Because they're struggling just to figure out what homeland security is, they've had less time to shop for new technologies to help them ensure it, says George Molaski, former chief information officer of the Transportation Department and now a consultant. http://www.govexec.com/dailyfed/1202/120602h2.htm (Any Information Operation needs to be based on a well developed and tested doctrine to be really effective. Just have a look at the development of air warfare doctrine which took a long time to mature until it became a 'decisive weapon'. WEN) ... The notion of network-centric warfare does little to prepare soldiers and sailors for actual combat against a real enemy, Van Riper said. Instead of focusing on IT, he said, the services must develop new concepts of effective military operations. Don't put your faith in the technology, he said after the conference, You've got to do the thinking first. ... [2] DOD still working on change BY Nancy Ferris Dec. 9, 2002 The military is embracing the idea of network-centric warfare, but Defense Department officials need to change their mind-sets if they want to make it stick, according to the man who first championed the concept. Much of what they focus on is becoming irrelevant, said