_________________________________________________________________
London, Friday, October 25, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
---------------------------------------------------------------------
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] Terrorism Panel Says U.S. Is Still Unready
[2] Commerce official supports computer security office move
[3] Experts: Internet attackers could be hard to trace
[4] "Critical" Kerberos flaw revealed
[5] Securing the cloud
[6] IT security staff urged to adopt new BS 7799
[7] Letter: Free Software Hurts U.S.
[8] Canadian cons use PCs to hack, forge IDs and spread porn
[9] Deceptive Spammers Settle FTC Charges
[10] Amazon closer to profitability as sales rise
[11] Officials plot homeland priorities
[12] (UK) France battles on for data privacy
[13] Beware smart worms
[14] IT spending forecast strong
[15] PGP poised for major comeback
[16] Verisign Posts Narrower Net Loss
[17] Army plan to outsource soldiers’ jobs will increase costs
[18] Prostitutes Steal Secret Software from US Army
[19] Labels target CEOs over file swapping
[20] Free speech feels Net copyright chill
[21] Encryption method getting the picture
_________________________________________________________________
News
_________________________________________________________________
[1] Terrorism Panel Says U.S. Is Still Unready
By JAMES DAO
ASHINGTON, Oct. 24 — Despite months of preparations and the spending of
millions of dollars, the United States remains extremely vulnerable to a
major terrorist attack, particularly at its seaports, power plants and
oil refineries, a panel of national security experts has concluded.
The panel, in a report to be released on Friday, contends that local and
state police officials still have little access to intelligence on
terrorism suspects, that only a tiny fraction of ships and containers
entering American ports are inspected and that most emergency workers
are ill equipped to handle biological and chemical attacks.
http://www.nytimes.com/2002/10/25/national/25HOME.html?ex=1036209600&en=
4876cf3563ffead2&ei=5040&partner=MOREOVER
----------------------------------------------------
[2] Commerce official supports computer security office move
>From National Journal's Technology Daily
Despite opposition to the idea from the technology industry, a senior
Commerce Department official voiced support last week for a proposal to
transfer the Computer Security Division of the National Institute of
Standards and Technology to the Homeland Security Department.
“There's no doubt that the new ... department will require technical
competence and the encryption of computer information,” Deputy Secretary
Samuel Bodman said in an interview, noting that the division specializes
in those areas.
“Therefore, having that group—or a group that does that kind of work—as
part of a Department of Homeland Security makes every sense and probably
should take place.”
http://www.govexec.com/dailyfed/1002/102402td1.htm
----------------------------------------------------
[3] Experts: Internet attackers could be hard to trace
SAN FRANCISCO (Reuters) — The Bush administration said Wednesday it was
investigating this week's coordinated attack on the Internet, but
experts cautioned that it would be difficult, if not impossible, to
track down the source of the attack.
"There is an investigation under way to determine who is responsible for
the attacks," White House spokesman Ari Fleischer told reporters.
While unprecedented in its scope, the attack on Monday failed to cripple
the Internet and the vast majority of Internet users were not affected,
experts said.
When asked if cyberterrorism was suspected, Fleischer said, "I'm not
aware there's anything that would lead anybody in that direction.
History has shown that many of these attacks actually come from the
hacker community."
http://www.usatoday.com/tech/news/computersecurity/2002-10-24-net-attack
_x.htm
----------------------------------------------------
[4] "Critical" Kerberos flaw revealed
By Matthew Broersma
ZDNet (UK)
October 24, 2002, 12:54 PM PT
Kerberos has lost some of its bite, according to the US government,
which on Wednesday warned of a critical flaw that could allow hackers to
circumvent the secure networking system.
Kerberos was invented by the Massachusetts Institute of Technology and
is used by many large businesses as a way of keeping their networks
secure. It uses strong encryption to verify the identity of any machine
using a networked resource.
On Wednesday, the Computer Incident Advisory Capability (CIAC) of the US
government Department of Energy issued the warning, which originated at
MIT. The flaw allows an attacker to gain unauthorized access to the key
distribution center (KDC), which authenticates users, effectively
compromising the security of the entire network.
http://zdnet.com.com/2100-1105-963250.html
----------------------------------------------------
[5] Securing the cloud
Oct 24th 2002
>From The Economist print edition
Digital security, once the province of geeks, is now everyone's concern.
But there is much more to the problem—or the solution—than mere
technology, says Tom Standage
WHEN the world's richest man decides it is time for his company to
change direction, it is worth asking why. Only rarely does Bill Gates
send an e-mail memo to the thousands of employees at Microsoft, the
world's largest software company, of which he is chairman. He famously
sent such a memo in December 1995, in which he announced that Microsoft
had to become “hardcore” about the Internet. In January this year Mr
Gates sent another round-robin. Its subject? The importance of computer
security.
Until recently, most people were either unaware of computer security or
regarded it as unimportant. That used to be broadly true, except in a
few specialised areas—such as banking, aerospace and military
applications—that rely on computers and networks being hard to break
into and not going wrong. But now consumers, companies and governments
around the world are sitting up and taking notice. Why?
http://www.economist.com/surveys/displaystory.cfm?story_id=1389589
----------------------------------------------------
[6] IT security staff urged to adopt new BS 7799
Thursday 24 October 2002
IT security specialists are being urged by the BCS to take up the newly
revised BS 7799 standard. They say it will help them explain to fellow
IT and business managers both the threats and how effective
countermeasures can be put in place economically, writes John Kavanagh.
"The revised BS7799 Part 2 Code of Practice for Information Security
Management Systems gives guidance on how to create an information
security management system and identifies critical success factors that
an organisation must achieve if it is to successfully implement
information security," says Willie List, chairman of the BCS Security
Expert Panel.
http://www.cw360.com/bin/bladerunner?REQSESS=u809A751&2149REQEVENT=&CART
I=116896&CARTT=1&CCAT=1&CCHAN=13&CFLAV=1
----------------------------------------------------
[7] Letter: Free Software Hurts U.S.
By Robert McMillan
02:00 AM Oct. 25, 2002 PDT
An attack on the software license behind the Linux operating system has
stirred up a free software controversy in Washington.
Earlier this week, three members of the House of Representatives, Adam
Smith (D-Wash.), Ron Kind (D-Wis.) and Jim Davis (D-Fla.), sent a note
to 74 Democrats in Congress attacking Linux's GNU General Public License
(GPL) as a threat to America's "innovation and security."
The note urged members to support a letter written by Reps. Tom Davis
(R-Va.) and Jim Turner (D-Texas) to Richard Clarke, who heads the board
in charge of hammering out U.S. cybersecurity policy. Davis and Turner's
letter asks that the plan explicitly reject "licenses that would prevent
or discourage commercial adoption of promising cybersecurity
technologies developed through federal R&D."
http://www.wired.com/news/linux/0,1411,55989,00.html
----------------------------------------------------
[8] Canadian cons use PCs to hack, forge IDs and spread porn
By John Leyden
Posted: 24/10/2002 at 11:46 GMT
Canadian convicts have taken advantage of prison PCs to produce escape
plans, make fake IDs and conduct scams.
These are among the revelations from an internal report by Canada's
Correctional Service (CSC), obtained by the National Post, which warns
of the risk of cons spreading viruses or hacking into the prison
service's network.
http://www.theregister.co.uk/content/6/27770.html
----------------------------------------------------
[9] Deceptive Spammers Settle FTC Charges
Operators who used spam, deceptive earnings claims, and fictitious
testimonials to sell spam e-mail lists as business opportunities have
agreed to settle Federal Trade Commission charges that their operations
violated federal laws. The settlements will bar the defendants from
making false, misleading, or deceptive claims about their e-mail lists,
software, service, marketing program, or any other business opportunity.
The FTC alleged that Richard Jon Scott, doing business as Cyber Data,
and Sonya Lockery, doing business as Internet Specialists, sent spam to
consumers claiming that by purchasing their bulk e-mail lists, consumers
could make easy money selling products and services on the Internet.
Internet Specialists also promoted the spam list on a Web site. Cyber
Data's e-mail claimed that purchasers reasonably could expect to earn
"over $10,000,000" by selling a $5 product via bulk e-mail. Internet
Specialists made similar earnings claims, and its Web site and e-mail
contained earnings claims that appeared to be endorsements from previous
purchasers.
http://www.ftc.gov/opa/2002/10/spammers.htm
----------------------------------------------------
[10] Amazon closer to profitability as sales rise
By Monica Soto
Seattle Times technology reporter
For more than six months, Seattle-based Amazon.com has tested TV
commercials in two markets touting the convenience of online shopping
and the retailer's free-shipping campaign for orders of more than $25.
As Amazon heads into its eighth holiday quarter, the most critical for
the e-commerce bellwether, its test will be whether this $25 threshold
can compel customers to buy enough books and cameras to override any
adverse impact on the bottom line.
http://seattletimes.nwsource.com/html/businesstechnology/134562297_amazo
n25.html
----------------------------------------------------
[11] Officials plot homeland priorities
BY Judi Hasson
Oct. 24, 2002
Although the debate over creating a Homeland Security Department is
stalled in Congress, officials have quietly drawn up a list of their top
priorities to jump-start the agency if and when lawmakers approve it.
Jim Flyzik, a senior adviser at the Office of Homeland Security, said
Oct. 23 that the first priority would be consolidating the 58 government
watch lists of suspected terrorists into one list.
One of many errors disclosed in the wake of last year's Sept. 11
terrorist attacks was that the names of suspected terrorists had been
available on one classified watch list, but the information was not
shared with other agencies that might have been able to stop the
terrorists before they entered the United States. "How fast we can move
depends on the legislation," Flyzik said, referring to the stalemate
over labor issues and the bill that would create a new department,
moving 22 departments or parts of agencies under its umbrella.
http://www.fcw.com/fcw/articles/2002/1021/web-flyzik-10-24-02.asp
----------------------------------------------------
[12] France battles on for data privacy
16:53 Thursday 24th October 2002
Graeme Wearden
Been wronged by your phone company? Concerned that your data isn't being
kept securely? From January 2003, UK consumers can turn to Otelo for
help
She may no longer be the UK's information commissioner, but Elizabeth
France is still fighting to make sure that companies don't abuse the
privacy of their customers.
France is now the UK's first telecommunications ombudsman, and on
Thursday she warned that companies who fall foul of her organisation
could be forced to pay compensation of £5,000.
http://news.zdnet.co.uk/story/0,,t269-s2124438,00.html
----------------------------------------------------
[13] Beware smart worms
by Jason Holloway
Thursday 24 October 2002
Viruses and worms are becoming more common and more intelligent. Most
companies already have anti-virus software, but this needs to be
supported by good, safe computing practice. There are a few precautions
you can take to further reduce the chance of infections on your network.
Prevent downloading
Implement a strict policy on downloading from the Internet. Employees
could be inadvertently putting your network in jeopardy by opening
attachments or downloading executables. Everything must be
virus-checked. If you are not sure what the file is, don't open it. The
policy should also prohibit forwarding hoax virus warnings and chain
letters, as these can be as troublesome as viruses themselves. It can be
embarrassing for your organisation if an employee forwards these to
contacts or customers.
http://www.cw360.com/bin/bladerunner?REQSESS=u809A751&2149REQEVENT=&CART
I=116903&CARTT=4&CCAT=1&CCHAN=13&CFLAV=1
----------------------------------------------------
[14] IT spending forecast strong
BY Judi Hasson
Oct. 24, 2002
It has been a very good year for information technology vendors in the
federal sector, and next year should be strong too, according to the
latest study by Input, a technology think tank.
Government IT spending continues to grow, according to Input. In fiscal
2002, the government spent $19.3 billion in the civilian sector alone.
In fiscal 2003, which began Oct. 1, the sector is expected to spend
$20.5 billion and, in fiscal 2004, spending is estimated at $22.9
billion
http://www.fcw.com/fcw/articles/2002/1021/web-input-10-24-02.asp
----------------------------------------------------
[15] PGP poised for major comeback
By Iain Thomson [23-10-2002]
Raft of new releases within the next nine months
PGP encryption products will be back on the market by the end of the
year, with a raft of new releases in the pipeline.
PGP 8.0 will be out by the end of December and will include a freeware
version for non-commercial use, a single user personal package and an
enterprise version. A public beta of the new software, which has had
over 300,000 downloads in the last fortnight, is available here.
http://www.pcw.co.uk/News/1136211
----------------------------------------------------
[16] Verisign Posts Narrower Net Loss
10/24/02 2:08 PM
Source: Reuters
MOUNTAIN VIEW, Calif. (Reuters) - VeriSign Inc., a provider of Internet
domain names, telecom and e-commerce security services, on Thursday
posted a narrower third-quarter net loss, but saw big charges due to
amortization of goodwill and investment losses.
VeriSign reported a net loss of $80 million, or 34 cents a share,
compared with a net loss of $386.7 million, or $1.91 a share, a year
earlier.
http://news.cnet.com/investor/news/newsitem/0-9900-1028-20578584-0.html
----------------------------------------------------
[17] Army plan to outsource soldiers’ jobs will increase costs
By Jason Peckenpaugh
An Army plan to outsource the jobs of nearly 60,000 military personnel
will not save any money, but is necessary to move soldiers into
warfighting positions and support the service’s transformation,
according to Army officials.
The plan is part of the Army’s larger “Third Wave” initiative that could
let private companies compete for the jobs of more than 200,000 Army
employees, including 155,000 civilians. But Army officials admit that
outsourcing military jobs will create new costs, because the Army will
not cut its fighting force. Outsourced soldiers will be transferred to
other jobs within the Army, and civilian employees or contract workers
will assume their previous jobs.
“If you convert a military position to contract and put that soldier in
a warfighting unit, then you have to pay for that [new] contract,” said
John Anderson, assistant deputy assistant secretary of the Army for
manpower and management, at an Oct. 10 Pentagon briefing with reporters.
http://www.govexec.com/dailyfed/1002/102402p1.htm
----------------------------------------------------
[18] Prostitutes Steal Secret Software from US Army
Prostitutes stole a portable computer with secret software from US Army
soldiers currently conducting military exercises in Poland. The computer
disappeared when three programmers of the US Army invited prostitutes to
dinner and to drink. The men fell asleep rather quickly. However, when
they woke up in the morning, they discovered that their computer
disappeared; in addition to the computer, the girls also stole a digital
camera and a pair of speakers.
http://english.pravda.ru/main/2002/10/22/38519.html
----------------------------------------------------
[19] Labels target CEOs over file swapping
By John Borland
Special to ZDNet News
October 24, 2002, 11:52 AM PT
Record companies and movie studios are turning an anti-piracy spotlight
on corporate America, sending a letter to top CEOs this week warning of
illegal file trading going on at "a surprising number of companies."
The Recording Industry Association of America (RIAA), the Motion Picture
Association of America (MPAA) and songwriters' associations have drafted
a letter expected to be sent Friday to the Fortune 1000 companies,
cautioning executives that employees' song- or movie-swapping could put
them at legal risk.
http://zdnet.com.com/2100-1106-963208.html
----------------------------------------------------
[20] Free speech feels Net copyright chill
By Lisa M. Bowman
Staff Writer CNET News.com
October 24, 2002, 4:00 AM PT
Rick Sanchez thought the bright folks at Mensa International would agree
that his Pets or Food Web site was a joke.
He was sure that the site's offers of "freshly clubbed" frozen baby seal
meat and "a dozen Doberman flank steaks for a Super Bowl party" were a
dead giveaway. If not, then surely the site's frisky description of
fictional CEO Sydney Zwibel--a "former animal disposal technician,"
Mensa member and alternate member of the 1984 Olympic Fencing
Team--smacked of parody.
So he was astonished to get a letter from Mensa this summer, addressed
not to him but to his imaginary character, saying Zwibel's use of the
group's trademark without permission could result in "civil and criminal
penalties."
http://news.com.com/2100-1023-963122.html
----------------------------------------------------
[21] Encryption method getting the picture
By Sandeep Junnarkar
Staff Writer, CNET News.com
October 23, 2002, 9:06 AM PT
Researchers have created a new way to encrypt information in a digital
image and extract it later without any distortion or loss of
information.
A team of scientists from Xerox and the University of Rochester said
that the technique, called reversible data hiding, could be used in
situations that require proof that an image has not been altered.
Its uses could range from sensitive military and medical diagnostic
images to legal documents and photographs of crime scenes. The technique
could also be used to encode information within the image itself for
cataloging and retrieving from databases.
http://news.com.com/2100-1001-963054.html
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
