_________________________________________________________________ London, Wednesday, November 13, 2002 _________________________________________________________________
INFOCON News _________________________________________________________________ IWS - The Information Warfare Site http://www.iwar.org.uk _________________________________________________________________ --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- _________________________________________________________________ ---------------------------------------------------- [News Index] ---------------------------------------------------- [1] Brit Accused of Hacking Pentagon [2] President Bush Pushes for Homeland Security Department [3] Bush wins on homeland security bill [4] Comment: An ally in the fight for safer IT [5] Purported Bin Laden Tape Lauds Bali, Moscow Attacks [6] Incident underscores need for space access [7] House OKs $903M for Cyber Security Research [8] E-tailers opt for Early Warning system [9] ICANN ponders new top level domains [10] Hackers could be planning major attack, says White House [11] BIND vulnerable, upgrade now [12] U.S. Hopes to Check Computers Globally [13] Drawing up Homeland 'interstate' [14] UK) Text scam warning for consumers [15] Supreme Court agrees to review challenge of filtering software at libraries [16] Net pirates poach Harry Potter film [17] The next big Internet flop [18] Computer Hacker May Bust Breeders Cup [19] Oracle in buffer overflow brown alert _________________________________________________________________ News _________________________________________________________________ (I am curious whether they will be able to extradite him or whether they will have to try him in the UK which they do not want as they remember well the Rome Lab Case with Kujii & Datastream Cowboy (whilst Kujii (the brain) pleaded guilty to 12 hacking offences, he ended up payinga fine of only 1200 pounds. In comparison to that the attacks cost the US Air Force $211,722 (excluding investigation costs). At least this time it was not a teenager which makes it kind of interesting. WEN) ------ US attorney, Paul McNulty issued a warning for those contemplating similar action. "You are not invisible. You cannot act anonymously on the Internet," he said. "If you hack us, we will find you, we will prosecute you and we will send you to prison." ------ [1] Brit Accused of Hacking Pentagon By Associated Press Page 1 of 1 11:45 AM Nov. 12, 2002 PT WASHINGTON -- Federal authorities on Tuesday accused a British computer administrator of hacking into 92 computer networks operated by the U.S. military and NASA, including one break-in that shut down systems at a Navy facility in New Jersey immediately after the Sept. 11, 2001 attacks. Authorities said two of the computer systems were at the Pentagon. The intrusions also made inoperable the network that serves the military district for Washington, officials said. Authorities disclosed indictments in northern Virginia and New Jersey against Gary McKinnon, 36, of the Hornsey section of London. He was indicted on eight counts of computer-related crimes, including break-ins at six private companies. http://www.wired.com/news/politics/0,1283,56332,00.html Briton Is Indicted in 92 Hacker Cases http://www.nytimes.com/2002/11/13/national/13HACK.html?ex=1037854800&en= 8d0d1452aa6ef0de&ei=5040&partner=MOREOVER US seeks hacker's extradition http://www.itv.com/news/World1285785.html British man 'hacked into US military computers' http://news.independent.co.uk/digital/news/story.jsp?story=351657 US seeks extradition of Briton accused of hacking into military computers http://www.guardian.co.uk/online/netnews/story/0,12582,838856,00.html Briton sought for Pentagon 'hacking' http://www.telegraph.co.uk/news/main.jhtml;$sessionid$ZIHOSAE11VDAJQFIQM FCFGGAVCBQYIV0?xml=/news/2002/11/13/whack13.xml&sSheet=/news/2002/11/13/ ixworld.html UK 'hacker' wanted by US http://news.bbc.co.uk/1/hi/world/americas/2456403.stm U.S. charges U.K. hacker did $900,000 in damage http://www.miami.com/mld/miamiherald/news/world/4504080.htm US seeks extradition of British hacker http://www.abc.net.au/news/scitech/2002/11/item20021113185357_1.htm British man charged in military hacks http://www.msnbc.com/news/833723.asp ---------------------------------------------------- [2] President Bush Pushes for Homeland Security Department Remarks by the President at District of Columbia Metropolitan Police Operations Center District of Columbia Metropolitan Police Operations Center Washington, D.C. 10:24 A.M. EST THE PRESIDENT: Thank you all. Please be seated. Thanks a lot. I want you to note, the Mayor said I made him a senior advisor. (Laughter.) Mr. Mayor, you're doing a great job for the city of Washington, D.C. I'm honored that I'm living in your neighborhood. And as I told a lot of the folks who I had the honor of meeting just a while ago at the Emergency Operations Center, I feel safe living here. And so does my family. And so do a lot of families, thanks to the dedication and hard work of people on the front line of making sure that this city is buttoned up, dealing with the threats we face. http://www.whitehouse.gov/news/releases/2002/11/20021112-1.html ---------------------------------------------------- [3] Bush wins on homeland security bill By Joseph Curl and Audrey Hudson THE WASHINGTON TIMES President Bush, capitalizing on the Republicans' historic victory in last week's congressional elections, yesterday won the battle with the Democrat-controlled Senate over his plan to create a Department of Homeland Security. Senate Democrats led by John B. Breaux of Louisiana and Ben Nelson of Nebraska signed off on a White House-backed proposal, which is expected to pass overwhelmingly in the House and Senate, where it has been bogged down for weeks. http://www.washtimes.com/national/20021113-14803141.htm ---------------------------------------------------- [4] Comment: An ally in the fight for safer IT Mark Street, IT Week [08-11-2002] The narrow emphasis on return on investment (ROI) to justify spending is getting to be extremely counterproductive. This approach discourages risk-taking, because it is hard to make financial forecasts for projects that have uncertainty attached to them. It is little wonder that most IT directors are loath to champion new, potentially business-transforming initiatives given the fact that they will shoulder most of the blame if things go wrong. http://www.vnunet.com/Analysis/1136696 ---------------------------------------------------- (I would be really surprised if he were dead as then he would have been a martyr and there would have been a media blitz in some extremist circle. To see how difficult it is to hunt someone down just read Mark Bowden book 'Killing Pablo'. WEN) [5] Purported Bin Laden Tape Lauds Bali, Moscow Attacks A voice attributed to Osama bin Laden praises recent attacks on Western targets. (File Photo/AP) By Rajiv Chandrasekaran Washington Post Foreign Service Wednesday, November 13, 2002; Page A01 CAIRO, Nov. 12 -- An audiotape recording attributed to Osama bin Laden, the fugitive al Qaeda leader, extolled the recent attacks in Bali and Moscow in a bellicose statement that, if authentic, would be the clearest indication in almost a year that bin Laden is alive and determined to pursue his Islamic war on the United States. http://www.washingtonpost.com/wp-dyn/articles/A45816-2002Nov12.html ---------------------------------------------------- [6] Incident underscores need for space access by Tech. Sgt. Scott Elliott Air Force Print News 11/12/02 - WASHINGTON -- The Air Force's senior space official said a rocket test failure has sounded a warning and underscores the need to apply the resources necessary for assure access to space. The RL-10, designed by Pratt & Whitney in 1958, is an upper-stage engine used in Centaur and Atlas II rockets, as well as the Delta IV rocket scheduled for its first launch Nov. 16. http://www.af.mil/news/Nov2002/111202726.shtml ---------------------------------------------------- [7] House OKs $903M for Cyber Security Research By Roy Mark The U.S. House of Representatives made the approval of $903 million for cyber security research its first order of business Tuesday, unanimously passing legislation that will create scholarships, grants and research centers at American colleges and universities. The Senate has already approved the legislation, and the bill now goes President George W. Bush, who is expected to sign the measure. The bill, the Cyber Security Research and Development Act (H.R. 3394), more than triples federal spending on security research. Approved on a voice vote, the legislation increases government spending on cyber security research over five years from its current annual level of approximately $60 million to $111 million in 2003 and peaking at $231 million in 2007. http://www.atnewyork.com/news/article.php/1499391 ---------------------------------------------------- [8] E-tailers opt for Early Warning system By Dinah Greek [13-11-2002] Fraudbusting programme gives e-tailers advance warning of online scams Online retailers are fighting back against credit card fraud with another scheme designed to protect them against fraudsters. Official estimates report that "card not present" fraud cost industry £95.7m in 2001, with internet fraud accounting for 12 per cent of this figure. http://www.vnunet.com/News/1136779 ---------------------------------------------------- [9] ICANN ponders new top level domains 09:06 Wednesday 13th November 2002 Evan Hansen, CNET News.com The body responsible for overseeing the Internet wants to expand its role and the number of domains. It just doesn't know what they should be A key Internet address administrator has recommended taking steps to add three new top-level domains to the Web's navigation system. Stuart Lynn, president of the Internet Corporation for Assigned Names and Numbers (ICANN) published a recommendation last week proposing preparations begin for a new expansion of the Net namespace even as the group prepares to evaluate the effects of a similar expansion implemented last year. The report did not recommend the specific top-level domains to be considered. http://news.zdnet.co.uk/story/0,,t269-s2125820,00.html ---------------------------------------------------- [10] Hackers could be planning major attack, says White House By Shane Harris A new computer worm infecting a popular World Wide Web technology is proof that computer hackers have grown more sophisticated and could be preparing a significant attack, according to a senior White House official. Marcus Sachs, director of communication and infrastructure protection at the White House Office of Cyberspace Security, said hackers driven to “the back streets and back alleys of the Internet” by intense law enforcement scrutiny following the Sept. 11 attacks have quietly been building new threats. The new worm, widely known as Slapper, is a prime example of their abilities, he said. Officials believe millions of devices are vulnerable to Slapper, which is a computer code that burrows into a server, the program that provides the files that constitute Web pages. It enters through a well-known weakness in the Secure Socket Layer (SSL) that connects servers to the Internet. Once inside, the worm forces the server to seek out other infected machines, forming an army of so-called “zombies” that could bombard Web sites with bogus requests for information, causing a massive traffic jam on the Internet. http://www.govexec.com/dailyfed/1102/111202h1.htm ---------------------------------------------------- [11] BIND vulnerable, upgrade now By ComputerWire Posted: 13/11/2002 at 09:28 GMT There are several newly discovered "serious vulnerabilities" in BIND, the internet's dominant domain name system server that hypothetically could be exploited to bring the internet to a grinding halt if not widely patched. Internet Security Systems Inc, which discovered the flaws, and the Internet Software Consortium, which maintains BIND (Berkeley Internet Name Domain), warned yesterday that all versions of BIND 4 and 8 up to 4.9.10 and 8.3.3 are affected by multiple vulnerabilities and that administrators should upgrade to unaffected versions. "The vulnerabilities... affect nearly all currently deployed recursive DNS servers on the internet," ISS said in an advisory. Recursive DNS servers are those used by ISP subscribers and companies to find out the correct IP address for a domain without having to go to that domain's authoritative name server every time. http://www.theregister.co.uk/content/55/28066.html ---------------------------------------------------- [12] U.S. Hopes to Check Computers Globally System Would Be Used to Hunt Terrorists By Robert O'Harrow Jr. Washington Post Staff Writer Tuesday, November 12, 2002; Page A04 A new Pentagon research office has started designing a global computer-surveillance system to give U.S. counterterrorism officials access to personal information in government and commercial databases around the world. The Information Awareness Office, run by former national security adviser John M. Poindexter, aims to develop new technologies to sift through "ultra-large" data warehouses and networked computers in search of threatening patterns among everyday transactions, such as credit card purchases and travel reservations, according to interviews and documents. http://www.washingtonpost.com/wp-dyn/articles/A40942-2002Nov11.html ---------------------------------------------------- [13] Drawing up Homeland 'interstate' BY Diane Frank Nov. 12, The Bush administration's concept of an "interstate communications expressway" for homeland security — comparable to the nation's interstate highway system — is still very much in the development stage. In fact, it's simply two pages of scribbled notes, said Steve Cooper, senior director of information integration and chief information officer at the Office of Homeland Security. But there are grand plans for this new idea, under which the national data and voice network needed for homeland security will be built from the bottom up, relying on and connecting to the systems already in place at the state level instead of creating a single, huge federal network. http://www.fcw.com/geb/articles/2002/1111/web-inter-11-12-02.asp ---------------------------------------------------- [14] Text scam warning for consumers One con involved an "I love you" text message Scams using e-mail, text messaging and faxes are increasingly ripping off consumers, the UK Government has warned. Unscrupulous firms often use bogus prize draws and special offers to entice recipients to reply, the Department of Trade and Industry has said. The growing number of people with the internet and mobile phones has raised concern that the problem is increasing. There is particular concern that because of the popularity of texting among children, they could often be the victims of cons http://news.bbc.co.uk/2/hi/technology/2446363.stm ---------------------------------------------------- [15] Supreme Court agrees to review challenge of filtering software at libraries WASHINGTON (AP) - The Supreme Court said Tuesday it will decide if public libraries can be forced to install software blocking sexually explicit Web sites. Congress has struggled to find ways to protect children from Internet pornography without infringing on free speech rights for Web site operators. Lawmakers have passed three laws since 1996, but the Supreme Court struck down the first and blocked the second from taking effect. The latest measure, signed by President Clinton in 2000, requires public libraries receiving federal technology funds to install filters on their computers or risk losing aid. A three-judge federal panel ruled the Children's Internet Protection Act violates the First Amendment because the filtering programs also block sites on politics, health, science and other non-pornographic topics. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/4502224.ht m ---------------------------------------------------- [16] Net pirates poach Harry Potter film Film copied with DV camera, posted in chat rooms By Bob Sullivan MSNBC Nov. 12 — “Harry Potter and the Chamber of Secrets” apparently isn’t such a secret any more. The sequel to last year’s record-setting blockbuster fantasy film, perhaps the year’s most-anticipated movie, is scheduled for U.S. release Friday. But Internet movie piracy Web sites are brimming with news that the film is already making its way around the Internet. Warner Bros. studios has disputed the reports, but dozens of pirates are claiming to have seen it already. Such Internet pre-releases are becoming so commonplace that both pirates and movie studios are beginning to expect them. http://www.msnbc.com/news/834107.asp ---------------------------------------------------- [17] The next big Internet flop Movielink: Now playing at a computer near you — but for how long? The home page of Movielink.com By Ben Fritz SLATE.COM Nov. 12 — Yesterday, five major studios — Universal, Paramount, Sony, Warner Bros., and MGM — unveiled Movielink, a joint venture that, for the first time, allows customers to download a large assortment of studio films. Movielink’s initial library contains about 175 movies — new and old, from Jimmy Neutron to Last Tango in Paris. They range in price from $1.99 to $4.99 for a 24-hour rental. It’s a cool service, attractively priced. It’s also going to be a flop on the order of The Adventures of Pluto Nash. http://www.msnbc.com/news/834034.asp ---------------------------------------------------- [18] Computer Hacker May Bust Breeders Cup By staff After the federal authorities formally joined the investigation into suspicious betting on the Breeders’ Cup races, more details are coming to light about the software engineer embroiled in the controversy. http://www.onlinecasinonews.com/ocn/article/article.asp?id=2422 ---------------------------------------------------- [19] Oracle in buffer overflow brown alert By John Leyden Posted: 12/11/2002 at 13:28 GMT Security researchers are warning of a potentially nasty buffer over-run flaw in Oracle Database 9i databases. In common with such flaws, a buffer overflow in the iSQL*Plus module of Oracle 9i might allow an attacker to run arbitrary code in the security context of the Web server. iSQL*Plus is a Web-based application that allows users to query the database. http://www.theregister.co.uk/content/55/28057.html ---------------------------------------------------- _____________________________________________________________________ The source material may be copyrighted and all rights are retained by the original author/publisher. Copyright 2002, IWS - The Information Warfare Site _____________________________________________________________________ Wanja Eric Naef Webmaster & Principal Researcher IWS - The Information Warfare Site <http://www.iwar.org.uk> --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk