_________________________________________________________________ London, Thursday, November 07, 2002 _________________________________________________________________
INFOCON News _________________________________________________________________ IWS - The Information Warfare Site http://www.iwar.org.uk _________________________________________________________________ --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- _________________________________________________________________ ---------------------------------------------------- [News Index] ---------------------------------------------------- [1] Hackers may get U.S. funds to fight China's Web curbs [2] Stage Set for Homeland Act [3] U.S., Reacting to Pentagon Spy Case, Expels 4 Cuban Envoys [4] UK workers in the dark over IT security [5] Testing the limits of biometrics [6] Officials worried about ability to inform public of terrorism [7] Mitnick's 'Lost Chapter' Found [8] Action: Virtual Sit-In Against the WTO [9] Australians warned over e-biz virus threat [10] Math whiz cracks encryption code [11] MS ruling leaked through security blunder [12] Russian firm warns of Roron virus [13] OMB seeks security at the start [14] Tool sought to ID data links [15] Think tanks think about post dotcom future [16] Complete Snort-based IDS Architecture, Part One [17] Shipyards, depots unable to calculate cost of Navy intranet _________________________________________________________________ News _________________________________________________________________ [1] Hackers may get U.S. funds to fight China's Web curbs By Murray Hiebert THE WALL STREET JOURNAL Nov. 7 - If some lawmakers in the U.S. get their way, freedom-promoting computer hackers soon may receive a bucketful of money to battle China's Internet-censoring police. http://www.msnbc.com/news/831383.asp ---------------------------------------------------- [2] Stage Set for Homeland Act By Ryan Singel | 09:00 AM Nov. 06, 2002 PT As Congress prepares to reconvene in a lame-duck session after Tuesday's election, one of the largest pieces of legislation on the Senate's agenda is the controversial and deadlocked Homeland Security Act, which the House passed Sept. 9. A little-known amendment in the Senate version of the bill makes it much easier for ISPs to disclose e-mail communications without being served with a warrant, which had been prohibited before the Patriot Act of 2001. http://www.wired.com/news/privacy/0,1848,56234,00.html ---------------------------------------------------- [3] U.S., Reacting to Pentagon Spy Case, Expels 4 Cuban Envoys By TIM GOLDEN The Bush administration has ordered the expulsion of two Cuban diplomats from Washington and has moved to expel two others at the United Nations for what American officials described yesterday as serious espionage activities against the United States. State Department officials called the action against the two envoys in Washington retaliation for the case of Ana B. Montes, a senior Pentagon intelligence analyst who pleaded guilty earlier this year to spying for Fidel Castro's government. http://www.nytimes.com/2002/11/07/international/americas/07CUBA.html?ex= 1037336400&en=d342247e51d5bb78&ei=5040&partner=MOREOVER ---------------------------------------------------- [4] UK workers in the dark over IT security By Rachel Fielding [07-11-2002] Formal training remains dangerously inadequate Companies are leaving themselves open to security breaches because their IT security training is woefully inadequate, new research has revealed. Three-quarters of staff in the UK admit that they have never received any formal training from their employer on how to use the internet and email at work in a way that minimises network security problems. http://www.pcw.co.uk/News/1136635 ---------------------------------------------------- [5] Testing the limits of biometrics BY Dibya Sarkar Nov. 6, 2002 Biometric technologies have expanded greatly in the past decade and especially following the attacks of Sept. 11. With recently enacted federal statutes and many more bills promoting their use, the market could reach $2 billion in revenues in four years. But there are few judicial developments regarding collection of biometric identifiers, even as public policy debates have swelled over their use and their potential to invade people's privacy. http://www.fcw.com/geb/articles/2002/1104/web-bio-11-06-02.asp ---------------------------------------------------- [6] Officials worried about ability to inform public of terrorism By Teri Rucker, National Journal's Technology Daily The preparation for another terrorist attack or other wide-scale disaster should include having a plan to ensure that the public has the information it needs to make life-and-death decisions and that the information is disseminated should networks go down, members of an FCC panel said Wednesday, but thus far the plans are in the nascent stages. Virtually everyone on the agency's Media Security and Reliability Council, including those from the White House Office of Homeland Security, agreed that the United States will be hit by another terrorist attack. But most of the council's working groups will not submit final proposals on protecting the nation's broadcast and multichannel video-program distribution systems for a year. "Time is not on our side," said William Baker, president of Thirteen/WNET in New York. He urged the council to create a list of interim steps and best practices that will help people get access to the information they will need. http://www.govexec.com/dailyfed/01102/110602td1.htm ---------------------------------------------------- [7] Mitnick's 'Lost Chapter' Found By Michelle Delio 02:00 AM Nov. 05, 2002 PT A missing chapter from hacker Kevin Mitnick's recent book has been published on the Internet. The chapter was originally slated to be the first chapter in Mitnick's new book, The Art of Deception, but was not included in the published version of the book. Chapter One appeared only in about 300 unbound galley copies that publishing company Wiley distributed to the media several months before releasing the book, according to a Wiley spokeswoman. http://www.wired.com/news/culture/0,1284,56187,00.html The chapter: http://littlegreenguy.fateback.com/chapter1/Chapter%201%20-%20Banned%20E dition.doc ---------------------------------------------------- [8] Action: Virtual Sit-In Against the WTO Tuesday, November 05, 2002 - 04:10 PM CST An Action Against the WTO at next round of WTO talks in Sydney, Australia on November 14, 2002 is being conducted by the toy-soldiers group. http://thehacktivist.com/modules.php?op=modload&name=News&file=article&s id=50&mode=thread&order=0&thold=0 http://toy-soldiers.5er.com/ ---------------------------------------------------- [9] Australians warned over e-biz virus threat By James Pearce, ZDNet Australia 06 November 2002 Companies and individuals worldwide face a significantly higher risk of computer virus infection from retail and leisure companies than other sectors, a new report has found. The ratios of e-mails infected with viruses to other e-mails in the retail and leisure industries globally are more than one in 50, according to a report from managed e-mail security company MessageLabs. By contrast, accounting and legal companies have the lowest proportion, with less than one in 350 e-mails infected with viruses. http://www.zdnet.com.au/newstech/security/story/0,2000024985,20269688,00 .htm ---------------------------------------------------- [10] Math whiz cracks encryption code Certicom challenge has been running since 1997 OTTAWA, Nov. 6 - And you thought you had tough math homework?Consider the work that went into cracking a secret code developed by Toronto-based Certicom Corp., which makes wireless encryption software. It took the power of 10,000 computers running around the clock for 549 days, coupled with the brain power of a mathematician at Indiana's University of Notre Dame, to complete one of the world's largest single math computations. http://www.msnbc.com/news/831549.asp ---------------------------------------------------- [11] MS ruling leaked through security blunder 09:25 Tuesday 5th November 2002 Patrick Gray, ZDNet Australia Judge Colleen Kollar-Kotelly's ruling on the Microsoft anti-trust trial leaked onto the Web two hours before the official release A security specialist is highly critical of apparent procedural inadequacies which saw the long-awaited judgment in the Microsoft anti-trust case posted online almost two hours before its official release. Stephen Martin, a senior security consultant with SMS Management Technology in Melbourne, said whoever posted the information online before its planned release time was severely underestimating the risk that it would be located early. http://news.zdnet.co.uk/story/0,,t269-s2125336,00.html ---------------------------------------------------- [12] Russian firm warns of Roron virus By Robert Lemos Staff Writer, CNET News.com November 6, 2002, 3:07 PM PT A Russian antivirus company on Wednesday warned that a new virus could help hackers gain control of home computers, but other security companies downplayed the threat. Kaspersky Labs has named the virus, or worm, Roron, and it is known as Oror.B by several other companies. The new computer virus can spread through e-mail messages, shared hard drives and the Kazaa file-sharing network, Kaspersky Labs spokesman Denis Zemkin said. "We see that this worm is particularly dangerous for home users," Zemkin said. "Corporate customers are already aware of the danger of attachments," and are unlikely to open the file containing the program. http://news.com.com/2100-1001-964809.html?tag=lh ---------------------------------------------------- [13] OMB seeks security at the start BY Diane Frank Nov. 6, 2002 Despite improvements in information security management, enough gaps remain for the Office of Management and Budget to ask industry to help federal agencies shore up budget requests that are likely to be turned back because of inadequate security provisions. Speaking Nov. 5 at the Industry Advisory Council's Executive Leadership Conference in Hershey, Pa., Mark Forman, the nation's e-government chief, called on vendors to help agencies plan and design IT projects that include security from the start. http://www.fcw.com/fcw/articles/2002/1104/web-gisra-11-06-02.asp ---------------------------------------------------- [14] Tool sought to ID data links BY Diane Frank Nov. 6, 2002 The Office of Homeland Security is evaluating technologies that could help tie together information held by different agencies, and eventually other levels of government and the private sector, without violating legal or privacy barriers. The office is working with research and development groups within federal agencies, industry and academia to look at technical tools that could identify the links among data held by separate sources, finding the "nonobvious relationships" and areas where potential leads need to be investigated by analysts, said Steve Cooper, senior director for information integration and chief information officer at the Office of Homeland Security. http://www.fcw.com/fcw/articles/2002/1104/web-home-11-06-02.asp ---------------------------------------------------- [15] Think tanks think about post dotcom future By Tim Richardson Posted: 07/11/2002 at 08:04 GMT The hangover associated with the end of the dotcom party should not overshadow the huge social and economic potential made possible by digital technologies. That's just one of the issues due to be discussed at a conference today in London as four think-tanks comes together to try and map a post dotcom path for the digital economy. Demos, the Forum for the Future, the Institute for Public Policy research (IPPR)and iSociety at the Work Foundation will be joined by ecommerce minister Stephen Timms and Martha Lane Fox of Lastminute.com at the event. http://www.theregister.co.uk/content/6/27982.html ---------------------------------------------------- [16] Complete Snort-based IDS Architecture, Part One by Anton Chuvakin, Ph.D. and Vladislav V. Myasnyankin last updated November 6, 2002 Introduction Intrusion detection systems (IDS) are one of the fastest growing technologies within the security space. Unfortunately, many companies find it hard to justify acquiring IDS systems due to their perceived high cost of ownership (for example see Justifying the Expense of IDS by Kevin Timm and David Kinn). However, not all IDS systems are prohibitively expensive. This two-part article will provide a set of detailed directions to build an affordable intrusion detection architecture from hardware and freely available software. This discussion will avoid the classic "build or buy" debate and instead focus on building the system at a minimum cost. Building often provides a definite cost advantage, especially for companies that are unsure about the long-term necessity of the IDS. Building it cheaply allows one to evaluate the technology with very little investment and without necessarily possessing sophisticated network security skills. That said, it is reasonable to expect that maintaining and tuning the IDS will require relatively advanced security knowledge. http://online.securityfocus.com/infocus/1640 ---------------------------------------------------- [17] Shipyards, depots unable to calculate cost of Navy intranet By Amelia Gruber Shipyards and air depots are having a hard time estimating the cost of implementing the Navy's multibillion dollar intranet, according to a new General Accounting Office report. Officials have not decided who will pay for various transitional costs, and "as a result, the shipyards' and depots' ability to effectively plan and budget is being impaired," the report said (GAO-03-33). GAO based its study on conversations with officials at six capital-funded facilities from March to August. Capital-funded means that the facilities recover their costs through fees charged to customers. The Navy-Marine Corps Intranet (NMCI) is a massive project designed to increase and streamline information sharing among the roughly 300 Navy and Marine Corps bases in the United States, Puerto Rico, Cuba, Guam, Iceland and Japan. The internal network is also intended to protect sensitive information from cyberattacks. http://www.govexec.com/dailyfed/1102/110602a1.htm ---------------------------------------------------- _____________________________________________________________________ The source material may be copyrighted and all rights are retained by the original author/publisher. Copyright 2002, IWS - The Information Warfare Site _____________________________________________________________________ Wanja Eric Naef Webmaster & Principal Researcher IWS - The Information Warfare Site <http://www.iwar.org.uk> --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk