The recent attacks against the United States have raised many concerns in the information security industry because of the changes these events might bring. For example, the Federal Bureau of Investigation (FBI) said that terrorists use strong encryption and related technologies, such as steganography, to hide and disseminate their communications—once again raising the problem of key escrow and encryption export restrictions. Some people who had already accused pretty good privacy (PGP) of contributing to crime are now making those claims even more loudly.
According to Wired News, the FBI has installed its DCS1000 software (formerly Carnivore) in the core networks of all consenting tier-1 ISPs across the nation. The FBI can now scan most communications that travel across American-based computer networks for potentially incriminating content.
In addition, corporations are now considering monitoring email and Internet traffic even more closely, and federal attention is focusing on free email and mailing list services (e.g., Hotmail and Yahoo) as possible vantage points for terrorist communications.
Furthermore, the Bush administration intends to ask Congress for expanded wiretap powers. The expanded powers would make wiretap orders applicable to individuals instead of specific devices owned by an individual. Instead of tapping a specific device, law enforcement might be able to tap any device that a suspect might potentially use—including all of our private telephone and computer networks.
Meanwhile, attackers have defaced or denied service to various governmental Web sites in both Israel and Afghanistan. I've received reports this week that attackers defaced the Israeli Prime Ministry's Web site, and the Afghanistan presidential palace Web site suffered Denial of Service (DoS) attacks and had to take the site offline. We stand a good chance of losing some of our civil liberties, especially rights to privacy, and I can't fathom how that's necessary in order to fight terrorism. I read a couple of very interesting stories at ZDNet this week that discuss how the recent attacks might affect how we secure and use our networks in the future. Be sure to stop by the ZDNet Web site and read the stories.
Microsoft has released a beta version of HFNetChk 3.2, which lets you check what hotfixes are installed on any machine on the network. You can learn about the beta, including how to download a copy, by reading the message Microsoft posted to our Win2KSecAdvice mailing list. In addition, Microsoft says that they are redesigning their security site, and the company is soliciting suggestions about how to improve the site's content and functionality. Be sure to read the Microsoft message listed in the HowTo Mailing List.