[I spent the last ten days in Italy and unfortunately I was unable
to send out any emails. WEN]
_________________________________________________________________
London, Wednesday, August 14, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe
infocon" in the body
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] Critical infrastructure operators lack key information
[2] PGP, GPG defeated
[3] Researcher: Biometrics Unproven, Hard To Test
[4] DEF CON Jam
[5] Microsoft investigates hacking fears
[6] The Original Anti-Piracy Hack
[7] The hacker's worst enemy? Another hacker
[8] Cyberattacks Fail To Materialize
[9] NASA investigates hacker document theft
[10] Online Auction Fraud: What You Should Know, Part 1
[11] (UK) Customer data now safe, says e-commerce site
[12] Norwegian DeCSS case delayed
[13] Sleeping with the enemy
[14] Princeton dean to lose job over hacking incident
[15] Unlocking the Secrets of Crypto: Cryptography, Encryption, and Cryptology
Explained
[16] Former Defense secretary urges renewed focus on cyberterrorism
[17] Treasury announces computer security contract
_________________________________________________________________
News
_________________________________________________________________
[1] Critical infrastructure operators lack key information
By Maureen Sirhal, National Journal's Technology Daily
The nation's operators of critical infrastructures-such as electrical power
grids, telecommunication centers and water-filtration plants-lack key
information necessary to repair their systems in case of an emergency, found a
new report by the FBI's National Infrastructure Protection Center.
In June, NIPC and the Pacific Northwest Economic Region conducted a series of
tests called the "Blue Cascade" project to assess the preparedness of the
region's critical infrastructure systems and how an attack on one sector would
impact others.
According to the study released in mid-July, exercise participants in this
mock-drama possessed little information as to how their various sectors are
entwined.
http://www.govexec.com/dailyfed/0802/081302td1.htm
----------------------------------------------------
[2] PGP, GPG defeated
By Thomas C Greene in Washington
Posted: 13/08/2002 at 07:27 GMT
OpenPGP and GnuPG are susceptible to a chosen-cyphertext attack which would
allow an adversary capable of intercepting an encrypted message to use the
intended recipient as an unwitting 'decryption oracle', researchers Kahil
Jallad, Jonathan Katz and Bruce Schneier report in a recent paper
http://www.theregister.co.uk/content/55/26643.html
paper:
http://www.counterpane.com/pgp-attack.html
----------------------------------------------------
[3] Researcher: Biometrics Unproven, Hard To Test
Just how accurate are the face identification systems being rolled out around
the country? It turns out, testing them is harder than it looks.
By Ann Harrison, Aug 7 2002 11:57PM
SAN FRANCISCO--James Bond technologies like face recognition, fingerprint
sensors, hand geometry, and other biometric security systems may be impossible
to accurately evaluate, unless researchers also measure the performance of the
testers and the demographics of the subjects, a key researcher said Wednesday.
http://online.securityfocus.com/news/566
----------------------------------------------------
[4] DEF CON Jam
By Adam Stone
If the folks at wireless-security firm AirDefense are right, your wireless LAN
is far less prepared for a hacker attack than you think.
This month AirDefense engineers attended the DEF CON 10 hacker convention in Las
Vegas, where they saw first hand how hackers are stepping up both the intensity
and the creativity of their attacks against wireless networks.
"Two years ago they only had a wired network there. This year all they had was a
wireless LAN, so that is a pretty good gauge of where their interest lies," said
Fred Tanzella, chief security officer of AirDefense. His company's products are
meant to give an early warning of security breaches, "and we generated 13,000
alarms almost as soon as we turned on our system there."
http://www.80211-planet.com/news/article/0,4000,1481_1445701,00.html
----------------------------------------------------
[5] Microsoft investigates hacking fears
Staff and agencies
Tuesday August 13, 2002
Microsoft is investigating claims that a security loophole in its Internet
Explorer browser could allow hackers to steal the names, passwords and credit
card details of people who believe they are using a secure site.
Microsoft played down the problem - but some experts said it could threaten the
security of everything from online banking to e-commerce.
http://www.guardian.co.uk/microsoft/Story/0,2763,773932,00.html
----------------------------------------------------
[6] The Original Anti-Piracy Hack
The entertainment industry's plan to use malicious cyber attacks to enforce its
copyrights has precedent in a strange British case from a decade past.
By George Smith Aug 12, 2002
Hey, all Peer-to-Peer Piracy Prevention Act purveyors! I have a can't-miss
technology development plan for you. Buried deep in the stacks of ancient
cyber-history, it is called the tale of the AIDS Information Trojan horse.
It goes like this.
In December 1989, thousands of floppies containing what claimed to be an
interactive database on AIDS and the risks factors associated with the disease
were mailed to attendees at a World Health Organization meeting and subscribers
to an English computing magazine. Belonging to the "PC Cyborg Corporation," the
software on the diskettes contained a licensing agreement which should be of
keen interest to anti-piracy entertainment industry legal enforcers.
http://online.securityfocus.com/columnists/102
----------------------------------------------------
[7] The hacker's worst enemy? Another hacker
By John Leyden
Posted: 12/08/2002 at 13:02 GMT
By far the most entertaining - and controversial - speech of this year's DNSCON,
the UK hacker conference, was delivered by Scotsman Gus (something of the Irvine
Welsh of the UK's h4xOr scene) who lambasted the Hollywood image of hacking.
Gus, who doesn't admit to being a hacker himself ('that would be criminal') but
clearly knows a thing or two, fired his opening shot by saying anybody who
thought hacking was glamorous or a "way to get chicks" was hopelessly wrong.
http://www.theregister.co.uk/content/55/26630.html
----------------------------------------------------
[8] Cyberattacks Fail To Materialize
By Dennis Fisher, eWEEK
A dire warning from the FBI's Internet security unit about potential large-scale
attacks on U.S. Web sites and ISPs caused a stir in the security community
Tuesday, but so far there has been little attack activity of note.
The FBI's National Infrastructure Protection Center, known as NIPC, on Monday
night issued an alert warning that it had "credible, but nonspecific information
that wide-scale hacker attacks against U.S. websites and Internet service
providers are being planned." The agency apparently received word from its
counterparts in Europe that an attack was imminent.
http://www.extremetech.com/article2/0,3973,448095,00.asp
----------------------------------------------------
[9] NASA investigates hacker document theft
Friday 9 August 2002
NASA cybercrime investigators are looking into the theft of militarily
significant design documents pertaining to the next generation of reusable space
vehicles.
The documents, which are restricted under export laws from being shared with
foreign nationals or governments and are also strictly controlled under the
International Trafficking in Arms Regulations (ITAR), were leaked from a hacker
who claimed to be based in Latin America.
The documents had been authored by contractors from Boeing and a joint venture
between propulsion companies Pratt & Whitney and Aerojet.
http://www.cw360.com/bin/bladerunner?REQSESS=0Z56L79&2149REQEVENT=&CARTI=114871&;
CARTT=14&CCAT=1&CCHAN=13&CFLAV=1
----------------------------------------------------
[10] Online Auction Fraud: What You Should Know, Part 1
By Ina Steiner
August 11, 2002
A Dutch executive bid $135,000 for a Richard Diebenkorn painting for sale by a
U.S. seller on eBay two years ago. He was lucky; he found out before sending his
money that the painting was a fake. Two men implicated in the case pled guilty
to wire and mail fraud last year and agreed to pay restitution to their other
victims http://www.usdoj.gov/criminal/cybercrime/ebaypleaagree.pdf. But not all
victims of online fraud are so lucky.
http://www.auctionbytes.com/cab/abu/y202/m08/abu0076/s02
----------------------------------------------------
[11] Customer data now safe, says e-commerce site
10:34 Wednesday 14th August 2002
Tony Hallett, silicon.com
Update: The company behind ukshops.co.uk, which exposed personal data about its
customers on the Web, has explained what it is doing to solve the problem
The company at the centre of a leak of consumers' personal data has responded by
pulling down the offending Web pages and saying it is well aware of its data
protection obligations.
http://news.zdnet.co.uk/story/0,,t269-s2120820,00.html
----------------------------------------------------
[12] Norwegian DeCSS case delayed
Norwegian DeCSS case against Jon Johansen has been delayed. Johanssen, who is
accused of creating the "notorious" DeCSS tool that allows people to copy
contents of DVD to their HDDs, is facing charges of breaking into secured
computer system.
http://www.afterdawn.com/news/archive/3221.cfm
----------------------------------------------------
[13] Sleeping with the enemy
By Kim Zetter
August 13 2002
A good hacker is hard to find, or so it seemed during the dot-com boom.
Companies, particularly in the United States, were making the rounds of hacker
conferences and IRC channels willing to pay $150,000 for a security guru who was
still going through his voice change.
Even the American assistant secretary of defence showed up last year at the
hacker blowout in Las Vegas known as Def Con to recruit "the best of the best"
for a cyber-terrorism unit.
But as computer security has become more specialised and training has improved,
legitimate pros have elbowed aside the teens.
So it seems odd that only 43 per cent of Australian organisations would be
willing to hire former hackers to help secure their networks; only 14 per cent
of US organisations said they would do the same.
http://www.theage.com.au/articles/2002/08/10/1028158034389.html
----------------------------------------------------
[14] Princeton dean to lose job over hacking incident
PRINCETON, N.J. (AP) - A Princeton University dean will be removed from his job
for accessing Yale University's admissions Web site without authorization,
Princeton's president said Tuesday.
Stephen LeMenager, associate dean and director of admissions, had been on paid
leave. He has said he accessed the site to see how secure it was.
http://www.usatoday.com/tech/news/2002-08-13-princeton-hacking_x.htm
----------------------------------------------------
[15] Unlocking the Secrets of Crypto: Cryptography, Encryption, and Cryptology
Explained
by Sarah Granger
last updated August 13, 2002
Encryption, decryption and code breaking came into the public consciousness in
the 1980s with popularity of the movie War Games. It became newsworthy in the
1990s with the legal battles surrounding PGP and the political discussion of the
Clipper Chip. Now, with information security becoming more and more of a common
concern, the terms encryption, cryptography and cryptology - commonly grouped
together under the term "crypto" - are seeping into our daily language. Still,
many people are unsure of what these terms refer to. The purpose of this article
is to demystify crypto and break it down to simple tools that aid us in
achieving satisfactory privacy and security.
SearchSecurity.com defines cryptography as the "science of information security"
, which is achieved "by processing data (generally referred to as plaintext)
into unintelligible form (ciphertext), reversibly, without data loss."
Cryptology is the mathematical science and theory that underlies crypto, while
encryption is the actual process by which one applies cryptographic science, a
form of encoding. The important concept to understand is that crypto is the
application of mathematical algorithms to convert text into a form that is
unintelligible to unauthorized viewers.
http://online.securityfocus.com/infocus/1617
----------------------------------------------------
[16] Former Defense secretary urges renewed focus on cyberterrorism
By Matthew Margolin, National Journal's Technology Daily
A former top military official on Monday cautioned attendees of a gathering
hosted by the New Democrat Network that the government should place more
emphasis on preventing cyberterrorism.
Former Defense Secretary William Perry, speaking in Silicon Valley, said that
the explosive growth of the Web has led American businesses to rely heavily on
the Internet's infrastructure, which he noted has been a powerful tool but is
vulnerable to security weaknesses.
Perry said that while United States leadership in information technology is
unsurpassed, he warned that the "unforeseen consequence" of the Web is that it
leaves companies vulnerable to terrorist attacks.
http://www.govexec.com/dailyfed/0802/081202td1.htm
----------------------------------------------------
[17] Treasury announces computer security contract
>From National Journal's Technology Daily
The Internet security firm Entrust will handle security for Treasury Department
networks and e-mail systems, the company announced Tuesday.
The $828,000 contract requires Entrust to provide capabilities for e-mail
encryption, digital signatures on e-mail and documents and secure network
identification and privacy.
"Secure communications within the department's dozen bureaus is essential,
especially today," Treasury Chief Information Officer Mayi Canales said in a
statement.
The Government Information Security Reform Act, a law requiring federal agencies
to adhere to information security standards, will expire in October 2002, but
language currently approved for inclusion in both the Senate and House homeland
security bills also would require such standards.
http://www.govexec.com/dailyfed/0802/081302td2.htm
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
