_________________________________________________________________ London, Wednesday, May 29, 2002 _________________________________________________________________
INFOCON News _________________________________________________________________ IWS - The Information Warfare Site http://www.iwar.org.uk _________________________________________________________________ IWS Sponsor National Center for Manufacturing Sciences http://www.ncms.org host of the InfraGard Manufacturing Industry Association http://trust.ncms.org _________________________________________________________________ ---------------------------------------------------- [News Index] ---------------------------------------------------- [1] PDAs make easy pickings for data thieves [2] FAA will test smart cards [3] Memo Reveals FBI E-Mail Snafu [4] New York's attorney-general sues email 'spammers' [5] Hearing set on hacked state computers; employee groups complain [6] Security Hole Striptease [7] Yahoo! Messenger! multiple! vulns! [8] Liberty Alliance expands membership [9] Xbox hacking not for amateurs [10] What a difference a year makes at Amazon [11] Justice officials to unveil plans for restructuring the FBI [12] Navy prepares wireless LAN for testing at sea [13] Speakers cover Information Assurance waterfront [14] ICANN to Consider Restructuring this Weekend [15] Online pharmacy fined $88 million [16] 'Soft Talk: New Hotmail settings might share your info, addresses [17] Bioterrorism bill includes provision renewing drug user-fee law [18] Wireless on the battlefield _________________________________________________________________ News _________________________________________________________________ [1] PDAs make easy pickings for data thieves By John Leyden Posted: 28/05/2002 at 11:04 GMT PDAs make easy pickings; a survey reveals that private and corporate secrets are all too frequently left unprotected. One in ten peoples' bank accounts could be accessed if they lost their Personal Digital Assistant (PDA). That's according to a survey of PDA usage by mobile security firm Pointsec, which discovered owners commonly download substantial slices of their personal and business lives onto their PDAs - but leave the information unencrypted and without password protection http://www.theregister.co.uk/content/54/25478.html ---------------------------------------------------- [2] FAA will test smart cards By Preeti Vasishtha GCN Staff The Federal Aviation Administration will dole out more than 50,000 smart cards to employees and contract workers for a Transportation Department pilot. FAA will release a request for proposals for the pilot within a couple of weeks, FAA spokeswoman Tammy Jones said. http://www.gcn.com/vol1_no1/daily-updates/18789-1.html ---------------------------------------------------- [3] Memo Reveals FBI E-Mail Snafu WASHINGTON, May 29, 2002 (AP) The FBI destroyed evidence gathered in an investigation involving Osama bin Laden's al Qaeda terror network after the FBI's e-mail wiretap system mistakenly captured information to which the agency was not entitled. http://www.cbsnews.com/stories/2002/05/29/attack/main510393.shtml ---------------------------------------------------- [4] New York's attorney-general sues email 'spammers' New York Attorney General Eliot Spitzer is suing a firm he says sent more than 500 million messages to computer users, many of them unwanted "spam" advertisements. Mr Spitzer says MonsterHut.com of Niagara Falls sent hundreds of millions of the ads through emails since March 2001 to people who didn't want them. http://www.ananova.com/business/story/sm_597489.html?menu=business.latesthea dlines ---------------------------------------------------- [5] Hearing set on hacked state computers; employee groups complain SACRAMENTO, Calif. (AP) - State senators said Tuesday they would investigate why it took weeks for 260,000 government employees to be notified that a hacker accessed a computer system containing their personal financial information. ``There's a lot of people screaming,'' said Dennis Alexander of the Professional Engineers in California Government. http://www.siliconvalley.com/mld/siliconvalley/news/3355173.htm ---------------------------------------------------- [6] Security Hole Striptease By letting the public catch a tantalizing peek at unannounced security holes, one prolific bug-finder turns up the heat on vendors to close them. By Tim Mullen May 27, 2002 The success of "SQLSpida," the worm that targets MS-SQL servers set upon the Net with a blank "SA" password, is testament to how badly basic security education is still needed. As always, I place primary blame on the administrators of these boxes-leaving the SA password blank on any installation is a rookie move. To do so on a production machine placed on the Internet is just plain stupid. You have probably guessed that my use of "primary" infers a secondary party in responsibility; and indeed it does: Microsoft. http://online.securityfocus.com/columnists/84 ---------------------------------------------------- [7] Yahoo! Messenger! multiple! vulns! By Thomas C Greene in Washington Posted: 28/05/2002 at 09:08 GMT There are two new Yahoo Instant Messenger (YIM) vulnerabilities which can potentially compromise a user's machine, Vietnamese researcher Phuong Nguyen has discovered. Yahoo! has been notified and a fixed version is available for download here. http://www.theregister.co.uk/content/55/25466.html ---------------------------------------------------- [8] Liberty Alliance expands membership By Mike Ricciuti Staff Writer, CNET News.com May 28, 2002, 9:00 PM PT The Liberty Alliance Project gained five new members Wednesday, boosting Sun Microsystems' effort to outgun Microsoft's Passport online identification system. The Liberty Alliance Project seeks to establish a standard method for online identifications, so a computer user can log on to a Web site once, then have other sites recognize that user as authenticated. Microsoft already offers a single sign-on technology called Passport. New members include Cingular Wireless, i2 Technologies, Nippon Telegraph and Telephone, SAP and Wave Systems. The companies join the Liberty Alliance as sponsors, meaning they can attend and vote in meetings. The Alliance, launched last September, now has more than 40 members, including United Airlines, Sony, Fidelity Investments, AOL Time Warner and others, according to Michael Barrett, vice president of Internet strategy at American Express and a member of the Liberty Alliance management board. http://news.com.com/2100-1001-927232.html?tag=cd_mh ---------------------------------------------------- [9] Xbox hacking not for amateurs By David Becker Staff Writer, CNET News.com May 28, 2002, 4:10 PM PT The first Xbox add-ons that purportedly allow the console to play illegally copied game software have gone on sale, but analysts say they're unlikely to inspire a Napster-like wave of copy infringement. http://news.com.com/2100-1040-924666.html?tag=cd_mh ---------------------------------------------------- [10] What a difference a year makes at Amazon Wednesday, May 29, 2002 By KATHY MULADY SEATTLE POST-INTELLIGENCER REPORTER Shareholders attending Amazon.com's annual meeting today will hear about a company that is slightly different from the one they heard about last year. This one has turned a profit. The shareholder meeting begins at 9 a.m. at the Sheraton Seattle Hotel and Towers at 1400 Sixth Ave. http://seattlepi.nwsource.com/business/72278_amazon29.shtml ---------------------------------------------------- [I am still sceptical. It sounds to me that the FBI wants to usurp more functions within the Homeland Defense framework. The FBI needs a cultural change (move from an information blackhole to an information sharing agency). Maybe a new agency or some other organisation should take over some of the responsibilities of the FBI. WEN) [11] Justice officials to unveil plans for restructuring the FBI >From National Journal's Technology Daily Attorney General John Ashcroft and FBI Director Robert Mueller will hold a press briefing Wednesday to detail their plans for restructuring the FBI, an agency spokeswoman confirmed Tuesday. Along with hiring new agents, the plan will call for 14 new sections to the counterterrorism division that will specialize in terrorism, technology, languages, intelligence gathering, cultures and other areas, according to news reports. Agents from the white-collar and anti-drug divisions may be reassigned to counter-terrorism operations. Mueller has said reforms will emphasize replacing outdated technology and computers. http://www.govexec.com/dailyfed/0502/052802td1.htm ---------------------------------------------------- [12] Navy prepares wireless LAN for testing at sea By William Jackson GCN Staff The Navy this month will begin the final tests of a wireless shipboard network that service brass expect will lead to the use of such LANs across the fleet. The service outfitted a new destroyer, the USS Howard, with a wireless LAN for this last evaluation leg of its SmartShip program. Forty wireless gateways from 3e Technologies International Inc. of Rockville, Md., extend Ethernet connectivity from the Howard's asynchronous transfer mode backbone. http://www.gcn.com/21_11/mobile_wireless/18698-1.html ---------------------------------------------------- [13] Speakers cover Information Assurance waterfront >From development of the Federal Public Key Infrastructure to agency initiatives to combat hackers, information assurance dominates federal, state and local IT budgets and priorities. Speakers at the May 17, 2001 Technology Excellence in Government seminar gave their views and case studies on what works and what doesn't in information assurance. Click on the links below to view the webcast of each presentation. If you have difficulty hearing or viewing the presentations below, please visit our technical support page. http://www.gcn.com/webcast/080101.html ---------------------------------------------------- [14] ICANN to Consider Restructuring this Weekend May 24, 2002 08:30 CDT ICANN, the group that oversees the Internet's addressing system, will meet this weekend. The main purpose of this meeting is to try to sort out its most contentious issue to date: how it should function and who should participate. The board of directors of the Internet Corporation for Assigned Names and Numbers will meet in private this weekend in New York to sift through the various restructuring proposals that have dominated the group's agenda over the past year, Reuters reports. http://www.cosmiverse.com/news/tech/tech05240202.html ---------------------------------------------------- [15] Online pharmacy fined $88 million By: Greg Sandoval 5/28/02 8:45 PM Source: News.com A Los Angeles pharmacy and a pair of employees were fined $88 million by the state of California for being too lax in prescribing drugs over the Internet. California Gov. Gray Davis announced the fines Tuesday and said in a statement that the pharmacy violated a year-old law that makes it illegal for Internet pharmacies to fill prescriptions for patients who aren't properly examined by a licensed physician. An 8-month-long investigation showed that Total Remedy and Prescription Center II filled more than 3,500 prescriptions over the Web that were written by doctors not licensed to practice medicine in California. Most of the prescriptions were for "lifestyle drugs" such as Propecia, a hair loss treatment. http://news.cnet.com/investor/news/newsitem/0-9900-1028-9967426-0.html?tag=a ts ---------------------------------------------------- [16] 'Soft Talk: New Hotmail settings might share your info, addresses 2002-05-14 by Cydney Gillis MSN and Hotmail keep giving Microsoft Corp. headaches and embarrassment. The latest is a doozy. Yesterday an irate reader tipped me off to the fact that Microsoft has changed the privacy settings for Hotmail. What that means for subscribers to Microsoft's Internet service and millions more who use its free Hotmail e-mail service is that the company can share a Hotmail address with its partner Web sites. In short, if you are already signed up for and use Hotmail, Microsoft has given itself the right to share your e-mail address and other data with outside companies -- even if you explicitly told Microsoft not to do so when you signed up. http://www.eastsidejournal.com/92308.html ---------------------------------------------------- [17] Bioterrorism bill includes provision renewing drug user-fee law By April Fulton, National Journal While it is becoming increasingly unlikely that Congress this year will approve compromise legislation providing prescription drug benefits to Medicare recipients, a lower-profile piece of multibillion-dollar drug legislation is flying through with little public scrutiny. Back in 1992, Congress passed the Prescription Drug User Fee Act, which allows the pharmaceutical industry to pay the Food and Drug Administration to review industry products more quickly. The idea was born out of a unique collaboration between AIDS activists, then-FDA Commissioner David Kessler, the drug industry, and Congress. In 1997, Congress renewed the law after vigorous debate and numerous hearings. Now, through a series of secret meetings and behind-the-scenes negotiations, key lawmakers have again renewed and updated the law and quietly added it in conference committee-without much notice by the media or the public-to a high-profile $3 billion bill to battle bioterrorism. http://www.govexec.com/dailyfed/0502/052802nj1.htm ---------------------------------------------------- [18] Wireless on the battlefield Commercial products not always best security solution for Defense Department BY Dan Caterinicchia May 27, Concerns over battery life, the need for ruggedized machines and ever-present bandwidth issues are among the many obstacles that the Defense Department faces as it attempts to outfit soldiers with reliable, interoperable wireless communications on the battlefield. But securing those communications is still far and away the biggest challenge the department must overcome. And despite a push to use commercial off-the-shelf (COTS) solutions to do it, those solutions may not be the best answer, according to some academic and industry experts. http://www.fcw.com/fcw/articles/2002/0527/tec-wire-05-27-02.asp ------------------------------------------------ _____________________________________________________________________ The source material may be copyrighted and all rights are retained by the original author/publisher. Copyright 2002, IWS - The Information Warfare Site _____________________________________________________________________ Wanja Eric Naef Webmaster & Principal Researcher IWS - The Information Warfare Site <http://www.iwar.org.uk> --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk