_________________________________________________________________
London, Tuesday, August 20, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
InfowarCon 2002:
Homeland Defense and Cyber-Terrorism, Washington, DC September
4-5, 2002, optional workshops September 3 & 6. Presented by MIS Training
Institute and Interpact, Inc. Proven strategies for protecting against threats
to critical infrastructures and government systems. Go to:
http://www.misti.com/08/iw02nl27inf.html
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] White House to launch Web site for government, industry tech experts
[2] Cybersecurity should be kept in civilian hands
[3] Report says DOE cut security by 40 percent over decade, sites hacked several
times
[4] PGP is Here to Stay
[5] Privacy fear over plan to store email
[6] Intelligence agencies use extra funds for hiring
[7] Cyberterrorism Concerns IT Pros
[8] NIPC seeks cyberalert support
[9] Wireless hackers take to the air
[10] Gut-feeling out of touch in IT security decisions
[11] Sprint Security Faulted in Vegas Hacks
[12] How Al Qaeda Slipped Away
[13] Abu Nidal, Palestinian Terrorist Leader, Is Reported Dead
[14] Study: AOL's got unhappy customers
[15] Robbie wins web battle
[16] KDE fixes SSL hole as MS dithers
[17] The Stuckist Net - what is your post-Palladium future?
_________________________________________________________________
News
_________________________________________________________________
[1] White House to launch Web site for government, industry tech experts
By Molly M. Peterson, National Journal's Technology Daily
PHILADELPHIA -- The White House plans to launch a Web site that would enable
government and private-sector technology experts to exchange ideas for better
information-sharing practices, the Office of Homeland Security's chief
information officer announced in Philadelphia Monday.
"I need your help," Steven Cooper told more than 900 high-tech professionals
from 32 states during a keynote address at a three-day homeland security
conference. "We can't get a view of America from inside the Beltway. ... We
don't know it all. We've got to hear from everybody."
Cooper said the Web site would enable high-tech firms and agencies at all levels
of government to share their "best practices" for data fusion and integration
with the Office of Homeland Security. He noted that the Sept. 11 terrorist
attacks prompted communities in many states-including Pennsylvania, Texas,
Minnesota, Utah and California-to launch information-sharing initiatives that
have proven effective and that might be worth implementing nationwide.
http://www.govexec.com/dailyfed/0802/081902td1.htm
----------------------------------------------------
[2] Cybersecurity should be kept in civilian hands
By Whitfield Diffie and Susan Landau, 8/18/2002
n the wake of Sept. 11, we're all agreed on the need to protect critical
infrastructure - telecommunications, electric power, transportation, banking,
and finance. We also know much of that infrastructure depends on the Internet,
so cybersecurity will be a critical concern of the proposed Department of
Homeland Security. The only question: How best to achieve it?
http://www.boston.com/dailyglobe2/230/business/Cybersecurity_should_be_kept_in_c
ivilian_hands+.shtml
----------------------------------------------------
[3] Report says DOE cut security by 40 percent over decade, sites hacked several
times
By ROBERT GEHRKE
The Associated Press
8/20/02 2:37 AM
WASHINGTON (AP) -- The number of guards protecting nuclear materials and
facilities nationwide has been slashed by 40 percent, jeopardizing their
security, a Democratic lawmaker says.
Rep. Ed Markey of Massachusetts released Energy Department figures Monday
showing that between 1992 and 2001 DOE whittled its security forces from 7,091
employees to 4,262.
http://www.nj.com/newsflash/washington/index.ssf?/cgi-free/getstory_ssf.cgi?a043
8_BC_NuclearSecurity&&news&newsflash-washington
----------------------------------------------------
[4] PGP is Here to Stay
By Dennis Fisher
Crypto fans take heart, PGP is here to stay.
A group of venture capitalists and veteran high-tech executives on Monday
announced the formation of a new company called PGP Corp. that has purchased
Network Associates Inc.'s remaining PGP assets and released PGP 8.0, a new
version of the beloved encryption application.
And, in a move sure to endear the company to cryptography enthusiasts, the
company plans to publish the source code for PGP, something that Network
Associates officials refused to do.
In addition to buying Network Associates' PGP applications, the new company has
also acquired much of the talent associated with the PGP line.
The new company, based in Palo Alto, Calif., will be led by CEO Philip
Dunkelberger and CTO Jon Callas, both of whom have extensive backgrounds in the
security market in general and with PGP specifically. Financial backing comes
courtesy of two venture capital firms, Doll Capital Management and Venrock
Associates. PGP's immediate focus will be on ensuring a smooth transition for
existing customers, but the company will then turn its attention to expanding
its product line.
http://www.eweek.com/article2/0,3959,476357,00.asp
----------------------------------------------------
[5] Privacy fear over plan to store email
EU wants data retained to help fight against crime
Richard Norton-Taylor and Stuart Millar
Tuesday August 20, 2002
The Guardian
Records of personal communications, including all emails and telephone calls,
will be stored for at least a year under a proposal to be decided by EU
governments next month.
Under the plan, all telecommunications firms, including mobile phone operators
and internet service providers, will have to keep the numbers and addresses of
calls and emails sent and received by EU citizens. The information, known as
traffic data, would be held in central computer systems and made available to
all EU governments.
http://politics.guardian.co.uk/eu/story/0,9061,777616,00.html
----------------------------------------------------
[6] Intelligence agencies use extra funds for hiring
>From National Journal
After September 11 revealed glaring intelligence failures, Congress approved an
estimated $3 billion to $4 billion in new funding for America's top two spy
shops, the Central Intelligence Agency and the National Security Agency, and for
the FBI, which is responsible for counterintelligence and for stopping terrorism
inside the nation's borders.
Analysts argue that these supplemental funds-added to the combined $13 billion
the three agencies had already received for this fiscal year-were badly needed
to hire more translators, analysts, and field agents, to buy better computer
systems, to fund clandestine programs, and to improve a wide range of
operations.
http://www.govexec.com/dailyfed/0802/081902nj1.htm
----------------------------------------------------
[FUD, FUD, FUD, ... WEN]
[7] Cyberterrorism Concerns IT Pros
By Robyn Greenspan
Threats of terrorism concern IT professionals, and almost half of those surveyed
indicated that a major cyber attack on the U.S. government could be imminent.
Anxieties regarding possible assaults are legitimate. Speaking before the Senate
Select Committee on Intelligence, Dale L. Watson, Executive Assistant Director,
Counterterrorism and Counterintelligence, Federal Bureau of Investigation (FBI)
discussed the emerging threat of "cyberterrorism," which he defined as "...the
use of cyber tools to shut down critical national infrastructures (such as
energy, transportation, or government operations) for the purpose of coercing or
intimidating a government or civilian population."
http://cyberatlas.internet.com/big_picture/geographics/article/0,,5911_1448291,0
0.html
----------------------------------------------------
[According to the GAO it is high time for the NIPC to improve its threat warning
capability, ... WEN]
[8] NIPC seeks cyberalert support
BY Diane Frank
Aug. 16, 2002
The National Infrastructure Protection Center this week issued a request for
quotations to get contractor support for its Analysis and Warning Section - the
group that provides cybersecurity alerts and advice to the public and private
sectors.
The statement of work outlines several requirements the NIPC is looking for a
contractor to fill, including:
* Supporting the center's ability to identify and predict security threats and
trends.
* Performing analysis and assessment of threat information.
* Providing historical incident data.
* Distributing the information to partners and the general public.
http://www.fcw.com/fcw/articles/2002/0812/web-nipc-08-16-02.asp
----------------------------------------------------
[9] Wireless hackers take to the air
Perth has been buzzed by wireless net seekers
Australian hackers have taken the practice of looking for open wireless networks
to new heights.
Before now many curious hackers have taken to cars and bicycles to look for
wireless network nodes that are free for everyone to use or are inadequately
protected.
But the Australians have them all beaten by using a light aircraft to fly over
the city of Perth and look for the wireless nodes from 460 metres (1500 feet)
up.
During their flight the group found up to 95 wireless nodes.
http://news.bbc.co.uk/1/hi/technology/2202653.stm
----------------------------------------------------
[10] Gut-feeling out of touch in IT security decisions
By Lauren Thomsen-Moore
19 August, 2002 8:09 Sydney, Australia
There is no place for flamboyant, gut-feeling decisions when it comes to
information systems security, according to Peter Whythes, acting manager of the
Attorney General's department policy and services branch.
Speaking at the Security 2002 conference in Sydney last week, Whythes said IT
professionals need to make security part of their organisation's culture, not
simply leave responsibility to a few staff.
http://www.computerworld.com.au/IDG2.NSF/All/AA23D3A1D697F3A9CA256C19007B277D!Op
enDocument&n=Sections&c=Security
----------------------------------------------------
[11] Sprint Security Faulted in Vegas Hacks
Telco faces forced security audits as vice hack case wraps up in sin city.
By Kevin Poulsen, Aug 19 2002 5:56PM
Citing the "compelling, credible testimony" of ex-hacker Kevin Mitnick, state
officials urged Nevada regulators to force a series of dramatic security reforms
on Las Vegas telephone company Sprint of Nevada last week, as final arguments
were filed in the case of an in-room adult entertainment operator who believes
he's being driven out of business by phone hackers.
Sprint would be required to retain outside computer security consultants, launch
a security training program for company employees, develop a process for
detecting a deterring intrusion attempts into its network, and begin documenting
its security investigations, if the Public Utilities Commission follows the
recommendations of its regulatory operations staff, acting as independent
investigators in the case.
http://online.securityfocus.com/news/587
----------------------------------------------------
[A good article which shows that Operation Enduring Freedom was not as
successful
as many people expected it to be. It will be far more difficult to fight AQ
now. By the way I would recommend to read 'My Jihad' by Aukai Collins as I
gives a rather interesting insight into the world of Jihad and US intelligence.
Naturally the book is slightly bias, but it is well worth a read. I heard him
speak
in New York and then I bought the book. WEN]
'Some European and Arab intelligence experts believe, in fact, that Al Qaeda has
mutated into a form that is no less deadly and even more difficult to combat.
"We are confronted with cells that are all over the place, developing in a very
horizontal structure without any evident big center of coordination," a top
European counterterrorist investigator told NEWSWEEK. "Our operational
evaluation today is that the threat is a lot greater than it was in December.
That is to say, the worst is ahead of us, not behind us."'
'... So far, success in the war on terror is measured largely by what hasn't
happened: no more suicide planes, no bioweapons attacks, no September 11-scale
attack. As Rumsfeld and others point out, U.S. and other intelligence agencies
have succeeded in harassing Qaeda and foiling at least some of their plots. But
patience has always been one of Al Qaeda's strengths-the patience of people who
believe in the everlasting. In death, in fact, the holy warriors gain a respect
that few of them could ever have achieved in life.'
[12] How Al Qaeda Slipped Away
The war in Afghanistan is widely regarded as a great success. But one key
objective was not achieved. The inside story of Al Qaeda's mass escape
By Rod Nordland, Sami Yousafzai and Babak Dehghanpisheh
NEWSWEEK
ACROSS THE HIGH PASSES of the Tora Bora range they raced, with blankets drawn
over their shoulders and their turbans wrapped around their faces against the
freezing December wind. They came upon a man's severed leg, its stump still
oozing blood. The owner couldn't have gotten far. Ahead was a high intermontane
valley, and beyond it an even more formidable barrier, the Spin Ghar range-the
White Mountains. The fugitives were as good as dead or captured. American B-52s
and attack helicopters were plastering the hillsides; some 1,500 pro-Western
Afghans had joined the chase, and on the far side of the White Mountains the
Pakistanis had ostensibly closed the border.
http://www.msnbc.com/news/791852.asp
----------------------------------------------------
[13] Abu Nidal, Palestinian Terrorist Leader, Is Reported Dead
By SERGE SCHMEMANN
JERUSALEM, Aug. 19 - A Palestinian newspaper reported today that Abu Nidal, a
Palestinian radical whose small terrorist organization was blamed for killing or
wounding more than 900 people in 20 countries, had been found dead in his home
in Baghdad. He had several bullet wounds and was believed to have killed
himself, the paper said.
Neither Israeli nor American intelligence officials could confirm the report in
the paper, Al Ayyam, but they said that if the account of the wounds was true,
his death was probably not a suicide.
http://www.nytimes.com/2002/08/20/international/middleeast/20NIDA.html?ex=103050
7200&en=d4844ad00e82adde&ei=5040&partner=MOREOVER
----------------------------------------------------
[14] Study: AOL's got unhappy customers
By Margaret Kane
Staff Writer, CNET News.com
August 19, 2002, 10:00 AM PT
Consumer satisfaction with America Online is extremely low compared with other
Web portals and with almost every sector of American industry, according to a
new report.
The University of Michigan released on Monday its latest American Customer
Satisfaction Index (ACSI), the results of a survey that follows various sectors
of the economy each quarter. The second-quarter report focused on cars,
household appliances, PCs and Web portals. For the first time, the survey also
measured satisfaction with search engines and news and information Web sites.
http://news.com.com/2100-1023-954350.html?tag=cd_mh
----------------------------------------------------
[15] Robbie wins web battle
Pop star Robbie Williams has won his battle to evict a "cybersquatter" in
England from a website using his name.
The United Nations copyright agency ruled that Howard Taylor, of Southampton,
was using his site www.robbiewilliams.info in bad faith.
It decided he does not have the right to use the name and that the website
address must pass back into the hands of the millionaire singer.
http://news.bbc.co.uk/1/hi/entertainment/music/2202905.stm
----------------------------------------------------
[16] KDE fixes SSL hole as MS dithers
By Thomas C Greene in Washington
Posted: 08/19/2002 at 05:33 EST
New KDE binary RPMs have been released, as promised, with a fix for the SSL
certificate vulnerability affecting Windows and Konqueror which we reported last
week.
"KDE 3.0.3 primarily provides stability enhancements over KDE 3.0.2, which
shipped in early July 2002, and also contains a security correction for SSL
(Internet security) certificate handling," the organization says.
http://www.theregus.com/content/55/26024.html
----------------------------------------------------
[17] The Stuckist Net - what is your post-Palladium future?
By Andrew Orlowski in London
Posted: 19/08/2002 at 18:34 GMT
"Your paintings are stuck, you are stuck! Stuck! Stuck! Stuck!" - Tracey Emin
[to Billy Childish].
The copyright holders who dominate the entertainment oligopolies in the United
States could risk ceding the nation's technological lead, once and forever.
How so?
Well, we now see that the Pigopolists intend to restrict the open protocols of
the Internet. If there was any doubt, it should finally have been dispelled on
Friday, as Thomas C Greene reported in Media giants demand ISPs block Web sites.
http://www.theregister.co.uk/content/6/26740.html
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
