_________________________________________________________________
London, Tuesday, November 26, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body
---------------------------------------------------------------------
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] Bush signs homeland bill; fills top jobs in department
[2] Counterterrorism project assailed by lawmakers, privacy advocates
[3] DDOS attack 'really, really tested' UltraDNS
[4] (UK) Cabinet Office beats off 1,000 cyber attacks in October
[5] Privacy czar plays homeland role
[6] Merde! Alcatel LAN switch ships with backdoor access
[7] Homeland Security Bill Heralds IT Changes
[8] Experts advocate standard public warning system
[9] Three charged in huge identity scam bust
[10] 'Safe for kids' Internet bill goes to president
[11] Homeland Security Plan Leaves Some Experts Skeptical
[12] Contractors act quickly to try to shape security agenda
[13] (AU) Cybercrime Bill a clumsy step in right direction
[14] Court blocks DVD-cracking suit
[15] Computer viruses face slow down
[16] 'Hacking Challenge' Winners Allege $43,000 Contest Rip-Off
[17] eBay scam site nipped in the bud
[18] DOD extends net reach
[19] Former Education Department official, e-gov pioneer dies
_________________________________________________________________
CURRENT THREAT LEVELS
_________________________________________________________________
Electricity Sector Physical: Elevated (Yellow)
Electricity Sector Cyber: Elevated (Yellow)
Homeland Security Elevated (Yellow)
DOE Security Condition: 3, modified
NRC Security Level: III (Yellow) (3 of 5)
_________________________________________________________________
News
_________________________________________________________________
[1] Bush signs homeland bill; fills top jobs in department
By Keith Koffler, CongressDaily
President Bush Monday signed legislation establishing a Homeland
Security Department and announced he will nominate White House homeland
security adviser Tom Ridge to be its first secretary.
Bush also announced that Navy Secretary Gordon England will be nominated
for the post of deputy secretary and that Drug Enforcement
Administration Administrator Asa Hutchinson, a former House member, will
be nominated to serve as undersecretary for border and transportation
security.
White House Press Secretary Ari Fleischer pledged the Bush
administration would work cooperatively with Congress next year as it
considers whether to strip out last-minute provisions added to the bill
that would protect vaccine makers and offer other benefits to
businesses.
http://www.govexec.com/dailyfed/1102/112502cd1.htm
----------------------------------------------------
[2] Counterterrorism project assailed by lawmakers, privacy advocates
By Shane Harris
Lawmakers, privacy advocates and civil libertarians are criticizing a
controversial Defense Department research project as an invasion of
personal privacy, and are questioning whether it should be scrapped.
In January, the Defense Advanced Research Projects Agency (DARPA) began
a multi-year effort to look for ways that technology could be used to
pre-empt terrorist attacks. Known as the Total Information Awareness
(TIA) system, much of the work centers on theoretical ways to use
information technology and human analysis to analyze transactions, such
as credit card purchases or phone calls, to find patterns that might
indicate a terrorist attack is being plotted.
The project has outraged groups that support restrictions on the use of
personal data. At a press conference Monday in Washington, Marc
Rotenberg, executive director of the Electronic Privacy Information
Center, said the TIA system was the “hub” of a far-reaching effort by
the government to “extend surveillance of the American public.”
http://www.govexec.com/dailyfed/1102/112502h1.htm
----------------------------------------------------
[3] DDOS attack 'really, really tested' UltraDNS
By ComputerWire
Posted: 26/11/2002 at 09:23 GMT
A major provider of domain name system infrastructure services was hit
by a distributed denial of service attack last Thursday morning
described as bigger and more sophisticated than anything else it has
previously seen, writes Kevin Murphy.
UltraDNS Corp, which provides DNS services for the likes of oracle.com
and top-level domains including .info and, from January 1 2003 .org, was
hit by a DDoS attack unprecedented in its scale.
While no services were actually denied, the attack has got the company
concerned enough to boost its bandwidth and infrastructure to prevent
further attacks. UltraDNS CEO Ben Petro compared this kind of attack to
"terrorism".
http://www.theregister.co.uk/content/55/28291.html
----------------------------------------------------
[4] Cabinet Office beats off 1,000 cyber attacks in October
The Cabinet Office has suffered almost 6,000 cyber attacks this year
with more than 1,000 incidents occurring in October alone.
Cabinet Office minister Douglas Alexander revealed the scale of the
attacks in a parliamentary written answer.
With the government stepping up preparations for a war with Iraq, Brian
White, MP for Milton Keynes and a former IT professional, asked a series
of parliamentary questions to ascertain government department's response
to the threat of cyber terrorism.
While the Cabinet Office fought off 5,857 cyber attacks this year, the
Foreign Office told White it had not been subject to a single attack.
http://www.cw360.com/bin/bladerunner?REQSESS=gg15412S&REQAUTH=0&2149REQE
VENT=&CARTI=117777&CARTT=1&CCAT=2&CCHAN=22&CFLAV=1
----------------------------------------------------
[5] Privacy czar plays homeland role
BY William Matthews
Nov. 21, 2002
After a two-year absence, a privacy czar of sorts is returning to the
federal government.
The Homeland Security Department will have a privacy officer whose job
will be to ensure that activities of the new department do not erode the
privacy of ordinary Americans.
But in light of recent legal, technological and political developments,
the new privacy chief will have a tough job, privacy advocates predict.
"Many of the missions of the Homeland Security agency are so inherently
invasive of privacy that it will be difficult for the privacy officer to
offset the risk to personal privacy," said Chris Hoofnagle, legislative
counsel at the Electronic Privacy Information Center
http://www.fcw.com/fcw/articles/2002/1118/web-private-11-21-02.asp
----------------------------------------------------
[6] Merde! Alcatel LAN switch ships with backdoor access
By John Leyden
Posted: 25/11/2002 at 13:30 GMT
Some versions of Alcatel's LAN switch software can yield backdoor access
to crackers, the company warns.
The vulnerability could give crackers full administrative control over
Alcatel OmniSwitch 7700/7800 switches running Alcatel Operating System
(AOS) version 5.1.1.
http://www.theregister.co.uk/content/55/28275.html
----------------------------------------------------
[7] Homeland Security Bill Heralds IT Changes
By Brian Krebs
washingtonpost.com Staff Writer
Monday, November 25, 2002; 1:38 PM
President Bush today signed a homeland security bill that could have
far-reaching implications for computer security and Internet privacy.
The homeland security bill includes a provision that shields Internet
service providers (ISPs) from customer lawsuits if providers share
private subscriber information with law enforcement authorities.
http://www.washingtonpost.com/wp-dyn/articles/A54872-2002Nov14.html
----------------------------------------------------
[8] Experts advocate standard public warning system
By Wilson P. Dizard III
GCN Staff
The nation needs a sophisticated national warning system that relies on
IT to spread warning messages far and wide, government and industry
public-safety experts said today.
The Partnership for Public Warning—which includes representatives of IT
companies and agencies such as the Federal Emergency Management Agency,
FBI and Nuclear Regulatory Commission—conducted a workshop to generate
its report, Developing a Unified All-Hazard Public Warning System.
http://www.gcn.com/vol1_no1/daily-updates/20569-1.html
----------------------------------------------------
[9] Three charged in huge identity scam bust
09:34 Tuesday 26th November 2002
Paul Festa, CNET News.com
US federal authorities say they have broken an identity theft ring that
siphoned funds from bank accounts and made fraudulent purchases over
three years
Calling it the largest such bust ever, the US Attorney in Manhattan and
the FBI apprehended an alleged ring of identity thieves, accusing three
men of stealing tens of thousands of credit reports.
The ring is alleged to have operated over a period of three years,
suspected of pilfering credit reports from the three major commercial
credit reporting agencies and using that information to siphon funds
from bank accounts and make fraudulent purchases. Authorities have
accounted for $2.7m (£1.7m) in losses so far.
http://news.zdnet.co.uk/story/0,,t269-s2126519,00.html
http://www.usatoday.com/money/perfi/columnist/block/2002-11-25-id-theft_
x.htm
http://news.findlaw.com/usatoday/docs/crim/usmohammed1002ind.pdf
http://news.findlaw.com/usatoday/docs/crim/usbaptiste1002cmp.pdf
http://news.findlaw.com/usatoday/docs/crim/uscummings112202cmp.pdf
----------------------------------------------------
[10] 'Safe for kids' Internet bill goes to president
By The Associated Press
11.25.02
WASHINGTON — Congress is sending President Bush legislation to create a
haven on the Internet for children, where parents can be assured Web
sites are free of pornography and other material not suitable for
youngsters.
The measure would make a ".kids.us" Internet domain that would be
available within a year and monitored by a government contractor to
ensure the material was appropriate for children under 13. The bill won
unanimous approval from the Senate on Nov. 13 and the House on Nov. 15.
It now goes to Bush, who is expected to sign it.
Child advocates backed the Internet domain measure.
http://www.freedomforum.org/templates/document.asp?documentID=17300
----------------------------------------------------
'... But some experts warn that rather than creating a new agency to
protect against terrorism, fundamental changes are needed at existing
agencies, like the CIA. ...'
'... "The CIA has now become part of the problem," says Kenneth Allard,
a former U.S. army intelligence officer. "And part of the reason why
they are is the fact that you have too many white Anglo-Saxon
Protestants with masters degrees in Soviet studies who are still there
who have absolutely no clue about Iraq, about al-Qaida or about what we
are facing with religious based fanaticism." ...'
[11] Homeland Security Plan Leaves Some Experts Skeptical
Nick Simeone
Washington
26 Nov 2002, 05:35 UTC
Listen to Nick Simeone's report from Washington (RealAudio)
Simeone report - Download 308k (RealAudio)
Some national security experts doubt the creation a new U.S. government
Department of Homeland Security means the nation is now better protected
against terrorism. It could be years before the 22 agencies brought
together under one department are working together effectively.
When President Bush signed the Homeland Security Act into law Monday, he
launched the biggest government re-organization since the creation of
the Defense Department after World War II. But in doing so, he
acknowledged changing the ingrained ways of Washington's multiple and at
times competing bureaucracies will not be easy. "To succeed in their
mission, leaders of the new department must change the culture of many
diverse agencies," says Mr. Bush.
http://www.voanews.com/article.cfm?objectID=E35F25D0-9ECD-4BF2-B60FEE2DC
AFD7752&title=Homeland%20Security%20Plan%20Leaves%20Some%20Experts%20Ske
ptical&catOID=45C9C78F-88AD-11D4-A57200A0CC5EE46C&categoryname=USA
----------------------------------------------------
[12] Contractors act quickly to try to shape security agenda
By Maureen Sirhal, National Journal's Technology Daily
A group of security and defense contractors on Monday offered their
recommendations for shaping policies to defend the nation from terrorist
threats.
The Homeland Security Industries Association unveiled eight papers
focused on improving security in such places as critical infrastructure,
airports, seaports and the food supply—and recommended ways that the
government can begin tackling the issues.
With more than 75 member companies across several industries, that
association has been working since its launch in September to "identify
gaps in security and possible [technology] solutions," President Bruce
Aitken said on the day that President Bush signed a bill creating the
Homeland Security Department.
http://www.govexec.com/dailyfed/1102/112502td1.htm
----------------------------------------------------
[13] Cybercrime Bill a clumsy step in right direction
By Senator Brian Greig
November 25 2002
Next
According to the Computer Emergency Response Team (CERT) coordination
centre, the number of reported incidents of computer-related security
breaches in the first three quarters of 2000 rose by 54 per cent over
the total number of reported incidents in the previous year. CERT logged
some 9000 security breaches in Australia in 1999 and that number leapt
to an extraordinary 22,000 incidents in the year 2000.
In addition to this, it would appear that countless instances of illegal
access, damage, fraud and illegal pornography around the world remain
unreported, because victims fear the exposure of vulnerabilities, the
potential for copycat crimes and the loss of public confidence.
http://www.smh.com.au/articles/2002/11/25/1038173686523.html
----------------------------------------------------
[14] Court blocks DVD-cracking suit
09:19 Tuesday 26th November 2002
John Borland, CNET News.com
A ruling in California deals with just one part of Hollywood's
multifaceted attack on DeCSS, a controversial bit of computer code that
can assist in the copying of DVDs
The California Supreme Court handed Hollywood's antipiracy efforts a
setback on Monday, ruling that a Texas resident who posted controversial
DVD-cracking code online can't be sued in the California.
The ruling, released by the court on Monday, deals with just one part of
Hollywood's multifaceted attack on DeCSS, a controversial bit of
computer code that can assist in the copying of DVDs. The justices
didn't address the legality of posting the software program online,
saying only that Texas resident Matthew Pavlovich couldn't be sued in
California for doing so.
http://news.zdnet.co.uk/story/0,,t269-s2126517,00.html
----------------------------------------------------
[15] Computer viruses face slow down
The ILOVEYOU bug spread via e-mail quickly
Computer viruses could, in the future, find it much harder to spread
themselves over the internet.
Matthew Williamson, a researcher at the Hewlett-Packard laboratories in
Bristol, UK, has come up with a way to slow down the rate of infection.
http://news.bbc.co.uk/1/hi/technology/2511961.stm
----------------------------------------------------
[16] 'Hacking Challenge' Winners Allege $43,000 Contest Rip-Off
Eighteen months after Argus Systems challenged the hacker world to crack
its PitBull security product in a much-ballyhooed global contest, the
winners say they're still waiting for their prize money.
By Kevin Poulsen, SecurityFocus Nov 26 2002 12:05AM
It must have seemed a masterstroke of marketing genius at the time. A
formerly-obscure security software company organizes a series of
high-profile contests aimed at showing that even with a sizable cash
prize dangling as a reward, the world's best hackers can't crack a Web
server protected by the company's flagship product.
The only problem: the world's best hackers did just that. And now more
than eighteen months after the Polish white hat hacker group Last Stage
of Delirium (LSD) conquered the Argus Systems Group's fifth, and
apparently last, "Hacking Challenge," the winners say the company still
hasn't paid most of the $48,000 prize, raising the ugly specter of fraud
in a contest that some security experts already criticized as a
corporate publicity stunt.
http://online.securityfocus.com/news/1717
----------------------------------------------------
[17] eBay scam site nipped in the bud
By John Leyden
Posted: 25/11/2002 at 15:56 GMT
A spate of emails inviting eBay customers to divulge usernames and
passwords to a scam site reached epidemic proportions last week.
The emails invited the foolhardy to hand over confidential details to a
site called change-eBay.com, Needless to say, this has no affiliation
with the online auction site. change-eBay.com was acquired using a
stolen credit card and has since been closed CNET reports.
http://www.theregister.co.uk/content/55/28279.html
----------------------------------------------------
[18] DOD extends net reach
BY Dan Caterinicchia
Nov. 25, 2002
The U.S. Pacific Command (Pacom) and U.S. Central Command (Centcom) each
use their own secure wide-area networks to communicate with coalition
partners in their areas of the world, and now the two systems have been
linked to create even greater global information-sharing possibilities.
Navy Capt. James Fordice, the U.S. Pacific Fleet's director for command,
control, communications, computers and intelligence, said Pacom's
Combined Operations, or Coalition, WAN (COWAN) has a number of secure
enclaves with various Asian-Pacific partners, including COWAN-K with
Korea, COWAN-J with Japan, and COWAN-A, which supports Canada,
Australia, New Zealand, the United Kingdom and the United States.
http://www.fcw.com/fcw/articles/2002/1125/web-cowan-11-25-02.asp
----------------------------------------------------
[19] Former Education Department official, e-gov pioneer dies
By Amelia Gruber
Greg Woods, a former Education Department official who helped lead
efforts to make the federal government more citizen-friendly, died of
pancreatic cancer last Thursday.
Woods, 59, was the former chief operating officer of the Education
Department’s Federal Student Aid (FSA) office and pioneered the
e-government concept.
“If there’s a school in heaven, and if a student needs financial aid,
there’s a new administrator there today who probably can’t wait to get
down to business,” said G. Kay Jacks, general manager of FSA’s Web site
about financial aid, referring to Woods.
http://www.govexec.com/dailyfed/1102/112502a1.htm
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
