_________________________________________________________________ London, Thursday, December 19, 2002 _________________________________________________________________
INFOCON News _________________________________________________________________ IWS - The Information Warfare Site http://www.iwar.org.uk _________________________________________________________________ --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- _________________________________________________________________ ---------------------------------------------------- [News Index] ---------------------------------------------------- [1] Senator calls for federal job cuts to pay for homeland security [2] House leaders discuss oversight of Homeland Security Department [3] Transit agencies seek federal guidance on counterterror technology [4] Agencies seek stronger controls on trade in dual-use technologies [5] Cities Say No to Federal Snooping [6] Sysadmin accused of Paine Webber computer sabotage [7] Beware the Latest MP3 Worms [8] Australian Govt 'safe list' snubs Microsoft [9] Snooping in All the Wrong Places [10] Police can't access terrorist watch lists [11] White House will not support Pentagon's disinformation plan [12] Software, Security, and Ethnicity [13] One Man's Info War on al-Qaida [14] OPM progressing on e-clearances [15] States bypass rural Internet obstacles [16] US e-gov spending to soar [17] SSH flaws sighted [18] Macromedia Flash Crash [19] Evaluating Network Intrusion Detection Signatures, Part Three _________________________________________________________________ CURRENT THREAT LEVELS _________________________________________________________________ Electricity Sector Physical: Elevated (Yellow) Electricity Sector Cyber: Elevated (Yellow) Homeland Security Elevated (Yellow) DOE Security Condition: 3, modified NRC Security Level: III (Yellow) (3 of 5) _________________________________________________________________ News _________________________________________________________________ [1] Senator calls for federal job cuts to pay for homeland security By Jason Peckenpaugh Sen. John Edwards, D-N.C., Wednesday reiterated his call for eliminating 10 percent of all federal jobs that are not related to national security-about 97,000 government jobs in all. The job cuts would free up money to fund homeland security and help restore fiscal discipline, Edwards said in a speech to the Brookings Institution, a liberal Washington think-tank. Edwards, a possible Democratic presidential candidate in 2004, first urged reducing the federal workforce in a Nov. 12 speech to a conference sponsored by Fortune magazine. In that speech, he criticized the Bush administration for adding federal jobs and called for a 10 percent cut in the federal workforce except at the Defense and Homeland Security departments. http://www.govexec.com/dailyfed/1202/121802p1.htm ---------------------------------------------------- [2] House leaders discuss oversight of Homeland Security Department By Mark Wegner, CongressDaily House Republican leaders this week began to consider the jurisdictionally thorny issue of congressional oversight for the new Homeland Security Department. Incoming House Majority Leader Tom DeLay, R-Texas, confirmed Tuesday that Republican leaders during meetings Monday and Tuesday began to discuss their oversight options. DeLay said he wants to smooth the transition to the new department for Office of Homeland Security Director Tom Ridge, the White House's choice to head the department. "We have to see how things progress in the executive branch," DeLay said. "We need to be as helpful as we can." http://www.govexec.com/dailyfed/1202/121802cd3.htm ---------------------------------------------------- [3] Transit agencies seek federal guidance on counterterror technology >From National Journal's Technology Daily State and local transit agencies say they need more guidance from the federal government in acquiring counterterrorism technologies, according to a General Accounting Office report released Wednesday. Officials from one agency, for example, told GAO that they have been "bombarded" by vendors selling security technologies since Sept. 11, 2001, but they have been unsure about the quality and usefulness of those products and whether they soon might be rendered obsolete. In the report (GAO-03-263) Federal Transit Administration officials told GAO they are developing a secure Web site to share more security-related "best practices" with transit agencies. FTA also is funding a mass-transit information sharing and analysis center that will disseminate intelligence information to transit agencies. GAO also noted that FTA's Office of Technology has requested about $4.2 million for safety and security technologies in fiscal 2003. That would be a 272 percent increase over fiscal 2002 spending of $1.1 million. http://www.govexec.com/dailyfed/1202/121802td2.htm ---------------------------------------------------- [4] Agencies seek stronger controls on trade in dual-use technologies By William New, National Journal's Technology Daily In the Bush administration's effort to attack the rising problem of sensitive products falling into the wrong hands through trade, technology cuts two ways. "Technologies with sensitive military applications frequently have legitimate commercial applications as well," John Schlosser, director of the Office of Export Control Cooperation at the State Department's Bureau of Nonproliferation, said in a speech last week in Bangkok, Thailand. "Weapons proliferators know this and cleverly mask their acquisitions as innocent business transactions to deceive government officials and legitimate businesses." Several agencies in the administration are working to convince countries that have the world's biggest shipping hubs and are located near terrorist activity to adopt stronger export controls. The United States controls its exports of military items and commercial items with potential military uses, known as dual-use items, by restricting which countries can receive the items. http://www.govexec.com/dailyfed/1202/121802td1.htm ---------------------------------------------------- [5] Cities Say No to Federal Snooping By Julia Scheeres | 02:00 AM Dec. 19, 2002 PT Fearing that the Patriot Act will curtail Americans' civil rights, municipalities across the country are passing resolutions to repudiate the legislation and protect their residents from a perceived abuse of authority by the federal government. On Tuesday, Oakland became the 20th municipality to pass a resolution barring its employees -- from police officer to librarian -- from collaborating with federal officials who may try to use their new power to investigate city residents. http://www.wired.com/news/politics/0,1283,56922,00.html ---------------------------------------------------- [6] Sysadmin accused of Paine Webber computer sabotage By John Leyden Posted: 18/12/2002 at 18:00 GMT A former sysadmin with UBS PaineWebber was indicted yesterday on federal charges of trying to manipulate the stock price of the brokerage's parent company by crippling its computer network. Roger Duronio, 60, allegedly sent a logic bomb to over 1,000 PCs used by Painewebber brokers in hopes of disrupting operations to such an extent that the stock price of parent company UBS fell. He invested more than $21,000 in put options and stood to make a fortune if UBS share price fell dramatically, prosecutors allege. http://www.theregister.co.uk/content/55/28630.html http://www.vnunet.com/News/1137678 http://zdnet.com.com/2100-1106-978386.html ---------------------------------------------------- [7] Beware the Latest MP3 Worms By Michelle Delio 04:30 PM Dec. 18, 2002 PT Music file swappers may unknowingly be sharing their computers as well as their favorite tunes. Two new security vulnerabilities, disclosed late Wednesday, allow an attacker to completely take over a computer system by using malicious music files. http://www.wired.com/news/technology/0,1282,56924,00.html http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/bulletin/MS02-072.asp ---------------------------------------------------- [8] Australian Govt 'safe list' snubs Microsoft By James Pearce, ZDNet Australia 17 December 2002 Microsoft's products have been left off a list compiled by the Defence Signals Directorate that aims to evaluate and advise whether software is appropriate for use by Australian Government agencies. The Defence Signals Directorate Evaluated Product List (DSD EPL) provides a listing of products that have been deemed appropriate for use within the Australian Government for the protection of non-national security electronic information, according to the Directorate. http://www.zdnet.com.au/newstech/security/story/0,2000024985,20270727,00 .htm ---------------------------------------------------- [9] Snooping in All the Wrong Places Not only would the Administration's plan to centralize every American's records destroy privacy, the security payoff would be minimal The 2002 elections proved one thing: The promise of security wins votes. The GOP campaigned on a pledge to make the country safer, and it brought home one of the biggest midterm victories in decades. That huge win may have emboldened the Bush Administration to ignore widespread criticism of the Defense Dept.'s $240 million effort to develop a Total Information Awareness system (TIA). http://www.businessweek.com/technology/content/dec2002/tc20021218_8515.h tm ---------------------------------------------------- [10] Police can't access terrorist watch lists By Susan M. Menke GCN Staff Local and state police "operate in a virtual intelligence vacuum" without access to State Department terrorist watch lists, according to a report last month from the Council on Foreign Relations Inc. of New York. Former U.S. senators Gary Hart and Warren B. Rudman chaired the high-profile task force that produced the report, posted at www.cfr.org/publication.php?id=5099. Among their findings: http://www.gcn.com/21_34/security/20617-1.html ---------------------------------------------------- [11] White House will not support Pentagon's disinformation plan Eric Schmitt NYT Wednesday, December 18, 2002 WASHINGTON The White House has distanced itself from a Pentagon directive that would authorize the military to carry out covert operations to influence public opinion and policy-makers in friendly and neutral countries. The White House spokesman, Ari Fleischer, acknowledged Monday that there had been widespread recognition throughout the Bush administration that the United States had to work harder "in better communicating America's message of hope and opportunity." But Fleischer told reporters they should not presume that the Pentagon's idea had advanced very far and cautioned that President George W. Bush would not approve of anything that involved lying. http://www.iht.com/articles/80665.html ---------------------------------------------------- [12] Software, Security, and Ethnicity By Alex Salkever, Business Week Dec 18 2002 7:40AM The 2,000-mile distance from the stark high desert of Los Alamos, N.M., to the high-tech office parks of Boston's suburbs appears to have shrunken dramatically in the past two weeks. I'm referring to the cases of Wen Ho Lee and Oussama Ziade. Both represent the federal government's fears that moles could work their way into the U.S. and achieve positions of trust that they later use to harm national interests. Whether Ziade is in fact such a mole seems unlikely, but expect the scenario playing out in Quincy, Mass., where his company, Ptech, is based, to be often repeated as the war on radical Islamic terrorists ramps up. The connection between Lee and Ziade? Call it the ghost of Christmas past. On Dec. 23, 1998, Lee, then a computer scientist at Los Alamos National Laboratory, failed a polygraph test. He had been working on semisecret nuclear weapons programs, and the lie-detector results sparked FBI concerns that China had used Lee to steal sensitive U.S. bomb plans. The scientist's eight-month incarceration left a noxious taste in the mouths of thousands of U.S.