[INFOCON] - need help: web designer wanted with some time to spare

[Wanja Eric Naef \(IWS\)]

Dear All,

The web site has been on hold for a very long time as I could not afford
the bandwidth anymore. Luckily, I have final managed to get a secure
server to host the site and mailing list(s) and about a month ago I
redesigned the site with a friend of mine to make it more user-friendly
and easier to navigate (as the site has more than 4000 html pages and I
can easily double that with the amount of new material I have been
saving on my hard drive).

Unfortunately, both of us are not web designer (I did war studies and my
friend did biomedical science), hence we encountered some design
problems which we could not fix. As I have been footing the bill for the
site over the last three years out of my non existent resources, I
cannot afford to a hire a professional web designer who could fix our
design problems. Hence, I was wondering whether someone on the list
might be a web designer or would know a web designer who could give us
hand with the design problems.

The design problems are:

a) Several pop navigation menus on top of the page which work in
Internet Explorer and Netscape are needed. I designed one which did not
work and spent several hours looking for codes, but unfortunately
without any success.

(There should be a pop up menu below Categories - Infocon - Reviews -
Forums - News - Mailing Lists - Links - About IWS)

http://212.111.49.124 

A mock up with one pop menu can be seen @

http://212.111.49.124/mockup.htm 

b) The top navigation bar looks good in IE, but unfortunately when it is
viewed in the Netscape browser, the images of the navigation bar (Home -
... - Sitemap) are not in line with the background graphic. This needs
to be fixed.

http://212.111.49.124

It would be greatly appreciated if someone could help us out as it will
enable us to roll out the new site and restart the Infocon mailing list
and launch the new mailing lists (IA/InfoSec, Cyber Arms Control, CNO
list).

And so for once: 'ask not what the site can do for you--ask what you can
do for the site'.

Thank you.

WEN


'Information is the currency of victory on the battlefield.'
GEN Gordon Sullivan, CSA (1993)


Wanja Eric Naef
Principal Researcher
IWS - The Information Warfare Site
http://www.iwar.org.uk


Join the IWS Infocon Mailing List @
http://www.iwar.org.uk/general/mailinglist.htm







IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - NIPC Daily Open Source Report for 2 January 2003

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 2 January 2003

Daily Overview

.   The Stars and Stripes reports the enrollment and claim files of
550,000 beneficiaries of the military's managed-care medical network
were stolen on December 14.  (See item 8)

.   CNN reports the nation's larger airline carriers are resolving
to trim costs in 2003 and are looking to smaller competitors for cost
saving ideas.  (See item 3)

.   ZDNet reports a new variant of the Yaha virus that appeared just
before Christmas has proven contagious, infecting thousands of computers
worldwide; Symantec has raised the threat from a Category 2 to a
Category 3.  (See item 10)

Editor's Note: Beginning January 6, 2003, the NIPC Daily Open Source
Report will be aligned to cover the critical infrastructure sectors as
identified in the National Strategy for Homeland Security.  Currently
covered sectors, which were set forth in Presidential Decision Directive
63, are included in the new format.  The new Sector alignment will be as
follows: Agriculture, Food, Water, Public Health, Emergency Services,
Government, Defense Industrial Base, Information and Telecommunications,
Energy (to include Electric Power, and Oil and Gas), Transportation,
Banking and Finance, Chemical Industry and Postal and Shipping.  

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking & Finance
Transportation

Gas & Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

1.  December 31, Platts Energy News - Bulgaria' Kozloduy nuke set to
shut units.  Bulgarian authorities said the second reactor at Bulgaria's
Kozloduy nuclear power plant was permanently shut at midnight local time
Monday, after 27 years of operation.  Its twin, unit one, is scheduled
to shut at 4 pm Tuesday after 28 years.  Both Kozloduy units, first
-generation 440MW reactors, are being shut to satisfy European Union
requirements for Bulgaria's bid to join the EU in 2007.  The EU
considered the reactors unsafe.  Iordan Kostadinov, director of the
Kozloduy plant, said the two units were Bulgaria's cheapest electricity
producers and their closure would mean a loss of $200 million per year.
Decommissioning of the two units is backed by the European Bank for
Reconstruction and Development.  Source:
http://www.platts.com/archives/94941.html 

2.  December 30, Albuquerque Journal - Nine utilities plan
transmission company.  Xcel Energy, along with eight other electric
utilities, has filed for regulatory approval in New Mexico to form a
transmission-only company, Translink Transmission Co.  This would be a
for-profit company controlling the movement of electricity in parts of
eight states.  In addition to New Mexico, filings were made in Iowa,
Minnesota, Texas and Wisconsin. Filings are also planned in Colorado,
Illinois and North Dakota.  Xcel Energy, formerly Southwestern Public
Service Co., is New Mexico's second largest regulated utility.  The
company has 1,400 miles of power lines and 106,000 customers in eastern
New Mexico.  Minneapolis-based Xcel joined seven other utilities to form
Translink in response to a 1999 Federal Energy Commission (FERC) order.
The FERC order requires utilities to hand over control of transmission
to independent companies.  Competing utilities and wholesale power
marketers will thus have equal opportunity to move power across the
country, FERC said.  The other utilities participating in Translink are
Alliant Energy of Madison, Wis.; Corn Belt Power Cooperative of
Humboldt, Iowa; Dairyland Power Cooperative of La Crosse, Wis.; Great
River Energy of Elk River, Minn.; MidAmerican Energy Co. of Des Moines,
Iowa; Nebraska Public Power District of Columbus, Neb.; Omaha Public
Power District of Omaha, Neb.; and Southern Minnesota Municipal Power
Agency of Rochester, Minn.  Translink executives expect to get
regulatory approval and begin operations next fall.  Source:
http://www.energycentral.com/sections/newsroom/nr_article.cfm?id=3542941


Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Cyber: ELEVATED
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -  http://esisac.com]

[return to top]

Banking and Finance Sector

Nothing to report.

[return to top]

Transportation Sector

3.  December 31, CNN - Airlines resolve to trim costs in 2003.  The
nation's larger carriers, like American Airlines, are looking to smaller
competitors like Southwest for cost saving ideas.  After years of
positive returns, the nation's biggest airlines experienced a serious
about-turn in 2002.  With industry-wide losses approaching $9 billion
for the year, carriers such as American, United and Delta shed employees
and excess planes, eliminated travel agents' commissions and levied new
fees on eve

[INFOCON] - Happy New Year & NIPC Daily Open Source Report for 31December 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 31 December 2002

Daily Overview

.   The Washington Post reports that U.S. intelligence officials
have identified approximately 15 cargo freighters around the world that
they believe are controlled by al Qaeda or could be used by the
terrorist network.  (See item 4) 

.   The Canadian Press reports experts say it's only a matter of
time before there is a concerted, politically motivated attack on the
Internet or a piece of computer-dependent infrastructure such as the
electrical grid.  (See item 12)

.   The Washington Post reports that as the new airport measures go
into effect, all checked bags must be screened for explosives, although
the method will vary by airport.  (See item 5)

.   Reuters reports the price of oil is now above $33 a barrel,
influenced by a possible war with Iraq and the continuing crisis in
Venezuela.  (See item 7)

.   The San Francisco Chronicle reports water officials are
considering desalination to prevent serious drought in the future.  (See
item 8)

Editor's Note: Beginning January 6, 2003, the NIPC Daily Open Source
Report will be aligned to cover the critical infrastructure sectors as
identified in the National Strategy for Homeland Security.  Currently
covered sectors, which were set forth in Presidential Decision Directive
63, are included in the new format.  The new Sector alignment will be as
follows: Agriculture, Food, Water, Public Health, Emergency Services,
Government, Defense Industrial Base, Information and Telecommunications,
Energy (to include Electric Power, and Oil and Gas), Transportation,
Banking and Finance, Chemical Industry and Postal and Shipping.  Readers
wishing to comment on the contents or suggest additional topics and
sources should contact Melissa Conaty at 202-324-0354 or Kerry J.
Butterfield at 202-324-1131.  Requests for adding or dropping
distribution to the NIPC Daily Open Source Report should be made through
the Watch and Warning Unit at [EMAIL PROTECTED] 

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking & Finance
Transportation

Gas & Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

1.  December 30, Platts Energy News - Fermi-2 scrams from 75% power
on control rod problem.  A few minutes after midnight Sunday, operators
at the Newport, Michigan Southern Nuclear's Fermi-2 manually scrammed
the reactor and placed it in hot shutdown after losing the ability to
drive control rods, the Nuclear Regulatory Commission said in its events
notification report.  Just before the scram occurred, the 1,116-MW
nuclear reactor was being shut down from 100% power because of a low
output voltage condition.  Power was lowered using core flow to 75%.
The low MPU 3 voltage allowed selection of control rods but would not
allow control rods to be inserted.  Source:
http://www.platts.com/archives/94903.html 

2.  December 27, Daily News, New York - Sparks fly over planned
Brooklyn, NY power plant.  The billion-dollar, 1,100-megawatt
cogeneration facility proposed on N. 12th St., on the border of
Williamsburg and Greenpoint, would clean up a toxic site, improve air
quality and give the revitalizing waterfront a sleek new signature
building, according to TransGas Energy Systems, which is seeking state
approval for the plant which will convert natural gas into electricity.
"It will become an anchor and an economic engine, providing jobs,
generating millions of dollars in economic activity and spurring
additional future investment," said TransGas President Adam Victor.  But
community activists have a different take on the project -- Adam
Perlmutter, an attorney and board member of Greenpoint Waterfront
Association Parks, said "Something like this will be the death knell for
waterfront revitalization."  Borough President Marty Markowitz, City
Councilman David Yassky (D-North Brooklyn), Assemblyman Joseph Lentol
(D-North Brooklyn) and Rep. Nydia Velazquez (D-Brooklyn) have spoken out
against the power plant proposal.  Source:
http://www.energycentral.com/sections/newsroom/nr_article.cfm?id=3540686


Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Cyber: ELEVATED
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -  http://esisac.com]

[return to top]

Banking and Finance Sector

3.  December 26, Comptroller of the Currency - Bank Secrecy
Act/Anti-Money Laundering: Notice of Designation--Designation of Nauru
and Ukraine as Primary Money Laundering Concerns.  This document states
that it is believed by the Comptroller that the foreign banks listed
within the document currently or in the past maintained correspondent
accounts with Nauru-licensed financial institutions.  The overwhelming
majority of Nauru-

[INFOCON] - NIPC Daily Open Source Report for 30 December 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 30 December 2002

Daily Overview

.   SecuriTeam reports that certain Cisco products containing
support for the Secure Shell (SSH) server are vulnerable to a Denial of
Service (DoS) if the SSH server is enabled on the device.  (See item 15)

.   CNN reports poultry farms in Southern California have been
quarantined and 100,000 chickens destroyed after officials detected a
fast-spreading poultry disease called Exotic Newcastle Disease. (See
item 8)

.   MSNBC reports scientists are amazed by the scale and sweep of
the ecological impact of West Nile virus; the effects on wildlife have
been far worse than on humans.  (See item 16)

.   CNN reports that Venezuela, the world's fifth largest oil
producer, has begun importing gasoline from neighboring Brazil; the
ongoing strike, coupled with fears of a war in the Middle East, has
pushed oil prices above $30 a barrel. (See item 5).  In related stories,
US refinery and trucking interests are being effected by the oil workers
strike in Venezuela.  (See Items 6 and 7) 

.   The Federal Bureau of Investigation is seeking the public's
assistance in determining the whereabouts of five individuals believed
to have entered the United States illegally on or about December 24,
2002. (See item 11)

Editor's Note: Beginning January 6, 2003, the NIPC Daily Open Source
Report will be aligned to cover the critical infrastructure sectors as
identified in the National Strategy for Homeland Security.  Currently
covered sectors, which were set forth in Presidential Decision Directive
63, are included in the new format.  The new Sector alignment will be as
follows: Agriculture, Food, Water, Public Health, Emergency Services,
Government, Defense Industrial Base, Information and Telecommunications,
Energy (to include Electric Power, and Oil and Gas), Transportation,
Banking and Finance, Chemical Industry and Postal and Shipping.  Readers
wishing to comment on the contents or suggest additional topics and
sources should contact Melissa Conaty at 202-324-0354 or Kerry J.
Butterfield at 202-324-1131.  Requests for adding or dropping
distribution to the NIPC Daily Open Source Report should be made through
the Watch and Warning Unit at [EMAIL PROTECTED] 

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking & Finance
Transportation

Gas & Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

1.  December 26, PRNewswire - Nine Mile Point Units One and Two back
in service.  In Oswego, NY, Nine Mile Point Nuclear Station Units One
and Two were both returned to service yesterday.  Unit One was placed
back on the grid at 12:19 a.m. and is at full power.  Unit Two returned
to service at 10:30 p.m. and is proceeding toward a return to full
power.  Nine Mile One was taken out of service on December 5, 2002 for a
planned outage in order to identify and make repairs to the Reactor
Building Closed Loop Cooling System, a system which uses demineralized
water to cool components such as pumps, motors and air coolers.  Nine
Mile Two automatically shut down on December 16, 2002 due to a problem
with the temperature controller on the plant's generator.  Additional
maintenance was performed on both units while they were shut down.
Constellation Energy Group (NYSE: CEG) owns 82 percent of Nine Mile
Point Unit 2 and 100 percent of Unit 1.  The electricity generated by
the reactors is enough to meet the needs of more than a half-million
homes in the Northeast United States.  Source:
http://www.energycentral.com/sections/newsroom/nr_article.cfm?id=3538628


2.  December 26, Business Wire - ConEdison Solutions to donate
83,000 watts of wind power on New Year's Eve.  Midnight on New Year's
Eve, ConEdison Solutions, a leading energy service provider, will donate
to the New York State power grid 83,000 watts of electricity generated
by an upstate wind farm - an amount equal to the power used to light the
New Year's Eve ball and 2003 numerals in Times Square.  This
electricity, equivalent to the wattage needed to power 10 large homes or
100 apartments, will be provided in partnership with Community Energy,
Inc. and certified as Green-e compliant by the Center for Resource
Solutions.  The New Wind Energy is the product of Community Energy,
Inc., and supplied by the recently dedicated 30-megawatt wind power farm
in Fenner, NY, developed and owned by CHI Energy, Inc.  Community Energy
was founded in 1999 to expand the market for premium, clean energy,
produced with no fuel or pollution.  Source:
http://hsweb01.screamingmedia.com/PMA/pma_newsarticle1_national.htm?SMDO
CID=comtex_2002_12_26_bw_-1613-.industrytopstories.corp&SMContentSet
=0 

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Cyber: ELEVATED
Sc

[INFOCON] - NIPC Daily Open Source Report for 27 December 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 27 December 2002

Daily Overview

.   Internet Security Systems has lowered its AlertCon Internet
threat indicator to Level 1, recommending regular vigilance.  (See
Internet Alert Dashboard)

.   The Washington Times reports a paper published recently by the
Center for Strategic and International Studies concludes that the threat
from hackers on the nation's critical infrastructures has been overdone.
(See item 14)

.   The Washington Post reports Canadian intelligence experts said
al Qaeda "sleeper cells" in Canada and the United States have
communicated with each other as recently as this month, probably to plan
terrorist attacks in the United States.  (See item 18)

Editor's Note: Beginning January 6, 2003, the NIPC Daily Open Source
Report will be aligned to cover the critical infrastructure sectors as
identified in the National Strategy for Homeland Security.  Currently
covered sectors, which were set forth in Presidential Decision Directive
63, are included in the new format.  The new Sector alignment will be as
follows: Agriculture, Food, Water, Public Health, Emergency Services,
Government, Defense Industrial Base, Information and Telecommunications,
Energy (to include Electric Power, and Oil and Gas), Transportation,
Banking and Finance, Chemical Industry and Postal and Shipping.  Readers
wishing to comment on the contents or suggest additional topics and
sources should contact Melissa Conaty at 202-324-0354 or Kerry J.
Butterfield at 202-324-1131.  Requests for adding or dropping
distribution to the NIPC Daily Open Source Report should be made through
the Watch and Warning Unit at [EMAIL PROTECTED] 

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking & Finance
Transportation

Gas & Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

1.  December 26, BBC - N. Korea nuclear moves alarm UN.  The UN
nuclear watchdog says North Korea has moved 1,000 nuclear fuel rods to a
reactor that could produce weapons-grade plutonium - a situation it
describes as "very worrying."  Meanwhile, tensions between the two
Koreas are rising.  South Korea has said that more diplomatic efforts
are needed to avert a crisis over North Korea's nuclear program.  There
is mounting international concern that North Korea could restart the
Yongbyon reactor, which had been sealed up for eight years under a deal
with the United States.  The head of the International Atomic Energy
Agency (IAEA), Mohamed El Baradei, said the plant "can be directly used
to manufacture nuclear weapons - and there again we have no way to
verify the nature of the activity".  "The situation is very worrying,"
he told CNN television.  The IAEA says the unsealed plant could be up
and running again within two months.  Source:
http://news.bbc.co.uk/1/hi/world/asia-pacific/2607375.stm 

2.  December 26, CNN  - Russia, Iran reach N-plant deal.  Ignoring
U.S. concerns, Russia has agreed to speed up construction of a nuclear
reactor in Iran and is considering building another there, later.
Moscow also has agreed to provide fuel for the Bushehr plant in southern
Iran for 10 years, the official Islamic Republic News Agency reported.
The United States has strongly urged Moscow to abandon the $800 million
project.  The Bush administration strongly opposes Iran's nuclear
program, alleging the Islamic Republic is working to develop weapons of
mass destruction.  But Russia and Iran say the Bushehr project is for
peaceful, civilian use only and would remain under international
control.  Washington, however, questions why Iran -- OPEC's second
biggest oil producer, with the world's second biggest gas reserves --
needs nuclear power.  Source:
http://www.cnn.com/2002/WORLD/meast/12/26/iran.russia.nuclear/index.html


3.  December 25, New York Times - Dredging plan stalls effort to lay
cable under LI sound.  A contested plan to transmit electricity between
Long Island and Connecticut via a cable across Long Island Sound was
dealt a blow this week, when Connecticut regulators rejected a plan to
dredge parts of New Haven Harbor.  In a letter on Monday, the
Connecticut Department of Environmental Protection denied the Cross
Sound Cable Company permission to dredge certain parts of the seabed
using a different kind of technology than the company had originally
proposed.  The new method was necessary, the company had said, in areas
with particularly resistant bedrock.  The letter marked the latest snag
for the project, which has been in the works for more than two years and
which environmentalists and some Connecticut politicians continue to
criticize, saying it could damage shellfish beds and raise electricity
prices in Connecticut.  The Long Island Power Authority, however, is
counting o

[INFOCON] - NIPC Daily Open Source Report for 26 December 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 26 December 2002

Daily Overview

.   Internet Security Systems has raised its AlertCon Internet
threat indicator to Level 2, in part due to ISS observations of multiple
distributed denial of service (DDOS) attacks against commercial targets
in Western Europe launched from the Dynamic Trojan Horse Network (DTHN).
(See Internet Alert Dashboard)

.   ZDNet reports at least three commonly used open source software
packages were altered by hackers to contain "Trojan horse" code this
year, and in all of these cases, the unknown cracker gained entry to the
relevant download sites and embedded the back door code in the
installation packages.  (See item 14)

.   The Norfolk Daily Press reports a Virginia shipping terminal is
the first cargo port in the country installing a new security system
that checks for radioactive bombs on containers as they head from the
docks to the roadways.  (See item 5)

Editor's Note: Beginning January 6, 2003, the NIPC Daily Open Source
Report will be aligned to cover the critical infrastructure sectors as
identified in the National Strategy for Homeland Security.  Currently
covered sectors, which were set forth in Presidential Decision Directive
63, are included in the new format.  The new Sector alignment will be as
follows: Agriculture, Food, Water, Public Health, Emergency Services,
Government, Defense Industrial Base, Information and Telecommunications,
Energy (to include Electric Power, and Oil and Gas), Transportation,
Banking and Finance, Chemical Industry and Postal and Shipping.  Readers
wishing to comment on the contents or suggest additional topics and
sources should contact Melissa Conaty at 202-324-0354 or Kerry J.
Butterfield at 202-324-1131.  Requests for adding or dropping
distribution to the NIPC Daily Open Source Report should be made through
the Watch and Warning Unit at [EMAIL PROTECTED] 

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking & Finance
Transportation

Gas & Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information




Power Sector

1.  December 24, PalmBeachPost.com - Nuclear reactor study met with
skepticism.  An advocacy group is questioning a new electric industry
report that shows nuclear reactors could withstand a crash from a
commercial airliner.  Edwin Lyman, president of the Washington-based
Nuclear Control Institute, said he is skeptical about the study,
released Monday, because industry officials won't release the full text
of the report.  "If they found that a plane could penetrate a
containment building and cause a meltdown, would they say it?" Lyman
said.  But Florida Power & Light Co., which operates the St. Lucie
Nuclear Plant on Hutchinson Island, said the study commissioned by the
Nuclear Energy Institute trade group should put the public at ease.  "It
shows that the current design is more than adequate to protect the
facilities," said Rachel Scott, a FPL spokeswoman.  The Nuclear Energy
Institute said in a summary of the study Monday that based on
computer-engineered tests, the nation's 103 reactors could withstand a
direct hit from a fully fueled Boeing 767-400.  Source:
http://www.gopbi.com/partners/pbpost/epaper/editions/today/business_e370
ee8b1456e13f00ba.html 

2.  December 23, KnoxNews.com - TVA's new power generation facility
on Raccoon Mt. gets upgrade.  TVA is in the midst of a $70 million
upgrade to the four mammoth electrical generating units located deep
inside Raccoon Mountain - a 38-floor elevator ride down.  The plant
employs 46 people but also is using contractors for the improvements.
"I'd say it's the cleanest method to generate power," said Nick Willis,
a contract pipefitter from Jasper, who works at the plant 18 miles west
of Chattanooga.  "It's a lot cleaner than coal.  Here, all you do is
pump water up and let it back down.  It's not nuclear.  It's clean."
It's a facility that dumps water from a manmade lake carved out of the
top of Raccoon Mountain and then sends it plummeting down through
tunnels into the heart of the mountain to generate electricity.  Then it
reverses the pumps and pulls new water back to the mountaintop to refill
the lake and begin the process all over again.  Ray Blankenship, a
senior operator from Ootlewah, said the plant helps provide a "balanced
system" as part of TVA's power structure of coal, nuclear and hydro
power.  "It's a renewable source," Blankenship said.  Source:
http://hsweb01.screamingmedia.com/PMA/pma_newsarticle1_national.htm?SMDO
CID=knoxvillens_2002_12_23_eng-knoxvillens_eng-knoxvillens_001752_294393
83264399009&SMContentSet=0 

3.  December 20, Lexington Herald-Leader - Innovative power plant
faces obstacles.  A company that wants to build an innovative power
plant in Clark County, KY has applied for 

[INFOCON] - North American Aerospace Defense Command confirmsSanta Sleigh Test Flight

[Wanja Eric Naef \(IWS\)]

I wish everyone a Merry Christmas.

WEN

***

NORTH AMERICAN AEROSPACE

DEFENSE COMMAND

Directorate of Public Affairs, Headquarters, North American Aerospace
Defense Command

250 S. Peterson Blvd, Suite 116, Peterson AFB, Colo.  80914-3190
Phone: (719) 554-6889  DSN:  692-6889

NORAD Web Site Address: www.norad.mil and www.noradsanta.org  
 
December 4, 2002

NORAD CONFIRMS SANTA SLEIGH TEST FLIGHT


NORAD Headquarters, Peterson AFB, Colo: North Pole and NORAD officials
have reached an unprecedented agreement allowing the men and women of
NORAD to conduct a full-blown test flight with Santa and all nine
reindeer on December 18, 2002. 

"We did a small-scale test last year, but used only two of our four
methods of Santa Tracking - the test lasted just a few minutes," said
Major-General Eric Findley, NORAD Director of Operations. "This year we
will test three of the four methods of our tracking system. The test is
scheduled to last 30 minutes and will definitely add to our precision
tracking of Santa Claus."

The NORAD Santa sleigh-test flight will begin with lift off at the North
Pole; NORAD radar will detect Santa mere seconds after his lift off.
After that, Santa will zip over the Northwest Territories to the Yukon.
About 200 miles (320 kilometres) from the Yukon-Alaskan border, two
CF-18s from Canada's Air Force will intercept and escort Santa to Alaska
where they will hand off to two American F-15s. The F-15s will fly with
Santa for 200 miles, at which time Santa will increase his speed to
Christmas-Eve-Velocity en route back to the North Pole. From lift off
until Santa's return to the North Pole, NORAD will test the satellite
systems to track the infrared signature of Rudolph's bright nose. 

The famous fourth method of Santa Tracking - SantaCams - will not be
used in the Santa sleigh-test as they are currently being deployed
around the world in preparation for Christmas Eve.

Media wishing to make the arduous trek to the North Pole to witness the
NORAD Santa sleigh-test flight are requested to call Major Douglas
Martin, Chief of NORAD Santa Tracking Operations, to reserve one of the
limited seats aboard our C-464646 Santa Craft.

Media can pre-tape interviews about NORAD tracking Santa or pre-arrange
Christmas Eve live interviews with NORAD personnel by calling
719-554-6889.  Additional information on NORAD is available at
www.norad.mil or about NORAD and Santa at  .noradsanta.org 

 





IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - "The Military View of Peace and Security," by GeneralRichard B. Myers

[Wanja Eric Naef \(IWS\)]

20 December 2002 

"The Military View of Peace and Security," by General Richard B. Myers
(Access to advanced technology increases threat environment) (3020)

(The following article by General Richard Myers, chairman of the Joint
Chiefs of Staff, appears in the International Information Program
electronic journal "U.S. National Security Strategy: A New Era" issued
in December 2002. This article and the rest of the journal may be
viewed on the Internet at:
http://usinfo.state.gov/journals/itps/1202/ijpe/ijpe1202.htm. No
republication restrictions.)

(begin byliner)

THE U.S. MILITARY: A GLOBAL VIEW OF PEACE AND SECURITY IN THE 21ST
CENTURY
By General Richard B. Myers

[One hundred years ago, those involved in the nation's national
security business wrestled with many of the same, or certainly
similar, issues that we face today, says General Richard B. Myers,
chairman of the Joint Chiefs of Staff. "Then and now, regional powers
can threaten the nation's interest in distant conflict. Then, as now,
internal strife from religious hatreds, ethnic rivalry, tribal
conflicts, can, and often does, lead to bloodletting. And then and
now, U.S. troops often play a role in the crisis to restore peace."
This article is based on remarks made by General Myers at a recent
event at the Brookings Institution in Washington.]

Let's look back at September, when the nation was shocked by an
extremist's attack. In the aftermath, the president declared that the
extremist struck at the "very heart of the American republic." And as
happens after events like that, of course Wall Street took a dive.
Certainly the motivation for that attack in part came from how others
perceived America and our role in the world. For example, the
Philippines was caught up in a conflict between their Muslim and
Catholic communities. And U.S. forces were there to help.

Now, some may think I am talking about September 2001. Actually I was
referring to September of 1901. The point is that there are parallels
over time.

A hundred years ago, the extremist attack that I was referring to was
done by an anarchist who hated America and all it stood for. He took
out his wrath by assassinating President William McKinley. Today, of
course, we probably wouldn't call him an anarchist -- he'd be an
extremist or perhaps a terrorist. It was also a hundred years ago that
the nation debated America's Manifest Destiny, as it brought in new
territories of Wake and Guam and Hawaii and they all came under the
American flag. Of course, the parallel today is the debate over the
part the United States will play in globalization.

In 1901, the U.S. armed forces had to adapt to meet the new
challenges. President Teddy Roosevelt championed many of the efforts
that today we would call transformation. The U.S. Navy was ranked
fourth or fifth in the world. In the Atlantic, the German Navy had 12
battleships to the U.S.'s eight. And to fix this, Roosevelt built 24
new capital ships. This fleet was called "the Great White Fleet" that
set sail in 1907. The Army underwent similar changes when they went to
the Enfield rifle. They also purchased new bayonets because the old
ones would bend in hand-to-hand combat.

But it's not the hardware change that makes such efforts
transformational; it is the intellectual and organizational changes.
Roosevelt's Secretary of War, Elihu Root, created the [National] War
College at Fort McNair in order to give military officers the mental
agility to anticipate events in this new international environment. He
also set up the army staff, so that the army could have a cadre of
planning experts on hand. This ensured that the army had the
flexibility to meet the new challenges of going from strictly a
U.S.-based force to one that would have worldwide interests.

My point is that 100 years ago, those involved in our nation's
national security business wrestled with many of the same, or
certainly similar, issues that we face today. Then and now, regional
powers can threaten the nation's interest in distant conflict. Then,
as now, internal strife from religious hatreds, ethnic rivalry, tribal
conflicts, can, and often does, lead to bloodletting. And then and
now, U.S. troops often play a role in the crisis to restore peace.

But compared to 100 years ago, our 21st century security environment
has, I think, two profound changes that makes it different. First is
the presence of transnational actors. They find sanctuary by design
within the borders of hostile states. Or they find sanctuary by
default within the borders of failing states or in ungoverned areas.

The second profound change is that belligerents of all types have
access to dramatically more sophisticated tools. It's probably an
outgrowth of our great global telecommunications industry that gives
hostile states and terrorists alike access to a treasure of
information. The post-Cold War arms markets offer them many different
types of weapons -- advanced radars, sophisticated submarines, and so
forth. Un

[INFOCON] - Study Finds Internet Showed Resilience in TerroristAttacks

[Wanja Eric Naef \(IWS\)]

(The study is available at
http://books.nap.edu/books/0309087023/html/index.html. WEN)



Study Finds Internet Showed Resilience in Terrorist Attacks 
(Analysis explores how to brace information technologies for future
attacks) (1050)

The Internet sustained minimal damage when terrorists attacked New
York City's World Trade Center in September 2001 even though the
attack occurred at one of the world's greatest hubs for information
traffic. A study issued by the National Research Council (NRC)
November 20 offers that conclusion at the same time that it reveals
Internet vulnerabilities in crisis situations and suggests ways to
ameliorate those in case of future attacks.

"The terrorist attacks provoked a national emergency during which we
could see how the nation and the world use the Internet in a crisis,"
said Craig Partridge, chair of the NRC committee that wrote the
report, and chief scientist at BBN Technologies in Cambridge,
Massachusetts. "Overall, the Internet displayed not only its
resilience on September 11, but also its role as a resource," said
Partridge in a press release issued by the NRC.

In the immediate aftermath of the attacks, quick fixes of equipment
and networks were mounted to correct the Internet disruption that
occurred in New York and surrounding areas, the study found. Those
problems do suggest that Internet service providers and users need to
develop better contingency plans for possible outages in the future.

Following is the text of the NRC press release:

(begin text)

National Academy of Sciences
National Research Council
Office of News and Public Information
Nov. 20, 2002

Internet Damage From Sept. 11 Terrorist Attacks in New York City Was
Limited, But Better Contingency Plans Are Needed

WASHINGTON -- The overall effect of the damage to the Internet on
Sept. 11, 2001, when the collapse of the World Trade Center buildings
destroyed communications equipment and networks, was minimal, says a
new report from the National Academies' National Research Council.
Internet service providers and users need to address some operational
issues, however, to better prepare for and respond to future
emergencies in light of the useful role the Internet played after the
attacks.

New York City, one of the nation's most important communication hubs,
is home to many Internet users, private data networks, and Internet
service providers. Multiple fiber-optic grids run beneath its streets,
and many trans-Atlantic cables come ashore nearby. Telecommunications
facilities not only serve the many thousands of Internet customers in
the city but also interconnect service providers throughout the region
and in other countries.

"The terrorist attacks provoked a national emergency during which we
could see how the nation and the world use the Internet in a crisis,"
said Craig Partridge, chair of the committee that wrote the report,
and chief scientist, BBN Technologies, Cambridge, Mass. "New York City
is a 'super hub' of Internet links and services, and the collapse of
the World Trade Center buildings damaged some of those links and
services, often in subtle and surprising ways. Overall, the Internet
displayed not only its resilience on Sept. 11, but also its role as a
resource."

Serious effects on the Internet were isolated to New York City and a
few other locations. Most of the damage was quickly remedied through
improvisation, the rapid deployment of new equipment, and the
rerouting of Internet traffic to bypass failed parts.

Although the events of Sept. 11 do not necessarily indicate how the
Internet might behave in response to a direct attack on the network,
they do shed light on possible vulnerabilities, the report says. Key
businesses and services that use the Internet need to review their
dependency on it and plan accordingly. For example, a New York City
hospital learned that its doctors had come to rely on wireless
handheld computers fed through an external Internet connection. When
this link was briefly broken by the collapse of the towers, doctors
had trouble accessing medical information. Contingency plans, more
coordination with local authorities, and a means of restoring service
remotely also are needed to better deal with electrical power
failures.

As a whole, the attacks affected Internet services very little
compared with other telecommunications systems. Telephone service was
disrupted in parts of lower Manhattan, and cell-phone service suffered
more widespread congestion problems. Nearly one-third of Americans had
trouble placing a phone call on the day of the attacks. The Internet,
however, experienced only a small loss of overall connectivity and
data loss, the report says. With phone service impaired, some
individuals used instant messages on their wireless handheld devices
and cellular phones to communicate instead. Web sites were created to
distribute lists of missing persons and other information to help
people try to locate loved ones.

The attacks also caused a surge in de

[INFOCON] - Assessing the Risks of Cyber Terrorism, Cyber War andOther Cyber Threats

[Wanja Eric Naef \(IWS\)]

(Usually I send my detailed comments only onto the IWS Limited List, but as the paper 
is so interesting I make an exception. I like the paper, even though the definition of 
Cyberterrorism is not the greatest one and I do not like the bit about the WWII as it 
is too simplistic ('know thy military history'), but the rest is good. WEN. 

Key sentence: '... but a brief review suggests that while many computer networks 
remain very vulnerable to attack, few critical infrastructures are equally vulnerable. 
...' as Scada systems & Co are usually not connected to the Internet.

'... A preliminary review of these factors suggests that computer network 
vulnerabilities are an increasingly serious business problem but that their threat to 
national security is overstated. Modern industrial societies are more robust than they 
appear at first glance. Critical infrastructures, especially in large market 
economies, are more distributed, diverse, redundant and self-healing than a cursory 
assessment may suggest, rendering them less vulnerable to attack. In all cases, cyber 
attacks are less effective and less disruptive than physical attacks. ...'

'Know thy military history'

It is annoying to see people mention examples in military history if they lack 
knowledge and make mistakes:

The author looks at the Strategic Bombing Campaign during WWII, but unfortunately you 
cannot really compare it to CNI attacks as even though the UK had a ministry for 
economic warfare its advice was mostly ignored by Bomber Harris who preferred to 
'flatten German cities' whilst the US urged the UK to attack the real Centre of 
Gravity. 

'... What the survey [.S. Strategic Bombing Survey, Summary Report (European War), 
1945] found, however, is that industrial societies are impressively resilient. 
Industrial production actually increased for two years under the bombing.'

It is always risky to quote such an old survey as they might 'slightly bias' -- the 
Air Force wanted to make a business case for its bombers, ..., --especially if the 
academic in question lacks a detailed knowledge of the German War Economy. (Instead of 
reading a summary report I would recommend to read the 'The Effects of Strategic 
Bombing on the German War Economy' report which was published a month later. It gives 
a far more detailed overview. (Before someone asks, I do not have a url for it as I 
got a copy of it, but I do have some old notes from a Defence Economics course which 
focuses on economic warfare during WWII and two unpublished papers on the Nazi War 
Economy. If someone wants them please email me)).

Another example:

'... Comparing aerial and cyber attacks on hydroelectric dams helps provide a measure 
for cyber-threats. Early in World War II, the Royal Air Force mounted a daring attack 
on dams in the Ruhr, a chief source of electrical power for German industry. The raid 
was a success, the dams breached by bombs and, for a period of time, the electrical 
supply in the region was disrupted. ...'

This attack was based on wrong intelligence. An argument was put forwarded by the UK 
Ministry of Production (not the Ministry of Economic Warfare) that it would great 
opportunity to stop German industrial production in the Ruhr as the dam provided the 
electricity for those industries. Therefore without electricity German industry in the 
Ruhr would be forced to stop. The Ministry of Economic Warfare (MEW) questioned the 
assumptions on which this raid was based and concluded that the RAF might be able to 
hit the dam, but in the end the Germans have other means to produce electricity, such 
as coal fired plants to produce electricity. MEW was right and they said that worst 
which will happen that there would be massive flooding below the dam, some productions 
might be cut, but in the end the German will just compensate with coal fired plants. 

Anyway back to cyberterrorism. Some good quotes from the paper:

Risk to National Security:

' ... However, from a strategic military perspective, attacks that do not degrade 
national capabilities are not significant. From this perspective, if a cyber-attack 
does not cause damage that rises above the threshold of the routine disruptions that 
every economy experiences, it does not pose an immediate or significant risk to 
national security.

It is particularly important to consider that in the larger context of economic 
activity, water system failures, power outages, air traffic disruptions and other 
cyber-terror scenarios are routine events that do not affect national security. On a 
national level, where dozens or even hundreds of different systems provide critical 
infrastructure services, failure is a routine occurrence at the system or regional 
level, with service denied to customers for hours or days. ...'

Attack on CIP:

* Water

'... In the United States, the water supply infrastructure would be an elusive target 
for cyber attack. There are 54,064 separate water systems in the U.S. Of the

[INFOCON] - News: London, Friday, December 20, 2002

[Wanja Eric Naef \(IWS\)]

_

  London, Friday, December 20, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body

-

_


  
  [News Index]
  

[1] Terrorists on the Net? Who Cares?  
[2] Sklyarov reflects on DMCA case
[3] Student gets merit award for school computer hack
[4] Welsh Web designer pleads guilty to virus creation
[5] Report criticizes administration's e-gov efforts

[6] Q&A: Does the U.S. government have an open-source security plan?
[7] Air combat C2 made easier
[8] Malaysian Police Hunt Internet Scaremonger
[9] Computer crime center opens
[10] Feds Delay Launch of Cyber-Security Plan

[11] E-card virus warning for Christmas
[12] Sounding the alarm on video game ratings
[13] Security flaw threatens Cisco website
[14] Microsoft Baseline Security Analyzer V1.1
[15] Computer glitch causes £7m insurance error

[16] German ISPs must block US Nazi sites
[17] Air Force personnel misused government cards
[18] Audio files figure in latest Microsoft vulnerability
[19] Allbaugh leaving FEMA in March

_

CURRENT THREAT LEVELS 
_


Electricity Sector Physical: Elevated (Yellow) 

Electricity Sector Cyber: Elevated (Yellow) 

Homeland Security Elevated (Yellow) 
DOE Security Condition: 3, modified  

NRC Security Level: III (Yellow) (3 of 5) 

_

News
_


(See next email for comments. WEN)

[1] Terrorists on the Net? Who Cares?  

By Noah Shachtman  |   Also by this reporter  Page 1 of 1 

02:00 AM Dec. 20, 2002 PT

To all those Chicken Littles clucking frantically about the imminent
threat of a terrorist attack on U.S. computer networks, a new report
says: Knock it off. 

Online attacks are merely "weapons of mass annoyance," no more harmful
than the routine power failures, airplane delays and dropped phone calls
that take place every day. 

"The idea that hackers are going to bring the nation to its knees is too
far-fetched a scenario to be taken seriously," said Jim Lewis, a 16-year
veteran of the State and Commerce Departments. He compiled the analysis
for the Center for Strategic and International Studies.

http://www.wired.com/news/infostructure/0,1377,56935,00.html

 

[2] Sklyarov reflects on DMCA case
14:24 Friday 20th December 2002
Lisa M. Bowman, CNET News.com   

The Russian software programmer talks about life after his arrest and
how controversial copyright laws are affecting programmers 
Russian programmer Dmitry Sklyarov thinks it was unfair of prosecutors
to play his videotaped deposition at the ElcomSoft trial rather than
calling him to the stand. 

But after a legal saga that's included a surprise arrest outside his Las
Vegas hotel room, three weeks in jail, and visa tangles that almost
prevented him from coming back to the US for trial, Sklyarov has decided
not to worry about situations over which he has no control. 

"During my life I'm trying not to spend too much time trying to find
what means for me things I cannot change," Sklyarov, 27, said in his
first interview since testifying in the criminal copyright case of
ElcomSoft, his employer. 

http://news.zdnet.co.uk/story/0,,t269-s2127886,00.html 

 

[3] Student gets merit award for school computer hack
By John Leyden
Posted: 20/12/2002 at 13:06 GMT

High school student Reid Ellison did exactly the opposite of what most
students would do when he hacked into his school computer records - he
marked his grades down. 

The bright 15-year old changed his grades at Anzar High School in San
Juan Bautista, California from a A to a D+. 

However, Reid didn't get into trouble for his actions. Far from it. 

The intrusion was sanctioned by his school as part of his coursework and

[INFOCON] - USAF: Risk management perfect tool for holiday,winter season

[Wanja Eric Naef \(IWS\)]

Risk management perfect tool for holiday, winter season
by Lt. Col. Juan Gaud
Electronic Systems Center chief of safety

12/18/2002 - HANSCOM AIR FORCE BASE, Mass. (AFPN) -- In our haste during
this time o! f the year we often make decisions without giving much
thought to the risks involved or how those risks might be eliminated or
reduced. 

Operational Risk Management can be an excellent tool for mitigating the
risks associated with the holiday and winter seasons. The six-step ORM
process can be a helpful tool when making risk decisions but keep in
mind that more often than not a streamlined version will work just as
well. 

The six-steps are: identify the hazards; assess the risks; analyze risk
control measures; make control decisions; implement risk control; and
supervise and review. 

Here are a few instances where ORM can make a difference in your holiday
planning. 

This time of the year finds many of us on the road, whether traveling to
the mall to pick up that last minute gift or trekking across country to
visit family. Before you go, take a few minutes to consider the risks. 

What will the weather be? Is your vehicle equipped to handle various
weather conditions that might be encountered? Have you had enough rest
to safely make the drive? 

When making travel plans allow yourself some flexibility so that if bad
weather is forecasted, you can alter your schedule. Bad weather
conditions combined with the stress of having to be somewhere at a
certain time can make for particularly hazardous travel. 

You can mitigate some of the risks involved in traveling by taking a few
minutes to make sure your vehicle is running properly and is equipped
with those items that might be needed should you break down. 

Think ahead about potential problems that may be encountered and come up
with plans to prevent or deal with those situations before they happen. 

Make sure you're rested and alert before you get on the road. Too often
we overdo it around the holidays and find ourselves physically and
mentally stressed to the max. 

It is better to take the time needed before traveling to make sure you
are well rested and up to making the trip. No one ever wants to get the
news that their friends or loved ones were injured or even killed in a
car accident that may have been avoided. One of the best gifts you can
give your family and friends this year is to arrive safely. 

Parties and festivities are wonderful occasions that bring people
together to relax and share in the joy of the season. I highly encourage
all office party planners to go through the ORM checklist when planning
that holiday get-together. 

Face it, there are unforeseen risks lurking around every corner when
planning an office party. Sometimes the most difficult problems are
encountered in something as simple as choosing a location. 

Whatever your office decides to do this year, plan ahead for those
unexpected challenges by using ORM. It could help make sure your
gathering is a safe, fun and relaxing time for all. 

Since Oct. 1 there have been 12 airmen fatalities across the Air Force,
that's a 300 percent increase over the total number of Air Force
fatalities last year. Supervisors should take an active posture when it
comes to practicing operational risk management; we owe it to our
employees and to the Air Force. 

While we cannot always eliminate the risks, we can mitigate them. ORM
can help keep the Grinch out of your holiday season, but only if you use
it. Happy Holidays! (Courtesy of Air Force Materiel Command News
Service)




IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - NIPC Daily Open Source Report for 20 December 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 20 December 2002

Daily Overview

.   CERT has released Advisory CA-2002-3: "Buffer Overflow in
Microsoft Windows Shell."  (See item 20)

.   Foundstone reports a buffer overflow exists in Microsoft
Internet Explorer's automatic reading of MP3 or WMA file attributes in
Windows XP which if placed in an accessed folder would compromise the
system and allow for remote code execution.  (See item 21)

.   The Associated Press reports Virginia State Police are
investigating a report of suspicious behavior by a group of people
aboard a state-operated car ferry near a nuclear-power plant in Surry
County.  (See item 4)

.   The Associated Press reports Venezuela's Supreme Court has
ordered a temporary halt to an oil industry strike while it considers
the legality of the work stoppage, which entered its 18th day Thursday.
(See item 10)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking & Finance
Transportation

Gas & Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

1.  December 17, Albuquerque Journal - Energy rule may raise rates.
State regulators to vote on policy that pushes utilities to use
renewable resources.  New Mexico regulators are expected to approve a
sweeping new energy rule today that will force the state's four major
public utilities to invest hundreds of millions of dollars in
alternative power sources.  The rule almost two years in the making will
order utilities to derive at least 10 percent of their energy from wind,
geothermal, biomass, hydro or solar sources by 2011.  Biomass is the
burning of waste, such as materials from forest thinning.  A dozen other
states have approved such a mandate.  Public Regulation Commission
members say the rule is one of their most important decisions in recent
years.  Proponents including environmentalists and many ranchers say it
will help reduce dependence on natural gas and coal-fired plants and
will stimulate economic development in rural areas.  But utilities say
it will increase rates.  The rule will allow utilities to recoup costs
through green tariffs charging the customers who choose alternative
energy more to buy it.  Utilities say this will recover only a fraction
of the investment costs and ratepayers will shoulder the bulk of the
extra costs.  The four utilities Public Service Company of New Mexico,
El Paso Electric, Texas New Mexico Power and Xcel Energy favor a
voluntary program over a mandatory one. But the PRC has made it clear it
wants a mandatory program.  Source:
http://www.energycentral.com/sections/newsroom/nr_article.cfm?id=3527196


2.  December 18, Reuters - FERC clears two banks to trade power.
The Federal Energy Regulatory Commission on Wednesday cleared away a
final obstacle for two banks to trade wholesale electricity in the
battered U.S. power market.  FERC commissioners voted to allow Bank of
America Corp. and Switzerland's UBS AG to continue acquiring securities
of U.S. publicly-traded utilities as part of their investment banking
businesses.  Both companies had sought assurances from FERC that they
could carry on their investment banking activities while separate units
traded wholesale power.  The FERC order limits the banks to holding 1
percent or less of a public utility's voting class stock, and requires
them to make quarterly reports to the agency.  Source:
http://www.energycentral.com/sections/newsroom/nr_article.cfm?id=3527156


3.  December 18, Reuters - U.S. power supply adequate in 2003
despite cutbacks.  U.S. electricity supply is more than adequate for
next year despite a growing number of cancellations or delays of new
power plants, industry experts say.  Power companies -- including Duke
Energy Corp. and NRG Energy Inc., a unit of utility Xcel Energy Inc. --
have already canceled or delayed construction of 164,000 megawatts of
power generation capacity this year, more than double the year before,
according to energy information provider Platts, a division of
McGraw-Hill Cos.  The cutbacks are the result of low electric wholesale
prices and a credit crunch that has forced companies to slash capital
spending, sell assets and restructure debt.  Next year is likely to
bring closings of older, inefficient plants and industry consolidation
as weaker, unregulated energy companies are bought by stronger ones,
experts said in recent interviews.  "In the near term, capacity is more
than adequate nationwide," said Steve Piper, senior consultant at
Platts.  The oversupply stems from a building splurge in the late 1990s
when companies that sell power plunged into new deregulated markets,
Piper said.  Source:
http://www.energycentral.com/sections/newsroom/nr_article.cfm?id=3527161


Current Electricity Sector Threat Alert Levels:  Physi

[INFOCON] - NIPC Daily Open Source Report for 19 December 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 19 December 2002

Daily Overview

.   ZDNet reports several critical vulnerabilities have been found
in the MySQL database system, a light database package commonly used in
Linux environments but which runs also on other platforms.  (See item
20)

.   The General Accounting Office has released its December 2002
study on mass transit, examining the challenges in security transit
systems, steps transit agencies have taken to improve safety and
security, and the federal role in transit safety and security.  (See
item 8)

.   The New York Stock Exchange has issued a memorandum underscoring
member firms' responsibilities to ensure the accuracy and integrity of
order-routing systems in order to protect against errors in orders sent
to the NYSE via electronic systems.  (See item 4)

.   The Associated Press reports the ongoing Venezuelan oil strike
has reduced Venezuela's oil output from nearly 3 million to 400,000
barrels per day, is sending the world price of crude oil above $30 a
barrel, and is depriving the country of $50 million daily in export
income.  (See item 10)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking & Finance
Transportation

Gas & Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

1.  December 18, MDJ Online.com - Pressure builds to curtail the
power of power companies.  The pressure continues to build for action by
the Georgia General Assembly to rein in the virtually unlimited power of
electric power companies to take private property for transmission lines
without any review by either state or local officials.  The latest move
came in Gwinnett County, Georgia yesterday when the seven members of the
Board of Commissioners unanimously approved a resolution calling for
legislation to provide for "the appropriate level of regulation by the
Georgia Public Service Commission regarding the construction of above
ground high-voltage electrical transmission lines and their attendant
systems."  A temporary moratorium was requested by residents concerned
about a planned high-voltage line that will run beside Simonton
Elementary School - whose PTA last week overwhelmingly approved a
resolution calling for a moratorium and swift legislative action.  A
growing number of Georgians are joining the movement to put some checks
and balances on the unrestrained eminent domain power of the electric
power industry.  It remains an open question whether this growing number
of citizens will be ignored by the 2003 General Assembly when it comes
time to vote on a bill to regulate the power of the power companies.
Source:
http://apt.mywebpal.com/news_tool_v2.cfm?pnpID=7&CategoryID=89&StoryID=1
0087718&show=localnews 

2.  December 18, Reuters - U.S. energy groups sign pact on business
standards.  Two U.S. energy industry groups said on Tuesday they have
signed an agreement to work together to clean up and standardize
business practices in the nation's scandle-plagued power sector.  In a
statement NERC (the North American Electric Reliability Council) a
non-profit whose members supply nearly all the power in North America,
and an energy industry standards board hastily assembled in January said
they signed a "memorandum of understanding (MOU)" to open communication
between the two groups in their standards-setting processes.  The pact
comes after a year of shrinking liquidity amid revelations that traders
at several companies routinely skewed power and natural gas price data
to trade publications that use the data to compile widely watched price
indices.  The indices, as industry benchmarks, are used in turn to value
contracts between energy suppliers, utilities, and industrial buyers.
New Jersey-based NERC said that under the MOU the two groups will also
establish a joint committee to vet all standards proposals they receive.
The committee will hold its first meeting in early January.  Earlier
this month, the Committee of Chief Risk Officers (CCRO), representing 31
energy companies, held a closed-door meeting in Houston to discuss ways
of ridding the market of sham trades and phony prices at the heart of
several federal investigations and shareholder lawsuits.  Source:
http://www.energycentral.com/sections/newsroom/nr_article.cfm?id=3524295


3.  December 17, Power Engineering - Ruling allows data collection
for largest renewable plant in U.S.  A federal judge has cleared the way
for a critical step in what could be a formidable process to gain
approval to construct the nation's largest renewable energy plant.
Denying a citizen group's motion for a preliminary injunction to block
Cape Wind Associates from placing a data collection tower off the shore
of Cape Cod, Judge Joseph L. Tauro said the plaintiffs failed to meet

[INFOCON] - News: London, Thursday, December 19, 2002

[Wanja Eric Naef \(IWS\)]

_

  London, Thursday, December 19, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body

-

_


  
  [News Index]
  

[1] Senator calls for federal job cuts to pay for homeland security
[2] House leaders discuss oversight of Homeland Security Department
[3] Transit agencies seek federal guidance on counterterror technology
[4] Agencies seek stronger controls on trade in dual-use technologies
[5] Cities Say No to Federal Snooping  

[6] Sysadmin accused of Paine Webber computer sabotage
[7] Beware the Latest MP3 Worms  
[8] Australian Govt 'safe list' snubs Microsoft
[9] Snooping in All the Wrong Places
[10] Police can't access terrorist watch lists

[11] White House will not support Pentagon's disinformation plan  
[12] Software, Security, and Ethnicity
[13] One Man's Info War on al-Qaida  
[14] OPM progressing on e-clearances
[15] States bypass rural Internet obstacles

[16] US e-gov spending to soar
[17] SSH flaws sighted
[18] Macromedia Flash Crash 
[19] Evaluating Network Intrusion Detection Signatures, Part Three

_

CURRENT THREAT LEVELS 
_


Electricity Sector Physical: Elevated (Yellow) 

Electricity Sector Cyber: Elevated (Yellow) 

Homeland Security Elevated (Yellow) 
DOE Security Condition: 3, modified  

NRC Security Level: III (Yellow) (3 of 5) 


_

News
_


[1] Senator calls for federal job cuts to pay for homeland security
By Jason Peckenpaugh 

Sen. John Edwards, D-N.C., Wednesday reiterated his call for eliminating
10 percent of all federal jobs that are not related to national
security-about 97,000 government jobs in all. 

The job cuts would free up money to fund homeland security and help
restore fiscal discipline, Edwards said in a speech to the Brookings
Institution, a liberal Washington think-tank. 

Edwards, a possible Democratic presidential candidate in 2004, first
urged reducing the federal workforce in a Nov. 12 speech to a conference
sponsored by Fortune magazine. In that speech, he criticized the Bush
administration for adding federal jobs and called for a 10 percent cut
in the federal workforce except at the Defense and Homeland Security
departments. 

http://www.govexec.com/dailyfed/1202/121802p1.htm

 

[2] House leaders discuss oversight of Homeland Security Department
By Mark Wegner, CongressDaily 

House Republican leaders this week began to consider the
jurisdictionally thorny issue of congressional oversight for the new
Homeland Security Department. 

Incoming House Majority Leader Tom DeLay, R-Texas, confirmed Tuesday
that Republican leaders during meetings Monday and Tuesday began to
discuss their oversight options. DeLay said he wants to smooth the
transition to the new department for Office of Homeland Security
Director Tom Ridge, the White House's choice to head the department. 

"We have to see how things progress in the executive branch," DeLay
said. "We need to be as helpful as we can." 

http://www.govexec.com/dailyfed/1202/121802cd3.htm

 

[3] Transit agencies seek federal guidance on counterterror technology
>From National Journal's Technology Daily 

State and local transit agencies say they need more guidance from the
federal government in acquiring counterterrorism technologies, according
to a General Accounting Office report released Wednesday. 

Officials from one agency, for example, told GAO that they have been
"bombarded" by vendors selling security technologies since Sept. 11,
2001, but they have been unsure about the quality and usefulness of
those products and whether they soon might be rendered obsolete. 

In the report (GAO-03-263) Federal Transit Admin

[INFOCON] - UNIRAS Brief - 461/02 - Microsoft - Unchecked Bufferin Windows Shell Could Enable System Compromise

[Wanja Eric Naef \(IWS\)]

See also Beware the Latest MP3 Worms
http://www.wired.com/news/technology/0,1282,56924,00.html 


-Original Message-
From: UNIRAS (UK Govt CERT) [mailto:[EMAIL PROTECTED]] 
Sent: 19 December 2002 10:43
To: [EMAIL PROTECTED]
Subject: UNIRAS Brief - 461/02 - Microsoft - Unchecked Buffer in Windows
Shell Could Enable System Compromise 

-BEGIN PGP SIGNED MESSAGE-

-

-
   UNIRAS (UK Govt CERT) Briefing Notice - 461/02 dated 19.12.02  Time:
10:44
 UNIRAS is part of NISCC(National Infrastructure Security Co-ordination
Centre)
-

-- 
  UNIRAS material is also available from its website at
www.uniras.gov.uk and
 Information about NISCC is available from www.niscc.gov.uk
-

--

Title
=

Microsoft Security Bulletin - MS02-072:

Unchecked Buffer in Windows Shell Could Enable System Compromise 

Detail
== 

- -BEGIN PGP SIGNED MESSAGE-

- -
--
Title:  Unchecked Buffer in Windows Shell Could Enable System 
Compromise (329390)
Date:   18 December 2002
Software:   Microsoft Windows XP
Impact: Run code of an attacker's choice 
Max Risk:   Critical
Bulletin:   MS02-072

Microsoft encourages customers to review the Security Bulletins at: 
http://www.microsoft.com/technet/security/bulletin/MS02-072.asp
http://www.microsoft.com/security/security_bulletins/ms02-072.asp
- -
--

Issue:
==
The Windows Shell is responsible for providing the basic framework
of the Windows user interface experience. It is most familiar to
users as the Windows Desktop, but also provides a variety of other
functions to help define the user's computing session, including
organizing files and folders, and providing the means to start
applications. 

An unchecked buffer exists in one of the functions used by the
Windows Shell to extract custom attribute information from audio
files. A security vulnerability results because it is possible
for a malicious user to mount a buffer overrun attack and attempt
to exploit this flaw. 

An attacker could seek to exploit this vulnerability by creating
an .MP3 or .WMA file that contained a corrupt custom attribute
and then host it on a website, on a network share, or send it via
an HTML email. If a user were to hover his or her mouse pointer
over the icon for the file (either on a web page or on the local
disk), or open the shared folder where the file was stored, the
vulnerable code would be invoked. An HTML email could cause the
vulnerable code to be invoked when a user opened or previewed the
email. A successful attack could have the effect of either causing
the Windows Shell to fail, or causing an attacker's code to run on
the user's computer in the security context of the user.


Mitigating Factors:

 - The vulnerability lies in the Windows Shell, rather than Windows
   Media Player. As a result, playing an audio file with Windows
   Media Player would not pose any additional risk. 

 - Outlook 98 and 2000 (after installing the Outlook Email Security
   Update),Outlook 2002, and Outlook Express 6 all open HTML mail in 
   the Restricted Sites Zone. Customers who are using these products
   and who have also installed Windows XP Service Pack 1 or any 
   recent security patch for Internet Explorer that disables frames
   in the Restricted Sites zone would not be at risk from automated
   email-borne attacks. However, these customers could still be
   attacked if they choose to click on a hyperlink in a malicious
   HTML email.
 
 - In the case where an attacker's code was executed, the code 
   would run in the security context of the user. As a result,
   any limitations on the user's ability would also restrict the
   actions that an attacker's code could take. 

Risk Rating:

 - Windows XP: Critical 

Patch Availability:
===
 - A patch is available to fix this vulnerability. Please read the 
   Security Bulletin at
   http://www.microsoft.com/technet/security/bulletin/ms02-072.asp
   for information on obtaining this patch.

Acknowledgment:
===
 - Foundstone Research Labs (http://www.foundstone.com)

- -
-

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS 
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL 
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE 
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT 
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES 
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
LOSS OF 
BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF 

[INFOCON] - OCIPEP AV02-053: Multiple Vulnerabilities in SSHImplementations

[Wanja Eric Naef \(IWS\)]

-Original Message-
From: Opscen (OCIPEP / GEOCC) [mailto:[EMAIL PROTECTED]] 
Sent: 16 December 2002 23:09
To: OCIPEP EXTERNAL DISTRIBUTION LISTS
Subject: OCIPEP AV02-053

La version française suit


THE OFFICE OF CRITICAL INFRASTRUCTURE PROTECTION AND EMERGENCY
PREPAREDNESS

*
ADVISORY
*

Number: AV02-053
Date:   16 Dec 2002

***
Multiple Vulnerabilities in SSH Implementations
***

PURPOSE
This advisory brings attention to the CERT/CC ADVISORY CA-2002-36 which
reports that multiple vendors' implementations of the secure shell (SSH)
transport layer protocol contain vulnerabilities that could allow a
remote
attacker to execute arbitrary code with the privileges of the SSH
process or
cause a denial of service.


ASSESSMENT
The SSH protocol enables a secure communications channel from a client
to a
server. The impact will vary for different vulnerabilities and products,
but
in severe cases, remote attackers could execute arbitrary code with the
privileges of the SSH process. Both SSH servers and clients are
affected,
since both implement the SSH transport layer protocol.

SUGGESTED ACTION
Please refer to  for
complete details.

CONTACT US
For urgent matters or to report any incidents, please contact OCIPEP's
Emergency Operations Centre at:

Phone:  (613) 991-7000
Fax:(613) 996-0995
Secure Fax: (613) 991-7094
Email:  [EMAIL PROTECTED]

For general information, please contact OCIPEP's Communications Division
at:

Phone: (613) 944-4875 or 1-800-830-3118
Fax:   (613) 998-9589
Email: [EMAIL PROTECTED]
Web Site:  www.ocipep-bpiepc.gc.ca


NOTICE TO READERS
When the situation warrants, OCIPEP issues Advisories to communicate
information about potential, imminent or actual threats, vulnerabilities
or
incidents assessed by OCIPEP as limited in scope but having possible
impact
on the Government of Canada or other sectors of Canada's critical
infrastructure. Recipients are encouraged to consider the real or
possible
impact on their organization of the information presented in the
Advisory,
and to take appropriate action.

The information in this OCIPEP Advisory has been drawn from a variety of
external sources. Although OCIPEP makes reasonable efforts to ensure the
accuracy, currency and reliability of the content, OCIPEP does not offer
any
guarantee in that regard.

Unauthorized use of computer systems and mischief in relation to data
are
serious Criminal Code offences in Canada. Upon conviction of an
indictable
offence, an individual is liable to imprisonment for a term not to
exceed
ten years. Any suspected criminal activity should be reported to local
law
enforcement organizations. The RCMP National Operations Centre (NOC)
provides a 24/7 service to receive such reports or to redirect callers
to
local law enforcement organizations. The NOC can be reached at (613)
993-4460. National security concerns should be reported to the Canadian
Security Intelligence Service (CSIS).

==


LE BUREAU DE LA PROTECTION DES INFRASTRUCTURES ESSENTIELLES ET DE LA
PROTECTION CIVILE


AVIS DE SÉCURITÉ


Numéro: AV02-053
Date:   16 Decembre 2002

**
Vulnérabilités multiples liées à l'implantation du SSH
**

OBJET
Le présent avis de sécurité attire votre attention sur l'avis CA-2002-36
du
CERT/CC qui signale que de multiples protocoles d'implantation de
vendeurs
de la couche de transport de secure shell (SSH) comportent des failles
qui
pourraient permettre à un intrus d'exécuter à distance des codes
arbitraires
à l'aide des privilèges du processus SSH ou provoquer un déni de
service.

ÉVALUATION
Le protocole SSH permet d'établir une voie de communication sécurisée
d'un
client à un serveur. L'impact pourra varier selon les vulnérabilités et
les
produits, mais dans les cas graves, les intrus pourraient exécuter à
distance des codes arbitraires avec les privilèges du processus SSH. Les
serveurs et les clients SSH sont également touchés, puisque les uns et
les
autres implantent le protocole de couche de transport SSH.

MESURE PROPOSÉE
Pour de plus amples renseignements, veuillez consulter
http://www.cert.org/advisories/CA-2002-36.html.

COMMENT COMMUNIQUER AVEC NOUS
En cas de questions urgentes, ou pour signaler des incidents, veuillez
communiquer avec le Centre des opérations d'urgence du BPIEPC au :

Téléphone :(613) 991-7000
Télécopieur :  (613) 996-0995
Télécopieur sécuritaire : (613) 991-7094
Courriel : [EMAIL PROTECTED]

Pour obtenir des renseignements généraux, veuillez communiquer avec la
Division des communications du BPIEPC au :

Téléphone :(613) 944-4875 ou 1-800-830-3118
Télécopieur :  (613) 998-9589
Courriel :

[INFOCON] - NIPC Daily Open Source Report for 18 December 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 18 December 2002


Daily Overview

.   CERT has received reports of increased scanning of port 445.
This may be evidence of the propagation of a worm known as W32/Lioten.
(See item 15)

.   Infoworld reported a security vulnerability in the Macromedia
Flash player which can allow an attacker to gain control over a user's
PC; a new Flash Player version without the vulnerability is available
from Macromedia.  (See item 16) 

.   ABC News reports the Oak Ridge National Laboratory in Tennessee
is proposing "Sensor Net", a national defense system that would put
biological, radiological and chemical weapons detectors at existing
cell-phone towers across the United States.  (See item 21)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking & Finance
Transportation

Gas & Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

1.  December 17, Reuters - American Electric Power seeks to sell
Texas power plants.  American Electric Power (AEP) said Tuesday that its
Central Power and Light (CPL) subsidiary filed a plan with the Texas
utility regulator to sell all of its power plants in the state.  AEP of
Columbus, Ohio, told the Public Utility Commission of Texas that it
wanted to sell the plants in order to capture stranded costs, which is
the amount the book value exceeds the market value of the assets.  The
plants include eight gas plants, two coal plants, one hydro facility,
and a stake in the South Texas nuclear project.  AEP, like many U.S.
energy traders, has cut back on its merchant power trading this year to
concentrate on the sale of electricity generated a its plants and its
power distribution subsidiaries.  The sale does not include power plants
owned by other AEP subsidiaries in Texas - West Texas Utilities or
Southwestern Electric Power Co. - since AEP is not seeking stranded cost
recovery for those assets.  AEP, one of the biggest power marketers in
North America, owns more than 42,000 megawatts of generating capacity in
the U.S. and around the world and distributes power to more than 5
million customers in 11 U.S. states.  Source:
http://hsweb01.screamingmedia.com/PMA/pma_newsarticle1_national.htm?SMDO
CID=reuters_pma_2002_12_17_eng-reuters_pma_AEP-SEEKS-TO-SELL-BLN-OF-TEXA
S-POWER-PLANTS&SMContentSet=0 

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Cyber: ELEVATED
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -  http://esisac.com]

[return to top]

Banking and Finance Sector

2.  December 17, New York Times - Effort to cut off al-Qaeda funds
hits snags.  The United Nations group formed to stop the flow of funds
to al-Qaeda has concluded that serious problems in international efforts
to track the terrorist network's finances have left it "still able to
receive money," according to a report circulated here today.  In the
report Michael Chandler, who heads the monitoring group, says a
continuing lack of intelligence-sharing and cooperation between
governments means that al-Qaeda operatives can still move across borders
and get financial support.  Al-Qaeda is still receiving money through
front groups disguised as charities, the report finds; it adds that the
group has begun to rely more heavily on "local funding sources" to avoid
sending money through banks and other more strictly regulated
institutions.  Source:
http://www.nytimes.com/2002/12/17/international/17QAED.html 

3.  December 12, Wall Street & Technology - To Catch a Thief: The
Patriot Act has firms investigating how technology can help prevent them
from being a clearing house for criminals.  For financial-services
firms, meeting the act's requirements will be a huge challenge in 2003,
because, on top of developing a program, many will have to select and
install a comprehensive anti-money laundering (AML) software solution.
"I think the major challenge is implementing the capability to monitor
transactions, to keep track of what their customers are doing across all
of their business lines," says Neil Katkov, the Celent Communications
analyst who authored the firm's Sept. 2002 report on AML.  The
securities and investment firms facing the most difficult AML challenge,
he says, are hedge funds and "the private client part of investment
banks."  The private-client divisions of banks face an uphill battle
monitoring and analyzing funds, says Katkov, because "a lot of what they
do involves offshore banking, tax sheltering and overseas trading."
Source:
http://www.wallstreetandtech.com/story/currentIssue/WST20021212S0004

[return to top]

Transportation Sector

4.  December 17, Associated Press - Australia to post sky marshals
on some flights to Singapore.  Australia will soon post sky

[INFOCON] - News: London, Wednesday, December 18, 2002

[Wanja Eric Naef \(IWS\)]

_

   London, Wednesday, December 18, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


 -

To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body

 -

_


  
  [News Index]
  

[1] Revised cybersecurity plan goes to Bush next week
[2] Gilmore Commission critical of Bush cybersecurity plan
[3] Ridge talks to future employees of Homeland Security Department
[4] Privacy group sues Pentagon for "total information" project
[5] Pentagon seeking limit on wireless Net access  

[6] Bush signs e-government bill into law
[7] Elcomsoft not guilty - DoJ retreats from Moscow
[8] Bush plans to deploy anti-missile defenses  
[9] (Finland) Internet plan under attack  
[10] DDoS: Are You Next?

[11] Fake escrow site scam widens
[12] (UK) Businesses to discuss cybercrime charter
[13] New 'Iraq oil' network worm found
[14] Christmas not so merry for alleged eBay swindler
[15] Navy XML policy signed

[16] Anti-spammer in car chase
[17] AOL wins $7m in porn spam case
[18] And deep in IE, a creature was stirring...
[19] Multiple vulns in MySQL, upgrade now
[20] (UK) Government email policy 'flawed'

_

CURRENT THREAT LEVELS 
_


Electricity Sector Physical: Elevated (Yellow) 

Electricity Sector Cyber: Elevated (Yellow) 

Homeland Security Elevated (Yellow) 
DOE Security Condition: 3, modified  

NRC Security Level: III (Yellow) (3 of 5) 

_

News
_


(The first draft showed how good the current administration is at
'riding the Washington gravy train', so it remains to be seen whether
the improved version will be any better. WEN) 

[1] Revised cybersecurity plan goes to Bush next week
By Bara Vaida , National Journal's Technology Daily 

White House officials expect to present a revamped national
cybersecurity strategy to President Bush for his approval next week, and
a formal public release is expected in early January, according to a
spokeswoman for the White House Office of Cyberspace Security. 

The strategy has been significantly rewritten and includes greater
responsibility for Internet service providers (ISPs) to ensure that
computer networks are less vulnerable to attack, according to sources.
Further, it puts more emphasis on the need for private firms to disclose
computer vulnerabilities and for wireless technologies to be secure. 

Earlier this month, Richard Davidson, president of the National
Infrastructure Advisory Council (NIAC) that is advising Bush on
cybersecurity, told a Western Governors Association conference that his
group recommended that ISPs be given more responsibility for securing
cyberspace. 

http://www.govexec.com/dailyfed/1202/121702td2.htm

 

[2] Gilmore Commission critical of Bush cybersecurity plan

By DAN VERTON 
DECEMBER 17, 2002

Content Type: Story 
Source: Computerworld
  
WASHINGTON -- A congressionally appointed panel of experts yesterday
delivered a report to the president calling the government's incessant
focus on public/private partnerships to improve cybersecurity an
inadequate solution for the job at hand. 
In its fourth annual report, the Advisory Panel to Assess Domestic
Response Capabilities for Terrorism Involving Weapons of Mass
Destruction, chaired by former Virginia Gov. James S. Gilmore III,
called the recently released Draft National Strategy to Secure
Cyberspace "a small step" in the right direction. 

http://www.computerworld.com/securitytopics/security/story/0,10801,76827
,00.html

 

[3] Ridge talks to future employees of Homeland Security Department
By Tanya N. Ballard 

Homeland Security Secretary-designate Tom Ridge addressed employees'
fears about the new department's organization on Tuesday during a town
hall-style meeting in Wash

[INFOCON] - NIPC Daily Open Source Report for 17 December 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 17 December 2002

Daily Overview

.   CERT has released Advisory CA-2002-36 - Multiple Vulnerabilities
in SSH Implementations.  (See item 11)

.   Security Focus has changed its threat condition rating from
level 1 to level 2.  Level 2 is defined, in part, as a condition that
applies when knowledge or the expectation of attack activity is present,
without specific events occurring and one that requires increased
vigilance, such as a careful examination of vulnerable and exposed
systems and increased monitoring of log.  (See Internet Alert Dashboard)


.   The Houston Business Journal reports industry sources say
political strikes in Venezuela are bound to begin affecting U.S. oil
imports, refinery operations and fuel prices the longer the strikes go
on.  (See item 4)

.   Federal Computer Week reports the Immigration and Naturalization
Service has issued a final rule requiring colleges and universities to
begin reporting information about foreign students electronically on
Jan. 30, 2003.  (See item 10)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking & Finance
Transportation

Gas & Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

Nothing to report.

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Cyber: ELEVATED
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -  http://esisac.com]

[return to top]

Banking and Finance Sector

Nothing to report.

[return to top]

Transportation Sector

1.  December 17, ABC News Online - Police defuse parcel bomb at Rome
airport.  Italian police have defused parcel bombs at Rome's airport and
a TV broadcasting office, bringing to four the devices disarmed in
recent days in what government sources described as an anarchist
campaign.  Three of the four devices had been sent to offices of the
Spanish airline Iberia in Italy.  Bomb disposal experts defused a
package sent to Iberia offices at Rome's Fiumicino airport early on
Monday and hours later were called to deal with a package sent to
state-run TV broadcaster RAI in central Rome.  Each packet contained 50
grams of explosive powder with a fuse, a police spokesman said. "They
were disarmed in a safe place, but they could have caused serious damage
if they had been opened."  Police said they were treating the incidents
as related and a government source said they appeared to be the work of
an anarchist group and may be linked to two Italians jailed in Spain
more than 20 years ago.  Source:
http://www.abc.net.au/news/justin/nat/newsnat-17dec2002-1.htm

2.  December 16, Helsingin Sanomat (Finland) - New security measures
against terrorism for ships by 2004.  The International Maritime
Organization (IMO) accepted early Friday morning, at its Maritime Safety
Committee meeting, an amendment to the international general agreement
of securing lives at sea.  One hundred eight countries signed the
amendment.  The antiterrorism measures apply to all ports where there is
international traffic.  Both passenger and cargo ports of signatory
countries will henceforth need to tighten security by, for example,
increasing camera surveillance, adding more perimeter fences, and
improving lighting.  Furthermore, at least in passenger ports, the
ability to perform security checks of people and vehicles must be
provided.  Ships alike will have added security measures: passengers and
crucial points for cargo transport will be monitored either by cameras
or by staff.  Airport-type security checks, however, will not be
introduced at this point, although all ports will have to be prepared to
bring in counter-measures against terrorism if the need should arise.
For ports, the IMO agreement lists three levels of readiness according
to which the security controls are carried out: normal, alertness, and
emergency.   In emergency situations virtually everybody will be
checked.  Source: http://www.helsinki-hs.net/news.asp?id=20021216IE7 

3.  December 16, Rocky Mountain News - Expect long lines at Denver
airport security.  Longer waits at Denver International Airport are
coming with security changes that will begin taking effect before the
holiday rush is over.  Passengers can count on waiting longer at
security checkpoints, and they might soon lose the option of checking in
at the shorter lines on the concourse.  Travelers will be asked to leave
bags unlocked to expedite searches, and those who don't might find that
security workers have cut their baggage locks to check for explosives.
Denver International Airport will be one of a handful of U.S. airports
that won't meet the Dec. 31 date for having in place a permanent system
for screening all luggage bound for the bellies of airplanes.  T

[INFOCON] - News: London, Tuesday, December 17, 2002

[Wanja Eric Naef \(IWS\)]

_

  London, Tuesday, December 17, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body

-

_


  
  [News Index]
  

[1] Another Jab from the General
[2] Gilmore Commission raps cybersecurity policy
[3] Government sees intelligence gains from growth in private satellites
[4] Feds invoked national security to speed key Internet change
[5] Persian Gulf War 10 years later: Winning the war by convincing the
enemy to go home

[6] Apple sues PowerMac Web leaker
[7] (China) Up Against the Firewall
[8] India's Short Message: We C U  
[9] ICANN to Add Three New Domains  
[10] Student turns detective to net web auction fraudster

[11] Nigerian Net Scam, Version 3.0  
[12] Can new technology protect our privacy?
[13] High school student earns A in hacking
[14] Advisory panel offers homeland defense guidelines
[15] Homeland e-mail links ready

[16] DEA Data Thief Sentenced to 27 Months
[17] Rotterdam spammer guilty of theft of e-mail addresses
[18] 'DVD Jon' DeCSS hacking trial ends
[19] OpenAV: Developing Open Source AntiVirus Engines

_

CURRENT THREAT LEVELS 
_


Electricity Sector Physical: Elevated (Yellow) 

Electricity Sector Cyber: Elevated (Yellow) 

Homeland Security Elevated (Yellow) 
DOE Security Condition: 3, modified  

NRC Security Level: III (Yellow) (3 of 5) 

_

News
_


... "For years, we had a poorly organized intelligence system," he said,
"but it didn't matter because all the threats were overseas ... So now
we have a huge problem." ...

[1] Another Jab from the General
Scowcroft speaks out about reorganizing the intelligence system
By MICHAEL DUFFY

Sunday, Dec. 15, 2002

Retired Air Force General Brent Scowcroft, the Republican foreign-policy
Yoda who has worked for five of the past seven Presidents, rarely raises
his voice in public. But just a few months after he broke with George W.
Bush on Iraq, urging him to stay focused on the war against terrorism
before going after Saddam Hussein, Scowcroft is speaking out again. 

This time he's tangling with an old colleague from the Nixon and Ford
years, Defense Secretary Donald Rumsfeld. 

http://www.time.com/time/magazine/article/0,9171,1101021223-399924,00.ht
ml 


 

[2] Gilmore Commission raps cybersecurity policy 

By Wilson P. Dizard III 
GCN Staff

The Gilmore Commission has strongly criticized the administration's
cybersecurity policy and called for a merger of cyber- and physical
security policy work in the White House. 

The commission's fourth report, released in full today, repeated the
recommendation of its third report a year ago: to establish an
independent commission on cybersecurity. "We have concluded that the
physical and cyber elements of [critical infrastructure protection] are
so intertwined that it makes no sense to address them separately,"
according to the fourth report. 

"National coordination of cybersecurity policy has not improved," the
report said. "The President's Critical Infrastructure Protection Board
has not had a large effect on policy-making, apparently relying,
instead, on the White House Office of Cyberspace Security"
[gcn.com/21_31/tech-report/20263-1.html]. 

http://www.gcn.com/vol1_no1/daily-updates/20702-1.html 

 

[3] Government sees intelligence gains from growth in private satellites
By Vernon Loeb
Washington Post
 
WASHINGTON - On the south end of the tarmac at a British air base on the
Indian Ocean island of Diego Garcia, two portable maintenance shelters
for B-2 stealth bombers sit like high-tech cocoons, erected by the U.S.
Air Force in anticipation of the possibility of war with Iraq.

Although no U.S. repor

[INFOCON] - News: London, Monday, December 16, 2002

[Wanja Eric Naef \(IWS\)]

_

  London, Monday, December 16, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body

-

_


  
  [News Index]
  

[1] Victims' families, union among powerful forces in homeland security
[2] All eyes on Total Info Awareness
[3] Threats move beyond Linux to Windows
[4] U.S. widens leeway of CIA to kill terrorists  
[5] Ask Not What the Internet Can Do for You

[6] 2003 forecast: Linux will eat Unix
[7] Anti-terrorism threatens PC privacy
[8] Angry Kuwaiti hacker launches cyber attack
[9] Bugwatch: 'Tis the season to be careful
[10] High-Tech Hack Attack Case Tests the Strength of Legal Ethics in an
Electronic World  

[11] Forces to test text-mining tool
[12] Home PC users to blame for virus outbreaks
[13] Versar wins Navy integration work
[14] E-government projects aim to simplify paperwork for feds
[15] A Year-end Mailbag

[16] Cobalt security patch creates new holes
[17] IDC predicts strong security app sales
[18] Top homeland security adviser to exit post
[19] Ex-Defense officials form investment fund for small tech firms
[20] Time for everyone to get serious about firewalls

_

CURRENT THREAT LEVELS 
_


Electricity Sector Physical: Elevated (Yellow) 

Electricity Sector Cyber: Elevated (Yellow) 

Homeland Security Elevated (Yellow) 
DOE Security Condition: 3, modified  

NRC Security Level: III (Yellow) (3 of 5

_

News
_


[1] Victims' families, union among powerful forces in homeland security
By Siobhan Gorman, Sydney J. Freedberg Jr., and Peter H. Stone, National
Journal

New, amorphous, and far-reaching, homeland security is a possible target
for every special interest in town-particularly those scavenging for
federal dollars or trying to duck costly new regulations.

The first taste of this intense lobbying came last month, when the
Senate's homeland security bill nearly collapsed at the last minute
under the weight of special-interest add-ons-financial breaks for
everyone from pharmaceutical companies to Texas A&M University.

The new Homeland Security Department will have a budget of nearly $37
billion and 170,000 employees from 22 different agencies. The big
challenge for the department, and for Congress, will be to harness what
threatens to become a lobbying free-for-all. Without careful
congressional monitoring, says Frank Hoffman, who was a top aide to the
Hart-Rudman Commission on terrorism, "I'm afraid the special interests
will win every single time. If all the special interests get what they
want, [the department] will turn out to be a placebo. There won't be any
real safety, because there will be so many exceptions and so many
holes."

http://www.govexec.com/dailyfed/1202/121302nj1.htm


 

[2] All eyes on Total Info Awareness 
BY Dan Caterinicchia 
Dec. 16, 2002 

Perhaps no project being developed as a result of the Sept. 11, 2001,
terrorist attacks has caused such intense public scrutiny and debate as
the Defense Advanced Research Projects Agency's Total Information
Awareness (TIA) system.

TIA, in theory, will enable national security analysts to detect,
classify, track, understand and pre-empt terrorist attacks against the
United States by spotting patterns using public and private transaction
and surveillance methods.

The system, parts of which are already operational, incorporates
transactional data systems, including private credit card and travel
records, biometric authentication technologies, intelligence data and
automated virtual data repositories. Its goal is to create an
"end-to-end, closed-loop system," to help military and intelligence
analysts make decisions related to national security, said Robert Popp,
deputy director of DARPA's Info

[INFOCON] - NIPC Daily Open Source Report for 16 December 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 16 December 2002

Daily Overview

.   CNN reports President Bush announced Friday that he is ordering
500,000 military personnel and others in high-risk parts of the world
receive the smallpox vaccine.  (See item 14)

.   CERT has released Vulnerability Note VU#958321 - "Samba contains
a remotely exploitable stack buffer overflow."  (See item 17)

.   CERT has released Vulnerability Note VU#162097 - "Microsoft
Internet Explorer does not adequately validate references to cached
objects and methods."  (See item 18)

.   CNN reports the Pentagon has ordered another 27,000 Reserve and
National Guard troops to prepare for active duty; this includes cargo
specialists, port workers, military police, engineers, and supply
specialists.  (See item 20) 

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking & Finance
Transportation

Gas & Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

1.  December 14, The Mercury (Australia) - Open the reactor, N.
Korea tells UN.  North Korea has demanded the United Nations' nuclear
watchdog remove surveillance cameras and seals from a nuclear power
plant it has vowed to reopen.  The reactor is in the same plant
suspected of developing nuclear arms before it was shut down eight years
ago.  North Korea yesterday called on the International Atomic Energy
Agency (IAEA) to remove its security seals from the Yongbyon plant,
saying its power generation capacity was needed after a decision by the
U.S., Japan and South Korea to suspend regular oil shipments.
"(Pyongyang) requests that the IAEA remove seals and monitoring cameras
on all of its nuclear facilities," North Korea's Atomic Energy
Department director-general Ri Je-son said in a letter to the agency.
IAEA director-general Mohamed El Baradei immediately warned Pyongyang
any unilateral move to remove the security seals or monitoring cameras
would contravene agreements between North Korea and the UN.  Pyongyang
did not clarify whether it would expel the international monitors at its
nuclear facilities or if it would unseal plutonium in a cooling pond at
Yongbyon -- a step that would give it nuclear capability.  Reactivating
the controversial nuclear plant and demanding it operate in secrecy
threatens to escalate security tensions on the Korean peninsula.
Source:
http://www.themercury.news.com.au/common/story_page/0,5936,5675192%255E4
01,00.html 

2.  December 13, The Wichita Eagle (Kansas) - Ensuring nuclear
safety: Wolf Creek shows off elevated security at first tour in 15
months.  The owners of the Wolf Creek nuclear power plant in Kansas have
spent about $2 million to increase security since the terrorist attacks
15 months ago.  More armed guards and concrete barriers around the plant
are just a few of the signs of tightened security.  The company will
continue to spend about $1 million a year on increased security
measures, Otto Maynard, head of the Wolf Creek Nuclear Operating Corp.,
said Thursday, during a media tour of the plant.  Next week, Maynard
said, the nuclear power industry plans to release a report saying Wolf
Creek and the nation's other 102 power plants could withstand a direct
hit from a Boeing jet, similar to those that crashed into the World
Trade Center and the Pentagon last year.  The engineering analysis, paid
for by the industry, was conducted in response to public anxiety and
statements made by the Nuclear Regulatory Commission earlier this year
that some critical parts of the plants may be vulnerable to an airplane
attack.  A plane crashing into the containment building, where the
nuclear reactor is housed, would damage the plant and cause it to shut
down for a long time, Maynard said.  But no radiation would be released,
and the nuclear fuel rods would not be damaged, Maynard said. The
building that houses spent nuclear fuel, he said, could also withstand
the impact of a jet.  Source:
http://www.kansas.com/mld/eagle/4729196.htm 

3.  December 12, Tribune Reporter - Big buy revs N.M. electric
giant.  Summit Electric Supply, the 10th-largest privately held company
in New Mexico, will nearly double in size with the acquisition announced
today of a Texas electrical distributor.  Summit President Victor Jury
Jr. said the company bought for $10.5 million most of the assets of
Warren Electric Group, a Houston-based supplier to the Gulf Coast
petrochemical industry.  Summit, headquartered in Albuquerque, is the
34th-largest electrical supply business in the nation.  The company,
founded 25 years ago by Jury, his father and another partner, employs
310 and had sales last year of $135 million.  It has centers in 10 other
cities in New Mexico, Texas and Arizona.  Source:
http://www.abqtrib.com/archives/news02/121202_news_su

[INFOCON] - CRYPTO-GRAM, December 15, 2002

[Wanja Eric Naef \(IWS\)]

  CRYPTO-GRAM

   December 15, 2002

   by Bruce Schneier
Founder and CTO
   Counterpane Internet Security, Inc.
[EMAIL PROTECTED]
  


A free monthly newsletter providing summaries, analyses, insights, and 
commentaries on computer security and cryptography.

Back issues are available at 
.  To subscribe, visit 
 or send a blank message 
to [EMAIL PROTECTED]

Copyright (c) 2002 by Counterpane Internet Security, Inc.


** *** * *** *** *

In this issue:
  Counterattack
  Crypto-Gram Reprints
  Comments on the Department of Homeland Security
  News
  Counterpane News
  Security Notes from All Over:  Dan Cooper
  Crime: The Internet's Next Big Thing
  Comments from Readers


** *** * *** *** *

 Counterattack



This must be an idea whose time has come, because I'm seeing it talked 
about everywhere.  The entertainment industry floated a bill that would 
give it the ability to break into other people's computers if they are 
suspected of copyright violation.  Several articles have been written 
on the notion of automated law enforcement, where both governments and 
private companies use computers to automatically find and target 
suspected criminals.  And finally, Tim Mullen and other security 
researchers start talking about "strike back," where the victim of a 
computer assault automatically attacks back at the perpetrator.

The common theme here is vigilantism: citizens and companies taking the 
law into their own hands and going after their assailants.  Viscerally, 
it's an appealing idea.  But it's a horrible one, and one that society 
after society has eschewed.

Our society does not give us the right of revenge, and wouldn't work 
very well if it did.  Our laws give us the right to justice, in either 
the criminal or civil context.  Justice is all we can expect if we want 
to enjoy our constitutional freedoms, personal safety, and an orderly 
society.

Anyone accused of a crime deserves a fair trial.  He deserves the right 
to defend himself, the right to face his accused, the right to an 
attorney, and the right to be held innocent until proven guilty.

Vigilantism flies in the face of these rights.  It punishes people 
before they have been found guilty.  Angry mobs lynching someone 
suspected of murder is wrong, even if that person is actually 
guilty.  The MPAA disabling someone's computer because he's suspected 
of copying a movie is wrong, even if the movie was copied.  Revenge is 
a basic human emotion, but revenge only becomes justice if carried out 
by the State.

And the State has more motivation to be fair.  The RIAA sent a 
cease-and-desist letter to an ISP asking them to remove certain files 
that were the copyrighted works of George Harrison.  One of the files: 
"Portrait of mrs. harrison Williams 1943.jpg."  The RIAA simply Googled 
for the string "harrison" and went after everyone who turned 
up.  Vigilantism is wrong because the vigilante could be wrong.  The 
goal of a State legal system is justice; the goal of the RIAA was 
expediency.

Systems of strike back are much the same.  The idea is that if a 
computer is attacking you -- sending you viruses, acting as a DDoS 
zombie, etc. -- you might be able to forcibly shut that computer down 
or remotely install a patch.  Again, a nice idea in theory but one 
that's legally and morally wrong.

Imagine you're a homeowner, and your neighbor has some kind of device 
on the outside of his house that makes noise.  A lot of noise.  All day 
and all night.  Enough noise that any reasonable person would claim it 
to be a public nuisance.  Even so, it is not legal for you to take 
matters into your own hand and stop the noise.

Destroying property is not a recognized remedy for stopping a nuisance, 
even if it is causing you real harm.  Your remedies are to: 1) call the 
police and ask them to turn it off, break it, or insist that the 
neighbor turn it off; or 2) sue the neighbor and ask the court to 
enjoin him from using that device unless it is repaired properly, and 
to award you damages for your aggravation.  Vigilante justice is simply 
not an option, no matter how right you believe your cause to be.

This is law, not technology, so there are all sorts of shades of gray 
to this issue.  The interests at stake in the original attack, the 
nature of the property, liberty or personal safety taken away by the 
counterattack, the risk of being wrong, and the availability and 
effectiveness of other measures are all factors that go into the 
assessment of whether something is morally or legally right.  The RIAA 
bill is at one extreme because copyright is a limited property 
interest, and there is a great risk of wrongful deprivation of use of 
the

[INFOCON] - EPIC Alert 9.24

[Wanja Eric Naef \(IWS\)]

 ==

     @@@    @@     @
 @ @  @   @   @@ @   @ @ @  @@
   @@@@   @   @  @ @@@   @@@ @
 @ @  @   @   @   @  @ @ @  @@
   @ @@@  @   @      @   @   @

 ==
 Volume 9.24  December 12, 2002
 --

  Published by the
Electronic Privacy Information Center (EPIC)
  Washington, D.C.

   http://www.epic.org/alert/EPIC_Alert_9.24.html

  **  HAPPY HOLIDAYS!  **
===
Table of Contents
===

[1] EPIC Files Suit for "No-Fly List" Information
[2] EPIC Submits Comments on TCPA, ENUM, FCC Broadcast Flag Mandate
[3] DC Council Hearing on Camera Regs; 12/24 is World Sousveillance Day
[4] ICANN Task Force Issues New Policy Report on WHOIS Data
[5] CA Senators Introduce Financial Privacy Legislation
[6] Nominations Sought for 2003 PEN/Newman's Own First Amendment Award
[7] Subscribe - Access Reports
[8] Upcoming Conferences and Events

===
[1] EPIC Files Suit for "No-Fly List" Information
===

Seeking information about aviation security watchlists, EPIC yesterday
filed a Freedom of Information Act (FOIA) lawsuit against the
Transportation Security Administration (TSA) in federal court in
Washington.  The legislation creating TSA authorizes the agency to
maintain such lists, which reportedly have been used to interfere with
the travel of political activists.  EPIC's lawsuit seeks, among other
things, TSA's criteria for putting people on so-called "no-fly lists"
that apparently bar some passengers from flying and subject others to
extensive scrutiny.

The Aviation Security and Transportation Act, passed in the wake of
the September 11, 2001 terrorist attacks, authorizes TSA to maintain
watchlists and notify law enforcement, aviation and airline officials
of the names of people suspected of posing "a risk of air piracy or
terrorism or a threat to airline or passenger safety."  In a FOIA
request submitted to TSA in early October, EPIC requested information
about the number of names on all aviation-security watchlists,
procedures for posting and removing names and all complaints from
people who claim to have mistakenly been included on the lists.  TSA
failed to respond to the request within the legal time limit,
prompting EPIC's lawsuit.

EPIC has also sought information from TSA on its updated Computer
Assisted Passenger Pre-screening System (CAPPS-II).  The basic
structure of passenger profiling is to use an algorithm to determine
indicators of characteristics or patterns that are related to the
occurrence of certain behavior.  The CAPPS-II initiative will expand
the range of databases searched for suspicious activity so that each
airline passenger will be subjected to extensive profiling. Retired
Admiral John Poindexter's office in the Defense Department is
considering developing a similar "Total Information Awareness" system
(which is also the subject of pending EPIC FOIA requests).  See EPIC
Alert 9.23.

In another lawsuit involving the privacy impact of post-September 11
initiatives, a federal judge on November 26 ordered the Justice
Department to complete its processing of an EPIC information request
concerning the USA PATRIOT Act by January 15.  EPIC, joined by the
American Civil Liberties Union and library and booksellers'
organizations, filed the FOIA lawsuit seeking the disclosure of
information concerning implementation of the controversial
anti-terrorism law.  See EPIC Alert 9.20.

EPIC's "no-fly list" lawsuit is available at:

  http://www.epic.org/privacy/airtravel/tsa_foia_suit.pdf

Background information is available at EPIC's Air Travel Privacy Page:

  http://www.epic.org/privacy/airtravel/

===
[2] EPIC Submits Comments on TCPA, ENUM, FCC Broadcast Flag Mandate
===

EPIC has recently filed comments on the Telephone Consumer Protection
Act (TCPA), Electronic Numbering (ENUM), and the Digital Television
Broadcast Flag.

In comments to the Federal Communications Commission (FCC), ten
leading civil liberties and consumer groups joined EPIC in support of
greater protections against telemarketing under the TCPA.  The
comments support a national do-not-call (DNC) list that allows
Internet, telephone, and mail enr

[INFOCON] - NIPC Daily Open Source Report for 13 December 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 13 December 2002

Daily Overview

.   Microsoft has released "Security Bulletin MS02-069: Flaw in
Microsoft VM Could Enable System Compromise (Critical)."  (See item 15)

.   Microsoft has released "Security Bulletin MS02-071: Flaw in
Windows WM_TIMER Message Handling Could Enable Privilege Elevation
(Important)."  (See item 17)

.   CERT announces "Advisory CA-2002-35, Vulnerability in RaQ 4
Servers" which is a remotely exploitable vulnerability discovered in Sun
Cobalt RaQ 4 Server Appliances running Sun's Security Hardening Package.
(See item 14)

.   The U.S. Coast Guard reports the Gulf Safety Committee is
implementing several programs to make the Gulf of Mexico a safer, more
secure, and economically viable region for commercial and recreational
use.  (See item 3)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking & Finance
Transportation

Gas & Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

1.  December 12, Reuters - NRC may cite TXU's Texas nuclear plant
following water leak.  The U.S. Nuclear Regulatory Commission (NRC) will
decide within 30 days whether to cite a TXU Corp unit for an apparent
safety violation at a Texas nuclear power unit, the agency and TXU said
Wednesday.  The apparent violation involves a leaking steam generator
tube at the 1,150 megawatt Comanche Peak 1 plant in Glen Rose, Texas.
The unit is currently shut for electrical work and is expected to return
to service within a few days.  NRC public affairs officer Roger Hannah
told Reuters that in the case that led to the leak, there was an
apparent violation.  There was no detectable radiation released into the
environment, Hannah said.  In response, TXU Energy spokesman David
Beshear said the company has retrained its analysts to look for this
particular kind of problem.  Source:
http://www.energycentral.com/sections/newsroom/nr_article.cfm?id=3512491


2.  December 9, Polit.ru - In Russia nuclear sites' security
increased due to new threats.  In an interview with the Moscow radio
station Ekho Moskvy, Rusenergoatom (Russian state nuclear energy
company) general director Oleg Saraev announced that Russia is
scrambling to implement additional security measures for nuclear power
plants.  Whereas authorities had previously believed that nuclear power
plants could only be seriously damaged by a threat factor with
state-level capabilities, Saraev admitted, "Now we are convinced that
this would be possible even for very small groups of people."  Saraev
also told the radio station that Russia's nuclear plants are not
completely capable of withstanding a terrorist act.  "Technically they
are capable of withstanding only the impact of a military airplane,
fairly large, moving at a fairly good speed," Saraev was quoted.
Because of this, security forces were now scrambling to implement a
number of extra security measures.  Source:
http://www.polit.ru/documents/519848.html 

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Cyber: ELEVATED
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -  http://esisac.com]

[return to top]

Banking and Finance Sector

Nothing to report.

[return to top]

Transportation Sector

3.  December 10, U.S. Coast Guard - Gulf Safety Committee implements
security programs.  The Gulf Safety Committee, created in October 2001,
is implementing several programs to improve safety and security in the
Gulf of Mexico.  The committee is a Regional Marine Transportation
System Committee that brings together all offshore Gulf of Mexico (GOM)
waterway users.  Its goal is to stimulate procedural - and possibly
regulatory - changes to make the GOM a cleaner, safer and more secure
and economically viable region for commercial and recreational use.
Examples of the new informational programs it has developed include: a
one-page informational document to educate waterway users regarding the
two security advisory systems in use; identifying weaknesses in the
system for notifying waterway users of changes in the national threat
level assignment; working with the Coast Guard to implement an effective
notification system; developing a voluntary communication protocol to be
used between fishermen and oil and gas facilities; and working with all
applicable government agencies and industry representatives to develop a
voluntary security guideline for the offshore oil and gas industry.  The
Gulf Safety Committee has a new web site to communicate with its
membership and the public.  They encourage all interested persons to
visit www.uscg.mil/hq/g-m/harborsafety/Gulf%20Safety%20Committee.htm to
read about the above projects.  Source:
http://www.uscg.mil/d8/dpa/171-02.htm 

4.   

[INFOCON] - News: London, Friday, December 13, 2002

[Wanja Eric Naef \(IWS\)]

_

London, Friday, December 13, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body

-

_


  
  [News Index]
  

[1] Critics say Defense 'total information awareness' impractical
[2] Northcom cultures 'need to share'
[3] Washington-area lawmakers vie for Homeland Security headquarters
[4] DOD offering homeland expertise
[5] Burbano takes on homeland job

[6] Tech Sniffs Employee Offenders  
[7] Now it's the World Wide 'Wanted' Web
[8] E-fraud costs retailers millions
[9] Therminator to watch for cyberattacks
[10] Contractor says tech industry must rise to information security
challenge

[11] Sprint pushes tougher security policy for vendors
[12] Top spammer hit by junk mail blitz
[13] (UK) Police charter will boost fight against cybercrime
[14] MyDomains.com hit by denial-of-service attack
[15] Aust security experts warn of new hacking target

[16] Your Microsoft critical security patches tonight
[17] INS sets date for student data
[18] Agencies see homeland security role for surveillance drones
[19] Bush science advisers contemplate technology transfer

_

CURRENT THREAT LEVELS 
_


Electricity Sector Physical: Elevated (Yellow) 

Electricity Sector Cyber: Elevated (Yellow) 

Homeland Security Elevated (Yellow) 
DOE Security Condition: 3, modified  

NRC Security Level: III (Yellow) (3 of 5) 

_

News
_




[1] Critics say Defense 'total information awareness' impractical
By Shane Harris

Security advocates and technology experts threw cold water on a
controversial Defense Department plan to create a new counterterrorism
system that would use information technology to sniff out clues to a
possible terrorist assault and identify attackers before they strike.
The critics said the system, currently being researched by the Pentagon,
would violate civil liberties, undermine commerce and probably wouldn’t
work. 

Charles Peña, a policy analyst with the libertarian Cato Institute in
Washington, said it’s statistically unlikely that the system could
predict and pre-empt attacks and also avoid targeting innocent people as
suspected terrorists. He said that if the system—which theoretically
would analyze relationships among transactions such as credit card or
airline ticket purchases—were applied to the entire population, almost
as many people would incorrectly be identified as terror plotters as
would be correctly fingered. That scenario would make the technology
useless, said Peña, who argued against spending millions of dollars to
develop it. 

The Total Information Awareness (TIA) system is managed by the Defense
Advanced Research Projects Agency (DARPA), the Pentagon’s main research
and development unit. It would use data retrieval, biometric
identification and other technologies to analyze information in
databases. DARPA has not yet said what databases would be searched, but
controversy has engulfed the project amid fears that private purchases
and travel patterns might become the subject of government inspection. 

http://www.govexec.com/dailyfed/1202/121202h1.htm 

 

[2] Northcom cultures 'need to share'
BY Dan Caterinicchia 
Dec. 11, 2002 

Just a little more than two months since its official start, the Defense
Department's Northern Command is suffering many growing pains, not the
least of which is attempting to mesh defense, law enforcement,
intelligence and homeland security cultures into a "need to share"
information environment.

Air Force Maj. Gen. Dale Meyerrose, Northcom's chief information
officer, said the DOD and national security structure operates in a
"need to know" environment, while the federal, sta

[INFOCON] - UNIRAS Brief - 444/02 - Microsoft - Flaw in MicrosoftVM Could Enable System Compromise

[Wanja Eric Naef \(IWS\)]

-Original Message-
From: UNIRAS (UK Govt CERT) 
Sent: 13 December 2002 10:19
To: [EMAIL PROTECTED]
Subject: UNIRAS Brief - 444/02 - Microsoft - Flaw in Microsoft VM Could
Enable System Compromise 

-BEGIN PGP SIGNED MESSAGE-

-

--
   UNIRAS (UK Govt CERT) Briefing Notice - 444/02 dated 13.12.02  Time:
10.20
 UNIRAS is part of NISCC(National Infrastructure Security Co-ordination
Centre)
-

-- 
  UNIRAS material is also available from its website at
www.uniras.gov.uk and
 Information about NISCC is available from www.niscc.gov.uk
-

--

Title
=

Microsoft Security Bulletin - MS02-069:

Flaw in Microsoft VM Could Enable System Compromise 

Detail
== 

- -BEGIN PGP SIGNED MESSAGE-

- -
--
Title:  Flaw in Microsoft VM Could Enable System 
Compromise (810030)
Date:   11 December 2002 
Software:   Microsoft VM
Impact: Eight vulnerabilities, the most serious of which
would enable an attacker to gain control over
another user's system.
Max Risk:   Critical 
Bulletin:   MS02-069

Microsoft encourages customers to review the Security Bulletins at: 
http://www.microsoft.com/technet/security/bulletin/MS02-069.asp
http://www.microsoft.com/security/security_bulletins/ms02-069.asp. 
- -
--

Issue:
==
The Microsoft VM is a virtual machine for the Win32(r) operating
environment. The Microsoft 
VM shipped in most versions of Windows (a complete list is available
in the FAQ), as well as 
in most versions of Internet Explorer. 

A new version of the Microsoft VM is available, which includes all
previously released fixes 
for the VM, as well as fixes for eight newly reported security
issues. The attack vectors 
for all of the new issues would likely be the same. An attacker would
create a web page 
that, when opened, exploits the desired vulnerability, and either
host it on a web page or 
send it to a user as an HTML mail. 

The newly reported security issues are as follows: 
 - A security vulnerability through which an untrusted
   Java applet could access COM objects. By design, COM
   objects should only be available to trusted Java
   programs because of the functionality they expose. COM
   objects are available that provide functionality through
   which an attacker could take control of the system. 
 - A pair of vulnerabilities that, although having 
   different underlying causes, would have the same effect,
   namely, disguising the actual location of the applet's
   codebase. By design, a Java applet that resides on user
   storage or a network share has read access to the folder
   it resides in and all folders below it. The 
   vulnerabilities provide methods by which an applet 
   located on a web site could misrepresent the location of
   its codebase, to indicate that it resided instead on the
   user's local system or a network share. 
 - A vulnerability that could enable an attacker to construct
   an URL that, when parsed, would load a Java applet from
   one web site but misrepresent it as belonging to another
   web site. The result would be that the attacker's applet
   would run in the other site's domain. Any information the
   user provided to it could be relayed back to the attacker. 
 - A vulnerability that results because the Microsoft VM 
   doesn't prevent applets from calling the JDBC APIs - a 
   set of APIs that provide database access methods. By 
   design, these APIs provide functionality to add, change,
   delete or modify database contents, subject only to the
   user's permissions. 
 - A vulnerability through which an attacker could 
   temporarily prevent specified Java objects from being
   loaded and run. A legacy security mechanism known as the
   Standard Security Manager provides the ability to impose
   restrictions on Java applets, up to and including 
   preventing them from running altogether. However, the VM
   does not adequately regulate access to the SSM, with the
   result that an attacker's applet could add other Java 
   objects to the "banned" list. 
 - A vulnerability through which an attacker could learn a
   user's username on their local system. The vulnerability
   results because one particular system property, user.dir,
   should not be available to untrusted applets but, through
   a flaw, is. While knowing a username would not in itself
   pose a security risk, it could be useful for 
   reconnaissance purposes. 
 - A vulnerability that results because it's possible for a
   Java applet to perform an incomplete instantiation of 
   another Java object. The effect of doing so would be to
   cause the con

[INFOCON] - NIPC Daily Open Source Report for 11 December 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 11 December 2002

Daily Overview

.   CERT has announced Vulnerability Note VU#630355 - "Netscape and
iPlanet Enterprise Servers fail to sanitize log files before they are
displayed using the administration client."  (See item 15)

.   Government Computer News reports the National Communications
System is introducing its first cellular priority telephone service,
available in New York by the end of the month and nationwide by next
December.  (See item 7)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking & Finance
Transportation

Gas & Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

1.  December 10, Reuters - Looking at it this low, historically we
have not been able to catch up to an average snow pack," Fox said. The
largest dams are on the Columbia River and its tributaries in Washington
and Oregon. Scott Pattee, Mount Vernon, Washington-based water supply
specialist with the NRCS noted that snowpack in the basin is around 33
percent of normal at the upper end and as low as 20 percent elsewhere.
He noted some key areas were faring even worse with the Yakima River
basin only around 10 to 11 percent of normal. Fox said the situation is
even more serious than the statistics suggest following months of dry
weather. Marianne Hallet, an NRCS water supply specialist based in
Davis, California, said the northern Sierra Nevada mountains in
California were running at 45 percent of normal, the central region at
59 percent and southern section at 93 percent. Source:
http://www.energycentral.com/sections/newsroom/nr_printer_friendly.cfm?i
d=3509556

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Cyber: ELEVATED
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -  http://esisac.com]

[return to top]

Banking and Finance Sector

2.  December 10, MSNBC - Elaborate credit card con still works.  No
one broke into Doug and Sandy Roth's tiny Seattle office.  But somehow,
criminals managed to impersonate the couple's Prosynergy Corp. well
enough to convince Bank of America Merchant Services to ship some
$52,000 in credit card credits to various bank accounts based in Spain.
And the Roths knew nothing about it until Bank of America called a few
days ago and handed them the bill.  The simple but ingenious
"credit-back" scheme essentially lets a criminal exploit a fundamental
flaw in some credit card processors which allows consumers to buy
merchandise with one credit card, then allows them to return the
merchandise and receive a credit on a different card.  So, for example,
in some situations a consume can buy an item with an American Express
card, then return it, and get the credit on their Visa card.  Stealing
money from a stolen credit card this way can be easy - the criminal uses
a stolen credit card, buys a $100 item, then returns it, gets a $100
debit card credit, then withdraws that cash from an ATM.  Source:
http://www.msnbc.com/news/844216.asp 

[return to top]

Transportation Sector

3.  December 10, CNN  - TSA says no major problem with hand-held
wands.  The Transportation Security Administration (TSA) denied Tuesday
that it has major problems with a certain brand of hand-held metal
detector in widespread use at airport security checkpoints.  Troubles
with the Garrett brand of wand commonly used by federal airport
screeners were outlined in an e-mail sent last month to airport security
directors by TSA official John Rooney.  The TSA confirms he wrote, "I
believe that we have a systemic problem on the reliability of the
Garrett SuperWand."  Federal screeners discovered that when the wand was
turned upside down the unit's battery sometimes disconnected, causing a
loss of power to the device.  But TSA spokeswoman Heather Rosenker said
only 79 wands were found to have the problem -- out of some 10,000
Garrett SuperWands the TSA uses.  Rosenker said the problem involves the
battery -- not the wand.  "The battery cap is made so that when you used
one type of battery (a Duracell 9-volt) rather than another (the
EverReady Heavy Duty) ... the way it fits in that compartment there
would not be a connection."  Rosenker said federal airport security
directors have been told to use the EverReady batteries in the wands.
Tuesday, she said the TSA will decide whether to order new battery
compartment doors, or to mandate that the larger battery be used in the
wands.  Source:
http://www.cnn.com/2002/TRAVEL/12/10/defective.airport.wands/index.html 

4.  December 10, New York Times - New rule to limit boarding passes
from gate.  The Transportation Security Administration will require
nearly all airline passengers to obtain boarding passes before they
arrive at the securit

[INFOCON] - USAF: Social engineering: Hackers exploit humanweakness

[Wanja Eric Naef \(IWS\)]

(Security is as strong as the weakest link which is usually the human. 
As Kevin Mitnick said most of the time he got access just by using this
technique. More awareness campaigns are needed to address this issue. 

It is just too easy to trick someone, especially if they are not aware
of it and worst of it most of the time they won't even realise that they
were a victim/target as some people are just too good to be caught.  For
example, someone who is really at good 'human source development' will
put the important questions in the middle of the conversation as humans
generally remember far better the beginning and the end of it than the
middle bit. WEN)

Social engineering: Hackers exploit human weakness
by Laurie G. Knepper
Joint STARS Test Force senior computer systems manager

12/6/2002 - MELBOURNE, Fla. (AFPN) -- Are you familiar with the term
"social engineering"? If not, you probably don't know the potential
impact of social engineering on the Air Force and national security. And
that means you could be an unwitting participant. 

Social engineering means computer-security cracking techniques that rely
on weakness in human nature rather than weaknesses in hardware, software
or network design. 

The goal of social engineering is to trick people into revealing
passwords, network vulnerabilities or other information that will help
the hacker get access to important data. Using social engineering, even
someone with lousy computer skills can find his or her way into a
supposedly secure computer system and access, modify or destroy the data
on it. 

How are your social engineering defenses? 

-- Do you lock your work station before leaving your desk, or do you
leave it up to a screensaver to kick in a little while later? 

-- Would you decline to give your password to someone who said, over the
phone or in an e-mail, that he or she was debugging a problem with your
account, and then contact your computer security representatives
immediately, or would you comply with the password request? 

-- Do you challenge strangers in the hall who don't display a proper
badge, or do you assume because they are in nice suits that they are
probably too important to be questioned? 

-- Would you stop a clean-cut uniformed delivery person carrying
packages who flashes a smile and asks where the mailroom is as he
attempts to tailgate into a secure building with you, or would you
politely hold the door open for him and point him toward the mailroom? 

-- Do you shred old phone lists, or do you simply dump them in the trash
or recycle bin? 

-- Would you decline to participate in a phone survey that asks a bunch
of questions about your organization's computer systems, or would you
participate to get the "free gift"? 

-- Do you leave work discussions at work, or do you discuss Air Force
business over meals at local restaurants? 

In case you have any doubt, the first action in each of these examples
reflects proper security practices, while the second action reflects
poor security or outright security violations. 

Here are a few interesting and educational articles on the Web that deal
with social engineering. Please take some time to read them. There may
be a test. It may be given by someone official. Or it may be given by
someone who is not official, not authorized, and not supposed to be
getting the information or access that you are inadvertently giving
them. Think about it. 


Physical Security - Technical Security's Biggest Hole lists some
everyday "easy access" methods that have proven effective. 
http://www.scmagazine.com/scmagazine/2001_11/feature.html 

-- Social Engineering Fundamentals, Part I: Hacker Tactics
http://online.securityfocus.com/infocus/1527  

-- Social Engineering Fundamentals, Part II: Combat Strategies 
http://online.securityfocus.com/infocus/1533 

Social Engineering Attacks via IRC and Instant Messaging
http://www.cert.org/incident_notes/IN-2002-03.html 




IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - REVIEW: "The Art of Deception", Kevin D.Mitnick/William L. Simon

[Wanja Eric Naef \(IWS\)]

REVIEW: "The Art of Deception", Kevin D. Mitnick/William L. Simon

BKARTDCP.RVW   20021028

"The Art of Deception", Kevin D. Mitnick/William L. Simon, 2002,
0-471-23712-4, U$27.50/C$39.95/UK#19.95
%A   Kevin D. Mitnick
%A   William L. Simon
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   2002
%G   0-471-23712-4
%I   John Wiley & Sons, Inc.
%O   U$27.50/C$39.95/UK#19.95 416-236-4433 fax: 416-236-4448
%O  http://www.amazon.com/exec/obidos/ASIN/0471237124/robsladesinterne
%P   352 p.
%T   "The Art of Deception: Controlling the Human Element of Security"

Those in the security field know that Kevin Mitnick does not deserve
the reputation he has gained as some kind of technical genius.  His
gift was skill as a social engineer.  Stripped of the five dollar
words, this means that he was a plain, old con man, cheat, or fraud. 
In other words, this is a book about how to fool people. 
Theoretically, the determined reader should be able to use the book to
keep from being conned.

In the preface, Mitnick would have us believe that, although he admits
to being a fraud and deceiver, he was never a grifter.  He never
harmed anybody, never obtained a material benefit, and was just
curious to see if he could ride the buses for free (at the expense of
the transit system) or make calls for free (at the expense of an MCI
customer).  (The willing moral blindness of these assertions is
possibly the most instructive part of the book: it is truly
representative of large portions of the blackhat community.)  He would
have us believe that he is a "changed person": one of the most sought-
after computer security experts world-wide, and the world's most
famous hacker.  Oh, and just in case the authorities are inclined to
think that this book runs counter to the injunction that he not profit
from the stories of his criminal exploits, the tales are all
completely fictional.  Trust him.

Part one is entitled "Behind the Scenes."  Chapter one states that
people are security's weakest link.  This is a truism well known in
the field, but the first account is really about insider fraud, while
the remainder are generic fear-mongering.

Part two describes the art of the attacker.  (At great length.) 
Chapter two depicts escalation or enumeration through social
engineering, and points out that sometimes innocuous information
isn't.  There is a section on "preventing the con" at the end of each
chapter: in this case we are told not to give out information, but not
provided with any advice about authenticating callers.  Similarly,
chapter three says that sometimes attackers just ask for access or
information and says to verify callers, but doesn't say how.  Chapter
four tells you to distrust everyone--which would probably be more
damaging to society than social engineering.  (Interestingly,
yesterday a report came out about studies of "freeloading" in the
animal kingdom, which notes that communities with too many non-
contributing members tend not to survive.  By extension, only
societies with an overwhelming majority of trustworthy members exist
for any length of time.)  The prevention bit tells companies not to
have people give credit card information over the phone, but stresses
teaching employees about cons rather than policies.  At about this
point the text, which is very repetitious, throws in some minor
technical details.  This is enough to remind the professional that the
book is designed for the naive user, with extremely lightweight
analysis, and implications that would not be useful.  There is more
repetitive redundancy in chapter six, on the way to some useful
information about fraudulent email and really lousy data about viruses
and malware, in chapter seven.  Chapters eight and nine are simply
more of the same stories, which start to get very tedious.

Part three is apparently supposed to help us detect intruders. 
Chapter ten has a little useful advice about having termination
procedures.  The major points in chapter eleven seem to be about all
the people who have been mean to our poor Kevin.  Then it is back to
the, by now extremely tiresome, con jobs for another three chapters.

We are intended to believe that part four will help us protect
ourselves and our companies against social engineering.  Chapter
fifteen is an attempt to convince us that the book should be purchased
for all employees.  (Nice try, Kev.)  There is an arbitrary, and oddly
both generic and overly detailed, suggested security policy, in
chapter sixteen.

So.  Security professionals already know about social engineering.  It
is unlikely in the extreme that even the most head down, don't-talk-
to-the-users, socially maladept firewall administrator will learn very
much from this book.  But, of course, this is not a trade paperback. 
This is a hardback aimed at the mass market: the non-professionals. 
Will they learn anything from it?  Well, it might be useful for
teaching new tricks to those who like to con people (although
fraudsters wi

[INFOCON] - (HS) OCIPEP Update: Department of Homeland Security

[Wanja Eric Naef \(IWS\)]

INTERNATIONAL UPDATE
  
Date: 28 November 2002

http://www.ocipep.gc.ca/opsprods/other/IU02-001_e.asp 
   
United States 

Update: Department of Homeland Security

1.0 President Bush signed the Homeland Security Act of 2002 on 25
November, 2002, thus enacting legislation creating the Department of
Homeland Security (DHS). The DHS will amalgamate approximately 22
government agencies representing some 170,000 personnel. The new
Department will be made up of four Directorates:

Border and Transportation Security 
Science and Technology 
Emergency Preparedness and Response 
Information Analysis and Infrastructure Protection 
A useful organizational chart of the new Department of Homeland Security
can be found at: http://www.govexec.com/homeland/HSchart.htm

1.1 At the time of signing, President Bush nominated former Pennsylvania
governor, Tom Ridge as Secretary of the Department of Homeland Security.
Gordon England was nominated to the position of Deputy Secretary. Under
Secretaries will be appointed for each of the four directorates. At this
time, the only Under-Secretary named is Asa Hutchinson for Border and
Transportation Security.

All Under Secretary appointments are subject to confirmation by the
Senate, which will meet again in January 2003. 

For biographical information on the nominees, see:
http://www.whitehouse.gov/news/releases/2002/11/20021126-10.html

1.2 From the enactment of the legislation, the president has 60 days to
submit a plan for the reorganization of affected agencies to Congress.
That plan was submitted shortly after the signing of the Act on 25
November. The plan outlines the timeline for the departmental
reorganization:
By 24 January, 2003 the Secretary of the DHS is required to: 

Establish of the Office of the Secretary 
Appoint and confirm by the Senate, or transfer personnel to fill key
positions and establish Offices, Agencies, Bureaus, and Boards. 
For a list of the positions to filled and agencies to be established see
Annex A.

By 1 March 2003 the Secretary of the DHS is required to transfer
Government components or agencies and their functions to the DHS.

See Annex B for the list of agencies, organizations and functions that
must be established or transferred to DHS.

By 1 June 2003 the Secretary of the DHS is required to:

Transfer the Plum Island Animal Disease Center 
Establish the Homeland Security Science and Technology Advisory
Committee 
By 30 September 2003 the Secretary of the DHS is required to complete
any remaining transfers of personnel, assets, and liabilities


The following sections briefly describe the roles and responsibilities
of each of the four Directorates (Under Secretaries).


DIRECTORATE OF TRANSPORTATION AND BORDER SECURITY

2.0 The Directorate of Border and Transportation Security (BTS) will
include the following agencies: Bureau of Border Security, the Office
for Domestic Preparedness, the Customs Service, the Transportation
Security Administration (TSA), the FLETC, and the FPS. Aside from the
Under-Secretary, BTS leadership will include an Assistant Secretary for
Border Security and a Director of the Office for Domestic Preparedness. 

2.1 The Under-Secretary will be responsible for the oversight of the
following mandates of BTS:

Preventing the entry of terrorists and the instruments of terrorism into
the US. 

Securing the border, territorial waters, ports, terminals, waterways,
and air, land and sea transportation systems of the US. 

Establishing and administering rules governing the granting of visas or
other forms of permission to enter the US. 

Establishing national immigration enforcement policies and priorities. 
Administering US customs laws. 

Conducting the inspection and related administrative functions of the
USDA as transferred to the DHS under the Act. 

Ensuring the speedy, orderly, and efficient flow of lawful traffic and
commerce while carrying out the above responsibilities. 

Carrying out the immigration enforcement functions specified in the Act
that were transferred to the DHS from the INS. 

2.2 The Assistant Secretary for Border Security will report directly to
the Under Secretary of BTS and will be responsible for:

The administration of the policies related to the functions transferred
to the Under Secretary for BTS. 

Advising the Under Secretary with respect to any policy or operation of
the Bureau of Border Security that may affect the Bureau of Citizenship
and Immigration. 

2.3 The Director of the Office for Domestic Preparedness will report
directly to the Under Secretary for BTS and will have the primary
responsibility within the Executive Branch of the Federal Government for
the preparedness of the US for acts of terrorism. Responsibilities will
include:

Coordination of preparedness efforts at the Federal level and working
with other levels of emergency response providers on all matters
relating to combating terrorism, including training, exercises and
equipment support. 
Coordination and/or consolidation o

[INFOCON] - (HS) Verga Clarifies DoD's Homeland Defense Role

[Wanja Eric Naef \(IWS\)]

... He said President Bush describes the homeland security
mission as a concerted effort to prevent terrorist attacks
within the United States, to reduce the nation's
vulnerability to terrorism, and to minimize damage and to
assist in recovery efforts after terrorist attacks. ...

... However, Verga noted that fiscal 2004 Defense Planning
Guidance defines homeland defense as the military
protection of U.S. territory, the domestic population and
critical defense infrastructure against external threats
and aggression. ...

-Original Message-
From: DEFENSE PRESS SERVICE LIST 
On Behalf Of Press Service
Sent: 11 December 2002 20:45
To: [EMAIL PROTECTED]
Subject: Verga Clarifies DoD's Homeland Defense Role

By Gerry J. Gilmore
American Forces Press Service

WASHINGTON, Dec. 11, 2002 -- In defending the homeland, DoD
has clear and defined responsibilities often very much
separate from those of civil organizations, a senior
Pentagon official noted here Dec. 10.

Accordingly, the Defense Department recognizes there are
differences between the homeland security and homeland
defense missions, Peter Verga, director of DoD's Homeland
Defense Task Force, reminded a security conference audience
here.

DoD supports national homeland security through its
military homeland defense missions, Verga explained.

He said President Bush describes the homeland security
mission as a concerted effort to prevent terrorist attacks
within the United States, to reduce the nation's
vulnerability to terrorism, and to minimize damage and to
assist in recovery efforts after terrorist attacks.

However, Verga noted that fiscal 2004 Defense Planning
Guidance defines homeland defense as the military
protection of U.S. territory, the domestic population and
critical defense infrastructure against external threats
and aggression.

The DPG also calls for DoD to routinely study state
activities to deter potential aggressors and to prepare
U.S. military forces for action, if needed.

"That's a subtle, but a very, very distinct difference,"
Verga pointed out, noting that the terms homeland security
and homeland defense "are often - very incorrectly - used
interchangeably."

There are three circumstances where DoD would be involved
in homeland security activities within the United States,
he noted. They are:

Traditional military missions performed inside the
United States, called "extraordinary circumstances." An
example would be the current combat air patrols, during
which military aircraft might be ordered to shoot down a
terrorist-hijacked airliner that's en route to a target.

Emergency circumstances, where the military aids civil
authorities or other federal agencies with logistical and
other support in, for instance, disaster relief missions
after hurricanes, tornadoes and floods.

Temporary circumstances, such as DoD support to the
Olympics.

DoD's foremost mission, Verga pointed out, is to defend the
United States and the American population. Any department
activities requested in support of homeland defense efforts
should be centrally coordinated, he noted, to promote
efficiency and prevent confusion.

The mechanisms to coordinate such DoD support are either in
place or soon will be, Verga noted, citing the March 2003
start up of the Department of Homeland Security, and the
authorization of a new assistant secretary of defense for
homeland defense.

He also pointed to the Oct. 1 establishment of U.S.
Northern Command, the new unified command with
responsibility for homeland defense.

Army Lt. Gen. Joseph Kellogg, director of command, control,
communications and computer systems (J-6) for the Joint
Staff, sat on the discussion panel with Verga. He noted
Northern Command is the first regional combatant command in
the United States.

Northern Command's job, he noted, is to coordinate with
other elements and agencies to produce "a seamless
battlefield."

"We view the United States of America as a battlefield. If
you look at what happened back on the 11th of September a
year ago, . those attacks occurred . within the United
States," Kellogg emphasized.

___
NOTE:  This is a plain text version of a web page.  If your e-mail
program
did not properly format this information, you may view the story at
http://www.defenselink.mil/news/Dec2002/n12112002_200212114.html
Any photos, graphics or other imagery included in the article may also
be viewed at this web page.




Visit the Defense Department's Web site for the latest news
and information about America's response to the Sept. 11, 2001,
terrorist attacks and the war against terrorism: "Defend America"
at http://www.DefendAmerica.mil.


Visit the "Department of Defense Homeland Security" Web site
at http://www.defenselink.mil/specials/homeland/ to learn more
about the Department of Defense role in homeland security.

[INFOCON] - (MIL) Transformation on Display in Qatar

[Wanja Eric Naef \(IWS\)]

... The exercise tests command and control for U.S. Central
Command. ...

... There have been hiccups, which is why the military is
exercising the system. The setup consumes "an awful lot of
bandwidth," said a Central Command official. "Sometimes the
computer network goes down, but it has gotten better as
we've become more familiar with it." ...


-Original Message-
From: DEFENSE PRESS SERVICE LIST 
On Behalf Of Press Service
Sent: 12 December 2002 16:00
To: [EMAIL PROTECTED]
Subject: Transformation on Display in Qatar

By Jim Garamone
American Forces Press Service

DOHA, Qatar, Dec. 12, 2002 -- It was U.S. military
transformation in the flesh at the As Saliyah pre-
positioning camp here Dec. 12.

Defense Secretary Donald H. Rumsfeld visited U.S. service
members participating in Exercise Internal Look, being held
at this compound outside Qatar's capital city.

Around 1,200 service members are participating in the
computer-generated exercise. The scenario is classified,
but it is realistic for the command, said senior Central
Command officials.

The exercise tests command and control for U.S. Central
Command. The command's headquarters is at MacDill Air Force
Base, Fla. A senior Central Command official said it is a
15-hour flight -- with two refuelings -- for the combatant
commander to get into the area of operations.

The command needed a deployable command post so the
combatant commander could still oversee all aspects of
Central Command's mission and be in theater. Internal Look
is testing that command post.

The deployable headquarters consists of more than 20
structures set up in storage warehouses for equipment now
being used in Kuwait. A mixture of tents and CONEX boxes,
the headquarters is tied together with thousands of feet of
fiber-optic cable.

Officials said that anything they can do at MacDill they
can do here.

The headquarters is an outgrowth of a proposal in the
Quadrennial Defense Review. That document called for a
deployable joint task force headquarters. Since that
document in 2001, technology has allowed a grander design.

On the logistics side, for example, officials can find
exactly where anything destined for the command is at any
time. It allows planners to take the commander's orders and
"promulgates" them over Central Command's entire 25-nation
area of operations. Raytheon designed and built the system
in St. Petersburg, Fla. It arrived in Qatar in October.

"In many ways, this is better than MacDill," said Army Lt.
Col. John Latulip, a member of the J-4 logistics staff.
"All this equipment is less than six months old."

There have been hiccups, which is why the military is
exercising the system. The setup consumes "an awful lot of
bandwidth," said a Central Command official. "Sometimes the
computer network goes down, but it has gotten better as
we've become more familiar with it."

The tasks personnel in the deployed group do may have to be
tweaked, said a senior command official, but the overall
number seems about right.

British forces are participating in the exercise. The
deployable headquarters can expand to accommodate allies,
officials said. Also, a U.S. Joint Forces Command team is
present to take lessons learned back to Norfolk, Va., for
the next-generation headquarters and to dispense these
lessons to the other combatant commands.

Once the exercise is over on Dec. 17, the headquarters will
stay in Qatar. Senior command officials did not know how
many people would be assigned to the facility.

The defense secretary told troops that the 21st century is
a different time for the world. "It is a distinctly
different security environment," he said. "Our Department
of Defense, our country, is in the process of transforming
itself to fit those new threats and new capabilities that
exist in the world."

The deployable headquarters is another step in the road,
officials said.

___
NOTE:  This is a plain text version of a web page.  If your e-mail
program
did not properly format this information, you may view the story at
http://www.defenselink.mil/news/Dec2002/n12122002_200212121.html
Any photos, graphics or other imagery included in the article may also
be viewed at this web page.




Visit the Defense Department's Web site for the latest news
and information about America's response to the Sept. 11, 2001,
terrorist attacks and the war against terrorism: "Defend America"
at http://www.DefendAmerica.mil.


Visit the "Department of Defense Homeland Security" Web site
at http://www.defenselink.mil/specials/homeland/ to learn more
about the Department of Defense role in homeland security.







IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - News: London, Thursday, December 12, 2002

[Wanja Eric Naef \(IWS\)]

_

  London, Thursday, December 12, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body

-

_


  
  [News Index]
  

[1] NIPC chief Ron Dick to retire
[2] Ridge says intelligence czar probably unnecessary
[3] Internet Filters Block Many Useful Sites, Study Finds
[4] Study Refutes E-Mail Myth  
[5] Senate Closes Accidental Anonymizer

[6] Rooting Out Corrupted Code
[7] 'I'm no hacker', Sklyarov tells US court
[8] Defense officials advocate new classification system for information
[9] DALnet debilitated by DoS attacks
[10] Panel urges cooperation on cybersecurity

[11] Tech Pros Gather Antispam Forces  
[12] Securing Outlook, Part One: Initial Configuration
[13] Hi-tech crime threatens UK plc - survey
[14] White House threatens nuclear retailiation to attacks on U.S.
[15] Raided Firm's Software Checks Out  

[16] Web pedos crack into corporate servers
[17] Research signals safer smart cards 
[18] Security agency expects airports to meet baggage screening deadline
[19] All bugs are created equal

_

CURRENT THREAT LEVELS 
_


Electricity Sector Physical: Elevated (Yellow) 

Electricity Sector Cyber: Elevated (Yellow) 

Homeland Security Elevated (Yellow) 
DOE Security Condition: 3, modified  

NRC Security Level: III (Yellow) (3 of 5) 

_

News
_


(Pity Ron Dick is leaving NIPC as he was a good politician. He managed
to improve the risk & threat analysis section to a certain extend and
improved NIPC's relationship with other US government agencies. At least
a good man will take over who might be able to 'militarise' the Feds and
make them more efficient and cut through the bureaucratic red tape
before NIPC will be transferred to the bureaucratic monster known as
Homeland Security Department. WEN) 

[1] NIPC chief Ron Dick to retire

By DAN VERTON 
DECEMBER 09, 2002
  
WASHINGTON -- Ron Dick, the director of the FBI's National
Infrastructure Protection Center (NIPC), the cyberthreat and warning arm
of the bureau, plans to retire this month, bringing to a close a 25-year
career in law enforcement. 

Dick, who took the helm of the NIPC in March 2001 during one of the most
tumultuous times in the agency's brief history (see story), is credited
with helping the NIPC define its role and mission within a growing and
complicated federal cybsersecurity bureaucracy and amid incessant
assaults from an army of critics who often took aim at what they saw as
a lack of strategic analysis coming out of the agency. 
 
http://www.computerworld.com/securitytopics/security/story/0,10801,76538
,00.html

 

(It is scary to see that Ridge bases his faith in technology instead of
creating an intelligence czar. Technology will definitely not solve the
information sharing problem: From the economist: 'In addition to
intelligence gathering, equally in need of a shake-ups is how the
secrets are analysed. This will be harder. The trouble is that the
United States intelligence 'community' is no community at all.' See:
http://www.mail-archive.com/infocon@infowarrior.org/msg00322.html. WEN) 

[2] Ridge says intelligence czar probably unnecessary
By Shane Harris 

Tom Ridge, President Bush's choice to head the Homeland Security
Department, said on Wednesday that if the architecture of the department
is carefully crafted, an "intelligence czar" would not be necessary, but
added that the president has said the topic is "open for discussion."

Ridge said he believes technology could be sufficient to ensure that
security intelligence is distributed effectively within the government,
adding that his office is working with the FBI and CIA on such security
efforts. Ridge made the comments to a task force of state 

[INFOCON] - NIPC Daily Open Source Report for 12 December 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 12 December 2002

Daily Overview

.   The Wichita Business Journal reports SC Telecom is working on
fixing the remaining internal problems in its system after overseas
hackers (from Asia and the Middle East) broke into it.  (See item 8)

.   Reuters reports cyber crooks, trying to steal credit card
information from online auction house eBay Inc.'s 55 million users, set
up a fake Web site that mimicked the firm.  (See item 5)

.   CERT has announced Vulnerability Note VU#810921 - "Cobalt RaQ4
contains vulnerability allowing remote root compromise."  (See item 14)

.   CERT has announced Vulnerability Note VU#210409 - "Multiple FTP
clients contain directory traversal vulnerabilities."  (see item 15)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking & Finance
Transportation

Gas & Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

1.  December 11, The Japan Times online - Tepco may shut down all
its nuclear reactors.  All of the 17 nuclear reactors run by Tokyo
Electric Power Co. (Tepco), the nation's largest utility, may have to be
shut down temporarily next spring.  In addition to shutdowns for regular
checkups, Tepco needs to carry out unscheduled inspections at some
facilities following revelations it falsified reports on nuclear reactor
defects.  Tepco had planned to keep the No. 2 and No. 6 reactors running
at the Fukushima No. 1 power station, but the company recently told the
Fukushima Prefectural Government it intends to shut them down sometime
between late March and early April in response to the prefecture's call
for thorough inspections, a company official said.  But the possibility
of all reactors simultaneously being down cannot be ruled out, the
official said.  Power supply "will be in an extremely severe situation,
but we are considering (the shutdowns) because we believe our primary
task is to restore confidence," another Tepco official said.  In late
August, it was revealed Tepco had falsified safety reports and covered
up defects found during safety checks carried out in the 1980s and 1990s
at the Fukushima No. 1 and No. 2 nuclear power stations, and at the
Kashiwazaki-Kariwa Nuclear Power Station in Niigata Prefecture.  In a
related development, the House of Councilors passed two nuclear reactor
regulation bills into law Thursday, aiming to prevent reactor-facility
defects from being covered up by plant operators.  The laws have revised
the Electric Utility Law and the Nuclear Reactor Regulation Law.  They
place company inspections in the framework of law and toughen
punishments for violators.  Source:
http://www.japantimes.co.jp/cgi-bin/getarticle.pl5?nn20021212a5.htm 

2.  December 10, Chattanooga Times/Free Press - Tennessee Valley
Authority's nuclear power program makes turnaround.  Tennessee Valley
Authority's nuclear power program, rated as one of the industry's most
troubled in the 1980's, has since become one of the best performing
businesses in the state, as statewide quality group announced Monday.
"TVA now has the safest and most efficient plants in the country," said
Marie B. Williams, president of the Tennessee Quality Award group.
"With nuclear power, safety is obviously the most critical.  But TVA has
also managed to deliver more reliable power at less cost from its
nuclear plants," she said.  TVA had a different reputation in the past -
in 1985, TVA idled all five of its operating nuclear reactors when it
was unable to meet tougher federal safety standards adopted after the
1979 accident at the Three Mile Island plant in Pennsylvania.  It took
seven years before TVA could restart its oldest nuclear plant, at Browns
Ferry in Alabama.  TVA now operates five nuclear reactors at Browns
Ferry, Sequoyah and Watts Bar.  Nuclear power supplies nearly one fifth
of TVA's electricity.  Source:
http://www.energycentral.com/sections/newsroom/nr_article.cfm?id=3509489


3.  December 11, PRNewswire - Dominion Virginia Power line crews
Wednesday battled the season's second ice storm in a week, this time in
the Shenandoah Valley and Northern Virginia.  As of 4:30 p.m. Wednesday,
the storm had affected a total of about 99,000 customers and power had
been restored to all but 36,000. The company expects it may be late
Friday before all customers have their lights back on.  Staunton,
Harrisonburg, Leesburg, Herndon and Fairfax were the areas most affected
by the freezing rain and ice. Outages in Northern Virginia were expected
to increase into Wednesday night.  In anticipation of the storm, the
company staged additional line crews, contractors and tree trimmers in
the areas where the storm was projected to do the most damage. Dominion
also recalled employees that had been sent to help North Caroli

[INFOCON] - UNIRAS Brief - 440/02 -Advanced Fee Fraud (4-1-9)

[Wanja Eric Naef \(IWS\)]

-Original Message-
From: UNIRAS (UK Govt CERT) 
Sent: 10 December 2002 15:47
To: [EMAIL PROTECTED]
Subject: UNIRAS Brief - 440/02 -Advanced Fee Fraud (4-1-9)

-BEGIN PGP SIGNED MESSAGE-

-

--
   UNIRAS (UK Govt CERT) Briefing Notice - 440/02 dated 10.12.02  Time:
15:40
 UNIRAS is part of NISCC(National Infrastructure Security Co-ordination
Centre)
-

--
  UNIRAS material is also available from its website at
www.uniras.gov.uk and
 Information about NISCC is available from www.niscc.gov.uk
-

--


Title
=

Advanced Fee Fraud (4-1-9)(Update)


Detail
==

From: UNIRAS (UK Govt CERT) [[EMAIL PROTECTED]]
Sent: 08 November 2001 14:13
Subject: UNIRAS Briefing - 212/01 - Advanced Fee Fraud



UNIRAS Comment
==
UNIRAS is receiving increasing numbers of reports concerning 'advanced
fee fraud'. The following advice has been drafted with the assistance of
the National Criminal Intelligence Service(NCIS) and NHTCU.

Detail
==
The NCIS West African Organised Crime Section handles intelligence
related to West African organised criminality. Strategic intelligence
has identified that West African organised crime groups have a
significant
impact on the economy of industrialised countries all over the world.

The main activities of these groups are fraud against individuals and
companies and drug trafficking. Fraud committed by West African crime
groups
is estimated to cost the UK at least £3.5 billion a year. The most
common
type of fraud is 'advance fee'. This is known as 4-1-9 fraud after the
penal
code in Nigeria that makes it illegal. 'Black money' fraud also has a
high
profile. These groups also carry out highly organised housing, social
security and other grant frauds. The profits of these crimes are often
used to finance drug trafficking, where the same middlemen transport
drugs from source to consumer countries.

'419' Letters are distributed by post, fax and email. In a typical '419'
(advanced fee fraud) letter, the author purports to be a senior
government
or central bank official who has managed to over inflate a contract,
generating a personal profit. In return for help smuggling money out of
the
country, the recipient is offered a percentage, usually between 10% and
30%.
At first no money is requested but once a victim has been drawn in,
requests
are made for legal and administrative costs. Victims have lost hundreds
of
thousands of pounds in some cases.

DO NOT REPLY TO THESE LETTERS

NCIS has hundreds of examples of people being duped out of thousands of
pounds. Companies who have sent polite letters of refusal have their
letterheads abused.

If you do receive a 419 letter, fax, or e-mail please report it to your
local police station and ask them to forward it to the local Fraud
Squad.

For further details see www.nhtcu.org and www.ncis.co.uk/waocu.asp

The National Criminal Intelligence Service, West African Organised Crime
Section however wish to hear from any individuals who have actually lost
money as the result of these scams. All enquiries will be treated
confidentially. Please contact them directly by phone on 020 7238 8012.

- - -

-
For additional information or assistance, please contact the UNIRAS HELP
Desk by telephone or Not Protectively Marked information may be sent via
EMail to:

[EMAIL PROTECTED]
Tel: 020 7821 1330 Ext 4511
Fax: 020 7821 1686

UNIRAS material is also available from our website at www.uniras.gov.uk
- - -

-
UNIRAS wishes to acknowledge the contribution of NCIS for the
information
contained in this briefing.
- - -

-
UNIRAS shall also accept no responsibility for any errors or omissions
contained within this briefing notice. In particular, UNIRAS shall not
be
liable for any loss or damage whatsoever, arising from or in connection
with
the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams
(FIRST)
and has contacts with other international Incident Response Teams (IRTs)
in
order to foster cooperation and coordination in incident prevention, to
prompt
rapid reaction to incidents, and to promote information sharing amongst
its
members and the community at large.
- - -

-


- - -BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use 

iQCVAwUBO+qStYpao72zK539AQFUTQP+KY6+qTr3YTHzWXhxhvGaMf25tJzD6Mbv
pMbNhSlSImPdCiuKX/CZ1cO+tYUU243aImFuMUn+ZgjacHk1coKnFlI9n9EubUSG
xM6uS2ngNTQJn/j3VuCBYRf

[INFOCON] - NIPC Daily Open Source Report for 10 December 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 10 December 2002

Daily Overview

.   CERT has released Vulnerability Note VU#961489 - "University of
Washington IMAP Server vulnerable to buffer overflow after login."  (See
item 15)

.   CBS News reports United Airlines on Monday asked a federal judge
to keep the carrier airborne, while it struggles to pay off mounting
debts in the largest airline bankruptcy in history.  (See item 4)

.   The Washington Post reports radioactive material that could
potentially be used to make so-called "dirty bombs" has been seized at
border posts in Central Asia in the past 12 months.  (See item 1)

.   The Associated Press reports that beginning today, the federal
government will open parking lots at the country's biggest airports that
have been off-limits since Sept. 11, 2001, because of worries about car
bombs.  (See item 5)

.   Events continue to unfold in the Venezuelan oil and gas workers
strike as troops take over gasoline distribution plants (See Item 7) as
the strike continues to halt the country's crude and product exports
(See item 8) 

Editor's Note: Yesterday's edition contained an item about an
Information Bulletin issued by NIPC last Friday.  The reference number
for that bulletin should have been 02-011 (rather than 01-011). The URL
for the bulletin is
http://www.nipc.gov/publications/infobulletins/2002/ib02-011.htm.

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking & Finance
Transportation

Gas & Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

1.  December 9, Washington Post - U.S. concerned about nuke
smuggling in Central Asia.  Radioactive material that could potentially
be used to make so-called "dirty bombs" has been seized at border posts
in Central Asia in the past 12 months, a senior Defense Department
official said Monday.  The smuggled material, contaminated metals, was
confiscated at checkpoints along the Uzbekistan and Turkmenistan
borders, according to Harlan Strauss, director of International
Counterproliferation Programs at the Defense Department.  "It is
possible to be reprocessed and to be utilized in a way that radioactive
material can be used for a dispersal device or a small weapon to
contaminate an area," Strauss said.  Dirty bombs scatter radioactive
material using conventional explosive devices.  Over the past decade at
least 88 pounds (40 kg) of weapons-usable uranium and plutonium has been
stolen from poorly protected nuclear facilities in the former Soviet
Union, according to a report published by Stanford University's
Institute for International Studies earlier this year.  While most of
this material was subsequently retrieved, at least 4.4 pounds of highly
enriched uranium stolen from a reactor in Georgia remains missing.  The
United States has spent about $86 million to help about 30 countries,
mostly in the former Soviet Union and eastern Europe, combat the threat
of smuggling of nuclear and other metals that could be used in weapons
of mass destruction.  Source:
http://www.washingtonpost.com/wp-dyn/articles/A30485-2002Dec9.html 

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Cyber: ELEVATED
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -  http://esisac.com]

[return to top]

Banking and Finance Sector

2.  December 8, Associated Press - Israeli police, aided by the FBI,
have arrested an Israeli suspected of hacking into computers of a
U.S.-based electronics company and stealing personal information,
including credit card numbers of some 80,000 customers, according to a
court document released Sunday.  David Sternberg, 24, of the port city
of Haifa, allegedly broke into the computers of a large U.S. company
that sells CD-ROMs and DVDs.  The court document did not mention the
company's name. Source: http://online.securityfocus.com/news/1760 

3.  December 6, Associated Press - Feds: insurance helps launder
drug money.  Colombian drug cartels conceived an elaborate scheme that
converted more than $80 million in cocaine profits to clean cash by
moving money through life insurance policies, authorities said.  The use
of life insurance purchases highlights gaps in international financial
regulations intended to cripple drug money laundering in legitimate
financial transactions.  Officials said the case underscores the need
for a greater focus on stronger oversight of insurance sales to prevent
abuse.  The United States has been tightening regulations to prevent
both terrorists and traffickers from laundering money.  Source:
http://story.news.yahoo.com/news?tmpl=story&u=/ap/20021206/ap_on_bi_ge/i
nsurance_laundering_1 

[return to top]



Transportation Sector

4.  December 9, Reuters - Lufthansa ma

[INFOCON] - NIPC Daily Open Source Report for 9 Dec 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 9 Dec 2002

Daily Overview

.   The National Infrastructure Protection Center has released
Information Bulletin 01-011: "Software Firm Investigation Serves as a
General Information Security Reminder." (See item 2)

.   CERT has released Vulnerability Note VU#865833 - "Microsoft
Windows Remote Desktop Protocol (RDP) Uses Weak Algorithm for Encrypting
Packets." (see item 17)

.   The Sun-Sentinel reports that in response to the recent aircraft
near-disaster in Kenya, the Fort Lauderdale airport, like many other
airports nationwide, has restricted public viewing areas near taxiways
and runways.  (See item 4)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking & Finance
Transportation

Gas & Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

1.  December 8, Associated Press - Report: nuclear plant owner finds
flaws.  Security guards at the Indian Point nuclear plant outside of New
York City do not believe they could protect the plant from an attack,
and said there was no encouragement to raise security concerns, a
published report said Sunday.  Only 19 percent of the security officers
stated that they could adequately defend the plant after the terrorist
event of Sept. 11," said a report conducted for the plant's owner and
obtained by The New York Times.  The 33-page report also said 59 percent
of the guards described a "chilled environment" for raising security
concerns, and that 12 percent said they had suffered retaliation for
doing so.  Entergy Nuclear Northeast, the company that owns Indian
Point's two active reactors, commissioned the report in November 2001 in
response to complaints by guards made both before and after the Sept. 11
terrorists attacks.  An Entergy spokesman told The Times many of the
security concerns had been resolved since the report was completed last
January.  Source:
http://story.news.yahoo.com/news?tmpl=story&u=/ap/20021208/ap_on_re_us/i
ndian_point_1 

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Cyber: ELEVATED
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -  http://esisac.com]

[return to top]

Banking and Finance Sector

2.  December 6, NIPC - NIPC Information Bulletin 01-011.  The
National Infrastructure Protection Center has released Information
Bulletin 01-011: "Software Firm Investigation Serves as a General
Information Security Reminder."  The U.S. Attorney's Office announced
today that it searched the Massachusetts offices of Ptech Inc. in
connection with allegations relating to an ongoing financial crime
investigation.  Ptech software is used by a customer base that includes
financial services and government market segments.  In this specific
regard, two things are worth noting.  First, the U.S. Attorney's
announcement in no way alleges that Ptech's products present any
security threat.  Second, based upon information available to it, the
NIPC is not aware of any information or indication that Ptech software
contains viruses, malicious codes, or otherwise performs in an anomalous
fashion.  The NIPC is taking this opportunity to remind the public that
sophisticated cyberattack capabilities can be extremely difficult to
detect and that nothing can guarantee the complete safety of any
software.  Source:
http://www.nipc.gov/publications/infobulletins/2002/ib02-011.htm

3.  December 3, Department of the Treasury - Treasury Department
Announces Interim Guidance On Terrorism Insurance for Insurance
Industry.  The interim guidance covers several mandates of the new
terrorism insurance law, including policyholder disclosure requirements
and the requirement that insurance companies make coverage for terrorism
risk, as defined by the Act, available to their policyholders.  The
interim guidance released today follows the National Association of
Insurance Commissioners' (NAIC) release of model disclosure forms last
week.  Treasury interim guidance states that use of the NAIC's model
disclosures constitutes compliance with the Act's disclosure
requirements while noting that the model disclosures are not the
exclusive means by which insurers may comply with the Act.  Source:
http://www.treas.gov/press/releases/po3663.htm  Interim Guidance:
http://www.treas.gov/press/releases/reports/interimguide.pdf 

[return to top]

Transportation Sector

4.  December 6, Sun-Sentinel - Terrorism alert closes viewing park
at Lauderdale airport.  A small park on the west side of Fort
Lauderdale-Hollywood, Florida International Airport formerly frequented
by aviation buffs, photographers, and people who enjoy watching
airplanes has been closed after the terrorists' attempt to shoot down an
Israeli airliner with shoulder-launched missi

[INFOCON] - News 12/09/02

[Wanja Eric Naef \(IWS\)]

_

  London, Monday, December 09, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body

-

_


  
  [News Index]
  

[1] Homeland security budget boost not yet a reality
[2] DOD still working on change
[3] Exploring intuitive decision-making
[4] Feds Label Wi-Fi a Terrorist Tool  
[5] FBI seeks to link joint terrorism task forces

[6] CfP ECIW 2003
[7] Organised Net crime rising sharply - top UK cop
[8] Threat grows of cyber attack by terrorists groups
[9] Complex Networks Too Easy to Hack  
[10] Navy preps XML policy

[11] Drop that E-Book or I'll Shoot!
[12] DOD extends global net
[13] Microsoft: IE hole worse than reported
[14] Security hole exposes Tower Records
[15] Israel, FBI Find Suspected Credit Hacker

[16] Hacker 'DVD Jon' Goes on Trial  
[17] Virus Throttle a Hopeful Defense  
[18] Scientists seek revamped federal supercomputing effort
[19] .Net.uk domain granted stay of execution
[20] New cybersecurity institute to fight online crime

_

CURRENT THREAT LEVELS 
_


Electricity Sector  Physical: Elevated (Yellow) 

Electricity Sector  Cyber: Elevated (Yellow) 

Homeland Security Elevated (Yellow) 
DOE  Security Condition: 3, modified  

NRC  Security Level: III (Yellow) (3 of 5)

_

News
_


[1] Homeland security budget boost not yet a reality
By Shane Harris

A year ago, as the federal government mounted a massive homeland
security effort at the same time the commercial technology market was
collapsing, Uncle Sam became the most attractive information technology
customer in America. In February, President Bush requested $52 billion
in new IT spending for fiscal 2003. Hungry would-be federal contractors,
hoping that a hefty chunk of the money would go to purchasing
leading-edge commercial products for homeland security, set up shop
inside the Beltway.

But aside from an initial jolt of emergency funding after the Sept. 11
attacks-about $1 billion of which was spent on IT-technology spending in
2002 didn't seem to have much to do with homeland security. By and
large, agencies are only beginning to understand what they want to buy,
and are focusing on basic technologies, not the new wave of products
many companies had assumed they would purchase. Why? 

For most of 2002, agencies were preoccupied adjusting to their
post-Sept. 11 missions; some were preparing for a massive reorganization
under the proposed Homeland Security Department. Because they're
struggling just to figure out what homeland security is, they've had
less time to shop for new technologies to help them ensure it, says
George Molaski, former chief information officer of the Transportation
Department and now a consultant. 

http://www.govexec.com/dailyfed/1202/120602h2.htm 

 

(Any Information Operation needs to be based on a well developed and
tested doctrine to be really effective. Just have a look at the
development of air warfare doctrine which took a long time to mature
until it became a 'decisive weapon'. WEN)

... The notion of network-centric warfare does little to prepare
soldiers and sailors for actual combat against a real enemy, Van Riper
said. Instead of focusing on IT, he said, the services must develop new
concepts of effective military operations. "Don't put your faith in the
technology," he said after the conference, "You've got to do the
thinking first." ...

[2] DOD still working on change
BY Nancy Ferris 
Dec. 9, 2002 
  
The military is embracing the idea of network-centric warfare, but
Defense Department officials need to change their mind-sets if they want
to make it stick, according to the man who first championed the concept.

"Much of what they focus on is becoming irrelevant

[INFOCON] - NIPC "Software Firm Investigation Serves as a GeneralInformation Security Reminder"

[Wanja Eric Naef \(IWS\)]

http://www.nipc.gov/publications/infobulletins/2002/ib02-011.htm


National Infrastructure Protection Center  

"Software Firm Investigation Serves as a General Information Security
Reminder"
Information Bulletin 02-011
December 6, 2002 

NIPC Information Bulletins communicate issues that pertain to the
critical national infrastructure and are for informational purposes
only. 

The US Attorney's Office announced today that it searched the
Massachusetts offices of Ptech Inc. in connection with allegations
relating to an ongoing financial crime investigation. 

Media coverage of this issue has been strong and immediate, focused in
part on the fact that Ptech software is used by a customer base that
includes financial services and government market segments. News outlets
questioned whether the company's software might have been tampered with
for use in some nefarious purpose. In this specific regard, two things
are worth noting. First, the US Attorney's announcement in no way
alleges that Ptech's products present any security threat. Second, based
upon information available to it, the NIPC is not aware of any
information or indication that Ptech software contains viruses,
malicious codes, or otherwise performs in an anomalous fashion. 

Media and public sensitivity to this case, however, demonstrates a
greater point which is unrelated to any specific company or product.
Therefore, the NIPC is taking this opportunity to remind the public that
sophisticated cyberattack capabilities can be extremely difficult to
detect and that nothing can guarantee the complete safety of any
software. There is no substitute for the full range of information
security practices within any organization including: 

" An assessment of the value of the information assets to be protected, 

" An assessment of the likely threats, natural and man-made, to these
assets, 

" Regular analyses of the vulnerabilities of the information systems in
use, including not only the technical but also the human elements of
those systems, 

" An integrated assessment of the information security risk (threat,
vulnerabilities, and asset loss) along with a cost-effect plan to
mitigate those risks. 

The following web sites contain more information on best practices in
information security
http://www.nipc.gov/publications.htm
http://www.cert.org/
www.sans.org
www.fedcirc.gov
www.nist.gov


The NIPC encourages individuals to report information concerning
suspicious activity to their local FBI office,
http://www.fbi.gov/contact/fo/fo.htm , the NIPC, or to other appropriate
authorities. Individuals may report incidents online at
http://www.nipc.gov/incident/cirr.htm, and can reach the NIPC Watch and
Warning Unit at (202) 323-3205, Tol1 Free at 1-888-585-9078, or by email
to [EMAIL PROTECTED]






IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - Plans Being Made to Protect U.S. InformationInfrastructure

[Wanja Eric Naef \(IWS\)]

Plans Being Made to Protect U.S. Information Infrastructure
(Communications industry preparing list of recommendations) (1140)

Representatives from the U.S. communications industry are pushing a
deadline to develop a list of recommendations to ensure the safety of
the nation's information and communications infrastructure in the
event of terrorist attacks or disasters.

The Network Reliability and Interoperability Council (NRIC), chartered
by the Federal Communications Commission is set to develop a list of
"best practices" to put forth to the U.S. communications industry by
December 20.

Speaking at an NRIC session December 6, Richard C. Notebaert, council
chairman and chairman and CEO of Qwest Communications International,
said, "Today's meeting illustrates the industry commitment to work
together and share best practices in an effort to improve network
reliability and strengthen the nation's communications network against
terrorist attacks and natural disasters."

The panel is considering best practices to protect and secure both the
physical and cyber networks. FCC Chairman Michael Powell is urging
companies throughout the country to adopt the best practices
voluntarily.

Following is the text of the FCC press release.

(begin text)

NEWS

Federal Communications Commission 
December 6, 2002

HOMELAND SECURITY: COMMUNICATIONS INDUSTRY CONSIDERS MEASURES TO
PROTECT NATION'S COMMUNICATIONS SERVICES AGAINST ATTACK

Washington, D.C. - Representatives from across the communications
industry came together today to consider recommendations to protect
and strengthen the nation's communications infrastructure against
terrorist attacks or national disasters.

The measures were considered by the Network Reliability and
Interoperability Council (NRIC) VI which held its quarterly meeting
today at the FCC. NRIC is composed of representatives from the
telecommunications, cable, wireless, satellite and ISP industries.

The 56-member Council will review some 300 best practices - many of
which are currently being practiced by industry members - for
widespread adoption and implementation across the industry. Best
practices range from increasing physical security at communications
facilities to process changes and training to increased protection of
proprietary information. NRIC members have until December 20, 2002 to
vote on recommendations to the industry that these best practices
voluntarily be implemented.

FCC Chairman Michael Powell said, "Homeland Security is a critical
issue that touches every consumer in America. People want to know that
in an emergency their calls will go through and they can reach loved
ones. Every bit as important, our nation's communications network must
be secure and protected to ensure that public safety, health, and law
enforcement officials are able to respond and ensure the flow of
information."

Richard C. Notebaert, NRIC chairman and chairman and CEO of Qwest
Communications International, said, "Today's meeting illustrates the
industry commitment to work together and share best practices in an
effort to improve network reliability and strengthen the nation's
communications network against terrorist attacks and natural
disasters."

"The telecommunications industry has taken a leadership role in
proactively identifying and protecting our nation's communications
infrastructure. Many of the best practices we have heard today are
actively being implemented by many companies. I strongly urge the
industry to adopt as many of these Best Practices as appropriate to
ensure the protection and reliability of our nation's communications
system," Powell continued.

In developing its best practices, NRIC's Physical Security Focus
Group, led by Karl Rauscher, director, network reliability office,
Lucent Technologies Bell Labs, and NRIC's Cyber Security Focus Group,
led by Dr. Bill Hancock, vice president, Cable & Wireless, underwent a
rigorous process that included a detailed vulnerability and threat
assessment and identified the best practices currently in use by the
industry to take necessary steps to improve security and mitigate
associated risks.

The items considered today include:

Best Practices for Securing the Physical Network: 

--Technology. Best practices for the application of new technologies
to better mitigate the effects of an attack.

--Access Controls. Best practices for access control methods and
procedures to help ensure that unauthorized personnel do not have
access to critical network infrastructures. Best practices include the
development of formal procedures for assigning facility access and
constructing physical barriers to prevent vehicular and pedestrian
"tailgating," electronic surveillance at critical access points and
changes to landscaping and outdoor lighting.

--Personnel. Best practices for security procedures and associated
training including recognizing and reporting suspicious items and
handling of proprietary information.

--Design and Construction. Best practices

[INFOCON] - NCIX: "week of action against warmongering"

[Wanja Eric Naef \(IWS\)]

-Original Message-
Sent: 06 December 2002 20:41
Subject: NCIX WEB SITE UPDATE ADVISORY #24-2002

Dear Friends and Colleagues: 

According to the Federal Bureau of Investigation (FBI), a loose network
of antiwar groups is planning a "week of action against warmongering" to
occur December 15 - 21, 2002.  Organizers, who have expressed strong
opposition to possible U.S. military action against Iraq, are advocating
"explicit and direct attack upon the war machine," and have called for
attacks on the headquarter facilities and other assets of oil companies
and defense contractors, singling out Boeing and Lockheed Martin. 
Department of Defense (DoD) assets also represent potential targets for
attack.  Organizers have referenced an October 14, 2002 incident in San
Jose, California, in which DoD recruiting offices were damaged and a DoD
recruiting van was set on fire.   Activists may also target major media
companies by "sanitizing" newspaper vending machines, jamming or
hijacking radio and television signals, or attacking broadcast towers
and damaging equipment. 
Potential victims should be alert to any suspicious activities that may
be associated with this week-long protest. 

Information regarding potential threats should be reported to local law
enforcement and the nearest FBI Joint Terrorism Task Force. 






IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - NIPC Daily Open Source Report for 6 December 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 6 December 2002

Daily Overview

.   The Transportation Safety Administration reports that the
Explosives Detection Canine Team Program will play an important role in
helping it to meet the Dec. 31 deadline for screening all baggage for
explosives.  (See item 3)

.   CERT has released Vulnerability Note VU#683673 in which the Sun
Solaris priocntl(2) function could allow a local attacker to execute
arbitrary code with superuser privileges on a vulnerable system.  (See
item 11)

.   Microsoft has released "Security Bulletin MS02-067: E-mail
header processing flaw could cause Outlook 2002 to fail (Moderate)," and
recommends a patch be installed.  (See item 12)

.   Houses in Clayton County, GA will be outfitted with a device to
prevent contaminated water from entering the county's water system.
(See item 7)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking & Finance
Transportation

Gas & Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

1.  December 4, Bloomberg News - Northeast U.S. electricity prices
rise as cold spurs demand.  Electricity prices in parts of the U.S.
Northeast rose for a third day as freezing weather continued to increase
demand for power to run heaters.  Heating demand in the Northeast will
be 22 percent above normal for this time of year tomorrow, said Weather
Derivatives of Belton, Missouri.  "The cold weather is driving prices
higher than I expected," said Terreck Yennes, a trader at APB Energy in
Louisville, Kentucky.  Source:
http://hsweb01.screamingmedia.com/PMA/pma_newsarticle1_national.htm?SMDO
CID=Bloomberg_2002_12_04_1039046959146&SMContentSet=0

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Cyber: ELEVATED
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -  http://esisac.com]

[return to top]

Banking and Finance Sector

2.  December 3, Federal Reserve Board - The Federal Reserve Board
announced revisions to its policy and procedures for sponsoring
private-sector organizations under federal programs that provide
priority telecommunications services to entities that are important to
national security and emergency preparedness.  The Board believes these
programs, which are administered by the National Communications System
(NCS), will help facilitate the operation and liquidity of banks and the
stability of financial markets, particularly during periods of
substantial operational disruptions.  Source:
http://www.federalreserve.gov/boarddocs/press/other/2002/20021203/defaul
t.htm  Notice:
http://www.federalreserve.gov/boarddocs/press/other/2002/20021203/attach
ment.pdf 

[return to top]

Transportation Sector

3.  December 5, Transportation Safety Administration - Canine teams
to help TSA meet Dec. 31 deadline.  The rapidly-expanding Explosives
Detection Canine Team Program will play an important role in the
Transportation Security Administration (TSA) being able to meet a Dec.
31 deadline for screening all baggage for explosives, TSA officials said
today as they demonstrated the expertise of dogs and their handlers.
The media demonstration was held at the TSA Explosives Detection Canine
Handler Course at Lackland Air Force Base, San Antonio, TX, where each
dog-handler team undergoes 11 weeks of intensive training.
Transportation Secretary Norman Y. Mineta has specifically cited the use
of explosives detection canine teams as one of the security screening
methods that will be used in order to meet the Dec. 31 deadline mandated
by Congress.  The canine program was started in 1972 after a
bomb-sniffing dog named Brandy found an explosive device on a plane that
had been returned to John F. Kennedy International Airport in New York
and was evacuated.  The bomb was found just 12 minutes before it was to
detonate.  The TSA pays to train the dogs, primarily sporting breeds
such as Labrador, Chesapeake Bay and Golden retrievers, trains the
handlers, partially reimburses airports for the cost of maintaining the
teams, and provides oversight and support to the program at each
location.  Source:
http://www.tsa.dot.gov/public/display?theme=44&content=437  

4.  December 5, Washington Post - United's loan request rejected.
The federal government yesterday denied United Airlines' application for
a $1.8 billion loan guarantee, all but ensuring that the nation's
second-largest airline will have to file for bankruptcy protection.  The
Air Transportation Stabilization Board ruled that United's business plan
"was not financially sound" and would "pose an unacceptably high risk to
U.S. taxpayers."  After the Sept 11 attacks, Congress approved a $15
billion airline-industry assistance package, including $10 billion in
loan guara

[INFOCON] - News 12/06/02

[Wanja Eric Naef \(IWS\)]

_

  London, Friday, December 06, 2002  
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body

-

_


  
  [News Index]
  

[1] An electronic Maginot Line
[2] Government shows Sklyarov video in court
[3] Does Cybercrime Still Pay?
[4] Travel sector's poor security exposed it to hacking risks
[5] I shut radio site, boasts teen hacker

[6] PGP Lifts Its Hood
[7] Cyber hype
[8] 'Mangled mess of trees and power lines'
[9] Trouble With Trojans
[10] Agencies focus on better cargo security to fight terrorism

[11] New technologies key to Defense transformation, says official 
[12] Investors suppress tech wreck memories
[13] Arguments heard over file-swapping
[14] Lagel worm wipes files
[15] Defense to influence tech industry to develop systems useful to
military

[16] Bill pushes security, but no money so far
[17] Final curtain for Aussie hacker site
[18] Bush signs Webcast Act
[19] Integrated IT network in new agency worth expense
[20] UK still vulnerable to hackers

[21] Al Qaeda Web site targets Israel




CURRENT THREAT LEVELS 
_


Electricity Sector Physical: Elevated (Yellow) 

Electricity Sector Cyber: Elevated (Yellow) 

Homeland Security Elevated (Yellow) 

DOE Security Condition: 3, modified  

NRC Security Level: III (Yellow) (3 of 5) 

_

News
_

(Partial FUD with a nice title which I think is unintentionally ironic.
Someone within Rep. Sherwood Boehlert press staff should have done a bit
more research before publishing the article. For example, CIAO was
awarded a new name Computer Information Assurance Organization
(www.ciao.gov). But back to the title, the French build the Maginot line
between 1929 and 1940 to slow down & stop potential German attacks,
which was a sound idea, but unfortunately they left a massive
'backdoor'. So the Nazis just bypassed the line which made entire line
rather useless. Hence I would never expect too much from an 'electronic
Maginot Line'. WEN)

[1] An electronic Maginot Line

Cyber security legislation a necessity

By Sherwood Boehlert 

Recent reports of two individuals using a few computer keystrokes to
steal the financial identities of 30,000 Americans point up a growing
weakness in the U.S. - cybersecurity. And in the hands of a terrorist,
the damage wrought by computers could be far worse than identity theft.
Although the issue has not received much attention in the media,
Congress has taken some key steps in the past year to counter the
emerging cyberterrorist threat. 

Cyberterrorism may sound like the stuff of science fiction or like a
minor inconvenience, but it is neither. In a world in which our
telecommunications and financial systems, our business transactions, our
electric and water utilities and our emergency response systems all rely
on computer networks, a focused cyberattack could wreak havoc and
threaten lives. It is not an exaggeration to say that the day-to-day
functioning of our society is only as secure as the most vulnerable
computer terminal with access to the Internet.

And those terminals are vulnerable. In addition to the recent identify
thefts, in the first half of 2002, there were 43,136 reported computer
break-ins - more than double the number reported in all of the year
2000, according to the Computer Emergency Response Team, a federally
funded group at Carnegie-Mellon University that acts as central
repository for break-in reports. The group defines break-in
conservatively, so each reported incident may affect thousands of
computers. Even more troubling was the recent concerted attack on the
servers that run the Internet - a sophisticated effort that originated
overseas. 

http://www.house.gov/science/press/107/boehlert.htm
http://www.house.gov/science/press/107/boehl

[INFOCON] - UNIRAS Brief - 433/02 - Microsoft - Cumulative Patchfor Internet Explorer

[Wanja Eric Naef \(IWS\)]

-Original Message-
From: UNIRAS (UK Govt CERT) [mailto:[EMAIL PROTECTED]] 
Sent: 05 December 2002 10:08
To: [EMAIL PROTECTED]
Subject: UNIRAS Brief - 433/02 - Microsoft - Cumulative Patch for
Internet Explorer 

-BEGIN PGP SIGNED MESSAGE-

-

--
   UNIRAS (UK Govt CERT) Briefing Notice - 433/02 dated 05.12.02  Time:
10:10
 UNIRAS is part of NISCC(National Infrastructure Security Co-ordination
Centre)
-

-- 
  UNIRAS material is also available from its website at
www.uniras.gov.uk and
 Information about NISCC is available from www.niscc.gov.uk
-

--

Title
=

Microsoft Security Bulletin - MS02-068:

Cumulative Patch for Internet Explorer 

Detail
== 

- -BEGIN PGP SIGNED MESSAGE-

- -
--
Title:  Cumulative Patch for Internet Explorer (Q324929)
Date:   04 December 2002
Software:   Microsoft(r) Internet Explorer
Impact: Information Disclosure
Max Risk:   Moderate
Bulletin:   MS02-068

Microsoft encourages customers to review the Security Bulletins at: 
http://www.microsoft.com/security/security_bulletins/MS02-068.asp
http://www.microsoft.com/technet/security/bulletin/MS02-068.asp.
- -
--

Issue:
==
This is a cumulative patch for Internet Explorer 5.5 and 6.0. In 
addition to including the functionality of all previously released 
patches for Internet Explorer 5.5 and 6.0, it also eliminates a 
newly discovered flaw in Internet Explorer's cross-domain security 
model. This flaw occurs because the security checks that Internet 
Explorer carries out when particular object caching techniques are 
used in web pages are incomplete. This could have the effect of 
allowing a website in one domain to access information in another, 
including the user's local system.

Exploiting the vulnerability could enable an attacker to read, but 
not change, any file on the user's local computer. In addition, the 
attacker could invoke an executable that was already present on the 
local system. The attacker would need to know the exact location of 
the executable, and would not be able to pass parameters to it. 
Microsoft is not aware of any executable that ships by default as 
part of Windows and, when run without parameters, could be 
dangerous. 

An attacker could exploit the vulnerability by constructing a web 
page that uses a cached programming technique, and could then 
either host it on a web site or send it to a user via email. In the 
case of the web-based attack vector the page could be automatically 
opened when a user visited the site In the case of the HTML mail-
based attack vector, the page could be opened when the recipient 
opened the mail or viewed it using the Preview pane.

Mitigating Factors:

- - -Internet Explorer 5.01 is not affected by this vulnerability. 
- - -The web-based attack scenario would provide no way for the 
 attacker to force users to visit the site. Instead, the attacker 
 would need to lure them there, typically by getting them to click 
 on a link that would take them to the attacker's site. 
- - -The HTML mail-based attack scenario would be blocked by Outlook 
 Express 6.0 and Outlook 2002 in their default configurations, and 
 by Outlook 98 and 2000 if used in conjunction with the Outlook 
 Email Security Update. 
- - -The vulnerability would allow an attacker to read but not add, 
 delete or modify files on the user's local system. 
- - -The attacker would need to know the name and location of any file 
 on the system to successfully invoke it. If invoked, there would be 
 no way for an attacker to pass parameters to that executable. 
- - -This vulnerability does not provide any way for an attacker to put 
 a program of their choice onto another user's system.

Risk Rating:


Moderate

Patch Availability:
===
 - A patch is available to fix this vulnerability. Please read the 
   Security Bulletin at
   http://www.microsoft.com/technet/security/bulletin/ms02-068.asp
   for information on obtaining this patch.

- -
-

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS 
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS 
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE 
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE 
FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, 
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF 
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE 
POSSIBILITY OF

[INFOCON] - NIPC Daily Open Source Report for 5 December 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 5 December 2002

Daily Overview

.   CERT announces Vulnerability Note VU#140977: SSH Secure Shell
for Workstations contains a buffer overflow in URL handling feature that
may allow an attacker to execute arbitrary code.  (See item 9)

.   CERT announces Vulnerability Note VU#740169: Cyrus IMAP Server
contains a buffer overflow vulnerability that may allow a remote
attacker to execute arbitrary code on the mail server.  (See item 10)

.   Business Wire reports that in a recent strategic simulation of a
terror attack designed to assess America's vulnerability through its
ports, business and government leaders found that such an attack could
potentially cripple global trade and have a devastating impact on the
nation's economy.  (See item 2)

.   CBS reports a huge, fast-moving storm has spread ice and snow
from the Texas Panhandle to Virginia, making highways slippery and
knocking out power to thousands of customers, and is expected to dump
heavy snow and ice tomorrow in Washington, D.C., Philadelphia, and New
England.  (See item 11)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking & Finance
Transportation

Gas & Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

1.  December 4, Associated Press - Governor extends National Guard
security at nuclear plants until March.  Pennsylvania Gov. Mark
Schweiker said the National Guard and state police will patrol the
state's five nuclear power plants at least until March 2003.  In a
November 2001 disaster emergency proclamation, Schweiker directed the
National Guard to join state police at the plants.  On Tuesday,
Schweiker for the fifth time extended the proclamation, which had been
set to expire this week.  Source:
http://pennlive.com/newsflash/pa/index.ssf?/newsflash/get_story.ssf?/cgi
-free/getstory_ssf.cgi?d0741_BC_PA-BRF--NuclearSecuri&&news&newsflash-pe
nnsylvania 

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Cyber: ELEVATED
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -  http://esisac.com]

[return to top]

Banking and Finance Sector

Nothing to report.

[return to top]

Transportation Sector

2.  December 4, Business Wire - Wargame reveals that threats to port
security call for integrated public/private action.  In a strategic
simulation of a terror attack designed to thoroughly assess America's
vulnerability through its ports, a group of business and government
leaders found that such an attack could potentially cripple global trade
and have a devastating impact on the nation's economy.  The group
focused on ways to improve detection before a weapon gets to a U.S.
port, as well as help businesses to build resiliency into their
operations.  The two-day Port Security Wargame took place October 2-3,
2002 in Washington, D.C., with 85 leaders from a range of government and
industry organizations, who have a critical stake in port security.  The
results of the wargame revealed that at current preparedness levels, a
"dirty bomb" attack through the ports could cost U.S. businesses as much
as $58 billion.  Source: http://biz.yahoo.com/bw/021204/42263_1.html 

3.  December 2, Vancouver Sun - Canadian Coast Guard reports vast
security gaps.  The Canadian Coast Guard is unable to adequately protect
Canada's coastlines from terrorists, says Coast Guard Commissioner John
Adams.  The CCG, which acts as the country's coastal eyes and ears
through a series of radar stations and at-sea surveillance, relies
largely on an honor system to obtain information on the whereabouts of
incoming vessels.  So the coast guard knows of vessels in Canadian
waters only "if they want us to know," according to Adams.  Adams' blunt
assessment echoes the conclusions of a Senate report in September that
said Canada's coastlines are vulnerable to terrorists and their weapons
of mass destruction.  While the coast guard has the ability to track
suspicious boats near busy waterways, its hands are tied in areas such
as the central and northern British Columbia coast where there is no
radar capability.  Until this year, the Prince Rupert, B.C. station
tracked vessels using a Second World War-style table map over which
little wooden boats were moved around manually.  Adams painted a grim
picture of the coast guard's state, saying the service still can do its
job but needs a $400-million infusion in the next three to five years
just to renew an aging fleet of vessels. Source:
http://www.nationalpost.com/search/site/story.asp?id=44830E03-754B-47D8-
982F-8963219D538C

[return to top]

Gas and Oil Sector

Nothing to report.

[return to top]

Telecommunications Sector

Nothing to report.

[return to top]

Food Sector

4.  Decemb

[INFOCON] - NIPC Daily Open Source Report for 4 December 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 4 December 2002

Daily Overview

.   The Washington Post reports the nature of identity theft has
changed and today is more likely to come from insiders going after a
massive amount of information rather than a thief stealing an
individual's wallet.  (See item 2)

.   NEPA News reports that Carnegie Mellon University and the
University of Pittsburgh are freely providing software to health
organizations to assist in the early warning of a bioterrorist attack.
(See item 16)

.   The Land & Livestock Post reports that Texas A&M University has
published an internet website to assist meat and poultry processors
quickly find information on food safety.  (See item 7)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking & Finance
Transportation

Gas & Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

1.  December 3, Platts Global Energy - Outage cuts UK-France flows
by 500MW until Dec 10.  A problem with a transformer is likely to cut
capacity transfer on the UK-France power link by 500MW in both
directions until Dec 10 at the earliest, a spokesman for UK transmission
system operator National Grid said Tuesday.  The problem with the
transformer at Sellindge converter station in Kent, on the UK side of
the link, occurred in the early hours of Monday morning, he said.  The
"best guess" of link operators National Grid and French transmission
system operator RTE was that it will return to its full capacity
transfer level of 2,000MW on or around Dec 10, he said.  The grid
operators were investigating the problem with the transformer, he said.
Source: www.platts.com/stories/electricpower3.html 

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Cyber: ELEVATED
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -  http://esisac.com]

[return to top]

Banking and Finance Sector

2.  December 3, Washington Post - Identity theft more often an
inside job.  The nature of identity theft has changed and the threat
today is more likely than ever to come from insiders - employees with
access to large financial databases who can loot personal accounts -
than from a thief stealing a wallet or pilfering your mail.  Banks,
companies that take credit cards and credit-rating bureaus themselves
don't do enough to protect consumers, critics say.  Law enforcement
experts now estimate that half of all such cases come from thefts of
business databanks as more and more information is stored in computers
that aren't properly safeguarded.  "There is a shift by identity thieves
from going after single individuals to going after a mass amount of
information," said Joanna Crane, identity-fraud program manager at the
Federal Trade Commission. "There's an awful lot of bribery of insiders
going on."  Source:
http://www.washingtonpost.com/wp-dyn/articles/A1026-2002Dec2.html 

[return to top]

Transportation Sector

3.  December 3, U.S. Customs Service - Customs announces CSI
deployment at Le Havre.  U.S. Customs Commissioner Robert C. Bonner
announced Tuesday the deployment of four U.S. Customs officers to the
French port of Le Havre, marking the latest step in the agency's
Container Security Initiative (CSI).  CSI is designed to prevent
terrorists from infiltrating the world's sea cargo environment by
improving security at key seaports worldwide.  To date, nine countries
have agreed to participate with U.S. Customs under CSI.  These
agreements cover 15 ports, all among the top 20 ports that handle
shipments bound for the United States.  Source:
http://www.customs.ustreas.gov/hot-new/pressrel/2002/1203-00.htm 

4.  December 1, Dallas Morning News - International shipping
vehicles vulnerable to terrorist attacks.  With al-Qaeda stepping up its
sporadic attacks on western targets, there is a consensus among
terrorism experts that international shipping is increasingly vulnerable
to extreme tactics.  The risk extends beyond the big, obvious targets to
the thousands of ferryboats that move cars, cargo and commuters from
port to port, often with minimal security, in the United States and
Europe.  Steven Flynn, a former U.S. Coast Guard commander who is now a
senior fellow with the Council on Foreign Relations, contends that one
serious incident involving containers brought into the United States by
ship would prompt the public to demand the entire system be shut down,
crippling global commerce.  The impact of a shipping shutdown would be
disastrous for the U.S. economy, Flynn said.  While U.S.
counter-terrorism officials grapple with this potential hazard, their
European counterparts have imposed high security alerts in recent months
because of intelligence indicating that terrorists plan to targ

[INFOCON] - News 12/04/02

[Wanja Eric Naef \(IWS\)]

_

  London, Wednesday, December 04, 2002  
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body

-

_


  
  [News Index]
  

[1] Homeland defense commander stresses 'need to share' information
[2] Homeland agency charged with outreach
[3] PGP goes back to its roots
[4] Virus payloads bigger, nastier
[5] Barbarians at the Gate: An Introduction to Distributed Denial of
Service Attacks

[6] NetNames cock-up blamed for eBay detagging
[7] Iowa governor dismisses CIO
[8] OMB finds security leverage
[9] GSA's center of activity
[10] Cautionary tales

[11] Does Research Support Dumping Linux?
[12] E-government bill wins praise from tech officials
[13] Infiltrating agency ops
[14] New opportunities for NIST
[15] Traveler smart card poses security concerns

[16] Wennergren named Navy CIO
[17] ISS Goes Public With Vulnerability Disclosure Guidelines
[18] Firewalls face next challenge
[19] Vendors complete tougher ICSA 4.0 firewall tests

_

CURRENT THREAT LEVELS 
_

Electricity Sector Physical: Elevated (Yellow) 

Electricity Sector Cyber: Elevated (Yellow) 

Homeland Security Elevated (Yellow) 
DOE Security Condition: 3, modified  

NRC Security Level: III (Yellow) (3 of 5) 

_

News
_


[1] Homeland defense commander stresses 'need to share' information
By Molly M. Peterson, National Journal's Technology Daily 

Officials at the newly established U.S. Northern Command may have to
consider abandoning the military's traditional system for classifying
information as they build crucial lines of communication with federal,
state and local homeland security agencies, the Northern Command's chief
information officer said recently.

Speaking to reporters at a homeland security summit late last month,
Maj. Gen. Dale Meyerrose said inter-agency information sharing is a
"blossoming requirement" for the Northern Command, which is
headquartered at Peterson Air Force Base in Colorado Springs, Colo. The
command is charged with consolidating the military's homeland defense
and civil-support missions. 

The Defense Department's current classification system allows military
offices to share information on a need-to-know basis, and requires
security clearances and background checks for access to information with
such labels as "top secret" and "classified." But Meyerrose said that
system could hinder the Northern Command's ability to share real-time
information with civilian agencies that classify their information
differently. 

http://www.govexec.com/dailyfed/1202/120302td1.htm

 

[2] Homeland agency charged with outreach
Security strategy at risk if coordination fails
BY Diane Frank, Megan Lisagor and Dibya Sarkar 
Dec. 2, 2002 

When President Bush signed the Homeland Security Department into law
last week, he triggered activity on two fronts.

Internally is the much-publicized effort to bring 170,000 employees from
nearly two dozen agencies into a single department, if only virtually.

Externally is the often overlooked effort to coordinate the department's
work with a multitude of organizations across state and local government
and the private sector. This second front, many observers say, is
equally vital - and equally at risk for failure.

http://www.fcw.com/fcw/articles/2002/1202/news-home-12-02-02.asp 

 

[3] PGP goes back to its roots
By ComputerWire
Posted: 04/12/2002 at 10:03 GMT
 
PGP Corp this week delivered its first set of product upgrades since the
company was spun out of Network Associates Inc this August, and
delivered on its promise to publish the source code to the pioneering
cryptography software, writes Kevin Murphy. 

PGP

[INFOCON] - NIPC Daily Open Source Report for 2 December 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 2 December 2002

Daily Overview

.   CNN reports the U.S. Transportation Security Administration has
warned airports to review their missile attack measures after Thursday's
attempt to shoot down a passenger plane in Kenya.  (See item 4)

.   The Sacramento Bee reports Lawrence Livermore National
Laboratory is developing a process to measure substances normally
occurring in the air to provide a control for systems that monitor
biological agents.  (See item 14)

.   The Huntsville Times reports Tanner, Alabama has a new water
treatment plant that filters viruses, one of only 100 such facilities
worldwide.  (See item 8)

.   The GAO has published a report which recommends changes to the
manner in which data regarding terrorism funding is collected and
reported.  (See item 9)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking & Finance
Transportation

Gas & Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

1.  November 29, Platts Energy News - Explosion at Germany's
Brunsbuttel nuke generator.  There was an explosion at the Brunsbuttel
nuclear power plant in northern Germany on Wednesday evening, a
spokesman for the energy ministry of Schleswig-Holstein said Friday.
The 806MW reactor is currently offline following a safety incident last
December.  The explosion happened in a generator in the non-nuclear
party of the plant.  No one was injured.  The extent of the damage is
not yet known, but the spokesman said Brunsbuttel was likely to remain
offline longer than anticipated as a result of the generator fault.  The
explosion happened when the explosive gases condensed and then exploded,
and the BKA (German federal crime office) is investigating.  Brunsbuttel
has been offline since Feb 18, 2002, shut down in order to probe
circumstances surrounding a radioactive leak on Dec 14, 2001.  Source:
http://www.platts.com/archives/94003.htm 

2.  November 26, Fortune Magazine - Power failure: massive debt
burdens the energy industry.  In the past several years of boom and
expansion, power companies borrowed approximately $600 billion; some of
which was used in speculative trading operations, but most went to buy
other power companies or build natural-gas power plants.  About $90
billion of this debt must be repaid or renegotiated by 2006.  Few
companies are able to repay this - the collapse of energy trading has
put them in a cash crunch, and several are close to bankruptcy.  In
addition, the overbuilding has lowered cost of energy and the economic
downturn has meant that the country is not using as much power as
expected.  As a result, power prices are severely depressed.  Possible
buyers, should bankruptcy occur, are buyout firms, financial investors,
and European utilities.  Also, various local utility companies, bought
out in the 1990s, may opt to buy some of the assets.  Source:
http://www.energycentral.com/sections/newsroom/nr_article.cfm?id=3482610


Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Cyber: ELEVATED
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -  http://esisac.com]

[return to top]

Banking and Finance Sector

3.  November 27, Associated Press - New York bank pleads guilty to
charges.  Broadway National Bank pleaded guilty to three felony charges
of not reporting suspicious banking activity between 1996 and 1998, and
will pay a $4 million fine.  Authorities said the case marked the first
prosecution of a bank for failing to establish an anti-money laundering
program and failing to file required "suspicious activity reports."
U.S. Customs Special Agent Nelson Chen said $123 million was illegally
moved through the bank - most of it the proceeds of drug trafficking -
after some criminal organizations learned Broadway was not following
proper procedures.  Source:
http://story.news.yahoo.com/news?tmpl=story&u=/ap/20021127/ap_on_bi_ge/b
ank_plea_3  

[return to top]

Transportation Sector

4.  December 1, CNN - Airports asked to review missile attack
measures.  After Thursday's attempted missile attack on a passenger
plane in Kenya, the U.S. Transportation Security Administration (TSA)
asked officials at U.S. airports to review measures to protect against
similar attacks.  TSA spokesman Robert Johnson told CNN Saturday that
the TSA notification went to all federal security directors (TSA
employees who direct security at airports), who were then to notify
security at individual airports.  Unknown attackers launched two
shoulder-fired missiles at an Israeli charter flight as the Boeing 757
was taking off from Mombasa airport.  The missiles missed their target
and authorities later found two launchers and two unused missiles near
the 

[INFOCON] - News 12/02/02

[Wanja Eric Naef \(IWS\)]

_

  London, Monday, December 02, 2002  
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body

-

_

  
[CURRENT THREAT LEVELS]
  

Electricity Sector Physical: Elevated (Yellow) 

Electricity Sector Cyber: Elevated (Yellow) 

Homeland Security Elevated (Yellow) 
DOE Security Condition: 3, modified  

NRC Security Level: III (Yellow) (3 of 5) 


  
  [News Index]
  

[1] B2-ORM Mailing List
[2] Homeland department could transform tech industry
[3] Pentagon distributes software for modeling effects of attacks
[4] Schneier: No "magic security dust"
[5] Total Info System Totally Touchy  

[6] Lax Security: ID Theft Made Easy  
[7] Net security: Steady as she goes
[8] Cisco backtracks on security functionality
[9] S Koreans launch cyber attack on US over schoolgirls' deaths
[10] Ten more tips for safe xmas e-tail

[11] Intercepts
[12] Computer virus insults victims
[13] The Insecurity of Computer Security
[14] Tech industry speculates about candidates for security jobs
[15] WLAN security is still work in progress

[16] Irish ISP blocks web site over dispute
[17] Bugbear remains top virus threat
[18] 'Critical' MS server flaw may affect few sites
[19] First hackers sighted in high speed mobile phone arena

_

News
_


[1] B2-ORM Mailing List

is an international email user group focused on the sharing of
information on the implementation of Basel II compliant Operational Risk
Management solutions in the Financial Services industry.

Why not join today? Simply send an email to :

mailto:[EMAIL PROTECTED]

The next three years will place enormous strain on the resources of
Operational Risk staff in the worlds Financial Services organisations.
Why not learn from others and share information?  Good practice guides,
white papers and other essential information may be found on the groups
web site and downloaded to your own system.

Topics to be discussed include:

Business Continuity Management (new International Standard)
The role of Information Security, Audit and Compliance
Interfaces with Outsource and other service providers.
Six Sigma errors and defects management
Money Laundering and Fraud Risk
Interfaces to Credit and Market Risk

 

[2] Homeland department could transform tech industry
By William New, National Journal's Technology Daily 

The creation of a Homeland Security Department may presage more than
better domestic security. It could mark the transformation of the
technology industry from an economically flat maker of consumer-oriented
products into a thriving, but more secretive, machine that creates
security-oriented products and services. 

"The homeland security opportunity [for tech companies] is unprecedented
in the civilian side of government," said Bruce McConnell, a
Washington-based technology consultant. "The art form is to build
relationships early on with the most influential component agencies ...
who will define the architecture for years to come. 

President Bush signed the legislation, H.R. 5005, on Nov. 25. It will
take effect in 60 days, but fundamental questions such as funding
remain. New jobs in the department also must be filled and congressional
oversight of the Cabinet-level agency defined. 

http://www.govexec.com/dailyfed/1102/112702td1.htm

 

[3] Pentagon distributes software for modeling effects of attacks
By Bryan Bender, Global Security Newswire 

The Defense Department has licensed to a few select nongovernmental
organizations previously unavailable software that can model the effects
of releases of nuclear, chemical, biological or radiological weapons and
materials. 

The Heritage Foundation, Nat

[INFOCON] - NIPC Daily Open Source Report for 3 December 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 3 December 2002

Daily Overview

.   CNN reports a statement attributed to al-Qaeda claimed
responsibility Monday for last week's terrorist attacks on Israeli
targets in Kenya.  (See item 13)

.   IDG.net reports President George W. Bush signed the Cyber
Security Research and Development Act into law on Wednesday, providing
$880 million to fund a variety of IT-security based programs.  (See item
11)

.   CNN reports the Carnival cruise ship Fascination returned from a
three-day sail Monday carrying more than seven dozen people who had
contracted a gastrointestinal virus; this is possibly the third
Norwalk-related cruise cancellation from a Florida port in recent weeks.
(See item 14)

.   ABC news reports South Korean activists have attacked the White
House computer server with electronic mail bombs to protest the
acquittal of two U.S. soldiers accused of killing two schoolgirls in a
road accident.  (See item 12)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking & Finance
Transportation

Gas & Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

1.  December 2, Platts Global Energy - Switzerland changes nuke
liability regulation after 9/11.  Switzerland has changed the country's
nuclear energy liability regulations, and has increased the government's
liability in case of terrorism attacks on nuclear power plants.  Under
the new regulation, the government is liable for SFr500-mil to SFr1-bil
($741-mil to $1.483-bil), the Swiss government said in a statement.
After the events of Sep 11, 2001, private insurance companies have
reduced their liability to SFr500-mil for attacks on nuclear power
plants.  To cover the cost, operators of nuclear power plants in
Switzerland have to swallow a hike of 12.7% in their insurance premiums.
Source: http://www.platts.com/archives/94036.html 

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Cyber: ELEVATED
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -  http://esisac.com]

[return to top]

Banking and Finance Sector

Nothing to report.

[return to top]

Transportation Sector

2.  December 2, U.S. Customs Service - U.S. Customs 24-hour rule
begins Monday.  U.S. Customs Commissioner Robert C. Bonner announced
Monday that the new 24-hour rule requiring advance cargo manifests from
sea carriers goes into effect on Monday, December 2.  Under the new
rule, Customs will grant sea carriers a 60-day grace period to fully
implement the program.  "Over the next two months we strongly encourage
rapidly increasing compliance by all parties that are required to take
action under the regulation.  By quickly implementing the '24-hour
rule,' we can together do a better job of protecting the American people
and the global trading system as a whole," said Commissioner Bonner.
"Customs will continue to provide many types of assistance at both the
local (port) level and at the Headquarters level, to assist companies in
the operational transition to the new procedures.  Knowing the contents
of a container before it is loaded onto a ship bound for the U.S. is a
critical part of our efforts to guard against the terrorist threat."
Source: http://www.customs.ustreas.gov/hot-new/pressrel/2002/1202-00.htm

3.  December 2, Federal Computer Week - TSA preps smart ID pilot
programs.  The Transportation Security Administration (TSA) is ramping
up its smart card-based programs designed to put identification into the
hands of transportation workers nationwide and allow frequent travelers
to get through airports quickly.  TSA is preparing to launch two
regional pilot projects for its Transportation Worker Identification
Credential (TWIC) System that will provide workers at airports, ports,
railways and other locations with secure access to buildings and
systems.  TWIC is "a system of information systems," said Elaine
Charney, TSA's TWIC program manager.  The goal is to produce an
integrated system that can support one identification card, which then
can be used across all transportation industries, she said.  TSA
officials will soon begin the three-month planning phase of the TWIC
pilot project in the Philadelphia/Wilmington, Del., region, Charney
said, and soon after will begin the planning phase for the Los
Angeles/Long Beach, Calif., region pilot project.   Source:
http://www.fcw.com/fcw/articles/2002/1202/news-tsa-12-02-02.asp 

4.  December 1, Houston Chronicle (Texas) - Port security a concern
despite recent upgrades.  The Port of Houston's civilian and military
officials consistently say Ship Channel security is tighter than any
time since World War II.  Still, each week, two or three intruders --
usually fishermen or port construct

[INFOCON] - News 12/02/02

[Wanja Eric Naef \(IWS\)]

-Original Message-
From: Wanja Eric Naef (IWS) 
Sent: 02 December 2002 20:07
To: 'Infocon'
Subject: News 12/02/02


_

  London, Monday, December 02, 2002  
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body

-

_

  
[CURRENT THREAT LEVELS]
  

Electricity Sector Physical: Elevated (Yellow) 

Electricity Sector Cyber: Elevated (Yellow) 

Homeland Security Elevated (Yellow) 
DOE Security Condition: 3, modified  

NRC Security Level: III (Yellow) (3 of 5) 


  
  [News Index]
  

[1] B2-ORM Mailing List
[2] Homeland department could transform tech industry
[3] Pentagon distributes software for modeling effects of attacks
[4] Schneier: No "magic security dust"
[5] Total Info System Totally Touchy  

[6] Lax Security: ID Theft Made Easy  
[7] Net security: Steady as she goes
[8] Cisco backtracks on security functionality
[9] S Koreans launch cyber attack on US over schoolgirls' deaths
[10] Ten more tips for safe xmas e-tail

[11] Intercepts
[12] Computer virus insults victims
[13] The Insecurity of Computer Security
[14] Tech industry speculates about candidates for security jobs
[15] WLAN security is still work in progress

[16] Irish ISP blocks web site over dispute
[17] Bugbear remains top virus threat
[18] 'Critical' MS server flaw may affect few sites
[19] First hackers sighted in high speed mobile phone arena

_

News
_


[1] B2-ORM Mailing List

is an international email user group focused on the sharing of
information on the implementation of Basel II compliant Operational Risk
Management solutions in the Financial Services industry.

Why not join today? Simply send an email to :

mailto:[EMAIL PROTECTED]

The next three years will place enormous strain on the resources of
Operational Risk staff in the worlds Financial Services organisations.
Why not learn from others and share information?  Good practice guides,
white papers and other essential information may be found on the groups
web site and downloaded to your own system.

Topics to be discussed include:

Business Continuity Management (new International Standard)
The role of Information Security, Audit and Compliance
Interfaces with Outsource and other service providers.
Six Sigma errors and defects management
Money Laundering and Fraud Risk
Interfaces to Credit and Market Risk

 

[2] Homeland department could transform tech industry
By William New, National Journal's Technology Daily 

The creation of a Homeland Security Department may presage more than
better domestic security. It could mark the transformation of the
technology industry from an economically flat maker of consumer-oriented
products into a thriving, but more secretive, machine that creates
security-oriented products and services. 

"The homeland security opportunity [for tech companies] is unprecedented
in the civilian side of government," said Bruce McConnell, a
Washington-based technology consultant. "The art form is to build
relationships early on with the most influential component agencies ...
who will define the architecture for years to come. 

President Bush signed the legislation, H.R. 5005, on Nov. 25. It will
take effect in 60 days, but fundamental questions such as funding
remain. New jobs in the department also must be filled and congressional
oversight of the Cabinet-level agency defined. 

http://www.govexec.com/dailyfed/1102/112702td1.htm

 

[3] Pentagon distributes software for modeling effects of attacks
By Bryan Bender, Global Security Newswire 

The Defense Department has licens

[INFOCON] - NIPC Daily Open Source Report for 29 November 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 29 November 2002

Daily Overview

•   The L.A. Times reports that a suicide car bombing at a resort
hotel in Msumarini, Kenya killed at least 16 people Thursday at the same
time that two missiles narrowly missed an Israeli charter jet taking off
nearby.  (See item 15)

•   According to the BBC, Ohio State University scientists have
simulated attacks on key Internet hubs which illlustrate how vulnerable
the worldwide network is to disruption by disaster or terrorist action.
(See item 14)

•   According to the New York Times, the identity-theft case
announced this week is even more troubling because the threat came from
company insiders who were able to steal the same types of materials that
terrorists would aim to gather.  (See item 1)

•   According to Wired News, a report presented to the United
Nations on Monday states the security of wireless networks is of
“critical concern,” since wireless local area networks are more prone to
hacker attacks than fixed-line networks.  (See item 7)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking & Finance
Transportation

Gas & Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

Nothing to report.

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Cyber: ELEVATED
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -  http://esisac.com]

[return to top]

Banking and Finance Sector

1.  November 27, New York Times – Identity-theft case exposes
insider threat.  Many law enforcement and security experts say the
large-scale identity theft case announced this week simply provides a
startlingly large window onto a problem that not only threatens people's
sense of privacy and invulnerability, but also poses questions about the
priority many companies place on security.  Officials said there was no
evidence of a terrorist connection to the fraud.  But the case raises
the specter of terrorists' gaining what appears to have been cheap and
easy access to material that can be used to create false identities
within the United States, experts said.  Joanna P. Crane, the manager of
the Federal Trade Commission's identity theft program, which was created
in January 1999, said that the entire episode was troubling because what
was stolen was exactly the material that terrorists would aim to gather.
The case, many security experts say, also shows what they have long
contended: that insiders are a bigger threat than outside hackers,
because they have access to closely held passwords, and knowledge of the
systems they are seeking to manipulate.  Source:
http://www.nytimes.com/2002/11/27/nyregion/27CRED.html 

[return to top]

Transportation Sector

2.  November 27, New York Times – Airlines' official warns on
security costs. Carol B. Hallett, president of the Air Transport
Association, an airline trade association, said Tuesday that unless the
industry's problems are fixed soon, it might be necessary to nationalize
the airlines.  Hallett, speaking at an industry luncheon, said that such
a step would have costs that were “intolerable,” but that the burden of
security fees was destroying the airlines.  Fees that are supposedly
charged to passengers are essentially paid by the airlines, Hallett
contended, because the surcharge imposed by the federal government that
is supposed to pay for additional security prevents the airlines from
charging more for tickets and therefore cuts into airlines' revenue.
Failing to fix the root causes of the industry's dire situation could
mean that the nationalization of the industry becomes necessary, Hallett
said.  Source:
http://www.nytimes.com/2002/11/27/business/27ATA.html?ex=1039410686&ei=1
&en=2aeab3e5c35e31ae 

3.  November 27, New York Times – McGreevey pitches DMV plan as
vital to New Jersey's security.  Surrounding himself with law
enforcement officials and terrorism experts, New Jersey Gov. James E.
McGreevey Wednesday promoted his $200 million plan to overhaul the
state's Department of Motor Vehicles as a vital matter of security,
saying it would help prevent criminals and terrorists from obtaining
fraudulent state identification.  McGreevey said that under the plan,
surveillance cameras would be installed and additional police officers
assigned to the state's 45 motor vehicles offices, where internal
security staffing has dwindled during the past decade and dozens of
employees have been arrested on charges of document fraud.  Under the
proposal, in 2004 the state would begin issuing digitized licenses,
which would have fingerprints or electronic retina scans to discourage
counterfeiting.  Source:
http://www.nytimes.com/2002/11/27/nyregion/27MOTO.html?ex=103948&ei=
1&en=c0d0a74b7236f

[INFOCON] - No Infocon till Monday, Site News & Happy Thanksgiving

[Wanja Eric Naef \(IWS\)]

Dear All,

The Infocon list will be on hold during the next few days till Monday as
it will be my 30th birthday on Friday, i.e. I won't be touching a
computer for the next two days at least. Originally I was planning to
jump out of plane with some of my friends, but luckily for them (I
especially mean a good friend of mine who served in the Spanish Naval
Intelligence Service, but is too scared to jump out of a plane) the
weather in England is not good enough to do so. I guess I will have to
wait till my 33rd B-Day when I should be living in sunny America. So
instead of browsing through hundreds of emails, I will be drinking
Laurent-Perrier Grand Siecle and many cocktails whilst celebrating with
my friends in London.

Some site news: the web site has been on hold for more than 1/2 year due
to lack of resources, but it looks like I finally managed to get some
support for it. A UK InfoSec company is willing to give me a very secure
server with full support which means that the site (which is currently
undergoing a major face lift) will be back by January 2003 with many new
features:

* More mailing lists:

There will be a moderated IA/InfoSec discussion list and I am pleased to
announce that Michael Huggins (CISSP CTOC USN (ret))who has lots of IT
security frontline experience in the US military and commercial world is
going to moderate the [IA/InfoSec] list.

There will be a list devoted to Cyber Arms Control which is going to be
moderated by Oliver Minkwitz from the German Peace Research Group FOGI:S
(http://www.fogis.de/).  Oliver is a German peace researcher who is one
of the leading experts in the field of Cyber Arms Control, so i.e. the
mailing list should be rather very interesting. 

Also, there is going to be a closed CNO (Computer Network Operations)
mailing list which I am going to moderate and maybe someone else for the
real I-Warrior.  The list will be by invitation only and operate under
the Chatham House Rule.

* Review Section

The redesigned site will have a book review section (and thanx to
someone it will contain more than 100 reviews) and a software review
section.

* Infocon Magazine

Anyone interested in writing useful (i.e. FUD, PR free) articles please
contact me.

* New News Section

* Site Map

* New Homeland Security Chapter

* Donation Page

Someone who servers in the US Navy told me that the site should have
such a page to get some support for the project. So the new site will
have a Pay Pal donation page where people can donate money to support
the project as unfortunately it is not easy to run such an operation
with virtually no financial support.

Last, but not least I want to say thank you to all the people who have
been supporting the project. Thank you Bob, John, Mike, Chet, Rick and
countless others. 

I wish everyone a Happy Thanksgiving.

Regards,

WEN


'Information is the currency of victory on the battlefield.'
GEN Gordon Sullivan, CSA (1993)


Wanja Eric Naef
Principal Researcher
IWS - The Information Warfare Site
http://www.iwar.org.uk


Join the IWS Infocon Mailing List @
http://www.iwar.org.uk/general/mailinglist.htm







IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - JMU : R.U.N.S.A.F.E.

[Wanja Eric Naef \(IWS\)]

http://www.jmu.edu/computing/runsafe/ 

see also:

http://www.jmu.edu/computing/security/ 


R.U.N.S.A.F.E.

Did you know that with one wrong mouse click you could make it possible
for someone to read all your email, documents, or instant messages? That
they could also view your grades, online bank accounts, or change your
course schedule? That they could read or change anything on your
computer? Or anything accessed from it? That they could turn on your
computer's microphone to listen in on conversations? That they could use
your computer for a computer crime for which you may be blamed?

Did you know a newly installed Windows XP, 2000, NT, or Linux computer
is likely vulnerable to the same type of compromise just by being
attached to the network? 

Did you know several such incidents have occurred on computers at
JMU...from Windows 95 and Macintosh desktops to Windows NT and Unix
servers? That they've been used to attack other computers and divulge
information? Did you know all our computers are scanned constantly from
around the world by people hoping to take advantage of them?

Did you know that your behavior impacts your neighbors' security and
their behavior yours?

The Internet, paired with today's software, provides us astonishing
capabilities for sharing and communication. However, these same
capabilities also provide access and computer power to more than 300
million people around the world...some of whom may not share our
behavioral expectations. Examples, such as random acts of vandalism, can
be found in any local newspaper. 

The threats associated with online folks' behavior are very different
from similar threats in the physical world. Using the same freedom and
functionality we treasure, they can communicate with our computers
almost instantaneously, almost anonymously, and en masse from around the
world. They don't even need to be a computer expert. It only takes one
person to write a destructive program to enable many people without
technical knowledge to cause problems, just as all of us use word
processors and web browsers without knowing how they work or being able
to write one ourselves.

While the risks associated with these threats can be decreased by
limiting communications, limiting computer functionality, and increasing
the complexity involved with our computing environment, they can't be
eliminated because security is never absolute. Moreover, the more we
wish to maintain our current freedom in communications and computing,
the more necessary it is that we individually take steps to take care of
ourselves and reduce the need for outside controls and limitations. 

The only person ultimately in control of a computer is the operator in
front of the keyboard. That person presently has the freedom to run any
software he or she wants and communicate with anyone around the world.
Each of us must do his or her part to help ensure the integrity of our
network by operating our computers safely.

Our computers can do almost anything we tell them to do. Unfortunately,
this versatility makes them very complicated. A certain amount of
awareness and skill is necessary to operate such a complicated device
safely on a world wide network. The goal of the R.U.N.S.A.F.E. program
is to help you attain the knowledge and skills necessary for safely
operating an Internet connected computer.

The information and associated steps listed on this page are key
components to everyone's online security. Everyone should understand
them and be able to take the actions described. R.U.N.S.A.F.E. workshops
are offered once per semester that describe the incidents we've seen at
JMU, the threats we're exposed to, and that teach the defensive concepts
and procedures described here. Onsite workshops are also available to
groups. (contact Gary Flynn to schedule one).

Click here to download the RUNSAFE  workshop PowerPoint presentation. If
you don't have PowerPoint, you can get a free viewer from Microsoft
here.

A sixteen minute RUNSAFE awareness video is available. It can be
downloaded here. The material is copyrighted by Jim Blackburn but may be
used  for educational purposes. The file is 161 MB in size.

R.U.N.S.A.F.E. Goal for All Computer Operators on the JMU network:
Understand the material on this page.  
Run anti-virus software and update it weekly. Preferably the campus
supported Norton Anti-virus. 
Treat email attachments and other unknown programs with caution. 
Use the Windows Update Site on every new installation and monthly
thereafter. 
Choose strong passwords for your own desktop and on servers which you
may use and keep them confidential. 
Use care if you enable Microsoft File Sharing. 
Visit the Hot Topics! page at least monthly. 
For all server operators (Windows/Unix/Mac/Whatever) and all unix
desktop operators: 
Set up new computers with the network cable disconnected. 
Turn off all services running on the newly installed computer. 
Connect to network and download and install patches. 
Turn on onl

[INFOCON] - (HS) New Security Department Reinforces NORTHCOMMission

[Wanja Eric Naef \(IWS\)]

Department of Defense Homeland Security
http://www.defenselink.mil/specials/homeland/ 


-Original Message-
From: DEFENSE PRESS SERVICE LIST On Behalf Of Press Service
Sent: 26 November 2002 22:18
To: [EMAIL PROTECTED]
Subject: New Security Department Reinforces NORTHCOM Mission

By Master Sgt. Bob Haskell
Special to the American Forces Press Service

The National Guard has given the U.S. Northern Command a base
that it can build on, one of that new organization's high-
ranking officers said recently.

Furthermore, the new Cabinet-level Department of Homeland
Security will reinforce the Northern Command's mission of
safeguarding this country, Air Force Maj. Gen. Dale Meyerrose
maintained during a Nov. 13 summit on homeland security.

President George W. Bush signed the legislation creating the new
department on Nov. 25. Meyerrose is the director of
architectures and integrations for the Northern Command that was
stood up at Peterson Air Force Base in Colorado Springs, Colo.,
on Oct. 1. He is also director for command control systems at
the North American Aerospace Defense Command's headquarters at
Peterson. He is the chief information officer for both commands.

Meyerrose is responsible for creating the communications and
informational architecture so that Northern Command personnel
can support and share information with civil authorities,
including the FBI and the Federal Emergency Management Agency,
when directed by the president and the secretary of defense.

"I think it will only make our job easier," Meyerrose told
reporters about the new Homeland Security Department that
President George W. Bush has championed in the wake of the
terrorist attacks of Sept. 11, 2001. The U.S. House of
Representatives approved 299-121 on Nov. 13; the Senate
decisively endorsed the homeland security bill 90-9 on Nov. 19.

"It provides an organization at the national level which links
what we do in the Department of Defense with other departments
and, hopefully, down to the states and other jurisdictions,"
explained Meyerrose, one of the keynote speakers during the
summit organized.

The new department will include all, or parts of, 22 separate
federal agencies, including Customs, the Coast Guard and the
FEMA, in the largest governmental reorganization since the
Department of Defense was formed in 1947.

It will help, Meyerrose said, because "a lot of architecture,
constructs and concepts of operation that need to be put in
place are beyond the scope of the Department of Defense and
Northern Command. That's where the Department of Homeland
Security, of which we will be a supporting part, will come in
handy."

Nearly 200 people attended the conference, which explored ways
in which computer-driven technology can help numerous agencies
protect the United States. It is critical for all federal, state
and local agencies to be able to communicate quickly so
information can be transformed into action should this country
be attacked again, Meyerrose and other speakers insisted.

The challenge, Meyerrose explained, is finding the best way to
transform a voice report from an emergency responder who is
first on the scene of a terrorist attack or natural disaster
into a digital format that provides reports to all coordinating
agencies.

 "I need to change my foundation from 'need to know' to 'need to
share'" without compromising the security of sensitive
information that could help an enemy, observed Meyerrose, an Air
Force Academy graduate who has been a communications officer for
27 years. "We must be able to move secret information from
trusted environment to trusted environment," he added.

The Northern Command, commanded by Air Force Gen. Ralph
Eberhart, is primarily responsible for protecting the
continental United States and its contiguous waters, from the
Aleutian Islands in the Pacific Ocean to Puerto Rico and the
U.S. Virgin Islands in the Caribbean, from external threats and
attacks, Meyerrose stressed.

It is also prepared, when ordered by the president or secretary
of defense, to support a lead federal agency in case civil
authorities cannot deal with a catastrophic domestic event such
as the terrorist attacks against the World Trade Center and the
Pentagon on Sept. 11, 2001. That is when it is critical for
Northern Command to be able to communicate with the FBI or FEMA,
Meyerrose added.

 "It is our belief that the unity of command embodied by
NORTHCOM will allow this country to raise that capability to a
new height," he said.

Meyerrose said that he and his Northern Command colleagues would
strive to improve the informational architecture by coordinating
communications systems that already exist and by improving on
procedures that are already in place.

The National Guard already has established procedures that will
help, he said, because 26 of the adjutants general in the 54
states and territories already serve in dual capacities as state
military leaders and state emergency managers.

 "They have lots of exis

[INFOCON] - NIPC Daily Open Source Report for 27 November 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 27 November 2002

Daily Overview

.   Internet Security Systems has lowered its AlertCon Internet
threat indicator to Level 1, which warrants routine security.  (See
Internet Alert Dashboard)

.   CERT announces Advisory CA-2002-34: Buffer Overflow in Solaris X
Window Font Service, which could allow an attacker to execute arbitrary
code or cause a denial of service.  (See item 11) 

.   According to ZDNet News, an Internet attack flooded domain name
manager UltraDNS with a deluge of data late last week, causing
administrators to scramble to keep up and running the servers that host
.info and other domains.  (See item 12)

.   According to the Toronto Star, the outbreak of a highly
infectious virus, believed to be the Norwalk virus, has shut down a
Toronto hospital's emergency room.  (See item 14)

.   Reuters reports the Philippine government said Tuesday it has
banned imports of ammonium nitrate, and will phase out its use by
farmers within six months, since the widely available fertilizer is
being used by militants to make bombs.  (See item 13)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking & Finance
Transportation

Gas & Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

1.  November 26, Associated Press - Electric cable damage worse than
thought.  Utility officials say damage done to underwater power cables
in Long Island Sound is worse than first thought.  Divers working over
the weekend discovered that two more underwater power cables had been
severed when a drifting barge dragged its anchor across them.  Utility
and environmental officials also said an oil-like sheen has been sighted
on the water near the site where the cables have been leaking insulating
fluid.  The Long Island Power Authority shares ownership of the cable
with Northeast Utilities (NU).  NU spokesman Frank Poirot said all seven
cables had been severed during a similar December 1996 incident in which
a barge dragged its anchor across the conduits.  The repairs in that
incident, which Poirot said cost millions of dollars, took almost a year
to complete.  Source:
http://www.newsday.com/news/local/longisland/ny-cable1126,0,7793125.stor
y?coll=ny-linews-headlines

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Cyber: ELEVATED
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -  http://esisac.com]

[return to top]

Banking and Finance Sector

Nothing to report

[return to top]

Transportation Sector

2.  November 26, U. S. Department of State - President Bush signs
port security bill into law.  President Bush signed into law November 25
a bill aimed at improving security at U.S. seaports and preventing
terrorists from using the maritime transportation system to mount
attacks on the United States.  The "Maritime Transportation Security
Act" will strengthen security through the required development of
security plans for ports and an improved identification and screening
system of port personnel, President Bush said in a prepared statement.
Source:
http://usinfo.state.gov/cgi-bin/washfile/display.pl?p=/products/washfile
/latest&f=02112601.clt&t=/products/washfile/newsitem.shtml 

3.  November 25, Port of Los Angeles - Los Angeles mayor signs
landmark port security agreement.  On Tuesday, the last day of his Asian
tourism and trade mission, Los Angeles Mayor Jim Hahn signed a major
agreement to initiate a Port of Los Angeles international container
security program.  "This agreement will elevate security standards for
containers moving between Hong Kong and Los Angeles," said Mayor Hahn.
Mayor Hahn signed a Memorandum of Understanding (MOU) with Modern
Terminals Limited Managing Director Erik Bogh Christensen to test new
security enhancements - including tamper-proof locks and other security
systems - for Port of Los Angeles-bound cargo before leaving for the
United States.  The agreement with Modern Terminals is significant
because Hong Kong is the largest port in the world and is the largest
point of embarkation for goods being shipped to Los Angeles, the busiest
port in the U.S.  Approximately one-third of the Hong Kong cargo bound
for Los Angeles is processed by Modern Terminals.  The pilot project
will be partially funded by a congressional appropriation through the
U.S. Department of Transportation under the "Operation Safe Commerce"
program.  Source: http://biz.yahoo.com/bw/021125/250481_1.html 

4.  November 23, Scripps Howard News Service - DOT says 'hazmat'
cargo label may draw terrorists.  Concerned that terrorists might use
hazardous-materials warning signs as readily as emergency workers,
federal officials are looking for more secure ways of identifying

[INFOCON] - CERT Summary CS-2002-04

[Wanja Eric Naef \(IWS\)]

CERT Summary CS-2002-04

   November 26, 2002

   Each  quarter, the CERT Coordination Center (CERT/CC) issues the CERT
   Summary  to  draw  attention  to  the types of attacks reported to
our
   incident  response  team,  as  well  as  other noteworthy incident
and
   vulnerability information. The summary includes pointers to sources
of
   information for dealing with the problems.

   Past CERT summaries are available from:

  CERT Summaries
  http://www.cert.org/summaries/
 
__

Recent Activity

   Since the last regularly scheduled CERT summary, issued in August
2002
   (CS-2002-03),   we   have   seen   trojan  horses  for  three
popular
   distributions,  new  self-propagating malicious code
(Apache/mod_ssl),
   and  multiple  vulnerabilities  in BIND. In addition, we have issued
a
   new PGP Key.

   For  more  current  information  on  activity  being  reported  to
the
   CERT/CC,  please  visit the CERT/CC Current Activity page. The
Current
   Activity  page  is  a  regularly updated summary of the most
frequent,
   high-impact  types  of  security  incidents  and vulnerabilities
being
   reported  to the CERT/CC. The information on the Current Activity
page
   is reviewed and updated as reporting trends change.

  CERT/CC Current Activity
  http://www.cert.org/current/current_activity.html


1. Apache/mod_ssl Worm

   Over  the  past  several  months,  we  have  received reports of
a
   self-propagating  malicious  code  that  exploits  a
vulnerability
   (VU#102795)  in  OpenSSL. Reports received by the CERT/CC
indicate
   that  the  Apache/mod_ssl  worm  has already infected thousands
of
   systems.  Over  a  month  earlier,  the CERT/CC issued an
advisory
   (CA-2002-23) describing four remotely exploitable buffer
overflows
   in OpenSSL.

CERT Advisory CA-2002-27
Apache/mod_ssl Worm
http://www.cert.org/advisories/CA-2002-27.html

CERT Advisory CA-2002-23
Multiple Vulnerabilities in OpenSSL
http://www.cert.org/advisories/CA-2002-23.html

Vulnerability Note #102795
OpenSSL  servers contain a buffer overflow during the 
SSL2 handshake process
http://www.kb.cert.org/vuls/id/102795


2. Trojan Horse Sendmail Distribution

   The  CERT/CC  has  received  confirmation  that some copies of
the
   source  code  for  the  Sendmail  package have been modified by
an
   intruder  to  contain a Trojan horse. These copies began to
appear
   in  downloads  from  the  FTP server ftp.sendmail.org on or
around
   September  28,  2002.  On  October  8, 2002, the CERT/CC issued
an
   advisory   (CA-2002-28)   describing  various  methods  to
verify
   software authenticity.

CERT Advisory CA-2002-28
Trojan Horse Sendmail Distribution
http://www.cert.org/advisories/CA-2002-28.html


3. Trojan Horse tcpdump and libpcap Distributions

   The  CERT/CC  has  received reports that some copies of the
source
   code  for  libpcap,  a  packet acquisition library, and tcpdump,
a
   network  sniffer,  have been modified by an intruder and contain
a
   Trojan  horse.  These  modified  distributions  began to appear
in
   downloads  from  the  HTTP server www.tcpdump.org on or around
Nov
   11,  2002. The CERT/CC issued an advisory (CA-2002-30) listing
MD5
   checksums and official distribution sites for libpcap and
tcpdump.

CERT Advisory CA-2002-30
Trojan Horse tcpdump and libpcap Distributions
http://www.cert.org/advisories/CA-2002-30.html


4. Multiple Vulnerabilities in BIND

   The  CERT/CC  has documented multiple vulnerabilities in BIND,
the
   popular  domain  name  server  and client library software
package
   from  the  Internet  Software  Consortium  (ISC).  Some  of
these
   vulnerabilities  may  allow a remote intruder to execute
arbitrary
   code  with  privileges  of  the  the user running named
(typically
   root).  Several  vulnerabilities  are  referenced in the
advisory;
   they are listed here individually.

CERT Advisory CA-2002-31
Multiple Vulnerabilities in BIND
http://www.cert.org/advisories/CA-2002-31.html

Vulnerability Note #852283
Cached malformed SIG record buffer overflow
http://www.kb.cert.org/vuls/id/852283

Vulnerability Note #229595
Overly large OPT record assertion
http://www.kb.cert.org/vuls/id/229595

Vulnerability Note #581682
ISC Bind 8 fails to properly dereference cache SIG RR 
elements invalid expiry times from the i

[INFOCON] - (MIL) Electronic Warfare: Comprehensive StrategyStill Needed for Suppressing Enemy Air Defenses

[Wanja Eric Naef \(IWS\)]

(During the Kosovo campaign the Americans were very keen on German EW
Tornado aircrafts as they lacked EW equipment. According to GAO the US
military has still not beefed up their EW capabilities. The GAO report
is not bad, but it does not take into account other problems
(operational procedures, ...) which also hinder mission success. WEN)

Electronic Warfare:  Comprehensive Strategy Still Needed for Suppressing
Enemy Air Defenses.  

GAO-03-51, November 25 
http://www.gao.gov/cgi-bin/getrpt?GAO-03-51

Highlights
http://www.gao.gov/highlights/d0351high.pdf


What GAO Recommends

GAO continues to recommend that the Secretary of Defense develop a
comprehensive, crossservice strategy to close the gap between DOD's
suppression capabilities and needs. In addition, an effective
coordinating
entity is needed to develop and monitor implementation of the strategy.
In answer to a draft of GAO's report, DOD concurred with its
recommendations. Staff changes are being made to address crosscutting
issues, and an integrated product team process established to form a
comprehensive approach to the electronic warfare mission.




... In conducting military operations, U.S. aircraft are often at great
risk from enemy air defenses, such as surface-to-air missiles. The
services use
specialized aircraft to neutralize, destroy, or temporarily degrade
enemy
air defense systems through either electronic warfare or physical
attack. ...

... According to DOD, countries have sought to make their air defenses
more
resistant to suppression. ...

... However, according to the Defense Intelligence Agency, these
aircraft were unable to destroy their integrated air defense system
because Yugoslav forces often engaged in elaborate efforts to protect
their air defense assets. ...

... Since our January 2001 report,5 the services have had some success
in
improving their suppression capabilities, but they have not reached a
level
needed to counter future threats. ...

... The Air Force recently upgraded the HARM Targeting System and is
procuring additional systems. The upgrade (known as R-6) provides better
and faster targeting information to the missile, but even with this pod
the
F-16CJ still lacks some of the capabilities of the retired F-4G. ...

... The services have already identified serious reliability problems
with
current self-protection systems on U.S. combat aircraft, including
jammers, radar warning receivers, and countermeasures dispensers. Most
of the current systems use older technology and have logistics support
problems due to obsolescence. Also, as we reported last year,7 the
selfprotection systems on strike aircraft may have more problems than
the
services estimate. ...
 

... The services have initiated additional research and development
efforts to improve their ability to suppress enemy air defenses, but
they face
technology challenges and/or a lack of funding priority for many of
these
programs. ...

... The air defense suppression mission continues to be essential for
maintaining air superiority. Over the past several years, however, the
quantity and quality of the services' suppression equipment have
declined
while enemy air defense tactics and equipment have improved. DOD has
recognized a gap exists in suppression capabilities but has made little
progress in closing it. In our view, progress in improving capabilities
has
been hampered by the lack of a comprehensive strategy, cross-service
coordination, and funding commitments that address the overall
suppression needs. DOD relies on individual service programs to fill the
void, but these programs have not historically received a high priority,
resulting in the now existing capability gap. We continue to believe
that a
formal coordinating entity needs to be established to bring the services
together to develop an integrated, cost-effective strategy for
addressing
overall joint air defense suppression needs. A strategy is needed to
identify mission objectives and guide efforts to develop effective and
integratedsolutions for improving suppression capabilities. ...


Recommendations for Executive Action

... To close the gap between enemy air defense suppression needs and
capabilities, we recommend that the Secretary of Defense establish a
coordinating entity and joint comprehensive strategy to address the gaps
that need to be filled in the enemy air defense suppression mission. The
strategy should provide the means to identify and prioritize promising
technologies, determine the funding, time frames, and responsibilities
needed to develop and acquire systems, and establish evaluation
mechanisms to track progress in achieving objectives. ...





IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - News 11/27/02

[Wanja Eric Naef \(IWS\)]

_

  London, Wednesday, November 27, 2002   
   _

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body

-

_


  
  [News Index]
  

[1] Most homeland security agencies to move by March, White House says
[2] Intelligence experts pan call for domestic spying agency
[3] Lawmaker urges Bush to fill key homeland positions
[4] FEMA debuts DisasterHelp.gov
[5] Secure Programming with .NET

[6] Free Chinese Net users - Amnesty
[7] AKO offers secure portal lessons
[8] Hackers Fight Censorship, Human Rights Violations
[9] Firms to splash cash on IT security
[10] Winning the Cybersecurity War

[11] Justice Department outlines security roadmap for chemical plants
[12] RIAA punishing Navy cadets 'because it can'
[13] Court finds limits to California jurisdiction in cyberspace
[14] Lawyers Fear Misuse of Cyber Murder Law
[15] The seven deadly sins of e-tailers

[16] Command to score joint C2
[17] RealPlayer security fix is faulty
[18] Possessed! The Solaris font daemon
[19] Feds break massive identity fraud

_

CURRENT THREAT LEVELS 
_


Electricity Sector Physical: Elevated (Yellow) 

Electricity Sector Cyber: Elevated (Yellow) 

Homeland Security Elevated (Yellow) 

DOE Security Condition: 3, modified  

NRC Security Level: III (Yellow) (3 of 5) 

_

News
_


[1] Most homeland security agencies to move by March, White House says
By Jason Peckenpaugh

The White House released its initial plan for organizing the Homeland
Security Department on Monday, including a time frame for moving
agencies to the new department.

Pending Senate confirmation, Homeland Security Secretary-designate Tom
Ridge will take office on Jan. 24, and nearly all of the agencies slated
to move to the department will transfer on March 1. All agency transfers
will be completed by Sept. 30, 2003 according to the plan, which was
required under the Homeland Security Act that President Bush signed
Monday.

The plan does not state whether any employees will move offices when
their agencies are transferred. The White House is looking for office
space in the Washington area, and District of Columbia politicians,
including Del. Eleanor Holmes Norton, D-D.C., have argued the new
department's headquarters should be in the District. Northern Virginia
offers additional sites for the potential headquarters, according to
Rep. James Moran, D-Va. "Because we built more than in Maryland and the
District, we have more office space and you can get very good prices,"
he said in a recent interview with Government Executive.

http://www.govexec.com/dailyfed/1102/112602p1.htm

 

[2] Intelligence experts pan call for domestic spying agency
By Drew Clark, National Journal's Technology Daily 

A new domestic spying agency would neither serve the interests of police
or spying agencies nor ameliorate Americans' fears about enhanced
electronic surveillance by the government, a panel of intelligence
experts largely agreed, for different reasons, on Friday.

The proposal, reportedly discussed in the White House, is one of the
recommendations of the Gilmore Commission, an advisory panel on
terrorism and weapons of mass destruction. The issue gained renewed
attention with a Nov. 18 decision of a secret court that expanded the
government's authority to use intelligence information in criminal
prosecutions.

Attorney General John Ashcroft praised the decision, but civil liberties
advocates said it represented a new avenue for spying on Americans.

http://www.govexec.com/dailyfed/1102/112602td1.htm

 

[3] Lawmaker urges Bush to fill key homeland positions
>From National Journal's Technology Daily 

A key

[INFOCON] - NIPC Daily Open Source Report for 26 November 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 26 November 2002

Daily Overview

.   Internet Security Systems has raised its AlertCon Internet
threat indicator to Level 2, due to the large increase of scanning
across the Internet, primarily from Asia, and a number of incident
reports regarding security breaches against commercial entities.  (See
Internet Alert Dashboard)

.   CERT announces Vulnerability Note VU#740619: Secure Shell for
Servers, developed by SSH Communications Security, does not properly
remove the child process from the master process group after
non-interactive command execution.  (See item 16) 

.   The Associated Press reports that President Bush signed
legislation Monday creating a new Department of Homeland Security
devoted to preventing domestic terror attacks.  (See item 10) 

.   The Associated Press reports Federal authorities have charged
three men with orchestrating a huge identity-theft scheme in which
credit information was allegedly stolen from more than 30,000 victims.
(See item 1)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking & Finance
Transportation

Gas & Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

1.  November 25, Reuters - Opposition parties said on Monday they
had lodged no-confidence motions against the Bulgarian government for
bowing to European Union pressure and agreeing to close down two nuclear
reactors.
The ruling coalition of Prime Minister Simeon Saxe-Coburg is likely to
defeat the two motions in the 240-strong parliament, where it has a
sound majority, local commentators said. EU candidate Bulgaria agreed
last week to close reactors three and four of its Soviet-era Kozloduy
nuclear plant by 2006. The plant generates more than 40 percent of the
country's electricity and any shutdown is likely to raise power prices
for impoverished Bulgarians. The Balkan state's previously ruling
centre-right Union of Democratic Forces (UDF) and Socialist parties
accused the reformist government of betrayal. "The government has acted
against national interests and has violated the Constitution," the
Socialists said. The ruling National Movement for Simeon II -- led by
Saxe-Coburg, the former king who took over the premiership in July 2001
-- holds 115 seats in parliament, while its junior coalition partner,
the ethnic Turkish MRF party, has 20 seats. Opposition parties had
previously signalled they would not make waves before last week's NATO
summit in Prague to avoid damaging Bulgaria's chances of becoming a NATO
member. 
Source:
http://hsweb01.screamingmedia.com/PMA/pma_newsarticle1_reuters.ht
m?SMDOCID=reuters_pma_2002_11_25_eng-reuters_pma_NUCLEAR-SHUTDOWN
-ROCKS-BULGARIAN-GOVERNMENT&SMContentSet=0

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Cyber: ELEVATED
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -  http://esisac.com]

[return to top]

Banking and Finance Sector

2.  November 25, Associated Press - U.S. charges 3 in massive ID
fraud.  Federal authorities charged three men with orchestrating a huge
identity-theft scheme in which credit information was allegedly stolen
from more than 30,000 victims.  Manhattan U.S. Attorney James Comey said
the arrests announced Monday mark the largest identity theft case in
U.S. history, with initial losses pegged at $2.7 million and growing.
More than 15,000 credit reports were stolen using passwords belonging to
Ford Motor Credit Corp. to access information from Experian, a
commercial credit history bureau, officials said.  Authorities say the
scheme began about three years ago when Philip Cummings, a help-desk
worker at a computer software company, agreed to give an unidentified
co-conspirator the passwords and codes for downloading consumer credit
reports.  Source:
http://story.news.yahoo.com/news?tmpl=story2&cid=519&e=3&u=/ap/20021125/
ap_on_re_us/identity_theft 

3.  November 24, Milwaukee Journal Sentinel - Insurance co-op
created for cities, villages.  The threat of terrorism has persuaded an
insurance carrier to drop liability coverage for about 200 cities and
villages in Wisconsin, leading to the formation of a new statewide
self-insurance cooperative.  As part of a corporate retrenching
attributed to terrorist threats, Kemper Insurance Cos. has decided not
to renew coverage under a nearly 20-year-old program operated by the
League of Wisconsin Municipalities.  With Kemper dropping out at the end
of the year, league officials have invested $5 million to establish a
new self-insurance pool of the sort that became popular during an
insurance industry crunch in the 1980s.  Source:
http://www.jsonline.com/news/state/nov02/98544.asp

4.  November 22, Financial Crimes Enforcement Network,

[INFOCON] - News 11/26/02

[Wanja Eric Naef \(IWS\)]

 _

  London, Tuesday, November 26, 2002 
 _

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body

-

_


  
  [News Index]
  

[1] Bush signs homeland bill; fills top jobs in department
[2] Counterterrorism project assailed by lawmakers, privacy advocates
[3] DDOS attack 'really, really tested' UltraDNS
[4] (UK) Cabinet Office beats off 1,000 cyber attacks in October
[5] Privacy czar plays homeland role

[6] Merde! Alcatel LAN switch ships with backdoor access
[7] Homeland Security Bill Heralds IT Changes
[8] Experts advocate standard public warning system 
[9] Three charged in huge identity scam bust
[10] 'Safe for kids' Internet bill goes to president

[11] Homeland Security Plan Leaves Some Experts Skeptical
[12] Contractors act quickly to try to shape security agenda
[13] (AU) Cybercrime Bill a clumsy step in right direction
[14] Court blocks DVD-cracking suit
[15] Computer viruses face slow down

[16] 'Hacking Challenge' Winners Allege $43,000 Contest Rip-Off
[17] eBay scam site nipped in the bud
[18] DOD extends net reach
[19] Former Education Department official, e-gov pioneer dies

_

CURRENT THREAT LEVELS 
_


Electricity Sector  Physical: Elevated (Yellow) 

Electricity Sector  Cyber: Elevated (Yellow) 

Homeland Security Elevated (Yellow) 

DOE  Security Condition: 3, modified  

NRC  Security Level: III (Yellow) (3 of 5)

_

News
_


[1] Bush signs homeland bill; fills top jobs in department
By Keith Koffler, CongressDaily 

President Bush Monday signed legislation establishing a Homeland
Security Department and announced he will nominate White House homeland
security adviser Tom Ridge to be its first secretary.

Bush also announced that Navy Secretary Gordon England will be nominated
for the post of deputy secretary and that Drug Enforcement
Administration Administrator Asa Hutchinson, a former House member, will
be nominated to serve as undersecretary for border and transportation
security.

White House Press Secretary Ari Fleischer pledged the Bush
administration would work cooperatively with Congress next year as it
considers whether to strip out last-minute provisions added to the bill
that would protect vaccine makers and offer other benefits to
businesses.

http://www.govexec.com/dailyfed/1102/112502cd1.htm

 

[2] Counterterrorism project assailed by lawmakers, privacy advocates
By Shane Harris

Lawmakers, privacy advocates and civil libertarians are criticizing a
controversial Defense Department research project as an invasion of
personal privacy, and are questioning whether it should be scrapped.

In January, the Defense Advanced Research Projects Agency (DARPA) began
a multi-year effort to look for ways that technology could be used to
pre-empt terrorist attacks. Known as the Total Information Awareness
(TIA) system, much of the work centers on theoretical ways to use
information technology and human analysis to analyze transactions, such
as credit card purchases or phone calls, to find patterns that might
indicate a terrorist attack is being plotted. 

The project has outraged groups that support restrictions on the use of
personal data. At a press conference Monday in Washington, Marc
Rotenberg, executive director of the Electronic Privacy Information
Center, said the TIA system was the “hub” of a far-reaching effort by
the government to “extend surveillance of the American public.”

http://www.govexec.com/dailyfed/1102/112502h1.htm

 

[3] DDOS attack 'really, really tested' UltraDNS 
By ComputerWire
Posted: 26/11/2002 at 09:23 GMT
 
A major provider of domain name system infrastructure servic

[INFOCON] - FEMA Infogram: CIP

[Wanja Eric Naef \(IWS\)]

http://www.usfa.fema.gov/dhtml/fire-service/ignov2102.cfm 


CRITICAL INFRASTRUCTURE PROTECTION CENTER
INFOGRAM November 21, 2002

NOTE: This INFOGRAM will be distributed weekly to provide members of the
emergency services sector with news and information concerning the
protection of their critical infrastructures. For further information
please contact the U.S. Fire Administration's Critical Infrastructure
Protection Information Center at (301) 447-1325 or e-mail at
[EMAIL PROTECTED]

8 Major Tenets of CIP

With each passing day, there seems to be increasing attention given to
the protection of critical infrastructures by federal, state, and local
officials, including those of the emergency first response services. The
CIPIC is a witness to this progression given the constantly growing
number of daily phone calls and electronic messages. Therefore, for the
benefit of those who may be new to the discipline of critical
infrastructure protection (CIP), the eight majors tenets of CIP are
presented as follows: 

Terrorist attacks, natural disasters, and HazMat accidents can weaken an
organization's performance or prevent its operations. 

Among all the processes and procedures involved in emergency
preparedness, CIP is possibly the most important component. 

CIP protects the people, physical entities, and cyber systems that are
indispensably necessary for survivability, continuity of operations, and
mission success. 

It is not just about security; CIP is mainly about operational
effectiveness and "response-ability." 

CIP involves the application of a five-step systematic, analytical
process: 

Identify critical infrastructures 

Determine the threats 

Analyze vulnerabilities 

Assess risks 

Apply countermeasures 

There will never be enough resources to achieve total emergency
preparedness including infrastructure protection. 

CIP requires that senior leaders make tough decisions about what assets
really need protection by the application of scarce resources. 

There should be no tolerance for waste and misguided spending in the
business of emergency preparedness and CIP. 

Aggressive Behavior

The added anxieties or tensions brought upon emergency first responders
in the past fourteen months raise the possibility for aggressive
behavior by firefighters and emergency medical personnel. Sporadic
incidents provide some indication that concerns about preparedness for
terrorist attacks involving weapons of mass destruction, personal
safety, family security, etc., have created more than normal amounts of
negative stress for first responders. It is human nature that this
stress will occasionally manifest itself in aggressive behavior. The
CIPIC recommends that emergency service department leaders consider the
potential for this stress to be disruptive and, additionally, degrade
the protection of the organization's critical infrastructures. 


Much has been written about defusing aggressive behavior. Since violent
action can have multiple adverse effects, psychologists agree that it
must be addressed within any organization. For those chief officers who
may be confronted with such workplace behavior, the following fifteen
fundamentals are listed as a reminder for future use with a probable or
confirmed aggressive employee: 

Promote an atmosphere of cooperation and concern. 

Remain calm and avoid the display of anger or anxiety. 

Be open, straightforward, and honest in any discussion. 

Speak in a private location away from any distractions. 

Squarely face the person and maintain eye contact. 

Invite the person to discuss his/her concerns, frustrations, etc. 

Ask reflective questions that solicit detailed answers. 

Practice active listening for all the verbals and non-verbals. 

Try your best to understand the person's thoughts and feelings. 

Accept that an individual's perceptions are his/her reality. 

Encourage the aggrieved person to suggest a solution. 

Be prepared to make justifiable concessions. 

Assure you will act on any injustices experience by the individual. 

Uphold and protect the dignity of the person. 

Enable the individual to win something as well as the department. 


Dealing with the Warning Overdose

Among all the challenges that chief officers contend with on a daily
basis, another concern could become problematic if it has not already
done so: dealing with the overdose of threat advisories and warnings. If
they have not already appeared, the potential still exists that leaders
and personnel of the emergency services will experience the symptoms of
"alert fatigue." This malaise, cynicism, or despair, according to
terrorism analysts in the United States and United Kingdom, may be
triggered by the many threat advisories and warnings that are issued
without an incident or a confirmed attempt at one. These specialists
expressed fear that people-including the first line soldiers of homeland
security-will stop paying attention, which is exactly what the
terrorists want. 

Recognizing th

[INFOCON] - (HS) President Signs Homeland Act, Nominates Englandas Deputy

[Wanja Eric Naef \(IWS\)]

-Original Message-
From: DEFEND AMERICA LIST [mailto:[EMAIL PROTECTED]] 
Sent: 25 November 2002 21:22
To: [EMAIL PROTECTED]
Subject: News From DefendAMERICA.mil

President Signs Homeland Act, Nominates England as Deputy

By Jim Garamone
American Forces Press Service

WASHINGTON, Nov. 25, 2002 - When President Bush signed the Homeland
Security
Bill into law today, he established a new cabinet-level department to
ensure
the safety of the American people.

Before Bush signed the bill in a White House ceremony, he announced he
will
nominate former Pennsylvania Governor Tom Ridge to be the first
secretary of
Homeland Security. He also said he will nominate Navy Secretary Gordon
England to be deputy at the 170,000-worker agency.

The new department will analyze threats, guard borders, coordinate
national
responses and focus the "full resources of the American government on
the
safety of its people," Bush said.

The measure passed Congress with bipartisan support. It had been held up
because of concerns about a provision that would allow the president to
shift workers to areas where they were needed. Critics said the new
rules
would erode federal civil-service protections. Administration officials
said
managers needed more flexibility to protect America.

Bush thanked union leaders present at the signing ceremony. "We look
forward
to working with you to make sure that your people are treated fairly in
this
new department," he said.

The bill is a response to the Sept. 11 attacks in New York and
Washington.
The idea was to place all federal agencies involved with homeland
security
under one umbrella. The few exceptions are the military, the Federal
Bureau
of Investigation and the Central Intelligence Agency.

Bush said the government is doing everything it can to enhance security
at
airports, power plants and border crossings. "We've deployed detection
equipment to look for weapons of mass destruction," he said. "We've
given
law enforcement better tools to detect and disrupt terrorist cells which
might be hiding in our own own country."

He said the Homeland Security Act is the "next logical step" in
defending
America. The act amalgamates 22 agencies into one department. "To
succeed in
their mission, leaders of the new department must change the culture of
many
diverse agencies, directing all of them toward the principal objective
of
protecting the American people," Bush said. "The effort will take time
and
focus and steady resolve."

He said adjustments in the department will be needed as this is the
largest
reorganization of the U.S. government since the 1947 act that
established
the Defense Department.

He said the new department would analyze information collected by U.S.
intelligence agencies and match that against American vulnerabilities.
The
new agency will work with other agencies, the private sector, and state
and
local governments to harden America's defenses against terror, Bush
stated.

The agency will focus on safeguarding the U.S. computer network, and
defend
against the growing threat of chemical, biological or nuclear assaults.

The Department of Homeland Security will be one point of contact for
state
and local officials and place security for all U.S. transportation
systems
under one roof.

Bush noted the Department of Homeland Security will end duplication and
overlapping responsibilities. "Our objective is to spend less on
administrators and offices and more on working agents in the field; less
on
overhead and more on protecting our neighborhoods and borders and waters
and
skies from terrorists," he said.






IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - UNIRAS Brief - 420/02 - Malicious Software report

[Wanja Eric Naef \(IWS\)]

-Original Message-
From: UNIRAS (UK Govt CERT) [mailto:[EMAIL PROTECTED]] 
Sent: 25 November 2002 16:10
To: [EMAIL PROTECTED]
Subject: UNIRAS Brief - 420/02 - Malicious Software report
Importance: High

-BEGIN PGP SIGNED MESSAGE-

-

--
   UNIRAS (UK Govt CERT) Briefing Notice - 420/02 dated 25.11.02  Time:
16:02
 UNIRAS is part of NISCC(National Infrastructure Security Co-ordination
Centre)
-

--
  UNIRAS material is also available from its website at
www.uniras.gov.uk and
 Information about NISCC is available from www.niscc.gov.uk
-

--

Title
=
Malicious Software Report
I-Worm.Winevar, WORM_WINEVAR.A, W32/Korvar, Worm/Bride.C,
W32.HLLW.Winevar

Detail
==

The details of the new trojan variant are as follows:

Trojan name: W32/WineVar.A-mm
Number of copies seen so far: 264
Time & Date first Captured: 22 Nov 2002, 08:55 GMT
Origin of first intercepted copy: South Korea
Number of countries seen active: 9
Top three most active countries: South Korea, UK, Russia


Technical Details

W32/WineVar.A-mm appears to add .CEO to the list of executable files.
This means that if you do not completely clean up after this virus, the
writer may be able to get you next time (because .CEO will not be on
your list of known executable files.

The virus utilizes the well-known MS01-020 vulnerability, and also
exploits the com.ms.activeX.ActiveXComponent weakness.

In copies that we have seen so far, an example of the e-mail is as
follows:

Subject: Re: AVAR (Association of Anti-Virus Asia Reseachers)

Body:
 (None)

Attachments:
 WIN(hex number).TXT (12.6 KB)  MUSIC_1.HTM
 WIN(hex number).pif
 WIN(hex number).GIF (120 bytes)  MUSIC_2.CEO

Comment

SkepticT detected W32/WineVar.A-mm heuristically.  No MessageLabs
customers were affected.

Further information may be found at the MessageLabs website at:
www.MessageLabs.com/VirusEye

Useful URLs:
http://www.sophos.co.uk/virusinfo/analyses/w32winevara.html
http://www.fsecure.com/v-descs/winevar.shtml
http://vil.nai.com/vil/content/v_99819.htm
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.winevar
.html

-

--

For additional information or assistance, please contact the HELP Desk
by
telephone or Not Protectively Marked information may be sent via EMail
to:

[EMAIL PROTECTED]
Tel: 020 7821 1330 Ext 4511
Fax: 020 7821 1686

-

--
UNIRAS wishes to acknowledge the contributions of Messagelabs for the
information
contained in this Briefing.
-

--
This Briefing contains the information released by the original author.
Some
of the information may have changed since it was released. If the
vulnerability
affects you, it may be prudent to retrieve the advisory from the
canonical site
to ensure that you receive the most current information concerning that
problem.

Reference to any specific commercial product, process, or service by
trade
name, trademark manufacturer, or otherwise, does not constitute or imply
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The
views
and opinions of authors expressed within this notice shall not be used
for
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors
or omissions contained within this briefing notice. In particular, they
shall
not be liable for any loss or damage whatsoever, arising from or in
connection
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams
(FIRST)
and has contacts with other international Incident Response Teams (IRTs)
in
order to foster cooperation and coordination in incident prevention, to
prompt
rapid reaction to incidents, and to promote information sharing amongst
its
members and the community at large.
-

--

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.8 for non-commercial use 

iQCVAwUBPeJKLIpao72zK539AQH0KgP/ebEXslVzac/4e2MU87aRmZp5iRC4ZO7A
DWNjitaOej6Sq9jsEKuKMLACVaOK9lHRyLhlfeGU4pAmSrEmkJSK4Xi+iQUXlhQO
BRg7Z+8ceTXcAnCG1isj1kgWebBAlWsYM+7nok4Tut3l6MeExtaZDlLau6psinnI
JycU+r9b/kY=
=ErGd
-END PGP SIGNATURE-




IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - Announcing the release of 2 NIST Computer SecuritySpecial Publications

[Wanja Eric Naef \(IWS\)]

-Original Message-
From: compsecpubs@nist.
Sent: 25 November 2002 15:38
To: Multiple recipients of list
Subject: Announcing the release of 2 NIST Computer Security Special
Publications

November 25, 2002 (NIST releases 2 new Special Publications):

1.  NIST is pleased to announce the release of the Special Publication
SP 
800-43, Systems Administration Guidance for Windows 2000 Professional
and 
the Special Publication SP 800-48, Wireless Network Security: 802.11, 
Bluetooth, and Handheld Devices.

The SP 800-43 provides detailed information about the security features
of 
Win2K Pro, security configuration guidelines for some popular
applications, 
and security configuration guidelines for the Win2K Pro operating
system. 
The document assists the users and system administrators of Windows 2000

Professional systems in configuring their hosts by providing
configuration 
templates and security checklists.

The document and security templates are available at

http://csrc.nist.gov/itsec/guidance_W2Kpro.html 

2.  The SP 800-48 examines the benefits and security risks of 802.11 
Wireless Local Area Networks (WLAN), Bluetooth Ad Hoc Networks, and 
Handheld Devices such as Personal Digital Assistants (PDA). The document

also provides practical guidelines and recommendations for mitigating
the 
risks associated with these technologies. The guide is available at

http://csrc.nist.gov/publications/nistpubs/ 




IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - News 11/25/02

[Wanja Eric Naef \(IWS\)]

(Due to a power outage there was no Infocon on Friday. WEN)

_

  London, Monday, November 25, 2002 
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body

-

_


  
  [News Index]
  

[1] Homeland Security organized along administration's proposal
[2] War with Iraq will mean virus outbreak, hacker says
[3] Academy seizes computers from nearly 100 mids
[4] White House science team outlines anti-terrorism focus
[5] Tech Insider: Total information unawareness

[6] Sept. 11 showed work needed on Internet
[7] Pentagon backs off on Net ID tags
[8] Preparing for a Different Kind of Cyberattack
[9] Net auctions targeted for crackdown
[10] No two cyber-policies are alike

[11] When Washington Mimics Sci Fi
[12] Security Alert: New Wi-Fi Security Scheme Allows DoS
[13] Comdex's Secure Side
[14] Court to decide Kazaa's US liability
[15] Congress responds to concerns, but conflict could delay action

[16] Why is mi2g so unpopular?
[17] Internet security journalist hacks Saddam's e-mail
[18] Microsoft warns of security hole
[19] SQL Injection and Oracle
[20] Researchers: Pull plug on battery attacks

[21] Marines move toward PKI
_

News
_

_

CURRENT THREAT LEVELS 
_


Electricity Sector Physical: Elevated (Yellow) 

Electricity Sector Cyber: Elevated (Yellow) 

Homeland Security Elevated (Yellow) 
DOE Security Condition: 3, modified  

NRC Security Level: III (Yellow) (3 of 5)


   


[1] Homeland Security organized along administration's proposal
By Tanya N. Ballard

The Homeland Security Department approved by Congress this week looks
much like the department President Bush proposed five months ago. 

The new department will merge at least 170,000 federal employees from 22
agencies who perform a vast array of missions, from agricultural
research to port security to disaster assistance. Under H.R. 5005, the
Homeland Security Department would include the Transportation Security
Administration, Customs Service, Immigration and Naturalization Service,
Secret Service, Coast Guard and Federal Emergency Management Agency. The
agencies will be reorganized into four directorates within the
department: Information Analysis and Infrastructure Protection, Science
and Technology, Border and Transportation Security, and Emergency
Preparedness and Response. 

The information analysis unit would absorb all of the functions of the
FBI's National Infrastructure Protection Center, the Defense
Department's National Communications System, the Commerce Department's
Critical Infrastructure Assurance Office, the Energy Department's
National Infrastructure Simulation and Analysis Center, and the General
Services Administration's Federal Computer Incident Response Center.

http://www.govexec.com/dailyfed/1102/112002t1.htm

 

(FUD. A bragging teenager who is rather a lame virus writer, but
naturally the journalist believes him that he is able to write a
'Uebervirus'. WEN)

[2] War with Iraq will mean virus outbreak, hacker says

By DAN VERTON 
NOVEMBER 20, 2002

Content Type: Story 
Source: Computerworld
  
A Malaysian virus writer who is sympathetic to the cause of the al-Qaeda
terrorist group and Iraq and who has been connected to at least five
other malicious code outbreaks is threatening to release a megavirus if
the U.S. launches a military attack against Iraq. 
The virus writer, who goes by the handle Melhacker and is believed to
have the real name of Vladimor Chamlkovic, is thought to have written or
been involved in the development of the VBS.OsamaLaden@mm, Melhack,
Kamil, BleBla.J and Nedal worms. 

However, in an exclusive interview today with Computer

[INFOCON] - USAF: Why worry about computer security?

[Wanja Eric Naef \(IWS\)]

Why worry about computer security?

by Master Sgt. Keith Korzeniowski and Jack Worthy
45th Communications Squadron

11/20/2002 - PATRICK AIR FORCE BASE, Fla. (AFPN) -- Before going to bed
at night, do you leave your front door unlocked? When parking your car,
do you leave the keys in the ignition? Probably not. You automatically
take precautions to secure valuables. 

Information is a valuable asset for our national security. In the
computer age, information has become the lifeblood of many companies. 

Failure to safeguard information as you would your home or other assets
is ludicrous. Unfortunately, according to a 1999 study done by the
University of California all too often security measures are either
minimized or ignored by 26 percent of the entire information technology
and automated information system communities. 

For those in the know, the need for computer security measures is
apparent. Even though data assets can be lost, damaged or destroyed by
various causes, information systems tend to be susceptible for several
reasons. 

First, computer components are relatively fragile. Hardware can be
damaged more easily than, for example, tools in an auto repair shop.
Data files are extremely fragile compared to other organizational
assets. Second, computer systems are targets for disgruntled employees,
protestors and even criminals. Finally, decentralization of facilities
and use of distributed processing have increased vulnerability of
information and computers. 

There are many ways to protect and prevent access to computer systems,
from physical security involving locks and guards, to measures embedded
in the system itself. Since end users have access, each represents a
potential vulnerability. Many security measures begin with you. 

Here are some guidelines: 

* Know your unit information systems security officer, and information
assurance awareness manager, and phone numbers for the network control
center's C4 help desk. 

* Ensure your system is certified and accredited. Systems designated to
handle classified information must complete an emission security
assessment before processing is authorized. 

* Practice good password creation and protection. Ensure passwords
contain at least eight characters, including upper and lower case alpha,
numeric and special characters, and are exclusive to your system. 

* Use a password-protected screensaver when leaving your computer
unattended. 

* Share information only with people and systems authorized to receive
it. 

* Always scan disks, e-mail attachments and downloaded files using the
latest antiviral product and signature file. 

* Know the sensitivity level of the information you're processing,
requirements for protecting it, and security limitations of systems used
to transmit it. Sanitize processing and storage devices. 

* Know the basics of data contamination, malicious logic, and virus
prevention and detection. 

*Avoid virus hoaxes and chain letters. 

The telecommunications monitoring and assessment program governs consent
to monitoring. Notification of consent is approved through signed
permission and is placed on DOD computers, personal digital assistants,
local area networks, external modems, phones, fax machines, text pagers,
phone directories, and land mobile radios. 

Being a base network user is like being a member of the local community,
which provides services to its citizens. Just as a community has laws,
the network has policies. 

First, e-mail is for official use only. Policy is addressed in Air Force
Instruction 33-119, Electronic Mail Management and Use. Forbidden
activities include sending or receiving e-mail for commercial or
personal financial gain, and sending harassing, intimidating, or
offensive material to or about others. 

Like e-mail, Internet or Web access provided by the network is for
official use only. AFI 33-129, Transmission of Information via the
Internet, provides guidance on proper use of the Internet. Do not
transmit offensive language or materials, such as hate literature and
sexually harassing items, and obscene language or material, including
pornography and other sexually explicit items. The AFI also prohibits
obtaining, installing, copying, storing or using software in violation
of the vendor's license agreement. Before downloading software from the
Internet, keep in mind much of the freeware or shareware is only free
for personal use. Licenses for many programs exclude use by the
government or commercial companies. 

If you break the law in your community you can face serious
consequences. What may be less known is that violating network policies
also has consequences. A captain at Wright Patterson AFB, Ohio, was
sentenced to nine months' confinement, a $10,000 fine and a reprimand
for conduct unbecoming an officer for using an Air Force computer to
download and store pornographic images. 

The base network is an unclassified system and a shared resource. One
careless user sending a classified e-mail 

[INFOCON] - EPIC Alert 9.23

[Wanja Eric Naef \(IWS\)]

-Original Message-
On Behalf Of EPIC News
Sent: 19 November 2002 23:54
To: [EMAIL PROTECTED]
Subject: EPIC Alert 9.23


 ==

     @@@    @@     @
 @ @  @   @   @@ @   @ @ @  @@
   @@@@   @   @  @ @@@   @@@ @
 @ @  @   @   @   @  @ @ @  @@
   @ @@@  @   @      @   @   @

 ==
 Volume 9.23  November 19, 2002
 --

  Published by the
Electronic Privacy Information Center (EPIC)
  Washington, D.C.

   http://www.epic.org/alert/EPIC_Alert_9.23.html

===
Table of Contents
===

[1] Public Protest Over Pentagon Surveillance System Mounts
[2] Appeals Court Permits Broader Electronic Surveillance
[3] Homeland Security Bill Limits Open Government
[4] Circuit Court Approves Faxed Warrants
[5] DC City Council Attacks Camera System, Adopts Regulations
[6] California Passes Database Privacy Legislation
[7] EPIC Bookstore - Data Protection Law
[8] Upcoming Conferences and Events

===
[1] Public Protest Over Pentagon Surveillance System Mounts
===

The Pentagon's proposed "Total Information Awareness" (TIA)
surveillance system is coming under increasing attack.  In an open
letter sent yesterday, a coalition of over 30 civil liberties groups
urged Senators Thomas Daschle (D-SD) and Trent Lott (R-MS) to "act
immediately to stop the development of this unconstitutional system of
public surveillance."  Newspapers across the country have written
editorials castigating the program.  The New York Times has said that
"Congress should shut down the program pending a thorough
investigation."  The Washington Post wrote, "The defense secretary
should appoint an outside committee to oversee it before it proceeds."
William Safire's recent column, which played a major role in igniting
the public outcry, called the surveillance system "a supersnooper's
dream."

The TIA project is part of the Defense Advanced Research Projects
Agency (DARPA)'s Information Awareness Office, headed by John
Poindexter.  The surveillance system purports to capture a person's
"information signature" so that the government can track potential
terrorists and criminals involved in "low-intensity/low-density"
forms of warfare and crime.  The goal of the system is to track
individuals by collecting as much information about them as possible
and using computer algorithms and human analysis to detect potential
activity.  The project calls for the development of "revolutionary
technology for ultra-large all-source information repositories," which
would contain information from multiple sources to create a "virtual,
centralized, grand database."  This database would be populated by
transaction data contained in current databases, such as financial
records, medical records, communication records, and travel records,
as well as new sources of information.  Intelligence data would also
be fed into the database.

A key component of the project is the development of data mining or
knowledge discovery tools that will sift through the massive amount
of information to find patterns and associations.  The surveillance
plan will also improve the power of search tools such as Project
Genoa, which Poindexter's former employer Syntek Technologies
assisted in developing.  The Defense Department aims to fund the
development of more such tools and data mining technology to help
analysts understand and even "preempt" future action.  A further
crucial component is the development of biometric technology to
enable the identification and tracking of individuals.  DARPA has
already funded its "Human ID at a Distance" program, which aims to
positively identify people from a distance through technologies such
as face recognition and gait recognition.  A nationwide
identification system might also be of great assistance to such a
project by providing an easy means to track individuals across
multiple information sources.

The initial plan calls for a five year research project into these
various technologies.  According to the announcement soliciting
industry proposals, the interim goal is to build "leave-behind
prototypes with a limited number of proof-of-concept demonstrations
in extremely high risk, high payoff areas."  The FBI and the
Transportation Security Administration (TSA) are also working on data
mining projects that will merge commer

[INFOCON] - News 11/20/02

[Wanja Eric Naef \(IWS\)]

_

  London, Wednesday, November 20, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body

-

_


  
  [News Index]
  

[1] U.S. fails cybersecurity review--again
[2] Experts: Don't dismiss cyberattack warning
[3] Cyber center planned
[4] Senate approves Homeland bill
[5] Business Week Online Special - Enhancing Computer Security

[6] Caught in a BIND
[7] Navy restructuring CIO's office
[8] A case in point
[9] Internet Provisions in Security Bill
[10] Don't trust that spam: Ignore 'Nigerian scam'

[11] At a stroke, MS cuts critical vuln reports
[12] Bill's secrecy provisions stick
[13] Security Through Soundbyte: The 'Cybersecurity Intelligence' Game
[14] Local officials give homeland bill mixed reviews
[15] CIA searching out technologies to boost national security

[16] Internet, E-Commerce Boom Despite Economic Woes
[17] Liberty Alliance Updates Specs
[18] Hill OKs security research
[19] Northcom orders C4ISR, info ops work

_

News
_


[1] U.S. fails cybersecurity review--again 

By Reuters 
November 19, 2002, 3:04 PM PT

The U.S. government flunked a computer-security review for the third
consecutive year on Tuesday, showing no improvement despite increased
attention from high-level officials. 

Government agencies that oversee military forces, prosecute criminals,
coordinate emergency response efforts and set financial policy all
received failing grades from congressional investigators. 

The Department of Transportation, whose computer systems guide
commercial aircraft and allocate millions of dollars in highway funding,
received the lowest score, 28 out of a possible 100. 

Stung by a series of electronic break-ins and Internet-based attacks,
Congress has voted to triple spending on cybersecurity research efforts
while the Bush administration is pulling together a much-publicized set
of guidelines for businesses and individuals.

http://news.com.com/2100-1001-966444.html?tag=lh 

See also:
http://www.mail-archive.com/infocon@infowarrior.org/msg00321.html 


 

(There is quite a difference between developing an 'expertise in
computer science' and launch a strategic CNO campaign. Just ask some IO
people from Kelly AFB or Fort Mead and they will agree. AQ claims lots
of things and it certainly makes sense that they research this area, but
there is a major difference between 'looking into something' and
actually having the capability of doing something like that. It takes
quite a bit more than a mouse click to bring down an economy. So, I
would still say that at the moment any kinetic force is far more
powerful than any ping of death. WEN)   

[2] Experts: Don't dismiss cyberattack warning

By DAN VERTON 
NOVEMBER 18, 2002

Security experts and two former CIA officials said today that warnings
of cyberattacks by al-Qaeda against western economic targets should not
be taken lightly. 

Vince Cannistraro, the former chief of counterterrorism at the CIA, said
that a number of Islamists, some of them close to al-Qaeda, have
developed expertise in computer science. 

"And some are well schooled in how to carry out cyberattacks," he said.
"We know from material retrieved from [al-Qaeda] camps in Afghanistan
that this is true. But their expertise seems mostly dedicated to
communicating securely among al-Qaeda cells. Cyberattacks would probably
render them less secure by focusing attention on their location." 

In an exclusive interview with Computerworld on Monday, Sheikh Omar
Bakri Muhammad, a London-based fundamentalist Islamic cleric with known
ties to Osama bin Laden, said al-Qaeda and various other fundamentalist
Muslim groups around the world are actively planning to use the Internet
as a weapon in their "defensive" jihad, or holy war, against the West. 

http://computerworld.com/securitytopics/security/story/0,10801,76000,00.
html

[INFOCON] - (HS) President Hails Passage of Homeland SecurityDepartment Legislation

[Wanja Eric Naef \(IWS\)]

(The new bureaucratic monster is coming! I am looking forward to the
turf wars. WEN)

*

White House:

President Hails Passage of Homeland Security Department Legislation 
Statement by the President 

The United States Congress Has Taken An Historic and Bold Step forward
to protect the American people by passing legislation to create the
Department of Homeland Security. This landmark legislation, the most
extensive reorganization of the Federal Government since the 1940s, will
help our Nation meet the emerging threats of terrorism in the 21st
Century. 

This bill includes the major components of my proposal - providing for
intelligence analysis and infrastructure protection, strengthening our
borders, improving the use of science and technology to counter weapons
of mass destruction, and creating a comprehensive response and recovery
division. 

I commend the employees who will move into this new department for their
hard work and dedication to the war on terrorism. Setting up this new
department will take time, but I know we will meet the challenge
together. 

I look forward to signing this important legislation. 

###

*

AP News flash:

WASHINGTON (AP) - The Senate voted decisively Tuesday to create a
Homeland Security Department, delivering a triumph to President Bush
and setting the stage for the biggest government reshuffling in a
half-century as a way to thwart and respond to terrorist attacks.

**

CNN:

Senate approves homeland bill
Tuesday, November 19, 2002 Posted: 8:23 PM EST (0123 GMT)

WASHINGTON (CNN) -- Capping months of debate, the Senate Tuesday
approved 90-9 a bill that would create a Department of Homeland Security
-- a massive reorganization of the federal government sparked by the
devastating September 11, 2001 terrorist attacks. 

The measure heads to the White House, where President Bush has promised
to sign the legislation into law, possibly next week said a spokesman
for the Office of Homeland Security. 

Creation of the Cabinet-level department dedicated to protecting the
United States from terrorist attacks is expected to take years and will
combine about 170,000 federal workers from 22 agencies. 

The push for a new Cabinet-level department originally came from
Democrats and was initially opposed by the administration. 

http://www.cnn.com/2002/ALLPOLITICS/11/19/homeland.security/index.html

**

GOVEXEC:

Bush, Senate GOP win big on homeland security bill 

By Brody Mullins, CongressDaily 

President Bush won a hard-fought victory Tuesday on homeland security
legislation when the Senate rejected a key Democratic amendment that
would have delayed approval of a Homeland Security Department until next
month at the earliest.

The 52-47 vote also cleared the way for final approval of the bill later
Tuesday after a four-month partisan fight.

http://www.govexec.com/dailyfed/1102/111902cd1.htm 











IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - (HS) Ridge: Terrorist Threat Persists & Rummy onDARPA's Info Awareness Experiment

[Wanja Eric Naef \(IWS\)]

'... Intelligence officials have made enormous progress in combining
domestic and foreign intelligence-gathering capabilities. They're now
gathering more information and in the past couple of weeks, Ridge said,
they're reporting more "chatter." ...'

(The Economist - 'The World In 2003' has a good one page article titled
'The Spy who failed me' which gives a good overview of the current
problems intelligence agencies face. WEN) - some quotes from the
article:

... The end of the Soviet Union led some to opine that spying was no
longer a useful instrument of peace. In fact, in a world of rogue states
and terrorists that strike without warning, it is sometimes the only
instrument. ...

... Many experts believe that the powers of the CIA director should be
increased -- giving him greater control over the intelligence budget ...

... Getting fresh-faced boys and girls from Iowa to cruise the cocktail
party isn't going to do it (human intelligence) 

... In addition to intelligence gathering, equally in need of a
shake-ups is how the secrets are analysed. This will be harder. The
trouble is that the United States intelligence 'community' is no
community at all ...

*

U.S. officials are taking the threats voiced in the tape against the
president, vice president and defense secretary "very, very seriously,"
Ridge said. "All terrorist organizations, from time to time, look to
assassination as a means of bringing terror and destruction to a country
or a community."

(Interesting statement because as far as I remember the secret service
has been cutting down on their counter sniper and counter assault teams
within the presidential protection corps, but hopefully they changed
their mind again. WEN)

*

Ridge: Terrorist Threat Persists; Nation Must Be Prepared
By Linda D. Kozaryn
American Forces Press Service 

WASHINGTON, Nov. 18, 2002 - The spectacular attack in Indonesia, the
limited attack in Kuwait and the assault on the French tanker off the
shores of Yemen all show terrorists' capabilities, Homeland Security
Adviser Tom Ridge said Nov. 17. 

"The bottom line is that they've demonstrated an ability to attack
countries and people in various forms, and we have to be alert and aware
and be as well-prepared to interdict and prevent all of those potential
forms of attack," Ridge said on CNN's Late Edition. 

The FBI's latest bulletin, issued last week by the National
Infrastructure Protection Center, warned of possible "spectacular
attacks" that would have high symbolic value, cause mass casualties and
severe damage to the U.S. economy and create maximum psychological
trauma. 

Ridge said the FBI had summarized threat information received over the
past six to eight weeks. The warning, he noted, was a reminder to law
enforcement officials and the public that terrorists could certainly try
to bring harm, death and destruction like they did a year ago. 

U.S. officials review the national threat level each day, Ridge noted.
"Right now, both within government and in the private sector, there's a
range of protective measures you can take within the yellow level," he
said. "We are at the upper end of that range." 

The White House established the Homeland Security Advisory System as a
means of disseminating information regarding the risk of terrorist acts
to federal, state and local authorities and to the public. Five threat
levels are designated by colors: low is green; guarded, blue; elevated,
yellow; high, orange; severe, red. 

Intelligence officials have made enormous progress in combining domestic
and foreign intelligence-gathering capabilities. They're now gathering
more information and in the past couple of weeks, Ridge said, they're
reporting more "chatter." 

"We must remember that we're getting more information because we have
nearly 2,700 al Qaeda operatives detained around the world," Ridge
noted. "So we're getting more information, both about the threat and
about operational capability." 

Information is being shared with the public, but "sometimes, with an
abundance of caution," he said. "Sometimes it's not corroborated, and we
want to go back and see if we can find it verified more completely." 

If officials have specific information about the time, place, venue and
means of attack, Ridge said, they would take action. 

Sources of information include public statements from the al Qaeda
leadership such as the audiotape aired recently by Al Jazeera television
network. Ridge said the U.S. intelligence community believes it's likely
the tape is the voice of Osama bin Laden. 


Whether or not the speaker is the terrorist leader, he said, the hate
and venom contained in the tape is what led to the Sept. 11 attack on
the United States. Whenever such a speaker reiterates his conditions,
threats and age-old complaints, "we understand it is from an evil heart,
a hateful heart and an evil mind and an evil man, and we just have to
deal with it." 

Responding to those critical of the administration for fa

[INFOCON] - GAO: Computer Security Report

[Wanja Eric Naef \(IWS\)]

(Infocon will resume tomorrow as normal. (I have been abroad and just
returned today). The report below is well worth a read, even though it
does not really contain anything new. By the way, I would also recommend
reading my all time favourite GAO InfoSec report titled 'Information
Security
Management Learning From Leading Organizations' from May 1998 which is
available at http://www.gao.gov/archive/1998/ai98068.pdf and which is
really well done. WEN)  

Computer Security:  Progress Made, but Critical Federal Operations and
Assets Remain at Risk, by Robert F. Dacey, director, information
security, before the Subcommittee on Government Efficiency, Financial
Management, and International Relations, House Committee on Government
Reform.  GAO-03-303T, November 19. 

http://www.gao.gov/cgi-bin/getrpt?GAO-03-303T 

Although GAO's current analyses of audit and evaluation reports for the
24
major departments and agencies issued from October 2001 to October 2002
indicate some individual agency improvements, overall they continue to
highlight significant information security weaknesses that place a broad
array of federal operations and assets at risk of fraud, misuse, and
disruption. GAO identified significant weaknesses in each of the 24
agencies
in each of the six major areas of general controls. As in 2000 and 2001,
weaknesses were most often identified in control areas for security
program
management and access controls. All 24 agencies had weaknesses in
security
program management, which provides the framework for ensuring that risks
are understood and that effective controls are selected and properly
implemented (see figure below for list of major weaknesses).

Implementation of the Government Information Security Reform provisions
("GISRA") is proving to be a significant step in improving federal
agencies'
information security programs. It has also prompted the administration
to
take important actions to address information security, such as
integrating
security into the President's Management Agenda Scorecard. However,
GISRA is scheduled to expire on November 29, 2002. GAO believes that
continued authorization of such important information security
legislation is essential to sustaining agencies' efforts to identify and
correct significant weaknesses.

In addition to reauthorizing this legislation, there are a number of
important steps that the administration and the agencies should take to
ensure that information security receives appropriate attention and
resources and that known deficiencies are addressed. These steps include
delineating the roles and responsibilities of the numerous entities
involved in federal information security and related aspects of critical
infrastructure protection; providing more specific guidance on the
controls agencies need to implement; obtaining adequate technical
expertise to select, implement, and maintain controls to protect
information systems; and allocating sufficient agency resources for
information security.
 




IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - Reality Bytes: Cyberterrorism and Terrorits 'Use' ofthe Internet

[Wanja Eric Naef \(IWS\)]

(Maura wrote a nice paper. WEN)

'... Terrorist 'use' of the Internet has been largely ignored, however,
in favour of the more headline-grabbing 'cyberterrorism.' The purpose of
this paper is to help remedy that deficiency. ...'

Reality Bytes: Cyberterrorism and Terrorist 'Use' of the Internet by
Maura Conway

This paper examines the concept of cyberterrorism. Fringe activity on
the Internet ranges from non-violent 'Use' at one end to
'Cyberterrorism' at the other. Rejecting the idea that cyberterrorism is
widespread, the focus here is on terrorist groups' 'use' of the
Internet, in particular the content of their Web sites, and their
'misuse' of the medium, as in hacking wars, for example. Terrorist
groups' use of the Internet for the purpose of inter-group communication
is also surveyed, partly because of its importance for the
inter-networked forms of organisation apparently being adopted by these
groups, but also due to the part played by the Internet in the events of
September 11 and their aftermath.

Contents
Introduction
What is Cyberterrorism?
'Use' and 'Misuse': Some Empirical Observations
(Inter)Networking and 9-11
The Internet and 9-11: The Aftermath
Conclusion

http://firstmonday.org/issues/issue7_11/conway/ 

'... The Internet is neither simply a potential vehicle for carrying out
attacks nor a potential target, however. The Internet is also the
instrument of a political power shift. It is the first many-to-many
communication system. The ability to communicate words, images, and
sounds, which underlies the power to persuade, inform, witness, debate,
and discuss (not to mention the power to slander, propagandise,
disseminate bad or misleading information, engage in misinformation
and/or disinformation, etc.) is no longer the sole province of those who
own or control printing presses, radio stations, or television networks.
Every machine connected to the Internet is potentially a printing press,
a broadcasting station, or a place of assembly. And in the twenty-first
century, terrorists are availing of the opportunity to connect. The
Internet is an ideal propaganda tool for terrorists: in the past they
had to communicate through acts of violence and hope that those acts
garnered sufficient attention to publicise the perpetrators cause or
explain their ideological justification. ...'

'... When it comes to discussion of cyberterrorism, there are two basic
areas in which clarification is needed. One has to do with the confusion
between cyberterrorism and cybercrime. Such confusion is partly caused
by the lack of clear definitions of the two phenomena. A U.N. manual on
IT-related crime recognises that, even after several years of debate
among experts on just what constitutes cybercrime and what
cyberterrorism, "there is no internationally recognised definition of
those terms" (Mates, 2001). The second has to do with making clear
distinctions between two different facets of terrorist usage of
information technology: terrorist use of computers as a facilitator of
their activities, and terrorism involving computer technology as a
weapon or target. ...'

Conclusion

'... In conclusion, the bulk of the evidence to date shows that
terrorist groups are making widespread use if the Internet, but so far
they have not resorted to cyberterrorism, or shown the inclination to
move heavily in this direction. In keeping with this reality, Richard
Clarke, White House special adviser for Cyberspace Security, has said
that he prefers not to use the term 'cyberterrorism,' instead, he
favours the term 'information security' or 'cyberspace security,' since
at this stage terrorists have only used the Internet for propaganda,
communications, and fundraising (Wynne, 2002). ...'








IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - The September 2002 Trends in Proprietary InformationLoss Study

[Wanja Eric Naef \(IWS\)]

-Original Message-
From: @ncix.gov] 
Sent: 15 November 2002 14:51
Subject: NCIX WEB SITE UPDATE ADVISORY #21-2002

Dear Friends and Colleagues: 

The September 2002 Trends in Proprietary Information Loss Study,
conducted by PricewaterhouseCoopers, the U.S. Chamber of Commerce and
the American Society for Industrial Security, may be viewed by linking
to http://www.asisonline.org/pdf/spi2.pdf . 




IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - News 11/15/02

[Wanja Eric Naef \(IWS\)]

_

  London, Friday, November 15, 2002

_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_

CURRENT THREAT LEVELS 

• Electricity Sector Physical: Elevated (Yellow) 
• Electricity Sector Cyber: Elevated (Yellow) 
• Homeland Security Elevated (Yellow) 
• DOE Security Condition: 3, modified  
• NRC Security Level: III (Yellow) (3 of 5)

-

To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body

-

_


  
  [News Index]
  

[1] Controversial provisions could delay Senate homeland vote
[2] Homeland Security bill would reorganize federal first responder
programs
[3] The government wants you -- to be a cyber-security soldier
[4] Briton fights extradition in hacking
[5] How To Protect Yourself From "Wireless" Computer Hackers

[6] Security adviser presses for new intelligence analysis agency
[7] Consortium demos secure network
[8] MS Takes Hard Line on Security  
[9] Linux, Open Source have 'more security problems than Windows'
[10] Russians wage cyberwar to disrupt separatists

[11] Popular packet sniffing packages contaminated by Trojan
[12] FBI warns of risk of al-Qaida attack
[13] Al Qaeda's New Tactics
[14] Study Makes Less of Hack Threat  
[15] US gov's 'ultimate database' run by a felon

[16] FTC drawing the line on spammers
[17] When firewalls and intrusion detection just aren't enough
[18] IT directors unsure of tech benefits
[19] Alien Autopsy: Reverse Engineering Win32 Trojans on Linux
[20] Air Force piloting SIPRNET portal

[21] Air Force planning enterprise C4ISR review
[22] Air Force rolling out XML e-forms

_

News
_


[1] Controversial provisions could delay Senate homeland vote
By Brody Mullins and April Fulton, Congress Daily 

While senators remain focused on debate over personnel rules for the new
Homeland Security Department, that issue is far from the only
controversial matter remaining in the bill. From vaccine liability
protections to a delay in an airport baggage-screening deadline, the
GOP-drafted bill that passed the House Wednesday and heads to the Senate
Thursday includes contentious measures quietly written into the bill as
the congressional session draws to a close. 

Senate leaders, determined to create the Homeland Security Department
before the year's end, are likely to accept most of the provisions.
Still, the new debates could push a final vote on the underlying bill
into next week. ,P> Governmental Affairs Committee Chairman Joseph
Lieberman, D-Conn., who wrote the Democrats' version of the bill, said
he is "especially concerned" about the latest GOP bill, because it
contains "a number of special-interest provisions that are being sprung
on the Senate without prior warning or consideration. This is really not
the time for that." 

http://www.govexec.com/dailyfed/1102/111402cdam1.htm

 

[2] Homeland Security bill would reorganize federal first responder
programs 
By Jason Peckenpaugh 

The White House and the Senate have agreed to a major shake-up of
federal programs that provide anti-terrorism training to thousands of
“first responders” in state and local governments as part of the
homeland security bill now being considered by the Senate. 

The reorganization, which is part of the homeland security bill passed
Wednesday by the House, takes anti-terrorism training duties away from
the Federal Emergency Management Agency and puts them in the Border and
Transportation Security division of the Homeland Security Department. 

Specifically, the deal carves out the Office of National Preparedness
from FEMA and places it under the Office of Domestic Preparedness (ODP),
which will take the lead in training and equipping thousands of “first
responders” in the new department. The ODP is currently in the Justice
Department, but it would move to the Border and Transportation Security
Division of the Homeland Security Depa

[INFOCON] - NIPC: Information Bulletin 02-010

[Wanja Eric Naef \(IWS\)]

CURRENT THREAT LEVELS 

• Electricity Sector Physical: Elevated (Yellow) 
• Electricity Sector Cyber: Elevated (Yellow) 
• Homeland Security Elevated (Yellow) 
• DOE Security Condition: 3, modified  
• NRC Security Level: III (Yellow) (3 of 5) 

***

http://www.nipc.gov/publications/infobulletins/2002/ib02-010.htm 

National Infrastructure Protection Center

HOMELAND SECURITY INFORMATION UPDATE

RECENT RELEASE OF POSSIBLE USAMA BIN LADEN AUDIOTAPE MESSAGE FORESHADOWS
POTENTIAL Al-QA’IDA ATTACKS

Information Bulletin 02-010
November 14, 2002

NIPC Information Bulletins communicate issues that pertain to the
critical national infrastructure and are for informational purposes
only.   

On November 12, 2002, the al-Jazeera satellite television network
broadcast an audio taped message purported to be from Al-Qa’ida leader
Usama bin Laden.   In the message, the speaker praises the recent
attacks against Western interests worldwide:  firearms attacks against
U.S. Marines in Kuwait, the fatal shooting of an American diplomat in
Jordan, the bombing of a nightclub district in Bali, the attempted
sinking of the French oil tanker Limburg, and the taking of hostages by
Chechen guerrillas at a Moscow theater.  The speaker also threatens
further attacks against the United States and its allies should the
United States attack Iraq.  

The U.S. Government is currently analyzing the tape to determine its
authenticity.

Based on the release of the audiotape, intelligence reporting, a
resurgence of Al-Qa’ida operational activity, and what is known about
Al-Qa’ida’s modus operandi, the NIPC is notifying Information Bulletin
recipients of possible attacks in the United States.  

In selecting its next targets, sources suggest Al-Qa’ida may favor
spectacular attacks that meet several criteria:  high symbolic value,
mass casualties, severe damage to the US economy, and maximum
psychological trauma.  The highest priority targets remain within the
aviation, petroleum, and nuclear sectors as well as significant national
landmarks.

However, target vulnerability and likelihood of success may be as
important to a weakened Al-Qa’ida as the target’s prominence.  Sources
also suggest that small-scale terrorist operations against softer
targets would be easier for sleeper cells already in the US to carry out
and would minimize the need to communicate with central leadership,
lowering the risks of detection.  Thus, Al-Qa’ida’s next attack may rely
on conventional explosives and low-technology platforms such as truck
bombs, commercial or private aircraft, small watercraft, or explosives
easily concealed and planted by terrorist operatives.

Due in part to the lack of specificity of method, location, and timing,
the Homeland Security Advisory System threat level will remain at Yellow
(Elevated) at this time.  

The NIPC encourages individuals to report information concerning
suspicious activity to their local FBI office,
http://www.fbi.gov/contact/fo/fo.htm, the NIPC, or to other appropriate
authorities.  Individuals can reach the NIPC WATCH AND WARNING UNIT at
(202) 323-3205, tol1 free at 1-888-585-9078, or by email to
[EMAIL PROTECTED]




IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - News 11/14/02

[Wanja Eric Naef \(IWS\)]

_

  London, Thursday, November 14, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body

-

_


  
  [News Index]
  

[1] White House to unveil first homeland security tech blueprint
[2] House, Senate move toward passage of homeland bill
[3] Accused Pentagon Hacker's Online Life
[4] House considers jailing hackers for life
[5] Florida: The cybersecurity state

[6] Back to the Insecure Future
[7] New Tools a Spying Boss Will Love  
[8] MS hires national security advisor
[9] Ballmer: 'A new era of partnership'
[10] British Web designer charged over viruses

[11] Defense officials outline top research priorities
[12] (UK) Hopes raised for Internet grooming ban
[13] The first hopeful moment since Sept. 11  
[14] (UK) Spammers receive Government threat
[15] Return of Bin Laden

[16] Top court to review online-porn law
[17] Powers to ban online racists
[18] More Telemarketers During Dinner?
[19] Maintaining Credible IIS Log Files

_

News
_


[1] White House to unveil first homeland security tech blueprint
By Shane Harris 

The White House Office of Homeland Security will soon release the first
in a series of conceptual plans for how information technology systems
should fit together in the new Homeland Security Department, according
to a White House official. 

Lee Holcomb, the office's director of "infostructure," said Wednesday
that in the next 90 days the administration would unveil an enterprise
architecture plan for Homeland Security agencies with border control
responsibilities. An enterprise architecture is a blueprint that shows
how disparate technology devices should work together to serve an
organization's overall mission. 

Holcomb didn't elaborate on what the new plan would entail, but he said
it was one of four designs that officials are working on now to help set
up the new department. The other three cover components of the
department's mission, including intelligence and warning, weapons of
mass destruction countermeasures and coordination of "first responders,"
such as fire and emergency workers. 

http://www.govexec.com/dailyfed/1102/111302h2.htm

 

[2] House, Senate move toward passage of homeland bill
By Mark Wegner, Brody Mullins and Bill Ghent, CongressDaily 

House Republicans all but declared victory today on legislation to
create a Homeland Security Department Wednesday, predicting a strong
vote on a compromise bill that would propel the legislation through the
Senate sometime this week.

House Majority Leader Dick Armey, R-Texas, who headed the House's select
homeland security panel, said the compromise was the result of "very
broad negotiations with the White House and the other body." He added
the final product "is fundamentally the House passed bill. ... We expect
it to be passed in the House and we expect it to be passed in the
Senate."

Rep. Rob Portman, R-Ohio, a member of the homeland security committee,
said the labor flexibility language is key for the success of the new
department. He highlighted a provision that would allow unions 30 day to
negotiate contracts before a second 30-day federal mediation period
would kick in, and language that requires the president to give Congress
10 days notice before limiting collective bargaining.

http://www.govexec.com/dailyfed/1102/111302cd2.htm

 

[3] Accused Pentagon Hacker's Online Life

Usenet posts show Gary McKinnon was a bit of a phone phreak, knew where
to buy lock picks, and had an early interest in defense computers. A
former employer says he was bored at work. 

By Kevin Poulsen, SecurityFocus Nov 13 2002 6:06PM

The British man accused of the most ambitious hack attacks against
Defense Department computers in years was also a fine network
administrator, according to a former co-worker. 

A mana

[INFOCON] - OCIPEP AV02-047 Trojan Horse: tcpdump and libpcapDistributions

[Wanja Eric Naef \(IWS\)]

-Original Message-
From: Opscen (OCIPEP / GEOCC) [mailto:Opscen@;OCIPEP-BPIEPC.GC.CA] 
Sent: 14 November 2002 00:57
To: OCIPEP EXTERNAL DISTRIBUTION LISTS
Subject: AV02-047 Trojan Horse: tcpdump and libpcap Distributions
Importance: High

THE OFFICE OF CRITICAL INFRASTRUCTURE PROTECTION AND EMERGENCY
PREPAREDNESS

*
ADVISORY
*

Number: AV02-047
Date:   13 November 2002

***
Trojan Horse: tcpdump and libpcap Distributions
***

PURPOSE
This advisory brings attention to the CERT/CC ADVISORY CA-2002-30, with
reports 
that several of the released source code distribution packages of
tcpdump, a

network sniffer, and libpcap, a packet acquisition library, were
modified by
an 
intruder and contain a Trojan horse.


ASSESSMENT
The malicious code runs when the affected tcpdump source code is
compiled.
The 
Trojan horse  contains a fixed host and a fixed IP address embedded in
the
code. 
The intruder operating from or impersonating the fixed remote address
could
gain unauthorised remote access with privileges of the user who compiled
the
source code.


SUGGESTED ACTION
It is recommend that a copy of the source code be attained from a
trusted
site. 
Please refer to 
http://www.cert.org/advisories/CA-2002-30.html for further details


CONTACT US
For urgent matters or to report any incidents, please contact OCIPEP's
Emergency 
Operations Centre at:

Phone:  (613) 991-7000
Fax:(613) 996-0995
Secure Fax: (613) 991-7094
Email:  [EMAIL PROTECTED]

For general information, please contact OCIPEP's Communications Division
at:

Phone: (613) 944-4875 or 1-800-830-3118
Fax:   (613) 998-9589
Email: [EMAIL PROTECTED]
Web Site:  www.ocipep-bpiepc.gc.ca


NOTICE TO READERS
When the situation warrants, OCIPEP issues Advisories to communicate
information 
about potential, imminent or actual threats, vulnerabilities or
incidents
assessed 
by OCIPEP as limited in scope but having possible impact on the
Government
of Canada 
or other sectors of Canada's critical infrastructure. Recipients are
encouraged to 
consider the real or possible impact on their organization of the
information 
presented in the Advisory, and to take appropriate action.

The information in this OCIPEP Advisory has been drawn from a from a
variety
of 
external sources. Although OCIPEP makes reasonable efforts to ensure the
accuracy, 
currency and reliability of the content, OCIPEP does not offer any
guarantee
in that 
regard.

Unauthorized use of computer systems and mischief in relation to data
are
serious 
Criminal Code offences in Canada. Upon conviction of an indictable
offence,
an 
individual is liable to imprisonment for a term not to exceed ten years.
Any

suspected criminal activity should be reported to local law enforcement
organizations. 
The RCMP National Operations Centre (NOC) provides a 24/7 service to
receive
such 
reports or to redirect callers to local law enforcement organizations.
The
NOC can be 
reached at (613) 993-4460. National security concerns should be reported
to
the 
Canadian Security Intelligence Service (CSIS).

==


LE BUREAU DE LA PROTECTION DES INFRASTRUCTURES ESSENTIELLES ET DE LA
PROTECTION CIVILE


AVIS DE SÉCURITÉ


Numéro: AV02-047
Date:   13 novembre 2002

**
Cheval de Troie : distributions tcpdump et libpcap
**

BUT
Cet avis attire votre attention sur l'avis de sécurité CERT/CC ADVISORY
CA-2002-30 
qui signale que plusieurs distributions de codes sources divulgués des
progiciels 
tcpdump, un programme renifleur pour réseaux, et libpcap, une
bibliothèque 
d'acquisition de paquets, ont été modifiées par un intrus et contiennent
un
Cheval 
de Troie. 


ÉVALUATION
Le code malicieux se met en marche lorsque le code source tcpdump
concerné
est 
compilé. Le Cheval de Troie contient une adresse Internet et une adresse
IP
fixes 
enfouies dans le code. L'intrus qui exploite ou qui se fait passer pour
l'adresse 
Internet fixe pourrait obtenir un accès à distance non autorisé en
utilisant
les 
privilèges d'accès de l'usager qui a compilé le code source.


MESURE PROPOSÉE
Il est recommandé d'obtenir une copie du code source d'un site de
confiance.
Pour 
de plus amples renseignements, veuillez consulter 
http://www.cert.org/advisories/CA-2002-30.html (en anglais seulement).


COMMENT COMMUNIQUER AVEC NOUS
En cas de questions urgentes, ou pour signaler des incidents, veuillez
communiquer 
avec le Centre des opérations d'urgence du BPIEPC au :

Téléphone :(613) 991-7000
Télécopieur :  (613) 996-0995
Télécopieur sécuritaire : (613) 991-7094
Courriel : [EMAIL PROTECTED]

Pour obtenir des renseignements généraux, veuillez communiquer avec la
Division des 
communications du BPIEPC au :

[INFOCON] - NCIX Report: Espionage Against the United States byAmerican Citizens 1947-2001

[Wanja Eric Naef \(IWS\)]

(NCIX is the Office of the National Counterintelligence Executive. WEN)

-Original Message-
From: @ncix.gov] 
Sent: 13 November 2002 12:34
Subject: NCIX WEB SITE UPDATE ADVISORY #20-2002

Dear Friends and Colleagues: 

A Defense Personnel Security Research Center (PERSEREC) report entitled
Espionage Against the United States by American Citizens 1947-2001 may
be viewed by linking to http://www.ncix.gov/news/index.html .  The
report is based on an unclassified database of 150 individuals involved
in espionage that is maintained at PERSEREC.   Any questions regarding
this 135 page report should be directed to PERSEREC at
[EMAIL PROTECTED] 






IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - News 11/13/02

[Wanja Eric Naef \(IWS\)]

_

  London, Wednesday, November 13, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body

-

_


  
  [News Index]
  

[1] Brit Accused of Hacking Pentagon  
[2] President Bush Pushes for Homeland Security Department
[3] Bush wins on homeland security bill
[4] Comment: An ally in the fight for safer IT
[5] Purported Bin Laden Tape Lauds Bali, Moscow Attacks

[6] Incident underscores need for space access
[7] House OKs $903M for Cyber Security Research
[8] E-tailers opt for Early Warning system
[9] ICANN ponders new top level domains
[10] Hackers could be planning major attack, says White House

[11] BIND vulnerable, upgrade now
[12] U.S. Hopes to Check Computers Globally
[13] Drawing up Homeland 'interstate'
[14] UK) Text scam warning for consumers
[15] Supreme Court agrees to review challenge of filtering software at
libraries

[16] Net pirates poach Harry Potter film
[17] The next big Internet flop
[18] Computer Hacker May Bust Breeders Cup
[19] Oracle in buffer overflow brown alert

_

News
_


(I am curious whether they will be able to extradite him or whether they
will have to try him in the UK which they do not want as they remember
well the Rome Lab Case with Kujii & Datastream Cowboy (whilst Kujii (the
brain) pleaded guilty to 12 hacking offences, he ended up payinga fine
of only 1200 pounds. In comparison to that the attacks cost the US Air
Force $211,722 (excluding investigation costs). At least this time it
was not a teenager which makes it kind of interesting. WEN)

--

US attorney, Paul McNulty issued a warning for those contemplating
similar action.

"You are not invisible. You cannot act anonymously on the Internet," he
said.

"If you hack us, we will find you, we will prosecute you and we will
send you to prison."

--

[1] Brit Accused of Hacking Pentagon  

By Associated Press Page 1 of 1 

11:45 AM Nov. 12, 2002 PT

WASHINGTON -- Federal authorities on Tuesday accused a British computer
administrator of hacking into 92 computer networks operated by the U.S.
military and NASA, including one break-in that shut down systems at a
Navy facility in New Jersey immediately after the Sept. 11, 2001
attacks. 

Authorities said two of the computer systems were at the Pentagon. The
intrusions also made inoperable the network that serves the military
district for Washington, officials said. 

Authorities disclosed indictments in northern Virginia and New Jersey
against Gary McKinnon, 36, of the Hornsey section of London. He was
indicted on eight counts of computer-related crimes, including break-ins
at six private companies. 

http://www.wired.com/news/politics/0,1283,56332,00.html

Briton Is Indicted in 92 Hacker Cases
http://www.nytimes.com/2002/11/13/national/13HACK.html?ex=1037854800&en=
8d0d1452aa6ef0de&ei=5040&partner=MOREOVER 

US seeks hacker's extradition
http://www.itv.com/news/World1285785.html 

British man 'hacked into US military computers'
http://news.independent.co.uk/digital/news/story.jsp?story=351657

US seeks extradition of Briton accused of hacking into military
computers
http://www.guardian.co.uk/online/netnews/story/0,12582,838856,00.html 

Briton sought for Pentagon 'hacking' 
http://www.telegraph.co.uk/news/main.jhtml;$sessionid$ZIHOSAE11VDAJQFIQM
FCFGGAVCBQYIV0?xml=/news/2002/11/13/whack13.xml&sSheet=/news/2002/11/13/
ixworld.html 

UK 'hacker' wanted by US
http://news.bbc.co.uk/1/hi/world/americas/2456403.stm 

U.S. charges U.K. hacker did $900,000 in damage
http://www.miami.com/mld/miamiherald/news/world/4504080.htm 

US seeks extradition of British hacker
http://www.abc.net.au/news/scitech/2002/11/item20021113185357_1.htm 

British man charged in military hacks
http://www.msnbc.com/news/833723.asp 

 

[2] President Bush Pushes for Homeland Security Department 

Remarks by the President at Distr

[INFOCON] - UNIRAS ALERT - 24/02 - Multiple RemoteVulnerabilities in BIND4 and BIND8

[Wanja Eric Naef \(IWS\)]

-Original Message-
From: UNIRAS (UK Govt CERT) [mailto:uniras@;niscc.gov.uk] 
Sent: 13 November 2002 09:38
To: [EMAIL PROTECTED]
Subject: UNIRAS ALERT - 24/02 - Multiple Remote Vulnerabilities in BIND4
and BIND8

-BEGIN PGP SIGNED MESSAGE-

-

--
   UNIRAS (UK Govt CERT) ALERT Notice - 24/02 dated 13.11.02  Time:
09:45
 UNIRAS is part of NISCC(National Infrastructure Security Co-ordination
Centre)
-

-- 
  UNIRAS material is also available from its website at
www.uniras.gov.uk and
 Information about NISCC is available from www.niscc.gov.uk
-

--

Title
=

Multiple Remote Vulnerabilities in BIND4 and BIND8

Detail
== 

 Internet Security Systems Security Advisory
  November 12, 2002
   
  Multiple Remote Vulnerabilities in BIND4 and BIND8

  Synopsis:
   
  ISS X-Force has discovered several serious vulnerabilities in the
Berkeley
  Internet Name Domain Server (BIND). BIND is the most common
implementation of
  the DNS (Domain Name Service) protocol, which is used on the vast
majority of
  DNS servers on the Internet. DNS is a vital Internet protocol that
maintains
  a database of easy-to-remember domain names (host names) and their
  corresponding numerical IP addresses.

  Impact:
   
  The vulnerabilities described in this advisory affect nearly all
currently
  deployed recursive DNS servers on the Internet. The DNS network is
considered
  a critical component of Internet infrastructure. There is no
information
  implying that these exploits are known to the computer underground,
and there
  are no reports of active attacks. If exploits for these
vulnerabilities are
  developed and made public, they may lead to compromise and DoS attacks
against
  vulnerable DNS servers. Since the vulnerability is widespread, an
Internet
  worm may be developed to propagate by exploiting the flaws in BIND.
Widespread
  attacks against the DNS system may lead to general instability and
inaccuracy
  of DNS data.

  Affected Versions:

  BIND SIG Cached RR Overflow Vulnerability   

  BIND 8, versions up to and including 8.3.3-REL
  BIND 4, versions up to and including 4.9.10-REL

  BIND OPT DoS

  BIND 8, versions 8.3.0 up to and including 8.3.3-REL

  BIND SIG Expiry Time DoS

  BIND 8, versions up to and including 8.3.3-REL

  Description:

  BIND SIG Cached RR Overflow Vulnerability

  A buffer overflow exists in BIND 4 and 8 that may lead to remote
compromise of
  vulnerable DNS servers. An attacker who controls any authoritative DNS
server
  may cause BIND to cache DNS information within its internal database,
if
  recursion is enabled. Recursion is enabled by default unless
explicitly
  disabled via command line options or in the BIND configuration file.
Attackers
  must either create their own name server that is authoritative for any
domain,
  or compromise any other authoritative server with the same criteria.
Cached
  information is retrieved when requested by a DNS client. There is a
flaw in
  the formation of DNS responses containing SIG resource records (RR)
that can
  lead to buffer overflow and execution of arbitrary code.

  BIND OPT DoS

  Recursive BIND 8 servers can be caused to abruptly terminate due to an
  assertion failure. A client requesting a DNS lookup on a nonexistent
sub-
  domain of a valid domain name may cause BIND 8 to terminate by
attaching an
  OPT resource record with a large UDP payload size. This DoS may also
be
  triggered for queries on domains whose authoritative DNS servers are
  unreachable. 

  BIND SIG Expiry Time DoS

  Recursive BIND 8 servers can be caused to abruptly terminate due to a
null
  pointer dereference. An attacker who controls any authoritative name
server
  may cause vulnerable BIND 8 servers to attempt to cache SIG RR
elements with
  invalid expiry times. These are removed from the BIND internal
database, but
  later improperly referenced, leading to a DoS condition.

  Recommendations:

  ISS X-Force recommends that system administrators immediately take
steps to
  protect their networks. ISS has made several product updates available
to
  assess vulnerability to this issue as well as protect customers from
  exploitation attempts.

  The following ISS updates and product releases address the issues
described
  in this advisory. These updates are available from the ISS Download
Center
  (http://www.iss.net/download):

  RealSecure Network Sensor XPU 20.7 and XPU 5.6
  Internet Scanner XPU 6.20
  RealSecure Guard 3.1 ebs
  RealSecure Sentry 3.1 ebs
  RealSecure Server Sensor 6.5 SR 3.3
  System Scanner SR 3.08

  As a workaround for DNS servers that do not need recursive DNS
functionality,
  it is recommended to disable recursion within the BIND configuration
file:

  BIND 

[INFOCON] - NIPC: Security Information Update-Beginning Of Ramadan

[Wanja Eric Naef [IWS]]

National Infrastructure Protection Center  

Security Information Update-Beginning Of Ramadan
Information Bulletin 02-009
November 6, 2002

http://www.nipc.gov/publications/infobulletins/2002/ib02-009.htm
 

NIPC Information Bulletins communicate issues that pertain to the
critical national infrastructure and are for informational purposes
only.


The Islamic holy month of Ramadan begins on 11/06/02 and continues
through 12/05/02. A period of reflection and spiritual discipline,
Ramadan is observed by Muslims around the world, including those in the
United States.


Al-Qaeda and sympathetic jihadists may view Ramadan as having religious
incentives and symbolic and operational advantages for conducting
terrorist attacks. Nonspecific intelligence reporting also indicates
al-Qaeda may strike this Ramadan. Information indicates that al-Qaeda
appears increasingly willing to grant lower-level operatives greater
autonomy and to rely on local jihadists--groups that may be more likely
to time attacks to symbolic dates and events. In recent weeks, several
terrorist attacks--including the bombing of a French oil tanker off the
coast of Yemen, firearms attacks against U.S. Marines in Kuwait,
multiple bombings in the Philippines, and the bombing of a nightclub
district in Bali, Indonesia--have been attributed to al-Qaeda or
sympathetic groups.


Al-Qaeda has attempted to execute attacks during the Ramadan time period
in the past, including the thwarted millennial plots in December 1999
and the aborted attack against the USS Sullivans in January 2000.
Disrupted plots to attack U.S. Naval ships and the U.S. Embassy in
Singapore in late 2001 also may have been timed for Ramadan.


Recipients should remain alert to possible attacks throughout this time
frame. Recipients should also remain alert to possible acts of violence
against Muslim and Arab targets in the United States during Ramadan. In
the aftermath of the 09/11/01 terrorist attacks on the World Trade
Center and the Pentagon, there was an increase in hate crimes against
Muslims and Arabs, as well as against mosques and other Islamic and Arab
sites throughout the United States. Increased religious and social
activities at mosques and Islamic cultural centers during Ramadan may
attract added attention to these sites. 


Due in part to the lack of specificity of method, location, and timing,
the Homeland Security Advisory System threat level will remain at Yellow
(Elevated) at this time. 


The NIPC encourages individuals to report information concerning
suspicious activity to their local FBI office,
http://www.fbi.gov/contact/fo/fo.htm, the NIPC, or to other appropriate
authorities. Individuals can reach the NIPC WATCH AND WARNING UNIT at
(202) 323-3205, tol1 free at 1-888-585-9078, or by email to
[EMAIL PROTECTED]






IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - News 11/07/02

[Wanja Eric Naef [IWS]]

_

  London, Thursday, November 07, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body

-

_


  
  [News Index]
  

[1] Hackers may get U.S. funds to fight China's Web curbs
[2] Stage Set for Homeland Act  
[3] U.S., Reacting to Pentagon Spy Case, Expels 4 Cuban Envoys
[4] UK workers in the dark over IT security 
[5] Testing the limits of biometrics

[6] Officials worried about ability to inform public of terrorism
[7] Mitnick's 'Lost Chapter' Found  
[8] Action: Virtual Sit-In Against the WTO
[9] Australians warned over e-biz virus threat
[10] Math whiz cracks encryption code

[11] MS ruling leaked through security blunder
[12] Russian firm warns of Roron virus
[13] OMB seeks security at the start
[14] Tool sought to ID data links
[15] Think tanks think about post dotcom future

[16] Complete Snort-based IDS Architecture, Part One
[17] Shipyards, depots unable to calculate cost of Navy intranet

_

News
_


[1] Hackers may get U.S. funds to fight China's Web curbs 
  
By Murray Hiebert
THE WALL STREET JOURNAL 
 
Nov. 7 - If some lawmakers in the U.S. get their way, freedom-promoting
computer hackers soon may receive a bucketful of money to battle China's
Internet-censoring police.

http://www.msnbc.com/news/831383.asp 

 

[2] Stage Set for Homeland Act  

By Ryan Singel  |   

09:00 AM Nov. 06, 2002 PT

As Congress prepares to reconvene in a lame-duck session after Tuesday's
election, one of the largest pieces of legislation on the Senate's
agenda is the controversial and deadlocked Homeland Security Act, which
the House passed Sept. 9. 

A little-known amendment in the Senate version of the bill makes it much
easier for ISPs to disclose e-mail communications without being served
with a warrant, which had been prohibited before the Patriot Act of
2001.

http://www.wired.com/news/privacy/0,1848,56234,00.html

 

[3] U.S., Reacting to Pentagon Spy Case, Expels 4 Cuban Envoys
By TIM GOLDEN

The Bush administration has ordered the expulsion of two Cuban diplomats
from Washington and has moved to expel two others at the United Nations
for what American officials described yesterday as serious espionage
activities against the United States.

State Department officials called the action against the two envoys in
Washington retaliation for the case of Ana B. Montes, a senior Pentagon
intelligence analyst who pleaded guilty earlier this year to spying for
Fidel Castro's government.

http://www.nytimes.com/2002/11/07/international/americas/07CUBA.html?ex=
1037336400&en=d342247e51d5bb78&ei=5040&partner=MOREOVER

 

[4] UK workers in the dark over IT security
By Rachel Fielding [07-11-2002]
Formal training remains dangerously inadequate
 
  
Companies are leaving themselves open to security breaches because their
IT security training is woefully inadequate, new research has revealed. 
Three-quarters of staff in the UK admit that they have never received
any formal training from their employer on how to use the internet and
email at work in a way that minimises network security problems.

http://www.pcw.co.uk/News/1136635 

 

[5] Testing the limits of biometrics
BY Dibya Sarkar 
Nov. 6, 2002 

Biometric technologies have expanded greatly in the past decade and
especially following the attacks of Sept. 11. With recently enacted
federal statutes and many more bills promoting their use, the market
could reach $2 billion in revenues in four years. 

But there are few judicial developments regarding collection of
biometric identifiers, even as public policy debates have swelled over
their use and their potential to invade people's privacy.

http://www.fcw.com/geb/articles

[INFOCON] - DoD Directive 8500.1 Information Assurance

[Wanja Eric Naef [IWS]]

DoD Directive 8500.1 Information Assurance (IA) has been signed and
released.  Link to this document is available at 

http://www.dtic.mil/whs/directives/corres/pdf/d85001_102402/d85001p.pdf


Department of Defense DIRECTIVE NUMBER 8500.1 October 24, 2002
ASD(C3I)

SUBJECT: Information Assurance (IA)

(a) Section 2224 of title 10, United States Code, "Defense Information
Assurance Program"

(b) DoD Directive 5200.28, "Security Requirements for Automated
Information Systems (AISs)," March 21, 1988 (hereby canceled)

(c) DoD 5200.28-M, "ADP Security Manual," January 1973 (hereby
canceled)

(d) DoD 5200.28-STD, "DoD Trusted Computer Security Evaluation
Criteria," December 1985 (hereby canceled)

(e) through (ai), see enclosure 1

1. PURPOSE
This Directive:

1.1. Establishes policy and assigns responsibilities under reference (a)
to achieve Department of Defense (DoD) information assurance (IA)
through a defense-in-depth approach that integrates the capabilities of
personnel, operations, and technology, and supports the evolution to
network centric warfare.

1.2. Supersedes DoD Directive 5200.28, DoD 5200.28-M, DoD 5200.28-STD,
and
DoD Chief Information Officer (CIO) Memorandum 6-8510 (references (b),
(c), (d) and (e)).

1.3. Designates the Secretary of the Army as the Executive Agent for the
integration of common biometric technologies throughout the Department
of Defense.

1.4. Authorizes the publication of DoD 8500.aa-M consistent with DoD
5025.1-M (reference (f)).

Read more at
http://www.dtic.mil/whs/directives/corres/pdf/d85001_102402/d85001p.pdf 




IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - UNIRAS Brief - 392/02 - PSS Security Response TeamAlert - New Virus:W32/Braid@mm

[Wanja Eric Naef [IWS]]

 
 -Original Message-
From: UNIRAS (UK Govt CERT) [mailto:uniras@;niscc.gov.uk] 
Sent: 06 November 2002 12:33
To: [EMAIL PROTECTED]
Subject: UNIRAS Brief - 392/02 - PSS Security Response Team Alert - New
Virus:W32/Braid@mm

 
-BEGIN PGP SIGNED MESSAGE-

-

--
   UNIRAS (UK Govt CERT) Briefing Notice - 392/02 dated 06.11.02  Time:
12:10
 UNIRAS is part of NISCC(National Infrastructure Security Co-ordination
Centre)
-

-- 
  UNIRAS material is also available from its website at
www.uniras.gov.uk and
 Information about NISCC is available from www.niscc.gov.uk
-

--

Title
=

PSS Security Response Team Alert - New Virus:W32/Braid@mm

Detail
== 

The worm attempts to exploit a previously patched vulnerability that
exists in some versions of Microsoft Outlook, Microsoft Outlook Express,
and Internet Explorer. This vulnerability can be used to allow an
executable attachment to run automatically, even if you do not
double-click on the attachment.



PSS Security Response Team Alert - New Virus:W32/Braid@mm

SEVERITY: MODERATE
DATE: November 4, 2002
PRODUCTS AFFECTED: Microsoft Outlook, Microsoft Outlook Express, and
Web-based e-mail programs

**

WHAT IS IT?
W32/Braid@mm is a new e-mail worm. The Microsoft Product Support
Services Security Team is issuing this alert to advise customers to be
on the alert for this virus as it spreads in the wild. Best practices,
such as filtering certain file types and applying security patches would
prevent infection from this mass-mailer worm.

IMPACT OF ATTACK: Mass Mailing, Network Share Infection

TECHNICAL DETAILS:
W32/Braid@mm is a new e-mail worm.  The W32/Braid@mm worm arrives in an
e-mail message with the following characteristics: 
 
Subject: (Sender's Windows registered company name) or (Blank)
Body: 
Hello,
 
Product Name: Microsoft Windows (version of Windows on the infected
sender's system)
Product Id: (Windows ID on the infected sender's system)
Product Key: (Windows key on the infected sender's system)
Process List: 
(processes running on the infected sender's system)
 
Thank you. 

Attachment: Readme.exe

The worm attempts to exploit a previously patched vulnerability that
exists in some versions of Microsoft Outlook, Microsoft Outlook Express,
and Internet Explorer. This vulnerability can be used to allow an
executable attachment to run automatically, even if you do not
double-click on the attachment.  Information on this vulnerability can
be found here:
http://www.microsoft.com/technet/security/bulletin/MS01-020.asp 
 
Upon execution W32/Braid@mm drops a file named Help.eml on the Desktop
of the infected machine.  The help.eml file on the Desktop, if opened,
will have properties similar to the original message that infected the
machine.  This worm infects .exe, .scr and .ocx files and will also
attempt to spread via network shares.

For more detailed information on this worm please contact your Antivirus
vendor.

PREVENTION:
1) Block harmful attachment types at your Internet mail gateways. 

2) This virus utilizes a previously-announced vulnerability as part of
its infection method. Because of this, customers must ensure that their
computers are patched for the vulnerability that is identified in
Microsoft Security Bulletin MS01-020: 

http://www.microsoft.com/technet/security/bulletin/ms01-020.asp  

The most recent cumulative security patch for Internet Explorer, which
includes the fixes for the vulnerabilities that were announced in
Microsoft Security Bulletin MS01-020 can be found here: 

http://www.microsoft.com/technet/security/bulletin/ms02-047.asp  

3) After customers have ascertained the status of the preceding fix in
their environments, the following prevention steps will also apply: 

Outlook 2000 post SP2 and Outlook XP SP1 include the most recent updates
to improve the security in Outlook and other Microsoft Office programs.
This includes the functionality to block potentially harmful attachment
types. If you are running either of these versions, they will (by
default) block the attachment, and you will be unable to open it. 

To ensure you are using the latest version of Office click here: 

http://office.microsoft.com/ProductUpdates/default.aspx 

By default, Outlook 2000 pre-SR1 and Outlook 98 did not include this
functionality, but it can be obtained by installing the Outlook E-mail
Security Update. More information about the Outlook E-mail Security
Update can be found here: 

http://office.microsoft.com/Downloads/2000/Out2ksec.aspx 

Outlook Express 6 can be configured to block access to
potentially-damaging attachments. Information about how to configure
this can be found here: 

http://support.microsoft.co

[INFOCON] - News 11/06/02

[Wanja Eric Naef [IWS]]

_

  London, Wednesday, November 06, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body

-

_


  
  [News Index]
  

[1] Worms of the future: Here's how they'll attack you
[2] Bank error exposes e-mail addresses
[3] Navy Sites Spring Security Leaks  
[4] Math discovery rattles Net security
[5] Electronic elections: What about security?

[6] New center reaches out to private firms to protect infrastructure
[7] Information-sharing partnerships seen as anti-terror model
[8] For Microsoft, no respite from EU  
[9] Homeland Security staff studies data analysis tools
[10] Aust companies push tech security to top priority

[11] NATO plans radically new strategy  
[12] CIA missile team stalked bin Laden's top man for months
[13] Heckenkamp Free Again
[14] Sonera security staff held on snooping charges
[15] Report: Defense fails to set strategic goals for securing bases

[16] Polymorphic Macro Viruses, Part Two
[17] Pentagon's quadrennial review found lacking
[18] Hacking syndicates threaten banking
[19] NSA taps vendors for encryption

_

News
_


[1] Worms of the future: Here's how they'll attack you 
Robert Vamosi,
Senior Associate Editor,
CNET/ZDNet Reviews
Wednesday, November 6, 2002  

As the Internet develops, so too will the maladies that afflict it. In
other words: As more and more people protect themselves against e-mail
worms and viruses, those threats will likely become smarter and more
sophisticated to circumvent those protections. 

Perhaps this is one reason why 2002 has been relatively quiet in terms
of viruses. Virus writers are hunkered down, preparing a new evolution
in virus code. But security researchers are already thinking about what
those evolutionary changes might look like, so (it's hoped) we can be
prepared to fight these new digital pests if and when they actually
appear. 

http://www.zdnet.com/anchordesk/stories/story/0,10738,2896683,00.html 

 

[2] Bank error exposes e-mail addresses 

By Troy Wolverton 
Staff Writer, CNET News.com
November 5, 2002, 2:00 PM PT

Bank of the West exposed the e-mail addresses of thousands of its online
banking customers Monday, in a mistake it blamed on "human error." 

In an e-mail message sent Monday to alert customers that its banking
system would be out of service for maintenance this weekend, Bank of the
West included the e-mail addresses of more than 3,300 of its customers
in the "To" field, company spokesman John Stafford confirmed Tuesday.
Stafford said the company mistakenly placed the e-mail addresses in the
"To" field instead of masking them by placing them in the blind carbon
copy (BCC) field. 

"It was an inadvertent mistake," Stafford said. 

http://news.com.com/2100-1017-964611.html

 

[3] Navy Sites Spring Security Leaks  

By Brian McWilliams 
02:00 AM Nov. 06, 2002 PT

The U.S. Navy took one of its websites offline Tuesday and added new
security controls to a second site after Internet surfers discovered
they could access confidential Navy databases. 

The exposed Navy files included material designed to support a machine
for testing the electronics of weapon systems called the Consolidated
Automated Support System. Web surfers were able to browse through
hundreds of trouble tickets, dating back to 1989.

http://www.wired.com/news/technology/0,1282,56219-1-13,00.html

 

[4] Math discovery rattles Net security 
 
By Lee Gomes
THE WALL STREET JOURNAL 
 
Nov. 4 - Will Manindra Agrawal bring about the end of the Internet as we
know it? The question is not as ridiculous as it was just two months
ago. Prof. Agrawal is a 36-year old theoretical computer scientist at
the Indian Institute of Technology in Kanpur, India. In August, he
solved a proble

[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-180 Date: 05November 2002

[Wanja Eric Naef [IWS]]

OCIPEP DAILY BRIEF Number: DOB02-180 Date: 05 November 2002
 
http://www.ocipep.gc.ca/DOB/DOB02-180_e.html 
 

NEWS 

Ottawa contributes to the funding of St. John's harbour cleanup
The Prime Minister delivered $31 million to the province of Newfoundland
yesterday as part of the federal government contribution to clean up St.
John's harbour. According to reports, the three neighbouring
municipalities dump more than 120 million litres of raw sewage into the
harbour every day making it one of Canada's dirtiest harbour. (Source:
stjohns.cbc.ca, 4 November 2002)
Click here for the source article


OCIPEP Comment: Further to a report in OCIPEP Daily Brief DOB02-160
released 7 October 2002, this contribution comes from the federal
government's $2-billion Strategic Infrastructure Fund. The total cost of
cleaning up St. John's harbour is $93-million. Provincial and municipal
governments will provide the remaining $62 million. 

New e-mail worm spreading
According to reports, computers running Microsoft windows operating
systems are susceptible to a new e-mail worm, capable of scattering a
variant of the FunLove virus. The new worm, called W32/Braid.A or
I-Worm.Bridex is presently circulating on the Internet, spreading
through attachments named README.EXE linked to untitled e-mail messages.
British company MessageLabs warns that Braid.A shares some attributes of
the widely spread Klez family of viruses. (Source: infoworld.com;
news.com, 4 November, 2002) 
Click here for the source article - 1
Click here for the source article - 2


OCIPEP Comment: Look for e-mails, as aforementioned, and the files
created by Braid in the Windows System directory and the Windows
registry key created by the worm. Also look for a process in the Windows
Task Manager Window called "Bride" in Windows NT, Windows 2000 and
Windows XP computers. A sudden crash and/or restart of the computer
after opening an attachment may also indicate an infection of Braid.
Several anti-virus software programs currently provide protection
against this new malicious code. Other anti-virus software may detect
Braid heuristically. 

A patch is available from Microsoft at:
http://www.microsoft.com/technet/security/bulletin/MS01-020.asp. 

Alaska earthquake - Update
Damage to the Alaska crude oil pipeline was still being evaluated on
Monday. It is expected that the Trans-Alaska pipeline will be shut down
until Tuesday afternoon, or a minimum of 48 hours from when it was shut
on Sunday after an earthquake, according to U.S. Department of
Transportation officials. No leaks have been reported along the length
of the pipeline. While no damage to the pipeline itself was detected in
the early hours after the quake, there was damage to "H-supports" used
to support the aboveground portion of the pipeline. The shutdown was not
expected to affect oil supply, as a reserve is stored in tanks at the
port of Valdez. U.S. Department of Transportation crews were also busy
repairing cracks on roads. According to the U.S. Geological Survey, the
quake was the most severe in the U.S. since the 1906 San Francisco
earthquake. (Source: msnbc.com; news.yahoo.com, 4 November 2002)
Click here for the source article - 1
Click here for the source article - 2


 

IN BRIEF  

Water restriction may be imposed for Vancouver area
Because of several dry months, severe water restrictions may be imposed
on the Lower Mainland. Water levels from the Capilano and Seymour
systems, which supply water to approximately two-thirds of the lower
mainland's population, are down to 29 percent and are dropping steadily.
(Source: cbc.ca, 1 November 2002)
Click here for the source article


U.S. should fund and test Internet security - Richard Clarke
According to Richard Clarke, Special Advisor to the President for
Cyberspace Security, the U.S. government should fund and test Internet
Engineering Task Force developments and initiatives to bolster the
security of Internet communication. (Source: nwfusion.com, 1 November
2002)
Click here for the source article





CYBER UPDATES
See: What's New for the latest Alerts, Advisories and Information
Products  

See: News - New e-mail worm spreading

Threats

McAfee reports on W32/Braid@MM, which is memory-resident virus that
spreads via e-mail. It closes Explorer and resides in memory as process
named Bride.
http://vil.nai.com/vil/content/v_99776.htm


Trend Micro report on BAT_JUNBO.A, which is a destructive mass-mailing
batch file spreads via e-mail, IRC and the KaZaA peer-to-peer,
file-sharing network. The e-mail has the subject: "Hi!!!", and
attachment: casper~1.AVI.bat
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BAT_JUNB
O.A


Trend Micro reports on WORM_PIBI.B, which is a worm that propagates via
e-mail, IRC and the KaZaA peer-to-peer, file sharing network. The e-mail
has the subject: "WindowsXP Service Release Pack 2.002" and the
attachment: install.exe.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_PIB
I.B


Symantec

[INFOCON] - News 11/05/02

[Wanja Eric Naef [IWS]]

_

  London, Tuesday, November 05, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body

-

_


  
  [News Index]
  

[1] (InfraGard) Combating cybercrime
[2] 'You're still guilty,' judge in Sun et al antitrust case tells MS
[3] Homeland security wish list set  
[4] 'War' over digital privacy bill heats up  
[5] Hacker turncoat opines on computer security

[6] Mozilla riddled with security holes
[7] First-of-its-kind center to train cybersleuths
[8] Braid fails to unpick the Web
[9] Kofi Annan's IT challenge to Silicon Valley
[10] Court rules against AOL on Net privacy

[11] Homeland security IT official to resign
[12] Hackers stick California city with $30,000 phone bill
[13] Unbreakable Crypto: Who Needs It?
[14] Chinese province issues swipe IDs to Internet cafe users
[15] Axe man hacks man over hacking fears

[16] Defense Department studying nonlethal chemicals
[17] Agencies to test Adobe technology for online transactions
[18] Intercepts: Rumsfeld Sinks 'CINCs'
[19] Feds Getting IT Together
[20] (UK) Government websites under fire

[21] Latest Linux takes control of access

_

News
_


[1] Combating cybercrime 

11/04/02

Chris Seper 
Plain Dealer Reporter

FBI agent Stan Paulson overhears companies chatter about security
breaches and hackers and other criminals probing their computer systems
and does nothing about it. 

By looking the other way, he upholds the tenets of an organization that
has helped improve Internet security throughout the country. 
 
InfraGard, founded by the Cleveland FBI's office in 1996, has used
confidentiality, FBI clout and offers of expert training to convince
companies to work together and reveal details about cyberspace attacks
on their systems. 

http://www.cleveland.com/business/plaindealer/index.ssf?/xml/story.ssf/h
tml_standard.xsl?/base/business/103631949234480.xml 

InfraGard
http://www.infragard.net/

InfraGard Manufacturing Industry Association 
http://trust.ncms.org/ 

NIPC
http://www.nipc.gov/ 

 

[2] 'You're still guilty,' judge in Sun et al antitrust case tells MS
By John Lettice
Posted: 05/11/2002 at 11:19 GMT

US District Judge J Frederick Motz has rejected a Microsoft attempt to –
effectively – have a string of prior convictions expunged from its
record. Yesterday the Maryland judge denied a request by Microsoft
attorneys to re-open 395 of Judge Penfield Jackson's 412 findings of
fact, so for the moment at least Jackson's conclusions can be used in
the case Motz is dealing with.

http://www.theregister.co.uk/content/4/27935.html

 

[3] Homeland security wish list set
BY Judi Hasson 
Nov. 4, 2002 

Although the debate over creating a Homeland Security Department is
stalled in Congress, officials have quietly drawn up a list of their top
priorities to jump-start the agency if and when lawmakers approve it.

Jim Flyzik, a senior adviser at the Office of Homeland Security, said
Oct. 23 that the first priority would be consolidating the 58 government
watch lists of suspected terrorists into a single list.

http://www.fcw.com/fcw/articles/2002/1104/pol-custom1-11-04-02.asp

 

[4] 'War' over digital privacy bill heats up  
Kent Hoover   Washington Bureau Chief 

Frustrated by their inability to stop the unauthorized sharing of music
and movies over the Internet, the entertainment industry wants
permission from Congress to declare technological war on peer-to-peer
networks.
 
Legislation introduced by Rep. Howard Berman, D-Calif., would enhance
the ability of copyright owners to use anti-piracy technology to block
distribution of their works on file-sharing networks. The bill exempts
copyright owners from anti-hacking laws as long as they do not delete or
alter computer 

[INFOCON] - FBI Director Outlines Public-Private Plan to ImproveCybersecurity

[Wanja Eric Naef [IWS]]

01 November 2002 

FBI Director Outlines Public-Private Plan to Improve Cybersecurity

(Cites cybercrime as agency's first priority) (2820)

Federal Bureau of Investigation (FBI) Director Robert S. Mueller III
outlined a plan to strengthen private and government cooperation to
improve security of the nation's information infrastructure in a
speech to the Informational Technology Association of America (ITAA)
October 31.

Mueller said the FBI has made cybercrime its number one criminal
priority in anticipation of dramatic increases in what he described as
"Internet-enabled crimes," that is, traditional crimes such as fraud,
identity theft, copyright infringement and child pornography that have
migrated online.

A second class of crimes, born with the Internet age, is also a
serious concern for national law enforcement. Those are computer
intrusions, denial of service attacks and cyber terrorism - all crimes
with "the potential to ruin businesses, cause staggering financial
losses, threaten our national security and even cost lives," Mueller
said.

The FBI is reorganizing itself to better respond and investigate
online criminal activity, Mueller said, with a particular emphasis on
tapping private sector expertise to help respond to crime.

"We are forming high tech task forces that include private sector
players, law enforcement and in some cases experts from academic
disciplines," Mueller explained to the ITAA audience in suburban
Washington. "So when there is a local cyber crime problem, the
worldwide network of the FBI and the resources of the other task force
participants can work together to assist."

The FBI director implored the private sector members of his audience
to provide more information to authorities about unauthorized
intrusions into their computer networks. He estimated that the FBI is
receiving reports on only one third of such incidents. Mueller
acknowledged business leaders' concerns that reporting these cases to
authorities might make them subject to investigation, expose protected
corporate information or attract unwelcome media attention that could
adversely affect stock prices. Mueller offered assurances that the FBI
would take care to minimize such consequences.

"We will try to find the origin of the attacker, help you preserve
evidence and avoid counter-surveillance. We will help protect you
legally," Mueller said. "And we will do what no one else can -- hunt
down the perpetrator and shut him or her down."

Following is the text of the Mueller speech as prepared for delivery:

(begin text)

Remarks by
Robert S. Mueller III
Director, Federal Bureau of Investigation
at the
Information Technology Association of America National Summit
Falls Church, Virginia

October 31, 2402

Thank you. Good morning. I am genuinely pleased to be here. I have
tremendous respect for you and your companies, which I especially
developed when I had the privilege to serve as U.S. Attorney for
Northern California. We were, as you might imagine, busy there with
emerging issues in the cyber area. In February 2000, we set up the
first unit in a U.S. Attorney's office dedicated to prosecuting
computer crimes and intellectual property cases -- the CHIP Unit. It
was at that point I saw clearly how important government-private
sector partnerships were going to be in this dynamic area.

We have a quote by J. Edgar Hoover on a courtyard wall at FBI
Headquarters. It says, "The most effective weapon against crime is
cooperation ...the efforts of all law enforcement agencies with the
support and understanding of the American people." In Hoover's day,
"support and understanding" may have been enough; he did not have a
complex, interconnected, information infrastructure to worry about. We
do. And our efforts to secure that infrastructure and to fight cyber
crime require a new level of engagement -- an active partnership
between the private sector and law enforcement, and an unprecedented
level of cooperation.

Conferences like this one, and the working groups that will come out
of it, are going to help us build that active partnership. I know that
each of you is already heavily engaged in fighting cyber crime and
that your private sector initiatives have led to some significant
victories. This morning, I want to talk about cyber threats from the
FBI's vantage, and about our role in fighting those threats. Above all
I want to talk about the partnership that is needed to get the job
done, and how we can build trust, share information, and ultimately
benefit from each others' strengths.

In broad terms, the FBI sees threats to cyber security as two separate
but related problems. The first is the explosive growth of traditional
crimes that have migrated on-line: the frauds, identity theft,
copyright infringement, child pornography and exploitation. The
powerful, interconnected systems that have done so much to improve our
lives, also nurture the worst elements of society. Small time
criminals can develop into international 

[INFOCON] - News 11/04/02

[Wanja Eric Naef [IWS]]

_

  London, Monday, November 04, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body

-

_


  
  [News Index]
  

[1] FBI director says industry must do more to prevent cyberattacks
[2] Agencies, companies urged to set guidelines for fighting
cyberterrorism
[3] Root-Server Attack Traced to South Korea, U.S.
[4] Personal data travels far
[5] Microsoft dodges bullet  

[6] But some shut their Windows  
[7] Open source courses through DOD
[8] European police say they can't keep up with cyber criminals
[9] Feds pursue secrecy for corporate victims of hacking
[10] SPAMMER HAMMERED BY VERIZON BAN

[11] Scary Movie
[12] IG: State Department flunks systems security
[13] U.S. fears terrorists will imitate snipers
[14] State CIOs see accord with feds
[15] 'Sensitive' label strikes nerve

[16] How to get certified security for Win2k, by Microsoft
[17] Proof Win2K is still insecure by design
[18] Pentagon completes 'playbooks' for terrorism scenarios
[19] A New Cryptography Uses the Quirks of Photon Streams

[20] U.S. should fund R&D for secure Internet protocols, Clarke says
[21] New worm aims to infest Australian systems
[22] New Wi-Fi security would do little for public 'hot spots'
[23] Popular Linksys Router Vulnerable to Attack

_

News
_


[1] FBI director says industry must do more to prevent cyberattacks
By Shane Harris

FBI Director Robert Mueller Thursday implored industry technology
executives to do a better job securing the Internet and other data
networks by reporting incidences of online crime to the bureau. 

"You're not enabling us to do [our] job" by withholding reports about
criminals who successfully penetrate companies' data networks or attack
their systems, Mueller told those attending a Falls Church, Va. forum on
combating online crime and cyberterrorism. Corporations are reluctant to
report such attacks to law enforcement agencies for fear of revealing
their systems' vulnerabilities. They worry the information could give
competitors an edge, or invite more attacks by criminals once they
discover the weaknesses. 

http://www.govexec.com/dailyfed/1002/103102h1.htm 

FBI seeks help vs. Cybercrime 
http://www.fcw.com/fcw/articles/2002/1028/web-fbi-11-01-02.asp 

 

[2] Agencies, companies urged to set guidelines for fighting
cyberterrorism
By Molly M. Peterson, National Journal's Technology Daily

The war on cyberterrorism requires law enforcement agencies and the
private sector to develop guidelines and protocols for sharing
information about network vulnerabilities and cyber attacks, government
and industry leaders said Thursday.

"Face-to-face relationships are great, but we need to go beyond that,"
Chris Painter, deputy chief of the Justice Department's Computer Crime
and Intellectual Property Section (CCIPS), said during a cyber-security
forum at Computer Sciences Corp. headquarters in Falls Church, Va. 

Painter led one of several workshops in which law enforcement and
private-sector officials discussed obstacles to information sharing.
Conference organizers said they closed those workshops to the media in
order to encourage participants to discuss problems and ideas with as
much candor as possible.

http://www.govexec.com/dailyfed/1102/110102td1.htm 

 

[3] Root-Server Attack Traced to South Korea, U.S. 
  
By Brian Krebs
washingtonpost.com Staff Writer
Thursday, October 31, 2002; 3:30 PM 

Last week's attacks on the Internet's backbone likely emanated from
computers in the United States and South Korea, FBI Director Robert
Mueller today said. 

"The investigation is ongoing," Mueller said at an Internet security
conference in Falls Church, Va. He did not offer more details on the
investigation, nor did he outline the evidence investigators have
gathered so far

[INFOCON] - UNIRAS Brief - 383/02 - NISCC - Potential craftedpackets vulnerability in firewalls

[Wanja Eric Naef [IWS]]

-Original Message-
From: UNIRAS (UK Govt CERT) [mailto:uniras@;niscc.gov.uk] 
Sent: 31 October 2002 14:28
To: [EMAIL PROTECTED]
Subject: UNIRAS Brief - 383/02 - NISCC - Potential crafted packets
vulnerability in firewalls

 
-BEGIN PGP SIGNED MESSAGE-

-

--
   UNIRAS (UK Govt CERT) Briefing Notice - 383/02 dated 31.10.02  Time:
14:25
 UNIRAS is part of NISCC(National Infrastructure Security Co-ordination
Centre)
-

-- 
  UNIRAS material is also available from its website at
www.uniras.gov.uk and
 Information about NISCC is available from www.niscc.gov.uk
-

--

Title
=

NISCC Security Advisory:

Potential crafted packets vulnerability in firewalls

Detail
== 

There have been reports to several major CERTs of attacks that can
bypass packet
filter firewalls. There has also been discussion on Bugtraq (see 
http://online.securityfocus.com/archive/1/296558/2002-10-19/2002-10-25/1
). 
In this thread  the Linux 2.4.19, Sun Solaris 5.8, FreeBSD 4.5 and
Microsoft 
Windows NT 4.0 are identified as vulnerable.

These attacks use specially crafted TCP packets with the SYN
(synchronise)
and FIN (final) flags set. Although crafted packets of this kind are not

uncommon in probes on firewalls as a means of identifying the operating
system,
it appears that some packet filter firewalls will forward such packets
because
the FIN flag is interpreted as a request to end the TCP session, while
the 
targeted host on the internal network interprets the SYN flags as a
request to
start a TCP session. This technique has been used to effect a SYN flood
denial
of service attack on the targeted host.

To prevent this type of attack, packets that do not form part of the
normal TCP 
state should be filtered. Expected states are packets with the following
flags 
set: SYN,  ACK (acknowledgement), SYN/ACK, RST (reset), RST/ACK, FIN and
FIN/ACK.
The PSH (push) and URG (urgent) flags may also be set in packets but
they are 
used to prioritise processing of a packet. It follows that flag
combinations such
as SYN/FIN, SYN/RST, RST/FIN and a packet with no flags set (called
null) should
be treated as anomalous and should be filtered.

Certain types of firewall are not vulnerable to this type of attack,
namely circuit
gateway (or proxy) or application proxy firewalls. These firewalls do
not forward
TCP packets; they establish a separate connection between the firewall
and the
recipient for the services proxied.

If your firewall does not support filtering of TCP flags and is a packet
filter
firewall, you should contact your firewall vendor to determine if your
firewall
is vulnerable. A workaround solution in case the firewall is vulnerable
is to install 
another firewall in front of the vulnerable firewall that does provide
flage filtering 
functionality.

-

--

For additional information or assistance, please contact the HELP Desk
by 
telephone or Not Protectively Marked information may be sent via EMail
to:

[EMAIL PROTECTED]
Tel: 020 7821 1330 Ext 4511
Fax: 020 7821 1686

-

--
Reference to any specific commercial product, process, or service by
trade 
name, trademark manufacturer, or otherwise, does not constitute or imply

its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The
views 
and opinions of authors expressed within this notice shall not be used
for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they
shall 
not be liable for any loss or damage whatsoever, arising from or in
connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams
(FIRST) 
and has contacts with other international Incident Response Teams (IRTs)
in 
order to foster cooperation and coordination in incident prevention, to
prompt 
rapid reaction to incidents, and to promote information sharing amongst
its 
members and the community at large. 
-

--

-BEGIN PGP SIGNATURE-
Version: PGP 7.0.4

iQCVAwUBPcE4gIpao72zK539AQHWRQQAt8vYN7Lns+NPQaP4ISH0e5Ppn/W3uo7i
CATo9Ukr/aCQ+rHC5X3zH2lyM8tz4F9ze7R2v1wOwgNMNFDK8TgjLmhlPV/NB9R5
LnXlUiulAJ5PytNn6osEDRzXzX77QKyTOuD2c/yAOqJGyPiShKMgpWgp72B0Jz37
0LsLQDo7hN8=
=4RHU
-END PGP SIGNATURE-




IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - News 10/31/02

[Wanja Eric Naef [IWS]]

_

  London, Thursday, October 31, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body

-

_


  
  [News Index]
  

[1] Businesses overlook intellectual property security, ASIS reports
[2] BCS presses Whitehall on new security rules
[3] Transformation driving DOD IT
[4] Was it hacking or public property?
[5] Islamic site's peaceful path  

[6] Country bodies threaten ICANN walkout
[7] Merkur Worm Hits File Swappers
[8] Digital copyright law on trial
[9] Australia is sure al-Qaida was in on Bali bombing
[10] 'Internal Look' to Test CENTCOM Command and Control Capabilities

[11] US may set up MI5-style spy agency in security shake-up
[12] Outlook bright for many e-tailers
[13] Kournikova author loses appeal
[14] Aust police, manufacturers in standoff over device security
[15] (ZA) Hacker continues trail of malice

[16] Verizon settles lawsuit against spammer
[17] MasterCard to send anti-skimming cards to Australia

_

News
_


[1] Businesses overlook intellectual property security, ASIS reports

Access Control & Security Systems, Oct 1, 2002  
   
Businesses must make information protection a higher priority, contends
a recent report by ASIS International, through its Council on
Safeguarding Proprietary Information.

The report includes a Proprietary Information Loss Survey conducted
among CEOs of Fortune 1,000 companies and of 600 small and mid-sized
companies that belong to the U.S. Chamber of Commerce. Responses suggest
proprietary information and intellectual property (IP) losses totalling
between $53 billion and $59 billion from July 1, 2000 to June 30, 2001.

http://www.industryclick.com/magazinearticle.asp?magazineid=119&releasei
d=10640&magazinearticleid=159088&siteid=2 

 

[2] BCS presses Whitehall on new security rules 

Thursday 31 October 2002  
 
The BCS is pressing the Government on legislation which could lead to
the regulation of the IT security sector, writes John Kavanagh.
 
The society is monitoring the working of the new Private Securities
Industries Act and the associated Security Industry Authority, which is
focusing initially on the activities of security firms, wheel clampers
and private detectives. The BCS wants to ensure that if the authority
turns its attention to IT security any regulation it sets in motion will
be appropriate.

The legislation has caused controversy by being unclear on whether it
covers IT security specialists, and whether IT security should be
regulated at all. Activities covered by the Act include security
consultancy - defined partly as advising on security precautions in
relation to any risk to property or person.

http://www.cw360.com/bin/bladerunner?REQUNIQ=1036073088&REQSESS=De57013&;
REQHOST=site1&2131REQEVENT=&CFLAV=1&CCAT=2&CCHAN=28&CARTI=117101 

 

[3] Transformation driving DOD IT
BY Dan Caterinicchia 
Oct. 31, 2002 

Driven by Secretary Donald Rumsfeld's vision of transformation, the
Defense Department's fiscal 2003 information technology budget is more
than $26 billion and should grow steadily at 5 percent for the next
decade, according to the Government Electronics and Information
Technology Association (GEIA).

DOD's transformation activities affect "every nook and cranny of the
services" and are the main driver of IT budget dollars, said Mike Kush,
director of public-sector marketing for Identix Inc. and GEIA's DOD IT
forecast chairman. He added that the DOD should be receiving an
increasing amount of IT funding in the future, "but the percentage is
not necessarily going up."

http://www.fcw.com/fcw/articles/2002/1028/web-budget-10-31-02.asp 

 

[4] Was it hacking or public property?
 
Reuters
October 29, 2002, 5:51 AM PT

A Swedish company has filed cri

[INFOCON] - (CIA) CSI's Studies in Intelligence (UnclassifiedStudies Volume 46, Number 3, 2002)

[Wanja Eric Naef [IWS]]

(It contains some interesting articles. I would recommend to have a look
at The Coming Revolution in Intelligence Analysis and the counterpoint
article In addition to that there is also an article about PsyOps during
WWII: The Information War in the Pacific, 1945. WEN)

http://www.cia.gov/csi/studies/vol46no3/index.html 

INTELLIGENCE TODAY AND TOMORROW
Policymakers and the Intelligence Community
Supporting US Foreign Policy in the Post-9/11 World
Richard N. Haass

Understanding Our Craft
Wanted: A Definition of "Intelligence"
Michael Warner

The Coming Revolution in Intelligence Analysis
What To do When Traditional Models Fail
Carmen A. Medina

Counterpoint to "The Coming Revolution in Intelligence Analysis" 
Evolution Beats Revolution in Analysis
Steven R. Ward

Sorting Out "National Interests"
Ways To Make Analysis Relevant But Not Prescriptive
Fulton T. Armstrong

HISTORICAL PERSPECTIVES
Work Force Evolution
One Woman's Contribution to Social Change at CIA
Dawn Ellison

Paths to Peace
The Information War in the Pacific, 1945
Josette H. Williams

INTELLIGENCE IN RECENT LITERATURE
God's Eye: Aerial Photography and the Katyn Forest
Reviewed by Benjamin B. Fischer

>From Munich to Pearl Harbor: Roosevelt's America and 
the Origins of the Second World War
Reviewed by Michael Warner.

Secrets of Victory: The Office of Censorship and The American Press and 
Radio in World War II
Reviewed by Robert J. Hanyok

COMMENTARY
Response to "Two Strategic Intelligence Mistakes in Korea, 1950"
A Personal Perspective
Thomas J. Patton






IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-176 Date: 30 October2002

[Wanja Eric Naef [IWS]]

http://www.ocipep.gc.ca/DOB/DOB02-176_e.html
 
OCIPEP DAILY BRIEF Number: DOB02-176 Date: 30 October 2002
 
NEWS 

New act to make Ontario's drinking water safe - Update
As reported in the OCIPEP Daily Brief DOB02-175 released 29 October
2002, the Safe Drinking Water Act was unveiled yesterday by the Ontario
provincial government. The law will call for: licenses for all labs; a
new position of chief provincial inspector; annual reports by the
government to the legislature; and, new standards for water testing,
treatment, distribution and quality. Early reaction to the bill has been
mixed, with NDP MPP Marilyn Churley, the architect of the initial draft
of the Safe Drinking Water Act, unhappy that the Conservative government
version doesn't deal with source protection. Ontario Premier Ernie Eves
said the government intends to follow Justice O'Connor's advice that it
amend the Environmental Protection Act to cover source water protection.
(Source: thestar.com, 30 October 2002) 
Click here for the source article

OCIPEP Comment: Justice O'Connor's reports, made in the wake of the
Walkerton tragedy, contained 121 recommendations to improve the safety
and security of Ontario's drinking water. With regard to water source
protection, the report stated that a strong source-protection program
"lowers risk cost-effectively, because keeping contaminants out of
drinking water sources is an efficient way of keeping them out of the
drinking water". 

Windows 2000 earns Common Criteria certification
The Microsoft Windows 2000 operating system was awarded a Common
Criteria certification, a document that spells out common security
criteria recognized by 15 countries, including Canada and the U.K.
Windows 2000 was certified at Evaluation Assurance Level 4, meaning that
it was "methodically designed, tested and reviewed. " (Source: news.com,
29 October 2002)
Click here for the source article


U.S. Department of Commerce releases certification and accreditation
guidelines
The U.S. Department of Commerce has released the first of three sections
of information security guidelines designed to fix the "inconsistent and
flawed" security assessments for systems used by government agencies.
Some current security certification procedures are "excessively complex,
outdated and costly to implement," according to the National Institute
of Standards and Technology (NIST). A NIST researcher stresses that
there is a need to "move toward the adoption of a standardized process,"
which would allow federal agencies "to better understand how their
partners are dealing with the security issues." The other two sections
of guidelines, one dealing with system controls, and the other with
verification procedures and techniques, will be released next spring.
(Source: computerworld.com, 29 October 2002)
Click here for the source article


OCIPEP Comment: A draft copy (PDF version) of the Guidelines for the
Security Certification and Accreditation of Federal Information
Technology Systems can be viewed at:
http://csrc.nist.gov/sec-cert/SP-800-37-v1.0.pdf

According to recent reports, although leading software companies have
recently committed themselves to improving the latent security of the
products they bring to market, there remains a significant threat to the
security of information networks due to poorly secured software.
According to @Stake, a U.S. security consultancy, 70 percent of security
defects are due to flaws in software design. Microsoft recently publicly
committed itself to ensuring the security of its products. However,
according to analysts, the work the programmers are doing now will not
be reflected in the company's products for a year or two. (Source:
economist.com, 26 October, 2002)
http://www.economist.com/surveys/displayStory.cfm?Story_id=1389575

 

IN BRIEF  

Alberta forest fires cost $300M
The cost of fighting forest fires in Alberta this year was over $300
million, five times more than budgeted, according to a provincial fire
information officer. The continuing droughts, as well as the evacuation
of residents from several communities and road closures, were factors
that contributed to the record expenses. (Source: cbc.ca, 29 October
2002)
Click here for the source article


CIA report warns against cyberterrorism
In a report to the Senate Intelligence Committee, the Central
Intelligence Agency (CIA) warns that groups such as Sunni extremists,
Hezbollah and Aleph-formerly known as Aum Shinrikyo-may join al-Qaeda to
wage cyberwarfare against the U.S. (Source: news.com, 29 October 2002)
Click here for the source article

Port Simpson - Update
The B.C. Provincial Emergency Program has issued its tenth and final
update concerning the power outage and roadway access closure at Port
Simpson, 55 km north of Prince Rupert. Power has been restored since
October 22, and community officials indicate they are past the crisis
stage and have moved into recovery operations. A meeting will be held
today to address the road restoration, w

[INFOCON] - News 10/30/02

[Wanja Eric Naef [IWS]]

 _

  London, Wednesday, October 30, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body

-

_


  
  [News Index]
  

[1] 12th Annual EICAR Conference: Call For Papers
[2] Don't Touch that Dial
[3] Defense, cybersecurity officials praise 'open source' software
[4] China prevented repeat cyber attack on US
[5] Politicians, police recruited to talk up IT security

[6] Responsible Disclosure by Corporate Fiat
[7] Homeland goes interstate route
[8] Q & A Kevin Mitnick
[9] MS gets top security rating for Win2k, makes big noise
[10] OMB issues draft standards to increase info-sharing, cut IT costs

[11] NIST details certification process
[12] Transcom chief touts IT
[13] Tech firms seek to play role in military transformation effort
[14] Defense procurement system prone to security lapses
[15] Sniper leaves a mark

[16] Brussels to spend €250k on Linux migration study
[17] Introducing Network Attached Encryption
[18] Wireless WarDrive: Wee Bit of Fun  
[19] Reuters says it wasn't hacking
[20] Greeting card email is not a worm

[21] Home-based cybersecurity defense won't work
[22] Nowhere to Hide
[23] Lawsuit to Test USA Patriot Act
[24] CIA warns of Net terror threat
[25] Online sales decline for first time

[26] A new threat to ICANN authority?
[27] Dear Saddam, How Can I Help?  
[28] Technology: Military conference highlights information systems
[29] Golden Age of IT Hasn't Arrived Yet
[30] DoCoMo gets defaced
[31] Is a larger Net attack on the way?
[32] Employee surveillance unaffected by terror threat
[33] FIPS testing finds lots of mistakes in crypto IT


_

News
_


[1] 12th Annual EICAR Conference: Call For Papers

12th Annual EICAR Conference: Call For Papers

The Conference will be held May 10-13 in Copenhagen, with three streams
of interest:

-Malware

-Critical Infrastructure Protection (CIP)

-IT-Law and Forensics

with contributions from industry, government, and research. With the
goal 
of keeping abreast of new developments, EICAR will be a forum for 
discussions on subjects past, present and future, pertaining to 
"IT-Security in an Insecure Web".

Papers can be submitted through to December 1st, 2002.

For more information on formatting, panels, area chairs and other
things, 
check out

http://conference.EICAR.org

Submission of Papers to Area Chairs December 1, 2002 
Notifications to Authors of Acceptance and Reviewers' Comments January
15, 2003 

Submission of Camera-Ready Papers February 1, 2003 
First Round Registration March 1, 2003 


 

(I have seen a prototyp of such a phone due for release in January and
it looks amazing as it got so many features, but unfortuntely it looks
like they missed out the security bit. WEN)

[2] Don't Touch that Dial

Mobile phones packing Java virtual machines are gaining in popularity,
and are headed for American shores. Will they be the next arena for
malicious hacking? 

By Michael Fitzgerald, Oct 29 2002 9:05AM

Java phones are coming to the U.S., bringing with them a second chance
for 
mobile applications, and, experts caution, a new platform for malicious 
code. 

"It's going to be an issue," says Tony Davis, acting CEO of Tira
Wireless, a 
Toronto startup that certifies and publishes J2ME (Java 2 MicroEdition) 
applications. Davis already uses a Trojan horse program when he makes
sales 
calls. "When I meet with European carriers, I pull up a phone and show
them 
a car racing game that's actually not just that, it's sending a huge
amount 
of traffic back and forth," Davis says. "I tell them, your customer is
going 
to get a bill for 500 pounds at the end of the month, and who are they
going 
to come after? You."

http://online.securityfocus.com/news/1531 

 

[3] Defense, cybersecurity officials praise 'open source' softwa

[INFOCON] - (MIL) USAF Transforming Our Air and SpaceCapabilities

[Wanja Eric Naef [IWS]]

(Interesting speech by the secretary of the USAF. It looks at how the
USAF is changing and stresses the importance of Space Dominance'. WEN)  


'... While the war on terror presents unprecedented challenges, the
future has never been brighter for airmen. We are entering a new age of
air and space power. There is now a growing consensus as a result of our
successes in Iraq, the Balkans and Afghanistan that air and space
capabilities can dramatically assist our joint forces to achieve victory
swiftly and decisively regardless of distance or of terrain or of
adversary. While we've been very successful in the past decade, our
potential adversaries have come to accept our overwhelming military
strength and as a result have grown increasingly less willing to engage
our forces directly. We face a new reality. One in which our traditional
defenses - deterrence and the protective barriers afforded by friendly
neighbors and two large oceans may be of limited effect.

This new reality highlights the absolute necessity of transforming our
air and space capabilities. ...'

'... Today's force in many ways is a transition force. Our legacy
aircraft systems were built with specialized roles and they were very
good. We have limited networking, limited all-weather delivery and
limited stand off and our sensors are only partially integrated. ...'

'... We are developing a range of systems that fulfill these objectives,
from multi-mission command-and-control aircraft, smart tankers, an
entire generation of unmanned vehicles, including Global Hawks, UCAVs
(unmanned combat aerial vehicles) , armed scout Predators and shortly,
hunter-killer UAVs (unmanned aerial vehicles). We are also developing a
small diameter bomb and the airborne laser, to name just a few. ...'

'... We are developing a range of systems that fulfill these objectives,
from multi-mission command-and-control aircraft, smart tankers, an
entire generation of unmanned vehicles, including Global Hawks, UCAVs
(unmanned combat aerial vehicles) , armed scout Predators and shortly,
hunter-killer UAVs (unmanned aerial vehicles). ...'

* Space Dominance:

'... We also realize that soon will come a time when space systems will
grow beyond their traditional role as force enhancers and then will play
a more active role in preventing, fighting and winning wars. Our
adversaries have noted the advantages we have gained from space, and
given the total interdependence we see in air and space power, we cannot
risk the loss of space superiority. We must and will continue our
efforts to protect our space assets and prepare ourselves to counter any
enemy's space assets. ...'

'... While space capabilities have been an essential contributor in
recent operations, we must modernize to maintain our war fighting
advantage. In the early stages of space age, most capabilities were used
by a limited group of users and they were highly classified. The current
space regime is decidedly different. The forms and distinctions between
black programs, white space, military, civil and commercial are growing
increasingly blurred and we must ensure our space architectures remain
capable of supporting our military missions as well as our civil users
who rely on them for the swift flow of information and commercial
applications. ...'


-

Transforming Our Air and Space Capabilities

Dr. James G. Roche, Secretary of the Air Force

Remarks to the Air Force Association National Convention luncheon,
Washington, D.C., Sept, 18, 2002

First, let me say hello. I recognize that between the end of this whole
thing and you only stand me, so I will try to make this mercifully
brief. I would like to say thank you to some of my predecessors,
Secretary (Robert C.) Seamans (Jr.), Secretary (John L.) McLucas,
Secretary Whit Peters and Secretary Pete Aldridge. Thank you for being
here. You make me feel like the PhD student who has to defend his thesis
in front of people who know what they are talking about, which is
usually what I don't have to do. You make it very tough. 

Thank you, Tom, for that gracious if incomplete introduction. For those
of you who don't know, Tom only told you what I do as a sideline. My
real job, as many of you AFA aficionados realize is the holder of the
Thomas McKee Chair of Pro Bono Public Speaking. I do believe that I am
the only person he's talked into speaking at more AFA events. There is
only one person he's done it more to, and that is the individual who is
currently occupying the Air Force Association Chair in Oratorical Arts
and Aircraft Designation, Gen. John Jumper.

I want to salute you and your great team at the Air Force Association
for putting together a wonderful program this week. You've had a chance
to discuss many of the issues we are working on in the Air Force today,
to celebrate the achievements of our best and brightest and to admire
the great rhetorical skills and taxonomic creativity of our chief of
staf

[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-175 Date: 29 October2002

[Wanja Eric Naef [IWS]]

OCIPEP DAILY BRIEF Number: DOB02-175 Date: 29 October 2002
 
http://www.ocipep.gc.ca/DOB/DOB02-175_e.html  

NEWS 

New act to make Ontario's drinking water safe
New legislation aimed at ensuring Ontario has cleaner, safer drinking
water will be unveiled by Ontario Premier Ernie Eves today. The Safe
Drinking Water Act will look to impose rigorous standards for operators
dealing with treatment, testing and distribution of Ontario's drinking
water. Justice Dennis O'Connor recommended the creation of the new act
following his inquiry into the Walkerton E. coli tragedy that killed
seven and sickened 2,300 people in the spring of 2000. (Source: the
star.com, 29 October 2002)
Click here for the source article

OCIPEP Comment: As reported in OCIPEP Daily Brief DOB02-154, released 27
September 2002, a report released by the Environmental Commissioner of
Ontario (ECO) was critical of Ontario's response to water treatment and
security. 

Proposal for global IT security centre
On Monday, members of the U.S. - E.U. Information Technology Security
Forum discussed the establishment of the International Security
Coordination Center, a global centre for IT security, which would be
based on the centre that was created to deal with Y2K-related events.
The centre would allow industry and governments to communicate regularly
on issues pertaining to cyber security and to react quickly during a
crisis. (Source: GovExec.com, 28 October 2002)
Click here for the source article


OCIPEP Comment: As part of their eEurope 2005 program, the European
Commission is expected to announce a European cybersecurity task force
that will function as a response centre. The centre is to be operational
by the end of 2003. Other potential actions concerning strengthening IT
security include enhancing the widespread use of smartcards by the end
of 2004 and developing a European Virus Alert System by the end of 2003.
To see the European Commission recommendations on eSecurity, go to:
http://europa.eu.int/information_society/newsroom/documents/catalogue_en
.pdf. The eEurope 2005 actions can be found on page 16 of the PDF file.

IT security a corporate priority: Report
META Group, Inc., an IT consulting service, recently announced its
findings pertaining to IT security spending in the year ahead. These
findings were extracted from its 2003 Worldwide IT Benchmark Report, an
annual survey of technology trends and economics. According to the
study, despite META Group's predicted near 5 percent decrease in overall
corporate IT spending in 2003, Chief Information Officers (CIO) have
incrementally increased investments in security, a trend set in motion
even before 11 September 2001. The report forecasts that spending on IT
security and business continuity will "be almost evenly split [among]
infrastructure, business continuity, and information security". It goes
on to state that, despite current economic conditions and smaller
budgets, developing a comprehensive security and privacy architecture
has become the focus for virtually all public-sector CIOs, even though
most of their non-IT colleagues do not share the same sense of urgency.
(Source: itWorldCanada.com, 28 October 2002)
Click here for the source article


OCIPEP Comment: To obtain a copy of the report, go to:
http://www.metagroup.com/cgi-bin/inetcgi/commerce/productDetails.jsp?oid
=33569



 

IN BRIEF  

Australia's foreign minister warns Canada about terrorism
After meeting with Foreign Affairs Minister Bill Graham on Monday,
Australia's foreign minister, Alexander Downer, warned that Canada
should remain vigilant at all times against terrorist attacks. He voiced
that "no country is safe" from terrorism and that the recent deadly
attacks in Bali, Indonesia, should be a lesson to all countries,
including Canada. (Source: the star.com, 28 October 2002)
Click here for the source article

Reuters accused of hacking
Reports indicate that Swedish software company Intentia will file
criminal charges against the Reuters news agency for allegedly hacking
into the company's computer system to retrieve financial data that had
not yet been publicly released. Reuters reportedly published information
on Intentia's third quarter profits just minutes before it was issued by
the company. (Source: ZD Net Australia, 29 October 2002)
Click here for the source article


Pro-Islamic hackers ready for cyber war: Experts
The number of politically motivated computer attacks have risen sharply
this month, according to British security firm mi2g. Hacking groups
sympathetic to Islamic interests have increased their activities, which
are primarily directed at computer systems in the U.S., U.K., India and
Israel. (Source: REUTERS.com, 29 October 2002)
Click here for the source article





CYBER UPDATES
See: What's New for the latest Alerts, Advisories and Information
Products  

Threats

Central Command reports on VBS/WhyHoPo, which is a Visual Basic Script
that copies itself to multiple directory locations when it is run

[INFOCON] - The Economist: Survey - digital security

[Wanja Eric Naef [IWS]]

(This week's Economist has a special section on Information Security
which is well worth a read as it is well researched (in comparison to
the usual cybergeddon article). 

P.S. I have been contacted by a Pentagon Reporter who is looking for a
PsyOps expert. He is 'writing a story about possible PSYOPS should the
U.S. decide to invade Iraq. The story would look at past operations,
particularly Panama, and the challenge of carrying out such an operation
in the teeming city of Baghdad. Would like to talk to either operators
or experts in the field.'  If any list member is interested please let
me know. WEN)


On digital terrorism:

'... It is true that utility companies and other operators of critical
infrastructure are increasingly connected to the Internet. But just
because an electricity company's customers can pay their bills online,
it does not necessarily follow that the company's critical control
systems are vulnerable to attack. Control systems are usually kept
entirely separate from other systems, for good reason. They tend to be
obscure, old-fashioned systems that are incompatible with Internet
technology anyhow. Even authorised users require specialist knowledge to
operate them. And telecoms firms, hospitals and businesses usually have
contingency plans to deal with power failures or flooding. ...'

'... Like eco-warriors, he observes, those in the security industry-be
they vendors trying to boost sales, academics chasing grants, or
politicians looking for bigger budgets-have a built-in incentive to
overstate the risks.
...' (Nice quote which is so true. WEN)


Senior Management Support for InfoSec

'...A second, related misperception is that security can be left to the
specialists in the systems department. It cannot. It requires the
co-operation and support of senior management. Deciding which assets
need the most protection, and determining the appropriate balance
between cost and risk, are strategic decisions that only senior
management should make. ...

... Senior executives do not understand the threats or the technologies.
"It seems magical to them," says Mr Charney. Worse, it's a moving
target, making budgeting difficult. ...

Threats/Risk:

'... Even senior managers who are aware of the problem tend to worry
about the wrong things, such as virus outbreaks and malicious hackers.
They overlook the bigger problems associated with internal security,
disgruntled ex-employees, network links to supposedly trustworthy
customers and suppliers, theft of laptop or handheld computers and
insecure wireless access points set up by employees. ...'

'... One of the biggest threats to security, however, may be
technological progress itself, as organisations embrace new technologies
without taking the associated risks into account. ...'

Virus:

'... Viruses are a nuisance, but the coverage they receive is
disproportionate to the danger they pose. ...'

Firewalls:

'... Firewalls are no panacea, however, and may give users a false sense
of security. To be effective, they must be properly configured, and must
be regularly updated as new threats and vulnerabilities are discovered.
...'

IDS:

'... Compared with anti-virus software and firewalls, detection is a
relatively immature technology, and many people believe it is more
trouble than it is worth. The difficulty is tuning an IDS correctly, so
that it spots mischievous behaviour reliably without sounding too many
false alarms. ...'

MS:

'... Microsoft's policy of tight integration between its products, which
both enhances ease of use and discourages the use of rival software
makers' products, also conflicts with the need for security. ...'

'... The Windows operating system is the largest piece of software ever
written, so implementing security retrospectively is a daunting task.
...'


Human Element of Security:

'... If correctly handled, a management-based, rather than a solely
technology-based, approach to security can be highly cost-effective.
...'

'... But there are other, more subtle ways in which management and
security interact. "More than anything else, information security is
about work flow," says Ross Anderson of Cambridge University's Computer
Laboratory. The way to improve security, he says, is to think about
people and processes rather than to buy a shiny new box. ...'

Biometrics:

'...The first is that the technology is not as secure as its proponents
claim. ...'

'... The second and more important problem is that biometric technology,
even when it works, strengthens only one link in the security chain.
...'

'... In short, biometrics are no panacea. The additional security they
provide rarely justifies the cost. ...'

Bottom Line:

'... Security, in sum, depends on balancing cost and risk through the
appropriate use of both technology and policy. The tricky part is
defining what "appropriate" means in a particular context. It will
always be a balancing act. Too little can be dangerous and costly-but so
can too much. ...'