_________________________________________________________________ London, Thursday, November 14, 2002 _________________________________________________________________
INFOCON News _________________________________________________________________ IWS - The Information Warfare Site http://www.iwar.org.uk _________________________________________________________________ --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- _________________________________________________________________ ---------------------------------------------------- [News Index] ---------------------------------------------------- [1] White House to unveil first homeland security tech blueprint [2] House, Senate move toward passage of homeland bill [3] Accused Pentagon Hacker's Online Life [4] House considers jailing hackers for life [5] Florida: The cybersecurity state [6] Back to the Insecure Future [7] New Tools a Spying Boss Will Love [8] MS hires national security advisor [9] Ballmer: 'A new era of partnership' [10] British Web designer charged over viruses [11] Defense officials outline top research priorities [12] (UK) Hopes raised for Internet grooming ban [13] The first hopeful moment since Sept. 11 [14] (UK) Spammers receive Government threat [15] Return of Bin Laden [16] Top court to review online-porn law [17] Powers to ban online racists [18] More Telemarketers During Dinner? [19] Maintaining Credible IIS Log Files _________________________________________________________________ News _________________________________________________________________ [1] White House to unveil first homeland security tech blueprint By Shane Harris The White House Office of Homeland Security will soon release the first in a series of conceptual plans for how information technology systems should fit together in the new Homeland Security Department, according to a White House official. Lee Holcomb, the office's director of "infostructure," said Wednesday that in the next 90 days the administration would unveil an enterprise architecture plan for Homeland Security agencies with border control responsibilities. An enterprise architecture is a blueprint that shows how disparate technology devices should work together to serve an organization's overall mission. Holcomb didn't elaborate on what the new plan would entail, but he said it was one of four designs that officials are working on now to help set up the new department. The other three cover components of the department's mission, including intelligence and warning, weapons of mass destruction countermeasures and coordination of "first responders," such as fire and emergency workers. http://www.govexec.com/dailyfed/1102/111302h2.htm ---------------------------------------------------- [2] House, Senate move toward passage of homeland bill By Mark Wegner, Brody Mullins and Bill Ghent, CongressDaily House Republicans all but declared victory today on legislation to create a Homeland Security Department Wednesday, predicting a strong vote on a compromise bill that would propel the legislation through the Senate sometime this week. House Majority Leader Dick Armey, R-Texas, who headed the House's select homeland security panel, said the compromise was the result of "very broad negotiations with the White House and the other body." He added the final product "is fundamentally the House passed bill. ... We expect it to be passed in the House and we expect it to be passed in the Senate." Rep. Rob Portman, R-Ohio, a member of the homeland security committee, said the labor flexibility language is key for the success of the new department. He highlighted a provision that would allow unions 30 day to negotiate contracts before a second 30-day federal mediation period would kick in, and language that requires the president to give Congress 10 days notice before limiting collective bargaining. http://www.govexec.com/dailyfed/1102/111302cd2.htm ---------------------------------------------------- [3] Accused Pentagon Hacker's Online Life Usenet posts show Gary McKinnon was a bit of a phone phreak, knew where to buy lock picks, and had an early interest in defense computers. A former employer says he was bored at work. By Kevin Poulsen, SecurityFocus Nov 13 2002 6:06PM The British man accused of the most ambitious hack attacks against Defense Department computers in years was also a fine network administrator, according to a former co-worker. A manager at the London-based telecom equipment seller Corporate Business Technology Ltd. recalls Gary McKinnon as a friendly -- if unremarkable -- presence at the company, where he provided IT support for an office of about 50 people. "He was personable, relatively happy around the office," says the manager, who declined to give his name. "You wouldn't have realized that he could do what he did." http://online.securityfocus.com/news/1646 See also: Hacker Suspect to Fight Extradition http://www.nytimes.com/aponline/technology/AP-Hacker-Investigation.html? ex=1037941200&en=224da7f9b965af83&ei=5040&partner=MOREOVER '... But some civilian experts expressed astonishment that this many U.S. military systems were so vulnerable to techniques derided by many hackers as simplistic. ``I don't see this as a big win for the government,'' said Marc Maiffret, co-founder of eEye Digital Security Inc., which sells security software. Maiffret said measures the military should have taken to prevent such break-ins were a ``lesson 101-type thing.'' ...' ---------------------------------------------------- (A life sentence for a hacker??? So in the end you can kill someone and get less of a sentence than hacking into someone's computer. Below one of those great quotes by an uninformed congressman: (Republican Smith): "Until we secure our cyberinfrastructure, a few keystrokes and an Internet connection is all one needs to disable the economy and endanger lives. A mouse can be just as dangerous as a bullet or a bomb." It is scary that the Chairman of the Crime, Terrorism, and Homeland Security Subcommittee of the House Judiciary Committee seems to belief this FUD. But then anyone who gets the Cyber Champion Award by the Business Software Alliance for leadership on high-tech issues should be distrusted. Maybe he should have stayed managing his farm in Texas. Well, at least he is a good crime fighter, but he should definitely change his cyber security advisors. WEN) [4] House considers jailing hackers for life By Declan McCullagh Staff Writer, CNET News.com November 13, 2002, 5:57 PM PT WASHINGTON--A last-minute addition to a proposal for a Department of Homeland Security would punish malicious computer hackers with life in prison. The U.S. House of Representatives on Wednesday evening voted 299 to 121 to approve the bill, which would reshape large portions of the federal bureaucracy into a new department combining parts of 22 existing federal agencies, including the Secret Service, the Coast Guard, and the FBI's National Infrastructure Protection Center. During closed-door negotiations before the debate began, the House Republican leadership inserted the 16-page Cyber Security Enhancement Act (CSEA) into the Homeland Security bill. CSEA expands the ability of police to conduct Internet or telephone eavesdropping without first obtaining a court order, and offers Internet providers more latitude to disclose information to police. http://news.com.com/2100-1001-965750.html?tag=lh http://www.msnbc.com/news/834875.asp ---------------------------------------------------- [5] Florida: The cybersecurity state BY Dibya Sarkar Nov. 13, 2002 As Florida information technology officials began preparing for the Year 2000 conversion, they also became concerned about cyberterrorism. "We were going to have to worry about worms, viruses, hacking and other acts of cybervandalism and cybersabotage forever, and we felt that we needed a permanent presence to be able to deal with the issues," Scott McPherson, who led the state initiative. "Nobody was thinking about al Qaeda back in those days." http://www.fcw.com/geb/articles/2002/1111/web-fla-11-13-02.asp ---------------------------------------------------- [6] Back to the Insecure Future Web services, such as Microsoft's .NET platform, represent a return to centralized computing. They also pose some serious security issues. By Richard Forno Nov 13, 2002 Each month, I present a lecture to senior military officers here in Washington, DC. The lecture, entitled "The Red Pill", takes an unconventional look at information technology, security, and policy, and imparts to the class the need to take a macro view of these items instead of rushing to blindly embrace the latest and greatest quick fix. One of the major portions of the lecture is what I call "Back To The Future" in which I discuss the history of computing and how we are going back to the days of centralized computing and the security implications of that dynamic. In the early days of computing, users accessed centralized mainframes through terminals that were physically wired to the mainframe. User data and applications were stored remotely and the security (or permissions) governing its access and use was dictated by a third party. The mainframes were brilliant, but the terminals were just dumb machines, unable to do anything except provide a conduit to the centralized server. Information on those servers was generally kept private from other users, but the server administrators - and their vendors - always had the means to access it. http://online.securityfocus.com/columnists/123 ---------------------------------------------------- [7] New Tools a Spying Boss Will Love By Michelle Delio | 02:00 AM Nov. 13, 2002 PT CHICAGO -- Malicious hackers can occasionally ruin a network administrator's day, but it's the lazy or disgruntled employees who are constant threats to security and sanity. By promiscuously downloading any files that happen to catch their fancy, employees open big security holes in networks. And when they blithely purloin copyrighted material, they also open companies up to lawsuits. http://www.wired.com/news/privacy/0,1848,56324,00.html ---------------------------------------------------- [8] MS hires national security advisor By Lisa M. Bowman Special to ZDNet News November 13, 2002, 10:53 AM PT Hoping to play a larger role on the homeland security scene, Microsoft has created a new position to advise U.S. policymakers on information technology issues. The company said Wednesday it has tapped Thomas Richey, a retired U.S. Coast Guard officer, to fill the new post of federal director of homeland security at the company. After serving for 20 years in the Coast Guard, Richey retired in 2001 and became policy adviser to Sen. John Kerry, D-Mass., in whose office he worked on homeland security and other issues. Microsoft said it created the post in order to help the government manage its IT systems and to make sure the different systems work together. http://zdnet.com.com/2100-1105-965649.html ---------------------------------------------------- [9] Ballmer: 'A new era of partnership' By Lloyd Batzler GCN Staff Microsoft Corp. and the entire IT industry "are on the verge of a new era of partnership with the government" to improve security and address privacy concerns, the company's chief executive officer said today. "There are issues that need more public and private cooperation," Steve Ballmer said in remarks at the Brookings Institution, a Washington think tank. "Government realizes that an innovative technology industry is the key to economic growth. This forms the basis of a new partnership." Without discussing specifics, Ballmer said the company is working with authorities to curtail identity theft, reduce the chances of debilitating attacks on the Internet, curb spam and provide privacy protections. Citing industry estimates, Ballmer said identity theft costs consumers $1 billion a year while spam accounts for two of every three inbox messages. http://www.gcn.com/vol1_no1/daily-updates/20455-1.html ---------------------------------------------------- [10] British Web designer charged over viruses 16:09 Wednesday 13th November 2002 Reuters A Web designer has been charged with sending viruses and having indecent images of children after a tip-off from the FBI A Web site designer has been charged with sending computer viruses around the globe, including one rated the world's third most prolific, according to Scotland Yard. Simon Vallor, 21, from Llandudno, in Wales, was arrested in February following a tip-off from the US Federal Bureau of Investigation. http://news.zdnet.co.uk/story/0,,t269-s2125873,00.html ---------------------------------------------------- [11] Defense officials outline top research priorities By Molly M. Peterson, National Journal's Technology Daily Developing "modeling and simulation" technologies to predict, evaluate and test responses to potential terrorist threats is a top research priority for federal counterterrorism agencies, officials from the Pentagon and the White House Office of Homeland Security said on Wednesday. "Modeling and simulation [applications] with a degree of precision we've never had before would be most helpful to us," Tom Hopkins, director of technology development for the Defense Threat Reduction Agency (DTRA), said during a homeland security summit sponsored by Silicon Graphics Inc. Hopkins said those technologies could help national security officials combat "asymmetric" threats posed by terrorist groups that might use unconventional devices as weapons of mass destruction. http://www.govexec.com/dailyfed/1102/111302td1.htm ---------------------------------------------------- [12] Hopes raised for Internet grooming ban 14:23 Wednesday 13th November 2002 Graeme Wearden The British government plans to update the laws on sexual offences, including taking account of the way that paedophiles are using the Internet to contact children Internet grooming, the practice by which paedophiles use the Web to cultivate relationships with children with the aim of making contact and abusing them, could soon be made illegal. The Queen's Speech, which was delivered on Wednesday morning and lays out the government's legislative agenda for the next 12 months, included a commitment to bring forward a bill to review the laws on sexual offences. http://news.zdnet.co.uk/story/0,,t269-s2125854,00.html ---------------------------------------------------- [13] The first hopeful moment since Sept. 11 Thomas L. Friedman IHT Thursday, November 14, 2002 Confronting Iraq I WASHINGTON For a brief, shining moment last Friday, the world didn't seem like such a crazy place. When all 15 members of the UN Security Council voted for a UN demand that Iraq submit to unrestricted inspections of its weapons arsenal or else face "serious consequences," it was the first hopeful moment I've felt since Sept. 11. It was the first time since then that the world community seemed to be ready to overcome all of its cultural, religious and strategic differences to impose a global norm - that a country that raped its neighbor and defied UN demands that it give up its weapons of mass destruction not be allowed to get away with it. http://www.iht.com/articles/76862.html ---------------------------------------------------- [14] Spammers receive Government threat Wednesday 13th November 2002 by Jack Of Hearts The UK Government this week has taken the unusual step of warning the country about the flood of text message, email and fax scams that seem to be plaguing the business and consumer world. The Department for Trade and Industry this month said that the practice of Spam, through whatever medium, was a danger to business and consumers alike but children, in particular, are being targeted which is causing outrage amongst parents and family groups. http://www.it-analysis.com/article.php?id=2712 ---------------------------------------------------- [15] Return of Bin Laden As long as he can't be proven dead, he lives. By Richard Cohen Thursday, November 14, 2002; Page A33 Ever since the Pentagon blew the battle at Tora Bora last year and apparently allowed Osama bin Laden to slip the noose, the administration has been busy playing down his importance. "We've tried hard not to personalize it," Pentagon spokeswoman Victoria Clarke said of bin Laden and his Taliban sidekick, Mohammad Omar. "This is a lot more than bin Laden and Omar," she said. http://www.washingtonpost.com/wp-dyn/articles/A51801-2002Nov13.html ---------------------------------------------------- [16] Top court to review online-porn law By Frank J. Murray THE WASHINGTON TIMES Justices will hear arguments early next year on an order striking down the Children's Internet Protection Act of 2000 (CIPA) as unconstitutional. The case was decided by a special three-judge District Court in Philadelphia, and the Bush administration used an unusual fast-track provision to appeal directly to the Supreme Court. http://www.washtimes.com/national/20021113-225266.htm ---------------------------------------------------- [17] Powers to ban online racists As promised the Council of Europe has added a protocol to its landmark convention on cybercrime that requires future signatories to criminalise the use of the internet to spread racist or xenophobic content. The US is expected to opt out, citing constitutional rights to free expression, but for those who do sign up next year, new laws will be backed up by cross-border powers to drive online racists off the web. The Council of Europe has added a protocol to its Convention on Cybercrime that clears the way to the criminalisation of internet 'hate speech'. The update is intended to ban "modern and powerful means to support racism and xenophobia" facilitated by the internet. http://www.indexonline.org/news/20021111_europe.shtml ---------------------------------------------------- [18] More Telemarketers During Dinner? Industry Lobbyists To Push For Freedom To Exploit Customer Data Tarun Reddy When Congress convenes in January, Wall Street lobbyists will make a strong pitch for new legislation to give financial services companies greater freedom to use customer information to market products. The Financial Services Coordinating Council (FSCC), an umbrella group that lobbies on behalf of the Securities Industry Association and four other trade groups on privacy issues, wants 'opt-out" legislation that would allow brokerage firms and other institutions to use client information freely unless a client signs a form prohibiting such action, said a lobbyist who is crafting the legislation. Supporters of a liberalized privacy law say it will reduce marketing costs because companies will make better use of their client databases to drum up new business. Jim Pitts, FSCC's executive director, declined to comment. http://www.wallstreetletter.com/top+stories/industry+lobbyists+to+push+f or+freedom+to+exploit+customer+data.asp ---------------------------------------------------- [19] Maintaining Credible IIS Log Files by Mark Burnett last updated DATE Many network administrators by now have encountered serious Web server intrusions that have resulted in legal action. Often IIS logs are the primary evidence used to track down Web intruders. But what would happen if the credibility of your IIS logs was challenged in court? What if the defense claimed the logs were not reliable enough to be admissible as evidence? I once investigated a serious intrusion as part of a criminal investigation. An intruder broke into an IIS server, uploaded some tools, and then accessed the company's internal database. We knew approximately when the intrusion occurred, but we did not know which of several hundred Web sites on a dozen servers was compromised. As I mined through hundreds of log files stored on the Web servers, I came across one log file that had, among the thousands of log entries, a single blank line. I checked the last modified date of that file and found that it had been modified two days after the log file was closed. Hundreds of megabytes of log file evidence suddenly became useless due to a single blank line. Because the log files were stored on the same server that was compromised, the intruder could have easily removed evidence or, worse, replaced it with false evidence pointing to someone else. The modification of one log file is compelling reason to question the validity of every log file on that server. http://online.securityfocus.com/infocus/1639 ---------------------------------------------------- _____________________________________________________________________ The source material may be copyrighted and all rights are retained by the original author/publisher. Copyright 2002, IWS - The Information Warfare Site _____________________________________________________________________ Wanja Eric Naef Webmaster & Principal Researcher IWS - The Information Warfare Site <http://www.iwar.org.uk> --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk