_________________________________________________________________ London, Friday, November 15, 2002
_________________________________________________________________ INFOCON News _________________________________________________________________ IWS - The Information Warfare Site http://www.iwar.org.uk _________________________________________________________________ CURRENT THREAT LEVELS • Electricity Sector Physical: Elevated (Yellow) • Electricity Sector Cyber: Elevated (Yellow) • Homeland Security Elevated (Yellow) • DOE Security Condition: 3, modified • NRC Security Level: III (Yellow) (3 of 5) --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- _________________________________________________________________ ---------------------------------------------------- [News Index] ---------------------------------------------------- [1] Controversial provisions could delay Senate homeland vote [2] Homeland Security bill would reorganize federal first responder programs [3] The government wants you -- to be a cyber-security soldier [4] Briton fights extradition in hacking [5] How To Protect Yourself From "Wireless" Computer Hackers [6] Security adviser presses for new intelligence analysis agency [7] Consortium demos secure network [8] MS Takes Hard Line on Security [9] Linux, Open Source have 'more security problems than Windows' [10] Russians wage cyberwar to disrupt separatists [11] Popular packet sniffing packages contaminated by Trojan [12] FBI warns of risk of al-Qaida attack [13] Al Qaeda's New Tactics [14] Study Makes Less of Hack Threat [15] US gov's 'ultimate database' run by a felon [16] FTC drawing the line on spammers [17] When firewalls and intrusion detection just aren't enough [18] IT directors unsure of tech benefits [19] Alien Autopsy: Reverse Engineering Win32 Trojans on Linux [20] Air Force piloting SIPRNET portal [21] Air Force planning enterprise C4ISR review [22] Air Force rolling out XML e-forms _________________________________________________________________ News _________________________________________________________________ [1] Controversial provisions could delay Senate homeland vote By Brody Mullins and April Fulton, Congress Daily While senators remain focused on debate over personnel rules for the new Homeland Security Department, that issue is far from the only controversial matter remaining in the bill. From vaccine liability protections to a delay in an airport baggage-screening deadline, the GOP-drafted bill that passed the House Wednesday and heads to the Senate Thursday includes contentious measures quietly written into the bill as the congressional session draws to a close. Senate leaders, determined to create the Homeland Security Department before the year's end, are likely to accept most of the provisions. Still, the new debates could push a final vote on the underlying bill into next week. ,P> Governmental Affairs Committee Chairman Joseph Lieberman, D-Conn., who wrote the Democrats' version of the bill, said he is "especially concerned" about the latest GOP bill, because it contains "a number of special-interest provisions that are being sprung on the Senate without prior warning or consideration. This is really not the time for that." http://www.govexec.com/dailyfed/1102/111402cdam1.htm ---------------------------------------------------- [2] Homeland Security bill would reorganize federal first responder programs By Jason Peckenpaugh The White House and the Senate have agreed to a major shake-up of federal programs that provide anti-terrorism training to thousands of “first responders” in state and local governments as part of the homeland security bill now being considered by the Senate. The reorganization, which is part of the homeland security bill passed Wednesday by the House, takes anti-terrorism training duties away from the Federal Emergency Management Agency and puts them in the Border and Transportation Security division of the Homeland Security Department. Specifically, the deal carves out the Office of National Preparedness from FEMA and places it under the Office of Domestic Preparedness (ODP), which will take the lead in training and equipping thousands of “first responders” in the new department. The ODP is currently in the Justice Department, but it would move to the Border and Transportation Security Division of the Homeland Security Department under the legislation. http://www.govexec.com/dailyfed/1102/111402p1.htm ---------------------------------------------------- [3] The government wants you -- to be a cyber-security soldier By Steven E. Roberts and Aaron D. Rosenbaum The Bush administration has re-energized its push for a Department of Homeland Security. In addition to ``traditional'' security measures, the proposed department would work to safeguard the Internet. The need for cyber-security was underscored last month by an attack on servers that maintain the directory of domain addresses on which the Internet depends. While the Oct. 21 attack demonstrated America's continuing vulnerability to cyber-terrorism, the real danger may be the fact that this cyber-blitz received so little attention. Before Sept. 11, 2001, only the fringes of the computer security community warned of a ``digital Pearl Harbor.'' By targeting America's critical electronic infrastructures -- power plants, airport control towers, banking systems and communication networks -- terrorists or rogue nations could attack the United States using nothing