_________________________________________________________________
London, Tuesday, April 09, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
IWS Sponsor
National Center for Manufacturing Sciences
http://www.ncms.org
host of the
InfraGard Manufacturing Industry Association
http://trust.ncms.org
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] Nuclear lab balances security and worker productivity
[2] FBI's new Cyber Division quietly ramps up
[3] Does your password let you down?
[4] New Win-NT, 2K, XP security holes
[5] ISS ranks Net vulnerabilities
[6] FBI valued career advancement over security, report says
[7] My Daily Virus
[8] Wired News: iPod Is A Hacker's Heaven
[9] Cracks in the Firewall
[10] Clinton backs tech war on terror
[11] (UK) Code of conduct for private data
[12] Microsoft Tries to Discredit Antitrust Testimony From SBC
[13] Dot-Com Job Cuts Rise In March
[14] On a Wing and a Prayer
[15] Check Point brings out budget VPN
[16] GAO urges government to adopt XML programming language
[17] Four arrested in plan to expose lax security at Camp Pendleton
_________________________________________________________________
News
_________________________________________________________________
[1] Nuclear lab balances security and worker productivity
By Molly M. Peterson, National Journal's Technology Daily
NEWPORT, R.I.-- Organizations can better protect their critical systems from
cyberattack without hindering worker productivity, an information security
official from Los Alamos National Laboratory said Thursday.
"Our goal is to make it easy and natural for employees to work securely,"
Chris Kemper, deputy director of Los Alamos' Computing, Communications and
Networks division, told technology specialists from the public and private
sectors during a conference sponsored by the National High Performance
Computing & Communications Council. "We're trying to avoid the trap of
having security overwhelm productivity."
Prompted in part by 1999 allegations that classified data was mishandled,
Los Alamos officials have spent the past three years upgrading security at
the 43-square mile site, which houses 15 nuclear facilities and employs
12,000 people.
http://www.govexec.com/dailyfed/0402/040502td2.htm
----------------------------------------------------
[2] FBI's new Cyber Division quietly ramps up
By Liza Porteus, National Journal's Technology Daily
To the surprise of many people in government and in the technology industry,
the FBI has been quietly forming its new Cyber Division.
The first formal announcement of the division indirectly was made Tuesday,
when FBI Director Robert Mueller announced the appointment of Larry Mefford
as assistant director of the division. Mefford is associate special agent in
charge of the San Francisco FBI field office.
The goal of the Cyber Division is to coordinate the various online
disciplines within the FBI and to investigate federal violations where there
are exploitations of computer systems, the Internet or networks. The move is
part of the FBI's recent overhaul efforts.
An FBI spokeswoman described the new division as "a work in progress," and
many members of the high-technology industry said they were unaware that the
division was solidifying.
A Justice Department spokeswoman said that DOJ's Computer Crimes and
Intellectual Property section has talked with Mefford in the past, but that
it is unclear on how the divisions will interact. "They anticipate sitting
down and working together," she said.
http://www.govexec.com/dailyfed/0402/040802td1.htm
----------------------------------------------------
[3] Does your password let you down?
April 8, 2002 Posted: 3:51 PM EDT (1951 GMT)
LONDON, England -- They may be random and private, but a lack of originality
by employees when choosing computer passwords is putting companies' secrets
at risk.
According to a study, employees fail abysmally when it comes to securing
confidential information.
In a survey carried out by an international online security company, 60
percent of employees knew little of security awareness, while 90 percent
admitting to opening or executing a "dangerous" e-mail attachment.
http://www.cnn.com/2002/TECH/internet/04/08/passwords.survey/index.html
----------------------------------------------------
[4] New Win-NT, 2K, XP security holes
By Thomas C Greene in Washington
Posted: 08/04/2002 at 08:51 GMT
First up, the MUP (Multiple UNC Provider) in Windows NT, 2K and XP contains
an unchecked buffer which can be exploited to escalate user privileges,
making it possible for an attacker to run arbitrary code at the OS level.
http://www.theregister.co.uk/content/55/24743.html
----------------------------------------------------
[5] ISS ranks Net vulnerabilities
By ComputerWire
Posted: 08/04/2002 at 07:37 GMT
Advanced worms, or so-called hybrid and blended threats like Nimda and Code
Red, continue to pose the greatest online risk according to investigations
carried out by Internet Security Systems Inc, but the company rates multiple
vulnerabilities uncovered in the SNMP v.1 Simple Network Management Protocol
"the largest multi-vendor security flaw ever discovered to date."
http://www.theregister.co.uk/content/55/24738.html
----------------------------------------------------
[6] FBI valued career advancement over security, report says
By Kellie Lunney
FBI management has fostered a culture in which agents view internal security
measures as bureaucratic and security investigation duties as a threat to
career advancement, a special commission set up in the wake of the Robert
Hanssen spying case said Friday.
Attorney General John Ashcroft created the commission to review the FBI's
security programs shortly after authorities arrested FBI agent Robert
Hanssen in February 2001 on espionage charges. William Webster, a former
director of the CIA and FBI, chaired the commission and will testify on its
findings before the Senate Judiciary Committee Tuesday.
"In the bureau, security is often viewed as an impediment to operations, and
security responsibilities are seen as an impediment to career advancement,"
the Webster Commission's 107-page report on the FBI's security programs
said. That attitude, and the agency's "pervasive inattention to security"
made it easy for veteran FBI agent and now convicted spy Hanssen to sell
secrets to Moscow for two decades, according to the report.
http://www.govexec.com/dailyfed/0402/040502m1.htm
----------------------------------------------------
[7] My Daily Virus
Why continue to run a "WildList" cataloging every virus in the world when
they all show up in our inboxes anyway?
By George Smith
Apr 8 2002 12:26AM PT
"I regarded viruses as only good for entertainment," said Guido Sanchez
about ten years ago. Sanchez ran Nun Beaters Anonymous, an underground
bulletin board system notable for its free viruses and dry wit, the latter a
scarce commodity in the world of hacker outlawry.
For the record, he also said: "I have nothing against nuns, nuns are great
people. I love nuns!"
However, nuns notwithstanding and with regard to viruses, Sanchez's words
are still right on. If you're going to hang around in the business for any
length of time, it helps to develop a sense of humor towards everything.
http://online.securityfocus.com/columnists/73
----------------------------------------------------
[8] Wired News: iPod Is A Hacker's Heaven
by Vern Seward
What's the hottest thing to hack these days? According to a Wired News
article titled IPod [sic]: Music to Hackers' Ears, the iPod gets the nod
from the hacking world. It seems that many coders like the iPod and want it
to do more than play music and list phone numbers. From the article:
http://www.macobserver.com/article/2002/04/08.5.shtml
----------------------------------------------------
[9] Cracks in the Firewall
Thanks to sophisticated new attack methods, computer security has to go
beyond the old standby of merely keeping intruders out
Is your firewall toast? A new report by Web security giant Internet Security
Systems (ISSX ) suggests it certainly could use a few upgrades and some
additional help.
The company combed through data collected from the logs of thousands of
security devices it monitors for businesses ranging from mom-and-pops to
multibillion-dollar global conglomerates. The conclusion: Perimeter defenses
such as firewalls are not enough to ward off increasingly sophisticated
worms and viruses.
http://www.businessweek.com/bwdaily/dnflash/apr2002/nf2002049_1803.htm
----------------------------------------------------
[10] Clinton backs tech war on terror
Clinton: Use of technology for defensive purposes
Bill Clinton has been outlining how technology can play a key role in
defeating the new brand of terrorism.
The former US president said that information management systems similar to
those used by the big mass mailing companies could provide an early warning
about suspicious behaviour.
"More than 95% of the people that are in the United States at any given time
are in the computers of companies that mail junk mail and you can look for
patterns there," he told BBC World's ClickOnline.
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1912000/1912895.stm
----------------------------------------------------
[11] Code of conduct for private data
Alan Masson
THE long awaited first part of the Information Commissioner's Data
Protection Code has now been issued dealing specifically with recruitment
and selection. It is intended to help employers comply with the requirements
of the Data Protection Act and covers areas such as obtaining information
about workers, the retention of their records, access to their records and
their disclosure.
The act and the code deal with the handling of personal and sensitive data
regarding workers - including job applicants (regardless of whether or not
they are successful), employees, agency workers, casual workers and both
current and former contractual workers.
http://www.thescotsman.co.uk/business.cfm?id=376472002
----------------------------------------------------
[12] Microsoft Tries to Discredit Antitrust Testimony From SBC
By BLOOMBERG NEWS
ASHINGTON, April 8 (Bloomberg News) - The Microsoft Corporation (news/quote)
suggested in court today that SBC Communications (news/quote) was seeking
tough antitrust restrictions against it to cripple its ability to compete in
the telecommunications market.
http://www.nytimes.com/2002/04/09/technology/09SOFT.html?ex=1019016000&en=4d
89255e8fddf44a&ei=5040&partner=MOREOVER
----------------------------------------------------
[13] Dot-Com Job Cuts Rise In March
by Michael Bartlett
The number of dot-com job cuts jumped up in March after declining for four
straight months, according to the outplacement firm Challenger, Gray &
Christmas.
The Challenger firm, which releases monthly statistics on layoffs by
Internet companies, said the March total of 1,549 was up 131 percent from
the 670 job cuts it tallied in February.
http://www.bizreport.com/article.php?art_id=3221&PHPSESSID=e23848eb8dfe02d84
3649d54105c8406
----------------------------------------------------
[14] On a Wing and a Prayer
Travelers are turning to the Web to book trips. How can you protect yourself
when planning your dream vacation online? Hear online travel horror stories
and get tips Tuesday, 4/9 at 9 p.m. Eastern.
By Jack Karp
April 9, 2002
As travel websites proliferate on the Web, often promising lower airfares
and special deals, more consumers are turning to the Internet to make their
travel plans. But many of these consumers, including college student Monet
Solberg, don't wind up getting their dream vacations. This week on
'CyberCrime' we show you a vacation booked online, that didn't turn out as
planned.
http://www.techtv.com/cybercrime/internetfraud/story/0,23008,3324488,00.html
----------------------------------------------------
[15] Check Point brings out budget VPN
By ComputerWire
Posted: 09/04/2002 at 05:41 GMT
Check Point Software Technologies Ltd is targeting network administrators
with cheap-n-cheerful virtual private network software, VPN-1 Net, released
this week. The company has also rebranded its VPN-1 Gateway product as VPN-1
Pro, to reflect the feature differences of its product line.
http://www.theregister.co.uk/content/5/24764.html
----------------------------------------------------
[16] GAO urges government to adopt XML programming language
>From National Journal's Technology Daily
The General Accounting Office on Friday recommended that the director of the
Office of Management and Budget, in concert with the Federal CIO Council and
National Institute for Standards and Technology, take steps to expedite the
federal government's adoption of Extensible Markup Language (XML).
XML is a flexible, nonproprietary set of standards designed to facilitate
the exchange of information between disparate computer systems.
Requested by Sen. Joseph Lieberman, D-Conn., the report, "Electronic
Government: Challenges to Effective Adoption of the Extensible Markup
Language," (GAO-02-327) assessed the overall development of XML standards to
determine if they are ready for government-wide use.
http://www.govexec.com/dailyfed/0402/040502td1.htm
----------------------------------------------------
[17] Four arrested in plan to expose lax security at Camp Pendleton
By Pauline Repard
UNION-TRIBUNE STAFF WRITER
April 6, 2002
Four men who used expired military IDs to trespass into Camp Pendleton were
arrested after a late-night food fight Wednesday that destroyed more than
400 pounds of food.
They claimed they were trying to show how lax security is at the base and
planned to give the media a videotape of their exploits, said FBI
spokeswoman Jan Caldwell.
http://www.uniontribune.com/news/military/20020406-9999_1m6marine.html
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