-based researchers of Chinese nationality or Chinese descent who had to take polygraph tests at the U.S. government's behest. Lee walked free in the end, but the specter of electronic espioniage by foreign nations and terrorist groups has loomed large ever since. http://online.securityfocus.com/news/1868 ---------------------------------------------------- [13] One Man's Info War on al-Qaida By Brian McWilliams | 02:00 AM Dec. 18, 2002 PT In a case that shows both the risks and rewards of vigilante tactics, an American man has hijacked two Web addresses apparently used by al-Qaida to laud terrorist attacks. The domains, jehad.net and jehadonline.org, are now in the control of a manager for a large Minnesota financial services firm. The man said he wrested control of the domains from their owners after reading on Dec. 8 that al-Qaida used jehad.net to claim responsibility for recent attacks on an Israeli airliner and a hotel in Kenya. "I believe in free speech, but it upsets me to see people using this great medium for such evil purposes," said the man, who asked not to be identified but said he was willing to cooperate with U.S. investigators. http://www.wired.com/news/conflict/0,2100,56896,00.html ---------------------------------------------------- [14] OPM progressing on e-clearances BY Colleen O'Hara Dec. 18, 2002 The Office of Personnel Management is making progress on speeding up the time it takes federal employees to receive security clearances. OPM is the lead agency on the e-Clearance program - one of the president's 24 e-government initiatives. The goal is to move from a paper-based system to an electronic clearance system, but it has to happen one step at a time, said John Crandell, e-Clearance project manager at OPM. http://www.fcw.com/fcw/articles/2002/1216/web-opm-12-18-02.asp ---------------------------------------------------- [15] States bypass rural Internet obstacles BY Dibya Sarkar Dec. 19, 2002 Although the number of Internet users in rural areas has been increasing steadily, barriers still hinder broadband deployment - namely high cost, low demand, a lack of awareness and infrastructure, and low return on investment. Several state governments have taken different approaches to overcoming such roadblocks, including offering tax incentives, low-interest loans and grants, as well as allowing local public-sector entities to enter the broadband business itself. http://www.fcw.com/geb/articles/2002/1216/web-rural-12-19-02.asp ---------------------------------------------------- [16] US e-gov spending to soar By ComputerWire Posted: 19/12/2002 at 10:32 GMT President George Bush signed the US E-Government Act of 2002 into law on Tuesday, potentially helping unlock Federal spending that could amount to $5bn a year by 2007. In a statement, Bush said the act is designed to set "strong leadership" of the government's information technology activities, including a comprehensive framework for security and uniform standards to protect the confidentiality of information provided by the public. http://www.theregister.co.uk/content/6/28638.html ---------------------------------------------------- [17] SSH flaws sighted By John Leyden Posted: 18/12/2002 at 15:44 GMT Secure shell (SSH) protocol implementations from several vendors are subject to a number of potentially serious security flaws, security clearing house CERT warned earlier this week. Read further down the noticeand you'll see that most major system vendors - and OpenSSH - are immune, but there's some work ahead for users of SSH implementations for Pragma Systems, F-Secure and others. http://www.theregister.co.uk/content/55/28628.html ---------------------------------------------------- [18] Macromedia Flash Crash By John Leyden Posted: 19/12/2002 at 12:30 GMT A buffer overrun flaw in Macromedia Flash can be used to inject malicious code into target systems. Potential attackers could try to persuade victims to download maliciously altered versions of Macromedia Flash movies (SWF) but there's still a risk there as crackers are hardly adverse to disguising Trojan code as prOn download or Warez. Unusually, the vulnerability affects users of multiple operating systems (Windows, Unix, Mac) who use Macromedia's application. http://www.theregister.co.uk/content/55/28645.html ---------------------------------------------------- [19] Evaluating Network Intrusion Detection Signatures, Part Three by Karen Kent last updated December 18, 2002 In this three-part series of articles, we are presenting recommendations that will help readers to evaluate the quality of network intrusion detection (NID) signatures, either through hands-on testing or through careful consideration of third-party product reviews and comparisons. The first installment discussed some of the basics of evaluating NID signature quality, as well as selecting attacks to be used in testing. The second installment concluded the discussion of criteria for choosing attacks and provided recommendations for generating attacks and creating a good testing environment. This article will wrap up the series by examining other ways of generating attacks with other security-related tools and by manually creating your own attacks. http://online.securityfocus.com/infocus/1651 ---------------------------------------------------- _____________________________________________________________________ The source material may be copyrighted and all rights are retained by the original author/publisher. Copyright 2002, IWS - The Information Warfare Site _____________________________________________________________________ ------------------------------------------------------------------------ 'Information is the currency of victory on the battlefield.' GEN Gordon Sullivan, CSA (1993) ------------------------------------------------------------------------ Wanja Eric Naef Principal Researcher IWS - The Information Warfare Site http://www.iwar.org.uk ------------------------------------------------------------------------ Join the IWS Infocon Mailing List @ http://www.iwar.org.uk/general/mailinglist.htm ------------------------------------------------------------------------ To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk