_________________________________________________________________ London, Monday, September 30, 2002 _________________________________________________________________
INFOCON News _________________________________________________________________ IWS - The Information Warfare Site http://www.iwar.org.uk _________________________________________________________________ To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body _________________________________________________________________ ---------------------------------------------------- [News Index] ---------------------------------------------------- [1] New Net project aims to avoid hacking [2] What's your cybersecurity strategy? Here's mine [3] Defense U. targets e-gov [4] P2P Hacking Bill draws support, critics [5] When is hacking a crime? [6] Secret Service patrolling for unsecured wireless networks [7] Porn Spam: It's Getting Raunchier [8] Council of Europe targets child sex abuse, online racism [9] Maryland law targets spammers [10] Turtle to shell hackers [11] 64-bit encryption broken after four years [12] Pentagon prohibits wireless, citing security reasons [13] Navy launches e-records effort [14] Hacker groups declare war on US.gov [15] Homeland security concerns may derail long-term spending measure [16] Remote Management of Win2K Servers: Three Secure Solutions [17] 'I Yelled at Them to Stop' _________________________________________________________________ News _________________________________________________________________ [1] New Net project aims to avoid hacking By Jeordan Legon (CNN) (CNN) --Scientists concerned about the vulnerability of the Internet to failure or hacking envision a next-generation system that would use the collective power of users' computers to become more secure. Researchers exploring that vision at five major U.S. universities got a $12-million grant from the National Science Foundation (NSF) this week, as part of a program that doled out $144 million to advance computer science. The Internet project, dubbed Infrastructure for Resilient Internet Systems (IRIS), will attempt to solve two of the biggest problems faced by Web users: sites being down when too many people try to access a single server and hackers attacking the servers on which information is stored. http://www.cnn.com/2002/TECH/internet/09/27/iris.internet/index.html ---------------------------------------------------- [2] What's your cybersecurity strategy? Here's mine David Coursey, Executive Editor, AnchorDesk Monday, September 30, 2002 Wireless analyst Andy Seybold has a theory about ZDNet's Digital Defense Test, which I failed so miserably last week. Andy says that if you pass the test, it proves you really don't need your computer, because you're obviously not doing anything with it. For the record, I did about as well on the test as other folks I know. One TV news correspondent I know did worse, as did my boss Pat Houston--and he helped develop the thing. Rob Enderle, the Giga analyst, got a C when he took the test on my radio show--but I think he fudged a bit. THE POINT IS, we're not all losers tempting fate with our lax personal computer hygiene. Rather, until the computer industry gets its collective act together and produces products without inherent security problems, most of us are going to do badly when it comes to securing our systems. It's up to us as individual users to take care of ourselves. Today I want to share with you how I do just that. http://www.zdnet.com/anchordesk/stories/story/0,10738,2881906,00.html ---------------------------------------------------- [3] Defense U. targets e-gov BY Colleen O'Hara Sept. 30, 2002 The National Defense University last week began a master's-level certification program designed to mold government managers into e-government leaders. The eGovernment Leadership Certificate Program is a "broad leadership program" aimed at helping senior executives manage programs that cut across organizational lines, said Linda Massaro, a senior fellow at the university's Information Resources Management College. "It takes a different set of skills" to do that effectively, she said. http://www.fcw.com/fcw/articles/2002/0930/mgt-egov-09-30-02.asp ---------------------------------------------------- [4] US P2P Hacking Bill draws support, critics By ComputerWire Posted: 09/30/2002 at 07:25 EST US lawmakers last week sat down with proponents and opponents of a controversial bill that would allow copyright holders to use techniques critics compare to "hacking" to prevent content being pirated on peer-to-peer networks, Kevin Murphy writes. At a hearing of the House Judiciary Committee's Subcommittee on Courts, the Internet and Intellectual Property, a senior record industry executive and the bill's sponsors argued that the bill is the best way to stop P2P being used to pirate, while a public domain lobbyist said the bill was too vague and potentially dangerous. http://www.theregus.com/content/6/26458.html ---------------------------------------------------- [5] When is hacking a crime? By Robert Lemos Special to ZDNet September 23, 2002, 4:32 AM PT Kevin Finisterre admits that he likes to hew close to the ethical line separating the "white hat" hackers from the bad guys, but little did he know that his company's actions would draw threats of a lawsuit from Hewlett-Packard. This summer, the consultant with security firm Secure Network Operations had let HP know of nearly 20 holes in its Tru64 operating system. But in late July, when HP was finishing work to patch the flaws, another employee of Finisterre's company publicly disclosed one of the vulnerabilities and showed how to exploit it--prompting the technology giant to threaten litigation under the Digital Millennium Copyright Act. Finisterre, who was not hired by HP, now says he'll think twice before voluntarily informing another company of any security holes he finds. http://zdnet.com.com/2100-1105-958920.html ---------------------------------------------------- [6] Secret Service patrolling for unsecured wireless networks Copyright C 2002 AP Online By D. IAN HOPPER, AP Technology Writer WASHINGTON (September 29, 2002 1:56 p.m. EDT) - Secret Service agents are putting a high-tech twist on the idea of a cop walking the beat. Using a laptop computer and an antenna fashioned from a Pringles potato chip can, they are looking for security holes in wireless networks in the nation's capital. The agency best known for protecting the president and chasing down counterfeiters has started addressing what it calls one of the most overlooked threats to computer networks. "Everybody wants wireless, it's real convenient," Special Agent Wayne Peterson said. "Security has always been an afterthought." http://www.nandotimes.com/technology/story/555541p-4378549c.html ---------------------------------------------------- [I am using the free Cloudmark SpamNet (http://www.cloudmark.com/) to filter spam and it works really well (unfortunately it only supports Outlook 2000/XP). WEN] [7] Porn Spam: It's Getting Raunchier By Julia Scheeres 2:00 a.m. Sep. 30, 2002 PDT Naked women performing oral sex with guns pressed to their heads, naked women with large dogs clutching their backs, naked women in pigtails pretending to be daughters having sex with fathers. These are some of the explicit images that have started slipping into inboxes lately as spamsters try to drive traffic to a growing number of sites featuring rape, bestiality and incest pornography. http://www.wired.com/news/culture/0,1284,55420,00.html ---------------------------------------------------- [8] Council of Europe targets child sex abuse, online racism By AGENCE FRANCE-PRESSE STRASBOURG, France (AFP) - The pan-European rights body Council of Europe on Friday passed resolutions against child sex abuse and Internet racism but said the battle to fight them will be tough because of huge financial interests. "Combating the sexual abuse of children should be made a national cause in all our member states" said rapporteur Fiorello Provera, of the liberal, democratic and reformers' group. "Zero tolerance should mean that no criminal went unpunished, there should be no geographical limits." "The trafficking and prostitution of both boys and girls have started to flourish in our European states," she warned. "The children come from Eastern Europe, from Africa, from China." http://newsobserver.com/24hour/world/story/554721p-4372464c.html ---------------------------------------------------- [9] Maryland law targets spammers By William Glanz THE WASHINGTON TIMES Maryland consumers tired of finding their electronic mailboxes stuffed with unwanted pitches for amazing cancer cures and weary of opening advertisements that claim to be messages from old friends should get some welcome relief. A new state law that takes effect tomorrow is intended to limit unsolicited commercial e-mail, or spam, which accounted for almost half of all electronic messages last year. Despite the legislation, politicians, e-mail marketers and Internet service providers (ISP) who support reining in spammers believe that stopping the electronic junk mail will be difficult. "If we haven't done it perfectly, we've certainly made a start," said Delegate Joan Pitkin, the Prince George's County Democrat who sponsored the bill in the Maryland General Assembly. http://www.washtimes.com/business/20020930-5773480.htm ---------------------------------------------------- [10] Turtle to shell hackers By Nick Farrell [26-09-2002] FTC uses cartoon to push serious security message The Federal Trade Commission (FTC) has introduced a cartoon turtle as a mascot to promote internet security. Dewie is designed to remind computer users, from children to businesses, that only they can stop viruses and hackers from taking over their computer. http://www.pcw.co.uk/News/1135412 http://www.ftc.gov/bcp/conline/edcams/infosecurity/ ---------------------------------------------------- [11] 64-bit encryption broken after four years By James Middleton [30-09-2002] And all it took was 15,769,938,165,961,326,592 keys After millions of hours of processor work and four years of human effort, the RC5 64-bit encryption algorithm has finally been broken. Using 331,252 volunteer machines, a crypto group called Distributed.net cracked RSA Security's encryption challenge and picked up a cheque for $10,000. http://www.vnunet.com/News/1135452 ---------------------------------------------------- [12] Pentagon prohibits wireless, citing security reasons By Ellen Messmer Network World Fusion, 09/27/02 The Office of the Secretary of Defense has issued a memorandum that prohibits the use of many types of wireless technologies in the Pentagon and much of the Army, Navy and Air Force until the military has developed a wireless security strategy, which it expects to do with assistance from the National Security Agency. John Stenbit, assistant secretary of Defense for Command Control and Communications and the Defense Department's chief information officer, signed the memorandum along with the OSD's acting director of administration and management, Howard Becker. Attached to the memo, which pertains to use of wireless in the military's IT networks, is a document entitled "Pentagon Area Common Information Technology Wireless Security Policy." The document elaborates on the dangers of wireless to network security and the steps the Penatgon and its service branches are taking to come to grips with it. The decision on wireless had been expected for several months. Because wireless technologies, particularly wireless LANs, bring with them new ways to break into networks, the Pentagon has decided to prohibit the connecting of wireless devices to a classified network or computer, the document states. http://www.nwfusion.com/news/2002/0927pgon.html ---------------------------------------------------- [13] Navy launches e-records effort BY Christopher J. Dorobek Sept. 30, 2002 The Navy last week kicked off what is expected to become the government's largest enterprisewide records management system when it began installing software on Navy Marine Corps Intranet computers. The Navy is loading software on about 100 PCs in the Navy Department's Office of the Chief Information Officer. That tool eventually will help the service manage records and documents across nearly 400,000 desktop PCs at nearly 300 shore-based sites, officials said. Last year, the Navy and EDS selected Australia-based Tower Software's TRIM as NMCI's records management standard. http://www.fcw.com/fcw/articles/2002/0930/news-navy-09-30-02.asp ---------------------------------------------------- [14] Hacker groups declare war on US.gov By electricnews.net Posted: 09/27/2002 at 08:46 EST A record number of malicious hacking attempts were made this month, and anti-American groups are responsible. So says Mi2g, the London-based security consultancy, which notes that US government on-line computers belonging to the House of Representatives, Department of Agriculture, Department of Education, National Park Service, NASA and the US Geological Survey were attacked in September. http://www.theregus.com/content/55/26448.html ---------------------------------------------------- [15] Homeland security concerns may derail long-term spending measure By Keith Koffler, CongressDaily While there is increasing talk on Capitol Hill that Congress will adjourn Oct. 11 and pass a continuing resolution stretching into December or next year, House Republican leaders are quietly discussing the possibility of a CR lasting a few weeks at best-with no adjournment-if the Homeland Security Department bill is not finished. The bill is at a standstill in the Senate, where Republicans are insisting on a clean, up-or-down vote on a White House-backed amendment offered by Sens. Phil Gramm, R-Texas, and Zell Miller, D-Ga. Democratic leaders are refusing their demands, believing they have just enough support to pass a competing amendment by Sens. John Breaux, D-La., Ben Nelson, D-Neb., and Lincoln Chafee, R-R.I., which President Bush promises to veto. According to senior House GOP aides, there are doubts in the leadership about whether Bush, who rarely speaks without emphasizing the importance of creating a new Homeland Security Department, would sign a CR after Oct. 11 that punts the issue months into the future. And there is concern about voter reaction if Congress were to adjourn without finishing what both Democrats and Republicans tout as a national security priority. http://www.govexec.com/dailyfed/0902/092702cd1.htm ---------------------------------------------------- [16] Remote Management of Win2K Servers: Three Secure Solutions by Mark Burnett last updated September 25, 2002 It's a common scenario: your company has an IIS Web server sitting 300 miles away at a high-bandwith, air-conditioned and power-regulated co-location center. The network is stable and the price is right, but you must completely manage the server remotely; you can't just go sit down at the console whenever you want. Remote management presents several problems, the most obvious being that the traffic between you and the server is travelling across the public Internet, available for others to sniff. Another problem is that remote administration normally involves installing software and opening ports, both of which increase the attack surface of your server. The goal when selecting a remote administration solution is to make sure that you (and only you) can do your job without exposing the server to additional risk. http://online.securityfocus.com/infocus/1629 ---------------------------------------------------- [17] 'I Yelled at Them to Stop' U.S. Special Forces are frustrated. Kicking down doors and frisking women, they say, is no way to win hearts and minds in Afghanistan. A report from the front Oct. 7 issue - One afternoon in August, a U.S. Special Forces A team knocked at the door of a half-ruined mud compound in the Shahikot Valley. The servicemen were taking part in Operation Mountain Sweep, a weeklong hunt for Qaeda and Taliban fugitives in eastern Afghanistan. http://www.msnbc.com/news/814576.asp?cp1=1 ---------------------------------------------------- _____________________________________________________________________ The source material may be copyrighted and all rights are retained by the original author/publisher. Copyright 2002, IWS - The Information Warfare Site _____________________________________________________________________ Wanja Eric Naef Webmaster & Principal Researcher IWS - The Information Warfare Site <http://www.iwar.org.uk> --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk