_________________________________________________________________ London, Tuesday, October 29, 2002 _________________________________________________________________
INFOCON News _________________________________________________________________ IWS - The Information Warfare Site http://www.iwar.org.uk _________________________________________________________________ --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- _________________________________________________________________ ---------------------------------------------------- [News Index] ---------------------------------------------------- [1] Of mad snipers and cyber- terrorists [2] Government, industry debate international IT security center [3] 'We are the worst security risk' - sys admins confess [4] RPT-Pro-Islamic hackers gear up for cyber war-experts [5] Reuters accused of hack attack [6] Pentagon computers tougher for hackers [7] Talking security [8] Universities asked to avert student file sharing [9] E-Commerce Patent Disputes Erupt [10] Kournikova virus writer loses appeal and faces 150 hours' community service [11] Report: Market forces not enough to improve security [12] Mexico summit urges anti-piracy action [13] Perspective: Privacy advocates lose an ally [14] Australian team patents new firewall technology [15] Hackers claim to have cracked new "secure" Xbox [16] Army vendor team advances FCS [17] Attack of the Mod Squads _________________________________________________________________ News _________________________________________________________________ [1] Of mad snipers and cyber- terrorists By Thomas C Greene in Washington Posted: 29/10/2002 at 01:34 GMT Last Monday the Internet was attacked in what one Washington official described as "the most sophisticated and largest assault" in its history. Eight of thirteen root DNS servers got whacked simultaneously with a distributed denial of service attack. Had the assault not been shut down in an hour, the constant interchange of e-mail spam and viruses might have been slowed; the ability of millions to BS idly with strangers in IRC might have been impeded; e-commerce orders of bulk dog food might have gone unfulfilled; and millions of teenagers might have been denied their daily downloads of porn and warez and MP3s. None of this happened, of course. Somehow, the Internet survived. It survived against the dire warnings of White House alarm divas Richard Clarke and Howard Schmidt. It survived against the patently faked predictions of Gartner Experts who recently conducted devastating cyber 'war games' but sleazily neglected to involve a blue team and sleazily neglected to emphasize this curious fact. Had there been people working against the Gartner pseudo attack squads, as there would be in the real world, their pseudo results would have been vastly different. http://www.theregister.co.uk/content/55/27819.html See also Mock cyberwar fails to end mock civilization http://theregister.co.uk/content/archive/26675.html ---------------------------------------------------- [2] Government, industry debate international IT security center By William New, National Journal's Technology Daily BRUSSELS, BELGIUM - U.S. and European officials and businesses on Monday debated the merits of a proposal to establish a global center for information technology security based on the center that united them in their fight against the much-anticipated Y2K computer bug. Harris Miller, president of the Information Technology Association of America, raised the issue here at the U.S.-EU IT Security Forum. "There is still no mechanism globally that allows governments on an instantaneous basis, and industry on an instantaneous basis across industries, to communicate regularly or in the case of a crisis about cyber security," he said in an interview. Miller said that like the Y2K center, the proposed International Information Security Coordination Center could be a small and inexpensive operation. "The players are in place, but the coordination center is necessary to get all the players on the same page, to get the communications network established," he said. http://www.govexec.com/dailyfed/1002/102802tdpm2.htm ---------------------------------------------------- [3] 'We are the worst security risk' - sys admins confess By John Leyden Posted: 28/10/2002 at 12:04 GMT More than half of all senior IT managers (58 per cent) think that their own IT departments offer the largest threat to IT security. IT security holes in corporate systems often open up during systems upgrades or when integrating new applications into core infrastructure, senior managers reported during a recent (and not particularly comprehensive) survey by security consultants Defcom. http://www.theregister.co.uk/content/55/27810.html ---------------------------------------------------- (FUD of the week. Maybe the article should have its title changed to 'Bored teenagers in the Middle East engage in cybergraffiti' WEN) [4] RPT-Pro-Islamic hackers gear up for cyber war-experts Reuters, 10.29.02, 4:24 AM ET By Michael Christie SYDNEY, Oct 29 (Reuters) - Pro-Islamic hackers are on the frontline of a potential new cyber war after the end of a ceasefire by "hacktivists" and virus designers that followed the September 11 attacks on the United States, Internet experts say. Pro-Islamic hackers are escalating attacks against countries backing the U.S. war on terror and its campaign against Iraq, while the "Bugbear" worm and last week's strike on the Internet backbone signal that cyber villains are again on the prowl. http://www.forbes.com/home/newswire/2002/10/29/rtr769602.html ---------------------------------------------------- [5] Reuters accused of hack attack 'You're meant to report this stuff, not perpetrate it...' Reuters has been accused of hacking by Swedish software company Intentia, which claims its computer systems were breached and its third quarter results were lifted before the scheduled release. Intentia launched an internal investigation into the matter after Reuters allegedly reported on their results before they were officially released. The company claims to have found evidence of "unauthorised entry" into its computer systems. This entry occurred six minutes before Reuters released a bulletin based on the Q3 profit report, according to a statement made by the company. http://www.silicon.com/public/door?REQUNIQ=1035891030&6004REQEVENT=&REQI NT1=56153&REQSTR1=newsnow ---------------------------------------------------- '... Hardening the networks against intrusions or denial of service attacks is critical, especially if the United States is preparing for war. "We rely more on automated command and control that any other country," he said. ...' '... Getting Saddam Hussein's forces off the sophisticated communication network will require a combination of fire-power -- targeting the right nodes -- and other means, which he declined to identify. ...' [6] Pentagon computers tougher for hackers By Pamela Hess UPI Pentagon Correspondent >From the Washington Politics & Policy Desk Published 10/28/2002 10:40 PM NASHVILLE, Oct. 28 (UPI) -- The Department of Defense's computer networks were probed by hackers 14,500 times last year, with just 70 getting in. Of those, only three caused any damage -- and they were the same viruses that hobbled the private computer networks, according to the Army's chief of intelligence. The problem is not that hackers and virus-makers are getting better, but that relatively low-level systems administrators are failing to stop known gaps in their systems, said Lt. Gen. Robert Noonan, deputy chief of staff for intelligence, at a conference of electronic warfare professionals held here. "That's staggering," he said. "The major problem is that our people don't comply ... we put out patches, and systems administrators don't do what they should do." http://www.upi.com/view.cfm?StoryID=20021028-091658-8410r ---------------------------------------------------- [7] Talking security Richard Clarke: White House Cyber Security Chief By Hiawatha Bray, Globe Staff, 10/28/2002 With vandals trying to disrupt the Internet and probing the weaknesses of America's corporate data networks, White House Cyber Security chief Richard Clarke has his work cut out for him. Clarke, a Dorchester native and MIT graduate, came to Boston recently to make the case for President Bush's plan to secure cyberspace. He spoke to Globe technology reporter Hiawatha Bray during a visit to the newspaper. Q. What is the White House message to Americans about computer security? http://www.boston.com/dailyglobe2/301/business/Talking_security+.shtml ---------------------------------------------------- [8] Universities asked to avert student file sharing by Molly Brouillette Photo by Beche Sprigg October 28, 2002 The Recording Industry Associate of America, in conjunction with the Motion Picture Association of America and other copyright owner trade groups recently sent a letter to more than 2,000 university presidents expressing concern about the prevalence of online piracy among college students. In only a few short years, file-sharing programs such as Kazaa, Audio Galaxy and the now-defunct Napster have become huge fixtures on college campuses, many of which offer high-speed Internet connections in their dorms. This has raised concern from the trade groups who are upset about the copyright violations that file-sharing programs enable. In their letter, the trade groups equated file sharing with stealing and warned universities that students could be subject to legal liability for their actions. http://www.thetowerlight.com/vnews/display.v/ART/2002/10/28/3dbc80670189 c ---------------------------------------------------- [9] E-Commerce Patent Disputes Erupt By Sebastian Rupley Can, and should, anyone own patents on the fundamental technologies behind e-commerce? Those questions have come up before, and often did so during the heyday of the dot-coms. Then, owning patents for the computer-to-computer transaction methods that enabled electronic shopping was a central part of how e-commerce companies competed. Now, there is a new set of legal disputes over what parts of e-commerce processes can be protected by patents. Lawsuits brought by Chicago-based divine, inc., a provider of software-driven and managed enterprise services, charge that several e-commerce companies have breached its patents. There could be more legal machinations implied, and some sources tell PC Magazine that the disputes could quickly extend to any site doing e-commerce. http://www.pcmag.com/article2/0,4149,643418,00.asp ---------------------------------------------------- [10] Kournikova virus writer loses appeal and faces 150 hours' community service Tuesday 29 October 2002 A Dutch appeals court has upheld the conviction and sentence of the 22-year-old man who created and unleashed the Anna Kournikova e-mail worm last year. Last year, Jan de Wit was sentenced to 150 hours of community service for creating and sending out the e-mail worm. The appeals court confirmed the sentence. "I had hoped he would be found not guilty," said Theo Jansen, De Wit's lawyer. "My client never intended to do any damage and no damage was ever proven." No damage claims were filed with the prosecutor's office, but the US Federal Bureau of Investigation (FBI) named 55 victims of the Kournikova worm who suffered total damage of $166,827 (£107,340). http://www.cw360.com/bin/bladerunner?REQSESS=HM7Y5CY&2149REQEVENT=&CARTI =116988&CARTT=1&CCAT=2&CCHAN=22&CFLAV=1 ---------------------------------------------------- [11] Report: Market forces not enough to improve security By DAN VERTON OCTOBER 24, 2002 Market forces alone are unlikely to create the necessary incentives for businesses to make significant improvements in security, according to a study published this month by the Brookings Institution. The study, "Interdependent Security: Implications for Homeland Security Policy and Other Areas," released Oct. 17 by the Washington-based public policy think tank, argues that the shared-risk nature of today's security environment actually discourages companies from making the sometimes costly investments in security. In addition, the report states that when industry-leading companies fail to invest in certain security precautions -- because of cost or other reasons -- the knowledge that those companies aren't making such investments can help "clinch a decision not to proceed" at other firms. http://www.computerworld.com/governmenttopics/government/story/0,10801,7 5347,00.html ---------------------------------------------------- [12] Mexico summit urges anti-piracy action 10:18 Tuesday 29th October 2002 Declan McCullagh, CNET News.com Pacific Rim nations including the US and Japan are set to clamp down on Internet piracy, and to follow Europe's lead in combating cybercrime The United States, China, Japan and other Pacific Rim nations have agreed to take more steps to curb Internet piracy and cooperate more closely on punishing cybercrime. At the Asia Pacific Economic Cooperation summit, which ended on Sunday in Los Cabos, Mexico, President Bush and other politicians agreed on a set of anti-terrorism and trade-related measures that included "curtailing copyright infringement over the Internet" and enforcing intellectual property treaties. http://news.zdnet.co.uk/story/0,,t269-s2124638,00.html ---------------------------------------------------- [13] Perspective: Privacy advocates lose an ally By Declan McCullagh October 28, 2002, 10:00 AM PT WASHINGTON--I'm going to miss Dick Armey, the crusty Texas Republican and House majority leader who is retiring after 17 years in Congress. No, I won't miss his repeated attempts to outlaw electronic vice. An unapologetic social conservative, Armey voted to restrict online sales of alcohol, prohibit Internet gambling and restrict the sale of violent video games to minors. Still, Armey emerged as one of the finest champions of privacy in Washington, and his departure means that the House leadership will no longer include anyone attuned to the perils of electronic snooping. http://news.com.com/2010-1069-963537.html?tag=lh ---------------------------------------------------- [14] Australian team patents new firewall technology By Stephen Withers, ZDNet Australia 28 October 2002 A Melbourne-based group has patented a new firewall architecture that uses parallel processing and "self learning" techniques. "These aren't just ordinary firewalls," said IntelliGuard IT spokesperson Ken Baker. The software analyses the contents of packets reaching the firewall "in more detail than anything else in the world," he added. Current CPUs are not fast enough to perform such deep analysis in real time without parallel processing, Baker explained, but deployment on multiple processors also delivers scalability and redundancy. The IntelliGuard software can be conveniently deployed on blade servers. http://www.zdnet.com.au/newstech/security/story/0,2000024985,20269428,00 .htm ---------------------------------------------------- [15] Hackers claim to have cracked new "secure" Xbox [PC Pro] 12:01 Two competing teams of hackers claim to have cracked the new 'secure' Version 2 of the Xbox in under a week. The teams claim that their modifications opens the door to allow the Xbox to perform a number of tricks that Microsoft and graphics chip designer Nvidia would prefer it didn't. http://www.pcpro.co.uk/front_index.php?ip=1&page=%2Fnews%2Fnews_story.ph p%3Fid%3D33615 ---------------------------------------------------- [16] Army vendor team advances FCS BY Dan Caterinicchia Oct. 25, 2002 The lead systems integrator team for the Army's Future Combat System announced this week that it has added new subcontractors to its team as it nears completion of the FCS concept and technology development phase. FCS will equip manned and unmanned Army vehicles with information and communications systems to enable soldiers to conduct missions, including command and control, surveillance and reconnaissance, direct and indirect fire, and personnel transport. http://www.fcw.com/fcw/articles/2002/1021/web-army-10-25-02.asp ---------------------------------------------------- [17] Attack of the Mod Squads Game console mod chips can be used for everything from watching movies to installing Linux on your X-Box. But under goofy copyright laws, the piracy app kills all the others. By Mark Rasch Oct 28, 2002 On September 16, 2002, Microsoft, Sony and Nintendo filed a lawsuit against Hong Kong distributor Lik Sang International Ltd, in the High Court of Hong Kong, alleging that the company had infringed copyrights associated with their various gaming systems. In response, the company shut down, and when it came back up three weeks later, it was no longer selling mod chips. The affair is the strongest demonstration yet of how gaming manufacturers -- with the cooperation of various government agencies -- are cracking down not just on copyright infringement, but also on basic technology itself. http://online.securityfocus.com/columnists/119 ---------------------------------------------------- _____________________________________________________________________ The source material may be copyrighted and all rights are retained by the original author/publisher. Copyright 2002, IWS - The Information Warfare Site _____________________________________________________________________ Wanja Eric Naef Webmaster & Principal Researcher IWS - The Information Warfare Site <http://www.iwar.org.uk> --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk