_________________________________________________________________ London, Tuesday, November 05, 2002 _________________________________________________________________
INFOCON News _________________________________________________________________ IWS - The Information Warfare Site http://www.iwar.org.uk _________________________________________________________________ --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- _________________________________________________________________ ---------------------------------------------------- [News Index] ---------------------------------------------------- [1] (InfraGard) Combating cybercrime [2] 'You're still guilty,' judge in Sun et al antitrust case tells MS [3] Homeland security wish list set [4] 'War' over digital privacy bill heats up [5] Hacker turncoat opines on computer security [6] Mozilla riddled with security holes [7] First-of-its-kind center to train cybersleuths [8] Braid fails to unpick the Web [9] Kofi Annan's IT challenge to Silicon Valley [10] Court rules against AOL on Net privacy [11] Homeland security IT official to resign [12] Hackers stick California city with $30,000 phone bill [13] Unbreakable Crypto: Who Needs It? [14] Chinese province issues swipe IDs to Internet cafe users [15] Axe man hacks man over hacking fears [16] Defense Department studying nonlethal chemicals [17] Agencies to test Adobe technology for online transactions [18] Intercepts: Rumsfeld Sinks 'CINCs' [19] Feds Getting IT Together [20] (UK) Government websites under fire [21] Latest Linux takes control of access _________________________________________________________________ News _________________________________________________________________ [1] Combating cybercrime 11/04/02 Chris Seper Plain Dealer Reporter FBI agent Stan Paulson overhears companies chatter about security breaches and hackers and other criminals probing their computer systems and does nothing about it. By looking the other way, he upholds the tenets of an organization that has helped improve Internet security throughout the country. InfraGard, founded by the Cleveland FBI's office in 1996, has used confidentiality, FBI clout and offers of expert training to convince companies to work together and reveal details about cyberspace attacks on their systems. http://www.cleveland.com/business/plaindealer/index.ssf?/xml/story.ssf/h tml_standard.xsl?/base/business/103631949234480.xml InfraGard http://www.infragard.net/ InfraGard Manufacturing Industry Association http://trust.ncms.org/ NIPC http://www.nipc.gov/ ---------------------------------------------------- [2] 'You're still guilty,' judge in Sun et al antitrust case tells MS By John Lettice Posted: 05/11/2002 at 11:19 GMT US District Judge J Frederick Motz has rejected a Microsoft attempt to – effectively – have a string of prior convictions expunged from its record. Yesterday the Maryland judge denied a request by Microsoft attorneys to re-open 395 of Judge Penfield Jackson's 412 findings of fact, so for the moment at least Jackson's conclusions can be used in the case Motz is dealing with. http://www.theregister.co.uk/content/4/27935.html ---------------------------------------------------- [3] Homeland security wish list set BY Judi Hasson Nov. 4, 2002 Although the debate over creating a Homeland Security Department is stalled in Congress, officials have quietly drawn up a list of their top priorities to jump-start the agency if and when lawmakers approve it. Jim Flyzik, a senior adviser at the Office of Homeland Security, said Oct. 23 that the first priority would be consolidating the 58 government watch lists of suspected terrorists into a single list. http://www.fcw.com/fcw/articles/2002/1104/pol-custom1-11-04-02.asp ---------------------------------------------------- [4] 'War' over digital privacy bill heats up Kent Hoover Washington Bureau Chief Frustrated by their inability to stop the unauthorized sharing of music and movies over the Internet, the entertainment industry wants permission from Congress to declare technological war on peer-to-peer networks. Legislation introduced by Rep. Howard Berman, D-Calif., would enhance the ability of copyright owners to use anti-piracy technology to block distribution of their works on file-sharing networks. The bill exempts copyright owners from anti-hacking laws as long as they do not delete or alter computer files. http://www.bizjournals.com/extraedge/washingtonbureau/archive/2002/11/04 /bureau1.html ---------------------------------------------------- [5] Hacker turncoat opines on computer security Verne Kopytoff San Francisco Chronicle Published Nov. 4, 2002 HACKER04 Kevin Mitnick, the notorious computer hacker who was one of the FBI's Most Wanted fugitives when he was arrested in 1995, says he has changed his stripes. After serving a five-year prison term for breaking into the computers of several high-tech firms, stealing software and causing millions of dollars in damage, the 39-year-old has renounced his old ways and launched a career as a public speaker and computer security consultant. http://www.startribune.com/stories/535/3408614.html ---------------------------------------------------- [6] Mozilla riddled with security holes By John Leyden Posted: 05/11/2002 at 10:38 GMT Details of six flaws in Mozilla, the open source browser were posted on BugTraq at the weekend. Versions of Mozilla previous to version 1.0.1 contain multiple security vulnerabilities, so users need to update their browser software. The flaws could be used by an attacker to read data off of the local hard drive, gain information which should normally be kept private, and in some cases to execute arbitrary code, an advisory by Red Hat explains. That advisory was published on October 18, and dealt with problems that first came to light in September. Last Friday (November 1) BugTraq posted a half dozen updated advisories which spell out the various risks and gives links to proof on concept demonstrations relating to the six. http://www.theregister.co.uk/content/55/27934.html ---------------------------------------------------- [7] First-of-its-kind center to train cybersleuths PITTSBURGH (AP) - Forget eyewitnesses, fingerprints or DNA. Some of the most sought-after evidence is now e-mail and electronic files and a new training center will teach investigators how to find it. Federal agents and prosecutors, police departments, professors and business leaders in Pittsburgh and West Virginia have joined forces to create the National Cyber Forensics and Training Alliance, which is being touted as the first of its kind in the country. "It is the first one to get off the ground and is being promoted by us as a model for the nation," said Richard Johnson, director of the National White-Collar Crime Center in Morgantown, W.Va. "The alliance is certainly unique." There are other cybercrime alliances among universities, businesses and law enforcement, but the Pittsburgh group will be the first with a training center. Organizers hope to offer degrees in computer forensics and investigations and it will have a lab that will simulate computer crimes and attacks. http://www.observer-reporter.com/312107321544007.bsp ---------------------------------------------------- [8] Braid fails to unpick the Web By John Leyden Posted: 05/11/2002 at 12:00 GMT An email worm, believed to have originated in Korea, is winding its way across the Net this morning. Braid.A (aka Bridex) is written in Visual Basic and usually arrives in an email message as README.EXE attachment. The worm uses an iFrame exploit to run itself automatically on unpatched versions of Microsoft Outlook, Microsoft Outlook Express, and Internet Explorer (there's a fix from MS for this well known exploit here.) http://www.theregister.co.uk/content/56/27937.html ---------------------------------------------------- [9] Kofi Annan's IT challenge to Silicon Valley By Kofi Annan November 5, 2002, 4:00 AM PT The new information and communications technologies are among the driving forces of globalization. They are bringing people together, and bringing decision makers unprecedented new tools for development. At the same time, however, the gap between information "haves" and "have-nots" is widening, and there is a real danger that the world's poor will be excluded from the emerging knowledge-based global economy. Information technology is extremely cost-effective compared with other forms of capital. Modest yet key investments in basic education and access can achieve remarkable results. Estonia and Costa Rica are well-known examples of how successful IT strategies can help accelerate growth and raise income levels. But even some of the least-developed countries, such as Mali and Bangladesh, have shown how determined leadership and innovative approaches can, with international support, connect remote and rural areas to the Internet and mobile telephony. http://news.com.com/2010-1069-964507.html?tag=lh ---------------------------------------------------- [10] Court rules against AOL on Net privacy 09:07 Tuesday 5th November 2002 Reuters With laws on Internet privacy still unsettled, the ruling could have a significant effect on how users' anonymity is protected The Virginia Supreme Court has ruled against America Online in its efforts to protect the identity of one of its 35 million subscribers by asking the court to quash a subpoena calling for the member's name, in an issue that goes to the heart of the anonymity of the Internet. The ruling against the world's largest Internet service provider, based in Dulles, Virginia, was the latest in the evolution of privacy laws as they pertain to the Internet and identities of Web surfers, privacy experts said. "The law is very unsettled and still being written. Any decision by the highest court of any state -- particularly the one where AOL resides -- is significant,'' said David Sobel, general counsel at Electronic Privacy Information Center. http://news.zdnet.co.uk/story/0,,t269-s2125333,00.html ---------------------------------------------------- [11] Homeland security IT official to resign By Shane Harris HERSHEY, Pa.—Jim Flyzik, a senior advisor to Homeland Security Director Tom Ridge, announced Monday that he will retire from government Dec. 17. Flyzik has been on temporary assignment to the White House after leaving his post as chief information officer of the Treasury Department in April. Flyzik is in the middle of a second 120-day detail to the Office of Homeland Security, where he has been working with Ridge and CIO Steve Cooper on various technology projects, including the integration of more than 50 terrorist suspect “watch lists.” Flyzik made his announcement at a press conference here during the Industry Advisory Council’s annual Executive Leadership Conference. The council is made up of hundreds of executives from IT companies that do business with the government. http://www.govexec.com/dailyfed/1102/110402h1.htm ---------------------------------------------------- [12] Hackers stick California city with $30,000 phone bill Associated Press Published Nov. 4, 2002 HACK05 EAST PALO ALTO, CALIF. -- Hackers have stuck the city of East Palo Alto, California with a huge phone bill -- $30,000. A number of calls were placed to the Philippines over a five-day period in July -- and they weren't made by city workers. AT&T investigators confirmed that hackers broke into the city's telephone system to make the bogus calls before they were detected and cut off. http://www.startribune.com/stories/535/3408539.html ---------------------------------------------------- [13] Unbreakable Crypto: Who Needs It? By Dennis Fisher A New York-based startup on Monday announced that it has a working prototype of a device capable of employing quantum cryptography to encode keys on existing high-speed networks. However, cryptographers say the system likely holds little value for enterprises. MagiQ Technologies Inc. is the first company to announce its intention to sell a commercial solution based on the concept of quantum cryptography. Code-named Navajo, the system comprises an appliance at either end of the communications link, capable of generating keys and encoding them one photon at a time. http://www.eweek.com/article2/0,3959,667348,00.asp ---------------------------------------------------- [14] Chinese province issues swipe IDs to Internet cafe users By Tim Richardson Posted: 05/11/2002 at 12:09 GMT People in the central Chinese province of Jiangxi who use cybercafes are having their online activities monitored by police. Anyone who wants to use a cybercafe must now carry an Internet identity card containing personal details including their name and address. These details are then logged onto a police database. http://www.theregister.co.uk/content/6/27939.html ---------------------------------------------------- [15] Axe man hacks man over hacking fears By John Leyden Posted: 04/11/2002 at 16:50 GMT A family friend who linked the PCs of two brothers together was attacked with an axe after one suspected he'd hacked into his machine, a Scottish court heard today. John Wilson, 36, unemployed, attacked John Evans, an oil company analyst, after inviting him over to quiz him over his suspicions last January. http://www.theregister.co.uk/content/55/27920.html ---------------------------------------------------- [16] Defense Department studying nonlethal chemicals By David Ruppe, Global Security Newswire The U.S. military has initiated a plan to research and develop so-called nonlethal chemical agents for a wide range of possible civilian and military purposes, according to a Pentagon document obtained by Global Security Newswire. Arms control experts say the plan could run afoul of the international Chemical Weapons Convention, to which the United States is a party. The plan calls for demonstrating the feasibility of a “safe, reliable” chemical immobilizing agent or agents for nonlethal applications in appropriate military missions and law enforcement situations, according to the document, Chemical Immobilizing Agents for Non-lethal Applications, a solicitation for corporate bids to perform the research. http://www.govexec.com/dailyfed/1102/110402gsn1.htm ---------------------------------------------------- [17] Agencies to test Adobe technology for online transactions By Maureen Sirhal, National Journal's Technology Daily Several federal agencies are eyeing a new technology product from Adobe that can fully digitize documents. The technology would help them meet an impending mandate for conducting more business electronically. The Internal Revenue Service and Agriculture Department have been participating in a test program launched by the San Jose, Calif.-based software maker. The technology will allow citizens to download and save portable documents known as PDF files. Three agencies within Agriculture—Rural Development, the Farm Service Agency and the National Resource Conservation Service—are weighing whether to adopt the platform known as the "Adobe Document Server For Reader Extension," said David Pfaffenberger, a computer specialist with Rural Development at the department. http://www.govexec.com/dailyfed/1102/110402td1.htm ---------------------------------------------------- [18] Intercepts: Rumsfeld Sinks 'CINCs' Nov. 4, 2002 The Interceptor noticed an interesting phenomenon recently when it comes to the language used by Defense Department leaders giving presentations at local conferences and symposiums. From the secretaries of the services on down, speech-givers seemed to be avoiding the term "CINC" at all costs, and now we know why. Defense Secretary Donald Rumsfeld said so. Rumsfeld last month released a memorandum to DOD leaders that said President Bush is the nation's only commander in chief (CINC) and then forbade the services from using the acronym, pronounced "sink," for military officer titles, which has been done for decades. ---------------------------------------------------- [19] Feds Getting IT Together By Dennis Fisher and Caron Carlson Government security officials have begun a new era of interagency cooperation that has led to unprecedented levels of information sharing. And while the high-level meetings have strengthened government security capabilities, they have also highlighted shortcomings in a key part of the data gathering and analysis processes. The movement inside the government comes as the White House faces continued pressure to narrow the National Strategy to Secure Cyberspace to focus on systems that are most vulnerable to terrorist threats. Security insiders say provisions for home computer users and small businesses should be revisited in a revised draft that is due to be released by the end of the year. As that debate continues, the heads of several federal security organizations—including the Federal Computer Incident Response Center, the Critical Infrastructure Assurance Office and the National Infrastructure Protection Center—have begun meeting regularly to coordinate their activities and establish ground rules for information sharing. http://www.eweek.com/article2/0,3959,666804,00.asp ---------------------------------------------------- [20] Government websites under fire Ministers are being urged to suspend their £5 billion e-government programme amid claims that hundreds of official websites were experiencing "serious problems". An independent survey of 20 "flagship" Government websites found that three-quarters needed "immediate attention" - with the Prime Minister's own site one of the worst offenders. It warned that the Government's target of fully on-line government by 2005 was "not realistically achievable" and urged ministers to halt the web aspects of the programme while existing faults were rectifie http://www.ananova.com/news/story/sm_702432.html ---------------------------------------------------- [21] Latest Linux takes control of access By Roger Howorth [04-11-2002] Version 2.6 to contain many other features found in commercial Unixes Companies using or considering Linux should start planning for the next version, following news that developers last week stopped adding features to the newest kernel in preparation for the next upgrade. The next version of the open source kernel, Linux 2.6, contains many significant improvements, but the operating system has some way to go before it offers similar functionality to commercial versions of Unix, such as stronger security features. http://www.vnunet.com/News/1136522 ---------------------------------------------------- _____________________________________________________________________ The source material may be copyrighted and all rights are retained by the original author/publisher. Copyright 2002, IWS - The Information Warfare Site _____________________________________________________________________ Wanja Eric Naef Webmaster & Principal Researcher IWS - The Information Warfare Site <http://www.iwar.org.uk> --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk