September 30, 2002 Defense Agency Leaves Shopping List Online Faulty access controls open DISA's technology requisition system to snoops. An improperly secured database operated by the U.S. Defense Information System Agency (DISA) allowed Internet surfers to view and place orders for computers, networks, cell phones, software, and other technology used by the military. Before it was locked down over the weekend, visitors to the Web site of DISA's Requirements Identification and Tracking System (RITS) were able to peruse hundreds of requisition documents, such as a $310,000 order for "new generation STE crypto devices" in support of the Global Command and Control System. - - - - - - - - Talk of Iraq Conflict Raises Cyberattack Fears Large media outlets, 'American cultural icons' such as Microsoft likely targets. If history is a guide, any Bush administration plan to remove Saddam Hussein from power in Iraq would likely set off a firestorm of hacker activity targeting U.S. networks and infrastructure. And those attacks could be greater in number and affect a broader cross-section of U.S. businesses than anything seen before, according to intelligence experts. Surges in cyberattack activity have typically accompanied major international crises during the last several years, including the Arab-Israeli conflict, the war in Kosovo, and the collision of a U.S. spy plane with a Chinese fighter jet over the South China Sea last year.,aid,105479,00.asp - - - - - - - - Secret Service patrolling for unsecured wireless networks Secret Service agents are putting a high-tech twist on the idea of a cop walking the beat. Using a laptop computer and an antenna fashioned from a Pringles potato chip can, they are looking for security holes in wireless networks in the nation's capital. The agency best known for protecting the president and chasing down counterfeiters has started addressing what it calls one of the most overlooked threats to computer networks. "Everybody wants wireless, it's real convenient," Special Agent Wayne Peterson said. "Security has always been an afterthought." - - - - - - - - Council of Europe targets child sex abuse, online racism The pan-European rights body Council of Europe on Friday passed resolutions against child sex abuse and Internet racism but said the battle to fight them will be tough because of huge financial interests. "Combating the sexual abuse of children should be made a national cause in all our member states" said rapporteur Fiorello Provera, of the liberal, democratic and reformers' group. "Zero tolerance should mean that no criminal went unpunished, there should be no geographical limits." - - - - - - - - Lawmakers debate Net gambling 6-month reprieve for Webcasters also up for vote The U.S. House of Representatives is scheduled to vote Tuesday on proposals to limit Internet gambling and grant Webcasters a reprieve from copyright fees. The two proposals are on a list of nearly 40 bills that the House leadership plans to consider in the waning days of this congressional session. House members are hoping to leave town as early as this Friday to campaign in Novembers election. - - - - - - - - US P2P Hacking Bill draws support, critics US lawmakers last week sat down with proponents and opponents of a controversial bill that would allow copyright holders to use techniques critics compare to "hacking" to prevent content being pirated on peer-to-peer networks, Kevin Murphy writes. At a hearing of the House Judiciary Committee's Subcommittee on Courts, the Internet and Intellectual Property, a senior record industry executive and the bill's sponsors argued that the bill is the best way to stop P2P being used to pirate, while a public domain lobbyist said the bill was too vague and potentially dangerous. - - - - - - - - 64-bit encryption broken after four years And all it took was 15,769,938,165,961,326,592 keys. After millions of hours of processor work and four years of human effort, the RC5 64-bit encryption algorithm has finally been broken. Using 331,252 volunteer machines, a crypto group called cracked RSA Security's encryption challenge and picked up a cheque for $10,000. "While it's debatable that the duration of this project does much to devalue the security of a 64-bit RC5 key, we can say with confidence that RC5-64 is not an appropriate algorithm to use for data that will still be sensitive in more than a few years' time," said the successful group. - - - - - - - - Honeymoon over for Linux users Open source increasingly targeted by virus writers As open source software becomes increasingly popular it is being targeted by virus writers and proving to be at least as vulnerable as Microsoft. The virus-monitoring laboratory of Network Associates' Antivirus Emergency Response Team (Avert) has logged over 170 viruses and Trojans for Linux, as well as an additional 30 Unix shell scripts. - - - - - - - - Maryland law targets spammers Maryland consumers tired of finding their electronic mailboxes stuffed with unwanted pitches for amazing cancer cures and weary of opening advertisements that claim to be messages from old friends should get some welcome relief. A new state law that takes effect tomorrow is intended to limit unsolicited commercial e-mail, or spam, which accounted for almost half of all electronic messages last year. - - - - - - - - Porn Spam: It's Getting Raunchier Naked women performing oral sex with guns pressed to their heads, naked women with large dogs clutching their backs, naked women in pigtails pretending to be daughters having sex with fathers. These are some of the explicit images that have started slipping into inboxes lately as spamsters try to drive traffic to a growing number of sites featuring rape, bestiality and incest pornography.,1284,55420,00.html - - - - - - - - Vodafone Ireland faces ski spam allegations Vodafone customers in Ireland have complained that the mobile phone company is spamming their friends. As part of a competition to win a 3,000 skiing trip customers have been asked to enter the email addresses of three friends who would accompany them on the holiday. But according to one Vodafone customer: "Shortly afterwards myself, and the three friends received email ...from myselfadvertising Vodafone. - - - - - - - - Don't waste money on IT security awareness Event Recently, Gartner learned that security awareness training has become one of the hottest sales areas for the Big Four consulting firms. FirstTake. This information confirms a general trend Gartner has noticed as many enterprises seek to improve IT security by raising employees' awareness of security issues. However, these efforts will do little good unless enterprises first implement strong security technologies and create a corporate culture that values security. - - - - - - - - One Patch to Rule Them All A recent XP security hole begs the question, do we really want Microsoft to release individual fixes for every bug? On August 15th, Shane Hird published the details of a potentially serious issue with the Windows XP Help and Support Center where the contents of a known directory could be deleted if an attacker tricked someone into executing a maliciously formatted URL. At the time, there was no published patch, and no official work-around. For the most part, it went widely unnoticed. Well, that may be a generalization -- I failed to notice it, as did all of the security people I know, but that doesn't mean the bad guys didn't tuck the information away into their cache of "crappy things to do to people when you're a script kiddie." - - - - - - - - Defense tracking system proves crucial to port security A real-time tracking system developed years ago for the Defense Department is emerging as a crucial component of an industry-driven cargo security network that aims to prevent terrorists from smuggling weapons of mass destruction into major ports. "The big concern is that terrorists will put a bomb or a chemicalor even themselves into one of these containers coming into the United States," said Mark Nelson, a spokesman for Savi Technology, which helped build the Defense Department's Total Asset Visibility (TAV) network, and is now helping to spearhead a public-private effort to achieve an "end-to-end" tracking system for commercial cargo. - - - - - - - - State Department asks firms to create intelligence database Secretary of State Colin Powell on Monday asked the private firms that make up the President's Council of Advisors on Science and Technology (PCAST) for help in creating an integrated intelligence database that would ensure that the more than 300 U.S. embassies do not grant visas to individuals who mean harm to the United States. Powell said the State Department needs a system where its overseas officers can enter applicant data and cross-reference it against a network of compatible national security databases to confidently grant visas to the estimated 7 million people a year that apply to enter the country. - - - - - - - - Court will welcome e-mailed explanations of traffic tickets Tell it to the judge - or better yet, e-mail it to the judge. County officials are setting up a program under which people who get traffic tickets can e-mail their excuses and explanations to a judge. Until now, they'd have to sit for hours in court, waiting for a hearing. So far this year in the county, there have been more than 1,200 people who want to explain to a judge the circumstances surrounding their traffic tickets. After reading the e-mails, the judges will send their reply - either by e-mail, or an old-fashioned postcard. *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2002,, Campbell, CA.