_________________________________________________________________
London, Tuesday, November 05, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
---------------------------------------------------------------------
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] (InfraGard) Combating cybercrime
[2] 'You're still guilty,' judge in Sun et al antitrust case tells MS
[3] Homeland security wish list set
[4] 'War' over digital privacy bill heats up
[5] Hacker turncoat opines on computer security
[6] Mozilla riddled with security holes
[7] First-of-its-kind center to train cybersleuths
[8] Braid fails to unpick the Web
[9] Kofi Annan's IT challenge to Silicon Valley
[10] Court rules against AOL on Net privacy
[11] Homeland security IT official to resign
[12] Hackers stick California city with $30,000 phone bill
[13] Unbreakable Crypto: Who Needs It?
[14] Chinese province issues swipe IDs to Internet cafe users
[15] Axe man hacks man over hacking fears
[16] Defense Department studying nonlethal chemicals
[17] Agencies to test Adobe technology for online transactions
[18] Intercepts: Rumsfeld Sinks 'CINCs'
[19] Feds Getting IT Together
[20] (UK) Government websites under fire
[21] Latest Linux takes control of access
_________________________________________________________________
News
_________________________________________________________________
[1] Combating cybercrime
11/04/02
Chris Seper
Plain Dealer Reporter
FBI agent Stan Paulson overhears companies chatter about security
breaches and hackers and other criminals probing their computer systems
and does nothing about it.
By looking the other way, he upholds the tenets of an organization that
has helped improve Internet security throughout the country.
InfraGard, founded by the Cleveland FBI's office in 1996, has used
confidentiality, FBI clout and offers of expert training to convince
companies to work together and reveal details about cyberspace attacks
on their systems.
http://www.cleveland.com/business/plaindealer/index.ssf?/xml/story.ssf/h
tml_standard.xsl?/base/business/103631949234480.xml
InfraGard
http://www.infragard.net/
InfraGard Manufacturing Industry Association
http://trust.ncms.org/
NIPC
http://www.nipc.gov/
----------------------------------------------------
[2] 'You're still guilty,' judge in Sun et al antitrust case tells MS
By John Lettice
Posted: 05/11/2002 at 11:19 GMT
US District Judge J Frederick Motz has rejected a Microsoft attempt to –
effectively – have a string of prior convictions expunged from its
record. Yesterday the Maryland judge denied a request by Microsoft
attorneys to re-open 395 of Judge Penfield Jackson's 412 findings of
fact, so for the moment at least Jackson's conclusions can be used in
the case Motz is dealing with.
http://www.theregister.co.uk/content/4/27935.html
----------------------------------------------------
[3] Homeland security wish list set
BY Judi Hasson
Nov. 4, 2002
Although the debate over creating a Homeland Security Department is
stalled in Congress, officials have quietly drawn up a list of their top
priorities to jump-start the agency if and when lawmakers approve it.
Jim Flyzik, a senior adviser at the Office of Homeland Security, said
Oct. 23 that the first priority would be consolidating the 58 government
watch lists of suspected terrorists into a single list.
http://www.fcw.com/fcw/articles/2002/1104/pol-custom1-11-04-02.asp
----------------------------------------------------
[4] 'War' over digital privacy bill heats up
Kent Hoover Washington Bureau Chief
Frustrated by their inability to stop the unauthorized sharing of music
and movies over the Internet, the entertainment industry wants
permission from Congress to declare technological war on peer-to-peer
networks.
Legislation introduced by Rep. Howard Berman, D-Calif., would enhance
the ability of copyright owners to use anti-piracy technology to block
distribution of their works on file-sharing networks. The bill exempts
copyright owners from anti-hacking laws as long as they do not delete or
alter computer files.
http://www.bizjournals.com/extraedge/washingtonbureau/archive/2002/11/04
/bureau1.html
----------------------------------------------------
[5] Hacker turncoat opines on computer security
Verne Kopytoff
San Francisco Chronicle
Published Nov. 4, 2002 HACKER04
Kevin Mitnick, the notorious computer hacker who was one of the FBI's
Most Wanted fugitives when he was arrested in 1995, says he has changed
his stripes.
After serving a five-year prison term for breaking into the computers of
several high-tech firms, stealing software and causing millions of
dollars in damage, the 39-year-old has renounced his old ways and
launched a career as a public speaker and computer security consultant.
http://www.startribune.com/stories/535/3408614.html
----------------------------------------------------
[6] Mozilla riddled with security holes
By John Leyden
Posted: 05/11/2002 at 10:38 GMT
Details of six flaws in Mozilla, the open source browser were posted on
BugTraq at the weekend.
Versions of Mozilla previous to version 1.0.1 contain multiple security
vulnerabilities, so users need to update their browser software. The
flaws could be used by an attacker to read data off of the local hard
drive, gain information which should normally be kept private, and in
some cases to execute arbitrary code, an advisory by Red Hat explains.
That advisory was published on October 18, and dealt with problems that
first came to light in September. Last Friday (November 1) BugTraq
posted a half dozen updated advisories which spell out the various risks
and gives links to proof on concept demonstrations relating to the six.
http://www.theregister.co.uk/content/55/27934.html
----------------------------------------------------
[7] First-of-its-kind center to train cybersleuths
PITTSBURGH (AP) - Forget eyewitnesses, fingerprints or DNA. Some of the
most sought-after evidence is now e-mail and electronic files and a new
training center will teach investigators how to find it.
Federal agents and prosecutors, police departments, professors and
business leaders in Pittsburgh and West Virginia have joined forces to
create the National Cyber Forensics and Training Alliance, which is
being touted as the first of its kind in the country.
"It is the first one to get off the ground and is being promoted by us
as a model for the nation," said Richard Johnson, director of the
National White-Collar Crime Center in Morgantown, W.Va. "The alliance is
certainly unique."
There are other cybercrime alliances among universities, businesses and
law enforcement, but the Pittsburgh group will be the first with a
training center. Organizers hope to offer degrees in computer forensics
and investigations and it will have a lab that will simulate computer
crimes and attacks.
http://www.observer-reporter.com/312107321544007.bsp
----------------------------------------------------
[8] Braid fails to unpick the Web
By John Leyden
Posted: 05/11/2002 at 12:00 GMT
An email worm, believed to have originated in Korea, is winding its way
across the Net this morning.
Braid.A (aka Bridex) is written in Visual Basic and usually arrives in
an email message as README.EXE attachment. The worm uses an iFrame
exploit to run itself automatically on unpatched versions of Microsoft
Outlook, Microsoft Outlook Express, and Internet Explorer (there's a fix
from MS for this well known exploit here.)
http://www.theregister.co.uk/content/56/27937.html
----------------------------------------------------
[9] Kofi Annan's IT challenge to Silicon Valley
By Kofi Annan
November 5, 2002, 4:00 AM PT
The new information and communications technologies are among the
driving forces of globalization. They are bringing people together, and
bringing decision makers unprecedented new tools for development. At the
same time, however, the gap between information "haves" and "have-nots"
is widening, and there is a real danger that the world's poor will be
excluded from the emerging knowledge-based global economy.
Information technology is extremely cost-effective compared with other
forms of capital. Modest yet key investments in basic education and
access can achieve remarkable results. Estonia and Costa Rica are
well-known examples of how successful IT strategies can help accelerate
growth and raise income levels. But even some of the least-developed
countries, such as Mali and Bangladesh, have shown how determined
leadership and innovative approaches can, with international support,
connect remote and rural areas to the Internet and mobile telephony.
http://news.com.com/2010-1069-964507.html?tag=lh
----------------------------------------------------
[10] Court rules against AOL on Net privacy
09:07 Tuesday 5th November 2002
Reuters
With laws on Internet privacy still unsettled, the ruling could have a
significant effect on how users' anonymity is protected
The Virginia Supreme Court has ruled against America Online in its
efforts to protect the identity of one of its 35 million subscribers by
asking the court to quash a subpoena calling for the member's name, in
an issue that goes to the heart of the anonymity of the Internet.
The ruling against the world's largest Internet service provider, based
in Dulles, Virginia, was the latest in the evolution of privacy laws as
they pertain to the Internet and identities of Web surfers, privacy
experts said.
"The law is very unsettled and still being written. Any decision by the
highest court of any state -- particularly the one where AOL resides --
is significant,'' said David Sobel, general counsel at Electronic
Privacy Information Center.
http://news.zdnet.co.uk/story/0,,t269-s2125333,00.html
----------------------------------------------------
[11] Homeland security IT official to resign
By Shane Harris
HERSHEY, Pa.—Jim Flyzik, a senior advisor to Homeland Security Director
Tom Ridge, announced Monday that he will retire from government Dec. 17.
Flyzik has been on temporary assignment to the White House after leaving
his post as chief information officer of the Treasury Department in
April.
Flyzik is in the middle of a second 120-day detail to the Office of
Homeland Security, where he has been working with Ridge and CIO Steve
Cooper on various technology projects, including the integration of more
than 50 terrorist suspect “watch lists.”
Flyzik made his announcement at a press conference here during the
Industry Advisory Council’s annual Executive Leadership Conference. The
council is made up of hundreds of executives from IT companies that do
business with the government.
http://www.govexec.com/dailyfed/1102/110402h1.htm
----------------------------------------------------
[12] Hackers stick California city with $30,000 phone bill
Associated Press
Published Nov. 4, 2002 HACK05
EAST PALO ALTO, CALIF. -- Hackers have stuck the city of East Palo Alto,
California with a huge phone bill -- $30,000.
A number of calls were placed to the Philippines over a five-day period
in July -- and they weren't made by city workers.
AT&T investigators confirmed that hackers broke into the city's
telephone system to make the bogus calls before they were detected and
cut off.
http://www.startribune.com/stories/535/3408539.html
----------------------------------------------------
[13] Unbreakable Crypto: Who Needs It?
By Dennis Fisher
A New York-based startup on Monday announced that it has a working
prototype of a device capable of employing quantum cryptography to
encode keys on existing high-speed networks. However, cryptographers say
the system likely holds little value for enterprises.
MagiQ Technologies Inc. is the first company to announce its intention
to sell a commercial solution based on the concept of quantum
cryptography. Code-named Navajo, the system comprises an appliance at
either end of the communications link, capable of generating keys and
encoding them one photon at a time.
http://www.eweek.com/article2/0,3959,667348,00.asp
----------------------------------------------------
[14] Chinese province issues swipe IDs to Internet cafe users
By Tim Richardson
Posted: 05/11/2002 at 12:09 GMT
People in the central Chinese province of Jiangxi who use cybercafes are
having their online activities monitored by police.
Anyone who wants to use a cybercafe must now carry an Internet identity
card containing personal details including their name and address. These
details are then logged onto a police database.
http://www.theregister.co.uk/content/6/27939.html
----------------------------------------------------
[15] Axe man hacks man over hacking fears
By John Leyden
Posted: 04/11/2002 at 16:50 GMT
A family friend who linked the PCs of two brothers together was attacked
with an axe after one suspected he'd hacked into his machine, a Scottish
court heard today.
John Wilson, 36, unemployed, attacked John Evans, an oil company
analyst, after inviting him over to quiz him over his suspicions last
January.
http://www.theregister.co.uk/content/55/27920.html
----------------------------------------------------
[16] Defense Department studying nonlethal chemicals
By David Ruppe, Global Security Newswire
The U.S. military has initiated a plan to research and develop so-called
nonlethal chemical agents for a wide range of possible civilian and
military purposes, according to a Pentagon document obtained by Global
Security Newswire. Arms control experts say the plan could run afoul of
the international Chemical Weapons Convention, to which the United
States is a party.
The plan calls for demonstrating the feasibility of a “safe, reliable”
chemical immobilizing agent or agents for nonlethal applications in
appropriate military missions and law enforcement situations, according
to the document, Chemical Immobilizing Agents for Non-lethal
Applications, a solicitation for corporate bids to perform the research.
http://www.govexec.com/dailyfed/1102/110402gsn1.htm
----------------------------------------------------
[17] Agencies to test Adobe technology for online transactions
By Maureen Sirhal, National Journal's Technology Daily
Several federal agencies are eyeing a new technology product from Adobe
that can fully digitize documents. The technology would help them meet
an impending mandate for conducting more business electronically.
The Internal Revenue Service and Agriculture Department have been
participating in a test program launched by the San Jose, Calif.-based
software maker. The technology will allow citizens to download and save
portable documents known as PDF files.
Three agencies within Agriculture—Rural Development, the Farm Service
Agency and the National Resource Conservation Service—are weighing
whether to adopt the platform known as the "Adobe Document Server For
Reader Extension," said David Pfaffenberger, a computer specialist with
Rural Development at the department.
http://www.govexec.com/dailyfed/1102/110402td1.htm
----------------------------------------------------
[18] Intercepts: Rumsfeld Sinks 'CINCs'
Nov. 4, 2002
The Interceptor noticed an interesting phenomenon recently when it comes
to the language used by Defense Department leaders giving presentations
at local conferences and symposiums. From the secretaries of the
services on down, speech-givers seemed to be avoiding the term "CINC" at
all costs, and now we know why.
Defense Secretary Donald Rumsfeld said so.
Rumsfeld last month released a memorandum to DOD leaders that said
President Bush is the nation's only commander in chief (CINC) and then
forbade the services from using the acronym, pronounced "sink," for
military officer titles, which has been done for decades.
----------------------------------------------------
[19] Feds Getting IT Together
By Dennis Fisher and Caron Carlson
Government security officials have begun a new era of interagency
cooperation that has led to unprecedented levels of information sharing.
And while the high-level meetings have strengthened government security
capabilities, they have also highlighted shortcomings in a key part of
the data gathering and analysis processes.
The movement inside the government comes as the White House faces
continued pressure to narrow the National Strategy to Secure Cyberspace
to focus on systems that are most vulnerable to terrorist threats.
Security insiders say provisions for home computer users and small
businesses should be revisited in a revised draft that is due to be
released by the end of the year.
As that debate continues, the heads of several federal security
organizations—including the Federal Computer Incident Response Center,
the Critical Infrastructure Assurance Office and the National
Infrastructure Protection Center—have begun meeting regularly to
coordinate their activities and establish ground rules for information
sharing.
http://www.eweek.com/article2/0,3959,666804,00.asp
----------------------------------------------------
[20] Government websites under fire
Ministers are being urged to suspend their £5 billion e-government
programme amid claims that hundreds of official websites were
experiencing "serious problems".
An independent survey of 20 "flagship" Government websites found that
three-quarters needed "immediate attention" - with the Prime Minister's
own site one of the worst offenders.
It warned that the Government's target of fully on-line government by
2005 was "not realistically achievable" and urged ministers to halt the
web aspects of the programme while existing faults were rectifie
http://www.ananova.com/news/story/sm_702432.html
----------------------------------------------------
[21] Latest Linux takes control of access
By Roger Howorth [04-11-2002]
Version 2.6 to contain many other features found in commercial Unixes
Companies using or considering Linux should start planning for the next
version, following news that developers last week stopped adding
features to the newest kernel in preparation for the next upgrade.
The next version of the open source kernel, Linux 2.6, contains many
significant improvements, but the operating system has some way to go
before it offers similar functionality to commercial versions of Unix,
such as stronger security features.
http://www.vnunet.com/News/1136522
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
