_________________________________________________________________
London, Friday, September 20, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
IWS Sponsor
IQPC Defence Conference: Information Operations 2002 25-26/09/02
Information Operations 2002: Analysing development in defensive and
offensive information operations, critical infrastructure protection,
information assurance and perception management.
September 25 - 26, 2002. London, UK (Pre-Conference Masterclass:
24th September 2002)
Information Operations 2002 Conference Web Site
http://www.iqpc-defence.com/GB-1826
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] President's Cyber Man seeks Framework support
[2] US .gov info restricted over attacker fears
[3] Administration official defends cyberspace security plan
[4] Creation of e-gov office praised
[5] Info Industry Debates E-Privacy
[6] (UK) National surveillance centre suffers delay
[7] Fighting Back: Dissatisfied Online Shoppers Take Action
[8] Security: Stop ignoring the obvious mistakes
[9] A cybersage speaks his mind
[10] FBI still not reaching out to local law enforcement, police expert says
[11] Experts say White House protocol upgrade advice is serious
[12] Homeland's 1st goal: Be different
[13] Crypto-chip boosts ID security
[14] A Bounty on Spammers
[15] Open-source group gets Sun security gift
[16] Linux rootkit hacker suspect arrested in UK
[17] Sun Offers Building Blocks for Liberty Alliance Applications
_________________________________________________________________
News
_________________________________________________________________
[1] President's Cyber Man seeks Framework support
By ComputerWire
Posted: 20/09/2002 at 06:28 GMT
The US president's internet security advisor hit the streets yesterday seeking
industry input into a proposed cyber security framework.
Richard Clarke's first stop was Sun Microsystems Inc's Networks conference in
San Francisco, California, where he appealed to delegates for feedback on the
document.
The government has worked with major industrial sectors to produce 70 proposals
it believes will secure America's critical infrastructure against attack.
Members of the public have two months to submit feedback on the proposal.
Initial feedback this week called the document useful because it does not
mandate action. However, some believe the proposed framework also lacks teeth.
http://www.theregister.co.uk/content/55/27211.html
----------------------------------------------------
[2] US .gov info restricted over attacker fears
By ComputerWire
Posted: 20/09/2002 at 06:26 GMT
VeriSign Inc has stopped providing access to information about the .gov internet
domain, which is restricted to US government bodies, over concerns the data
could be used in planning internet attacks, ComputerWire has learned.
On September 16, the company posted a notice on its web site saying that from
September 13 (three days earlier) it would no longer provide FTP access to the
so-called "zone file" for .gov, which contains the IP addresses of all the name
servers that point to .gov domains.
http://www.theregister.co.uk/content/55/27210.html
----------------------------------------------------
[3] Administration official defends cyberspace security plan
By Drew Clark, National Journal's Technology Daily
SEATTLE- The Bush administration official responsible for the details of the
National Strategy to Secure Cyberspace responded late Wednesday to critics who
argued that the plan does too much or not enough to protect the nation's
critical computer networks.
The report "is not a full-blown tactical implementation plan," Howard Schmidt
told National Journal's Technology Daily in a telephone interview after the
formal unveiling of the report at Stanford University. Schmidt is vice chairman
of the President's Critical Infrastructure Protection Board and was the top
liaison with the technology industry on the plan.
Both Schmidt and Richard Clarke, the top White House cybersecurity adviser,
stressed at the launch that the report is a "draft" subject to a 60-day comment
period. An earlier version was tagged a "strategy of how the United States will
take steps to secure [critical] information technology networks." Schmidt also
said that the president has not yet seen the plan.
http://www.govexec.com/dailyfed/0902/091902td1.htm
----------------------------------------------------
[4] Creation of e-gov office praised
BY Dibya Sarkar
Sept. 19, 2002
Proposed congressional legislation to create an e-government office was widely
praised by Bush administration officials and other government technology experts
at a House hearing Sept. 18. However, whether the office's leader should be
called a chief information officer and be confirmed by the Senate remains in
dispute.
Connecticut Democratic Sen. Joe Lieberman's bill, S. 803, approved by the Senate
this summer and sent to the House, would authorize an e-government office within
the Office of Management and Budget. Housing it there is vital in identifying
duplicative technology initiatives among agencies and thereby streamlining costs
and improving services, said Mark Forman, OMB's assistant director for
information technology and e-government.
http://www.fcw.com/fcw/articles/2002/0916/web-egov-09-19-02.asp
----------------------------------------------------
[5] Info Industry Debates E-Privacy
By Manny Frishberg Win a 50" HDTV or a Xerox Printer!
"The real issue is not 'privacy versus security, period but privacy versus
security, question mark,'" said Andrew Konstantaras, executive director of the
Internet Law and Policy Forum, which has organized conferences on the subject
annually for the past seven years. "Is the struggle between security and privacy
a zero-sum game or are they two sides of the same coin?"
http://www.wired.com/news/business/0,1367,55282,00.html
----------------------------------------------------
[6] National surveillance centre suffers delay
By Gareth Morgan [19-09-2002]
Spooks' snoop shop put on hold till next year
The UK government's new internet surveillance centre, due to be in use from this
month, will not be operational until next year, vnunet.com's sister title
Computing can reveal.
The National Technical Assistance Centre (NTAC) has been decrypting seized
computer data since summer 2001 from its base at MI5 headquarters.
http://www.vnunet.com/News/1135157
----------------------------------------------------
[7] Fighting Back: Dissatisfied Online Shoppers Take Action
By Jon Swartz
September 19, 2002
The hard part is tracking down fraudulent sellers and making them refund money.
EBay must depend on the FBI and local authorities to prosecute.
Peeved consumers, who claim online auction sites are unresponsive to fraud, are
increasingly taking matters into their own hands. The cyber-vigilantes are
filing more police reports, attempting more often to track down merchants on
their own and putting up more Web sites to warn others of merchants they say are
unscrupulous.
They say they have little choice, because auction sites don't have enough
employees to enforce millions of daily transactions.
"We run into people all the time who are using Web sites and chat rooms to warn
about merchants," Internet Fraud Complaint Center chief Tim Healy says. "They
feel they have to police the Internet since there are so many scammers online."
http://www.newsfactor.com/perl/story/19455.html
----------------------------------------------------
[8] Security: Stop ignoring the obvious mistakes
By David Berlind
September 19, 2002
The FBI is taking one of the key goals of the just released draft of the
National Strategy to Secure Cyberspace to heart.
The law enforcement agency, best known for its Most Wanted list and inept use of
information technology, is hoping to build awareness about cybersecurity and
promote good security hygiene.
In his recent ZDNet News commentary on keeping hackers at bay, Arvind Krishna,
vice president of security products for Tivoli Software at IBM, quoted from the
FBI's list of five common mistakes that leave company and employee data
vulnerable:
Default installation of operating systems and applications;
Weak passwords - some 40 percent of us use "password";
Incomplete back-up of data;
Unneeded ports left open;
Data packets not filtered for correct incoming and outgoing addresses.
http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2880660,00.html
----------------------------------------------------
[9] A cybersage speaks his mind
By Paul Festa
Staff Writer, CNET News.com
September 19, 2002, 12:00 PM PT
For a law professor specializing in the Internet, David Sorkin takes a pretty
dim view of cyberlaw.
An associate professor at the John Marshall Law School in Chicago, Sorkin in
1995 was one of the first academics to offer a course on cyberlaw.
But when it comes to legislating our way to Internet nirvana, Sorkin remains a
skeptic. In fact, he says the law governing the offline world is equipped to
handle most online disputes, and cautions that attempts to address Internet
problems such as spam are only going to make matters worse.
http://news.com.com/2008-1082-958576.html
http://www.sork.com/
----------------------------------------------------
[10] FBI still not reaching out to local law enforcement, police expert says
By Raya Widenoja
Local law enforcement agencies still aren't getting enough information from the
FBI to respond effectively to security threats, according to the head of the
country's largest organization of police executives.
Despite a new color-coded terrorism alert system and FBI Director Robert Mueller
's expressed commitment to better coordinate with local law enforcement
agencies, police still aren't getting information specific enough to help them
identify terrorist risks in their communities, said Bill Berger, president of
the International Association of Chiefs of Police and police chief of North
Miami Beach, Fla. On Sept. 10, when the Justice Department raised the threat
level of possible terrorist attacks from "elevated" to "high," many local police
didn't learn of the change until it was announced to the public, Berger said.
"It didn't work again," Berger said, adding that the level of information from
the FBI varied by region. Most local police in New England were informed by the
FBI office in that area of the elevated threat level about an hour before the
public, but police in other regions didn't know about the change until Attorney
General John Ashcroft and Homeland Security Director Tom Ridge announced it at a
press conference, Berger said.
http://www.govexec.com/dailyfed/0902/091902r1.htm
----------------------------------------------------
[11] Experts say White House protocol upgrade advice is serious
By ComputerWire
Posted: 20/09/2002 at 06:31 GMT
Internet infrastructure experts yesterday lent their support to White House
adviser Richard Clarke's recommendations that companies should make securing
ubiquitous internet protocols a priority, but said cost and red tape is slowing
down deployment, writes Kevin Murphy.
According to these experts, vulnerabilities in these protocols mean it could
just be a question of when they are exploited in an attack, not if. And the
target would not be a sole wired entity, but the entire internet, or large
portions of it.
http://www.theregister.co.uk/content/55/27212.html
----------------------------------------------------
[12] Homeland's 1st goal: Be different
BY Diane Frank
Sept. 19, 2002
Many long-range goals exist for the information technology infrastructure of the
proposed Homeland Security Department, but the goal for day one - the first day
that 170,000 employees start as members of an entirely new organization - is
just as important, said Steve Cooper, senior director of information integration
and chief information officer for the Office of Homeland Security.
http://www.fcw.com/fcw/articles/2002/0916/web-dhs-09-19-02.asp
----------------------------------------------------
[13] Crypto-chip boosts ID security
By Becky Ham
SCIENCE
WASHINGTON, Sept. 19 - When you send your credit card number over the Internet
to pay for a new book or a pair of pants, the number is mathematically
disguised - encrypted - so that the original string of digits can be decoded
only by the merchant at the other end of your shopping spree. Such encryption is
common, but it isn't entirely secure or practical for all transactions. In
Friday's issue of the journal Science, researchers report a new method that may
improve electronic security: a material that "does the math" for encryption.
http://www.msnbc.com/news/810083.asp
----------------------------------------------------
[14] A Bounty on Spammers
By Lawrence Lessig
Spam is a blight on our high-tech civilization. Lawrence Lessig has an idea:
force spammers who don't label their junk e-mail to pay $10,000 to the first
recipient who finds them.
According to Merriam-Webster's dictionary, a vigilante is "a member of a
volunteer committee organized to suppress and punish crime summarily (as when
the processes of law appear inadequate)." He or she is "a self-appointed doer of
justice."
The Internet has had a long history of digital vigilantism, the most common
being spam vigilantes. These well-meaning souls fight to rid the Net of
unsolicited commercial e-mail, sent mostly by direct marketers eager to get your
attention, whether you want it or not, at work and at home. Such groups attempt
to fight these intrusions by building lists of sites that don't obey "proper"
e-mail etiquette and then by organizing automated boycotts of the sites on the
list. If your company's e-mail server finds itself on one of these lists, then a
significant number of your e-mails will be routed into a virtual black hole.
http://www.cioinsight.com/article2/0,3959,533225,00.asp
----------------------------------------------------
[15] Open-source group gets Sun security gift
By Stephen Shankland
Staff Writer, CNET News.com
September 19, 2002, 1:27 PM PT
SAN FRANCISCO--Sun Microsystems has donated new cryptography technology to an
open-source project at the heart of many secure transactions on the Internet.
Sun's "elliptic curve" technology is involved in the process of using keys to
encrypt and decrypt information for electronic transactions. Such encryption
lets people buy products online, for example, while shielding their credit card
number from prying eyes. The Santa Clara, Calif.-based server seller donated the
technology to the OpenSSL project, a programming group that makes an open-source
version of the Secure Sockets Layer (SSL) encryption system.
http://msnbc-cnet.com.com/2100-1001-958679.html
----------------------------------------------------
[16] Linux rootkit hacker suspect arrested in UK
By John Leyden
Posted: 19/09/2002 at 14:48 GMT
A 21-year old from Surbiton, Surrey has been arrested on suspicion of writing
and distributing the T0rn rootkit, which dumbs down the process of hacking Linux
servers.
Officers from Scotland Yard's Computer Crime Unit arrested the man for alleged
offences under Computer Misuse Act 1990 earlier this week, as part of a joint
FBI/Scotland Yard investigation into the creation of the T0rn rootkit. A search
warrant was served and computer equipment seized from his house.
http://www.theregister.co.uk/content/55/27200.html
http://www.thisislondon.co.uk/dynamic/news/story.html?in_review_id=701307
----------------------------------------------------
[17] Sun Offers Building Blocks for Liberty Alliance Applications
By Sebastian Rupley, PC Magazine
As part of its SunNetwork event in Silicon Valley this week, Sun Microsystems
announced one of the first interoperability prototype technologies based on the
Liberty Alliance 1.0 specification.
http://www.extremetech.com/article2/0,3973,541188,00.asp
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
