_________________________________________________________________
London, Tuesday, November 12, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body
---------------------------------------------------------------------
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] How al Qaeda put Internet to use
[2] The Myth of Cyberterrorism
[3] Cybersecurity bill to boost school budgets
[4] Are Macs Virus-Proof?
[5] British hacker "attacks US military"
[6] Bush wants swift action on Homeland Security agency as lame-duck
Congress meets
[7] Security technologies could backfire against consumers
[8] Mitre: Open-source code rife at DOD
[9] Homeland Security CIO says branding new department is key
[10] FBI names new IT executive
[11] Still a disconnect at Interior
[12] Copy protection on CDs is 'worthless'
[13] (UK) Nationwide banks on biometrics
[14] ICANN plays safe with new domain plans
[15] Skills gap shrinks between public, private tech workers
[16] Why MS 'Ruling' Is Dangerous
[17] XML Zooms Onto Gov't Tech Agenda
[18] 'Dirty bomb' fears spur a search for Soviet relics
[19] Russian Officer Convicted Of Spying
_________________________________________________________________
News
_________________________________________________________________
(So much to AQ's cyber warfare capabilities:
'... The Milestones of Holy War site signals much more modest
cyber-skills. Al Qaeda operatives struggled with some of the same tech
headaches as ordinary people: servers that crashed, outdated software
and files that wouldn't open. Their Web venture followed a classic
dot-com trajectory. It began with excitement, faced a cash crunch, had
trouble with accountants and ultimately fizzled. ...'
Nevertheless, it shows that the Internet can be used for C2 (even though
the last thing I would do is to send out an encrypted message if I were
a terrorist as it stands out from the masses of communications) and
Influence Operations (propaganda). Also it might provide a good tool for
'pre-battlefield intelligence' (one has to note though that the
information needed would usually also be available in physical form,
i.e. the current drive to remove data from the Internet does not solve
the problem as the information is usually available elsewhere,
especially for someone committed to gather such data. WEN)
[1] How al Qaeda put Internet to use
>From Britain, Webmaster kept 'the brothers' abreast on terror
By Andrew Higgins, Karby Leggett and Alan Cullison
THE WALL STREET JOURNAL
Nov. 11 - In February 2000, an Egyptian merchant here in Guangzhou, the
commercial hub of southern China, asked a local Internet firm for help
in setting up a Web site. After lengthy haggling over the fee, he paid
$362 to register a domain name and rent space on a server.
http://www.msnbc.com/news/833533.asp?cp1=1
----------------------------------------------------
(A great FUD free article. I would also recommend to read Rick's article
'Shredding the Paper Tiger of Cyberterrorism; which is available @
http://online.securityfocus.com/columnists/111 WEN)
'... Concern over cyberterrorism is particularly acute in Washington. As
is often the case with a new threat, an entire industry has arisen to
grapple with its ramifications--think tanks have launched new projects
and issued white papers, experts have testified to its dangers before
Congress, private companies have hastily deployed security consultants
and software designed to protect public and private targets, and the
media have trumpeted the threat with such front-page headlines ...'
'... It's no surprise, then, that cyberterrorism now ranks alongside
other weapons of mass destruction in the public consciousness. ...'
'... There's just one problem: There is no such thing as
cyberterrorism--no instance of anyone ever having been killed by a
terrorist (or anyone else) using a computer. Nor is there compelling
evidence that al Qaeda or any other terrorist organization has resorted
to computers for any sort of serious destructive activity. What's more,
outside of a Tom Clancy novel, computer security specialists believe it
is virtually impossible to use the Internet to inflict death on a large
scale, and many scoff at the notion that terrorists would bother trying.
"I don't lie awake at night worrying about cyberattacks ruining my
life," says Dorothy Denning, a computer science professor at Georgetown
University and one of the country's foremost cybersecurity experts. "Not
only does [cyberterrorism] not rank alongside chemical, biological, or
nuclear weapons, but it is not anywhere near as serious as other
potential physical threats like car bombs or suicide bombers. ..."
(This is so true. A few years ago I attended a military workshop on
strategy. I was the only civilian there and during one presentation we
were shown close-up picture of civilian victims of a chemical weapon
attack in Iraq and I have to say I will never forget those pictures. So
for me it is not difficult to realize that the real threat comes from
NBC weapon systems rather than cyber terrorism. WEN)
[2] The Myth of Cyberterrorism
There are many ways terrorists can kill you--computers aren't one of
them.
By Joshua Green
Again and again since September 11, President Bush, Vice President
Cheney, and senior administration officials have alerted the public not
only to the dangers of chem ical, biological, and nuclear weapons but
also to the further menace of cyberterrorism. "Terrorists can sit at one
computer connected to one network and can create worldwide havoc,"
warned Homeland Security Director Tom Ridge in a representative
observation last April. "[They] don't necessarily need a bomb or
explosives to cripple a sector of the economy, or shut down a power
grid."
http://www.washingtonmonthly.com/features/2001/0211.green.html
----------------------------------------------------
[3] Cybersecurity bill to boost school budgets
By Declan McCullagh
Special to ZDNet News
November 11, 2002, 4:31 AM PT
American universities may receive a nearly $1 billion windfall next
week, when Congress is expected to approve a massive new spending
program for computer security.
On Tuesday, the House is scheduled to vote on a bill that would spend
approximately $900 million over the next five years to recruit graduate
students and faculty members in computer security and create research
centers at colleges and universities.
The measure, which already has been approved by the Senate, also
requires the National Institute of Standards and Technology (NIST) to
create checklists for government agencies to help them with common
computer security woes. Agencies are not required to abide by the
checklist, but they must report whether it was followed.
http://zdnet.com.com/2100-1105-965164.html
----------------------------------------------------
[4] Are Macs Virus-Proof?
By Robyn Weisman
www.NewsFactor.com,
Part of the NewsFactor Network
November 11, 2002
Historically, Mac OS users have had little to fear from the scourge of
viruses plaguing their Windows counterparts. The operating system's
"Classic" incarnation was practically impervious, Macworld editor Jason
Snell told NewsFactor.
But Apple's (Nasdaq: AAPL) new operating system, known as OS X , is
based on the Unix platform, whose code base has been around for more
than three decades. While Unix underpinnings have made Apple's OS more
powerful and stable, they also have made it more susceptible to viruses
and worms.
http://www.osopinion.com/perl/story/19930.html
----------------------------------------------------
[5] British hacker "attacks US military"
US federal authorities say they have cracked the case of a British
hacker who broke into 100 unclassified American military networks in 12
months.
Officials familiar with the investigation refuse to identify the hacker,
who lives in England, but say he could be indicted within hours in
federal courts in northern Virginia and New Jersey.
The officials, who spoke on condition of anonymity, would not say
whether the hacker was already in custody. But one said investigators
considered the break-ins the work of a professional rather than a
recreational hacker.
http://www.express.co.uk/story.html?story=1&r=3119939816592186
http://www.ananova.com/news/story/sm_707566.html?menu=
http://www.wired.com/news/politics/0,1283,56319,00.html
----------------------------------------------------
[6] Bush wants swift action on Homeland Security agency as lame-duck
Congress meets
By ALAN FRAM
The Associated Press
11/12/02 1:12 AM
WASHINGTON (AP) -- President Bush wants the lame-duck Congress to
swiftly approve his plan for a new Homeland Security Department, even as
it is clear that Democrats will control the Senate for a bit longer.
With the House and Senate planning to start an abbreviated postelection
session on Tuesday, lawmakers were expected to launch a push to end a
Senate stalemate over the proposed agency. Bush has called creation of
the department, part of his response to last year's terrorist attacks,
the outgoing Congress' top priority.
Lawmakers were expected to examine a tentative plan for resolving the
impasse by giving unions a larger role in workplace changes than the
administration initially proposed. It was drafted by White House and
congressional Republican staff and offered to Senate aides in bargaining
Sunday night.
http://www.nj.com/newsflash/washington/index.ssf?/cgi-free/getstory_ssf.
cgi?a0426_BC_Congress-LameDuck&&news&newsflash-washington
----------------------------------------------------
[7] Security technologies could backfire against consumers
By Robert Lemos
Staff Writer, CNET News.com
November 7, 2002, 4:00 a.m. PT
SAN FRANCISCO--At the USENIX Security Conference held here recently,
Microsoft developers touted the company's upcoming Palladium
architecture as technology that would enhance privacy, stymie piracy and
increase a corporation's control over its computers.
Others, however, see a more nefarious role for the security software.
Instead of just keeping hackers out, critics say programs like Palladium
could also block computer users from certain data. For example, the
technology could be used as a policing mechanism that bars people from
material stored on their own computers if they have not met licensing
and other requirements.
http://news.com.com/2009-1001-964628.html
----------------------------------------------------
[8] Mitre: Open-source code rife at DOD
BY Dan Caterinicchia
Nov. 11, 2002
The use of open-source software within the Defense Department continues
to gain momentum, especially in the critical area of cybersecurity,
despite the fact that DOD and industry leaders have raised numerous
concerns about vulnerabilities associated with the technology.
But what if open-source software applications and development were
banned in DOD?
A recent study conducted by Mitre Corp. for DOD posed that hypothetical
question and found that without open-source software, DOD's
cybersecurity capabilities would be crippled and other areas would be
severely impacted.
http://www.fcw.com/fcw/articles/2002/1111/pol-open-11-11-02.asp
----------------------------------------------------
[9] Homeland Security CIO says branding new department is key
By Gretel Johnston
November 5, 2002 6:59 am PT
HERSHEY, PENNSYLVANIA -- U.S. government officials doing the leg work to
establish the proposed Department of Homeland Security should think of
their challenge the same way corporations approach mergers and
acquisitions, the chief information officer for the Office of Homeland
Security said at a meeting here of IT industry and federal IT
professionals.
"As quickly as possible the new organization has to brand itself and
emerge as a single, stronger entity," Steve Cooper, senior director for
information integration and CIO for the Office of Homeland Security said
Monday during a panel discussion at the Industry Advisory Council's
Executive Leadership Conference.
http://www.infoworld.com/articles/hn/xml/02/11/05/021105hncooper.xml
----------------------------------------------------
[10] FBI names new IT executive
By Wilson P. Dizard III
GCN Staff
FBI Director Robert S. Mueller III today named Charles S. Prouty to the
post of executive assistant director of law enforcement services, a post
in which he will oversee the bureau's Criminal Justice Information
Service Division as well as training, laboratory, critical response and
international operations.
http://www.gcn.com/vol1_no1/daily-updates/20437-1.html
----------------------------------------------------
[11] Still a disconnect at Interior
BY Megan Lisagor
Nov. 11, 2002
About 6 percent of the Interior Department's computer systems remain
disconnected from the Internet, 11 months after a federal judge ordered
a departmentwide shutdown citing security concerns, according to a Nov.
1 Interior report.
Most of the systems support the Bureau of Indian Affairs and the Office
of the Special Trustee, agencies that rely on information technology to
fulfill the department's trust fund duties.
http://www.fcw.com/fcw/articles/2002/1111/web-interior-11-11-02.asp
----------------------------------------------------
[12] Copy protection on CDs is 'worthless'
19:00 06 November 02
Exclusive from New Scientist Print Edition
The technology built into some CDs to stop people copying them is
futile, according to a computer scientist who has put today's antipiracy
systems under the microscope. He believes the continual software and
hardware upgrades issued by the makers of computer CD drives and audio
CD players render copy protection systems pointless in the long run.
CD: the most copied medium
John Halderman, a computer scientist from Princeton University in New
Jersey, plans to show delegates at a digital copyright conference in
Washington DC next week that the idea of CD copy-prevention is
"fundamentally misguided".
In 2001, Princeton University scientists debunked the technology the
music industry planned to use to inaudibly watermark sound. Halderman is
now doing a similar job on copy prevention systems.
http://www.newscientist.com/news/news.jsp?id=ns99993020
----------------------------------------------------
[13] Nationwide banks on biometrics
By John Leyden
Posted: 11/11/2002 at 18:58 GMT
Nationwide, the UK's largest remaining building society, last week
announced plans to roll out biometric signature capture and verification
technology to all its branches in the UK. Work will begin on the
installation during the first quarter of 2003.
By embedding biometric signature data into electronic documents,
Nationwide hopes to "remove paper from branches and eliminate filing and
retrieval systems". A bold ambition, particularly in the banking sector
where notarised paper receipts are very much the order of the day.
http://www.theregister.co.uk/content/55/28037.html
----------------------------------------------------
[14] ICANN plays safe with new domain plans
By ComputerWire
Posted: 12/11/2002 at 08:05 GMT
The Internet Corp for Assigned Names and Numbers is proposing that three
new top-level domains be added to the internet, but plans currently
under discussion call for a limited roll-out that would focus on niche
markets.
In a document published over the weekend, ICANN president Stuart Lynn
asks for public input on recommendations that three "sponsored" TLDs be
added to the internet, and that proposals be solicited from interested
parties.
A sponsored TLD is one with a narrowly defined registrant base, such as
.pro or .aero, which target certified professionals and the aerospace
industry respectively, as opposed to unsponsored TLDs, such as .com or
.info, which are open to anybody.
http://www.theregister.co.uk/content/6/28047.html
----------------------------------------------------
[15] Skills gap shrinks between public, private tech workers
By Molly M. Peterson, National Journal's Technology Daily
Efforts to boost information technology training for government
employees have helped narrow the skills gap between public- and
private-sector IT workers, according to a recent study by Brainbench, an
online skills-testing firm.
"Government IT workers are showing significant strengths in some
important technology areas-especially the increasingly popular Unix
[and] Linux arenas," said Mike Russiello, president and CEO of the
Chantilly, Va.-based company.
The study compared the scores of more than 4,000 government employees
and more than 7,000 private-sector workers who took Brainbench's IT
skills tests online. The study analyzed the workers' test scores in
eight major areas and found that government workers' scores surpassed
those of private sector workers in three categories.
http://www.govexec.com/dailyfed/1102/111102td1.htm
----------------------------------------------------
[16] Why MS 'Ruling' Is Dangerous
By Lauren Weinstein (a commentary)
02:00 AM Nov. 11, 2002 PT
Has Judge Colleen Kollar-Kotelly helped set the stage for a computing
disaster of unprecedented magnitude?
She's not the only culprit involved, but her ruling affirming the
Justice Department antitrust deal with Microsoft may have devastating
results that we'll all come to regret.
http://www.wired.com/news/politics/0,1283,56279,00.html
----------------------------------------------------
[17] XML Zooms Onto Gov't Tech Agenda
By Lia Steakley |
02:00 AM Nov. 11, 2002 PT
As improbable as it may seem, declining sales among U.S. automakers have
clinched government support for XML standards.
The American automotive slump continued in October as Ford (F), General
Motors (GM) and DaimlerChrysler (DCX) all reported a 30 percent drop in
sales.
The federal government hopes to rescue carmakers and several other
industries with the Enterprise Integration Act of 2002, signed into law
last week.
http://www.wired.com/news/politics/0,1283,56287,00.html
----------------------------------------------------
[18] 'Dirty bomb' fears spur a search for Soviet relics
Joby Warrick The Washington Post Tuesday, November 12, 2002
Deadly cesium from farm tests still missing
TBILISI, Georgia In the 1970s, scientists in the former Soviet Union
developed scores of powerful radioactive devices and sent them to the
countryside for a project known cryptically as Gamma Kolos. Its purpose
was to expose plants to radiation and measure the effects.
Some of tests were aimed at simulating farming conditions after a
nuclear war. In rugged eastern Georgia, researchers bombarded wheat seed
with radiation to see if the plants would grow better.
http://www.iht.com/articles/76657.html
----------------------------------------------------
[19] Russian Officer Convicted Of Spying
MOSCOW, Nov. 11, 2002
The court verdict says Sypachev was detained by the Federal Security
Service arrested April 4 after placing an envelop containing the report
in a secret location, Interfax reported.
(AP) A Russian military officer was convicted of espionage on Monday,
and a Russian news agency reported that he was charged after being
detained while trying to pass classified information to American
intelligence agents.
In a closed trial, the Moscow district military court sentenced Col.
Alexander Sypachev to eight years in a maximum-security labor camp and
stripped him of his rank, the Russian military prosecutor's office said
in a statement.
http://www.cbsnews.com/stories/2002/11/11/world/main528921.shtml
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
