_________________________________________________________________ London, Wednesday, October 30, 2002 _________________________________________________________________
INFOCON News _________________________________________________________________ IWS - The Information Warfare Site http://www.iwar.org.uk _________________________________________________________________ --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- _________________________________________________________________ ---------------------------------------------------- [News Index] ---------------------------------------------------- [1] 12th Annual EICAR Conference: Call For Papers [2] Don't Touch that Dial [3] Defense, cybersecurity officials praise 'open source' software [4] China prevented repeat cyber attack on US [5] Politicians, police recruited to talk up IT security [6] Responsible Disclosure by Corporate Fiat [7] Homeland goes interstate route [8] Q & A Kevin Mitnick [9] MS gets top security rating for Win2k, makes big noise [10] OMB issues draft standards to increase info-sharing, cut IT costs [11] NIST details certification process [12] Transcom chief touts IT [13] Tech firms seek to play role in military transformation effort [14] Defense procurement system prone to security lapses [15] Sniper leaves a mark [16] Brussels to spend €250k on Linux migration study [17] Introducing Network Attached Encryption [18] Wireless WarDrive: Wee Bit of Fun [19] Reuters says it wasn't hacking [20] Greeting card email is not a worm [21] Home-based cybersecurity defense won't work [22] Nowhere to Hide [23] Lawsuit to Test USA Patriot Act [24] CIA warns of Net terror threat [25] Online sales decline for first time [26] A new threat to ICANN authority? [27] Dear Saddam, How Can I Help? [28] Technology: Military conference highlights information systems [29] Golden Age of IT Hasn't Arrived Yet [30] DoCoMo gets defaced [31] Is a larger Net attack on the way? [32] Employee surveillance unaffected by terror threat [33] FIPS testing finds lots of mistakes in crypto IT _________________________________________________________________ News _________________________________________________________________ [1] 12th Annual EICAR Conference: Call For Papers 12th Annual EICAR Conference: Call For Papers The Conference will be held May 10-13 in Copenhagen, with three streams of interest: -Malware -Critical Infrastructure Protection (CIP) -IT-Law and Forensics with contributions from industry, government, and research. With the goal of keeping abreast of new developments, EICAR will be a forum for discussions on subjects past, present and future, pertaining to "IT-Security in an Insecure Web". Papers can be submitted through to December 1st, 2002. For more information on formatting, panels, area chairs and other things, check out http://conference.EICAR.org Submission of Papers to Area Chairs December 1, 2002 Notifications to Authors of Acceptance and Reviewers' Comments January 15, 2003 Submission of Camera-Ready Papers February 1, 2003 First Round Registration March 1, 2003 ---------------------------------------------------- (I have seen a prototyp of such a phone due for release in January and it looks amazing as it got so many features, but unfortuntely it looks like they missed out the security bit. WEN) [2] Don't Touch that Dial Mobile phones packing Java virtual machines are gaining in popularity, and are headed for American shores. Will they be the next arena for malicious hacking? By Michael Fitzgerald, Oct 29 2002 9:05AM Java phones are coming to the U.S., bringing with them a second chance for mobile applications, and, experts caution, a new platform for malicious code. "It's going to be an issue," says Tony Davis, acting CEO of Tira Wireless, a Toronto startup that certifies and publishes J2ME (Java 2 MicroEdition) applications. Davis already uses a Trojan horse program when he makes sales calls. "When I meet with European carriers, I pull up a phone and show them a car racing game that's actually not just that, it's sending a huge amount of traffic back and forth," Davis says. "I tell them, your customer is going to get a bill for 500 pounds at the end of the month, and who are they going to come after? You." http://online.securityfocus.com/news/1531 ---------------------------------------------------- [3] Defense, cybersecurity officials praise 'open source' software By Drew Clark, National Journal's Technology Daily A Defense Department technology expert and a White House cybersecurity official on Tuesday praised government's use of "open source" software and said that its security can be preferable to that of commercial software. Speaking at a conference sponsored by Dell Computer and Red Hat, which distributes the Linux open-source software, the defense and cybersecurity officials said they anticipate that government use of the software will continue to increase. The source code for Linux and other such software is open for public inspection, unlike that of proprietary software. "Open source allows us the opportunity to have a pro-active and pre-emptive identification of security holes by friendly analysis," said Ken Linker of the Defense Information Systems Agency. He read the written presentation of Robert Walker, the program manager for the agency, which runs the software for a large portion of the department's command-and-control systems. http://www.govexec.com/dailyfed/1002/102902td2.htm ---------------------------------------------------- '... However, 85 percent of the successful infiltrations and attacks on these unclassified military computer networks are preventable with available patches and proper security procedures but system administrators do not use them. Every time a new computer is unpacked and plugged in to the Pentagon's network without patches installed -- an apparently frequent occurrence -- the entire network is exposed to that one computer's vulnerabilities. ...' '... "We are our own worst enemy," said Bradley. "The Defense Department is more vulnerable than anyone in the world." ...' '... At its simplest, computer network attack would be government sanctioned hacking -- an attempt to deny an enemy use of is own computer networks in wartime, to change critical information, or to trick him into thinking they were working when they are not. ...' '... "The attacks could be extremely precise. We have a wide range of capabilities but there are very, very tight controls on this," Bradley said. ...' '... Only the president of the defense secretary can authorize a computer network attack, according to the policies now being crafted. ...' '... "I've got to tell you we spend more time on the computer network attack business than we do on computer network defense because so many people at very high levels are interested in developing the policy for it," Bradley said. ...' '.... The Pentagon is moving cautiously, aware of the potential for collateral damage to the world's computer networks and economy. ...' [4] China prevented repeat cyber attack on US By Pamela Hess UPI Pentagon Correspondent >From the International Desk Published 10/29/2002 12:40 PM NASHVILLE, Oct. 29 (UPI) -- The Defense Department was braced for a new onslaught of cyber attacks from Chinese hackers in May 2002 but they never materialized: the Chinese government asked private hackers not to repeat the 2001 defacement of U.S. government Web sites, a top Defense Department official said Tuesday. "We expected another series of attacks from Chinese hackers, but actually the government of China asked them not to do that," said Air Force Maj. Gen. John Bradley, deputy commander of the Pentagon's Joint Task Force on Computer Network Operations, at an electronic warfare conference Tuesday. "I wouldn't call it state-sponsored, but state-controlled, I guess," he said at the Annual Association of Old Crows conference being held in Nashville. http://www.upi.com/view.cfm?StoryID=20021029-121924-5101r ---------------------------------------------------- (A nice quote from today's CompSec conference which I attended: - 'Most of the attacks come from the outside, but the deadliest attacks come from the inside'. WEN) [5] Politicians, police recruited to talk up IT security Reuters, 10.30.02, 3:37 AM ET By Bernhard Warner, European Internet Correspondent LONDON, Oct 30 (Reuters) - Politicians, law enforcement and national security advisers have descended on London this week for a computer security event, covering topics that more reflect surviving global conflict than safeguarding computer networks. While many corporate technology events have suffered from the economic slowdown, security conferences around the globe have been relatively well attended. "The world's changed," said Martin Smith, chairman of the three-day Compsec conference, a 19-year-old event that organisers say has experienced renewed interest since the September 11 attacks in the United States. http://www.forbes.com/home_europe/newswire/2002/10/30/rtr771484.html ---------------------------------------------------- [6] Responsible Disclosure by Corporate Fiat The new Organization for Internet Safety aims to make vulnerability disclosure more responsible. It's a good idea, but is the group too corporate to pull it off? By Jon Lasser Oct 30, 2002 I must have a masochistic streak. Nothing else could explain why I occasionally argue in this space that people should act responsibly when disclosing holes in software. If I even hint that the doctrine of full disclosure has limits, the reaction is overwhelming. Among other things, I've been called a Microsoft lackey, a fascist, and "just a plain dolt." You'd think I was criticizing CISSPs. Most of the negative feedback seems to stem from the belief that I'm opposed to full disclosure. In fact, I'm not. But I believe that it's time for the security community to develop a broadly supported model for disclosing security vulnerabilities. This model should ultimately result in full disclosure of every security hole in every application. Just not all at once. http://online.securityfocus.com/columnists/120 ---------------------------------------------------- [7] Homeland goes interstate route BY Dibya Sarkar Oct. 29, 2002 If you're having a hard time envisioning what the national strategy for homeland security would look like, try using the interstate highway system, built more than 50 years ago, as an example. That's what Steve Cooper, senior director of information integration and chief information officer for the White House Office of Homeland Security, told attendees at the National Association of State Chief Information Officers in St. Louis on Oct. 28. Cooper said that Lois Clark McCoy, president of the National Institute for Urban Search and Rescue, told him several weeks ago that "national" wasn't the best term to describe the homeland security strategy and suggested another description: an "interstate communications expressway." http://www.fcw.com/geb/articles/2002/1028/web-nascio-10-29-02.asp ---------------------------------------------------- '... I think a cyber-terrorism attack is overblown, though the threat exists. I think al Qaeda and other groups are more interested in symbolic terrorism, like what they did to the World Trade Center -- suicide bombers or something that really has an effect and is meaningful to people. ...' [8] Q & A Kevin Mitnick Ex-hacker shares secrets of deception Mitnick says 'social engineers' play big role in cyber attacks Verne Kopytoff, Chronicle Staff Writer Monday, October 28, 2002 Kevin Mitnick, the notorious computer hacker who was one of the FBI's Most Wanted fugitives when he was arrested in 1995, says he has changed his stripes. After serving a five-year prison term for breaking into the computers of several high-tech firms, stealing software and causing millions of dollars in damage, the 39-year-old has renounced his old ways and launched a career as a public speaker and computer security consultant. http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2002/1 0/28/BU162351.DTL&type=tech ---------------------------------------------------- [9] MS gets top security rating for Win2k, makes big noise By John Lettice Posted: 30/10/2002 at 13:09 GMT After three years of waiting, Microsoft has achieved Common Criteria certification for Windows 2000, so it's probably handy that the company decided not to start pulling the plugs on the OS before last from next April. Common Criteria certification, since you ask, is an effort to establish an internationally recognised set of security evaluation criteria - Win2k getting achieving certification, since you also ask that, does not mean that the product is any more secure this week than it was last week. It does mean it'll be a lot easier for it to sell into secure defence and government establishments, without having to get special clearance. But you'd be forgiven for getting led astray, if you listened to some people. http://www.theregister.co.uk/content/55/27845.html http://www.commoncriteria.org/ccc/epl/productType/eplinfo.jsp?id=99 ---------------------------------------------------- [10] OMB issues draft standards to increase info-sharing, cut IT costs By Tanya N. Ballard The Office of Management and Budget issued a draft report last Friday outlining federal technology standards designed to increase information sharing among agencies and reduce overall technology costs. “These standards will greatly facilitate the ability to share and reuse a common set of technology components, while also leading to reduced information technology investment,” according to a draft report from OMB’s Federal Enterprise Architecture Program Management Office, which is charged with designing a governmentwide IT plan. The standards discussed in the report will initially be applied to 24 technology projects the Bush administration plans to fund over the next three years to maximize efficiency and improve its service to citizens and businesses. Federal agencies spend millions of dollars on the development and acquisition of technology components, according to OMB, but just a few agencies are effectively using those resources. The majority of agencies continue to struggle to adopt best practices. Several agencies also duplicate efforts by separately collecting and processing identical information, instead of just sharing the data they’ve gathered. http://www.govexec.com/dailyfed/1002/102902t1.htm ---------------------------------------------------- [11] NIST details certification process BY Diane Frank Oct. 30, 2002 The National Institute of Standards and Technology's Computer Security Division this week released the first piece of a governmentwide project aimed at enhancing the overall security of federal information technology systems. NIST released a draft publication that establishes a detailed standard security certification and accreditation (C&A) process for agencies. http://www.fcw.com/fcw/articles/2002/1028/web-nist-10-30-02.asp Draft Special Publication 800-37 (PDF) http://csrc.nist.gov/sec-cert/SP-800-37-v1.0.pdf Introductory tutorial for 800-37 (PDF) http://csrc.nist.gov/sec-cert/ca-tutorial.pdf ---------------------------------------------------- [12] Transcom chief touts IT BY Dan Caterinicchia Oct. 29, 2002 Information technology helps the Defense Department track personnel and products with unprecedented visibility and is as important to the warfighter as other essential equipment, according to the commander of the U.S. Transportation Command (Transcom). "Information technology is as central to our mission as the planes, trains, trucks, and ships that support our warfighters every day around the globe," said Air Force Gen. John Handy, Transcom commander. "If information doesn't move, we don't move. We simply would not be able to support the warfighter." http://www.fcw.com/fcw/articles/2002/1028/web-transcom-10-29-02.asp ---------------------------------------------------- [13] Tech firms seek to play role in military transformation effort By Molly M. Peterson, National Journal's Technology Daily Noting that the military's ongoing "transformation" will provide new market opportunities for technology companies, the Information Technology Association of America (ITAA) on Tuesday released a new publication that could serve as a primer for firms that have never done business with the Pentagon. "Defense transformation ... calls for new players and a new playbook," ITAA President Harris Miller said in the book's introduction. "ITAA believes that many companies heretofore focused in part or in total on the commercial sector will repurpose their products and services to bring important new options and capabilities to the national defense." The 50-page publication, which Miller called a "first link" for high-tech companies looking to build new bridges to the Pentagon, provides perspectives on military transformation from Defense Department officials, members of Congress, and industry experts from the private and academic sectors. http://www.govexec.com/dailyfed/1002/102902td1.htm ---------------------------------------------------- [14] Defense procurement system prone to security lapses By Amelia Gruber An electronic procurement system being developed at the Defense Department needs to have better security features before it can be used, according to an October report from the Pentagon’s inspector general. If deployed today, the Defense Procurement Payment System (DPPS) would lack two basic safety measures, said the IG’s report on information security. The existing version does not have proper access controls or an adequate contingency plan if the systems feeding it fail. “Existing weaknesses may lead to unauthorized access by potential users that may result in undetected alteration or misuse,” the report said. http://www.govexec.com/dailyfed/1002/102902a2.htm ---------------------------------------------------- [15] Sniper leaves a mark BY William Matthews Oct. 28, 2002 Two electronic fingerprint databases turned out to be keys to cracking the Washington, D.C., sniper case. One, operated by the FBI, gave authorities the identity of a 17-year-old suspect in the three-week killing spree. The other, operated by the Immigration and Naturalization Service, led police to the 41-year-old suspected gunman, John Allen Muhammad. Initially, the databases were tapped by Montgomery, Ala., police who were investigating a murder that appeared to be unrelated to the sniping spree. http://www.fcw.com/fcw/articles/2002/1028/web-fprint-10-28-02.asp ---------------------------------------------------- [16] Brussels to spend €250k on Linux migration study By John Leyden Posted: 30/10/2002 at 17:12 GMT The European Commission has awarded UK-based consultancy netproject a €250,000 contract to study the issues of migrating government computers in member states to a Linux / Open Source environment. netproject has been hired by the Commission to draw up guidelines on a move to open source technologies and to help define EU IT strategy on desktop computing. The German state of Mecklenburg-Pomerania is to be used as a test bed in defining this strategy, which goes beyond the investigation of a switch between Windows and Linux PCs. http://www.theregister.co.uk/content/4/27853.html ---------------------------------------------------- [17] Introducing Network Attached Encryption By John Leyden Posted: 30/10/2002 at 12:31 GMT Application security specialist Ingrian Networks has developed a technology to offload encryption functions from application or database servers onto appliances with the aim of providing more robust security for data in storage. Ingrian, which made its name marketing hardware platforms to speed up the processing of SSL, secure caching, and secure switching (securing data in transit – a market that has become commoditised), has developed software service engines to secure data in storage as well. It calls this technology Network Attached Encryption. http://www.theregister.co.uk/content/55/27843.html ---------------------------------------------------- [18] Wireless WarDrive: Wee Bit of Fun By Michelle Delio 02:00 AM Oct. 29, 2002 PST NEW YORK -- Finding a public restroom in Manhattan was the biggest challenge on Day 1 of the WorldWide WarDrive. Within a 40-block radius, the WarDrivers identified dozens of wide-open wireless networks. Among the spotted "private" business and home networks were those appearing to belong to a bank, a police station, several law firms and department stores, and a financial services firm. All of these networks appeared to be unprotected by even rudimentary security systems. Anyone with no ethics and just a bit of technical savvy could have logged in and accessed, at the very least, any of the information being transmitted across the network. http://www.wired.com/news/wireless/0,1382,56062,00.html ---------------------------------------------------- [19] Reuters says it wasn't hacking Responding to accusations of "hacking" from Swedish software company Intentia, the Reuters news agency has claimed that it merely downloaded information from a publicly accessible section of the company's Web site. On Saturday, Intentia alleged that Reuters had accessed its computers without authorization. In a company announcement they openly accused the news agency of "breaking in to" its systems. http://zdnet.com.com/2110-1105-963881.html ---------------------------------------------------- [20] Greeting card email is not a worm 29 October 2002 - by Claire Woffenden Web users need to watch out for a nuisance email that appears to be a worm but is actually a greeting card company's online marketing campaign. Anti-virus companies have reassured those that have received the email that their computers have not been infected and that the email is not a virus or a worm. http://www.web-user.co.uk/news/article/?afw_source_key={112C3F7C-CE33-40 B7-ABFB-9150737A13A0} ---------------------------------------------------- [21] Home-based cybersecurity defense won't work By Robert Lemos Special to ZDNet October 29, 2002, 5:55 AM PT COMMENTARY--In 1944, the U.S. government kicked off the Smokey Bear campaign to teach citizens how carelessness with smoldering matches could set off raging forest fires. Now the government is making another call to arms--this time to defend cyberspace from intruders. The most recent draft of the Bush administration's "National Strategy to Secure Cyberspace" plan calls for users of the Internet to secure their own part of the worldwide network. http://zdnet.com.com/2100-1107-963665.html ---------------------------------------------------- [22] Nowhere to Hide Recent Sniper, Internet Attacks Show Devastation of a New Breed of Terrorist Commentary By Michael S. Malone Special to ABCNEWS.com Every so often an unusual juxtaposition of events opens a brief window into the world we now live in — and the future we are about to encounter. Last week was, I think, one of those times. The two events were the capture, and disclosure of identity, of the Washington, D.C.-area sniper; and the attempted destruction, via hacking, of the Internet. Most of us were so busy following the first that we barely noticed the second. But we should pay very close attention, because the two are intimately connected, and their combined implications are terrifying. http://abcnews.go.com/sections/business/SiliconInsider/SiliconInsider_02 1029.html ---------------------------------------------------- [23] Lawsuit to Test USA Patriot Act Privacy Groups Claim Government Abuse of Controversial Bill By Peter Barnes, Tech Live Washington, DC bureau chief Oct. 28 — Two major privacy and civil liberties groups are preparing to file lawsuits this week to force the Bush administration to disclose more information about how it has been using the USA Patriot Act. The law was signed in the wake of the Sept. 11 terrorist attacks and gives federal law enforcement officials greater powers to track and eavesdrop on electronic communications. The organizations, the American Civil Liberties Union (ACLU) and the Electronic Privacy Information Center (EPIC), say the legal action could come as early as Thursday, two days shy of the one-year anniversary of the legislation's signing by President Bush. http://abcnews.go.com/sections/scitech/TechTV/techtv_patriotactsuit02102 8.html ---------------------------------------------------- [24] CIA warns of Net terror threat By Declan McCullagh Special to ZDNet News October 29, 2002, 3:40 PM PT Al-Qaida is not the only terrorist network hoping to wreak havoc on the United States through "cyberwarfare," the CIA says. America's spooks have named Sunni extremists, Hezbollah and Aleph--formerly known as Aum Shinrikyo--as other top threats. "These groups have both the intentions and the desire to develop some of the cyberskills necessary to forge an effective cyberattack modus operandi," the CIA said in a report to the Senate Intelligence Committee. http://zdnet.com.com/2100-1105-963771.html ---------------------------------------------------- [25] Online sales decline for first time 09:29 Wednesday 30th October 2002 Reuters US e-commerce sales slow as the industry matures and consumers worry about their economic security Online retail sales in the US declined during the third quarter for the first time in e-commerce history, according to a new study by Forrester Research. Forrester said third quarter e-commerce sales totalled $17bn (£11bn), down from $20bn in the second quarter. Sales had been unchanged at $20bn for the past two quarters. Forrester said the decline this month signaled the industry was maturing and was not immune to overall weakness in consumer confidence and spending. http://news.zdnet.co.uk/story/0,,t269-s2124737,00.html ---------------------------------------------------- [26] A new threat to ICANN authority? 30th October, 2002 The Internet Corporation of Assigned Names and Numbers (ICANN) is facing a potential challenge to its position as the body that runs the Internet's Domain Name System. A non-profit public policy group called the Center for Democracy and Technology (CDT) has reportedly tabled plans for interested operators of the 240 or so country code top level domains (ccTLDs) to bid for the contract to run the Internet Assigned Numbers Authority (IANA) which maintains administrative contacts for the Internet, updates name servers and undertakes other administrative tasks. The effect, therefore, of any successful bid would be to significantly reduce ICANN's power. The contract to run IANA's function is awarded by US Department of Commerce and comes up for renewal next March. http://www.demys.net/news/02_oct_30_cdt.htm ---------------------------------------------------- [27] Dear Saddam, How Can I Help? By Brian McWilliams 02:00 AM Oct. 28, 2002 PST On the afternoon of July 17, a self-proclaimed expert in biochemistry composed an e-mail message to Saddam Hussein. The message, sent from an MSN Hotmail account on a computer in China, recommended the use of methyl bromide, an agricultural pesticide, as an effective chemical weapon against the U.S. Army. "For weapon use, have function: no color, no smell, will let person dead in a few second," wrote the e-mail's author, who provided the phone number and address of a distributor in Riyadh, Saudi Arabia, from which the toxic chemical could be purchased "in cylinder or in can." http://www.wired.com/news/conflict/0,2100,55967,00.html ---------------------------------------------------- [28] Technology: Military conference highlights information systems Copyright © 2002 United Press International Search the archive for: hacking By PAMELA HESS, UPI Pentagon Correspondent NASHVILLE (October 28, 2002 11:10 p.m. EST) - The Department of Defense's computer networks were probed by hackers 14,500 times last year, with just 70 getting in. Of those, only three caused any damage - and they were the same viruses that hobbled the private computer networks, according to the Army's chief of intelligence. The problem is not that hackers and virus-makers are getting better, but that relatively low-level systems administrators are failing to stop known gaps in their systems, said Lt. Gen. Robert Noonan, deputy chief of staff for intelligence, at a conference of electronic warfare professionals held here. http://www.nandotimes.com/technology/story/596139p-4626693c.html ---------------------------------------------------- [29] Golden Age of IT Hasn't Arrived Yet By GARY H. ANTHES JULY 29, 2002 "The mood here is grim," said W. Brian Arthur, Citibank professor at the Santa Fe Institute, a think tank that specializes in emerging science. "Broadband is dead in the water, some say, and Peter Drucker thinks the information technology revolution is over." Arthur spoke those sobering words to a business and technology crowd earlier this year in Silicon Valley. But then he went on to explain why he thinks the IT revolution is anything but over. Indeed, Arthur argues, it has only paused briefly to catch its breath before moving on to reach its "golden age" between 2005 and 2015. http://www.computerworld.com/news/2002/story/0,11280,73013,00.html ---------------------------------------------------- [30] DoCoMo gets defaced By John Leyden Posted: 29/10/2002 at 14:21 GMT Japanese mobile operator NTT DoCoMo shut down part of its Web site last week after an attack by Internet vandals. DoCoMo was forced into action after pages on the Web site which allowed business customers to contact the mobile operator were defaced. WirelessWeek reports that the cracker left his name along with the phrase "never die" on the defaced portion of the site. http://www.theregister.co.uk/content/6/27830.html ---------------------------------------------------- [31] Is a larger Net attack on the way? Recent attack may have been just a prank — or a test shot By Bob Sullivan MSNBC Oct. 28 — The Internet was never really in danger of being knocked offline during last week’s coordinated attack on its infrastructure, most computer experts now agree. But the day is coming, some believe, when the Net will go dark for a day or so, shut down by an attacker. U.S. government officials are taking last week’s incident very seriously, partly because it might have been a test shot fired over the Internet’s bow by a group with larger plans, and partly because the incident has sparked a fresh round of speculation about attack strategies that could in fact cripple the Net. http://www.msnbc.com/news/827209.asp?0dm=C21AT&cp1=1 ---------------------------------------------------- [32] Employee surveillance unaffected by terror threat 15:29 Tuesday 29th October 2002 Declan McCullagh, CNET News.com US companies have not increased Internet surveillance of employees in response to the government's anti-terrorism efforts, a new report asserts The General Accounting Office, an auditing arm of Congress, said in a report released on Monday that corporate-level monitoring of email and Web use does not appear to have changed since the 11 September, 2001, terrorist attacks. "None of the employers we interviewed had increased the amount or type of information they gathered on employees' use of email, the Internet or computer files," the report said. Under the USA Patriot Act, signed by President Bush a year ago, law enforcement received more power to conduct Internet surveillance and seek information from private companies. http://news.zdnet.co.uk/story/0,,t269-s2124681,00.html ---------------------------------------------------- [33] FIPS testing finds lots of mistakes in crypto IT By William Jackson GCN Staff About half of the cryptographic modules submitted for Federal Information Processing Standard validation have security flaws, a survey by the National Institute of Standards and Technology has found. Almost all evaluated products had documentation errors, said Annabelle Lee, director of NIST's Cryptographic Module Validation Program. http://www.gcn.com/vol1_no1/daily-updates/20344-1.html ---------------------------------------------------- _____________________________________________________________________ The source material may be copyrighted and all rights are retained by the original author/publisher. Copyright 2002, IWS - The Information Warfare Site _____________________________________________________________________ Wanja Eric Naef Webmaster & Principal Researcher IWS - The Information Warfare Site <http://www.iwar.org.uk> --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk