* Forwarded (from: netmail) by Roy J. Tellason using timEd 1.10.y2k.

Date: Sat, 06 Sep 2003 12:41:42 +0200
From: David Landgren 
Subject: Men steal computers in high-security facility in Australia

Two men gained access to a high-security computer facility at Sydney
Internal Airport, passing themselves off as contractors.  They disconnected
and walked off with two computers on a trolley.  The Australian Federal
Police and ASIO (Australian Security Intelligence Organisation) would like
to know as a consequence to what extent their operations have been
compromised.

Where once again it is shown that security is only as good as its weakest
link:
  http://www.smh.com.au/articles/2003/09/04/1062548967124.html

--

Date: Sat, 06 Sep 2003 19:00:57 GMT
From: "Craig S. Bell" 
Subject: Men steal computers in high-security facility in Australia

This appears to have been an inside job.  The stolen hardware may contain
sensitive security / anti-terror information.  I wonder whether they ran any
sort of monitoring software that noticed whether the application was
running.  Even if they were monitoring, would anyone have been able to show
up or alert the guards in two hours?

Considering the level of security at a corporate datacenter that I frequent,
I can easily foresee how such a thing can happen -- if you look like you
know where you're going, you are rarely challenged by the superannuated
private security guards, who often seem less aware of their surroundings
than the janitorial staff.



Date: Mon, 08 Sep 2003 10:25:12 -0400
From: "Marty Leisner" 
Subject: Nuclear powerplants may not have firewalls!!

  [Source: *The New York Times*, 7 Sep 2003]
  http://www.nytimes.com/2003/09/07/technology/07WORM.html

  [...] But an incident in January at the Davis-Besse Nuclear Power Station,
  run by the FirstEnergy Corporation outside Toledo, Ohio, showed that this
  was not always the case. The nuclear plant has not been generating power
  since early 2002, but a computer system there that was not supposed to be
  linked to the Internet was invaded by a worm known as Slammer, causing the
  system to shut down for five hours. The event was not made public until
  Kevin Poulsen reported it on Aug. 20 on SecurityFocus .com, an
  information-security news site.
   
  Richard Wilkins, a FirstEnergy spokesman, said the company realized after
  the worm struck that it did not have a firewall isolating its corporate
  computers from the computers controlling the reactors, but that it now had
  such a safety precaution in place.
   
  SIX months after the Davis-Besse problem, the North American Electric
  Reliability Council, the industry group overseeing the electrical grid,
  announced that there were "documented cases in which bulk electric system
  control was impaired" by the same worm. It recommended that utility
  companies separate the computers running their power grids from their
  corporate networks.

I'm amazed by so many things...including they use commercial, virus-plagued
operating systems systems to run their infrastructure.

--

Date: Thu, 4 Sep 2003 10:03:11 -0400 
From: Jeremy Epstein 
Subject: Computer failures led to NE US blackout

According to the WashPost, transcripts of telephone conversations released
by the House Energy and Commerce Committee show that computer failures in
monitoring the transmission lines left the operators blind.  That meant they
couldn't tell what was happening or control the systems, leading to the
power surge that caused the blackout.
  http://www.washingtonpost.com/wp-dyn/articles/A22588-2003Sep3.html

Readers of RISKS shouldn't be the least bit surprised...

(RJT:  One wonders if they were running windoze...)

--

Date: Tue, 2 Sep 2003 15:36:49 -0700 (PDT)
From: "Peter G. Neumann" 
Subject: Trade group tells DHS don't use MS

The Computer & Communications Industry Association (CCIA) has urged the
Department of Homeland Security to reconsider its decision to use Microsoft
software on its desktop and server systems, citing "major security
failures"
created by the raft of vulnerabilities in MS's products.
  http://www.crn.com/sections/BreakingNews/dailyarchives.asp?ArticleID=44258

--

Date: Wed, 3 Sep 2003 01:23:36 -0400
From: Monty Solomon 
Subject: Curtailing online education in the name of homeland security

Curtailing online education in the name of homeland security: The USA
PATRIOT Act, SEVIS, and international students in the United States by Paul
T. Jaeger and Gary Burnett

ABSTRACT
Online courses have become an important part of the academic offerings of
many institutions of higher education in the United States. However, the
homeland security laws and regulations enacted since September 2001,
including the USA PATRIOT Act, have created serious limitations on the
ability of international students studying in the United States to
participate in online educational opportunities. Placing online education
within the context of the mutually beneficial relationships between
international students and the United States, this article examines the
assumptions and the impacts of these regulations on the students and the
institutions of higher education. This article explores the enrollment
limitations in online courses for international students in terms of
information policy and concepts of presence and identity in online
environments, offering an examination of the implications of this issue for
education and information in United States.

CONTENTS
Introduction: The United States of America, immigrants, and visitors
International students in the United States The USA PATRIOT Act and
international students Restrictions on the online education of
international students Identity and presence in online environments 

Conclusion: The policy picture for education and information

http://firstmonday.org/issues/issue8_9/jaeger/index.html

--

Date: Mon, 08 Sep 2003 09:59:02 -0400
From: "Peter G. Neumann" 
Subject: Secrecy and the Patriot Act (Amy Goldstein)

[Source: Fierce Fight Over Secrecy, Scope of Law; 
Amid Rights Debate, Law Cloaks Data on Its Impact 
By Amy Goldstein, *The Washington Post*, 8 Sep 2003; Page A01; 
PGN-excerpted from a long and informative article] 
  http://www.washingtonpost.com/wp-dyn/articles/A40110-2003Sep7.html

In Seattle, the public library printed 3,000 bookmarks to alert patrons that
the FBI could, in the name of national security, seek permission from a
secret federal court to inspect their reading and computer records -- and
prohibit librarians from revealing that a search had taken place.

In suburban Boston, a state legislator was stunned to discover last spring
that her bank had blocked a $300 wire transfer because she is married to a
naturalized U.S. citizen named Nasir Khan.

And in Hillsboro, Ore., Police Chief Ron Louie has ordered his officers to
refuse to assist any federal terrorism investigations that his department
believes violate state law or constitutional rights.  [...]

By its very terms, the Patriot Act hides information about how its most
contentious aspects are used, allowing investigations to be authorized and
conducted under greater secrecy.  As a result, critics ranging from the
liberal American Civil Liberties Union to the conservative Eagle Forum
complain that the law is violating people's rights but acknowledge that they
cannot cite specific instances of abuse. [...]

This summer, two major lawsuits were filed challenging the Patriot Act's
central provisions. The Republican-led House startled the administration in
July by voting to halt funding for a part of the law that allows more delays
in notifying people about searches of their records or belongings. And the
GOP chairmen of the two congressional committees that oversee the Justice
Department have warned Ashcroft that they will resist any effort, for now,
to strengthen the law.



Date: Thu, 28 Aug 2003 08:30:19 -0700
From: "NewsScan" 
Subject: California gets new privacy law

California has just passed privacy legislation aimed at preventing banks,
insurance companies and other institutions from sharing their personal
information, and Gov. Gray Davis said: "Most Californians are stunned
to learn that financial corporations trade their names for money. That is
wrong, and when I sign this bill, that practice will stop." The law
will require permission from a customer before financial institutions share
any information on that customer with an unaffiliated company or an
affiliated firm in a different line of business.  [AP/*USA Today*, 28 Aug
2003; NewsScan Daily, 28 Aug 2003]
http://www.usatoday.com/tech/news/techpolicy/2003-08-28-davis-privacy-bill_xht m

--

Date: Fri, 05 Sep 2003 08:30:32 -0700
From: "NewsScan" 
Subject: ICANN takes hits from lawmakers

Rep. Howard Berman (D-Calif.) is critical of ICANN (the Internet
Corporation for Assigned Names and Numbers) for not doing enough to stop
scammers and child pornographers from registering under false names with
stolen credit cards: "I'm disappointed with the failure of the
marketplace and regulators to deal with this problem. A legislative
solution seems necessary." And Rep. Lamar Smith (R-Texas) agrees:
"There's not a real seriousness of intent either by ICANN or the
Department of Commerce to have an accurate whois database." Commerce
Department General Counsel Theodore Kassinger says that ICANN is busy
working on solving the problem. [Reuters/*USA Today*, 4 Sep 2003; NewsScan
Daily, 5 September 2003]
  http://www.usatoday.com/tech/news/techpolicy/2003-09-04-net-id-checks_x.htm



Date: Mon, 25 Aug 2003 11:00:59 -0400
From: Monty Solomon 
Subject: WhereWare

  By Eric W. Pfeiffer, Sep 2003, *Technology Review*
  http://www.technologyreview.com/articles/pfeiffer0903.asp

Soon, hardware and software that track your location will be providing
directions, offering shopping discounts, and aiding rescue workers-services
that promise a windfall for ailing telecom carriers.

Amanda sits idly at the bar of the trendiest restaurant in town, twirling a
swizzle stick and sipping a cocktail. But cool as she looks, she's feeling
anxious: her date is nearly 15 minutes late. She considers calling him but
doesn't want to seem nervous or overeager.  Still, she pulls out her cell
phone, only instead of calling, she opens a special menu, enters his
number,
and sees that he is at the corner of Prospect and Broadway, not more than
three minutes away.  When he walks in, Amanda brushes off his apology,
saying she wasn't at all worried.

Sound fanciful-or outright implausible? Lock on to location-based
computing, the hottest thing in wireless, which offers new services to
customers and new revenue streams to carriers, and could save lives in the
process. The idea is to make cell phones, personal digital assistants, and
even fashion accessories capable of tracking their owners' every
movement-whether they're outdoors, working on the 60th floor, or shopping
in a basement arcade. Already, Japanese telecommunications company KDDI
offers over 100 different location-based services using technology
developed by wireless-equipment maker Qualcomm, from bracelets to let
parents track their kids in the park, to cell phones that point the way to
cheap noodle shops in Tokyo's skyscraping Shinjyuku district. In Korea, two
million citizens use their cell phones to locate nearby friends and, for
example, find the most convenient coffee shops for impromptu meetings. In
Europe, cell-phone networks can locate users and give them personalized
directions to Big Ben, or the Eiffel Tower.  [...]



---