_________________________________________________________________ London, Monday, December 02, 2002 _________________________________________________________________
INFOCON News _________________________________________________________________ IWS - The Information Warfare Site http://www.iwar.org.uk _________________________________________________________________ --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- _________________________________________________________________ ---------------------------------------------------- [CURRENT THREAT LEVELS] ---------------------------------------------------- Electricity Sector Physical: Elevated (Yellow) Electricity Sector Cyber: Elevated (Yellow) Homeland Security Elevated (Yellow) DOE Security Condition: 3, modified NRC Security Level: III (Yellow) (3 of 5) ---------------------------------------------------- [News Index] ---------------------------------------------------- [1] B2-ORM Mailing List [2] Homeland department could transform tech industry [3] Pentagon distributes software for modeling effects of attacks [4] Schneier: No "magic security dust" [5] Total Info System Totally Touchy [6] Lax Security: ID Theft Made Easy [7] Net security: Steady as she goes [8] Cisco backtracks on security functionality [9] S Koreans launch cyber attack on US over schoolgirls' deaths [10] Ten more tips for safe xmas e-tail [11] Intercepts [12] Computer virus insults victims [13] The Insecurity of Computer Security [14] Tech industry speculates about candidates for security jobs [15] WLAN security is still work in progress [16] Irish ISP blocks web site over dispute [17] Bugbear remains top virus threat [18] 'Critical' MS server flaw may affect few sites [19] First hackers sighted in high speed mobile phone arena _________________________________________________________________ News _________________________________________________________________ [1] B2-ORM Mailing List is an international email user group focused on the sharing of information on the implementation of Basel II compliant Operational Risk Management solutions in the Financial Services industry. Why not join today? Simply send an email to : mailto:[EMAIL PROTECTED] The next three years will place enormous strain on the resources of Operational Risk staff in the worlds Financial Services organisations. Why not learn from others and share information? Good practice guides, white papers and other essential information may be found on the groups web site and downloaded to your own system. Topics to be discussed include: Business Continuity Management (new International Standard) The role of Information Security, Audit and Compliance Interfaces with Outsource and other service providers. Six Sigma errors and defects management Money Laundering and Fraud Risk Interfaces to Credit and Market Risk ---------------------------------------------------- [2] Homeland department could transform tech industry By William New, National Journal's Technology Daily The creation of a Homeland Security Department may presage more than better domestic security. It could mark the transformation of the technology industry from an economically flat maker of consumer-oriented products into a thriving, but more secretive, machine that creates security-oriented products and services. "The homeland security opportunity [for tech companies] is unprecedented in the civilian side of government," said Bruce McConnell, a Washington-based technology consultant. "The art form is to build relationships early on with the most influential component agencies ... who will define the architecture for years to come. President Bush signed the legislation, H.R. 5005, on Nov. 25. It will take effect in 60 days, but fundamental questions such as funding remain. New jobs in the department also must be filled and congressional oversight of the Cabinet-level agency defined. http://www.govexec.com/dailyfed/1102/112702td1.htm ---------------------------------------------------- [3] Pentagon distributes software for modeling effects of attacks By Bryan Bender, Global Security Newswire The Defense Department has licensed to a few select nongovernmental organizations previously unavailable software that can model the effects of releases of nuclear, chemical, biological or radiological weapons and materials. The Heritage Foundation, Natural Resources Defense Council, Stanford University and other institutions have recently gained access to the computer modeling programs. The goal is to educate political leaders and the public about the potential consequences of weapons of mass destruction whether they are used by terrorists or by a state in conflict with the United States. Furthermore, defense officials have said that they benefit from the independent analysis by nongovernmental organizations. The modeling programs-the Hazard Prediction and Assessment Capability (HPAC) and the Consequences Assessment Tool Set (CATS)-are both capable of calculating the outcome of thousands of possible scenarios involving a variety of weapons and materials. The models can determine the human medical effects, toxicity levels, contaminated areas, population exposure, hazard areas and casualties should WMD materials be unleashed in an attack or dispersed in a military strike or by accident. http://www.govexec.com/dailyfed/1102/112702gsn1.htm ---------------------------------------------------- [4] Schneier: No "magic security dust" By Alorie Gilbert Special to ZDNet December 2, 2002, 7:14 AM PT Tech entrepreneur Bruce Schneier is one of America's best-known computer security experts. His testimony before Congress helped defeat legal restrictions on cryptography sought by the FBI and the National Security Agency when an appellate court ruled in 1999 that crypto algorithms were a form of speech covered by the First Amendment. Schneier co-founded security services company Counterpane Internet Security where he serves as chief technologist. Arguing that constant vigilance not technology is the best defense against computer break-ins, Schneier believes security breaches are nonetheless fated to increase as networking systems become more complex. http://zdnet.com.com/2100-1105-975690.html ---------------------------------------------------- [5] Total Info System Totally Touchy By Ryan Singel | 02:00 AM Dec. 02, 2002 PT Can a massive database of information on Americans really preempt terrorist attacks? That's what industry experts are asking about the Pentagon's proposed Total Information Awareness System, which, according to the proposal (PDF), would aggregate on "an unprecedented scale" credit card, medical, school and travel records. http://www.wired.com/news/politics/0,1283,56620,00.html ---------------------------------------------------- [6] Lax Security: ID Theft Made Easy By Michelle Delio | 02:00 AM Dec. 02, 2002 PT The people charged last week with stealing the identities of at least 30,000 Americans weren't criminal masterminds. They simply took advantage of sloppy security practices that allowed them easy and unrestricted access to sensitive data. Investigators in Manhattan said they have identified about 12,000 additional people whose credit reports may have fallen into criminal hands during the almost three years that the New York-based identity fraud ring was active. The scam was first detected eight months ago. http://www.wired.com/news/privacy/0,1848,56623,00.html ---------------------------------------------------- [7] Net security: Steady as she goes By Robert Lemos Special to ZDNet December 2, 2002, 10:30 AM PT Dorothy Denning has never been shy of sounding off about society's use of technology. This widely quoted Georgetown University professor of computer science was once dubbed the "Clipper Chick" because of her vocal support of the controversial Clipper encryption proposal. That policy measure, which was ultimately scuttled, would have allowed the U.S. government access to keys that could decipher any message encoded by the system. Despite her unpopular stance on encryption, Denning's dedication to security nonetheless earned her respect, even from her opponents. Today, she is considered an expert in encryption, hacktivism and emerging trends in cyberterrorism. http://zdnet.com.com/2100-1105-975720.html ---------------------------------------------------- [8] Cisco backtracks on security functionality By ComputerWire Posted: 02/12/2002 at 09:26 GMT Having previously said that it had added firewall and intrusion-detection features to its IOS security software, Cisco Systems Inc has now clarified its position and said that those features will not actually be integrated into the product until the first quarter of 2003. Earlier this month, San Jose, California-based Cisco said that it had added the functionality to IOS as part of 12 platform and services enhancements that reinforced its leadership in the security market. Now it appears the company might have been a little over-eager. In a terse statement, it noted that it will not be available until next year. http://www.theregister.co.uk/content/55/28377.html ---------------------------------------------------- [9] S Koreans launch cyber attack on US over schoolgirls' deaths South Korean activists have attacked the White House computer server with electronic mail bombs to protest the acquittal of two US soldiers accused of killing two schoolgirls in a road accident. Meanwhile, four people have been arrested breaking into a US army base and riot police have stopped 300 protesters from marching on the American embassy in Seoul. http://abc.net.au/news/newsitems/s738547.htm ---------------------------------------------------- [10] Ten more tips for safe xmas e-tail We know you all know this but in case you know someone who needs to know... First, the government brings us three tips for safe online shopping. Then the e-tail industry indulges in some one-upmanship by publishing not four, not five but ten pointers to help make your e-tail experience this Christmas a good one. http://www.silicon.com/bin/bladerunner?30REQEVENT=&REQAUTH=21046&14001RE QSUB=REQINT1=56630 ---------------------------------------------------- [11] Intercepts BY Dan Caterinicchia Dec. 2, 2002 Printing? DOD Launching Cyberattacks? The U.S. Strategic Command's joint task force for computer network operations was created about 18 months ago and is in charge of defending all Defense Department networks from attack. But there is more. The agency also is charged with initiating cyberattacks when the president or Defense secretary instructs it to do so, according to a joint task force official. But has the United States ever launched a cyberattack? Air Force Maj. Gen. John Bradley, the joint task force's deputy commander, would not say at last month's AFCEA International TechNet Asia-Pacific 2002 conference in Honolulu. http://www.fcw.com/fcw/articles/2002/1202/intercepts-12-02-02.asp ---------------------------------------------------- [12] Computer virus insults victims Users get an insulting message on their screen Security experts are warning computer users to be on the look-out for an insulting worm that can seriously harm a PC. Known as Winevar, the worm is spreading via e-mail as an attachment that infects computers running Windows. Winevar has a particularly rude insult, displaying the message: "Make a fool of oneself: What a foolish thing you've done!" If users press the ok button, they could lose all the files on their computer. http://news.bbc.co.uk/1/hi/technology/2523387.stm ---------------------------------------------------- [13] The Insecurity of Computer Security By JOHN SCHWARTZ HE thieves who stole the credit histories of more than 30,000 people, law enforcement officials said last week, succeeded because Philip Cummings, a low-level employee of Teledata Communications Inc., had easy access to the material and was willing to steal it. Mr. Cummings, one of three people under arrest for what officials describe as the largest known case of identity fraud, was paid as much as $60 per person for credit histories. Just weeks prior to those arrests, three former fraternity brothers were arrested on charges of trying to rig the computerized betting system in the Breeders' Cup horse race, hoping to win nearly $3 million. Again, an insider, Chris Harn, allegedly used his position as a programmer at Autotote, a racing service company, to cheat the system. http://www.nytimes.com/2002/12/01/weekinreview/01JOHN.html?ex=1039496400 &en=06622192e4b7e467&ei=5040&partner=MOREOVER ---------------------------------------------------- [14] Tech industry speculates about candidates for security jobs By Bara Vaida, National Journal's Technology Daily With the law to create a Homeland Security Department now on the books, high-tech lobbyists have begun speculating about who will be chosen to fill key technology leadership positions within the new Cabinet-level agency. High-tech companies are particularly interested in three homeland security leaders who will shape policy and who could influence the selection of agency vendors: the undersecretary for information analysis and infrastructure protection, the undersecretary for science and technology, and the chief information officer (CIO). All three people who will fill those jobs likely will be known by Jan. 24, the effective date for creating the department. The Senate must confirm both undersecretaries but not the CIO. http://www.govexec.com/dailyfed/1102/112702td2.htm ---------------------------------------------------- [15] WLAN security is still work in progress By John Leyden Posted: 29/11/2002 at 19:24 GMT IT managers are cautiously optimistic that wireless networks will - over time - become as secure as today's local area networks, but security concerns are still holding back deployment of the technology. Those are the main findings of a limited (but still informative) survey of IT security manager attitudes on the deployment of 802.11b (wireless) networks by security consultancy Defcom released this week. http://www.theregister.co.uk/content/55/28373.html ---------------------------------------------------- [16] Irish ISP blocks web site over dispute By Drew Cullen Posted: 02/12/2002 at 16:31 GMT UTVInternet (UTVi), the all-Ireland ISP, stopped its subscribers from accessing Irish auction site ebid.ie last week. The action was taken in response to commercial dispute between the two companies, UTVi told Irish journalist Fergus Cassidy. UTVi barred the way to ebid.ie for "a week or two", removing the block last Friday afternoon. Entirely coincidentally, Cassidy, a columnist on The Sunday Tribune, got on the case last week. http://www.theregister.co.uk/content/6/28392.html ---------------------------------------------------- [17] Bugbear remains top virus threat By Will Sturgeon Silicon.com December 2, 2002, 5:05 AM PT Bugbear has claimed a second month at the top of the virus charts. Bugbear accounted for almost 30 percent of all reports of viruses to antivirus Sophos in the last month--well ahead of former top spot incumbent Klez which now only accounts for around eight per cent of all reports in third place. Also making headlines, straight in at number two, is the Braid worm with 8.5 per cent of all reports. http://zdnet.com.com/2100-1105-975673.html ---------------------------------------------------- [18] 'Critical' MS server flaw may affect few sites 16:08 Friday 29th November 2002 Matthew Broersma A new flaw in IIS is unlikely to have a widespread impact, according to Internet survey firm Netcraft. The firm also found evidence that Web sites are fleeing the US A recently-revealed security flaw in Microsoft's Internet Information Server may have been over-hyped, according to testing figures from a UK-based Internet research firm. Netcraft's figures also showed that the large Web-hosting businesses that gained prominence in the 1990s are continuing to lose out to smaller, customer-supported firms. http://news.zdnet.co.uk/story/0,,t269-s2126786,00.html ---------------------------------------------------- [19] First hackers sighted in high speed mobile phone arena By John Leyden Posted: 27/11/2002 at 13:38 GMT T-Mobile has installed a firewall on its GPRS network in the States after a small number of users complained of receiving hacker probes when using its high-speed mobile service. The issue came to light after Mike Palmer, the technology director for the broadcast division of AP, spotted numerous probes against his PC while using T-Mobile's GPRS network, Computerworld reports. http://www.theregister.co.uk/content/55/28322.html ---------------------------------------------------- _____________________________________________________________________ The source material may be copyrighted and all rights are retained by the original author/publisher. Copyright 2002, IWS - The Information Warfare Site _____________________________________________________________________ Wanja Eric Naef Webmaster & Principal Researcher IWS - The Information Warfare Site <http://www.iwar.org.uk> --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk