_________________________________________________________________ London, Tuesday, May 28, 2002 _________________________________________________________________
INFOCON News _________________________________________________________________ IWS - The Information Warfare Site http://www.iwar.org.uk _________________________________________________________________ IWS Sponsor National Center for Manufacturing Sciences http://www.ncms.org host of the InfraGard Manufacturing Industry Association http://trust.ncms.org _________________________________________________________________ ---------------------------------------------------- [News Index] ---------------------------------------------------- [1] Webbed, Wired and Worried [2] Anti-virus evals waste precious resources [3] Chinese crackers prepare for cyber war [4] Aussies surf to top of web crime list [5] Excel hole opens PCs to hackers [6] Klez-H is the worst virus ever - official [7] Security researchers warn of worm blitzkriegs [8] An Education in Hacking [9] (UK) Time for openness over online fraud [10] Internet Gambling May Become Legal in Canada [11] Security Hole Strip Tease [12] Opera vuln gives up local files [13] E-gov security gateway in works [14] Music industry sues Napster-like Internet firm, Audiogalaxy [15] Dot-com stigma fails to turn off UK businesses [16] Hackers go wireless with greatest of ease [17] US plan to strike enemy with Valium _________________________________________________________________ News _________________________________________________________________ [1] Webbed, Wired and Worried By THOMAS L. FRIEDMAN Ever since I learned that Mohamed Atta made his reservation for Sept. 11 using his laptop and the American Airlines Web site, and that several of his colleagues used Travelocity.com, I've been wondering how the entrepreneurs of Silicon Valley were looking at the 9/11 tragedy - whether it was giving them any pause about the wired world they've been building and the assumptions they are building it upon. In a recent visit to Stanford University and Silicon Valley, I had a chance to pose these questions to techies. I found at least some of their libertarian, technology-will-solve-everything cockiness was gone. I found a much keener awareness that the unique web of technologies Silicon Valley was building before 9/11 - from the Internet to powerful encryption software - can be incredible force multipliers for individuals and small groups to do both good and evil. And I found an acknowledgment that all those technologies had been built with a high degree of trust as to how they would be used, and that that trust had been shaken. In its place is a greater appreciation that high-tech companies aren't just threatened by their competitors - but also by some of their users. http://www.nytimes.com/2002/05/26/opinion/26FRIE.html ---------------------------------------------------- [2] Anti-virus evals waste precious resources By George Smith, SecurityFocus Online Posted: 27/05/2002 at 15:10 GMT In 1991, essayist Paul Fussell wrote, "The current United States can be defined as an immense accumulation of not terribly acute or attentive people obliged to operate a uniquely complex technology, which, all other things being equal, always wins." http://www.theregister.co.uk/content/55/25454.html ---------------------------------------------------- [Rubbish, rubbish, rubbish. A journalist who likes to call an event where some teenagers played around and did some cybergraffiti 'Cyberwar'??? I wonder if he were to write an article about some kids who did some graffiti in Wimbledon. I guess the title would be 'Wimbledon graffiti artists prepare for war'. It is interesting to see that journalists in such articles never mention any Chinese IW thinkers (like Shen Weiguang, Wang Pufeng, Dai Quingmin, ...) or mention the Echeng Reserve IW organisation, .... But I guess that would require some serious journalism (i.e. someone who checks his facts first). WEN] [3] Chinese crackers prepare for cyber war By Nick Farrell [24-05-2002] Students may launch attacks on vital western systems Chinese hackers could be readying themselves to launch a cyber attack on key western computer systems. The Institute for Strategic Studies, run by the US Army War College, has released a classified report warning the Defense Department, US diplomats and law enforcement agencies to be on the look out for Chinese student hacking attacks some time this summer. The Institute believes that the attacks will try to spread computer viruses and deface sensitive government websites. http://www.vnunet.com/News/1132068 ---------------------------------------------------- [4] Aussies surf to top of web crime list By Nick Farrell [27-05-2002] Cyber crime down under 'worse than the US' Australia is suffering a cyber crime wave which makes it a bigger per-capita sufferer of hack attacks than the US, according to a recent survey. The annual Australian Computer Crime and Security Survey, funded by the New South Wales Police, the Australian Computer Emergency Response Team and Deloitte Touche, shows that more than 67 per cent of companies were hacked last year. http://www.vnunet.com/News/1132138 ---------------------------------------------------- [5] Excel hole opens PCs to hackers 16:01 Monday 27th May 2002 Matt Loney Specially formed XML stylesheets can be used to fool PCs running Microsoft's latest spreadsheet application into executing rogue code A security hole in Microsoft Excel XP spreadsheet application could allow hackers to take over a user's PC by using specially formed XML stylesheets. http://news.zdnet.co.uk/story/0,,t272-s2110945,00.html ---------------------------------------------------- [It is just another dumb worm. Worms would have an enormous potential to create havoc, but luckly the worm/virus writers do not manage to achieve it yet. WEN] [6] Klez-H is the worst virus ever - official By John Leyden Posted: 27/05/2002 at 17:26 GMT Klez-H is the worst virus ever, according to figures from managed services firm MessageLabs, which has blocked 775,000 copies of the pathogen since it first appeared on April 15. Klez-H overtakes the infamous SirCam worm. MessageLabs is blocking 20,000 Klez-H infected emails per day. The virus accounts for one in 300 of the emails it scans. http://www.theregister.co.uk/content/55/25461.html ---------------------------------------------------- [7] Security researchers warn of worm blitzkriegs By John Leyden Posted: 05/27/2002 at 09:55 EST Security researchers are warning of the availability of more powerful virus writing techniques, which call for a more co-ordinated approach to combat next generation worms. In a paper, How to 0wn the Internet in Your Spare Time, Stuart Staniford of Silicon Defense, Vern Paxson of the ICSI centre for internet research and Nicholas Weaver of University of California Berkeley, argue the ability of attackers to rapidly gain control of vast numbers of Internet hosts poses grave security risks. They suggest surreptitious worms, which spread more slowly but are much harder to detect, "could arguably subvert upwards of 10,000,000 Internet hosts". http://www.theregus.com/content/55/25055.html ---------------------------------------------------- [8] An Education in Hacking At Dan Clements' Fraud Museum, businesses can see how online scamsters operate. It's all very informative -- maybe too much so Netrepreneur Dan Clements is a museum curator, only you won't find him working at the Met or the Louvre. Rather, Clements is the CEO of CardCops.com, an online credit-card fraud-prevention site. In February, 2001, Clements and CardCops opened the cyberdoors of their own online Fraud Museum, which contains what Clements judges to be most egregious examples of crime in the annals of hackerdom. http://www.businessweek.com/technology/content/may2002/tc20020528_8754.htm ---------------------------------------------------- [9] Time for openness over online fraud Admitting you have a problem - it's the first step... The British Chambers of Commerce has decided to tackle the difficult subject of cybercrime. This plucky guardian of UK trade has acknowledged there is a problem which could seriously affect the success of UK business at home and abroad. So the BCC has launched a massive awareness campaign urging any company to step forward if its IT security has been breached. http://www.silicon.com/bin/bladerunner?30REQEVENT=&REQAUTH=21046&14001REQSUB =REQINT1=53343 ---------------------------------------------------- [10] Internet Gambling May Become Legal in Canada By Earl The government in Ottawa is considering the efforts of Liberal MP Dennis Mills (Toronto-Danforth) that would make Canada one of the first western countries to legalize online gambling. Mills stunned hundreds of people at the Global Interactive Gaming Summit, an international e-gaming convention here, by suggesting that "legislation could come as early as this fall," reports the National Post. http://www.onlinecasinonews.com/ocn/article/article.asp?id=1381 ---------------------------------------------------- [11] Security Hole Strip Tease By letting the public catch a tantalizing peek at unannounced security holes, one prolific bug-finder turns up the heat on vendors to close them. By Tim Mullen May 27, 2002 The success of "SQLSpida," the worm that targets MS-SQL servers set upon the Net with a blank "SA" password, is testament to how badly basic security education is still needed. As always, I place primary blame on the administrators of these boxes-leaving the SA password blank on any installation is a rookie move. To do so on a production machine placed on the Internet is just plain stupid. You have probably guessed that my use of "primary" infers a secondary party in responsibility; and indeed it does: Microsoft. http://online.securityfocus.com/columnists/84 ---------------------------------------------------- [12] Opera vuln gives up local files By Thomas C Greene in Washington Posted: 27/05/2002 at 16:10 GMT A vulnerability in Opera 6.01 and 6.02 for Windows allows a malicious Web site to grab any file off a client's local drive with ease, GreyMagic Software has discovered. That's the bad news. The good news is that affects only Windows, and it's fixed in version 6.03 which is now available for download. Version 6.0 is not affected. http://www.theregister.co.uk/content/55/25459.html ---------------------------------------------------- [13] E-gov security gateway in works BY Diane Frank May 27, 2002 The General Services Administration this fall plans to take bids on the development of one of the linchpins of the Bush administration's vision for e-government: a security gateway that would provide a single point at which users can sign on to access services that require passwords or other means of authentication. http://www.fcw.com/fcw/articles/2002/0527/news-egov-05-27-02.asp ---------------------------------------------------- [14] Music industry sues Napster-like Internet firm, Audiogalaxy LOS ANGELES (AP) - The recording and music publishing industries extended their legal pursuit of online music swapping firms Friday, suing Audiogalaxy for copyright infringement. The Recording Industry Association of America and the National Music Publishers Association accused the Austin, Texas, firm of ``willfully and intentionally'' encouraging and facilitating millions of users to copy and distribute copyright work of artists, ranging from Dave Mathews and Celine Dion to Alicia Keyes and the Beatles. http://www.siliconvalley.com/mld/siliconvalley/news/3336947.htm ---------------------------------------------------- [15] Dot-com stigma fails to turn off UK businesses Battle-hardened SMEs keep the online faith... The UK's small and medium size enterprises (SMEs) still see ecommerce as important to their business strategy despite the dot-com crash. A study from web services firm Genuity found that 32 per cent of SMEs are planning to increase their web budgets during this year and 98 per cent have a website in place for marketing or sales purposes. http://www.silicon.com/bin/bladerunner?30REQEVENT=&REQAUTH=21046&14001REQSUB =REQINT1=53486 ---------------------------------------------------- [16] Hackers go wireless with greatest of ease by Joy Russell Perez Monday, May 27, 2002 As the number of reported computer hacking incidents more than doubled to over 52,000 last year, a new technology was opening doors to illegal data spies: wireless access. Experts say many company executives are not doing enough to protect their organizations from losing sensitive data, such as payroll, strategic plans or even employee Social Security numbers and customer credit card numbers. http://www.businesstoday.com/business/technology/tech05272002.htm ---------------------------------------------------- [17] US plan to strike enemy with Valium Pentagon scientists aim for future battlefield victories with the aid of tranquillising drugs and GM bugs Antony Barnett, public affairs editor Sunday May 26, 2002 The Observer American military chiefs are developing plans to use Valium as a potential weapon against enemy forces and to control hostile populations, according to official documents seen by The Observer. The Pentagon has also asked scientists to evaluate proposals to use genetically modified bugs that 'eat' the enemy's fuel and ammunition supplies without harming humans. http://www.observer.co.uk/international/story/0,6903,722395,00.html ---------------------------------------------------- _____________________________________________________________________ The source material may be copyrighted and all rights are retained by the original author/publisher. Copyright 2002, IWS - The Information Warfare Site _____________________________________________________________________ Wanja Eric Naef Webmaster & Principal Researcher IWS - The Information Warfare Site <http://www.iwar.org.uk> --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk