] A critical flaw in Sendmail, the Internet's most popular
] e-mail server, has become the first test for the newly
] minted Department of Homeland Security and its
] cyberdefense arm.

Sendmail flaw tests Homeland Security | CNET News.com

] So the secret is well and truly out.
]
] Despite this a London Court judge last week granted an
] injunction preventing experts in the case (including the
] Cambridge security researchers) discussing anything
] likely to become testimony in the trial. Citibanks'
] petition can be found here.
]
] A counterargument by Anderson arguing that the
] injunction, while appropriate for the bank experts
] involved, contravened academic freedoms and was bad for
] security was rejected, the Sunday Times reported
] yesterday. Citibank's court victory is yet to be recorded
] elsewhere, at least as far as we can see.

Citibank obtains an injunction against distribution of research paper!

] President Bush has signed a secret directive ordering the
] government to develop, for the first time, national-level
] guidance for determining when and how the United States
] would launch cyber-attacks against enemy computer
] networks, according to administration officials.
]
] Similar to strategic doctrine that has guided the use of
] nuclear weapons since World War II, the cyber-warfare
] guidance would establish the rules under which the United
] States would penetrate and disrupt foreign computer
] systems.
]
] The United States has never conducted a large-scale,
] strategic cyber-attack, according to several senior
] officials. But the Pentagon has stepped up development of
] cyber-weapons, envisioning a day when electrons might
] substitute for bombs and allow for more rapid and less
] bloody attacks on enemy targets. Instead of risking
] planes or troops, military planners imagine soldiers at
] computer terminals silently invading foreign networks to
] shut down radars, disable electrical facilities and
] disrupt phone services.

Bush Orders Guidelines for Cyber-Warfare (TechNews.com)

] "I'm not aware of it ever happening before," Casey said.
] ".gov, .edu and .mil carry a feeling of
] trustworthiness...People have learned to place more faith
] in them."
]
] Claiming credit for the deleted .gov site is a man who
] calls himself Robert L. Taylor III, whose name and
] contact information appeared in documents on the AONN.gov
] site.
]
] Taylor, who appears to reside near Everett, Wash.,
] declined to explain how, exactly, he secured a .gov
] domain for the group, calling AONN's operations
] "classified."
]
] "We have exploited a security hole in the bureaucracy,"
] Taylor said in a telephone interview. "There are
] loopholes, there are security holes, there are holes in
] the system."

It may be the first time a .gov domain has been jacked..

Used to happen all the time with .edu domains. I remember an old text ezine named Radioactive Aardvark Dung getting rad.edu several years go. This isn't the only example of it, but its the only one I can think of at the molment.

A quick google turns up some info on that one:

http://public.planetmirror.com/pub/textfiles/history/radexposed.txt
] we wanted to get our own domain, instead of a long url like
] we had. so phorce, with all of his infinite knowledge, told
] me he could get and host a .edu domain. one catch, you have
] to be a four year institution of higher learning to get that
] -- and we were a stupid humor zine. phorce wrote up a flyer
] in publisher for raleigh art & design school & faxed it to
] internic. yes, it was that easy. we had our domain in a
] few days, with our own .edu e-mail addresses. a feat that
] has never been and will never be topped in the 'zine scene.
] to make this believable, i added a little note at the main
] page that said "radioactive aardvark dung is joint project
] done by the senior staff at raleigh art & design school."
] and we never had a problem with it.

Feds pull suspicious .gov site - CNET.com

] Not long ago, I had dinner with a former military officer
] who participated in information warfare "what-if"
] exercises that the Pentagon and the White House ran in
] the late 1990s.
]
] "If Saddam ever attacks the U.S. through the Internet and
] takes out a telecommunications firm, we'll be in a state
] of war," my dinner companion told me. "All bets are off.
] The Fourth Amendment is on hold. If EarthLink is
] attacked, the Army could show up and seize control of
] their servers."

Perspective: The first 'e-war'

] President Bush has approved the White House's
] long-awaited national cybersecurity strategy, a landmark
] document intended to guide government and industry
] efforts to protect the nation's most critical information
] systems from cyberattack.
]
] In an e-mail sent Thursday to White House officials,
] cybersecurity adviser Richard Clarke said that the
] National Strategy to Secure Cyberspace has received
] Bush's signature and will be released to the public in
] the next few weeks. The strategy has been in development
] since shortly after the Sept. 11, 2001, terrorist
] attacks.
]
] Schmidt, formerly chief security officer for Microsoft
] Corp., brings to the job a deep understanding of the
] need for industry and government to work together on
] cybersecurity, said Alan Paller, research director for
] the SANS Institute, a non-profit security research and
] training group.

This leaves a bad taste in my mouth at a time when I'm feeling that strange urge to be overly sarcastic for no particular reason.

Microsoft is not _not_ a good place to pull your security people from, IMHO. Granted, I know know jack about Schmidt, but Microsoft is the source of most of the security problems that threaten our network infrastructure. For Jah's sake, you'd be better off getting computer security people from the RIAA, they have been hacked a few times less then the average MS product..

Also, while I'm out of control bitching, I'm not sure what SANS actually does other then produce commentary thats obvious to any skilled security expert (I can't remember reading any 'eye openers' from them), or flattering entities that funds them. Oh yeah, they send me shitloads (at least one thing every week) of snail-mail SPAM for their training, which always appears to be very novice level. Am I not paying attention, or missing something? They have a reading room, with some stuff in it, I think.. Maybe I'm just predisposed to have a bad opinion of a _network_ security org that can only seem to communicate with me via the snail mail system.. Shrug..

Well, at least I can sleep good tonight knowing that George Bush has taken steps to thwart the cyber-villains. Damn 16 year olds, always causing trouble..

Ok. Phew! Worked through that need to be a bitch. Back to your regularly scheduled blogging..

Bush Approves Cybersecurity Strategy (TechNews.com)

] Twas the night before Christmas, and deep in IE
] A creature was stirring, a vulnerability
] MS02-066 was posted on the website with care
] In hopes that Team eEye would not see it there
]
] But the engineers weren't nestled all snug in their beds,
] No, PNG images danced in their heads
] And Riley at his computer, with Drew's and my backing
] Had just settled down for a little PNG cracking
]
] When rendering an image, we saw IE shatter
] And with just a glance we knew what was the matter
] Away into SoftICE we flew in a flash
] Tore open the core dumps, and threw RFC 1951 in the trash
]
] The bug in the thick of the poorly-written code
] Caused an AV exception when the image tried to load
] Then what in our wondering eyes should we see
] But our data overwriting all of heap memory
]
] With heap management structures all hijacked so quick
] We knew in a moment we could exploit this $#!%
] More rapid than eagles our malicious pic came --
] The hardest part of this exploit was choosing its name

Nice. Love the XMass poem.

A faulty image can execute code. Only Microsoft...

eEye: PNG Vulnerability in Microsoft *

] The vulnerabilities described in this advisory affect
] nearly all currently deployed recursive DNS servers on
] the Internet. The DNS network is considered a critical
] component of Internet infrastructure. There is no
] information implying that these exploits are known to the
] computer underground, and there are no reports of active
] attacks. If exploits for these vulnerabilities are

] developed and made public, they may lead to compromise
] and DoS attacks against vulnerable DNS servers. Since the
] vulnerability is widespread, an Internet worm may be
] developed to propagate by exploiting the flaws in BIND.
] Widespread attacks against the DNS system may lead to
] general instability and inaccuracy of DNS data.

You should be running BIND 9. If you are running BIND 8, then this is a good time to upgrade. If you are running BIND 4, you should be made aware that it is now 2002, not 1994.

BIND 4 & 8 Buffer Overflow

This article describes how your (Microsoft Exchange) mail system can be exploited so as to provide a covert communications channel between an aggressor and their proxy in your midst. A channel whereby commands can be sent to your computer, and information returned from your computer, but you, the user are unable to see the traffic, albeit that such exchanges are happening as you use the computer quite normally.

Practical Covert Channel Attack Using MAPI

Remember though, that this program is under development and could eventually do nasty things when doing the translation. especially with things like Userauthentication or Clientauthentication which are not supported under fwbuilder.

Checkpoint FW-1 to FwBuilder Policy Translation