_________________________________________________________________ London, Monday, November 11, 2002 _________________________________________________________________
INFOCON News _________________________________________________________________ IWS - The Information Warfare Site http://www.iwar.org.uk _________________________________________________________________ --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- _________________________________________________________________ ---------------------------------------------------- [News Index] ---------------------------------------------------- [1] Telecom role model [2] Verisign moves DNS root servers in defensive ploy [3] Kaspersky scores virus alert own goal [4] Blair: Britain faces terror threat [5] Privacy questions still loom over biometrics [6] Data security for Linux power users [7] Council of Europe adopts protocol to cybercrime treaty [8] Vietnam jails internet dissident [9] Miller on tap at Treasury? [10] Pentagon Plans a Computer System That Would Peek at Personal Data of Americans [11] Layered approach key to IT security [12] Pro-Palestinian activists face electronic shutdown [13] Comment: Poor configuration amplifies DoS danger [14] Software executive admits hacking [15] Stones, Fire and Water [16] Culture shock [17] Sweden to expel Russians in Ercisson spying saga [18] Saddam's moment of truth [19] States weigh options to appeal on Microsoft _________________________________________________________________ News _________________________________________________________________ (The National Communications Systems (NCS) seems to be a good model for information sharing. (The NCS info sharing model works well as the industry trust NCS. For example, a certain government agency was forced to sign a NDA before it could audit it.) >From a NCS presentation I heard this year: Mission: Assist the President, NSC, OSTP and OMB In the exercise of the telecommunications functions and responsibilities in wartime and non-wartime emergencies In the coordination of the planning for and provision of national security and emergency preparedness communications for the Federal Government under all circumstances, including crisis or emergency, attack, recovery and reconstitution. Bottom line: we assure the nation's telecommunications backbone NSTAC: Has a strategic focus, both physical and cyber Deals with very complex issues Distills them to top level national security recommendations Brings technical depth to national security telecommunications Industry Executive Subcommittee exploration of in-depth technical issues Has a legacy of making a difference since 1982 Links closely with the only national security focused, government-sponsored ISAC WEN) [1] Telecom role model Commentary BY Bruce McConnell Nov 11, 2002 Some time next year, Congress will create a homeland security apparatus with a stronger posture of prevention and response. Whatever that outcome, better government/private-sector cooperation should be the principal long-term priority for the new organization. Cooperation already is happening. Shippers are cooperating with the Customs Service to reduce the risk from uninspected containers. Information technology firms are honing their offerings to align with the new mission. The most important area for cooperation is infrastructure. Nearly 90 percent of the infrastructures critical to our national survival - electric power, telecommunications, financial services, energy, health care, etc. - are privately owned and operated. http://www.fcw.com/fcw/articles/2002/1111/mgt-bruce-11-11-02.asp http://www.ncs.gov ---------------------------------------------------- [2] Verisign moves DNS root servers in defensive ploy By John Leyden Posted: 08/11/2002 at 14:28 GMT Key Internet Domain Name System (DNS) servers have been relocated to improve Internet security and stability in the wake of a recent, serious distributed denial of service attack. Verisign, which manages two root DNS servers, moved one to a different locations, connected to different parts of its network earlier this week. It is the first time any of these servers, which are vital in managing the flow of traffic on the Net, have been moved since 1997. http://www.theregister.co.uk/content/55/28013.html ---------------------------------------------------- [3] Kaspersky scores virus alert own goal 10:24 Monday 11th November 2002 Robert Lemos, CNET News.com An email virus alert sent by Russian antivirus company Kaspersky Labs was tainted with the worm the company was warning its subscribers against A Russian antivirus company apologised on Friday for an emailed virus alert that was infected with the very worm the message was supposedly designed to warn against. Kaspersky Labs said the message, sent Thursday to subscribers of the company's "Virus News" email dispatch, had actually been sent by hackers masquerading as the company. The hackers had managed to break into Moscow-based Kaspersky's computer system and steal the mailing list for the newsletter, the company said. http://news.zdnet.co.uk/story/0,,t269-s2125688,00.html Hackers hijack antivirus newsletter http://www.pcw.co.uk/News/1136720 ---------------------------------------------------- [4] Blair: Britain faces terror threat Monday, November 11, 2002 Posted: 9:26 AM EST (1426 GMT) LONDON, England -- Prime Minister Tony Blair is set to warn Britons to be extra vigilant amid fears of a possible al Qaeda terror attack in the run-up to Christmas. But Blair, in a speech in London later on Monday, will add that Britons should not let fear of an attack by Islamic militants effect their everyday lives. Home Secretary David Blunkett has already warned the UK is in the front line for terror attacks. Less than a week ago a blunt security assessment highlighted the threat of a 'dirty' bomb attack was withdrawn. http://www.cnn.com/2002/WORLD/europe/11/11/uk.blair.warning/index.html ---------------------------------------------------- [5] Privacy questions still loom over biometrics BY Dibya Sarkar Nov. 11, 2002 Biometric technologies have expanded greatly in the past decade, especially following the Sept. 11, 2001, terrorist attacks, but experts say there are few policies, procedures and laws regarding the collection of biometric identifiers, even as public policy debates have swelled over their use and potential to invade people's privacy. SEARCH, the National Consortium for Justice Information and Statistics, held a two-day conference on legal and policy implications of biometric use in New York City Nov. 5-6, featuring law enforcement, government, industry, and privacy and civil liberties experts. http://www.fcw.com/fcw/articles/2002/1111/news-bio-11-11-02.asp ---------------------------------------------------- [6] Data security for Linux power users By Thomas C Greene in Washington Posted: 07/11/2002 at 21:59 GMT A couple of months ago I wrote a security howto for Linux newbies, the goal of which was to help people achieve decent security using easy and safe techniques. Now it's time to address you power users out there, by which I mean people comfortable with the command line, using a text editor from the console, and tweaking configuration files -- people confident enough in their ability to recover from unpleasant surprises to take a bit of risk with their systems in the interest of securing their data and their privacy. I'll get into the Linux home network soon in a forthcoming article with our John Lettice. For now I'll concentrate on data hygiene and on-line anonymity. Why? because your Linux box is literally peppered with data traces indicating the Web sites you've visited, the files you've uploaded and downloaded, and every file you've recently accessed. You think encryption is the way to go? Think again. It's only as private as your passphrase is strong. It may be impractical for a remote attacker to crack it, but a brute-force attack is quite plausible for someone who has physical possession of your box and plenty of time. Like a police forensics lab, say. http://www.theregister.co.uk/content/55/27998.html ---------------------------------------------------- [7] Council of Europe adopts protocol to cybercrime treaty In short: On 7 November the Council of Europe's Committee of Ministers adopted an additional protocol to the Convention on Cybercrime to fight against racism and xenophobia on the Internet. Brief news: The Protocol requires States to criminalise the dissemination of racist and xenophobic material through computer systems, as well as racist and xenophobic-motivated threat and insult including the denial, gross minimisation, approval or justification of genocide or crimes against humanity. It also defines the notion of this category of material and establishes the extent to which its dissemination violates the rights of others and criminalises certain conduct accordingly. http://www.euractiv.com/cgi-bin/cgint.exe/2326975-778?targ=1&204&OIDN=15 04221&-home=home ---------------------------------------------------- [8] Vietnam jails internet dissident Vietnam has cracked down on internet use A Vietnamese dissident has been jailed for four years for publishing criticism of the Communist government on the internet. Le Chi Quang, a 32-year-old lawyer, was convicted of "acts of propaganda" against the state during the one-day trial in Hanoi, a court official said. Foreign journalists were not allowed to attend the trial. http://news.bbc.co.uk/2/hi/asia-pacific/2418791.stm ---------------------------------------------------- [9] Miller on tap at Treasury? BY Judi Hasson Nov. 8, 2002 Ronald Miller, the Federal Emergency Management Agency's former chief information officer now detailed to help the Office of Homeland Security, is the leading candidate to become CIO at the Treasury Department, Federal Computer Week learned. Miller was interviewed for the job at the end of October, and his paperwork has been sent to the White House liaison office, according to sources. http://www.fcw.com/fcw/articles/2002/1104/web-miller-11-08-02.asp ---------------------------------------------------- [10] Pentagon Plans a Computer System That Would Peek at Personal Data of Americans By JOHN MARKOFF he Pentagon is constructing a computer system that could create a vast electronic dragnet, searching for personal information as part of the hunt for terrorists around the globe - including the United States. As the director of the effort, Vice Adm. John M. Poindexter, has described the system in Pentagon documents and in speeches, it will provide intelligence analysts and law enforcement officials with instant access to information from Internet mail and calling records to credit card and banking transactions and travel documents, without a search warrant. http://www.nytimes.com/2002/11/09/politics/09COMP.html?ex=1037509200&en= 873ff5626a3c666e&ei=5062&partner=GOOGLE ---------------------------------------------------- [11] Layered approach key to IT security Richard R. Rogoski RALEIGH - Concerns about cyberterrorism, coupled with stricter privacy rules from the federal government, are forcing many companies to take another look at their computer networks and the level of security needed to protect their data. In early 2001, trade publications aimed at information technology professionals were stressing the need for higher levels of security, largely due to the explosive growth of e-commerce. In health care, protecting patient information as mandated by the Health Insurance Portability and Accountability Act led to efforts to beef up network security in hospitals and physician offices. http://triad.bizjournals.com/triad/stories/2002/11/04/focus3.html ---------------------------------------------------- [12] Pro-Palestinian activists face electronic shutdown Hacking, 'spam,' and False e-mails are some of the weapons in hi-tech propaganda war Professors, advocacy groups say reputations are being damaged, and US authorities claim little can be done to stop it George S. Hishmeh Special to The Daily Star WASHINGTON: A little-reported nationwide cyber-attack has been under way in the United States for some time, aimed at regularly disrupting, if not eliminating, the websites of pro-Palestinian advocacy groups and the e-mail addresses of some of their prominent American supporters like Noam Chomsky and Francis Boyle. Although no one has claimed responsibility, some activists suspect pro-Israel groups. They point out that these internet hackers target various well-known websites and addresses of key activists and bombard them with copies of forged e-mail messages sent to their subscribers or friends misrepresenting their views. http://www.dailystar.com.lb/08_11_02/art17.asp ---------------------------------------------------- [13] Comment: Poor configuration amplifies DoS danger Lem Bingley, IT Week [08-11-2002] On 21 October at 9pm, somebody initiated an hour-long attack on the foundations of the Internet. The distributed denial-of-service (DDoS) attack troubled or disabled nine of the 13 root DNS servers - the core of the system supporting memorable Net addresses in place of raw IP numbers. If the attack had crippled all the DNS roots, the result would have been insidious rather than catastrophic. DNS caches worldwide would have grown stale, with increasing failure rates. "[If] you take the root servers out, you don't know how long you can work without them," said Alan Paller, director of research at security body the Sans Institute. http://www.pcw.co.uk/Analysis/1136694 ---------------------------------------------------- [14] Software executive admits hacking By Nick Farrell [08-11-2002] Files stolen ahead of job interview with rival A US software company executive has pleaded guilty to hacking into his former employer's systems. Gregg Wysocki, of Rochester Hills, Michigan, entered the plea as part of deal with prosecutors in which charges of embezzlement and using a computer to commit a crime were dropped. Wysocki was charged with stealing sensitive files from his former employer, PC Treasures of Oxford, and using them to land a job with a rival. http://www.pcw.co.uk/News/1136688 ---------------------------------------------------- [15] Stones, Fire and Water A nasty trade secret lawsuit displays the ugly side of the network security industry. By Tim Mullen Nov 11, 2002 While driving to work the other day, a squirrel began to cross the road ahead of me; its slow, steady advances quickening as my vehicle drew near. Just as it made it safely to the other side, some invisible stimulus seen only by Scuridae caused it to suddenly reverse direction and dart back across the road directly in front of me. If squirrels have final memories, this one's was "B.F. Goodrich." While picking out pieces of fur-embedded squirrel meat from the treads, it dawned on me just how costly reactionary behavior can be. I'm sure it made sense to the squirrel at the time, but in the Grand Scheme of Things, its change of direction was not the smartest move. http://online.securityfocus.com/columnists/122 ---------------------------------------------------- [16] Culture shock By Allan V. Burman [EMAIL PROTECTED] The president's goal right from the start of his term has been to make the federal government more citizen-centered, results-oriented and market-based. The Office of Management and Budget is leading 24 e-government initiatives that certainly fit the bill. The initiatives seek "to harness the potential of technology to provide highquality services at reduced cost to the American people," Mark Everson, OMB's deputy director for management, told the House Government Reform Subcommittee on Technology and Procurement Policy at a Sept. 18 hearing. Some initiatives include: http://www.govexec.com/dailyfed/1102/111102ff.htm ---------------------------------------------------- [17] Sweden to expel Russians in Ercisson spying saga 13:29 Monday 11th November 2002 Reuters Russian diplomats accused of spying while working for Ericsson will be banished from Sweden, according to government officials Sweden will expel two Russian diplomats in connection with a spying scandal at telecom equipment maker Ericsson, a senior government source has said. "The foreign ministry will issue a statement later on Monday declaring two Russian diplomats persona non grata," the source told Reuters. http://news.zdnet.co.uk/story/0,,t269-s2125705,00.html ---------------------------------------------------- [18] Saddam's moment of truth Colin L. Powell The Washington Post Monday, November 11, 2002 The UN confronts Iraq WASHINGTON On Sept. 12, President George W. Bush went before the United Nations and challenged the Security Council to meet its responsibility to act against the threat to international peace and security posed by Iraq. The council's unanimous passage of Resolution 1441 was a historic step for the United Nations toward ridding Iraq of its weapons of mass destruction by peaceful means. The international community has given Saddam Hussein and his regime one last chance. It is now for Baghdad to seize it. Seven weeks of consultation, debate and negotiation in the Security Council only forged a deeper agreement and a stronger resolve that Iraq must fully and finally disarm. It should now be clear to Saddam that this is not just a matter between Iraq and the United States, but between Iraq and a united world. http://www.iht.com/articles/76512.html ---------------------------------------------------- [19] States weigh options to appeal on Microsoft Jonathan Krim The Washington Post Saturday, November 9, 2002 WASHINGTON State prosecutors are weighing two divergent strategies in the Microsoft Corp. antitrust case after absorbing devastating court rulings last week, according to people familiar with the deliberations. In the aftermath of the congressional and local elections Tuesday, the state attorneys general and their private lawyers are poring over the nearly 500 pages of opinions and rulings issued Nov. 1 to determine whether there are grounds for appeal, a lawyer said. Some other lawyers close to the case say any appeal could be costly, would take at least a year and would be a long shot. Instead, they suggest that the states would be better off devoting their resources to closely monitoring Microsoft's compliance with the terms of the settlement. http://www.iht.com/articles/76451.html ---------------------------------------------------- _____________________________________________________________________ The source material may be copyrighted and all rights are retained by the original author/publisher. Copyright 2002, IWS - The Information Warfare Site _____________________________________________________________________ Wanja Eric Naef Webmaster & Principal Researcher IWS - The Information Warfare Site <http://www.iwar.org.uk> --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk