[security-news] Bulletin #2 - July 29, 2002

Mon Jul 29 11:07:33 PDT 2002

***************************************************************
Security-news <security-news at resist.ca>
A security bulletin for autonomous resistance movements
Produced by the folks who bring you http://security.tao.ca
***************************************************************

July 29, 2002

It's issue #2 already! Even though we said this would be a bi-weekly
bulletin, it looks like we will try to put this out weekly when we have
the content to do it. Please send any contributions, feedback or
suggestions to secure at resist.ca and also let other people know that this
bulletin exists! We want the largest possible activist audience thinking
about and acting on security issues - our activist context today certainly
demands it.

**********************************
Security-news: Issue #2 - Contents
**********************************
* Security tip of the week: Passphrase Security
* News Item: Giant Spy Eye Opens on World's Biggest Rainforest
* News Item: PGP Vulnerability exposed by Outlook Plug-In
* How-to: Limit Your WWW Search Exposure

*****
Security Tip of the Week: Passphrase Security
*****
A secure passphrase consists of one or more words comprising 12 characters
or more. It should utilize random characters, upper and lowercase letters,
numbers, punctuation and special characters (~!@#$ etc). In addition, it
should not contain data traceable to you such as birthdates, names or
other information. Do not write your passphrase down anywhere, or store it
in plaintext on your computer (it should be stored in an encrypted
password safe if you must record it somewhere). For more info -
http://security.tao.ca/pswdhygn.shtml

*****
News Item: Giant Spy Eye Opens on World's Biggest Rainforest 
Wed Jul 24, 2002 
*****

BRASILIA, Brazil (Reuters) - Scanning a dense rainforest the size of
Western Europe, a mammoth radar system set to crank up this week will spy
on drug runners, diamond miners and illegal loggers that infest Brazil's
Amazon. 

But the story behind the $1.4 billion network of radar, control towers and
aircraft that form a spider's web over the jungle has its own share of
espionage, riddled with allegations of CIA interference, phone bugs,
bribes and dodgy diplomacy. 

Designed by U.S. defense contractor Raytheon Co., the System for the
Vigilance of the Amazon, or SIVAM, will fill a black hole in Brazilian
surveillance that has exposed its borders to international crime and rebel
activity. 

SIVAM, built under Brazil's most costly defense contract, will scan 1.9
million square miles of the world's largest rainforest, also cataloging
its widest diversity of wildlife and pinpointing Indian populations. 

For the rest of this story go to:
http://story.news.yahoo.com/news?tmpl=story&u=/nm/20020724/sc_nm/brazil_amazon_dc_1
or http://www.guardian.co.uk/international/story/0,3604,565714,00.html

Security-news note: That's right, this whole surveillance project is being
touted as a way of environmentally protecting the Amazon - because as we
all know the US government has a real sincere interest in that..... We
also think they have a really sincere interest in gathering as much data
as possible on Brasil's neighbour Colombia. Even the Yahoo article notes
CIA assistance with Raytheon (a major US defense contractor) being awarded
the contract for this project. Even though the US doesn't officially own
this network - they might as well, given the fact that one of their own
companies did all the spec and design for the project and thus has access
to all the data.

***** 
News Item: PGP Vulnerability exposed by Outlook Plug-In 
By ComputerWire 
*****

One the most important secure email standards used to encrypt messages
could be vulnerable to attack through a plug-in used by the Microsoft
Outlook email suite.

It is claimed that certain commercial and freeware products supplied by
Network Associates Inc that use the Pretty Good Privacy encryption
standard contain a flaw that could leave systems exposed.