_________________________________________________________________
London, Monday, November 11, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body
---------------------------------------------------------------------
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] Telecom role model
[2] Verisign moves DNS root servers in defensive ploy
[3] Kaspersky scores virus alert own goal
[4] Blair: Britain faces terror threat
[5] Privacy questions still loom over biometrics
[6] Data security for Linux power users
[7] Council of Europe adopts protocol to cybercrime treaty
[8] Vietnam jails internet dissident
[9] Miller on tap at Treasury?
[10] Pentagon Plans a Computer System That Would Peek at Personal Data
of Americans
[11] Layered approach key to IT security
[12] Pro-Palestinian activists face electronic shutdown
[13] Comment: Poor configuration amplifies DoS danger
[14] Software executive admits hacking
[15] Stones, Fire and Water
[16] Culture shock
[17] Sweden to expel Russians in Ercisson spying saga
[18] Saddam's moment of truth
[19] States weigh options to appeal on Microsoft
_________________________________________________________________
News
_________________________________________________________________
(The National Communications Systems (NCS) seems to be a good model for
information sharing. (The NCS info sharing model works well as the
industry trust NCS. For example, a certain government agency was forced
to sign a NDA before it could audit it.)
>From a NCS presentation I heard this year:
Mission: Assist the President, NSC, OSTP and OMB
In the exercise of the telecommunications functions and responsibilities
in wartime and non-wartime emergencies
In the coordination of the planning for and provision of national
security and emergency preparedness communications for the Federal
Government under all circumstances, including crisis or emergency,
attack, recovery and reconstitution.
Bottom line: we assure the nation's telecommunications backbone
NSTAC:
Has a strategic focus, both physical and cyber
Deals with very complex issues
Distills them to top level national security recommendations
Brings technical depth to national security telecommunications
Industry Executive Subcommittee exploration of in-depth technical issues
Has a legacy of making a difference since 1982
Links closely with the only national security focused,
government-sponsored ISAC
WEN)
[1] Telecom role model
Commentary
BY Bruce McConnell
Nov 11, 2002
Some time next year, Congress will create a homeland security apparatus
with a stronger posture of prevention and response. Whatever that
outcome, better government/private-sector cooperation should be the
principal long-term priority for the new organization.
Cooperation already is happening. Shippers are cooperating with the
Customs Service to reduce the risk from uninspected containers.
Information technology firms are honing their offerings to align with
the new mission.
The most important area for cooperation is infrastructure. Nearly 90
percent of the infrastructures critical to our national survival -
electric power, telecommunications, financial services, energy, health
care, etc. - are privately owned and operated.
http://www.fcw.com/fcw/articles/2002/1111/mgt-bruce-11-11-02.asp
http://www.ncs.gov
----------------------------------------------------
[2] Verisign moves DNS root servers in defensive ploy
By John Leyden
Posted: 08/11/2002 at 14:28 GMT
Key Internet Domain Name System (DNS) servers have been relocated to
improve Internet security and stability in the wake of a recent, serious
distributed denial of service attack.
Verisign, which manages two root DNS servers, moved one to a different
locations, connected to different parts of its network earlier this
week. It is the first time any of these servers, which are vital in
managing the flow of traffic on the Net, have been moved since 1997.
http://www.theregister.co.uk/content/55/28013.html
----------------------------------------------------
[3] Kaspersky scores virus alert own goal
10:24 Monday 11th November 2002
Robert Lemos, CNET News.com
An email virus alert sent by Russian antivirus company Kaspersky Labs
was tainted with the worm the company was warning its subscribers
against
A Russian antivirus company apologised on Friday for an emailed virus
alert that was infected with the very worm the message was supposedly
designed to warn against.
Kaspersky Labs said the message, sent Thursday to subscribers of the
company's "Virus News" email dispatch, had actually been sent by hackers
masquerading as the company. The hackers had managed to break into
Moscow-based Kaspersky's computer system and steal the mailing list for
the newsletter, the company said.
http://news.zdnet.co.uk/story/0,,t269-s2125688,00.html
Hackers hijack antivirus newsletter
http://www.pcw.co.uk/News/1136720
----------------------------------------------------
[4] Blair: Britain faces terror threat
Monday, November 11, 2002 Posted: 9:26 AM EST (1426 GMT)
LONDON, England -- Prime Minister Tony Blair is set to warn Britons to
be extra vigilant amid fears of a possible al Qaeda terror attack in the
run-up to Christmas.
But Blair, in a speech in London later on Monday, will add that Britons
should not let fear of an attack by Islamic militants effect their
everyday lives.
Home Secretary David Blunkett has already warned the UK is in the front
line for terror attacks.
Less than a week ago a blunt security assessment highlighted the threat
of a 'dirty' bomb attack was withdrawn.
http://www.cnn.com/2002/WORLD/europe/11/11/uk.blair.warning/index.html
----------------------------------------------------
[5] Privacy questions still loom over biometrics
BY Dibya Sarkar
Nov. 11, 2002
Biometric technologies have expanded greatly in the past decade,
especially following the Sept. 11, 2001, terrorist attacks, but experts
say there are few policies, procedures and laws regarding the collection
of biometric identifiers, even as public policy debates have swelled
over their use and potential to invade people's privacy.
SEARCH, the National Consortium for Justice Information and Statistics,
held a two-day conference on legal and policy implications of biometric
use in New York City Nov. 5-6, featuring law enforcement, government,
industry, and privacy and civil liberties experts.
http://www.fcw.com/fcw/articles/2002/1111/news-bio-11-11-02.asp
----------------------------------------------------
[6] Data security for Linux power users
By Thomas C Greene in Washington
Posted: 07/11/2002 at 21:59 GMT
A couple of months ago I wrote a security howto for Linux newbies, the
goal of which was to help people achieve decent security using easy and
safe techniques. Now it's time to address you power users out there, by
which I mean people comfortable with the command line, using a text
editor from the console, and tweaking configuration files -- people
confident enough in their ability to recover from unpleasant surprises
to take a bit of risk with their systems in the interest of securing
their data and their privacy.
I'll get into the Linux home network soon in a forthcoming article with
our John Lettice. For now I'll concentrate on data hygiene and on-line
anonymity. Why? because your Linux box is literally peppered with data
traces indicating the Web sites you've visited, the files you've
uploaded and downloaded, and every file you've recently accessed. You
think encryption is the way to go? Think again. It's only as private as
your passphrase is strong. It may be impractical for a remote attacker
to crack it, but a brute-force attack is quite plausible for someone who
has physical possession of your box and plenty of time. Like a police
forensics lab, say.
http://www.theregister.co.uk/content/55/27998.html
----------------------------------------------------
[7] Council of Europe adopts protocol to cybercrime treaty
In short:
On 7 November the Council of Europe's Committee of Ministers adopted an
additional protocol to the Convention on Cybercrime to fight against
racism and xenophobia on the Internet.
Brief news:
The Protocol requires States to criminalise the dissemination of racist
and xenophobic material through computer systems, as well as racist and
xenophobic-motivated threat and insult including the denial, gross
minimisation, approval or justification of genocide or crimes against
humanity. It also defines the notion of this category of material and
establishes the extent to which its dissemination violates the rights of
others and criminalises certain conduct accordingly.
http://www.euractiv.com/cgi-bin/cgint.exe/2326975-778?targ=1&204&OIDN=15
04221&-home=home
----------------------------------------------------
[8] Vietnam jails internet dissident
Vietnam has cracked down on internet use
A Vietnamese dissident has been jailed for four years for publishing
criticism of the Communist government on the internet.
Le Chi Quang, a 32-year-old lawyer, was convicted of "acts of
propaganda" against the state during the one-day trial in Hanoi, a court
official said.
Foreign journalists were not allowed to attend the trial.
http://news.bbc.co.uk/2/hi/asia-pacific/2418791.stm
----------------------------------------------------
[9] Miller on tap at Treasury?
BY Judi Hasson
Nov. 8, 2002
Ronald Miller, the Federal Emergency Management Agency's former chief
information officer now detailed to help the Office of Homeland
Security, is the leading candidate to become CIO at the Treasury
Department, Federal Computer Week learned.
Miller was interviewed for the job at the end of October, and his
paperwork has been sent to the White House liaison office, according to
sources.
http://www.fcw.com/fcw/articles/2002/1104/web-miller-11-08-02.asp
----------------------------------------------------
[10] Pentagon Plans a Computer System That Would Peek at Personal Data
of Americans
By JOHN MARKOFF
he Pentagon is constructing a computer system that could create a vast
electronic dragnet, searching for personal information as part of the
hunt for terrorists around the globe - including the United States.
As the director of the effort, Vice Adm. John M. Poindexter, has
described the system in Pentagon documents and in speeches, it will
provide intelligence analysts and law enforcement officials with instant
access to information from Internet mail and calling records to credit
card and banking transactions and travel documents, without a search
warrant.
http://www.nytimes.com/2002/11/09/politics/09COMP.html?ex=1037509200&en=
873ff5626a3c666e&ei=5062&partner=GOOGLE
----------------------------------------------------
[11] Layered approach key to IT security
Richard R. Rogoski
RALEIGH - Concerns about cyberterrorism, coupled with stricter privacy
rules from the federal government, are forcing many companies to take
another look at their computer networks and the level of security needed
to protect their data.
In early 2001, trade publications aimed at information technology
professionals were stressing the need for higher levels of security,
largely due to the explosive growth of e-commerce.
In health care, protecting patient information as mandated by the Health
Insurance Portability and Accountability Act led to efforts to beef up
network security in hospitals and physician offices.
http://triad.bizjournals.com/triad/stories/2002/11/04/focus3.html
----------------------------------------------------
[12] Pro-Palestinian activists face electronic shutdown
Hacking, 'spam,' and False e-mails are some of the weapons in hi-tech
propaganda war
Professors, advocacy groups say reputations are being damaged, and US
authorities claim little can be done to stop it
George S. Hishmeh
Special to The Daily Star
WASHINGTON: A little-reported nationwide cyber-attack has been under way
in the United States for some time, aimed at regularly disrupting, if
not eliminating, the websites of pro-Palestinian advocacy groups and the
e-mail addresses of some of their prominent American supporters like
Noam Chomsky and Francis Boyle.
Although no one has claimed responsibility, some activists suspect
pro-Israel groups. They point out that these internet hackers target
various well-known websites and addresses of key activists and bombard
them with copies of forged e-mail messages sent to their subscribers or
friends misrepresenting their views.
http://www.dailystar.com.lb/08_11_02/art17.asp
----------------------------------------------------
[13] Comment: Poor configuration amplifies DoS danger
Lem Bingley, IT Week [08-11-2002]
On 21 October at 9pm, somebody initiated an hour-long attack on the
foundations of the Internet. The distributed denial-of-service (DDoS)
attack troubled or disabled nine of the 13 root DNS servers - the core
of the system supporting memorable Net addresses in place of raw IP
numbers.
If the attack had crippled all the DNS roots, the result would have been
insidious rather than catastrophic. DNS caches worldwide would have
grown stale, with increasing failure rates. "[If] you take the root
servers out, you don't know how long you can work without them," said
Alan Paller, director of research at security body the Sans Institute.
http://www.pcw.co.uk/Analysis/1136694
----------------------------------------------------
[14] Software executive admits hacking
By Nick Farrell [08-11-2002]
Files stolen ahead of job interview with rival
A US software company executive has pleaded guilty to hacking into his
former employer's systems.
Gregg Wysocki, of Rochester Hills, Michigan, entered the plea as part of
deal with prosecutors in which charges of embezzlement and using a
computer to commit a crime were dropped.
Wysocki was charged with stealing sensitive files from his former
employer, PC Treasures of Oxford, and using them to land a job with a
rival.
http://www.pcw.co.uk/News/1136688
----------------------------------------------------
[15] Stones, Fire and Water
A nasty trade secret lawsuit displays the ugly side of the network
security industry.
By Tim Mullen Nov 11, 2002
While driving to work the other day, a squirrel began to cross the road
ahead of me; its slow, steady advances quickening as my vehicle drew
near. Just as it made it safely to the other side, some invisible
stimulus seen only by Scuridae caused it to suddenly reverse direction
and dart back across the road directly in front of me.
If squirrels have final memories, this one's was "B.F. Goodrich."
While picking out pieces of fur-embedded squirrel meat from the treads,
it dawned on me just how costly reactionary behavior can be. I'm sure it
made sense to the squirrel at the time, but in the Grand Scheme of
Things, its change of direction was not the smartest move.
http://online.securityfocus.com/columnists/122
----------------------------------------------------
[16] Culture shock
By Allan V. Burman
[EMAIL PROTECTED]
The president's goal right from the start of his term has been to make
the federal government more citizen-centered, results-oriented and
market-based. The Office of Management and Budget is leading 24
e-government initiatives that certainly fit the bill.
The initiatives seek "to harness the potential of technology to provide
highquality services at reduced cost to the American people," Mark
Everson, OMB's deputy director for management, told the House Government
Reform Subcommittee on Technology and Procurement Policy at a Sept. 18
hearing. Some initiatives include:
http://www.govexec.com/dailyfed/1102/111102ff.htm
----------------------------------------------------
[17] Sweden to expel Russians in Ercisson spying saga
13:29 Monday 11th November 2002
Reuters
Russian diplomats accused of spying while working for Ericsson will be
banished from Sweden, according to government officials
Sweden will expel two Russian diplomats in connection with a spying
scandal at telecom equipment maker Ericsson, a senior government source
has said.
"The foreign ministry will issue a statement later on Monday declaring
two Russian diplomats persona non grata," the source told Reuters.
http://news.zdnet.co.uk/story/0,,t269-s2125705,00.html
----------------------------------------------------
[18] Saddam's moment of truth
Colin L. Powell The Washington Post
Monday, November 11, 2002
The UN confronts Iraq
WASHINGTON On Sept. 12, President George W. Bush went before the United
Nations and challenged the Security Council to meet its responsibility
to act against the threat to international peace and security posed by
Iraq. The council's unanimous passage of Resolution 1441 was a historic
step for the United Nations toward ridding Iraq of its weapons of mass
destruction by peaceful means. The international community has given
Saddam Hussein and his regime one last chance. It is now for Baghdad to
seize it.
Seven weeks of consultation, debate and negotiation in the Security
Council only forged a deeper agreement and a stronger resolve that Iraq
must fully and finally disarm. It should now be clear to Saddam that
this is not just a matter between Iraq and the United States, but
between Iraq and a united world.
http://www.iht.com/articles/76512.html
----------------------------------------------------
[19] States weigh options to appeal on Microsoft
Jonathan Krim The Washington Post
Saturday, November 9, 2002
WASHINGTON State prosecutors are weighing two divergent strategies in
the Microsoft Corp. antitrust case after absorbing devastating court
rulings last week, according to people familiar with the deliberations.
In the aftermath of the congressional and local elections Tuesday, the
state attorneys general and their private lawyers are poring over the
nearly 500 pages of opinions and rulings issued Nov. 1 to determine
whether there are grounds for appeal, a lawyer said.
Some other lawyers close to the case say any appeal could be costly,
would take at least a year and would be a long shot.
Instead, they suggest that the states would be better off devoting their
resources to closely monitoring Microsoft's compliance with the terms of
the settlement.
http://www.iht.com/articles/76451.html
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
