_________________________________________________________________
London, Thursday, October 17, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
---------------------------------------------------------------------
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] DARPA developing info awareness
[2] Beneath the Threat of Cyber-Terror
[3] Existing technologies could bridge information gaps
[4] Existing technologies could bridge information gaps
[5] Security Expert Gives Operating Systems Poor Security Grade
[6] Senate moves closer to homeland security compromise
[7] World Cybercrime Experts See Need for Laws, Ties
[8] A Deadly Cocktail of Cyber and Physical Attack
[9] (UK) Police put Linux on trial
[10] More Americans go online
[11] Copyrights, Wrongs Get a Review
[12] Online industry ignorant of new laws
[13] Symantec warns of security hole in firewall products
[14] Handy future for online security
[15] MS beta site cracked
[16] Identifying and Tracking Emerging and Subversive Worms Using ...
[17] Energy Department rolls out e-gov plan
[18] Westminster man sentenced in trade-secrets case
_________________________________________________________________
News
_________________________________________________________________
[1] DARPA developing info awareness
BY Dan Caterinicchia
Oct. 17, 2002
The Defense Advanced Research Projects Agency is developing a total
information awareness system to enable national security analysts to
detect, classify, track, understand and pre-empt terrorist attacks
against the United States.
The system, parts of which are already operational, will bring together
other systems and technologies to help military and intelligence
analysts make decisions related to national security, said Robert Popp,
deputy director of DARPA's Information Awareness Office, which is
heading up the effort.
http://www.fcw.com/fcw/articles/2002/1014/web-darpa-10-17-02.asp
----------------------------------------------------
(FUD, FUD FUD, ... I am amazed to which experts journalists go sometimes
and believe everything. For example I am not a PsyOps experts (I am very
interested in Influence Operations, but I do not consider myself a
subject expert), but I have been contacted by British print and radio
press and a US TV news network to comment about .... which I usually
kindly reject (even though I have to admit the prime time US news thing
was tempting).
****
... "A well-orchestrated terrorist group like Al Qaeda would have the
capabilities, the allegiances, the technical skill-sets... they've
already demonstrated that ability," Schwartau said. "Whatever the
hackers know, the bad guys can know, if they choose to know it." ...
****
Hmmmm what a statement! I still love Securitynewsportal's comments to a
similar statement few months ago which said:
'The Al Qaeda could also be preparing to fly to the moon under their own
power... but reality and the laws of gravity dictate that they might
have a hard time... There is a significant difference between what
people 'want' to do and what they are 'able' to do... The drunken
hamster wants to date a blonde 19 year old beauty queen... Want to guess
what his chances for success are ?'
*****
... Goggans says a terrorist-caused blackout could have deadly effects.
"Are you on an iron lung? Are you in the area of a major hospital? Who
knows what could happen? A lot of things are really dependent on power,"
he said. ...
*****
I really wonder sometimes: there were major blackout (naturally not
caused by cyberterrorists) and people managed to survive.
***
'... Meanwhile, the chance for cyber-terrorists to easily break in to
wireless systems is growing all the time. While the tech sector remains
extremely weak, wireless is booming. ...'
*****
Gee, do I have to be afraid now that Bin Laden is going to wardrive
around Wimbledon to break into my PC? Such articles are not
constructive as they do not help to educate the average John & Jane Doe
on the street about real
security issues and some journalists should think twice before
publishing such rubbish. WEN)
[2] Beneath the Threat of Cyber-Terror
By Paul Strand
Washington Correspondent
October 15, 2002
In the real world, could real terrorists kill by keystroke, cripple
critical systems, or topple the economy?
CBN.com – WASHINGTON, D.C. — Al Qaeda leaders, in recordings released
this month, swore to destroy the American economy and attack its
"joints." One frightening worry in this computer age and the age of
terror is that the two will come together in a devastating new age of
cyber-terror.
Some security analysts warn that in the ultra-wired world of modern
America, computers and data links represent very vulnerable parts of the
economy. They suggest cyber-attacks could damage communications, cut off
power and wreak havoc on the economy.
Hollywood has made us believe computer geniuses can hack into any system
anywhere, exercising near god-like powers over the rest of us by their
infinite ability to manipulate computers.
But in the real world, could real terrorists kill by keystroke, cripple
critical systems, or topple the economy?
http://www.cbn.com/CBNNews/News/021015a.asp
----------------------------------------------------
[3] Ivory Coast's warriors take war to Web
Africa's rebel groups use the Net to spread message
Wednesday, October 16, 2002 Posted: 1:46 PM EDT (1746 GMT)
ABIDJAN, Ivory Coast (Reuters) -- First their AK-47s, then their
satellite phones and now a Web site. Ivory Coast's rebels have come of
age.
Putting propaganda on the Internet is par for the course for rebel
groups in Africa, where access to technology -- though limited -- is
making it easier for those who want to start civil wars.
Their uprising is only four weeks old and the Patriotic Movement of
Ivory Coast's Web site is even newer.
http://www.cnn.com/2002/TECH/internet/10/16/ivorycoast.war.reut/index.ht
ml
http://www.supportmpci.org/
----------------------------------------------------
[4] Existing technologies could bridge information gaps
By Molly M. Peterson, National Journal's Technology Daily
The intelligence and law enforcement communities could use existing
technologies to bridge information gaps scrutinized after the Sept. 11,
2001 terrorist attacks, several government and industry experts said
Tuesday. However, implementing those technologies will not be a quick or
easy task, they noted.
"The technology is there," said Maj. Ronald Moore, an information
security specialist in the Air Force Reserve who has been on active duty
since the attacks. "Have all the tools been adapted by the agencies?
No."
Speaking at a conference sponsored by the Council of Security and
Strategic Technology Organizations, Moore said intelligence agencies
have a "basic infrastructure" in place to link their internal systems
and share information with their law enforcement counterparts at the
federal, state and local levels. "It's just a matter of turning it on
and making it happen," Moore said. "But that's easier said than done."
http://207.27.3.29/dailyfed/1002/101602td1.htm
----------------------------------------------------
[5] Security Expert Gives Operating Systems Poor Security Grade
Examining Security in Proprietary and Open Source
Robert McMillan
Is open source software more secure? To most Linux enthusiasts, the
answer is obvious: open source means more people can look for bugs and a
faster dissemination of bug fixes. Obviously, yes. But noted security
expert Gene Spafford says that this may not necessarily be true.
According to the Purdue professor of computer science and co-author of
Practical Unix & Internet Security, good security begins with good
design and neither Windows nor Linux have much to brag about in that
category. And while you might not agree with Spaf's assessment of the
strengths of open source, you have to admit that he knows a thing or two
about computer security. He's the director of Purdue's Center for
Education and Research in Information Assurance and Security, and has
advised a wide variety of organizations on computer security, including
CERT, the FBI, the Secret Service, and the Air Force.
LP: You've been a vocal critic of both Windows and Linux's security
design. What's the problem with Linux?
Spafford: Windows is awful, but well, so is Linux. Neither presents an
environment that your average business user or government user or home
user is able to install and use out of the box without worries. And in
fact, if you look at your typical Linux distributions, with all of these
tools and extra drivers and everything that's thrown on, a lot of that
is programmed by people without training, without careful thought, and
without careful design.
http://www.linuxplanet.com/linuxplanet/interviews/4495/1
----------------------------------------------------
[6] Senate moves closer to homeland security compromise
By Brody Mullins, CongressDaily
Republicans and Democrats may be close to a deal on homeland security
legislation that could lead to Senate approval of the politically
charged bill in the next few days—and perhaps reduce pressure for a busy
week next week or even a lame-duck session.
After weeks of haggling over procedure, Senate Republicans signaled
Wednesday they might accept an offer from Majority Leader Tom Daschle,
D-S.D., calling for a straight up-or-down vote on a key GOP-supported
amendment. The amendment, sponsored by Sens. Phil Gramm, R-Texas, and
Zell Miller, D-Ga., would give President Bush the authority he seeks
over the new department's personnel rules.
"I think that probably would be accepted," Minority Leader Trent Lott
said in response to a reporter's question. However, Lott said that he
did not want to "speak out of school," adding that he would run the
issue by Senate Republicans during their luncheon Wednesday afternoon.
http://207.27.3.29/dailyfed/1002/101602cd1.htm
----------------------------------------------------
[7] World Cybercrime Experts See Need for Laws, Ties
10/16/02 2:50 AM
Source: Reuters
By Kim Yeon-hee
SEOUL (Reuters) - Top international cyber-crimebusters wrapped up a
three-day conference in the world's most wired country on Wednesday with
a call for greater global cooperation to fight online offences.
Senior cyber-crime police officers from 37 countries agreed at a meeting
in South Korea that worldwide investigations were needed to chase online
criminals who operate with little regard for state frontiers.
"Cyber crimes are global crimes, using global IT networks," said Des
Berwick, an executive officer of the Australasian Center for Policing
Research, on the sidelines of the fifth Interpol conference on computer
crime.
Interpol -- which promotes international police cooperation and does not
deal with crimes involving just one country -- is based in Lyon, France,
and has 179 member countries.
It was the first time Interpol had held its computer crimes conference
outside its headquarters and it was no coincidence South Korea was
chosen as the venue. South Korea has the world's highest number of
high-speed broadband Internet users, and has cyber-crime statistics to
match.
http://news.cnet.com/investor/news/newsitem/0-9900-1028-20543844-0.html
----------------------------------------------------
[8] A Deadly Cocktail of Cyber and Physical Attack
Date: Wednesday, 16 October 2002
Source: The Straits Times (Singapore)
Story: Disrupting technology used by essential services may cripple
rescue efforts in life-threatening emergencies, says expert.
CYBER-TERRORISM has so far been confined to minor disruptions by
hackers, but it still worries Microsoft's chief security strategist
Scott Charney.
At the root of his concerns is a worst-case scenario involving a
cocktail of cyber and physical destruction that would threaten the lives
of thousands.
Such a combination might, for example, have involved a cyber-attack on
Manhattan, where power, communication and the city's other critical
management systems were brought down just before the two planes hit the
World Trade Center last year. 'Law enforcement, hospitals, firefighting
all make heavy use of information technology.
'If you disrupt the technology at that moment, you can make it much
harder for them to respond efficiently and cause that much more harm,'
explained Mr Charney.
http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=9297
----------------------------------------------------
[9] Police put Linux on trial
West Yorkshire police has taken delivery of some Linux workstations as
part of a trial which, if successful, could lead to the force rolling
out the open-source software on 3,500 desktops, shaving £1m off its
annual IT spend in the process.
http://zdnet.com.com/2110-1104-962303.html
----------------------------------------------------
[10] More Americans go online
Even as Internet usage, satisfaction levels rise, many consumers are
still worried about security.
October 16, 2002: 3:45 PM EDT
NEW YORK (CNN/Money) - Americans are using and enjoying the Internet
more, a private research firm said Wednesday, even though they're still
not entirely sure their personal information is secure.
Sixty-one percent of all Americans go online at least once a month,
compared with 59 percent at the end of 2001, the Conference Board said
in its quarterly report on Internet usage. The private research firm is
better known for its monthly survey of consumer confidence.
http://money.cnn.com/2002/10/16/news/internet_barometer/index.htm
----------------------------------------------------
[11] Copyrights, Wrongs Get a Review
By Brad King | Also by this reporter Page 1 of 1
02:00 AM Oct. 16, 2002 PDT
A controversial portion of digital copyright law will get a public
airing next month.
Starting Nov. 19, the United States Copyright Office will begin taking
public comments on the section of the Digital Millennium Copyright Act,
known as the DMCA, which prohibits people from breaking encryption
technologies.
When the DMCA was enacted Oct. 28, 1998, a provision was built in that
requires the registrar of copyrights and the assistant secretary for
communications and information to revisit certain aspects of the law
every three years.
http://www.wired.com/news/digiwood/0,1412,55801,00.html
----------------------------------------------------
[12] Online industry ignorant of new laws
Author: Staff writer , ITWeb
[ITWeb, 14 Oct 2002] A survey, conducted to test perceptions of the
online industry towards the Electronic Communications and Transactions
(ECT) Act and the Promotion of Access to Information Act (PAIA), has
found that only 27% of respondents feel they understand the risk of
non-compliance.
A further 26% do not know what they should do to make their Web sites
compliant with the ECT Act, while only 16% know how the PAIA impacts
their Web sites.
Only 5% have legal notices on their sites that comply with chapters
three and seven of the ECT Act and 6% have the required PAIA manuals.
http://www.sundaytimes.co.za/business/technology/Tech1.asp
----------------------------------------------------
[13] Symantec warns of security hole in firewall products
Thursday 17 October 2002
A flaw discovered in a common component of Symantec's firewall
technology leaves a number of that company's products vulnerable to
denial of service (DoS) attacks.
News of the flaw was released in a bulletin from Symantec and by Danish
security services firm Advanced IT Security.
The security hole was discovered in the Web proxy component of
Symantec's Enterprise Firewall product, also known as Simple Secure
Webserver 1.1.
http://www.cw360.com/bin/bladerunner?REQSESS=wt8X5A1X&2149REQEVENT=&CART
I=116719&CARTT=1&CCAT=1&CCHAN=13&CFLAV=1
----------------------------------------------------
[14] Handy future for online security
Will the Quizid card provide solution to digital identity?
A credit-card sized device, which could potentially be issued to
thousands of citizens, is being heralded as a major breakthrough in the
search for establishing secure identification on the internet.
Currently buying something on the net, using banking or government
services requires users to enter a password and username that are
potentially insecure.
http://news.bbc.co.uk/1/hi/technology/2334491.stm
----------------------------------------------------
[15] MS beta site cracked
By Thomas C Greene in Washington
Posted: 17/10/2002 at 07:54 GMT
The server on which Microsoft makes its beta programs available for
testing has been infiltrated by outsiders who have downloaded an
unspecified cornucopia of programs. Among the items available are
forthcoming editions of Win-XP, .NET Server, and some confidential works
in progress.
http://www.theregister.co.uk/content/55/27651.html
----------------------------------------------------
[16] Identifying and Tracking Emerging and Subversive Worms Using
Distributed Intrusion Detection Systems
by Nathan Einwechter
last updated October 16, 2002
Worms continually become more sophisticated, as new propagation methods
and stealth techniques are developed and implemented. As worms continue
to evolve, so must our ability to detect and track them. One solution is
the use of distributed intrusion detection systems (dIDS) to identify
new and emerging worms that utilize new subversive propagation
techniques. This paper will discuss how and why the dIDS design is able
to identify, detect, and track worms even as they implement more
advanced propagation methods.
Defining Emerging and Subversive Worms
To understand the solution, we must first understand the problem by
defining two terms. For the purpose of this paper, we will define
emerging worms as those that are previously unknown, or those that are
beginning to emerge as a high-priority threat due to an accelerated or
high rate of infection. Subversive worms will be further defined as
those worms that are typically more difficult to detect or identify,
particularly as they use new and or unusual (which is to say previously
unseen) techniques to propagate and communicate. Thus, a subversive worm
would be any worm that utilizes covert channels or stealth scanning
techniques to disguise its activities.
http://online.securityfocus.com/infocus/1634
----------------------------------------------------
[17] Energy Department rolls out e-gov plan
By Tanya N. Ballard
The Energy Department launched its electronic government plan on
Wednesday, unveiling a new e-signature tool it has licensed for
governmentwide use.
The 19-point plan, which will be implemented over the next two years,
aims to make Energy more accessible to other government entities,
citizens and businesses and improve the agency’s own operations. An
important part of the plan allows Energy and other federal agencies to
use digital signature technology to time-stamp and place secure
documents on the Internet.
“This important development serves as a key milestone in meeting the
security and productivity objectives of DOE's e-government strategy,”
Energy Secretary Spencer Abraham said about the e-signature initiative
at a press conference. “We are pleased to share this new technology with
other agencies in the federal government.”
http://207.27.3.29/dailyfed/1002/101602t1.htm
----------------------------------------------------
[18] Westminster man sentenced in trade-secrets case
Jeffrey A. Forgues of Westminster pled guilty Tuesday to trying to steal
trade secrets from AlphaGary Corp. of Leominster, a manufacturer of
plastic wire and cable insulation compounds.
U.S. District Court judge Nathaniel M. Gorton sentenced Forgues to two
months in jail, then two years of supervised probation.
http://boston.bizjournals.com/boston/stories/2002/10/14/daily28.html
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
