Items from security-related news (E62.Sep-2004)

Department of Homeland Security September 6, 2004, Cybersecurity Research and Development Broad Area Annoucement
Contributed by Hilarie Orman
The Department of Homeland Security has opened a new program for funding topics in research and development of cybersecurity, BAA04-17. Bidders must register in order to submit a proposal, and a bidders' conference will be held on September 23, 2004 (see  

From Computerworld, byline Dan Verton, September 15, 2004
DHS moves ahead with cybersecurity R&D efforts
Contributed by Hilarie Orman
The Department of Homeland Security is actively planning several new pilot projects that officials hope will help solve one of the most pressing cybersecurity research problems to date: a lack of real-world attack data.

"The cybercommunity has suffered for years from the lack of good data for testing," said Douglas Maughan, security program manager at the Homeland Security Advanced Research Projects Agency, which is part of the DHS's Science and Technology Directorate.  

September 13, 2004, CERT/CC Insider Threat Study, article by Dawn Cappelli of CERT/CC
The CERT Coordination Center (CERT/CC) and United States Secret Service (USSS) published the first report of findings from their Insider Threat Study on August 24: /Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector. /This research was initiated in 2001 to perform in-depth case analysis of actual insider incidents that occurred in critical infrastructure sectors between 1996 and 2002. The cases examined are incidents perpetrated by insiders (current or former employees or contractors) who intentionally exceeded or misused an authorized level of network, system, or data access in a manner that affected the security of the organizations' data, systems, or daily business operations. In addition to reviewing case file materials, in most cases the team was able to obtain supplemental information via interviews with one or more of the following: representatives from the victim organization, investigators, prosecutors, and even a few of the insiders who committed the incidents. The objective of the study is to develop information to help private industry, government, and law enforcement better understand, detect, and ultimately prevent harmful insider activity. The project combines the Secret Service's expertise in behavioral and incident analysis with CERT/CC's technical expertise in network systems survivability and security to provide a comprehensive analysis of the insider threat problem.

The findings in the first report, specific to the Banking and Finance sector, revealed that most of the incidents examined were not technically sophisticated or complex, typically involving exploitation of non-technical vulnerabilities such as business rules or organization policies rather than vulnerabilities in an information system or network, and were carried out by individuals who had little or no technical expertise. Since most insiders used simple, legitimate user commands, and many used their own computer accounts, detection was primarily via manual mechanisms, rather than automated detection methods. Once detected, however, system logs were often utilized to investigate and identify the perpetrator. Although most incidents took place in the workplace during working hours, almost one third of the incidents were carried out from the insiders' homes through remote access, and of those attacks, over half involved actions both at the workplace and from home. The paper, located at, contains aggregate statistical data and implications of the research findings. Subsequent reports in this study will examine insider activity within the information and telecommunications sector and government sector, as well as incidents across critical infrastructure sectors.


ISP Telenor Cripples Zombie PC Network
Computerworld, News Story by Paul Roberts, September 10, 2004
Contributed by Richard Schroeppel

Norwegian Internet service provider Telenor stumbled onto an illicit network of 10,000 "zombie" or robot computers last week after tracing Internet Relay Chat (IRC) communications from compromised PCs on its system.  

Microsoft Security Bulletin MS04-028
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution
Issued: September 14, 2004
Updated: September 15, 2004
Contributed by Hilarie Orman

A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system. Any program that processes JPEG images on the affected systems could be vulnerable to this attack, and any system that uses the affected programs or components could be vulnerable to this attack. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Cipher editorial comment: Who will rid me of this troublesome bug?


Amazon's Search History Service, New York Times, September 13, 2004
Contributed by Hilarie Orman
Amazon is introducing an advanced search technology with information-management features developed by, an Amazon-owned start-up. Writer and consultant John Battlle says, "The ability to search through your own history of personal Web searches is insanely powerful."

Cipher editorial comment: Amazon is planning to use a central repository of for the information, a technique that allows users great latitude in access but also makes their search history easily available to law enforcement officials and system administrators.


Privacy Complaint Against Airline Dismissed (Washington Post 15 Sep 2004)
Contributed by Richard Schroeppel
Dismissing a complaint filed by the Electronic Privacy Information Center (EPIC) and the Minnesota ACLU, the Department of Transportation has ruled that Northwest Airlines did not violate its own privacy policy when it shared passenger records with the government as part of a secret airline security project after the terrorist attacks in September 2001.  

Spycam May Be Watching You Work (The Age 14 Sep 2004)
Contributed by Richard Schroeppel
If you have a webcam and a microphone on your computer and a broadband connection to the Internet, a hacker could be watching you from that PC in your bedroom.