Friday, June 08, 2001


Secure E-Mail Alternatives
E-mail messages sent over the Internet are not private. Messages are sent in readable form, replicated at various points, and then copied whenever backups are made. Clearly, such messages can represent security risks and potential legal liabilities. For those of us who like privacy, finding ways to make e-mail more secure makes sense.
The hi-tech spy
The American spy plane forced to land in China was chock-full of electronic surveillance equipment. Today, espionage is all about who has the best technology.

Thursday, June 07, 2001

Adware, Spyware and Advertising Trojans - Info & Removal Procedures
Adware, Spyware and other unwanted "malware" - and how to remove them.
Osama Bin Laden
This is the Central Intelligence Agency's unclassified fact sheet on Osama bin Laden, the cave-dwelling lunatic suspected of ordering the August bombings of U.S. embassies in Kenya and Tanzania.
Disguise manual
Take a look at this excerpt from a once-secret 1944 manual prepared by the Office of Strategic Services, the predecessor to the CIA. In this chapter, spooks are schooled on quick changes, how to alter your body type, and the use of props. And don't miss the hilarious tips designed especially for the ladies.
Lesson 16: Assassinations using poison and cold steel
Here are two excerpts from a 180-page how-to manual that investigators believe has been used by followers of Saudi terrorist Osama bin Laden. The document, "Military Studies in the Jihad Against the Tyrants," was seized last year at the Manchester, England home of a bin Laden disciple. Federal prosecutors in New York recently introduced the 18-chapter manual, written in Arabic, at the trial of four men accused of involvement in the 1998 bombing of U.S. embassies in Kenya and Tanzania (an English translation was also placed in evidence). The terrorism manual offers jihad members detailed pointers on everything from forged documents to kidnapping techniques. TSG may soon post the whole incredible document, but

Wednesday, June 06, 2001

Alternative protection against malicious code
While viruses and online threats have gotten more sophisticated, so have the methods for protecting your PC. Get an inside look at what's available beyond antivirus software.
In this article, I'll discuss the advantages of heuristic software over the pattern-matching approach traditionally employed by antivirus companies, and speculate on what the future may hold for malicious code protection.

Spy Vs. Spy
Many who have done business in developing countries where wealth is disproportionate, hostage-taking is common and Americans are always a target, know the value of a couple of bodyguards and an armored escort when driving, no matter how much the service costs.

The main reason why companies budget for physical protection in some locales is a certainty on their part that if they don't defend themselves, the local law won't defend them either.

The same is true on the Internet, where business conditions are probably comparable to working conditions in Uzbekistan or North Korea - the 149th and 155th least-free economies on the planet, according to the 2000 Index of Economic Freedom. But in the last year, a handful of private companies have started to take enforcement into their own hands, quietly developing security units to protect their clients' assets in cyberspace.

Web hosters such as Exodus Communications, Metromedia Fiber Network and ServerVault have been hiring retired agents from the Federal Bureau of Investigation, National Security Agency, Secret Service, Royal Canadian Mounted Police, Scotland Yard, U.S. Army and U.S. Navy, and whisking others away from their govern

Tuesday, June 05, 2001

For NSA vet, security's still a hard sell
Bill Crowell has spent his career in security, going from top civilian at the National Security Agency to president and chief executive officer of Cylink Corp., a developer of public-key security systems. But at times, he just can't help being a hacker.

"I used to work where we had a facial recognition system in a briefing center," Crowell recalls. "We didn't have the images bound to the individual with a public key, so I slipped my picture into the file of the guy who did a demo of the system. He . . . couldn't figure out how I kept getting in the door saying I was him."
Death by a thousand flats
There is a building on the south bank of the Thames at Vauxhall Cross, just upstream of the MI6 headquarters, that looks like a new palace for Nicolae Ceausescu. This conspicuously ugly apartment block, better suited to downtown Bucharest than central London, is, however, the product of unbridled western capitalism. "Unbridled" because when you first set eyes on a such a big, garish structure on such an important site, you can't help wondering if anyone in authority stopped to check the reins of this galloping development. Yet the developers - St George plc - faced numerous committees and constraints. They had to come up with a scheme that would meet with the approval of Lambeth council's planners and politicians.
PGPfone
PGPfone (Pretty Good Privacy Phone) is a software package that turns your desktop or notebook computer into a secure telephone. It uses speech compression and strong cryptography protocols to give you the ability to have a real-time secure telephone conversation via a modem-to-modem connection. It also works across the Internet!
Phone offers military-level security
It used to be that top-secret communication gadgets were reserved for the military and security services.
Now, a German company is selling a cellular phone that offers consumers military-grade privacy.
Saddam RAF secrets fear
One of the RAF's deadliest weapons has been found intact and on public display at Belgrade's Military Museum, raising fears that its secret technology has been compromised.

The Air Launched Anti-Radiation Missile, or Alarm, is one of Nato's best weapons against radar-guided anti-aircraft missile sites. One apparently misfired during the 1999 air operation against Serbia, fluttered down to a marshy area out-side the western Serb village of Nikinci and did not self-destruct.
Retired Col.'s Espionage Case Begins
A retired Army reserve colonel was such a valuable spy that when a former Soviet leader was handed a list of his nation's top sources, George Trofimoff was at the top, prosecutors said Tuesday.
SORM - Russian Internet Wiretapping Project
Russian FSB (Federal Security Service, successor to KGB) is preparing regulations and technical requirements to facilitate field operative work in computer networks. SORM (in Russian - System for Conduct of Investigations and Field Operations) is a set of regulations and technological equipment facilitating access of FSB to all computer communications and internal documents of telecom providers (including phone and internet companies). The technology provides an effective mechanism to by-pass a Constitutionally required process of court authorization for wire-tapping of electronic communications.
FSB
Official FSB website in Russian. Click here for the Babelfish translation in English.

Echelon Watch Answers to Frequently Asked Questions (FAQ) about Echelon.
s e c u r i t y w a t c h . c o m
SecurityWatch.com is not just a security portal site, it is the most comprehensive and complete of its kind on the web. SecurityWatch.com provides the latest information on business, technology issues, bugs and product updates. In addition, SecurityWatch.com offers premium services, ranging from access to an extensive Knowledge Base to real world automated electronic vulnerability assessment tools such as recurrent portscans or full audits.
Duncan Campbell
Website of Duncan Campbell, Investigative journalist & TV producer with topics like: 1999 STOA Report on communications intelligence, The original 1988 ECHELON report, British American Tobacco and tobacco smuggling (evidence to the House of Commons, February 2000), British "D Notice" committee close down secret agent web sites, screw the internet ... etc.

Interception Capabilities 2000
Report to the Director General for Research of the European Parliament (Scientific and Technical Options Assessment programme office) on the development of surveillance technology and risk of abuse of economic information. This study considers the state of the art in Communications intelligence (Comint) of automated processing for intelligence purposes of intercepted broadband multi-language leased or common carrier systems, and its applicability to Comint targeting and selection, including speech recognition.

Sunday, June 03, 2001

8th ACM Conference on Computer and Communications Security
The ACM Conference on Computer and Communications Security (CCS) is a forum for the presentation of new research results and the identification of future research directions in the area of computer and communications security.

10th USENIX Security Symposium
The field of computer security has a fascinating property: nobody will ever claim that it's a solved problem. Just when we think we have a handle on it, something new and exciting comes along to change the rules and break all the invariants that previously secure systems were depending upon. This symposium addresses cutting-edge concerns ranging from making ordinary programs more robust against attack through protecting whole networks against denial-of-service attacks. Want to verify that your firewall is doing what you think it should be doing? Is your Web site doing client authentication in an insecure fashion? Curious about privacy issues or dealing with law enforcement? Come to the 2001 USENIX Security Symposium and find out about these topics and many more.
CERT® Coordination Center Training and Education
The CERT/CC offers learning opportunities in network computing security through an educational collaboration with Carnegie Mellon University and through our own training courses aimed at private and public sector professionals.

With the Software Engineering Institute (SEI), we offer courses for managers of computer security incident response teams (CSIRTs) and technical experts seeking training in responding to and analyzing computer security incidents, as well as courses for managers and technical personnel who would like to learn practical techniques for improving network security. All courses are held in Pittsburgh, PA, unless otherwise noted.
The Internet Security Conference
TISC is all about education. TISC is all about the latest products and technology. TISC is all about networking with peers and colleagues. But most of all. TISC is all about SECURITY!
Echelon 'Hampers Virus Detection'
Anti-virus companies have attacked the European Parliament's report on the Echelon spy network which recommends greater use of encryption, warning that encrypted data can hamper virus defence measures.
International Common Criteria Project Homepage
The Common Criteria represents the outcome of a series of efforts to develop criteria for evaluation of IT security that are broadly useful within the international community.