[iwar] news

From: Fred Cohen (fc@all.net)
Date: 2001-07-06 14:09:18


Return-Path: <sentto-279987-1401-994453760-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Fri, 06 Jul 2001 14:10:09 -0700 (PDT)
Received: (qmail 13265 invoked by uid 510); 6 Jul 2001 20:11:20 -0000
Received: from ei.egroups.com (64.211.240.237) by 204.181.12.215 with SMTP; 6 Jul 2001 20:11:20 -0000
X-eGroups-Return: sentto-279987-1401-994453760-fc=all.net@returns.onelist.com
Received: from [10.1.4.54] by ei.egroups.com with NNFMP; 06 Jul 2001 21:09:20 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_2_0); 6 Jul 2001 21:09:20 -0000
Received: (qmail 26844 invoked from network); 6 Jul 2001 21:09:19 -0000
Received: from unknown (10.1.10.26) by l8.egroups.com with QMQP; 6 Jul 2001 21:09:19 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta1 with SMTP; 6 Jul 2001 21:09:19 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id OAA25117 for iwar@onelist.com; Fri, 6 Jul 2001 14:09:18 -0700
Message-Id: <200107062109.OAA25117@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Fri, 6 Jul 2001 14:09:18 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] news
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

EXCERPT:Taiwan media have disclosed the existence of four major Chinese
intelligence organizations involved in operations against Taiwan,
namely, the Liaison Department of the General Political Department, and
the Taiwan Bureau of theMinistry of State Security.  The 2d and the 3d
Departments of the PLA General Staff Headquarters are also involved in
intelligence operations againstTaiwan.  The Liaison Department of thePLA
General Political Department is an independent counterintelligence
organization.  It was formerly known asthe Hostile Covert Operations
Department (STC 2420 1562 6752).  In addition to its four known
branches, ithas secret branches in Shanghai and Guangzhou, which conduct
covert military operations against Taiwan.  Reportedly,the Shanghai
Branch maintains detailed files on colonels and generals of theTaiwan
military, listing their date of birth, native place, educational
background,and personal data, updated every 15 days.  The Taiwan Bureau,
Ministry of StateSecurity, collects information on Taiwan.  Every
morning at ten, the bureau produces a digest of political,economic,
military, civil, and social information and trends, based on Taiwanmedia
sources.  At 1530 hours everyday,the bureau also produces an inside
information report dealing with political,military, and economic
matters.  In addition to the Taiwan Bureau, the Ministryof State
Security has the Training Bureau.  It has three academic organizations,
namely, the Institute ofInternational Relations, the Institute of
International Politics, and theInstitute of Contemporary International
Relations.  The bureau annually recruits college students in Beijing and
issuesa periodical bContemporary International Relationsb. 

Source: China Com Military News
http://Military.China.Com/Zh_Cn/News/568/20010702/196374.Html

==========================================================================
Internet Security Systems Security Advisory
July 5, 2001

Remote Buffer Overflow in Multiple RADIUS Implementations

Synopsis:

ISS X-Force has discovered buffer overflow vulnerabilities in two
popular Remote Authentication Dial-In User Server (RADIUS)
implementations. RADIUS was originally designed to manage user
authentication into dial-up terminal servers and similar devices. It
has since been used as a standard for access control and user 
authentication for numerous Internet infrastructure devices, including
routers, switches, and 802.11 Wireless Access Points. 

Impact:

RADIUS is typically implemented as a "secure" access-control solution
for critical network components. RADIUS is also implemented as a
supplement to weak security measures provided in 802.11b specifications.
The vulnerabilities described in this advisory may allow attackers to
launch Denial of Service (DoS) attacks against critical network
components, bypass 802.11 WLAN access control, or compromise and control
protected network resources.

Affected Versions:

Merit 3.6b RADIUS
Lucent 2.1-2 RADIUS

==========================================================================
We would like to inform you that an organisation for local information
security profesional has been established recently. Professional Information
Security Association (PISA) is a non-profit making and independent
organization for local information security professionals registed in Hong
Kong. PISA focuses on developing local information security market with a
global presence in the information security industry. PISA welcomes
information security professional to join. Please visit
http://www.pisa.org.hk for more information.

==========================================================================
'Secure' U.S. Site Wasn't Very
 By Declan McCullagh

2:00 a.m. July 6, 2001 PDT

WASHINGTON -- A U.S. government website devoted to helping businesses keep
sensitive information private instead revealed confidential information
about American firms.

A Commerce Department privacy website exposed proprietary information --
such as revenue, number of employees, and the European countries with which
the firm does business -- that U.S. companies provided to the government in
strict confidence. 

This information has been publicly accessible since the site went online
last year. ...

==========================================================================

Our PIX has detected an IP spoof from 
255.255.255.255 to one of our servers. Research 
here on securityfocus reveals that some attackers 
have used this technique with a destination port 515 
(LPR) and source 31337 (eleet) in scanning 
attempts. You can read about this at on the firewalls 
list at 
http://www.securityfocus.com/archive/19/187958

==========================================================================

Fwd: Teenage hacker sending Viagra to Bill Gates escapes prison sentence

I used to work for Bob Dole, so found this Viagra post re Bill Gates 
interesting. This was sent to me from a 'News Bot' that I subscribe to, 
"Ananova". Ananova is an Avatar that will read the news to you over the Net 
as well.

==========================================================================

By Gerry J. Gilmore
American Forces Press Service

ARLINGTON, Va., July 6, 2001 - The precedent-setting Navy-
Marine Corps Intranet will harness the latest information
security technologies and practices to ward off computer
hackers seeking to compromise the system, DoD officials
say....

==========================================================================

Welcome, you've got fraud Internet scammers victimize AOL users with bogus billing e-mails 

Tony Bridges Knight Ridder Newspapers 
The Charleston Gazette  July 04, 2001, Wednesday  
Copyright 2001 Charleston Newspapers 


If you're an America Online user, chances are, you've got mail and a
thief is trying to use it to steal your identity. 

It's called the AOL billing scam, an e-mail con that prompts AOL
customers to update personal account information, including credit card
and Social Security numbers.  But the information doesn't go to the
popular Internet service provider. 

Instead, it winds up in the hands of hackers.  Those who fall for the
scam can face huge credit card bills, years of credit nightmares and
possibly even computer viruses that turn their home PCs into a hacker's
plaything. 

Cops say the thieves are hard to stop and nearly impossible to catch. 
And the word from AOL: they can't stop it either.  It's up to customers
to be skeptical and remember that AOL staffers never ask for passwords
or billing information. 

"I didn't know your life could be intruded upon on the computer," said
victim Cathy Rusnak, who spent months battling phony credit card charges
after being taken by the scam.  "It's just a massive web.  You get
sucked in further and further."

==========================================================================


------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:36 PDT