more than ones and zeros and a stream of electrons. Ultimately, Sept. 11 made cyber-terrorism a mainstream national security issue, but defense against the threat remains more intention than substance. http://www.siliconvalley.com/mld/siliconvalley/business/columnists/45225 96.htm ---------------------------------------------------- [4] Briton fights extradition in hacking ASSOCIATED PRESS An unemployed British computer administrator will fight U.S. efforts to extradite him in what authorities are calling the largest-ever successful hacking into American military networks, his attorney said yesterday. Gary McKinnon, 36, of London was indicted Tuesday in federal courts in Virginia and New Jersey on eight counts of computer-related crimes. They included break-ins over 12 months at 92 U.S. military and NASA networks across 14 states, including two at the Pentagon. Mr. McKinnon also was accused of hacking into the networks of six private companies and organizations. http://www.washtimes.com/national/20021114-5398600.htm 'Hacker' says attempt to extradite him is political http://news.independent.co.uk/digital/news/story.jsp?story=351897 http://www.space.com/news/nasa_dod_hack_021114.html ---------------------------------------------------- (Bad article as it does not mention once that WEP is quite insecure. WEN) [5] How To Protect Yourself From "Wireless" Computer Hackers (New York-WABC, November 14, 2002) — There is a warning for computer users. There are spies out there and they are trying to get into your computer with some of the new high-tech Internet connections, it's not very difficult to do that. You have to protect yourself. Robb Hanrahan reports. Your personal information, address, credit card numbers, social security numbers and even your passwords are at risk. There is a new type of computer theft out there and it is "out there" in the air almost everywhere that puts you at risk. http://abclocal.go.com/wabc/news/WABC_111402_hackers.html ---------------------------------------------------- [6] Security adviser presses for new intelligence analysis agency By Molly M. Peterson, National Journal's Technology Daily The president should create a new, stand-alone agency to serve as an "all-source fusion and analysis center" for intelligence related to potential terrorist attacks, the chairman of an influential counterterrorism commission told a House Armed Services subcommittee on Thursday. "There are misgivings with the idea of a new agency, but frankly, our commission doesn't seem to see any other alternative," James Gilmore, chairman of the Advisory Panel to Assess Domestic Response Capabilities for Terrorism Involving Weapons of Mass Destruction, told lawmakers during a hearing on the panel's fourth annual report to the president and Congress. The formal report is due next month, but members of the panel, commonly known as the Gilmore Commission, decided to release certain recommendations in advance, to help "inform the current debate" as policymakers implement legislation to create a Homeland Security Department. http://www.govexec.com/dailyfed/1102/111402td1.htm ---------------------------------------------------- [7] Consortium demos secure network BY Dibya Sarkar Nov. 14, 2002 A public/private consortium in Oregon is developing a secure information network that was created as a direct result of homeland security concerns. The consortium responsible for developing the Oregon Trial of Emergency and Security Technology (O-TEST) demonstrated the model in Washington, D.C., Nov. 13. "It is a protocol of communication that is IP-based and lives on top of a public network that provides a secure point-to-point data interchange," said Wyatt Starnes, president and chief executive officer of Tripwire Inc. and a member of the board of directors of RAINS — the Oregon Regional Alliance for Information and Network Security. http://www.fcw.com/geb/articles/2002/1111/web-oregon-11-14-02.asp ---------------------------------------------------- [8] MS Takes Hard Line on Security By Paul Boutin | 02:00 AM Nov. 14, 2002 PT MOUNTAIN VIEW, California -- Microsoft's security honcho has a message for Windows users: Let's roll. Craig Mundie, who oversees the company's Trustworthy Computing initiative, told an audience Wednesday that in response to the threat of terrorist cyberattacks, Microsoft would deploy security fixes to its installed base of hundreds of millions of computers worldwide in the coming year -- even if those fixes break applications in use by customers. http://www.wired.com/news/technology/0,1282,56381,00.html ---------------------------------------------------- [9] Linux, Open Source have 'more security problems than Windows' By Robin Miller, NewsForge.com Posted: 15/11/2002 at 08:37 GMT According to a report published November 12 by Aberdeen Group, "Security advisories for open source and Linux software accounted for 16 out of the 29 security advisories - about one of every two advisories - published for the first 10 months of 2002 by Cert (www.cert.org, Computer Emergency Response Team)." Aberdeen says Microsoft products have had no new virus or trojan horse advisories in the first 10 months of 2002, while Unix, Linux, and Open Source software went from one in 2001 to two in the first 10 months of 2002, that in the same 2002 time period "networking equipment" (operating system unspecified) had six advisories, and Mac OSX had four. http://www.theregister.co.uk/content/55/28118.html ---------------------------------------------------- [10] Russians wage cyberwar to disrupt separatists Chechen separatists say Russia's FSB security service is behind the collapse of two Web Sites that form a key source of news for the rebel area. The two sites, www.kavkaz.org and www.chechenpress.com, collapsed under a barrage of attacks from computer hackers just after Russian troops stormed a Moscow theater killing 41 armed rebels and 128 of the hostages they had been holding there. http://zdnet.com.com/2110-1105-965858.html ---------------------------------------------------- [11] Popular packet sniffing packages contaminated by Trojan By John Leyden Posted: 14/11/2002 at 16:43 GMT Users are warned to be vigilant after trojanised versions of popular packet sniffing packages were posted on well known download sites. A detailed alert from members of the Houston Linux users group warns that trojanised versions of Libpcap, used as a packet sniffing library in programs like Snort (the open source IDS package), and Tcpdump have been posted on Tcpdump.org. These contaminated packages have also found their way onto many mirror sites, such as Wiretapped.net http://www.theregister.co.uk/content/55/28105.html ---------------------------------------------------- [12] FBI warns of risk of al-Qaida attack U.S. officials fear the tape purportedly from Osama bin Laden could rally his followers to violence. Here, a supporter of Muthedda Majlis-e-Amal, an alliance of hard-line Islamic parties, holds a picture of bin Laden during a rally last month in Karachi, Pakistan. NBC NEWS AND NEWS SERVICES Nov. 15 — Two days after intelligence experts said an audiotaped threat indicated terror mastermind Osama bin Laden was still alive, the FBI has warned that al-Qaida is likely to attempt a “spectacular” attack intended to inflict large-scale casualties and damage the U.S. economy. http://www.msnbc.com/news/834102.asp See also: Europe is warning of terrorist threat http://www.iht.com/articles/76999.html ---------------------------------------------------- [13] Al Qaeda's New Tactics By PETER L. BERGEN ASHINGTON — In past weeks Al Qaeda has relaunched itself, a rebranding that presages a second phase in its war against the West. The clearest evidence for this shift is in three audiotapes that Al Qaeda has released since the beginning of October from its top leaders, Osama bin Laden and Ayman al Zawahiri. Most analysts both inside and outside the government believe those tapes to be authentic. On them, the two Qaeda leaders call for a wider war against not only the United States but the West in general, with a wider range of targets. Al Qaeda has chosen war against all "the Crusaders," not just Americans. The front can be anywhere. http://www.nytimes.com/2002/11/15/opinion/15BERG.html?ex=1038027600&en=1 de425fc034b87c5&ei=5040&partner=MOREOVER ---------------------------------------------------- [14] Study Makes Less of Hack Threat By Noah Shachtman | 02:00 AM Nov. 14, 2002 PT Despite the panting about "cyberterrorists," and despite the scare mongering about venomous hackers preying on fragile federal networks, attacks on government computer systems are declining worldwide, according to a recently released report. In the United States, reported intrusions into government networks fell from 386 in 2001 to 162 in the first 10 months of 2002. Worldwide, such attacks have declined by about a third -- from 2,031 last year to a projected 1,400 today. http://www.wired.com/news/politics/0,1283,56382,00.html ---------------------------------------------------- [15] US gov's 'ultimate database' run by a felon By Thomas C Greene in Washington Posted: 14/11/2002 at 20:22 GMT We all know that truth is stranger than fiction, and here we have an apparently real item straight from the realm of Tom Clancy. Imagine a huge, absolutely huge, central database containing both the official and commercial data of every single citizen, run by the US military ostensibly for anti-terror and Homeland Security purposes, and all of it under the direction of a convicted felon. Well the database is in development and coming soon, according to the New York Times; and the felon who will run it is disgraced Reagan administration liar, dirty-trickster and cover-uper Admiral John M. Poindexter, who Dubya has taken out of mothballs to keep us all safe from dreadful evildoers. http://www.theregister.co.uk/content/6/28107.html ---------------------------------------------------- [16] FTC drawing the line on spammers By Troy Wolverton Special to ZDNet News November 14, 2002, 5:48 AM PT A coalition of government regulators led by the Federal Trade Commission on Wednesday announced a crackdown on online spammers and scammers. Altogether, the regulators announced they had filed more than 30 enforcement actions and had sent letters to about 100 alleged spammers warning them to cease sending the unwanted and often fraudulent commercial e-mail messages. Additionally, the regulators announced the results of an investigation into spam, concluding that Net users who post their e-mail addresses in publicly accessible places, such as on chat sites or newsgroups, are highly likely to receive spam as a result. The regulators' action was the third such FTC-led initiative this year to combat spam, noted Brian Huseman, a staff attorney at the FTC. http://zdnet.com.com/2100-1106-965723.html ---------------------------------------------------- [17] When firewalls and intrusion detection just aren't enough By John Leyden Posted: 14/11/2002 at 13:47 GMT Firewalls alone are not enough to thwart today's more sophisticated range of attacks, while Intrusion Detection Systems detect and record attacks, but do not block them. AV products, properly updated, can help protect against malicious code but are necessarily limited in their scope. http://www.theregister.co.uk/content/5/28101.html ---------------------------------------------------- [18] IT directors unsure of tech benefits By IT Analysis Posted: 15/11/2002 at 08:28 GMT With tech budgets under intense scrutiny and vendors waiting with baited breath for a surge in spending, there's probably never been a better time to look at project success. According to a recent poll of IT directors from medium and large businesses, individually they will spend £37.7 million a year on some 45 annual IT projects for their business, but 80 per cent of them don't believe that these solutions will provide a competitive advantage to their firm. There is an obvious question that begs to be answered - what is the definition of competitive advantage? Does it include profitability and efficiency gains for instance? We don't know and the study, undertaken by Winmark Research, doesn't seek to answer it. http://www.theregister.co.uk/content/7/28117.html ---------------------------------------------------- [19] Alien Autopsy: Reverse Engineering Win32 Trojans on Linux by Joe Stewart last updated November 14, 2002 In my last article, Reverse Engineering Hostile Code, I described the tools and processes involved in basic reverse engineering of a simple trojan. This article will offer a more detailed examination of the reversing process, using a trojan found in the wild. At the same time, this article will discuss some techniques for reversing Windows-native code entirely under Linux. As an added bonus, all the tools used in this article are either freeware or free software. They are: Wine - the Win32 API implementation for Unix; gdb - our favorite Unix debugger and disassembly environment; and, IDA Pro Freeware Version - Win32 disassembler (runs on Linux under Wine release 20021007, may run under other versions as well). http://online.securityfocus.com/infocus/1641 ---------------------------------------------------- [20] Air Force piloting SIPRNET portal BY Dan Caterinicchia Nov. 14, The Air Force is developing a portal that runs on the Defense Department's Secret Internet Protocol Router Network (SIPRNET) in an attempt to provide air operations centers "point and click" access to an integrated set of secure information. Lt. Gen. Leslie Kenne, deputy chief of staff for warfighting integration at Air Force headquarters, said the SIPRNET portal is being tested as a way to eliminate the "disconnect between the force and the unit level" and will enable users to simply "point and click" to get the information they want. The portal is being piloted at the Combined Air Operations Center at Langley, Air Force Base, Va., Kenne said, speaking Nov. 13 at Air Force IT Day, sponsored by the Northern Virginia chapter of the Armed Forces Communications and Electronics Association (AFCEA) International. She said her office is working the Air Force's Office of the Chief Information Officer on the project. http://www.fcw.com/fcw/articles/2002/1111/web-siprnet-11-14-02.asp ---------------------------------------------------- [21] Air Force planning enterprise C4ISR review BY Dan Caterinicchia Nov. 14, 2002 C4ISR — command, control, communications, computers, intelligence, surveillance and reconnaissance — touches every part of the Air Force and is therefore the heart of the service's transformation. That's why the Air Force will begin regular reviews of enterprise capabilities, with the first one planned for next month. Maj. Gen. Craig Weston, vice commander of the Air Force Materiel Command's Electronic Systems Center (ESC), Hanscom Air Force Base, Mass., said the service separates its C4ISR enterprise into four domains: * Combat operations. * Combat support. * Business operations. * Common integrated infrastructure, which is the Air Force's information backbone. http://www.fcw.com/fcw/articles/2002/1111/web-review-11-14-02.asp ---------------------------------------------------- [22] Air Force rolling out XML e-forms BY Dan Caterinicchia Nov. 14, 2002 The Air Force has selected an Extensible Markup Language-based electronic forms solution that will enable personnel worldwide to avoid having to save multiple files and include an ink signature when filling out e-forms. Information Management Tool viewer software from PureEdge Solutions Inc. will replace the FormFlow software the Air Force has been using. The service is converting 18,000 e-forms that are used by more than 700,000 service members worldwide, said Carolyn Watkins-Taylor, director of the Air Force Departmental Publishing Office (AFDPO). http://www.fcw.com/fcw/articles/2002/1111/web-eforms-11-14-02.asp ---------------------------------------------------- _____________________________________________________________________ The source material may be copyrighted and all rights are retained by the original author/publisher. Copyright 2002, IWS - The Information Warfare Site _____________________________________________________________________ Wanja Eric Naef Webmaster & Principal Researcher IWS - The Information Warfare Site <http://www.iwar.org.uk> --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk