_________________________________________________________________ London, Thursday, September 19, 2002 _________________________________________________________________
INFOCON News _________________________________________________________________ IWS - The Information Warfare Site http://www.iwar.org.uk _________________________________________________________________ IWS Sponsor IQPC Defence Conference: Information Operations 2002 25-26/09/02 Information Operations 2002: Analysing development in defensive and offensive information operations, critical infrastructure protection, information assurance and perception management. September 25 - 26, 2002. London, UK (Pre-Conference Masterclass: 24th September 2002) Information Operations 2002 Conference Web Site http://www.iqpc-defence.com/GB-1826 _________________________________________________________________ ---------------------------------------------------- [News Index] ---------------------------------------------------- [1] Cybersecurity Plan Offends No One [2] Administration unveils cybersecurity plan [3] President Bush Announced His Appointment of 24 Individuals to Serve as Members of the National Infrastructure Advisory Committee [4] A Short History of Computer Viruses and Attacks [5] White House balks at Senate confirmation for e-gov chief [6] Pentagon's anti-terrorism battle takes a covert turn [7] Probe: U.S. Knew of Jet Terror Plots [8] Group says Microsoft isn't living up to antitrust settlement [9] Fed cybersecurity initiative boosts TCPA [10] Bird's-Eye View of What Irks Bush [11] Web firms take second shot at success [12] Detecting and Removing Trojans and Malicious Code from Win2K [13] Slapped Silly [14] A Gathering of Big Crypto Brains [15] Falun Gong 'TV hackers' on trial [16] Can Bon Jovi Foil the Pirates? [17] Senate stuck in slow motion on homeland security bill _________________________________________________________________ News _________________________________________________________________ [1] Cybersecurity Plan Offends No One The White House's strategy to secure cyberspace adopts a hands-off approach. Critics say that's not enough. By Kevin Poulsen, Sep 18 2002 6:26PM PALO ALTO, Calif.--The White House formally unveiled a public draft of its national cybersecurity plan at Stanford University here Wednesday to an invitation-only audience of technology company CEO's and security industry bigwigs, and a crush of media. Introducing it as the product of an "unprecedented partnership" between the private sector and government, Richard Clarke, chairman of the President's Critical Infrastructure Protection Board (PCIPB), said the National Strategy to Secure Cyberspace is a step towards preventing serious cyber attacks in the future. "On this issue, when we know there are vulnerabilities, and we know some of the solutions, let us work together as a country... to solve these vulnerabilities before there's a major disaster." http://online.securityfocus.com/news/677 ---------------------------------------------------- [2] Administration unveils cybersecurity plan By Bara Vaida and Stephen M. Lawton for National Journal's Technology Daily PALO ALTO, Calif.- Borrowing on imagery from the Sept. 11, 2001, terrorist attacks, the "Nimda" and "Code Red" computer viruses and veiled threats yet to come, the White House on Wednesday unveiled its national cyber-security plan at a press conference here. What was originally expected to be a blueprint of how the administration plans to fight cyber threats, the document is a "rough draft" that will be the subject of public comment for the next 60 days, said Richard Clarke, the president's cybersecurity adviser. "The government cannot dictate, cannot mandate, cannot alone secure cyberspace," Clarke said. He characterized the theme of the document as moving away from "who, what, when, how and shifting to a vulnerability paradigm." http://www.govexec.com/dailyfed/0902/091802td1.htm More: Cybersecurity plan lacks muscle http://news.com.com/2100-1023-958545.html?tag=cd_mh US cyber defence plan lacks teeth, claim critics http://www.cw360.com/bin/bladerunner?REQSESS=irD17TS&2149REQEVENT=&CARTI=115898& CARTT=1&CCAT=2&CCHAN=22&CFLAV=1 Two cheers for US cyber-security plan http://news.bbc.co.uk/1/hi/business/2268188.stm Cyber Security Report Spreads Burden http://www.cbsnews.com/stories/2002/09/17/tech/main522287.shtml Critics Rap Bush Cyber-Security Plan http://www.eweek.com/article2/0,3959,541172,00.asp White House cybersecurity plan avoids mandates http://www.iht.com/articles/71144.html ---------------------------------------------------- [3] President Bush Announced His Appointment of 24 Individuals to Serve as Members of the National Infrastructure Advisory Committee President George W. Bush today announced his appointment of the 24 individuals to serve as Members of the National Infrastructure Advisory Committee (NIAC). Established by Executive Order 13231, NIAC will make recommendations regarding the security of the cyber and information systems of the United States' national security and economic critical infrastructures. The Committee will also examine ways that partnerships between the public and private sectors can be enhanced to improve cyber security. http://www.whitehouse.gov/news/releases/2002/09/20020918-12.html ---------------------------------------------------- [4] A Short History of Computer Viruses and Attacks Compiled by Brian Krebs washingtonpost.com Staff Writer Wednesday, September 18, 2002; 12:00 AM 1945: A moth is found trapped between relays in a computer operated by the U.S. Navy. From then on, problems with computers are referred to as "bugs," and the process of removing them is called "debugging." http://www.washingtonpost.com/wp-dyn/articles/A50636-2002Jun26.html ---------------------------------------------------- [5] White House balks at Senate confirmation for e-gov chief By Jason Peckenpaugh The White House generally supports legislation that would create an e-government chief's position at the Office of Management and Budget, but Bush officials are balking at a provision that requires the official to be confirmed by the Senate. The legislation, known as the E-Government Act (H.R. 2458), passed the Senate in June and is awaiting action in the House. Besides creating the e-government position-which mirrors the current role of Mark Forman, assistant director for information technology and e-government at OMB-the measure also requires agencies to protect the privacy of citizens using federal Web sites and reauthorizes the 2000 Government Information Security Reform Act, which is set to expire Nov. 29. OMB supports these measures, but opposes Senate confirmation for the e-government chief, in part because of the lengthy confirmation process for presidential appointees, said Mark Everson, deputy director for management at OMB. http://www.govexec.com/dailyfed/0902/091802p1.htm ---------------------------------------------------- [6] Pentagon's anti-terrorism battle takes a covert turn Susan Schmidt and Thomas E. Ricks The Washington Post Thursday, September 19, 2002 WASHINGTON The Pentagon is preparing to consolidate control of most of the global war on terrorism under the U.S. Special Operations Command, according to government sources, signaling an intensified but more covert approach to the next phase in the battle against Al Qaeda and other international terrorist groups. The unprecedented move, discussed by senior Pentagon officials for months, comes in response to prodding by Defense Secretary Donald Rumsfeld for the military to take more aggressive steps to capture or kill members of Al Qaeda, many of whom have fled since the U.S. military campaign in Afghanistan began last year, the sources said. The Special Operations Command, or SOCOM, which like the U.S. Central Command has headquarters in Tampa, Florida, has been ordered to come up with detailed plans in the next weeks for how it will manage its expanded responsibilities, sources said. http://www.iht.com/articles/71143.html ---------------------------------------------------- '... Hill also said that between May and July 2001, the National Security Agency reported at least 33 communications indicating a possible, imminent terrorist attack. Asked why intelligence agencies didn't do more about the terrorist threats, Hill said they have complained about a lack of resources and the massive amount of intelligence they were receiving. "They were overwhelmed by almost a flood of information," she said. ...' [7] Probe: U.S. Knew of Jet Terror Plots Wed Sep 18,10:20 PM ET By KEN GUGGENHEIM, Associated Press Writer WASHINGTON (AP) - Intelligence agencies failed to anticipate terrorists flying planes into buildings despite a dozen clues in the years before the Sept. 11 attacks that Osama bin Laden ( news - web sites) or others might use aircraft as bombs, a congressional investigator told lawmakers Wednesday as they began public hearings into the attacks. http://story.news.yahoo.com/news?tmpl=story&u=/ap/20020919/ap_on_go_co/attacks_i ntelligence_22 ---------------------------------------------------- [8] Group says Microsoft isn't living up to antitrust settlement Thursday 19 September 2002 An industry group backed by some of Microsoft's top competitors has sent a letter to the US Department of Justice (DoJ) claiming that the software maker is not living up to the terms of a proposed antitrust settlement deal that it reached with the federal government. http://www.cw360.com/bin/bladerunner?REQSESS=irD17TS&2149REQEVENT=&CARTI=115902& CARTT=14&CCAT=2&CCHAN=28&CFLAV=1 ---------------------------------------------------- [9] Fed cybersecurity initiative boosts TCPA By Thomas C Greene in Washington Posted: 17/09/2002 at 17:18 GMT On Wednesday a group of federal bureaucrats, business representatives and industry lobbyists will be rolling out a draft of the White House's new initiative to enlist the computing public in the task of defending cyberspace. Originally, the Feds had planned to roll out a final draft, but this has been delayed due to unresolved conflicts among the technology companies the scheme will be affecting. http://www.theregister.co.uk/content/55/27159.html ---------------------------------------------------- [10] Bird's-Eye View of What Irks Bush By Noah Shachtman 2:00 a.m. Sep. 18, 2002 PDT While diplomats and generals debate what should be done if Iraq has acquired weapons of mass destruction, a website run by a tiny Virginia nonprofit is giving ordinary citizens a glimpse of what may be Saddam Hussein's biological, chemical and nuclear arms-making facilities. By publishing its analysis of commercial satellite pictures, GlobalSecurity.org is doing more than educating the Internet-going public. The group is beginning, in minute ways, to affect the moves of world players as well. http://www.wired.com/news/politics/0,1283,55218,00.html ---------------------------------------------------- [11] Web firms take second shot at success Once-struggling dot-coms go through reincarnation September 18, 2002 Posted: 9:49 AM EDT (1349 GMT) SAN FRANCISCO, California (AP) -- The Internet digital photo site Webshots seemed destined to dissolve in the dot-com meltdown a year ago as its owner, ExciteAtHome, prepared to go bankrupt. But Webshots' co-founders lobbied for another try at developing the site into a profitable business -- a goal that doesn't look as farfetched as it appeared when ExciteAtHome was poised to pull the plug. http://www.cnn.com/2002/TECH/internet/09/18/second.webshots.ap/index.html ---------------------------------------------------- [12] Detecting and Removing Trojans and Malicious Code from Win2K by H. Carvey last updated September 18, 2002 Introduction The amount of malicious code directed at Windows systems seems to be increasing on a continual curve [1]. IRC bots, backdoor Trojans and worms abound. It seems that few Windows systems, particularly Win2K, are immune from infection, regardless of how diligent the user or administrator may be. Many posters to public lists continue to report Code Red and Nimda scans, as well as port scans for popular Trojan applications, on an almost weekly basis. The flip side of this is that users and administrators are also reporting that their systems have been infected or "hacked", without having solid evidence to support their assumptions. Many times, the reported activity may be, in reality, normal activity of an application on the system. http://online.securityfocus.com/infocus/1627 ---------------------------------------------------- [13] Slapped Silly Lessons I learned from falling prey to the latest Linux virus. By Jon Lasser Sep 18, 2002 It's our turn again. The latest worm to attack Web servers is aimed squarely at Linux systems running Apache. The Slapper worm affects 21 different builds of Apache that live on top of a number of different Linux distributions, exploiting the SSL bug reported at the end of July. It installs a distributed denial-of-service (DDoS) client on the target system and also attempts to locate and exploit other vulnerable instances of Apache. http://online.securityfocus.com/columnists/109 ---------------------------------------------------- [14] A Gathering of Big Crypto Brains By Karlin Lillington 2:00 a.m. Sep. 19, 2002 PDT NAAS, Ireland -- In a lush country hotel 20 miles south of Dublin, the barroom conversation turns to steganography and database vulnerabilities, encryption algorithms and biometric scanners, SWAP files and cookie poisoning. Not your average pub denizens, the speakers are some of the best-known names in cryptography and security, gathered for one of the industry's best-kept secrets: the annual COSAC conference, held every fall in Ireland. http://www.wired.com/news/technology/0,1282,55209,00.html ---------------------------------------------------- [15] Falun Gong 'TV hackers' on trial Members of the Falun Gong spiritual movement have gone on trial in China, charged with hacking into a cable television network and broadcasting pro-Falun Gong messages. http://news.bbc.co.uk/1/hi/world/asia-pacific/2267523.stm ---------------------------------------------------- [16] Can Bon Jovi Foil the Pirates? By Noah Shachtman 2:00 a.m. Sep. 19, 2002 PDT Hair-rock mastodons Bon Jovi may have actually done something cool this decade. The 1980s megastars have a new, Web-based scheme to discourage their soon-to-be-released disc from being pirated. And computer security experts think the program just might work. http://www.wired.com/news/technology/0,1282,55246,00.html ---------------------------------------------------- [17] Senate stuck in slow motion on homeland security bill By Brody Mullins, CongressDaily Senate Majority Leader Tom Daschle, D-S.D., filed a cloture motion Tuesday to end a protracted debate on homeland security legislation, but it is unclear whether he will be able to break the deadlock. The White House deployed homeland security adviser Tom Ridge to Capitol Hill Tuesday to reiterate his call for speedy action on the homeland measure. "We need to get on with this," Ridge told reporters. But it was considered unlikely that the Senate would heed the call. Just moments after Daschle filed for cloture, Republicans objected. Republican leadership aides held an impromptu news conference to accuse Daschle of employing Sen. Robert Byrd, D-W.Va., to filibuster the bill to justify the cloture motion. http://www.govexec.com/dailyfed/0902/091802cdam1.htm ---------------------------------------------------- _____________________________________________________________________ The source material may be copyrighted and all rights are retained by the original author/publisher. Copyright 2002, IWS - The Information Warfare Site _____________________________________________________________________ Wanja Eric Naef Webmaster & Principal Researcher IWS - The Information Warfare Site <http://www.iwar.org.uk> --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk