_________________________________________________________________
London, Tuesday, October 15, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
---------------------------------------------------------------------
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] Bluetooth may leave PDAs wide open
[2] Security tops list of reasons not to deploy Web Services
[3] Former FBI chief takes on encryption
[4] Outlook Express flaw helps hackers
[5] Terror Czar: The War Is Digital
[6] Task force urges distributed intelligence
[7] Sendmail downloads hit by random hack
[8] How to hack people
[9] (HS) Tough decisions
[10] US Copyright Office wakes up to flaws in anti-hacking law
[11] China clamps down on Net cafes - again
[12] FBI to build forensics center in Silicon Valley
[13] Bush advisor: Cybercrime costs us billions
[14] Linux firewalls: IT Manager's top picks
[15] Mozilla's 'Code of Silence' Isn't
[16] Lawmakers focus on security-related technology issues
[17] House committee votes to create E-gov administrator
_________________________________________________________________
News
_________________________________________________________________
[1] Bluetooth may leave PDAs wide open
15:26 Thursday 10th October 2002
Peter Judge
RSA 2002: If you have Bluetooth, make sure security is enabled, or
others might snoop your contacts or even make calls from your phone
Bluetooth-enabled phones and PDAs may have a gaping security gap, which
could allow other people to read data such as personal contacts and
appointments, and even make phone calls using the owner's identity. Some
of these devices are shipped with the security features in Bluetooth
disabled, allowing other Bluetooth devices access, according to RSA
Security.
"I have stood at the RSA booth in conferences, with my phone paging for
other devices, and watched other people's devices show up," said Magnus
Nystrom, technical director of RSA Security. Many devices simply allowed
access without demanding a "pairing" code, said Nystrom, and would have
allowed him to examine the personal data of passers-by, or even to make
calls with their phones.
http://news.zdnet.co.uk/story/0,,t460-s2123677,00.html
http://www.theregister.co.uk/content/55/27572.html
http://www.washingtonpost.com/wp-dyn/articles/A11227-2002Oct11.html
----------------------------------------------------
[2] Security tops list of reasons not to deploy Web Services
By ComputerWire
Posted: 11/10/2002 at 08:54 GMT
End-to-end security of web services forms the most significant barrier
to implementation by organizations, but this is not expected to hinder
future development.
A biannual survey of North American developers by Evans Data found 24%
of respondents list security concerns as the number one reason for not
rolling out web services - a growth of five percentage points since
Evans previous survey, conduced in March.
http://www.theregister.co.uk/content/55/27560.html
----------------------------------------------------
[3] Former FBI chief takes on encryption
11:43 Tuesday 15th October 2002
Declan McCullugh, CNET News.com
Louis Freeh may have lost his battle against allowing encryption when he
was at the FBI, but he is continuing the fight now he's left the federal
agency
When Louis Freeh ran the FBI, he loved nothing more than launching into
a heartfelt rant against the dangers of encryption technology.
In dozens of hearings and public speeches, the FBI director would urge
Congress to limit encryption products, such as Web browsers and email
scrambling utilities, that did not include backdoors for government
surveillance.
http://news.zdnet.co.uk/story/0,,t269-s2123893,00.html
----------------------------------------------------
[4] Outlook Express flaw helps hackers
Oops, we did it again. Again...
Microsoft has warned Outlook Express users that a software flaw could
allow an online vandal to control their computers.
A critical vulnerability in the email reader could allow an attacker to
send a specially formatted message that would crash the software and
potentially take control of the recipient's computer.
http://www.silicon.com/bin/bladerunner?30REQEVENT=&REQAUTH=21046&14001RE
QSUB=REQINT1=55939
----------------------------------------------------
'.... Kelly J. Kuchta, a cybersecurity expert who is chairman of ASIS'
information technology security council, said private security firms
have become more willing to work with law enforcement since Sept. 11,
2001. He said more companies are sharing information about cyberattacks
with the FBI as part of InfraGard, a cooperative program between the
public and private sectors. ....' http://www.infragard.net/
[5] Terror Czar: The War Is Digital
By John Gartner
11:50 AM Sep. 11, 2002 PDT
PHILADELPHIA -- Invading Iraq or silencing Syria won't put an end to
terrorism, but according to an influential retired U.S. Army general,
figuring out how to effectively disrupt the communications of extremist
factions could.
Speaking to an audience of security professionals on Wednesday, Barry
McCaffrey, a security expert who advises Congress, said that winning
against Saddam Hussein will be relatively easy. Protecting civil rights
while battling terror will be harder.
http://www.wired.com/news/politics/0,1283,55089,00.html
----------------------------------------------------
[6] Task force urges distributed intelligence
BY William Matthews
Oct. 14, 2002
Better information analysis and sharing are essential in the war against
terrorism, but don't build a giant, central database in Washington,
D.C., a panel of intelligence and technology experts advised Homeland
Security chief Tom Ridge last week.
And don't put the FBI in charge of domestic intelligence gathering and
analysis, a task force of the Markle Foundation urged in a 173-page
report delivered to Ridge at the White House.
http://www.fcw.com/fcw/articles/2002/1014/pol-task-10-14-02.asp
----------------------------------------------------
[7] Sendmail downloads hit by random hack
By Robert Lemos
Special to ZDNet News
October 10, 2002, 4:21 AM PT
Online vandals hacked into the primary download server for Sendmail.org
and replaced key software with a Trojan horse, a Sendmail development
team member said Wednesday.
The apparent attack on Sendmail didn't leave a back door in the popular
open-source e-mail software package, as previously believed, but
compromised the download software on the Sendmail consortium's primary
server so that every tenth request for source code would receive a
modified copy in reply.
http://zdnet.com.com/2100-1105-961469.html
----------------------------------------------------
[8] How to hack people
Mitnick shortly after his capture in 1995
The biggest threat to the security of a company is not a computer virus,
an unpatched hole in a key program or a badly installed firewall.
In fact, the biggest threat could be you.
So says Kevin Mitnick, and he should know.
Mr Mitnick won notoriety as a hacker during the late 80s and early 90s
and his exploits regularly became front page news.
http://news.bbc.co.uk/1/hi/technology/2320121.stm
----------------------------------------------------
[9] Tough decisions
Commentary
BY Bruce McConnell
Oct. 14,
In July, Office of Management and Budget Director Mitchell Daniels Jr.
seriously exercised the Clinger- Cohen Act by sending two memorandums to
the federal agencies that will be affected by the proposed Homeland
Security Department.
The memorandums directed agencies to cease information system
development efforts that exceed half a million dollars and to appear
before the Information Technology Investment Review Group led by OMB and
the Office of Homeland Security. The group is composed of chief
information and financial officers and other senior officials from the
various agencies affected.
http://www.fcw.com/fcw/articles/2002/1014/mgt-bruce-10-14-02.asp
----------------------------------------------------
[10] US Copyright Office wakes up to flaws in anti-hacking law
11:13 Monday 14th October 2002
John Borland, CNET News.com
It seems the US Copyright Office has finally realised that some parts of
the Digital Millennium Copyright Act are just plain stupid
Federal copyright regulators are opening the door for new exceptions to
a controversial copyright law that has landed one publisher in court and
a Russian programmer in jail.
The United States Copyright Office is launching a rare round of public
comment on rules that bar people from breaking through digital
copy-protection technology on works such as music, movies, software or
electronic books. Regulators aren't looking to change the law but they
are looking for public suggestions on what kinds of activity should be
legalised in spite of the rules.
http://news.zdnet.co.uk/story/0,,t269-s2123809,00.html
----------------------------------------------------
[11] China clamps down on Net cafes - again
By Tim Richardson
Posted: 14/10/2002 at 10:28 GMT
China has launched another crack down on Internet cafes this time
banning children under the age of 16 from using them.
The new regulations - due to come into force next month - were
introduced following a fire at a Beijing Internet café in which 24
people died and 13 were injured.
http://www.theregister.co.uk/content/6/27586.html
----------------------------------------------------
[12] FBI to build forensics center in Silicon Valley
By Sean Webby
Mercury News
The FBI is creating a $3 million computer forensics lab in Silicon
Valley, using the latest imaging software and high-end computers to
sleuth for cyber-clues of child pornography, corruption, murder and
more.
The 12,000-square-foot Regional Computer Forensics Laboratory, at the
foot of the Dumbarton Bridge in Menlo Park, will be available to help
detectives from San Francisco, San Mateo, Santa Clara and Alameda
counties hunt for digital clues. Investigators can bring seized
computers and disks to be searched for incriminating e-mails, encrypted
documents and other evidence within suspects' hardware or software.
http://www.bayarea.com/mld/bayarea/4284974.htm
----------------------------------------------------
[13] Bush advisor: Cybercrime costs us billions
Reuters
October 14, 2002, 9:41 AM PT
LONDON--Cybercrime is costing the world economy billions of dollars and
is on the increase, President Bush's cyber-security adviser said Monday.
"We have a great deal of focus nowadays on weapons of mass destruction
but we need to be aware of the proliferation in cyberspace of weapons of
mass disruption," Howard Schmidt told Reuters in an interview.
The criminals range from terrorists to backroom hackers who know no
frontiers.
"Cyber crime is costing the world economy billions of dollars and it is
still on the increase," Schmidt said. "The more we depend on the system,
the more we use the system, the more they will exploit it."
http://zdnet.com.com/2100-1106-961933.html
----------------------------------------------------
[14] Linux firewalls: IT Manager's top picks
By Staff writers, ZDNet Australia
11 October 2002
Linux firewalls--it's one of the hot topics for CIOs and IT managers at
the moment. ZDNet Australia takes a look at some of the options
available for IT departments.
Monitoring traffic, configuration glitches, and decisions about which
firewall to opt for--they are all issues facing Australia's IT managers.
Here we feature some tips, reports and analysis about Linux firewalls.
http://www.zdnet.com.au/itmanager/technology/story/0,2000029587,20269014
,00.htm
----------------------------------------------------
[15] Mozilla's 'Code of Silence' Isn't
Developers are accused of not publicizing the browser's security
vulnerabilities enough. But do we really need world wide alerts for
every bug?
By Jon Lasser Oct 09, 2002
Is the Mozilla project covering up security holes in its open-source
browser?
That seems to be the accusation in a recent note to Bugtraq, in which
security researcher Thor Larholm publicized a list of bugs in Mozilla
1.0. The bugs weren't exactly a secret to begin with -- the list itself
came from the Mozilla Web site. And they're all fixed in version 1.0.1.
But Larholm's post hints darkly that the Mozilla organization should
stop "hiding the fact that Mozilla, like most any other software
product, has had and will have a long number of security
vulnerabilities."
The group has an obligation to publicize the bugs more thoroughly "so
that the secinfo industry and the public in general becomes aware of
these," Larholm wrote.
http://online.securityfocus.com/columnists/114
----------------------------------------------------
[16] Lawmakers focus on security-related technology issues
By Chloe Albanesius, National Journal's Technology Daily
The big news in Congress this week was the approval of a resolution
authorizing unilateral military action in Iraq, but lawmakers also
introduced several technology-related bills focusing on security and
issues like identity theft, privacy and Internet safety.
Sen. Richard Durbin, D-Ill., introduced his long-awaited legislation, S.
3107, designed to improve the databases involving state-issued driver's
licenses. A similar measure, H.R. 4633, has sparked privacy concerns and
been characterized as an initiative that would create a national
identification card. But an aide to Durbin said the new Senate bill "is
pretty narrowly crafted to improve the process at which licenses are
issued."
On another front, Sen. John Warner, R-Va., filed legislation that would
exempt government contractors from liability involving technologies and
services sold to the government for homeland security purposes. The
measure, S. 3076, is identical to language in the Senate's version of
broader homeland security legislation, H.R. 5005.
http://www.govexec.com/dailyfed/1002/101102td1.htm
----------------------------------------------------
[17] House committee votes to create E-gov administrator
By Molly M. Peterson, National Journal's Technology Daily
A bipartisan bill to create an e-government office within the Office of
Management and Budget won approval Wednesday from the House Government
Reform Committee.
Approved by voice vote, the legislation, H.R. 2458, aims to improve
coordination and deployment of information technology across the federal
government and help agencies achieve the IT management reforms required
under the 1996 Clinger-Cohen Act.
Virginia Republican Tom Davis, who chairs the Technology and Procurement
Policy Subcommittee that approved the bill, said federal agencies'
efforts to comply with that law have revealed the lack of a centralized
focus on information management and pervasive information security and
IT acquisition problems.
http://www.govexec.com/dailyfed/1002/100902td1.htm
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
