_________________________________________________________________ London, Tuesday, August 20, 2002 _________________________________________________________________
INFOCON News _________________________________________________________________ IWS - The Information Warfare Site http://www.iwar.org.uk _________________________________________________________________ InfowarCon 2002: Homeland Defense and Cyber-Terrorism, Washington, DC September 4-5, 2002, optional workshops September 3 & 6. Presented by MIS Training Institute and Interpact, Inc. Proven strategies for protecting against threats to critical infrastructures and government systems. Go to: http://www.misti.com/08/iw02nl27inf.html _________________________________________________________________ ---------------------------------------------------- [News Index] ---------------------------------------------------- [1] White House to launch Web site for government, industry tech experts [2] Cybersecurity should be kept in civilian hands [3] Report says DOE cut security by 40 percent over decade, sites hacked several times [4] PGP is Here to Stay [5] Privacy fear over plan to store email [6] Intelligence agencies use extra funds for hiring [7] Cyberterrorism Concerns IT Pros [8] NIPC seeks cyberalert support [9] Wireless hackers take to the air [10] Gut-feeling out of touch in IT security decisions [11] Sprint Security Faulted in Vegas Hacks [12] How Al Qaeda Slipped Away [13] Abu Nidal, Palestinian Terrorist Leader, Is Reported Dead [14] Study: AOL's got unhappy customers [15] Robbie wins web battle [16] KDE fixes SSL hole as MS dithers [17] The Stuckist Net - what is your post-Palladium future? _________________________________________________________________ News _________________________________________________________________ [1] White House to launch Web site for government, industry tech experts By Molly M. Peterson, National Journal's Technology Daily PHILADELPHIA -- The White House plans to launch a Web site that would enable government and private-sector technology experts to exchange ideas for better information-sharing practices, the Office of Homeland Security's chief information officer announced in Philadelphia Monday. "I need your help," Steven Cooper told more than 900 high-tech professionals from 32 states during a keynote address at a three-day homeland security conference. "We can't get a view of America from inside the Beltway. ... We don't know it all. We've got to hear from everybody." Cooper said the Web site would enable high-tech firms and agencies at all levels of government to share their "best practices" for data fusion and integration with the Office of Homeland Security. He noted that the Sept. 11 terrorist attacks prompted communities in many states-including Pennsylvania, Texas, Minnesota, Utah and California-to launch information-sharing initiatives that have proven effective and that might be worth implementing nationwide. http://www.govexec.com/dailyfed/0802/081902td1.htm ---------------------------------------------------- [2] Cybersecurity should be kept in civilian hands By Whitfield Diffie and Susan Landau, 8/18/2002 n the wake of Sept. 11, we're all agreed on the need to protect critical infrastructure - telecommunications, electric power, transportation, banking, and finance. We also know much of that infrastructure depends on the Internet, so cybersecurity will be a critical concern of the proposed Department of Homeland Security. The only question: How best to achieve it? http://www.boston.com/dailyglobe2/230/business/Cybersecurity_should_be_kept_in_c ivilian_hands+.shtml ---------------------------------------------------- [3] Report says DOE cut security by 40 percent over decade, sites hacked several times By ROBERT GEHRKE The Associated Press 8/20/02 2:37 AM WASHINGTON (AP) -- The number of guards protecting nuclear materials and facilities nationwide has been slashed by 40 percent, jeopardizing their security, a Democratic lawmaker says. Rep. Ed Markey of Massachusetts released Energy Department figures Monday showing that between 1992 and 2001 DOE whittled its security forces from 7,091 employees to 4,262. http://www.nj.com/newsflash/washington/index.ssf?/cgi-free/getstory_ssf.cgi?a043 8_BC_NuclearSecurity&&news&newsflash-washington ---------------------------------------------------- [4] PGP is Here to Stay By Dennis Fisher Crypto fans take heart, PGP is here to stay. A group of venture capitalists and veteran high-tech executives on Monday announced the formation of a new company called PGP Corp. that has purchased Network Associates Inc.'s remaining PGP assets and released PGP 8.0, a new version of the beloved encryption application. And, in a move sure to endear the company to cryptography enthusiasts, the company plans to publish the source code for PGP, something that Network Associates officials refused to do. In addition to buying Network Associates' PGP applications, the new company has also acquired much of the talent associated with the PGP line. The new company, based in Palo Alto, Calif., will be led by CEO Philip Dunkelberger and CTO Jon Callas, both of whom have extensive backgrounds in the security market in general and with PGP specifically. Financial backing comes courtesy of two venture capital firms, Doll Capital Management and Venrock Associates. PGP's immediate focus will be on ensuring a smooth transition for existing customers, but the company will then turn its attention to expanding its product line. http://www.eweek.com/article2/0,3959,476357,00.asp ---------------------------------------------------- [5] Privacy fear over plan to store email EU wants data retained to help fight against crime Richard Norton-Taylor and Stuart Millar Tuesday August 20, 2002 The Guardian Records of personal communications, including all emails and telephone calls, will be stored for at least a year under a proposal to be decided by EU governments next month. Under the plan, all telecommunications firms, including mobile phone operators and internet service providers, will have to keep the numbers and addresses of calls and emails sent and received by EU citizens. The information, known as traffic data, would be held in central computer systems and made available to all EU governments. http://politics.guardian.co.uk/eu/story/0,9061,777616,00.html ---------------------------------------------------- [6] Intelligence agencies use extra funds for hiring >From National Journal After September 11 revealed glaring intelligence failures, Congress approved an estimated $3 billion to $4 billion in new funding for America's top two spy shops, the Central Intelligence Agency and the National Security Agency, and for the FBI, which is responsible for counterintelligence and for stopping terrorism inside the nation's borders. Analysts argue that these supplemental funds-added to the combined $13 billion the three agencies had already received for this fiscal year-were badly needed to hire more translators, analysts, and field agents, to buy better computer systems, to fund clandestine programs, and to improve a wide range of operations. http://www.govexec.com/dailyfed/0802/081902nj1.htm ---------------------------------------------------- [FUD, FUD, FUD, ... WEN] [7] Cyberterrorism Concerns IT Pros By Robyn Greenspan Threats of terrorism concern IT professionals, and almost half of those surveyed indicated that a major cyber attack on the U.S. government could be imminent. Anxieties regarding possible assaults are legitimate. Speaking before the Senate Select Committee on Intelligence, Dale L. Watson, Executive Assistant Director, Counterterrorism and Counterintelligence, Federal Bureau of Investigation (FBI) discussed the emerging threat of "cyberterrorism," which he defined as "...the use of cyber tools to shut down critical national infrastructures (such as energy, transportation, or government operations) for the purpose of coercing or intimidating a government or civilian population." http://cyberatlas.internet.com/big_picture/geographics/article/0,,5911_1448291,0 0.html ---------------------------------------------------- [According to the GAO it is high time for the NIPC to improve its threat warning capability, ... WEN] [8] NIPC seeks cyberalert support BY Diane Frank Aug. 16, 2002 The National Infrastructure Protection Center this week issued a request for quotations to get contractor support for its Analysis and Warning Section - the group that provides cybersecurity alerts and advice to the public and private sectors. The statement of work outlines several requirements the NIPC is looking for a contractor to fill, including: * Supporting the center's ability to identify and predict security threats and trends. * Performing analysis and assessment of threat information. * Providing historical incident data. * Distributing the information to partners and the general public. http://www.fcw.com/fcw/articles/2002/0812/web-nipc-08-16-02.asp ---------------------------------------------------- [9] Wireless hackers take to the air Perth has been buzzed by wireless net seekers Australian hackers have taken the practice of looking for open wireless networks to new heights. Before now many curious hackers have taken to cars and bicycles to look for wireless network nodes that are free for everyone to use or are inadequately protected. But the Australians have them all beaten by using a light aircraft to fly over the city of Perth and look for the wireless nodes from 460 metres (1500 feet) up. During their flight the group found up to 95 wireless nodes. http://news.bbc.co.uk/1/hi/technology/2202653.stm ---------------------------------------------------- [10] Gut-feeling out of touch in IT security decisions By Lauren Thomsen-Moore 19 August, 2002 8:09 Sydney, Australia There is no place for flamboyant, gut-feeling decisions when it comes to information systems security, according to Peter Whythes, acting manager of the Attorney General's department policy and services branch. Speaking at the Security 2002 conference in Sydney last week, Whythes said IT professionals need to make security part of their organisation's culture, not simply leave responsibility to a few staff. http://www.computerworld.com.au/IDG2.NSF/All/AA23D3A1D697F3A9CA256C19007B277D!Op enDocument&n=Sections&c=Security ---------------------------------------------------- [11] Sprint Security Faulted in Vegas Hacks Telco faces forced security audits as vice hack case wraps up in sin city. By Kevin Poulsen, Aug 19 2002 5:56PM Citing the "compelling, credible testimony" of ex-hacker Kevin Mitnick, state officials urged Nevada regulators to force a series of dramatic security reforms on Las Vegas telephone company Sprint of Nevada last week, as final arguments were filed in the case of an in-room adult entertainment operator who believes he's being driven out of business by phone hackers. Sprint would be required to retain outside computer security consultants, launch a security training program for company employees, develop a process for detecting a deterring intrusion attempts into its network, and begin documenting its security investigations, if the Public Utilities Commission follows the recommendations of its regulatory operations staff, acting as independent investigators in the case. http://online.securityfocus.com/news/587 ---------------------------------------------------- [A good article which shows that Operation Enduring Freedom was not as successful as many people expected it to be. It will be far more difficult to fight AQ now. By the way I would recommend to read 'My Jihad' by Aukai Collins as I gives a rather interesting insight into the world of Jihad and US intelligence. Naturally the book is slightly bias, but it is well worth a read. I heard him speak in New York and then I bought the book. WEN] 'Some European and Arab intelligence experts believe, in fact, that Al Qaeda has mutated into a form that is no less deadly and even more difficult to combat. "We are confronted with cells that are all over the place, developing in a very horizontal structure without any evident big center of coordination," a top European counterterrorist investigator told NEWSWEEK. "Our operational evaluation today is that the threat is a lot greater than it was in December. That is to say, the worst is ahead of us, not behind us."' '... So far, success in the war on terror is measured largely by what hasn't happened: no more suicide planes, no bioweapons attacks, no September 11-scale attack. As Rumsfeld and others point out, U.S. and other intelligence agencies have succeeded in harassing Qaeda and foiling at least some of their plots. But patience has always been one of Al Qaeda's strengths-the patience of people who believe in the everlasting. In death, in fact, the holy warriors gain a respect that few of them could ever have achieved in life.' [12] How Al Qaeda Slipped Away The war in Afghanistan is widely regarded as a great success. But one key objective was not achieved. The inside story of Al Qaeda's mass escape By Rod Nordland, Sami Yousafzai and Babak Dehghanpisheh NEWSWEEK ACROSS THE HIGH PASSES of the Tora Bora range they raced, with blankets drawn over their shoulders and their turbans wrapped around their faces against the freezing December wind. They came upon a man's severed leg, its stump still oozing blood. The owner couldn't have gotten far. Ahead was a high intermontane valley, and beyond it an even more formidable barrier, the Spin Ghar range-the White Mountains. The fugitives were as good as dead or captured. American B-52s and attack helicopters were plastering the hillsides; some 1,500 pro-Western Afghans had joined the chase, and on the far side of the White Mountains the Pakistanis had ostensibly closed the border. http://www.msnbc.com/news/791852.asp ---------------------------------------------------- [13] Abu Nidal, Palestinian Terrorist Leader, Is Reported Dead By SERGE SCHMEMANN JERUSALEM, Aug. 19 - A Palestinian newspaper reported today that Abu Nidal, a Palestinian radical whose small terrorist organization was blamed for killing or wounding more than 900 people in 20 countries, had been found dead in his home in Baghdad. He had several bullet wounds and was believed to have killed himself, the paper said. Neither Israeli nor American intelligence officials could confirm the report in the paper, Al Ayyam, but they said that if the account of the wounds was true, his death was probably not a suicide. http://www.nytimes.com/2002/08/20/international/middleeast/20NIDA.html?ex=103050 7200&en=d4844ad00e82adde&ei=5040&partner=MOREOVER ---------------------------------------------------- [14] Study: AOL's got unhappy customers By Margaret Kane Staff Writer, CNET News.com August 19, 2002, 10:00 AM PT Consumer satisfaction with America Online is extremely low compared with other Web portals and with almost every sector of American industry, according to a new report. The University of Michigan released on Monday its latest American Customer Satisfaction Index (ACSI), the results of a survey that follows various sectors of the economy each quarter. The second-quarter report focused on cars, household appliances, PCs and Web portals. For the first time, the survey also measured satisfaction with search engines and news and information Web sites. http://news.com.com/2100-1023-954350.html?tag=cd_mh ---------------------------------------------------- [15] Robbie wins web battle Pop star Robbie Williams has won his battle to evict a "cybersquatter" in England from a website using his name. The United Nations copyright agency ruled that Howard Taylor, of Southampton, was using his site www.robbiewilliams.info in bad faith. It decided he does not have the right to use the name and that the website address must pass back into the hands of the millionaire singer. http://news.bbc.co.uk/1/hi/entertainment/music/2202905.stm ---------------------------------------------------- [16] KDE fixes SSL hole as MS dithers By Thomas C Greene in Washington Posted: 08/19/2002 at 05:33 EST New KDE binary RPMs have been released, as promised, with a fix for the SSL certificate vulnerability affecting Windows and Konqueror which we reported last week. "KDE 3.0.3 primarily provides stability enhancements over KDE 3.0.2, which shipped in early July 2002, and also contains a security correction for SSL (Internet security) certificate handling," the organization says. http://www.theregus.com/content/55/26024.html ---------------------------------------------------- [17] The Stuckist Net - what is your post-Palladium future? By Andrew Orlowski in London Posted: 19/08/2002 at 18:34 GMT "Your paintings are stuck, you are stuck! Stuck! Stuck! Stuck!" - Tracey Emin [to Billy Childish]. The copyright holders who dominate the entertainment oligopolies in the United States could risk ceding the nation's technological lead, once and forever. How so? Well, we now see that the Pigopolists intend to restrict the open protocols of the Internet. If there was any doubt, it should finally have been dispelled on Friday, as Thomas C Greene reported in Media giants demand ISPs block Web sites. http://www.theregister.co.uk/content/6/26740.html ---------------------------------------------------- _____________________________________________________________________ The source material may be copyrighted and all rights are retained by the original author/publisher. Copyright 2002, IWS - The Information Warfare Site _____________________________________________________________________ Wanja Eric Naef Webmaster & Principal Researcher IWS - The Information Warfare Site <http://www.iwar.org.uk> --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk