_________________________________________________________________
London, Wednesday, October 23, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
---------------------------------------------------------------------
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] Attack on Net servers fails
[2] Could a Worm Take Over the Net in Minutes?
[3] Less noise at the CIA
[4] Inside ICANN - The Jonathan Cohen Interview - part 1
[5] Software security--a matter of trust
[6] Army making strides in intell
[7] Web of deceit
[8] Web Vandalism on the Rise
[9] E-tailers join up to fight online fraud
[10] UK ISPs balk at giving customer data to police
[11] PsyOps leaflets may be dropped again
[12] PSYOPS battalion heading to Iraq?
[13] Encryption gets business boost
[14] PGP reborn makes its pitch for the mainstream
[15] Army mobilized on Objective Force
[16] Customs planning classified net
[17] Agencies collaborate with industry on nuclear supercomputer
_________________________________________________________________
News
_________________________________________________________________
(It is very difficult to attack such systems as there are too many
redundancies. Such an attack would only have a chance of success if it
lasted for a long time as other DNS servers would then be unable to
update their lists. What I am interested in is to know what would happen
if the US decided to cut off some countries and removed their domains
from the root DNS, would there be an impact? Does anyone know? WEN)
'... Still, the results were not severe. According to Matrix NetSystems,
the peak of the attack saw the average reachability for the entire DNS
network dropped only to 94 percent from its normal levels near 100
percent. ...'
[1] Attack on Net servers fails
By Robert Lemos
Staff Writer, CNET News.com
October 22, 2002, 7:40 PM PT
An attempt to cripple the computers that serve as the address books for
the Internet failed Monday.
The so-called distributed denial-of-service attack leveled a barrage of
data at the 13 domain-name service root servers beginning around 1 p.m.
PDT Monday and apparently is ongoing, according to Internet performance
measurement company Matrix NetSystems. Traffic from several Internet
service providers have been slightly delayed, but because the domain
name system is spread out and because the 13 root servers are the last
resort for address searches, the attack had almost no effect on the
Internet itself.
http://news.com.com/2100-1001-963005.html
Net backbone comes under cyberattack
http://www.boston.com/dailyglobe2/296/business/Net_backbone_comes_under_
cyberattack+.shtml
Key Internet servers hit by attack
http://www.cnn.com/2002/TECH/internet/10/23/internet.attack.ap/index.htm
l
Hackers' bid to cripple Internet fails
http://www.abc.net.au/news/scitech/2002/10/item20021023130601_1.htm
Root server DoS attack slows net
http://www.theregister.co.uk/content/6/27731.html
----------------------------------------------------
(The paper is quite a cybergeddon scenario, but it is still interesting
to read. Luckily reality looks different as most (but not all)
virus/worm creators are quite lame, i.e. Nimda, Cod Red were quite
primitive compared to what would have been possible. I would be really
surprised if someone came up with a perfect virus or worm. Nevertheless,
I would not be surprised if the military were working on such a program
in research labs as it got potential. WEN)
[2] Could a Worm Take Over the Net in Minutes?
Could a Worm Take Over the Net in Minutes?
Researchers are warning of dangerous new worms that would be almost
impossible to stop, but not everyone is convinced.
Ellen Messmer, Network World
Tuesday, October 22, 2002
Computer science researchers are predicting new types of dangerous worms
that would be able to infect Web servers, browsers, and other software
so quickly that the working Internet itself could be taken over in a
matter of minutes.
Though still in the realm of theory, the killer worms described in a
research paper entitled, "How to Own the Internet in Your Spare Time",
are triggering some skepticism but the idea of them is seldom dismissed
as outlandish science fiction.
http://www.pcworld.com/news/article/0,aid,106187,00.asp
Paper:
How to 0wn the Internet in Your Spare Time
http://www.icir.org/vern/papers/cdc-usenix-sec02/
----------------------------------------------------
[3] Less noise at the CIA
David Ignatius IHT
Saturday, October 12, 2002
Tools for analysts
WASHINGTON Amid a daily tidal wave of information, how do we turn raw
data into useful knowledge? Many of us feel as if we are drowning in
data, adrift in a sea of unanswered e-mails and meddlesome voice-mail
messages. As the tools of communication become more sophisticated, they
seem to add more noise to our lives, not more clarity.
http://www.iht.com/articles/73451.html
----------------------------------------------------
[4] Inside ICANN - The Jonathan Cohen Interview - part 1
18th October, 2002 - Click for printer friendly version
In the first of this three part interview with Jonathan Cohen, Director
of ICANN and leading IP lawyer, Mr Cohen reveals what it's like to be a
board member of the not-for-profit organisation that co-ordinates policy
for the Internet domain name and addressing system.
Demys: We would like to begin by putting two quotations to you -
I relish the possible opportunity to address the multi-faceted and
complex issues which will surely face this Board... [Acceptance by
Jonathan Cohen of nomination for election to ICANN Board, October 6,
1999]
It's a hoot being a Volunteer in Cyberhell [email to Mary Hewitt @
ICANN, August 16, 2002]
Johnathan Cohen: I meant every word of the nomination acceptance. I
have found it to be one of the most interesting and challenging
experiences of my life and I consider myself to be very fortunate indeed
to have kind of stumbled into this.
When you do the same thing for a very long time it's more difficult to
find challenge and to test your mettle. I'm the kind of person who feels
it's very important to continue to grow and the only way is to put
yourself in situations that are new and difficult.
http://www.demys.net/news/02_oct_18_inside_icann.htm
----------------------------------------------------
[5] Software security--a matter of trust
By Larry Seltzer
October 22, 2002
You can make a good argument that any practical computer security
arrangement involves some level of trust between software providers and
software users.
We make security trust decisions all the time--for instance, when
accepting or rejecting a digital certificate prior to downloading
software. But can we know whether the software we download is truly
safe?
Maybe not, as recent attacks against well-known open source software
sites suggest. Both attacks were against the source code distributions
of the products, not the binaries, and both took the clever step of
compromising the build process, rather than the actual executable
produced. The first attack was against OpenSSH, a popular open-source
secure shell tool. The attacker appears to have planted modified sources
on the OpenSSH FTP server. For a one- or two-day period, anyone who
downloaded some versions of OpenSSH and built the sources was
vulnerable; the attack code connected to a particular host over a port
6667.
http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2895282,00.h
tml
----------------------------------------------------
'... The Army is working with the Defense Advanced Research Projects
Agency on developing a total information awareness system that combines
strategic analysis with knowledge discovery to promote collaboration
among users worldwide. Total information awareness incorporates
transactional data systems, biometric authentication technologies,
intelligence data and automated virtual data repositories, and the
agencies are working on building a "mediation layer" that allows all the
databases to link together, Alexander said. ...'
[6] Army making strides in intell
BY Dan Caterinicchia
Oct. 22, 2002
The Army's intelligence capabilities are improving steadily thanks to
new technologies paying dividends in the field and an unprecedented
amount of collaboration with Defense Department and national
intelligence community colleagues.
But the service and its partners are still a long way from being able to
quickly process, analyze and act on the approximately 1 billion pieces
of intelligence information that come in daily, and technology is only
part of the solution, according to Army officials.
http://www.fcw.com/fcw/articles/2002/1021/web-ausa-10-22-02.asp
----------------------------------------------------
[7] Web of deceit
Who's sending you all those scam Nigerian e-mails?
By Brendan I. Koerner
SLATE.COM
Oct. 22 - Perhaps you heard from Daniel A. Oluwa over the past few days.
He's a member of Nigeria's Federal Audit Committee. He dropped you an
e-mail, labeled "Strictly Confidential," stating that he's discovered a
frozen account containing $42.5 million. Mr. Oluwa wants to snag the
loot, but, for unfathomable reasons, he needs a foreign-based partner to
act as an intermediary. Interested? Merely send along your "bank name,
address, account number, swift code, ABA number (if any), beneficiary of
account, telephone and fax numbers of bank." Thirty percent of the booty
shall eventually be yours.
http://www.msnbc.com/news/824336.asp
----------------------------------------------------
[8] Web Vandalism on the Rise
By Jim Wagner
Web vandalism is on the rise around the world, underscoring the shoddy
state of affairs in IT security, according to the owner of a Web site
that tracks such information.
In the past two weeks, Zone-H.org proprietor Roberto Preatoni said
defacements have increased to more than 500 separate attacks a day and
more than 1,500 over weekends. A year ago, he said, his site got around
30 to 50 defacement notices a day from hackers.
This increasing trend, he said, should put IT managers on notice,
because if crackers (malicious hackers) have access to the Web server
controlling public pages, they likely have access to the entire network.
"There are some defacements not getting to the root level, but most of
the time there is a root privilege access behind the defacement,
therefore everything which is contained in the Web server is at danger,"
he said.
http://www.internetnews.com/dev-news/article.php/1485601
----------------------------------------------------
[9] E-tailers join up to fight online fraud
By Dinah Greek [23-10-2002]
Nationwide system will alert shops to web-based scams
A new scheme to help retailers fight online fraud will be in place by
the end of the month.
As the growth of e-commerce leads to a boom in fraudulent online
transactions, a system developed by the Interactive Media in Retail
Group (IMRG), a trade association for e-tailers, aims to combat the
shady shoppers.
http://www.vnunet.com/News/1136196
----------------------------------------------------
[10] UK ISPs balk at giving customer data to police
The Internet industry dealt a blow to Britain's tough anti-terrorism
legislation on Tuesday by refusing to reveal personal cyber-data to
police. It has turned down a request from Home Secretary David Blunkett
to allow police and intelligence officers to access the personal records
of their customers on request without the approval of a judge.
http://zdnet.com.com/2110-1105-962950.html
----------------------------------------------------
(Influence Operations during the 91 Gulf War were very successful: 'a
captured general said that "Second to the allied bombing campaign, Psyop
leaflets were the highest threat to the moral of the troops."' WEN)
[11] PsyOps leaflets may be dropped again
CORRESPONDENT / PAUL DEGAETA
Congress' recent authorization allowing President Bush the use of
military force to deal with Iraq has all but set a date for Gulf War II.
Military planners have indicated that this will be a different war than
the first in 1991, but one thing that isn't likely to change is the
dropping of leaflets on enemy forces by U.S. Psychological Operations
(PsyOps) detachments.
A decade ago, as many of our area Gulf War veterans recall, millions of
psychological warfare leaflets rained down on Iraqi military forces and
the civilian population. Some GIs kept them as souvenirs when they found
them blowing around the desert. They are purposefully colorful: People
are more likely to pick them up if they attract their attention.
http://www.heraldtribune.com/apps/pbcs.dll/article?Site=SH&Date=20021017
&Category=COLUMNIST62&ArtNo=210170332&Ref=AR&Profile=1053&SectionCat=NEW
S0103
See also:
Persian Gulf War 10 years later - Winning the war by convincing the
enemy to go home
http://www.iwar.org.uk/psyops/resources/gulf-war/13th_psyops.htm
----------------------------------------------------
[12] PSYOPS battalion heading to Iraq?
Source says psychological-warfare troops preparing for action
Posted: October 22, 2002
1:00 a.m. Eastern
By Jon Dougherty
C 2002 WorldNetDaily.com
In another sign that the United States could be gearing up for war
against Iraq, the U.S. Army's 10th Psychological Operations Battalion is
gearing up to deploy overseas, probably in support of anticipated
military action against Iraq, WorldNetDaily has learned.
http://www.worldnetdaily.com/news/article.asp?ARTICLE_ID=29361
----------------------------------------------------
[13] Encryption gets business boost
By Matt Loney
ZDNet (UK)
October 22, 2002, 11:59 AM PT
Troubled security software maker Baltimore Technologies is hoping to
boost the adoption of public-key encryption by building the technology
into a new suite of products.
Public-key encryption is used to secure electronic transactions and to
digitally sign important documents such as contracts and legal forms.
Baltimore creates some of the building blocks for conducting such
transactions and allows third parties to verify the identity of digital
signatures--a system known as the public-key infrastructure (PKI).
http://zdnet.com.com/2100-1104-962945.html
----------------------------------------------------
[14] PGP reborn makes its pitch for the mainstream
By John Leyden
Posted: 10/22/2002 at 12:24 EST
Encryption products need to become as easy and transparent to use as AV
software packages.
That's the goal of Phil Dunkelberger, President and CEO of PGP
Corporation, who's over in London this week for the European launch of
the newly-formed company.
PGP Corporation was created to market PGP Desktop and Wireless
encryption products bought from Network Associates back in August. The
deal ended month of speculation over the future of the technology
following Network Associates' decision to mothball it back in March.
http://www.theregus.com/content/55/26727.html
----------------------------------------------------
[15] Army mobilized on Objective Force
BY Dan Caterinicchia
Oct. 22, 2002
The Army is using new training, acquisition and development techniques
in an attempt to meet its aggressive timetable for fielding the
Objective Force by the end of the decade.
The Objective Force is a strategy to develop advanced information
technology tools, vehicles and weaponry to make the Army's armored
forces more agile and lethal and better able to survive an all-out
fight.
http://www.fcw.com/fcw/articles/2002/1021/web-army-10-22-02.asp
----------------------------------------------------
[16] Customs planning classified net
BY Judi Hasson
Oct. 22,
The U.S. Customs Service is looking for vendors with security clearances
to build a classified network for sensitive law enforcement data.
Customs is expected to issue a draft proposal Oct. 25 that will be
available only to vendors that already have certified they have a
top-secret facility security clearance and personnel holding valid
security clearances.
http://www.fcw.com/fcw/articles/2002/1021/web-customs-10-22-02.asp
----------------------------------------------------
[17] Agencies collaborate with industry on nuclear supercomputer
>From National Journal's Technology Daily
The Energy Department and National Nuclear Security Administration
(NNSA) will join forces with Sandia National Laboratories and the
technology firm Cray to develop a supercomputer as part of the
department's Stockpile Stewardship Program.
Dubbed "Red Storm," the $90 million project will be part of the NNSA's
plan to provide a computer system that can simulate nuclear weapons
operations. It will complement the NNSA's advanced simulation and
computing program, which joins the NNSA with U.S. computer manufacturers
in order to produce more powerful computing systems.
http://www.govexec.com/dailyfed/1002/102202td1.htm
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
