***************************************************************
Security-news <security-news@resist.ca>
A security bulletin for autonomous resistance movements
Produced by the folks who bring you http://security.tao.ca
***************************************************************

August 12th, 2002

There is no how-to included in this week's bulletin owing to a lack of
time all around. Submissions of security how-tos are particularly welcome
since they take the most time to put together - they can be send to
secure@resist.ca for inclusion in this bulletin. 

**********************************
Security-news: Issue #4 - Contents
**********************************
* Security tip of the week: Dealing with police at the door
* Updates to security.tao.ca
* News & Analysis: Unleashing the FBI - Cointelpro Redux
* News & Analysis: Unions Sell Out to TIPS, Cozy Up With Government
* News & Analysis: SSL defeated in IE and Konqueror

*****
Security Tip of the Week: Dealing with police at the door
*****
If the police, csis or the fbi come to your door *without a warrant of
any kind* you are not legally obligated to talk to them. Do not act
suspiciously or aggressively (these things may give an officer a legal
right to enter your home under grounds of "suspicion"), but do act
firmly and let them know that you are not interested in talking to them.
DO NOT let them into the house. Once you have invited them in it is
dificult to get them to leave - and they may find reasons to come back
with a warrant later on once inside. (more info at
http://security.tao.ca/personal/investigations.shtml)

*****
Updates to http://security.tao.ca
*****
No major updates this week, but we've posted some interesting stories on
the front page. We'd like more content in some of our sections, so if
you feel like writing for the site, please let us know!

*****
News & Analysis: Unleashing the FBI - Cointelpro Redux
August 6th, 2002 (Real Audio)
*****

The FBI's mishandling of leads prior to September 11th and lethargy in
pursuing the anthrax killer have been widely reported. Less coverage has
been given, however, to the bureau's dismissal of other acts of
terrorism, death threats and assaults against US citizens, and the FBI's
attempts to silence its critics. The assault against Barbara Bocek, a
case worker for a Native American tribe in Washington State, and
volunteer Guatemala Country Specialist for Amnesty International is a
case in point. In May this year, Bocek had been bound and gagged in her
car. After initially discrediting Bocek's account, the FBI now suggests
that Jennifer Harbury, the human rights advocate whose work over the
last 10 years implicated the CIA and State Department in the abduction
and torture of her Guatemalan husband, is a possible suspect.

Radio story in RealAudio format at
http://stream.realimpact.org/rihurl.ram?file=webactive/freespeech/
fsrn20020806.ra&start="10:51.3"

Security-news note: CointelPro-like operations have never ceased,
although the program was officially ended when it was exposed by
anonymous document leak. One of the best sites out there for information
about ongoing counter intelligence operations in the US is at
http://www.derechos.net/paulwolf/cointelpro/cointel.htm

*****
News and Analysis: Unions Sell Out to TIPS, Cozy Up With Government
August 7, 2002
*****

NEW YORK  A type of neighborhood anti-terror program launched by the
Bush administration will be up and active this month in 10 cities across
the country and some of those recruited could be neighborhood truck
drivers, utility employees and train conductors.  Those are just some of
the jobs taken by Teamsters union members, which has signed up to help
the Justice Department with its Operation TIPS.

TIPS -- the Terrorism Information and Prevention System -- is one of the
core elements of President Bush's Citizen Corps Program. The national
system for reporting suspicious and potentially terrorist-related
activity is predicated on the assistance of do-good local citizens who
would be in positions to witness unusual or suspicious activity in
public places. Volunteers will hand tips over to the Justice Department
via a toll-free hotline or online.

The Teamsters union is throwing its support behind Operation TIPS not
only as a means to show its nonpartisan stripes, but to lend an effort
to homeland security, said Teamsters spokesman Rob Black.

Read the rest of this article at
http://www.infoshop.org/inews/stories.php?story=02/08/07/2509994 also
read: On the Subject of Informants
http://www.infoshop.org/inews/stories.php?story=02/07/20/1282119

Security-news note: A number of people complained when this story went
up on infoshop because they felt it made Teamsters unionized workers
look bad, and this TIPS deal is being made by the union executive, not
the workers themselves. While this is true, it is the responsibility of
people inside unions and workplaces to protest the decisions of those
who claim to speak for them. Unions in the US and Canada (and certainly
everywhere else in the world) are ongoing subjects of investigation by
state governments. Union leaders in the global South are routinely
murdered  for their organizing activities (and don't think the CIA
hasn't been involved in some of that!). For a large union like the
Teamsters to cozy up to the state security apparatus is unconscionable
and a sell out to unions everywhere.

*****
News & Analysis: SSL defeated in IE and Konqueror
August 12, 2002 - taken from the register online
*****

A colossal stuff-up in Microsoft's and KDE's implementation of SSL
(Secure Sockets Layer) certificate handling makes it possible for anyone
with a valid VeriSign SSL site certificate to forge any other VeriSign
SSL site certificate, and abuse hapless Konqueror and Internet Explorer
users with impunity.

In more detail, we have a certificate chain issue discovered by Mike
Benham of thoughtcrime.org. A chain is formed when an intermediate
certificate is trusted between server and client. Supposedly, the
intermediate is accepted only if it's signed by the certificate
authority as safe for the purpose. If it's merely signed by another
certificate's key, it ought not to be trusted, or at least the user
should be warned. Unfortunately, due to a preposterous security
engineering oversight, IE and Konqueror don't bother to check this, so
if a tricky site owner signs an intermediate cert with another valid
cert, users will be none the wiser.

To read the rest of this article - go to
http://www.theregister.co.uk/content/4/26620.html

Security-news note: Apparently Mozilla is not vulnerable to this
security weakness - but we're not sure about Netscape. It generally
seems a good idea however to stop using Internet Explorer or Konqueror
is you want to be sure that your connection is being protected by SSL
(secure socket layer).

***************************************************************
Security-news <security-news@resist.ca>
Good security is no substitute for good sense!
To unsub go to http://resist.ca/mailman/listinfo/security-news
***************************************************************