_________________________________________________________________ London, Tuesday, September 17, 2002 _________________________________________________________________
INFOCON News _________________________________________________________________ IWS - The Information Warfare Site http://www.iwar.org.uk _________________________________________________________________ IWS Sponsor IQPC Defence Conference: Information Operations 2002 25-26/09/02 Information Operations 2002: Analysing development in defensive and offensive information operations, critical infrastructure protection, information assurance and perception management. September 25 - 26, 2002. London, UK (Pre-Conference Masterclass: 24th September 2002) Information Operations 2002 Conference Web Site http://www.iqpc-defence.com/GB-1826 _________________________________________________________________ ---------------------------------------------------- [News Index] ---------------------------------------------------- [1] Microsoft's new deal with Uncle Sam [2] White House tackles cybersecurity [3] New strategy to expand focus [4] Slapper worm gains strength in numbers [5] Privacy leak reported in Mozilla-based browsers [6] Web sites reinforce security and privacy policies, review finds [7] Internet as Weapon [8] Video-Conferencing Hole Exposed [9] Future Intel chips -- hacker-proof? [10] New AES crypto standard broken already? [11] Commerce expected to renew contract with Internet oversight company [12] Go Daddy offers anonymous domain registration [13] (South Korea) Personal Information Misuse in Cyber Space Rising [14] The Coming Virus Armageddon [15] Virtual Soldiers in a Holy War [16] U.S. Talks Cybersecurity at UN Conference [17] Erosion of privacy causes concern _________________________________________________________________ News _________________________________________________________________ [The new National Strategy to Secure Cyberspace will be published tomorrow in Stanford. I don't expect it to be a superb plan as too many people where involved 'riding the Washington gravy train' whilst creating the it. We will see on Wednesday how good the plan really is. As said before it market-driven and it will introduce new critical infrastructures. WEN] >From the article: 'I don't even think it's such a fabulous idea for the White House to be preparing these kind of grand Internet security reports. The federal government's tech-cluelessness is embarrassingly obvious, and it needs to solve its own problems first. The Internet is run by technology firms, which are in turn run by people smart and motivated enough to do the right thing without nagging by Uncle Sam. Sure, it doesn't always happen immediately, but market forces are better in the long run at figuring out the right approach than bureaucrats are.' [1] Microsoft's new deal with Uncle Sam By Declan McCullagh September 16, 2002, 4:00 AM PT WASHINGTON--Why does the White House refuse to tell Microsoft to get tough on security? On Wednesday, the Bush administration is scheduled to publish its proposal to increase the security of the Internet. Properly titled the "National Strategy to Secure Cyberspace," it's said to talk with great earnestness about helping home users safeguard their computers, about thwarting online intrusions into business systems, and about providing better training to federal network administrators. But, according to people familiar with the draft report, it pays scant attention to Microsoft, which has been responsible for more online security woes than any other company in history. Such an omission would be glaring. Intentional design choices and unintentional bugs in Microsoft Windows, Outlook, Word and Explorer have created vulnerabilities so numerous they've become legendary. Shoddy default settings have practically begged intruders to plunder Windows-equipped PCs. Any serious look at Internet security has to start with the world's largest software company. http://news.com.com/2010-1074-957970.html?tag=fd_lede ---------------------------------------------------- [2] White House tackles cybersecurity By Declan McCullagh Special to ZDNet News September 16, 2002, 6:58 PM PT WASHINGTON--The White House's cyberspace security plan, scheduled to be released Wednesday, envisions a broad new role for the federal government in maintaining Internet security. While couching many concepts as mere suggestions, a draft of the plan seen by CNET News.com says the government should improve the security of key Internet protocols and spend tens of millions of dollars on centers to recognize and respond to "cyber attacks." The draft report, however, is still in flux. As of late Monday, one controversial section that appears to have been deleted would have required companies to contribute money to a fund to secure computer networks. http://zdnet.com.com/2100-1105-958159.html ---------------------------------------------------- [3] New strategy to expand focus BY Diane Frank Sept. 16, 2002 The national strategy that the White House plans to release Sept. 18 will be the first that includes strategic goals for every sector - ranging from home users to global issues - according to a summary released today. It also will detail 18 national priorities that include coordinating research and development and increasing information sharing. http://www.fcw.com/fcw/articles/2002/0916/web-strat-09-16-02.asp More: White House To Unveil New Plan for U.S. Computer Security http://www.newsfactor.com/perl/story/19413.html Experts: Cybersecurity plan offers tips, not rules http://www.usatoday.com/tech/news/techpolicy/2002-09-16-cyber-plan_x.htm ---------------------------------------------------- [4] Slapper worm gains strength in numbers By Robert Lemos Special to ZDNet News September 17, 2002, 4:50 AM PT The Linux Slapper worm had compromised more than 6,700 servers as of early Monday morning, and it continues to create a peer-to-peer attack network that could shut down even corporate Internet connections. Unlike past worms, which typically tried only to compromise computers on the Internet, the Slapper worm has a grander scheme in mind: to create a large peer-to-peer network that could be used to hit other servers. A computer that gets infected becomes part of the network and could be commanded, or used to command the other computers on the network, to attack, said Al Huger, senior director of engineering for the incident response team at security company Symantec. http://zdnet.com.com/2100-1104-958122.html ---------------------------------------------------- [5] Privacy leak reported in Mozilla-based browsers Tuesday 17 September 2002 A "serious" privacy leak in Mozilla, and other browsers based on the open source technology, such as Netscape and Galeon, discloses users' Web surfing information, according to a recent report. The Mozilla bug was reported on the Bugtraq mailing list last week by researcher Sven Neuhaus, who said that vulnerability reveals the URL of the page a Web surfer is visiting to the Web server of the last page the user visited. The bug affects Mozilla 1.0, 1.0.1, 1.1 as well as Mozilla-based browsers such as Netscape 7 and Galeon, Neuhaus said. Older versions of Mozilla could also contain the bug, the researcher added. http://www.cw360.com/bin/bladerunner?REQSESS=qV102Z50&REQAUTH=0&2149REQEVENT=&CA RTI=115838&CARTT=14&CCAT=1&CCHAN=13&CFLAV=1 ---------------------------------------------------- [6] Web sites reinforce security and privacy policies, review finds By Wilson P. Dizard III GCN Staff A Brown University analysis of government Web sites found that more federal and state sites are taking security and privacy seriously compared to last year. The Center for Public Policy at Brown analyzed 1,265 federal and state sites, measuring available features, variations between state and federal sites, and responsiveness to citizens' information requests. According to the study, 34 percent of the sites now have a visible security policy, up from 18 percent last year. And 43 percent have some form of privacy policy, up from 28 percent two years ago. http://www.gcn.com/vol1_no1/daily-updates/20026-1.html ---------------------------------------------------- [FUD, FUD, FUD based on a 'swarming attack' briefing paper by a certain US government agency, ... WEN] [7] Internet as Weapon Experts Fear Terrorists May Attack Through Cyberspace By Chris Wallace C O L O R A D O S P R I N G S, Colo., Sept. 16 - Intelligence experts worry that the next terrorist strike on the United States will be what they call a "swarming attack" - a bombing or suicide hijacking combined with a hit on computers - that will make it tougher for law enforcement and emergency teams to respond. To deal with such a threat, the Bush administration is finalizing a strategy to guard against cyberterrorism. "It's much easier to do than building a weapon of mass destruction," said Richard Clarke, special White House adviser for cyberspace security. "Cyberattacks are a weapon of mass disruption, and they're a lot cheaper and easier." What kind of damage using the Internet is possible? Clarke and other experts offered examples of what a skilled computer hacker could do, even from a computer on the other side of the world from the target: Alter the software that controls phone service, shutting down communications for an entire region. Open or close the switch on an electric power grid or the floodgates of a dam. http://abcnews.go.com/sections/wnt/DailyNews/cyberterror020913.html ---------------------------------------------------- [8] Video-Conferencing Hole Exposed By Michelle Delio A half-dozen exploits have recently been discovered in the operating system of Polycom's popular ViewStation device. Some of the issues have been addressed in a system upgrade released last week, but many users said they weren't advised they needed to upgrade their ViewStation's operating system and were unaware of the security problems. http://www.wired.com/news/technology/0,1282,55145,00.html ---------------------------------------------------- [9] Future Intel chips -- hacker-proof? Matthew Yi, Chronicle Staff Writer Tuesday, September 10, 2002 Intel Corp. will begin hard-wiring security features into future generations of chips in order to help fend off hackers and viruses, Intel President and Chief Operating Officer Paul Otellini said Monday. Code-named LaGrande Technology, new microprocessors armed with the security feature will be able to keep files in PCs as safe as if they were in a "vault, " Otellini told a room-full of software and hardware engineers at the Intel Developer Forum in San Jose. http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2002/09/10/BU179891.DTL&type =tech ---------------------------------------------------- [10] New AES crypto standard broken already? By Thomas C Greene in Washington Posted: 16/09/2002 at 16:59 GMT Theoretical attacks against AES (Advanced Encryption Standard) winner Rijndael and runner-up Serpent have been published. They might work in the practical world; they might not. That's about all we can say from the latest edition of Bruce Schneier's CryptoGram newsletter, which seeks to simplify the issues discovered by researchers Nicolas Courtois and Josef Pieprzyk, and elaborated in a paper entitled "Cryptanalysis of Block Ciphers with Overdefined Systems of Equations". Now while this represents an interesting bit of research, it does not mean that AES has been or even can be cracked in the real world. The work is theoretical and needs to be reviewed by others; and even if it's confirmed in theory and partially confirmed empirically, it may never be possible to exploit it. http://www.theregister.co.uk/content/55/27139.html ---------------------------------------------------- [11] Commerce expected to renew contract with Internet oversight company By Maureen Sirhal, National Journal's Technology Daily Officials at the Internet's monitoring body are praising news of an expected renewal of its agreement with the Commerce Department to continue management of the Internet's domain-name system, but Congress may weigh in on the matter. Nancy Victory, the head of Commerce's National Telecommunications and Information Administration (NTIA), said in a teleconference Friday that she anticipates that the NTIA will renew its agreement with the Internet Corporation for Assigned Names and Number (ICANN), but with added conditions. ICANN spokeswoman Mary Hewitt praised Commerce's decision to renew its "memorandum of understanding" (MOU) with ICANN. "However," she said, "we are still in discussion as to the details in how the agreement will look." http://www.govexec.com/dailyfed/0902/091602td2.htm ---------------------------------------------------- [12] Go Daddy offers anonymous domain registration By ComputerWire Posted: 17/09/2002 at 07:07 GMT A new sister company of Go Daddy Software Inc is to start offering internet users anonymous domain name registration from today, becoming the first major domain name registrar to do so, Kevin Murphy writes. Go Daddy founder Bob Parsons has set up Domains By Proxy Inc, essentially a Go Daddy reseller that will enter its own contact information, rather than the registrant's, into the Whois database, whenever a registration is made. http://www.theregister.co.uk/content/6/27150.html ---------------------------------------------------- [13] Personal Information Misuse in Cyber Space Rising by Woo Byung-hyun ([EMAIL PROTECTED]) Personal information crimes in cyberspace reported to the Personal Data Protection Center (www.cyberprivacy.or.kr) totaled 14,181 during last year, up 6.2 times the 2,297 in 2000, according to the Ministry of Information and Communication Sunday. Cases regarding misuse of private information as of July this year totaled 30,975, exceeding two times the total number of reports last year. http://english.chosun.com/w21data/html/news/200209/200209150013.html ---------------------------------------------------- [14] The Coming Virus Armageddon Send this Article By Jay Lyman NewsFactor Network September 16, 2002 In addition to being stealthy, experts said, the ultimate computer virus would be polymorphic -- able to change its code, message and form to avoid detection. Computer virus writers are known for building on each other's work to create ever-deadlier malware. In the future, a truly malicious code might not create an immediate uproar by hitting the Internet with a big bang. Instead, it could slowly and quietly seize control of a vast number of computers, doing significant but not immediately apparent damage to data. How conceivable is the supervirus threat? "We never say never in this business," McAfee.com (Nasdaq: MCAF) virus research manager April Goostree told NewsFactor. "We've never really seen it, but we've seen some things that are pretty darn close. I really don't see why it couldn't be done." But Trend Micro (Nasdaq: TMIC) global director of education David Perry disagreed, telling NewsFactor that given the nature of viruses today, it is unlikely that one could cripple the Web. "I really don't believe in the concept of there being an ultimate computer virus," he said. "There are rumors about there being a metavirus or megavirus, but it's fiction." http://www.newsfactor.com/perl/story/19406.html ---------------------------------------------------- [15] Virtual Soldiers in a Holy War Date: Monday, 16 September 2002 Source: Ha'aretz Daily Story: "Virtual Al Qaida" was the main topic of a seminar held in Washington about three months ago. At issue was the appearance in cyberspace of Web sites, forums and chat rooms set up by bin Laden supporters, who preach his message of jihad against the West, heretics, "the Crusaders and the Jews," and their toadies in Arab countries and the Muslim world. The purpose of the conference, which was attended by 15 experts, most of them American, was to examine how the Al Qaida organization and its supporters have changed since the September 11 attacks. Organized by a private company owned primarily by CIA alumni, the seminar was essentially meant to give the CIA an opportunity to listen to more views and hear a range of outlooks. "For the radical fundamentalist Islamic movements, the Internet is a gift from heaven," says Reuven Paz, who researches these groups. "I call it `the open university.' It's available to anyone who is interested." The radical Islamic movements' use of Western technology - created by the culture they are railing against - is nothing new. From his headquarters in Paris, the Ayatollah Khomeini once produced and distributed audio-cassettes throughout Iran, with sermons that called on the Iranian masses to rebel against the shah's regime. Osama bin Laden's network of dormant cells of activists who lay low until called into action has used the Internet to transmit messages, coded and otherwise, via e-mail. http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=9026 ---------------------------------------------------- [16] U.S. Talks Cybersecurity at UN Conference Seeks greater worldwide cooperation By DAN VERTON SEPTEMBER 16, 2002 NEW YORK -- The Bush administration took its cybersecurity message to the world this month, urging increased cooperation on cybercrime prevention and the ironing out of legal guidelines. Speaking here to an audience of 150 diplomats from 22 nations, Paul Kurtz, senior director for national security for the President's Critical Infrastructure Protection Board, said that the lessons of Sept. 11 affect the information security realm and that the world must do more to cooperate and coordinate its anticybercrime efforts. http://www.computerworld.com/securitytopics/security/story/0,10801,74266,00.html ---------------------------------------------------- [17] Erosion of privacy causes concern Stephen Bell, Wellington The Auckland Council for Civil Liberties has "grave concerns" over the atmosphere of increased tolerance to privacy invasion that has developed in the year since September 11. The most severe consequences are naturally in the US, with, for example, a resurgence of government interest in the FBI's Carnivore email surveillance technology. New Zealand's environment is rather less aggressive on that front, says ACCL lawyer Graeme Minchin, but the Crimes Amendment No 6 Bill, with its provisions for police and the Security Intelligence Service to intercept digital communications, still gives cause for worry, he says. Pressure to adopt such measures was strengthened in the wake of September 11. http://www.idgnet.co.nz/webhome.nsf/UNID/3DCD19C8B1DA5EFACC256C2F001278A9!opendo cument ---------------------------------------------------- _____________________________________________________________________ The source material may be copyrighted and all rights are retained by the original author/publisher. Copyright 2002, IWS - The Information Warfare Site _____________________________________________________________________ Wanja Eric Naef Webmaster & Principal Researcher IWS - The Information Warfare Site <http://www.iwar.org.uk> --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk