_________________________________________________________________ London, Friday, September 20, 2002 _________________________________________________________________
INFOCON News _________________________________________________________________ IWS - The Information Warfare Site http://www.iwar.org.uk _________________________________________________________________ IWS Sponsor IQPC Defence Conference: Information Operations 2002 25-26/09/02 Information Operations 2002: Analysing development in defensive and offensive information operations, critical infrastructure protection, information assurance and perception management. September 25 - 26, 2002. London, UK (Pre-Conference Masterclass: 24th September 2002) Information Operations 2002 Conference Web Site http://www.iqpc-defence.com/GB-1826 _________________________________________________________________ ---------------------------------------------------- [News Index] ---------------------------------------------------- [1] President's Cyber Man seeks Framework support [2] US .gov info restricted over attacker fears [3] Administration official defends cyberspace security plan [4] Creation of e-gov office praised [5] Info Industry Debates E-Privacy [6] (UK) National surveillance centre suffers delay [7] Fighting Back: Dissatisfied Online Shoppers Take Action [8] Security: Stop ignoring the obvious mistakes [9] A cybersage speaks his mind [10] FBI still not reaching out to local law enforcement, police expert says [11] Experts say White House protocol upgrade advice is serious [12] Homeland's 1st goal: Be different [13] Crypto-chip boosts ID security [14] A Bounty on Spammers [15] Open-source group gets Sun security gift [16] Linux rootkit hacker suspect arrested in UK [17] Sun Offers Building Blocks for Liberty Alliance Applications _________________________________________________________________ News _________________________________________________________________ [1] President's Cyber Man seeks Framework support By ComputerWire Posted: 20/09/2002 at 06:28 GMT The US president's internet security advisor hit the streets yesterday seeking industry input into a proposed cyber security framework. Richard Clarke's first stop was Sun Microsystems Inc's Networks conference in San Francisco, California, where he appealed to delegates for feedback on the document. The government has worked with major industrial sectors to produce 70 proposals it believes will secure America's critical infrastructure against attack. Members of the public have two months to submit feedback on the proposal. Initial feedback this week called the document useful because it does not mandate action. However, some believe the proposed framework also lacks teeth. http://www.theregister.co.uk/content/55/27211.html ---------------------------------------------------- [2] US .gov info restricted over attacker fears By ComputerWire Posted: 20/09/2002 at 06:26 GMT VeriSign Inc has stopped providing access to information about the .gov internet domain, which is restricted to US government bodies, over concerns the data could be used in planning internet attacks, ComputerWire has learned. On September 16, the company posted a notice on its web site saying that from September 13 (three days earlier) it would no longer provide FTP access to the so-called "zone file" for .gov, which contains the IP addresses of all the name servers that point to .gov domains. http://www.theregister.co.uk/content/55/27210.html ---------------------------------------------------- [3] Administration official defends cyberspace security plan By Drew Clark, National Journal's Technology Daily SEATTLE- The Bush administration official responsible for the details of the National Strategy to Secure Cyberspace responded late Wednesday to critics who argued that the plan does too much or not enough to protect the nation's critical computer networks. The report "is not a full-blown tactical implementation plan," Howard Schmidt told National Journal's Technology Daily in a telephone interview after the formal unveiling of the report at Stanford University. Schmidt is vice chairman of the President's Critical Infrastructure Protection Board and was the top liaison with the technology industry on the plan. Both Schmidt and Richard Clarke, the top White House cybersecurity adviser, stressed at the launch that the report is a "draft" subject to a 60-day comment period. An earlier version was tagged a "strategy of how the United States will take steps to secure [critical] information technology networks." Schmidt also said that the president has not yet seen the plan. http://www.govexec.com/dailyfed/0902/091902td1.htm ---------------------------------------------------- [4] Creation of e-gov office praised BY Dibya Sarkar Sept. 19, 2002 Proposed congressional legislation to create an e-government office was widely praised by Bush administration officials and other government technology experts at a House hearing Sept. 18. However, whether the office's leader should be called a chief information officer and be confirmed by the Senate remains in dispute. Connecticut Democratic Sen. Joe Lieberman's bill, S. 803, approved by the Senate this summer and sent to the House, would authorize an e-government office within the Office of Management and Budget. Housing it there is vital in identifying duplicative technology initiatives among agencies and thereby streamlining costs and improving services, said Mark Forman, OMB's assistant director for information technology and e-government. http://www.fcw.com/fcw/articles/2002/0916/web-egov-09-19-02.asp ---------------------------------------------------- [5] Info Industry Debates E-Privacy By Manny Frishberg Win a 50" HDTV or a Xerox Printer! "The real issue is not 'privacy versus security, period but privacy versus security, question mark,'" said Andrew Konstantaras, executive director of the Internet Law and Policy Forum, which has organized conferences on the subject annually for the past seven years. "Is the struggle between security and privacy a zero-sum game or are they two sides of the same coin?" http://www.wired.com/news/business/0,1367,55282,00.html ---------------------------------------------------- [6] National surveillance centre suffers delay By Gareth Morgan [19-09-2002] Spooks' snoop shop put on hold till next year The UK government's new internet surveillance centre, due to be in use from this month, will not be operational until next year, vnunet.com's sister title Computing can reveal. The National Technical Assistance Centre (NTAC) has been decrypting seized computer data since summer 2001 from its base at MI5 headquarters. http://www.vnunet.com/News/1135157 ---------------------------------------------------- [7] Fighting Back: Dissatisfied Online Shoppers Take Action By Jon Swartz September 19, 2002 The hard part is tracking down fraudulent sellers and making them refund money. EBay must depend on the FBI and local authorities to prosecute. Peeved consumers, who claim online auction sites are unresponsive to fraud, are increasingly taking matters into their own hands. The cyber-vigilantes are filing more police reports, attempting more often to track down merchants on their own and putting up more Web sites to warn others of merchants they say are unscrupulous. They say they have little choice, because auction sites don't have enough employees to enforce millions of daily transactions. "We run into people all the time who are using Web sites and chat rooms to warn about merchants," Internet Fraud Complaint Center chief Tim Healy says. "They feel they have to police the Internet since there are so many scammers online." http://www.newsfactor.com/perl/story/19455.html ---------------------------------------------------- [8] Security: Stop ignoring the obvious mistakes By David Berlind September 19, 2002 The FBI is taking one of the key goals of the just released draft of the National Strategy to Secure Cyberspace to heart. The law enforcement agency, best known for its Most Wanted list and inept use of information technology, is hoping to build awareness about cybersecurity and promote good security hygiene. In his recent ZDNet News commentary on keeping hackers at bay, Arvind Krishna, vice president of security products for Tivoli Software at IBM, quoted from the FBI's list of five common mistakes that leave company and employee data vulnerable: Default installation of operating systems and applications; Weak passwords - some 40 percent of us use "password"; Incomplete back-up of data; Unneeded ports left open; Data packets not filtered for correct incoming and outgoing addresses. http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2880660,00.html ---------------------------------------------------- [9] A cybersage speaks his mind By Paul Festa Staff Writer, CNET News.com September 19, 2002, 12:00 PM PT For a law professor specializing in the Internet, David Sorkin takes a pretty dim view of cyberlaw. An associate professor at the John Marshall Law School in Chicago, Sorkin in 1995 was one of the first academics to offer a course on cyberlaw. But when it comes to legislating our way to Internet nirvana, Sorkin remains a skeptic. In fact, he says the law governing the offline world is equipped to handle most online disputes, and cautions that attempts to address Internet problems such as spam are only going to make matters worse. http://news.com.com/2008-1082-958576.html http://www.sork.com/ ---------------------------------------------------- [10] FBI still not reaching out to local law enforcement, police expert says By Raya Widenoja Local law enforcement agencies still aren't getting enough information from the FBI to respond effectively to security threats, according to the head of the country's largest organization of police executives. Despite a new color-coded terrorism alert system and FBI Director Robert Mueller 's expressed commitment to better coordinate with local law enforcement agencies, police still aren't getting information specific enough to help them identify terrorist risks in their communities, said Bill Berger, president of the International Association of Chiefs of Police and police chief of North Miami Beach, Fla. On Sept. 10, when the Justice Department raised the threat level of possible terrorist attacks from "elevated" to "high," many local police didn't learn of the change until it was announced to the public, Berger said. "It didn't work again," Berger said, adding that the level of information from the FBI varied by region. Most local police in New England were informed by the FBI office in that area of the elevated threat level about an hour before the public, but police in other regions didn't know about the change until Attorney General John Ashcroft and Homeland Security Director Tom Ridge announced it at a press conference, Berger said. http://www.govexec.com/dailyfed/0902/091902r1.htm ---------------------------------------------------- [11] Experts say White House protocol upgrade advice is serious By ComputerWire Posted: 20/09/2002 at 06:31 GMT Internet infrastructure experts yesterday lent their support to White House adviser Richard Clarke's recommendations that companies should make securing ubiquitous internet protocols a priority, but said cost and red tape is slowing down deployment, writes Kevin Murphy. According to these experts, vulnerabilities in these protocols mean it could just be a question of when they are exploited in an attack, not if. And the target would not be a sole wired entity, but the entire internet, or large portions of it. http://www.theregister.co.uk/content/55/27212.html ---------------------------------------------------- [12] Homeland's 1st goal: Be different BY Diane Frank Sept. 19, 2002 Many long-range goals exist for the information technology infrastructure of the proposed Homeland Security Department, but the goal for day one - the first day that 170,000 employees start as members of an entirely new organization - is just as important, said Steve Cooper, senior director of information integration and chief information officer for the Office of Homeland Security. http://www.fcw.com/fcw/articles/2002/0916/web-dhs-09-19-02.asp ---------------------------------------------------- [13] Crypto-chip boosts ID security By Becky Ham SCIENCE WASHINGTON, Sept. 19 - When you send your credit card number over the Internet to pay for a new book or a pair of pants, the number is mathematically disguised - encrypted - so that the original string of digits can be decoded only by the merchant at the other end of your shopping spree. Such encryption is common, but it isn't entirely secure or practical for all transactions. In Friday's issue of the journal Science, researchers report a new method that may improve electronic security: a material that "does the math" for encryption. http://www.msnbc.com/news/810083.asp ---------------------------------------------------- [14] A Bounty on Spammers By Lawrence Lessig Spam is a blight on our high-tech civilization. Lawrence Lessig has an idea: force spammers who don't label their junk e-mail to pay $10,000 to the first recipient who finds them. According to Merriam-Webster's dictionary, a vigilante is "a member of a volunteer committee organized to suppress and punish crime summarily (as when the processes of law appear inadequate)." He or she is "a self-appointed doer of justice." The Internet has had a long history of digital vigilantism, the most common being spam vigilantes. These well-meaning souls fight to rid the Net of unsolicited commercial e-mail, sent mostly by direct marketers eager to get your attention, whether you want it or not, at work and at home. Such groups attempt to fight these intrusions by building lists of sites that don't obey "proper" e-mail etiquette and then by organizing automated boycotts of the sites on the list. If your company's e-mail server finds itself on one of these lists, then a significant number of your e-mails will be routed into a virtual black hole. http://www.cioinsight.com/article2/0,3959,533225,00.asp ---------------------------------------------------- [15] Open-source group gets Sun security gift By Stephen Shankland Staff Writer, CNET News.com September 19, 2002, 1:27 PM PT SAN FRANCISCO--Sun Microsystems has donated new cryptography technology to an open-source project at the heart of many secure transactions on the Internet. Sun's "elliptic curve" technology is involved in the process of using keys to encrypt and decrypt information for electronic transactions. Such encryption lets people buy products online, for example, while shielding their credit card number from prying eyes. The Santa Clara, Calif.-based server seller donated the technology to the OpenSSL project, a programming group that makes an open-source version of the Secure Sockets Layer (SSL) encryption system. http://msnbc-cnet.com.com/2100-1001-958679.html ---------------------------------------------------- [16] Linux rootkit hacker suspect arrested in UK By John Leyden Posted: 19/09/2002 at 14:48 GMT A 21-year old from Surbiton, Surrey has been arrested on suspicion of writing and distributing the T0rn rootkit, which dumbs down the process of hacking Linux servers. Officers from Scotland Yard's Computer Crime Unit arrested the man for alleged offences under Computer Misuse Act 1990 earlier this week, as part of a joint FBI/Scotland Yard investigation into the creation of the T0rn rootkit. A search warrant was served and computer equipment seized from his house. http://www.theregister.co.uk/content/55/27200.html http://www.thisislondon.co.uk/dynamic/news/story.html?in_review_id=701307 ---------------------------------------------------- [17] Sun Offers Building Blocks for Liberty Alliance Applications By Sebastian Rupley, PC Magazine As part of its SunNetwork event in Silicon Valley this week, Sun Microsystems announced one of the first interoperability prototype technologies based on the Liberty Alliance 1.0 specification. http://www.extremetech.com/article2/0,3973,541188,00.asp ---------------------------------------------------- _____________________________________________________________________ The source material may be copyrighted and all rights are retained by the original author/publisher. Copyright 2002, IWS - The Information Warfare Site _____________________________________________________________________ Wanja Eric Naef Webmaster & Principal Researcher IWS - The Information Warfare Site <http://www.iwar.org.uk> --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk