_________________________________________________________________ London, Wednesday, November 06, 2002 _________________________________________________________________
INFOCON News _________________________________________________________________ IWS - The Information Warfare Site http://www.iwar.org.uk _________________________________________________________________ --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- _________________________________________________________________ ---------------------------------------------------- [News Index] ---------------------------------------------------- [1] Worms of the future: Here's how they'll attack you [2] Bank error exposes e-mail addresses [3] Navy Sites Spring Security Leaks [4] Math discovery rattles Net security [5] Electronic elections: What about security? [6] New center reaches out to private firms to protect infrastructure [7] Information-sharing partnerships seen as anti-terror model [8] For Microsoft, no respite from EU [9] Homeland Security staff studies data analysis tools [10] Aust companies push tech security to top priority [11] NATO plans radically new strategy [12] CIA missile team stalked bin Laden's top man for months [13] Heckenkamp Free Again [14] Sonera security staff held on snooping charges [15] Report: Defense fails to set strategic goals for securing bases [16] Polymorphic Macro Viruses, Part Two [17] Pentagon's quadrennial review found lacking [18] Hacking syndicates threaten banking [19] NSA taps vendors for encryption _________________________________________________________________ News _________________________________________________________________ [1] Worms of the future: Here's how they'll attack you Robert Vamosi, Senior Associate Editor, CNET/ZDNet Reviews Wednesday, November 6, 2002 As the Internet develops, so too will the maladies that afflict it. In other words: As more and more people protect themselves against e-mail worms and viruses, those threats will likely become smarter and more sophisticated to circumvent those protections. Perhaps this is one reason why 2002 has been relatively quiet in terms of viruses. Virus writers are hunkered down, preparing a new evolution in virus code. But security researchers are already thinking about what those evolutionary changes might look like, so (it's hoped) we can be prepared to fight these new digital pests if and when they actually appear. http://www.zdnet.com/anchordesk/stories/story/0,10738,2896683,00.html ---------------------------------------------------- [2] Bank error exposes e-mail addresses By Troy Wolverton Staff Writer, CNET News.com November 5, 2002, 2:00 PM PT Bank of the West exposed the e-mail addresses of thousands of its online banking customers Monday, in a mistake it blamed on "human error." In an e-mail message sent Monday to alert customers that its banking system would be out of service for maintenance this weekend, Bank of the West included the e-mail addresses of more than 3,300 of its customers in the "To" field, company spokesman John Stafford confirmed Tuesday. Stafford said the company mistakenly placed the e-mail addresses in the "To" field instead of masking them by placing them in the blind carbon copy (BCC) field. "It was an inadvertent mistake," Stafford said. http://news.com.com/2100-1017-964611.html ---------------------------------------------------- [3] Navy Sites Spring Security Leaks By Brian McWilliams 02:00 AM Nov. 06, 2002 PT The U.S. Navy took one of its websites offline Tuesday and added new security controls to a second site after Internet surfers discovered they could access confidential Navy databases. The exposed Navy files included material designed to support a machine for testing the electronics of weapon systems called the Consolidated Automated Support System. Web surfers were able to browse through hundreds of trouble tickets, dating back to 1989. http://www.wired.com/news/technology/0,1282,56219-1-13,00.html ---------------------------------------------------- [4] Math discovery rattles Net security By Lee Gomes THE WALL STREET JOURNAL Nov. 4 - Will Manindra Agrawal bring about the end of the Internet as we know it? The question is not as ridiculous as it was just two months ago. Prof. Agrawal is a 36-year old theoretical computer scientist at the Indian Institute of Technology in Kanpur, India. In August, he solved a problem that had eluded millennia of mathematicians: developing a method to determine with complete certainty if a number is prime. http://www.msnbc.com/news/830300.asp ---------------------------------------------------- [5] Electronic elections: What about security? Voters put touch screens to the test By Jeordan Legon CNN Tuesday, November 5, 2002 Posted: 10:02 AM EST (1502 GMT) Los Angeles County Supervisor Yvonne Brathwaite Burke casts her early ballot at a new touch-screen terminal. (CNN) -- As Americans go to the polls today, a record number of counties -- almost one fifth by some estimates -- will be tallying the votes on electronic voting machines. But some experts worry that despite rigorous testing, the machines may not be as secure as their makers promise. "People have jumped on the electronic voting bandwagon, thinking that will solve the problems," said Avi Rubin, a technology security expert and researcher at AT&T Labs in New Jersey. "But these systems are largely untested." http://www.cnn.com/2002/TECH/ptech/11/05/touch.screen/index.html ---------------------------------------------------- [6] New center reaches out to private firms to protect infrastructure By Bryan Bender, Global Security Newswire A new center dedicated to assessing terrorist threats to critical U.S. infrastructures is reaching out to other institutions to help mitigate the risk of attacks against strategic U.S. industries and government services, according to U.S. officials. The National Infrastructure Simulation and Analysis Center, or NISAC, located at Sandia National Laboratories in New Mexico, has joined in recent months with the Massachusetts Institute of Technology, Purdue University, Cornell University, Lucent Technologies and Argonne National Laboratory, among others, the officials said recently. NISAC, which is jointly supported by nearby Los Alamos National Laboratory, is seeking new strategic partners in establishing itself as the primary national facility capable of simulating how catastrophic terrorist attacks could disrupt critical infrastructure, how attacks on one node might affect other elements of national infrastructure and how to recover quickly from such events. http://www.govexec.com/dailyfed/1102/110502gsn1.htm ---------------------------------------------------- [7] Information-sharing partnerships seen as anti-terror model By Molly M. Peterson, National Journal's Technology Daily Information-sharing partnerships that helped the federal government and the private sector combat cyber attacks such as the "Code Red" and "Nimda" viruses have served as a valuable model for protecting other critical infrastructures from potential terrorist attacks, a top cyber-security official said Tuesday. "Prior to [Sept. 11, 2001], we really focused in on cyber threats," Ronald Dick, director of the FBI's National Infrastructure Protection Center (NIPC), said during the first annual conference of the Infrastructure Security Partnership. Dick noted that when the Code Red virus spread rapidly across the Internet in 2000, the FBI, the CIA, the National Security Agency and the Secret Service worked with software giants such as Microsoft and Cisco Systems to identify system vulnerabilities and determine ways to mitigate the threat. http://www.govexec.com/dailyfed/1102/110502td1.htm ---------------------------------------------------- [8] For Microsoft, no respite from EU Eric Pfanner International Herald Tribune Tuesday, November 5, 2002 'Our case is quite different' from U.S., commission says LONDON European regulators vowed Monday to pursue their investigation of Microsoft's business practices, which they have previously denounced as uncompetitive, just three days after the software company cleared a major legal hurdle in the United States. A spokeswoman for Mario Monti, the European competition commissioner, said Brussels would not use the settlement in the U.S. Justice Department's antitrust case, which a judge largely approved Friday, as a blueprint for its own proceedings. The two cases involve different issues, and European regulators in the past have pursued a tougher line over how companies use market dominance in one area, such as Microsoft's Windows operating system, to extend their reach into other product markets. "Our case is quite different from a factual point of view from the case in the United States," said a commission spokeswoman, Amelia Torres, in Brussels. "We also have our own rules to uphold." http://www.iht.com/articles/75876.html ---------------------------------------------------- [9] Homeland Security staff studies data analysis tools By Jason Miller GCN Staff HERSHEY, Pa.-The Homeland Security Office is evaluating applications to let agencies analyze links and relationships among information sets without breaching privacy laws or sparking interagency turf battles. Steve Cooper, the office's CIO, said yesterday the goal of the current tests is to validate a data-sharing concept. The premise is that to better track information on possible security threats, agencies must at minimum share information about their data, he said at the Industry Advisory Council's Executive Leadership Conference. http://www.gcn.com/vol1_no1/daily-updates/20428-1.html ---------------------------------------------------- [10] Aust companies push tech security to top priority By James Pearce, ZDNet Australia 05 November 2002 Security has pushed its way to the forefront of corporate consciousness, according to an International Data Corp (IDC) survey of Australia's medium to large organisations. The survey revealed that 90 percent of respondents rated security as "important" or "very important". The results showed investment in IT security was increasingly the result of proactive corporate policies and less a response to security breaches, reflecting the rise in corporate concern over hacking and virus infiltrations as well as a increased general awareness of security issues. http://www.zdnet.com.au/newstech/security/story/0,2000024985,20269645,00 .htm ---------------------------------------------------- [11] NATO plans radically new strategy Robert G. Kaiser and Keith B. Richburg The Washington Post Wednesday, November 6, 2002 BRUSSELS The North Atlantic Treaty Organization appears set to embrace a radically new military posture and strategy that would profoundly alter the shape and mission of the alliance, according to NATO officials here and government officials in a half-dozen European capitals. In a series of interviews, these officials said the planned changes - on the agenda of a NATO summit meeting in Prague beginning Nov. 21 - could remake the alliance more significantly than the other major item on the agenda, the admission of seven new members from Eastern Europe. A consensus on their entry was reached last summer, but invitations will be issued officially only at the Prague meeting. http://www.iht.com/articles/75927.html ---------------------------------------------------- [12] CIA missile team stalked bin Laden's top man for months By Philip Smucker in Cairo and Toby Harnden in Washington (Filed: 06/11/2002) American and Yemeni intelligence agents spent months watching Osama bin Laden's senior operative in Yemen before his assassination on his farm near the north-western city of Marib. As Qaed Salim Sinan al-Harethi, also known as Abu Ali, stepped into his car with five henchman on Sunday night, agents called in an unmanned CIA drone armed with Hellfire missiles. http://www.telegraph.co.uk/news/main.jhtml;$sessionid$OKHTPIXMFDJGLQFIQM FCFGGAVCBQYIV0?xml=/news/2002/11/06/wyem06.xml&sSheet=/news/2002/11/06/i xworld.html ---------------------------------------------------- [13] Heckenkamp Free Again Federal judges cool down and release alleged eBay hacker, who irked them. By Kevin Poulsen, Nov 5 2002 2:37PM Accused superhacker Jerome Heckenkamp was released from jail last week after seven months in federal stir, but only after assuring two federal judges that he respects their authority after all. Heckenkamp, 23, was taken into custody last March during a court appearance in San Jose, Calif. where, representing himself against a battery of computer crimes charges, he angered federal judge James Ware with a series of baffling legal arguments apparently inspired by failed tax-protester tactics. In one gambit, Heckenkamp challenged one the indictment against him on the grounds that it spelled his name in all capital letters, while he spells it with the first letter capitalized, and subsequent letters in lower case. http://online.securityfocus.com/news/1582 ---------------------------------------------------- [14] Sonera security staff held on snooping charges By John Leyden Posted: 05/11/2002 at 16:04 GMT Two senior security staff at Finnish telco Sonera have been remanded in custody, charged with breaching customer privacy by allegedly riffling through private telephone records in an attempt to identify an internal mole. Helsingin Sanomat, Finland's biggest daily newspaper, reports today that the Helsinki District Court ordered the pair to be held in custody amid fears that they would interfere with an investigation by Finland's National Bureau of Investigation into suspected violations of communications privacy by Sonera. http://www.theregister.co.uk/content/55/27945.html ---------------------------------------------------- [15] Report: Defense fails to set strategic goals for securing bases By Jason Peckenpaugh The Defense Department plans to spend $10 billion next year to safeguard military installations from terrorism, but it has not set performance goals to guide how this money should be spent, according to a new report from the General Accounting Office. The lack of an overarching strategy for base security could waste resources and hamstring efforts to assess security across military installations, GAO concluded in its report (GAO-03-14). Base security efforts include reducing the number of access points to installations, beefing up security patrols at high-risk targets and arming all security personnel. Defense has developed 31 standards to help the services protect their installations and has issued guidance for bases on assessing the vulnerability of their facilities. But the department has not set long-term performance targets that would help services fund base security in a strategic way, according to GAO. http://www.govexec.com/dailyfed/1102/110502p1.htm ---------------------------------------------------- [16] Polymorphic Macro Viruses, Part Two by Gabor Szappanos last updated November 5, 2002 This article is the second of a two-part series that will offer a brief overview of polymorphic strategies in macro viruses. The first installment of this series looked at some early examples of polymorphism, along with some of the early polymorphic techniques. This installment will look at the first serious polymorphic macro viruses, as well as the evolution of viruses into true polymorphic and, ultimately, metamorphic viruses. The First Polymorphs WM95.Slow was the first serious polymorphic macro virus. It consists of a single AutoClose macro. The main virus code is stored in a string array where the characters are shifted by a constant value selected randomly between 4 and 14. http://online.securityfocus.com/infocus/1638 Part One: http://online.securityfocus.com/infocus/1635 ---------------------------------------------------- [17] Pentagon's quadrennial review found lacking By George Cahlink The Defense Department's 2001 Quadrennial Defense Review succeeded in laying out a broad military strategy, but failed to offer a detailed analysis that could be useful in making future budget decisions, according to a new General Accounting Office report. "On the positive side, the review was enhanced by the sustained involvement of the Secretary of Defense and other senior department officials," GAO officials concluded in the report, (GAO-03-13). "In addition, it led to the adoption of a new defense strategy that underscores the need to transform the force to meet future threats and adopt more efficient business practices." But auditors found several weaknesses in the QDR process, saying the Pentagon delayed the start of the review by several months until other strategic reviews were completed; failed to consider certain topics required by Congress (including the reform of Defense agencies); and did not take a detailed look at the long-term structure of U.S. forces. http://www.govexec.com/dailyfed/1102/110502g1.htm ---------------------------------------------------- ---------------------------------------------------- [18] Hacking syndicates threaten banking By DAN VERTON NOVEMBER 04, 2002 The number of organized hacking syndicates targeting financial institutions around the world is growing at a disturbingly fast rate. And so is the number of banks willing to pay these high-tech extortionists hush money to protect their reputations, according to a security expert at The World Bank. Cases in which banks, brokerage firms and other financial institutions have quietly paid hacking syndicates extortion money are "extremely widespread," said Tom Kellermann, senior data risk management specialist at The World Bank in Washington. Kellermann, who co-authored a study on the electronic security risks facing the global financial community, presented the findings during an Oct. 29 online seminar sponsored by Cable & Wireless Internet Services Inc. in Vienna, Va. http://www.computerworld.com/securitytopics/security/cybercrime/story/0, 10801,75584,00.html ---------------------------------------------------- [19] NSA taps vendors for encryption Gigabit Ethernet encryptors will support secure exchange of information BY Dan Caterinicchia Nov. 4, A Defense Department analyst at the Pentagon is working on a top-secret case and needs to quickly exchange a large amount of information with a colleague in the intelligence community on the other side of the country. But the only tools available that are fast enough to accommodate the data transfer are commercial IP-based networks. Today, analysts have reached an impasse. But the National Security Agency is working to break that roadblock. http://www.fcw.com/fcw/articles/2002/1104/tec-nsa-11-04-02.asp ---------------------------------------------------- _____________________________________________________________________ The source material may be copyrighted and all rights are retained by the original author/publisher. Copyright 2002, IWS - The Information Warfare Site _____________________________________________________________________ Wanja Eric Naef Webmaster & Principal Researcher IWS - The Information Warfare Site <http://www.iwar.org.uk> --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk