Sunday, April 27, 2003

http://www.networkice.com
------------------------------------------------------------

I. FRONT AND CENTER
1. SSL - Rumours and Reality
2. Studying Normal Network Traffic
II. BUGTRAQ SUMMARY
1. Windows 2000 EFS Temporary File Retrieval Vulnerability
2. Fastream FTP++ Denial of Service Vulnerability
3. Icecast Buffer Overflow Vulnerability
4. Fastream FTP++ Directory Traversal Vulnerability
5. LocalWEB2000 Directory Traversal Vulnerability
7. Netscape FastTrak Cache Module DoS Vulnerability
8. Iris GET Denial of Service Vulnerability
9. bing gethostbyaddr Buffer Overflow Vulnerability
10. Netscape Enterprise Server DoS Vulnerability
11. Lotus Domino Mail Server 'Policy' Buffer Overflow Vulnerability
12. Watchguard FireboxII Password Retrieval Vulnerability
13. Netscape Enterprise Server 'Index' Disclosure Vulnerability
14. Oracle JSP/SQLJSP Servlet Execution Vulnerability
15. Netopia R9100 Router Denial of Service Vulnerability
16. Easycom/Safecom Print Server Remote Arbitrary Command Vulnerability
17. FreeBSD ipfw Filtering Evasion Vulnerability
18. Netscape Enterprise Server Web Publishing DoS Vulnerability
19. Oracle XSQL Servlet Arbitrary Java Code Vulnerability
20. Wu-Ftpd Debug Mode Client Hostname Format String Vulnerability
III. SECURITYFOCUS.COM NEWS ARTICLES
1. DirecTV zaps hackers
2. DEA agent charged with selling data
IV.SECURITY FOCUS TOP 6 TOOLS
1. pwdump 3
2. The Coroner's Toolkit (TCT) 1.04
3. Bcrypt 4.1
4. Zorp 0.7.13
5. Ettercap 0.1.0.beta
6. wINJECT 0.92b
V. SECURITYJOBS LIST SUMMARY
1. Business Continuity Coordinator - NJ - #140 (Thread)
2. SecurityFocus.com Temporary Mailing List Shut-Down (Thread)
3. Information Security Consultant (Thread)
4. Looking for Entry-Level Security Position (Thread)
5. Personnel Security Officer (Thread)
6. Shawn Carbon -Seeking Security Position (Thread)
7. Technical Risk Manager - UK Based (Thread)
8. Seeking an UNIX Security Postition (Thread)
9. Network Security (Thread)
VI. INCIDENTS LIST SUMMARY
1. Template Admin Notification (Thread)
2. ICMP_TIME_EXCEEDED to network address? (Thread)
3. Upload of "pipes.scr" attempted to NetBus "honeypot" (Thread)
4. Port 9200/UDP Scan (Thread)
5. SecurityFocus.com Temporary Mailing List Shut-Down (Thread)
6. FTP and RPC based worms [was anyone else ...] (Thread)
7. Intrusion= Apology / Template Admin Notification (Thread)
8. Intrusion= (Thread)
9. AW: Seeking copy of Ramen worm. (Thread)
10. Thanks! Copies of the Ramen worm acquired. (Thread)
11. Template Admin Notification) (Thread)
12. Ramen (Thread)
13. Distributed scan (src port 23) of our whole class C network(Thread)
14. Port 64249 (Thread)
15. Seeking copy of Ramen worm. (Thread)
16. Distributed scan portmap of our whole class C network (Thread)
17. Distributed scan (src port 23) of our whole class C network(Thread)
18. intensive scan (Thread)
19. [ISN] Ramen Linux worm mutating, multiplying (fwd) (Thread)
20. Ramenfind Ramen detection and removal tool, v0.2 (Thread)
21. Banner riding (Thread)
22. anyone else seen an increase in sunrpc scans these days?(Thread)
23. Headerless EMail (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. ASCII Char 255 crashes a network (Thread)
2. Buffer Overflows in Netscape6 (Thread)
3. vulnerabilities researching papers? (Thread)
4. ztelnet setuid on Peanut Linux... (Thread)
5. SecurityFocus.com Temporary Mailing List Shut-Down (Thread)
6. Borderware v6.1.2 ping DoS vulnerability (Thread)
7. OSS www.opensound.com (Thread)
8. [unicode / iis4]PLEASE HELP ME. (Thread)
9. iC0N first annual security convention. (Thread)
10. [d-e-a-t-h@GMX.NET: ASCII Char 255 crashes a network] (Thread)
11. buffer overflows encapsulation (Thread)
12. icmp_echo_ignore_broadcast (Thread)
13. Vlans (Thread)
14. [ no subject ]
15. buffer overflows encapsultation (Thread)
16. The problem with NT services ... (Thread)
17. Remote overflows - Finding offsets (Thread)
18. Wild 'n Wacky (Thread)
19. mysqld buffer overflow exploit development (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. Using eEye's LibnetNT.DLL in Perl or even VB (Thread)
2. AW: Registry keys that define local login permissions (Thread)
3. SecurityFocus.com Microsoft Newsletter #18 (Thread)
4. Centralize IIS logs (Thread)
5. Desktop Encryption (Thread)
6. Strange happenings in IIS4 (Thread)
7. Windows 2000 IPSEC <-> NT4 (Thread)
8. TCP / IP filtering on WIN 2K (Thread)
9. Win2000 Security - Level C2 security (Thread)
10. Outlook Encryption problem (bug) (Thread)
IX. SUN FOCUS LIST SUMMARY
1. SecurityFocus.com Temporary Mailing List Shut-Down (Thread)
X. LINUX FOCUS LIST SUMMARY
1. SecurityFocus.com Temporary Mailing List Shut-Down (Thread)
2. not security (ad server list) (Thread)
3. Linux permissions (Thread)
4. strange entries in maillog - are these common? (Thread)
5. Compromising kernel modules to foil LIDS (Thread)
6. SecurityFocus.com Linux Newsletter #13 (Thread)
XI. SPONSOR INFORMATION
XII. SUBSCRIBE/UNSUBSCRIBE INFORMATION

I. FRONT AND CENTER
-------------------
1. Studying Normal Network Traffic

Many intrusion detection analysts concentrate on identifying the
characteristics of suspicious packets - illegal TCP flag combinations or
reserved IP addresses, for example. However, it is also important to be
familiar with what normal traffic looks like. A great way to learn what
traffic should look like is to generate some normal traffic, capture the
packets and examine them. In this article in SecurityFocus.com's
Intrusion Detection Systems focus area, Karen Frederick will discuss a
tool for logging packets, and will review some packet captures in depth.

http://www.securityfocus.com/focus/ids/articles/normaltraf.html

2. SSL - Rumours and Reality

You may have connected to a web page every now and then and noticed a
small padlock icon at the bottom of your, browser window. What does this
padlock signify? It means that the web-site is protected by SSL. SSL
stands for 'Secure Sockets Layer' and refers to a protocol (or technique)
that ensures a secure connection to a web-site. This article in the
SecurityFocus.com Basics Focus Area will discuss the ways in which SSL
provides safe, secure Internet transactions, including: how SSL works, why
it is an effective weapon against hackers and how hackers can sometimes
use it to their advantage.

http://www.securityfocus.com/focus/basics/articles/ssl.html

II. BUGTRAQ SUMMARY
-------------------

1. Windows 2000 EFS Temporary File Retrieval Vulnerability
BugTraq ID: 2243
Remote: No
Date Published: 2001-01-19
Relevant URL:
http://www.securityfocus.com/bid/2243
Summary:

EFS is the encrypted file system package designed to secure sensitive
information. It is included with the Windows 2000 Operating System,
distributed and maintained by Microsoft Corporation.

A problem in the package could allow the recovery of sensitive data
encrypted by the EFS. When the file is selected for encryption, and backup
copy of the file is moved into the temporary directory using the file name
efs0.tmp. The data from this file is taken and encrypted using EFS, with
the backup file being deleted after the encryption process is performed.
However, after the file is encrypted and the file is deleted, the blocks
in the file system are never cleared, thus making it possible for a any
user on the local host to access the data of the encrypted file, which
falls outside of the constrains of access control imposed by the Operating
System. This makes it possible for a malicious user to recover sensitive
data encrypted by EFS.

2. Fastream FTP++ Denial of Service Vulnerability
BugTraq ID: 2261
Remote: Yes
Date Published: 2001-01-22
Relevant URL:
http://www.securityfocus.com/bid/2261
Summary:

Fastream FTP++ Server is a client and server application used to download
and upload files between computers on the internet.

Faststream FTP++ is subject to a denial of service. Once a user has logged
into the FTP server, requesting a malformed argument, composed of 2048
bytes or more, will cause the Fastream FTP++ server to stop responding.
New connections to the server will be accepted but will not respond to any
commands.

Successful exploitation of this vulnerability could assist with further
attacks against the victim host.

3. Icecast Buffer Overflow Vulnerability
BugTraq ID: 2264
Remote: Yes
Date Published: 2001-01-21
Relevant URL:
http://www.securityfocus.com/bid/2264
Summary:

Icecast is an open source streaming audio server.

Versions of icecast up to and including 1.3.8 beta2 exhibit a format
string vulnerability in the print_client() function of utility.c.

An insecurely-structured call to fd_write() directly passes user supplied
characters as part of the format string to a *printf function. As a
result, a malicious user can cause the *printf function to overwrite
memory at possibly arbitrary addresses. This type of vulnerability can be
exploited by a remote attacker to execute arbitrary code on the victim
host.

4. Fastream FTP++ Directory Traversal Vulnerability
BugTraq ID: 2267
Remote: Yes
Date Published: 2001-01-22
Relevant URL:
http://www.securityfocus.com/bid/2267
Summary:

Fastream FTP++ Server is a client and server application used to download
and upload files between computers on the internet.

Fastream FTP++ Server is subject to a directory traversal. Once a user has
logged into the FTP server, requesting an 'ls' command along with the
drive name will disclose all of the directories within the requested
drive.

Successful exploitation of this vulnerability could assist in further
attacks against the victim host.

5. LocalWEB2000 Directory Traversal Vulnerability
BugTraq ID: 2268
Remote: No
Date Published: 2001-01-22
Relevant URL:
http://www.securityfocus.com/bid/2268
Summary:

LocalWEB2000 is an HTTP server designed for a small to medium sized
Intranet environment.

It is possible for users to gain read access to any known file residing on
the server. By submitting a specially crafted HTTP request composed of the
known filename and appended with '../', LocalWEB2000 will disclose the
file with read permissions.

Successful exploitation of this vulnerability could assist in further
attacks against the victim host.

6. GoodTech FTP Server Denial of Service
BugTraq ID: 2270
Remote: Yes
Date Published: 2001-01-22
Relevant URL:
http://www.securityfocus.com/bid/2270
Summary:

GoodTech FTP Server is an application used to download and upload files
between computers on the internet.

If an attacker makes an unusual number of connections to the FTP Server,
approx 2060-2080 connections, GoodTech FTP Server will either crash or
refuse any new connections. The result of this vulnerability is dependant
on the rate at which the connections are made. If the connections are made
rapidly the server will crash. If the connections are made in a timely
manner the FTP banner will display followed by an immediate disconnection.
A restart of the service is required in order to gain normal
functionality.

Successful exploitation of this vulnerability could assist in further
attacks against the victim host.

7. Netscape FastTrak Cache Module DoS Vulnerability
BugTraq ID: 2273
Remote: Yes
Date Published: 2001-01-22
Relevant URL:
http://www.securityfocus.com/bid/2273
Summary:

Netscape FastTrak Server is a web server designed for smaller workgroups.

Netscape FastTrak Server is subject to a denial of service. The cache
module within Netscape FastTrak Server contains nonexistent yet legitimate
URLs, this cached information is kept for approximately thirty minutes. If
nonexistent URLs are continuously requested, Netscape FastTrak Server will
consume all available memory, causing the server to exhibit diminished
performance and, potentially, to stop responding entirely. A restart of
the service is required in order to gain normal functionality.

Successful exploitation of this vulnerability could assist in further
attacks against the victim host.

8. Iris GET Denial of Service Vulnerability
BugTraq ID: 2278
Remote: No
Date Published: 2001-01-21
Relevant URL:
http://www.securityfocus.com/bid/2278
Summary:

IRIS from eEye Digital Security is a protocol analyzer geared towards
network management. Current versions are reportedly vulnerable to a
denial of service attack.

A maliciously-formed packet sent to Iris by a remote attacker, upon
opening in the program for analysis by a user, will cause Iris to
terminate.

The crash is caused by an inability of Iris to handle packets with
malformed values in its headers.

It should be noted that in order to properly exploit this issue, the
invalid packet must be opened by a user in Iris.

9. bing gethostbyaddr Buffer Overflow Vulnerability
BugTraq ID: 2279
Remote: No
Date Published: 2001-01-19
Relevant URL:
http://www.securityfocus.com/bid/2279
Summary:

bing is a freely available, open source software package written by Pierre
Beyssac. The package is designed to calculate the capacity between two
points by sending various sized ICMP packets and recording their return
times.

A problem in bing can allow a local user to gain administrative
privileges. A static buffer used to store the name of the host using a
gethostbyaddr function is allocated a static 80 byte buffer in memory.
It is possible for a user with control of their on IN-ADDR.arpa zone to
create a custom crafted entry in their zone records, appended with shell
code. Upon receiving the IN-ADDR entry, the buffer could overflow,
overwriting stack variables up through the return address, and therefore
executing the shellcode in the zone entry. This problem makes it possible
for a user with malicious motives to gain elevated privleges on a
vulnerable system, including administrative access.

10. Netscape Enterprise Server DoS Vulnerability
BugTraq ID: 2282
Remote: Yes
Date Published: 2001-01-22
Relevant URL:
http://www.securityfocus.com/bid/2282
Summary:

Netscape Enterprise Server is a web server used to serve
larger-scale websites.

It is possible for a remote user to crash Netscape Enterprise Server. By
composing a maliciously-crafted GET request composed of approx 1344 '../'
character sequences the server will stop responding. This vulnerability
will affect both the web services and admin service.

A restart of the server service is required in order to gain normal
functionality.

It should be noted that this vulnerability would have to be exploited
twice in order to experience they expected result. Netscape Enterprise
Server will restore both services after the first incident

11. Lotus Domino Mail Server 'Policy' Buffer Overflow Vulnerability
BugTraq ID: 2283
Remote: No
Date Published: 2001-01-23
Relevant URL:
http://www.securityfocus.com/bid/2283
Summary:

A buffer overflow vulnerability has been reported in Lotus Domino Mail
Server.

Lotus Domino Mail Server fails to properly validate user supplied input to
the field which specifies permitted domain names in mail forwarding
policy.

As a result, if the policy feature is enabled, maliciously-crafted values
as input to this field can overflow the relevant buffer, allowing the
attacker to crash the server or, potentially, to execute arbitrary code
with the privilege level of the mail server.

Successful exploitation of this vulnerability could lead to complete
comprimise of the host.

12. Watchguard FireboxII Password Retrieval Vulnerability
BugTraq ID: 2284
Remote: Yes
Date Published: 2001-01-20
Relevant URL:
http://www.securityfocus.com/bid/2284
Summary:

FireboxII is a firewall package available from WatchGuard Technologies.
FireboxII systems are developed in various sizes and strengths, and are
available in different models to fit enterprise needs.

A problem with the firmware may allow remote users with read-only access
to gain elevated privileges. The problem occurs in the handling of
passwords by the FireboxII system. It is possible for a user with
read-only access to the firewall to initiate an SSL connection through the
proprietory libraries included with the administration tools. Upon
connecting and executing the MPF command, a user can retrieve the binary
/var/lib/mpf/keys.gz from flash memory which contains the hashed passwords
of both the read-only and read-write. A remote user can then initiate
connections through the library, using the hashed read-write password to
modify configuration. This problem makes it possible for a user with
malicious motives to gain control of the firewall, and allow access to
resources which may be restricted, or potentially deny service to the
network.

13. Netscape Enterprise Server 'Index' Disclosure Vulnerability
BugTraq ID: 2285
Remote: Yes
Date Published: 2001-01-24
Relevant URL:
http://www.securityfocus.com/bid/2285
Summary:

Netscape Enterprise Server is a web server used to host larger-scale
websites. The Web Publishing feature is installed by default. This
directory is accessible by remote or local users without any
authentication.

Netscape Enterprise Server with Web Publishing enabled will disclose the
directory listing of the target server. If a remote user connects via a
telnet port on the Netscape Enterprise Server, submitting a specially
crafted request 'INDEX / HTTP/1.0' will cause the server to display the
entire directory listing.

Successful exploitation of this vulnerability could lead to the disclosure
of sensitive information and possibly assist in further attacks against
the victim.

It should be noted that this vulnerability is not exploitable on
directories with aliases.

14. Oracle JSP/SQLJSP Servlet Execution Vulnerability
BugTraq ID: 2286
Remote: Yes
Date Published: 2001-01-22
Relevant URL:
http://www.securityfocus.com/bid/2286
Summary:

A problem in the Oracle8 database could allow a remote user to execute
arbitrary .jsp files. Due to the handling of input by the Oracle JSP
agent, it's possible for a remote user to access files that may be
execution restricted.

Upon connecting to a web server using the Oracle database, and running on
a Windows 2000 system, it's possible for a user to execute java servlet
pages on the same partition as the web server root. This is done by
connecting to the web server, and requesting a file such as
http://webhost/servlet//..//..//o.jsp, which would execute the file
c:\o.jsp, presuming such a file existed, and that the web server root was
on the c:\ partition. This would also create directory
C:\servlet\_pages\_servlet, and copy the source and .class file of o.jsp
into the created directory.

This makes it possible for a user with knowledge of the web infrastructure
to execute arbitrary .jsp files, and potentially learn information that
could aide in gaining local access to the server, or even gain elevated
privileges on a local web server.

15. Netopia R9100 Router Denial of Service Vulnerability
BugTraq ID: 2287
Remote: No
Date Published: 2001-01-24
Relevant URL:
http://www.securityfocus.com/bid/2287
Summary:

The Netopia R9100 Router, running firmware version 4.6, is vulnerable to a
denial of service attack. Subsequent versions of the product are not
vulnerable.

Under very specific circumstances, it is possible to cause the affected
router to halt. By attempting to make a looped connection from the
router's IP address back to the same address, the unit will crash.

This vulnerability has implications for system logging. Typically, all
user connections and disconnections are logged by the device. If an
attacker attempts to delete logs, there is still a trace of his presence
when logging out. However, it is possible for this 'trace' to be
subverted by crashing the system before a disconnect record is made.

While the crash itself is logged, the system is unable to log the user who
caused it. Thus, it is possible for the user to delete all traces of
malicious activity, then crash the system. Doing so will prevent the
user's disconnection from being recorded.

This may allow an attacker to execute further attacks on the router or
other hosts on its network.

16. Easycom/Safecom Print Server Remote Arbitrary Command Vulnerability
BugTraq ID: 2291
Remote: Yes
Date Published: 2001-01-23
Relevant URL:
http://www.securityfocus.com/bid/2291
Summary:

I-Data International's Easycom/Safecom print server is vulnerable to at
least one denial of service attack, and potentially to remote command
execution at the privilege level of the print server.

Excess user-supplied input submitted as a URL to the print server's web
service can create a buffer overflow condition, which has the potential to
crash the server, posing a denial of service risk.

If the submitted URL is constructed with sufficient precision, the excess
data received by the vulnerable server is copied onto the stack and can
overwrite critical parts of the stack frame such as the calling function's
return address. Since this data is supplied by the user it could be
crafted to remotely alter the program's flow of execution.

17. FreeBSD ipfw Filtering Evasion Vulnerability
BugTraq ID: 2293
Remote: Yes
Date Published: 2001-01-23
Relevant URL:
http://www.securityfocus.com/bid/2293
Summary:

FreeBSD, like many other modern operating systems, ships with a packet
filtering system built into the kernel.

A vulnerability in this system has been uncovered that may allow attackers
to evade certain rules. It has to do with FreeBSD's interpretation of the
ECE flag in the TCP header.

The ECE flag is an experimental extension to TCP, and is part of TCP's
reserved options. Its purpose is for notification of network congestion.

When the packet filter examines TCP packets that have this ECE flag set,
it interprets them as being part of an established TCP connection. Thus
if a filtering rule exists that permits packets belonging to an
established connection, these packets will qualify and be let through.

Attackers could use this vulnerability to circumvent firewall rules.
Packets could be constructed so that the ECE flag is set for outgoing
traffic and establish connections with services behind the firewall.
Under normal circumstances, packets would only be recieved by these
services if a TCP connection had already been established.

Vulnerable services to be protected by this rule will be exposed to
possibly hostile external networks.

18. Netscape Enterprise Server Web Publishing DoS Vulnerability
BugTraq ID: 2294
Remote: Yes
Date Published: 2001-01-25
Relevant URL:
http://www.securityfocus.com/bid/2294
Summary:

Netscape Enterprise Server is a web server used to host larger-scale
websites. The Web Publishing feature is installed by default. This
directory is accessible by remote or local users without any
authentication.

A denial of service condition exists in the Netscape Enterprise Server
when Web Publishing is enabled. If a remote user successfully connects to
the server and submits a specially crafted command 'REVLOG / HTTP/1.0',
the server will crash. This command would have to be submitted multiple
times in order for the expected result.

A restart of the server would be required in order to gain normal
functionality.

Successful exploitation of this vulnerability could assist in further
attacks against the victim host.

19. Oracle XSQL Servlet Arbitrary Java Code Vulnerability
BugTraq ID: 2295
Remote: Yes
Date Published: 2001-01-23
Relevant URL:
http://www.securityfocus.com/bid/2295
Summary:

The Oracle XSQL Servlet dynamically generates XML documents from one or
more SQL queries.

The Oracle database server exhibits a possible failure to validate
user-supplied input in stylesheet references contained in URLs submitted
to the server.

Properly exploited, this can permit the remote execution of arbitrary Java
code with the server's privilege level.

More specific information on this vulnerability is not currently
available.

20. Wu-Ftpd Debug Mode Client Hostname Format String Vulnerability
BugTraq ID: 2296
Remote: Yes
Date Published: 2001-01-23
Relevant URL:
http://www.securityfocus.com/bid/2296
Summary:

Wu-ftpd is a widely used unix ftp server. It contains a format string
vulnerability that may be exploitable under certain (perhaps even
'extreme') circumstances.

If wu-ftpd is running in debug mode (ie, started by inetd with the -d or
-v flag) it may be possible for an attacker to exploit a format string
attack. When in debug mode, Wu-ftpd logs user commands and server
responses via syslog() with 'DEBUG' designation. When a passive file
transfer is initiated by the user (real or anonymous), this message is
written to syslog:

PASV port X assigned to HOSTNAME

This string containing this message is constructed before the call to
syslog(). The value of HOSTNAME within the string is resolved by the
server.

This string is then passed to syslog as its format string argument. As a
result, any format specifiers that are within the string will be
interpreted and acted upon. This could be exploited in the typical manner
format string vulnerabilities are exploited.

It is not known if any distributions of Wu-ftpd or distributions of
software including Wu-ftpd ship with debug mode on by default.


III. SECURITYFOCUS.COM NEWS AND COMMENTARY
------------------------------------------
1. DirecTV zaps hackers
By Kevin Poulsen

Satellite television behemoth DirecTV struck a decisive blow against
signal pirates Sunday night, when it transmitted a carefully crafted
electronic message from its orbiting satellites and destroyed thousands of
hacked smart cards, which for the last four years allowed pirates to gain
free access to hundreds of channels of programming.

According to sources in the satellite TV underground, the vast majority of
illicitly reprogrammed DirecTV access cards, which once had a street value
of several hundred dollars each, were wiped out on what hackers are
calling "Black Sunday."

http://www.securityfocus.com/templates/article.html?id=143

2. DEA agent charged with selling data
By Kevin Poulsen

A 12-year veteran of the of the U.S. Drug Enforcement Administration (DEA)
plead not-guilty Monday in federal court in Los Angeles to charges of
illegally selling sensitive information about private citizens pulled from
federal and state law enforcement computers.

Special Agent Emilio Calatayud is charged in an eleven count indictment
with wire fraud, bribery, and violation of the Computer Fraud and Abuse
Act for allegedly selling "criminal history and law enforcement
information" to private investigations firm Triple Check Investigative
Services in Los Angeles. Trial is set for March 13th.

http://www.securityfocus.com/templates/article.html?id=142

IV.SECURITY FOCUS TOP 6 TOOLS
-----------------------------
1. pwdump 3
Platforms: Windows 2000 and Windows NT
by e-business technology, Inc.
Relevant URL: http://www.ebiz-tech.com

pwdump3 combines the functionality of pwdump by Jeremy Allison and pwdump2
by Todd Sabin. It can extract the password hashes from a remote Windows NT
4.0 or 2000 box whether or not syskey has been installed. It does this by
injecting a process onto the remote system and extracting the hashes and
then copying the hashes back to the local system. Using this tool, a
system administrator can check on the strength of the passwords on his
system.

2. The Coroner's Toolkit (TCT) 1.04
by Dan Farmer and Wietse Venema
Platforms: FreeBSK, Linux, OpenBSD, Solaris and SunOS
Relevant URL: http://www.porcupine.org/forensics/tct.html

TCT is a collection of programs that can be used for a post-mortem
analysis of a UNIX system after break-in. The software was presented first
during a free Computer Forensics Analysis class that we gave one year ago
(almost to the day).

Notable TCT components are the grave-robber tool that captures
information, the ils and mactime tools that display access patterns of
files dead or alive, the unrm and lazarus tools that recover deleted
files, and the keyfind tool that recovers cryptographic keys from a
running process or from files.

3. Bcrypt 4.1
Platforms: Windows 2000, Windows 95/98 and Windows NT
by Sylvain Martinez
Relevant URL: http://www.bcrypt.com

This is the new windows application of the well known bcrypt windows
software. It is now compatible with the new cryptography library. It
allows you to crypt/decrypt/generate key/hide files. Windows GUI using the
BUGS v3.4.0 dynamic private key cryptography algorithm. User Friendly,
Open Source, Multiplatform. You can Crypt/Decrypt, Generate Key, Hide

4. Zorp 0.7.13
Platforms: Linux
by Balazs Scheidler (bazsi@balabit.hu)
Relevant URL: http://www.balabit.hu/products

Zorp is a proxy firewall suite. Its core framework allows the
administrator to finetune proxy decisions (with its built in script
language), fully analyze complex protocols (like SSH with several
forwarded TCP connections), and utilize outband authentication techniques
(unlike common practices where proxy authentication had to be hacked into
the protocol). FTP and HTTP protocols are fully supported with an
application-level proxy.


5. Ettercap 0.1.0.beta
Platforms: MacOS
by ALoR (alor@thepentagon.com)
Relevant URL: http://ettercap.sourceforge.net/

ettercap is a network sniffer/interceptor/logger for switched LANs. It
uses ARP poisoning and the man-in-the-middle technique to sniff all the
connections between two hosts. Data injection in an established connection
is also possible keeping it alive. You can sniff connection between local
and remote host through a gateway using the MAC-based sniffing mode. It
has an ncurses interface.

6. wINJECT 0.92b
Windows 95/98
by moofz
Relevant URL: http://big.badlink.net

Winject is a low-level packet builder/injector for win9x dialup users. It
allows you to create custom packets with real or spoofed IP addresses.

V. SECURITY JOBS SUMMARY
------------------------

1. Business Continuity Coordinator - NJ - #140 (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-01-26%26thread%3d20010125162455.14135.qmail@securityfocus.com


2. SecurityFocus.com Temporary Mailing List Shut-Down (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-01-26%26thread%3dPine.GSO.4.30.0101251444540.3666-100000@mail


3. Information Security Consultant (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-01-26%26thread%3d20010125122135.13713.qmail@securityfocus.com


4. Looking for Entry-Level Security Position (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-01-26%26thread%3dsa700ff1.037@mail.millikin.edu


5. Personnel Security Officer (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-01-26%26thread%3d20010124153517.11490.qmail@securityfocus.com


6. Shawn Carbon -Seeking Security Position (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-01-26%26thread%3d20010124152829.21006.qmail@web6302.mail.yahoo.com


7. Technical Risk Manager - UK Based (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-01-26%26thread%3d20010123103735.4551.qmail@www5


8. Seeking an UNIX Security Postition (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-01-26%26thread%3d3A6CDDB2.39E3C683@usermail.com


9. Network Security (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-01-26%26thread%3d20010119202747.1358.qmail@www5


VI. INCIDENTS LIST SUMMARY
-------------------------

1. Template Admin Notification (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-01-29%26thread%3dSIMEON.10101261339.R672@bluebottle.itss


2. ICMP_TIME_EXCEEDED to network address? (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-01-29%26thread%3dE14Lrby-0002IN-00@ADSL-Bergs.RZ.RWTH-Aachen.DE


3. Upload of "pipes.scr" attempted to NetBus "honeypot" (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-01-29%26thread%3d20010125193233.H19137@thathost.com


4. Port 9200/UDP Scan (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-01-29%26thread%3dA0EEDFB70902D4118BDA00508BC21C4B0B49A0@copper.belenosinc.com


5. SecurityFocus.com Temporary Mailing List Shut-Down (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-01-29%26thread%3dPine.GSO.4.30.0101251444540.3666-100000@mail


6. FTP and RPC based worms [was anyone else ...] (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-01-29%26thread%3d20010124234440.12229.qmail@securityfocus.com


7. Intrusion= Apology / Template Admin Notification (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-01-29%26thread%3d3A6F95FD.DB84218@nycap.rr.com


8. Intrusion= (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-01-29%26thread%3d3A6F2EB0.874DD22@nycap.rr.com


9. AW: Seeking copy of Ramen worm. (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-01-29%26thread%3dKJEAIGEGCKACPHIEJDIJGEDGCAAA.tklein2@ix.urz.uni-heidelberg.de


10. Thanks! Copies of the Ramen worm acquired. (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-01-29%26thread%3dPine.GSO.3.96.1010124131957.29422B-100000@crypto


11. Template Admin Notification) (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-01-29%26thread%3d3.0.5.32.20010124124932.033a73a0@pop.fuse.net


12. Ramen (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-01-29%26thread%3dPine.LNX.4.10.10101241247340.17485-100000@mastermind.inside.guardiandigital.com


13. Distributed scan (src port 23) of our whole class C network (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-01-29%26thread%3dE14LNsw-0000Za-00@ADSL-Bergs.RZ.RWTH-Aachen.DE


14. Port 64249 (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-01-29%26thread%3d8F3C01FA1D84D211BF6800A0C9A709C801271FAD@aries.ho.mlc.mb.ca


15. Seeking copy of Ramen worm. (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-01-29%26thread%3d115e01c085d4$761eb9e0$0100a8c0@stefan1


16. Distributed scan portmap of our whole class C network (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-01-29%26thread%3dPine.LNX.4.30.0101240638140.20130-100000@lnfm1.sai.msu.ru


17. Distributed scan (src port 23) of our whole class C network (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-01-29%26thread%3dPine.LNX.4.21.0101232127460.20862-100000@eris.io.com


18. intensive scan (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-01-29%26thread%3dG7MBE8$IOw7YCxkFHZWa3LWf2peab5Cd3hlrb7jY7xawibSlyZiQWl@voila.fr


19. [ISN] Ramen Linux worm mutating, multiplying (fwd) (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-01-29%26thread%3dPine.LNX.4.30.0101231040100.1141-100000@shiva0.cac.washington.edu


20. Ramenfind Ramen detection and removal tool, v0.2 (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-01-29%26thread%3dPine.LNX.4.30.0101222346590.29336-101000@sparrow.websense.net


21. Banner riding (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-01-29%26thread%3d05eb01c084a6$c5ca2210$0100a8c0@stefan1


22. anyone else seen an increase in sunrpc scans these days? (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-01-29%26thread%3d008401c0848a$510e0340$1900a8c0@ci.cl


23. Headerless EMail (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-01-29%26thread%3dA2DD4A0747C2D41189F400B0D03E46C61D85FE@hsadenmx06.hsacorp.net

VII. VULN-DEV RESEARCH LIST SUMMARY
----------------------------------

1. ASCII Char 255 crashes a network (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-01-26%26thread%3d3A710961.4C10F9E9@dethbystereo.com


2. Buffer Overflows in Netscape6 (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-01-26%26thread%3d20010125184631.B11576@cistron.nl


3. vulnerabilities researching papers? (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-01-26%26thread%3d183107486497.20010125164326@yahoo.com


4. ztelnet setuid on Peanut Linux... (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-01-26%26thread%3d3a73bc18.20907029@blackcat.tequila


5. SecurityFocus.com Temporary Mailing List Shut-Down (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-01-26%26thread%3dPine.GSO.4.30.0101251444540.3666-100000@mail


6. Borderware v6.1.2 ping DoS vulnerability (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-01-26%26thread%3dsa70101d.063@capefear.cc.nc.us


7. OSS www.opensound.com (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-01-26%26thread%3dPine.LNX.4.21.0101250911340.10873-100000@is31.cipher.net


8. [unicode / iis4]PLEASE HELP ME. (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-01-26%26thread%3dJCEOIHOBLMMKLBAHKGICGEAKCEAA.fsiciliano@earthlink.net


9. iC0N first annual security convention. (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-01-26%26thread%3dOEECLPECLFHFPIEMHGPEMEMACCAA.ryagatich@csn1.com


10. [d-e-a-t-h@GMX.NET: ASCII Char 255 crashes a network] (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-01-26%26thread%3dE14LPyB-0006Kc-00@redshift.lemon-computing.com.


11. buffer overflows encapsulation (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-01-26%26thread%3dGOEKIIDAFABIBOEMKCHPMEFACAAA.msues@cinnabar.ca


12. icmp_echo_ignore_broadcast (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-01-26%26thread%3d141227280.20010124002605@southbreak.com


13. Vlans (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-01-26%26thread%3d20010123114334.A19747@pohl.fips.de

14. [ no subject ]
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-01-26%26thread%3dsa6d3c3d.063@capefear.cc.nc.us

15. buffer overflows encapsultation (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-01-26%26thread%3dF59qtQvAauNjVuMhvqg00005195@hotmail.com

16. The problem with NT services ... (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-01-26%26thread%3d20010121155031.10E.0@bobanek.nowhere.cz


17. Remote overflows - Finding offsets (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-01-26%26thread%3d3A682973.E29F0333@linuxit.com


18. Wild 'n Wacky (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-01-26%26thread%3d002001c08420$15c31420$6700a8c0@fastnet03


19. mysqld buffer overflow exploit development (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-01-26%26thread%3d20010119190000.DDA7E24C77B@lists.securityfocus.com

VIII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------

1. Using eEye's LibnetNT.DLL in Perl or even VB (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-01-26%26thread%3d20010123170822.13055.qmail@web110.yahoomail.com


2. AW: Registry keys that define local login permissions (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-01-26%26thread%3dNCBBKCBGJMHDGIIJPEBDIEIEDAAA.florian.duerr@dimensionx.ch


3. SecurityFocus.com Microsoft Newsletter #18 (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-01-26%26thread%3dPine.GSO.4.30.0101220903490.18443-100000@mail


4. Centralize IIS logs (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-01-26%26thread%3d31ACC2D3E8B4D411BC4A00306E0061EF016150@IGHMSG01


5. Desktop Encryption (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-01-26%26thread%3d000f01c0842e$dda9aae0$343f4eab@genuity.com


6. Strange happenings in IIS4 (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-01-26%26thread%3dA86EB3E9F548D411AA6B00B0D020F53442ED83@ENVESTMAIL


7. Windows 2000 IPSEC <-> NT4 (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-01-26%26thread%3dFCEMIEMFFCJPHMCLJHKOOEKECDAA.Peter.DeBruyne@EurASP.Com


8. TCP / IP filtering on WIN 2K (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-01-26%26thread%3dCCEHKKFJPKCKHCDCNCLPEEGLCAAA.joshp@integrated-solutions.net


9. Win2000 Security - Level C2 security (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-01-26%26thread%3dCCEHKKFJPKCKHCDCNCLPMEGKCAAA.joshp@integrated-solutions.net


10. Outlook Encryption problem (bug) (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-01-26%26thread%3d20010120092418.1856.qmail@securityfocus.com

IX. SUN FOCUS LIST SUMMARY
----------------------------

1. SecurityFocus.com Temporary Mailing List Shut-Down (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d92%26date%3d2001-01-26%26thread%3dPine.GSO.4.30.0101251444540.3666-100000@mail


X. LINUX FOCUS LIST SUMMARY
---------------------------

1. SecurityFocus.com Temporary Mailing List Shut-Down (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2001-01-26%26thread%3dPine.GSO.4.30.0101251444540.3666-100000@mail


2. not security (ad server list) (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2001-01-26%26thread%3d031501c086a3$bb96fe40$ca00030a@seifried.org


3. Linux permissions (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2001-01-26%26thread%3d20010124101355.H19339@fast.net


4. strange entries in maillog - are these common? (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2001-01-26%26thread%3d20010123162121.W2229@pure-chaos.com


5. Compromising kernel modules to foil LIDS (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2001-01-26%26thread%3d10E384101D1ED211910E00805FEFB2B89399D7@cadmium.chelmer.co.nz


6. SecurityFocus.com Linux Newsletter #13 (Thread)
Relevant URL:

http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2001-01-26%26thread%3dPine.GSO.4.30.0101220914210.18443-100000@mail


XI. SPONSOR INFORMATION
-----------------------

This issue sponsored by: Network ICE

High-Speed Intrusion Protection for the Enterprise from Network ICE

With a unique combination of intrusion detection plus blocking, we deliver
centrally-managed intrusion protection products that guard VPN clients,
Gigabit segments and enterprise servers against attack. Block attacks
other products miss, without dropping packets, suffering CPU meltdown or
flooding your NOC with false alarms.

Don't believe it? We can prove it: http://www.networkice.com

XII. SUBSCRIBE/UNSUBSCRIBE INFORMATION
-------------------------------------

1. How do I subscribe?

Send an e-mail message to LISTSERV@SECURITYFOCUS.COM with a message body
of:

SUBSCRIBE SF-NEWS Lastname, Firstname

You will receive a confirmation request message to which you will have
to anwser.

2. How do I unsubscribe?

Send an e-mail message to LISTSERV@SECURITYFOCUS.COM from the subscribed
address with a message body of:

UNSUBSCRIBE SF-NEWS

If your email address has changed email aleph1@securityfocus.com and I
will manualy remove you.

3. How do I disable mail delivery temporarily?

If you will are simply going in vacation you can turn off mail delivery
without unsubscribing by sending LISTSERV the command:

SET SF-NEWS NOMAIL

To turn back on e-mail delivery use the command:

SET SF-NEWS MAIL

4. Is the list available in a digest format?

Yes. The digest generated once a day.

5. How do I subscribe to the digest?

To subscribe to the digest join the list normally (see section 0.2.1)
and then send a message to LISTSERV@SECURITYFOCUS.COM with with a message
body of:

SET SF-NEWS DIGEST

6. How do I unsubscribe from the digest?

To turn the digest off send a message to LISTSERV with a message body
of:




Wars On Earth

With Kyoto in shambles and environmental laws under assault, Earth Day 2003 hardly possesses the feel-good air that hovered over the celebrations of the 1990s. More than ever, honoring the natural world impels us to resist those in power. With festivities taking place in the shadow of war, this Earth Day must also be a call for peace.

The environment has long been a silent casualty of war, suffering before, during, and after actual combat takes place. And, from assaults on ecosystems in the Persian Gulf to regulatory exemptions for U.S. military activities here at home, the current war provides fresh lessons about how militarism goes hand in hand with ecological destruction.

Historically, the environmental impacts of military actions have drawn little attention. Self-proclaimed pragmatists like to shrug off the complaints of tree huggers as irrelevant next to grave matters of state. But while their reasoning may carry some weight in a case of obvious genocide, it is dishonest not to weigh often crushing environmental damage in the same balance with international interests and the human toll of war.

Even as the shooting in Baghdad dies down, past and future wars continue to claim victims on the environmental front worldwide. For example, the military industry's development and testing of weaponry produces an endless stream of hazardous waste. Such activity has contaminated over 11,000 "hot spots" on 1,855 military facilities in the United States, according to the Defense Department's own documents.

New data on the poisonous herbicides used to kill off Vietnam's jungles and crops paint a grim portrait of how war devastates ecosystems and poses persistent threats to human health. Just this month, a story broke indicating that Agent Orange was applied far more recklessly than originally estimated -- meaning citizens and soldiers alike suffered far graver exposures to dioxin.

Even after active conflicts end, military waste wages a lingering cold war on the natural world. A 1993 State Department report identifies landmines and other unexploded ordnance as "the most toxic and widespread pollution facing mankind."

Operation Desert Storm perpetuated this sad history. The Gulf War of 1991 resulted in some 65 million barrels of spilled oil, which killed tens of thousands of marine birds in the Persian Gulf and seeped through the desert into sensitive water sources. Meanwhile, in Iraq's cities, bombing devastated sewage and water treatment facilities.

Most significantly, the 600 oil fires set by the Iraqi army burned for up to nine months, releasing millions of tons of carbon dioxide and sulfur dioxide into the atmosphere. This pollution caused dark, greasy rains to fall as far as 1,500 miles away.

"The first Gulf War was the biggest environmental disaster in recent history," former Earth Island Journal editor Gar Smith recently told The Washington Post.

Lacking the massive oil fires and extreme infrastructural damage that marked the first Gulf War, the current clash may not prove as environmentally disastrous as some feared. Nevertheless, with controversial depleted-uranium weaponry in use and with ecosystems still reeling from the last conflict, revelations of environmental damage may emerge, as they have with past wars, for years to come.

Two years ago the World Health Organization began exploring whether the depleted uranium from munitions used in Desert Storm were causing spikes in cancer, kidney diseases and other congenital disorders among Iraqis. The Pentagon says the weapons are safe -- but just this month the Royal Society issued a scathing indictment of these claims and called for the United States and Britain to remove hundreds of tons of the substance to protect Iraqi citizens. If such suspicions prove correct, these civilians must be considered casualties of war and counted along with those who died in air strikes. This would mean, of course, that the true body count from the current war will take years to assess.

Even relatively minor environmental disruptions in Iraq can have wide-ranging impacts, especially on biodiversity. The Persian Gulf harbors more than half of the marine turtle species in the world, all of which are listed as "endangered" or "threatened." Sixty species of waterfowl and nine different birds of prey spend their winters in Iraq's delicate wetlands. "From a biodiversity point of view," the noted ornithologist Phil Hockey told Grist Magazine, "this is the worst possible time of the year to have a war there."

The U.S. occupation of Iraq could itself invite despoliation. Global oil companies are eager to develop virgin oil fields in Iraq, aiming to double the country's production to around six million barrels a day by 2010. Conservation and renewable energy are unlikely to rank high in the agenda as they undertake this massive new extraction. And progressives, while they push for Iraqi self-determination and support the country's control of its own profitable resources, should feel ambivalent about Iraq's stable economy coming at the cost of lowered oil prices and continued U.S. dependence on fossil fuels.

Putting aside its impacts abroad, the war in Iraq may deal a cruel blow to environmental protections in the United States. Never one to miss a moment of political opportunism, the Bush administration now argues that requiring the Department of Defense to comply with environmental laws will hurt the troops' "training readiness." The White House has therefore asked Congress to exempt the armed forces from a wide swath of regulations -- a goal generals have pursued for years.

Given the ease with which the Marines rolled across the Iraqi desert, it's hard to see how our environmental laws have hampered the military's ability to face current threats. Nevertheless, the legislation puts the screws into the Clean Air Act, the Endangered Species Act, the Marine Mammal Protection Act and Superfund, to name a few. In fact, it's "a rollback of almost every major environmental law on the books," says Michael Jasney, senior policy analyst for the Natural Resources Defense Council.

Of course, many environmentalists already opposed the president's overseas adventurism. To them, the inevitable human costs seemed as unjustifiable as the conflict's toll on the natural world. Yet, in the end, bringing an ecological perspective to the military debate may prove necessary. Only by challenging America's enormous appetite for oil, along with its imperial ambitions, can we preempt a war -- both human and ecological -- without end.


Greenspan's Unfortunate Return & New Penal implant

Reappointing Alan Greenspan as chairman of the Federal Reserve Board is like inviting the Titanic's captain back to the helm for another cruise.

The financial markets and the punditocracy continue to believe that Greenspan is the closest thing to God on Earth -- witness the market rally on April 22, when the White House announced the reappointment. But this faith in Mr. Greenspan says more about their continued lack of contact with reality than his merits as Fed chairman. After all, these are some of the same people who thought a 5,000 NASDAQ index made sense (it's now below 1,500).

Do they forget that Greenspan ignored the largest financial bubble in history, which led to a loss of more than $8 trillion in stock wealth? It should have been clear by 1997 that the stock market had entered a bubble, as at least a few economists were saying at the time. As a result of its bursting, the economy remains mired in stagnation.

It would not have been difficult for Greenspan to deflate this bubble, as he inadvertently demonstrated in late 1996, when he made his famous comment about the market's "irrational exuberance." The comment sent the market plummeting. If Greenspan hadn't reversed his position two days later, his comment might have, by itself, prevented further expansion of the bubble. If he had consistently berated the markets with "irrational exuberance" comments and supported his case with charts and graphs, it is unlikely the market would have reached the dizzying heights of 1999 and 2000. If talk proved insufficient, he could have raised the margin requirement (which restricts borrowing to buy stock), and if necessary, he could have raised interest rates.

But he didn't do any of that -- and arguably, he even may have promoted expansion of the bubble with his "new economy" rhetoric. The economy will suffer for years to come as a result.

The bad news is not all behind us. Greenspan continues to ignore a housing bubble, the collapse of which is likely to have even larger repercussions for the economy and the retirement security of millions of Americans. People are currently buying homes in the bubble-infected markets (mostly on the east and west coasts), which could lose 30 to 40 percent of their value in a drop. For most families, their home is their biggest investment. Tens of millions of baby boomers are counting on equity in their home to support them in retirement now that their 401(k) plans have suffered so drastically from the stock market retreat. Instead of warning of a housing bubble, Greenspan testified before Congress last summer that there is no such thing.

He also supports an over-valued dollar that is causing the nation to borrow more than $1.5 billion every day from abroad. This process cannot continue for long. At some point the country literally will run out of things to sell -- in about 20 years at the current rate, if foreigners don't lose interest in the United States long before that. Whenever it happens, the dollar will drop, sending import prices and inflation soaring, and U.S. living standards will plummet. Again, Greenspan could act now, but he seems happy to let this debt continue to grow, happy to pass this problem on to future generations.

Those generations will suffer, too, from his endorsement of Bush's first round of draconian tax cuts. It's not clear why Greenspan did it -- after all, the head of the Fed shouldn't be influenced by the political climate -- because it was crystal clear from the start that those cuts were reckless.

Yet, unlike the custodian or the factory worker who get fired for poor performance, Greenspan just keeps drawing praise and getting reappointed. Nice work, if you can get it.




California?s Crude Awakening

"America can lead the world in developing clean, hydrogen powered automobiles ... the first car driven by a child born today could be powered by hydrogen, and pollution-free ... to make our air significantly cleaner, and our country much less dependent on foreign sources of energy."

That?s what President Bush said in his 2003 State of the Union address. If the Commander-in-Chief gets it, then why can?t we build hydrogen fueling stations and vehicles right now? We already produce billions of cubic feet of hydrogen annually and every major car company has hydrogen powered vehicles on the road today, promising mass production as early as 2007 (BMW?s internal combustion engine model). GM?s Larry Burns promises "tens of thousands" of hydrogen fuel cell cars by 2010 -- if the hydrogen fuel infrastructure is available.
Aye, there?s the rub. No car company will produce cars without the fuel and no energy company (or Walmarts and Home Depots, for that matter) will install hydrogen pumps until there are vehicles to use it. Who should blink first? The answer is in revenue bonds.

California will soon provide bond funds to build hydrogen stations and offer incentives to hydrogen vehicle buyers, repaying these bonds from revenue generated at the pump. Estimates show that a unit of hydrogen fuel, enough to move your car the same distance as a gallon of gasoline does, will cost no more than gasoline, even with a small premium added to repay the bonds. Since bond approval and underwriting takes time, followed by designing, permitting and building hydrogen stations, California is starting now to ensure that this clean, safe fuel is widely available in the state to power those hydrogen cars before the end of this decade -- and our state economy along with it.

The California plan recognizes that we must act promptly, because our dependence on oil threatens our national security, economy and public health as never before. Gasoline and diesel fuel at $2.25 per gallon are wreaking havoc on the California economy, already hard hit by the electricity crisis. Airlines are filing for bankruptcy and small businesses are struggling to survive as fuel costs skyrocket.

Moreover, we are rapidly running out of refinery capacity for gasoline and diesel fuels, thanks to worsening fuel economy in new vehicles sold, longer commutes and a growing population of drivers. In three years, we will likely face rolling shortages of petroleum fuels -- which will drive prices even higher -- with predictable economic impacts.
But the hidden cost of any delay in the hydrogen transition is measured in both dollars and lives. The number of U.S. deaths each year attributable to vehicle smog is between 50,000 and 100,000 along with six million asthma attacks, 159,000 emergency room visits and 53,000 other hospitalizations attributed to pollution from petroleum products and tailpipe emissions. Worse yet, childhood cancer and leukemia rates are highest in the highest density traffic corridors and people over 65 are at a health impact risk 10 times that of those aged 45 to 64.

Speaking of tobacco in the late 1970s, Health Secretary Joe Califano called for a smoke-free society by 2000. That seemed impossible then, but sure enough, public places in California, New York and many other states are now smoke-free. Tailpipe emissions are chemically similar to tobacco smoke, so it?s time to create a truly smoke-free society, ending the tyranny of petroleum and automobile pollution.

And perhaps until that day arrives, oil and auto companies should be held financially responsible for the harm their products create. Like tobacco companies, they should be forced to compensate state and federal governments for health-care costs and the enormous expense of cleaning up their toxic legacy in our air, water and landscapes.

When all of that is factored into the true price we pay for our addiction to oil, other states will echo the California plan. Until then, you?re all welcome to visit take our hydrogen powered cars for a test drive.



The Eyes and Ears of War
Data streaming from satellites proved pivotal in Iraq, letting U.S. troops beat Hussein's forces to the punch on the battlefield
Stretched across a wall at the U.S. Air Force's Combined Air Operations Center near the Persian Gulf is a shimmering, ever-changing display, showing the location of every aircraft above Iraq.

Throughout the war, commanders at the operations center used the map to reroute bombers the moment targets emerged -- whether they were Saddam Hussein sightings or Iraqi missile launches. In a matter of minutes -- not hours or days as in past wars -- commanders identified targets and then sent out orders to bomb.

This compression of time, known in the military as "shortening the kill chain," was possible for just one reason: satellite information. Flowing through a network of electronic eyes and ears above Earth, information bathed the battlefield, sending location data to GPS units in tanks, messages to sturdy portable computers with the troops and satellite images to weather stations set up on the dusty front lines.

The fire hose of information from space was a little-heralded but critical part of the swift victory in Iraq, providing a different kind of shock and awe: the ability to act almost instantaneously and cripple the Iraqi army's ability to respond.

In the Iraq war, space became the ultimate military high ground.

While last year's conflict in Afghanistan saw the use of space technologies in small skirmishes, the Iraq war marked the first effort to apply them across an entire battlefield swarming with hundreds of thousands of soldiers and a constant rush of tanks, jets and helicopters.

"If you ask what was the difference between Iraq's army and America's army, the big difference was satellites," said John Pike, a defense analyst with GlobalSecurity.org, an intelligence and military policy think tank based in Alexandria, Va. "And it's technology you don't even notice."

Though overshadowed by headline-grabbing pilotless drones and 21,000-pound MOAB bunker-buster bombs, the quick, quiet, almost mundane flow of electronic information -- whether from polar orbiting weather satellites 23,000 miles above Earth or school bus-sized KH or "keyhole class" spy satellites keen enough to read large newspaper headlines from space -- proved one of the U.S. military's most powerful weapons.

Big Changes
"Information is not just a weapon, it's an enabling technology that changes the culture, institution and setting in which war is conducted. It changes everything," said Loren Thompson, a defense and satellite expert at the Lexington Institute, a nonprofit think tank in Arlington, Va. "It is bringing about changes that are more fundamental than any we've ever seen before -- more fundamental than the tank, or the submarine, or even the atomic weapon."

In the current war, about 90% of the allied bombs used were so-called smart bombs that were guided either with lasers or GPS signals from orbiting satellites, military officials said. In the 1991 Persian Gulf War, only about 10% of weapons were precision-guided.

For the first time, allied commanders at the front were able to receive on portable computers target images from orbiters such as the "Lacrosse" radar-imaging satellites, which can see through clouds and darkness. Weather satellites, both civilian and military, gave notice of advancing dust storms and clouds. A decade ago, images of crucial targets sometimes had to be hand-carried from as far away as Washington, or were slowly transmitted as blurry, barely legible faxes.

The time lag between a target's identification and its destruction -- also known as the "sensor-to-shooter gap" -- has never been shorter. In an attempt to kill Hussein with an airstrike on April 7, "the time from when we identified the target to when we struck was less than 15 minutes," said Col. Larry James, senior space officer at the air operations center.

Allen Thomson, a retired intelligence analyst now living in Texas, said the most important satellite assets in this war were "the unglamorous ones" that supported communications, navigation and meteorology. These include the military's star performer: the Air Force Space Command's behemoth "Milstar" satellites, 10,000-pound switchboards in space that provide secure voice and data communication around the world. The number of satellites of all types used in the war is estimated to be nearly 100.

While allied forces were flush with data coming in day and night, Iraqi officers appeared to be operating with very little good information, experts said. At times, the Iraqi leadership was sending orders to units that no longer existed.

"Our side knew where all of our forces were at any given moment and the other side did not," said Steven Aftergood, a senior research analyst with the Federation of American Scientists. "It sounds simple, but it's actually a significant technological achievement."

Many allied tank commanders in forward positions were able to get a comprehensive picture of the fighting both nearby and across Iraq -- a real contrast from past tank warfare when a tank commander's main job "was to figure out where the hell he was," said the Lexington Institute's Thompson.

Weather maps and data from the National Oceanographic and Atmospheric Administration's two "POES," or polar operational environmental satellites, were beamed down to antennas at forward battlefield locations four times a day.

"In the war theater, they can set up an antenna and receive this information as they go," said Greg Whithee, who runs NOAA's satellite program. "They can see dust storms, fires, brewing storms of all kinds and smoke plumes so they can give pilots real-time instructions."

One reason satellites were so unheralded in the war was that their technology has become so common. Some of the most potent military tools are familiar to any office worker or teenager: instant messaging, video conferencing and wireless imaging. It's not surprising that they worked well in war. After all, they were tested in the most ferocious battlefield of all: the consumer marketplace.

The father of "network-centric warfare" is Vice Adm. Arthur Cebrowski, a former F-14 jet pilot and battle group commander who directs the Pentagon's Office of Force Transformation.

His inspiration for the heavily networked military of the 21st century? Wal-Mart Stores Inc. and its quilt of networked, synchronized operations.

Utilizing Commerce
In the past, the military created its own technologies -- including fax machines, the Internet and Humvees -- that were later spun off into the commercial market. In what experts now call "spin-on," the military is making good use of commercially available technologies, such as satellite imaging, satellite phones and durable laptops, the same as those used by Sears, Roebuck and Co. repair workers.

"We don't have to go out and build this all ourselves," James said in a telephone interview from the operations center, which is located at an undisclosed site in southwest Asia. Many troops brought their own GPS units from home -- purchased for hunting, fishing or camping -- to use during battle, finding them lighter and easier to use than the rugged, jam-proof military versions.

The contrast couldn't have been greater to James, who spent much of the 1991 Gulf War at the Pentagon trying to get a relatively small number of GPS units into the desert. "People called that the first space war, but we were just in our infancy," said James, who is usually based at the Air Force Space Command in Colorado Springs. "We've moved light years ahead."

The information-based strategy, which allows for the use of less force, is one possible reason the commander of allied forces in Iraq, Army Gen. Tommy Franks, felt confident entering the war with fewer troops than were deployed in 1991.

As the amount of information rises in war, the amount of weaponry needed falls, said Bruce Berkowitz, a research fellow at Stanford University's Hoover Institute and the author of "The New Face of War." While it took 648 bombs, on average, to hit a single target in World War II, military leaders of this war could hit a target with one GPS-guided bomb.

"In some cases, there is no explosive charge at all," Berkowitz said, citing the use of laser-guided "inert bombs" -- filled only with concrete that can destroy small targets using kinetic energy alone. "A little information goes a long way."

The number of eyes in space is only set to increase. Twelve "national security" launches are slated for 2003, compared to just one last year.

Worries Arise
The increasing reliance on the information flow, however, is raising some concerns. The speed of transmitting information and the automation of weapons systems have created the potential for a problems that can arise faster than humans can correct them. The Pentagon, for example, is analyzing the "automatic engagement mode" of the Patriot antimissile system, which shot down two friendly aircraft and targeted a third during the Iraq fighting.

Others are concerned about what could happen to an information-reliant army if information stopped flowing.

The deaths of seven U.S. servicemen on a frigid mountaintop in Afghanistan on March 4 last year has been blamed, in part, on such a breakdown. The soldiers' Chinook helicopter was ambushed during an attempt to rescue a Navy SEAL. Voice communications failed between the team, their commanders at Bagram air base and the U.S. forces fighting nearby. The rescue team did not receive information that U.S. forces had retreated from the area, and they walked into an enemy ambush.

"As warriors become more dependent on the network, they become increasingly vulnerable to its loss," Thompson said.

Electronic resources also are vulnerable to relatively low-tech jamming technologies. Low-flying satellites can be destroyed by missile strikes. High fliers could be targeted by nuclear weapons, which can fry electronic circuits with a burst of electromagnetic radiation when detonated.

The other danger is that the technology that gives the U.S. military such an edge against massed armies will ultimately drive enemies to adopt strategies that are less vulnerable, such as individual terrorist bombings and suicide attacks.

And the ubiquity and low cost of electronics that has been so helpful to the United States military will inevitably serve the country's enemies as well, Berkowitz said.

"Al Qaeda was able to buy a secure command and control system -- satellite phones and encrypted Internet -- off the shelf," he said.


Pentagon aims to implement war lessons quickly
WASHINGTON ? The Pentagon is moving swiftly to identify and implement the military lessons of the Iraq war, aiming to make postwar changes faster than after any previous conflict and soon enough to affect spending decisions in Congress this year.

Now that U.S. forces have prevailed with speed and precision on the battlefield, Pentagon officials want to build in those qualities to their war-fighting strategies and choices of weapons systems. One goal is to shape military funding for fiscal 2004, meaning the Defense Department would have to complete its standard postwar review within about six months. In the past, the process has taken many more months, or even years.

While Defense Secretary Donald H. Rumsfeld has declined to specify what lessons he has taken from the war, other advocates of his style of fast and flexible forces have made some suggestions. Those defense specialists say the overwhelming U.S. dominance in the air may make large numbers of the F/A-22 fighter jet appear to be unnecessary, and the surprising vulnerability of Army Apache helicopters to small-arms fire could call into question the usefulness of the Commanche stealth helicopter.

Early in the war, 30 to 40 Apache helicopters on a mission to attack a Republican Guard division near Baghdad were forced to retreat after encountering heavy anti-aircraft fire, which brought down one chopper and damaged nearly all of them. Despite that, military officials have defended the Apache's overall performance in the war.

"This is the Pentagon bureaucratic version of the war plan in Iraq," said Daniel Goure, a former Defense Department official currently with the Lexington Institute, a conservative research group. "This is part of a bureaucratic campaign unlike any other in DOD's history."

The Pentagon's Joint Forces Command has for several years been responsible for compiling lessons from major exercises and operations. It is led by Adm. Edmund Giambastiani, who until recently was Rumsfeld's top military assistant.

Before the war, Joint Forces Command sent a team of 30 senior officers to U.S. Central Command in Qatar, which served as military headquarters during the conflict. Those officers, led by a brigadier general, are bringing data back to other analysts at their headquarters in Norfolk, Va.

They plan to turn around "quick wins" that can be immediately adopted, as well as longer-range adjustments, said Army Lt. Col. Wayne Shanks, a Joint Forces spokesman.

Rumsfeld's focus on transforming the military led to the cancellation of the Army's $11 billion Crusader artillery system last year, which brought intense criticism and resistance from Congress and some Pentagon staffers. While there was talk that Rumsfeld might seek to cancel other weapons systems such as the F/A-22 jet, the V-22 Osprey aircraft, or the Commanche helicopter, all of them survived. With the lessons of the Iraq victory, Rumsfeld may aim at whole systems, some analysts said.

"This is premeditated," Goure said.

A speedy postwar review would also enable Rumsfeld to prevent others from defining the war's lessons. The importance of heavy armor as opposed to lighter, quicker forces remains open to debate, for example.

"He wants to make sure his version of the war hits the street first," said John Pike, director of GlobalSecurity.org.


Interview Fallout: Inquiry to focus on Marine
Las Vegan described how he hunted down, shot Iraqis after attack on unit
Military officials said Friday they will launch an inquiry into whether war crimes were committed by a Las Vegas Marine who described hunting down and killing Iraqi soldiers.

Marine Gunnery Sgt. Gus Covarrubias could be the first member of the U.S. military fighting in Iraq to be investigated for possible violations of rules governing battlefield conduct.

During an interview at his Las Vegas home earlier this week, Covarrubias told a Review-Journal reporter the harrowing tale of an intense April 8 battle in Baghdad that he described as "a firefight from hell."

The resulting story, published Friday, included Covarrubias' account of slipping away from other Marines after the battle in pursuit of the Iraqi Republican Guard member who fired a rocket-propelled grenade at his unit, causing a blast that gave him a concussion and wounded several other troops.

The 20-year veteran of the Marine Corps said he found the soldier after dark inside a nearby home with the grenade launcher next to him. Covarrubias said he ordered the man to stop and turn around.

"I went behind him and shot him in the back of the head," Covarrubias said. "Twice."

Military officials on Friday declined to comment on Covarrubias' story beyond a statement released late in the afternoon by the Marine Forces Reserve headquarters in Quantico, Va.

"A preliminary inquiry has been initiated by the Naval Criminal Investigative Service to examine the circumstances surrounding the statements made by Gunnery Sgt. Covarrubias in an April 25, 2003 Las Vegas Review-Journal article," the statement reads.

"The preliminary inquiry will determine if the actions described by Gunnery Sgt. Covarrubias during combat operations met the established rules of engagement and complied with the law of war. The inquiry will be thorough and impartial and will determine whether a formal investigation is warranted."

On Friday, Covarrubias did not answer his phone or knocks at the door of his northwest Las Vegas home. Sgt. Richard Slider, a Las Vegas spokesman for the Marines, said Covarrubias would not be available for additional media interviews.

But at least one other Marine who fought and was injured alongside Covarrubias said he believes the Las Vegan's actions were not only warranted, but critical.

"If he wouldn't have done it, those guys probably would've come back and killed or severely injured other Marines," said Marine reservist Sgt. Michael Dunn, who took shrapnel in an arm during the battle and is now recuperating at his Las Vegas home. "He did the right thing. I stand behind him 100 percent."

Dunn said Covarrubias' wife told him during a phone conversation that Covarrubias was ordered to appear at the Reserve Training Center after the story appeared Friday morning.

"She said he had got in trouble, but that's all she knew," Dunn said.

John Pike, director of globalsecurity.org, a defense and intelligence policy organization based near Washington, D.C., said the inquiry "undoubtedly" will focus on whether Covarrubias killed a prisoner of war, a serious war crime.

"As soon as (the Iraqi soldier) had surrendered and obeyed a command to turn around, he was no longer an enemy combatant. He was a POW," said Pike, one of the nation's leading civilian experts on the U.S. military. "We do not allow our soldiers to execute POWs at their own discretion. And this, as described, looks like the summary execution of a POW."

Pike said if Covarrubias is not cleared of wrongdoing, the killing as he described it could result in a criminal charge of "failure to accept surrender" or the more serious charge of murder.

"It could be interpreted either way," Pike said. "Normally, when we think about shooting somebody in the back of the head, you think about that as murder. But I think that soldiers who have experienced combat are going to look at it and see it as a failure to accept surrender."

Pike said he wasn't aware of any similar incidents during the conflict in Iraq that have resulted in such inquiries. He said he was surprised by Covarrubias' candor.

"These kinds of incidents are a lot more common than anyone is ever going to let on. But it's usually not the sort of thing people talk about," Pike said. "The Iraqis quite possibly did it to us, and I'm not surprised we did it to them, but it's not supposed to happen."

In a Wednesday interview at his home, Covarrubias, 38, talked in great detail about the firefight that injured him and eight other Marines from Fox Company, 2nd Battalion, 23rd Marines. The unit, drawn from reservists in Utah and Las Vegas, calls itself the "The Sinners and the Saints."

When the fighting was over, the unit settled in for rest, food and water.

Covarrubias, who said he was a former sniper with more than 30 kills during the first Gulf War, told the Review-Journal he took off most of his gear, grabbed a pistol and told the others in his unit that he was leaving for a little while.

Covarrubias said from the trajectory of the grenade, he traced the origin of the strike to a nearby house and sneaked inside.

After killing the Iraqi soldier, he took the man's military ID as a souvenir.

Covarrubias also described finding the man's partner outside trying to escape and chased him down.

"I shot him, too," he said. "I'm not vindictive, and I might get in trouble for telling you this, but I take it very personally when you do that to my family. The Marines are my family."

He also took that man's ID, as well as his AK-47 assault rifle.

Pike, the military expert, said the killing of the second Iraqi soldier as described by Covarrubias does not appear to violate combat rules.

Covarrubias said during the interview that he believed the two Iraqi soldiers got what they deserved.

"This," he said while holding up the two ID cards during the interview, "is justice."


"Basically, it came to this: Right now there is only one ship that can take a crew to the international space station, and it's ours," said Sergei Gorbunov, spokesman for Russia's space agency. "Russia has to do it. No one else, not even the Americans, can right now."

The Russian Soyuz, whose primary role had been to serve as an emergency evacuation craft for the station, is now the only ship capable of carrying crews to and from the $60 billion space outpost.

"This is something that I'm sure the history books will write about," Frederick Gregory, deputy administrator of NASA, said at Russia's Baikonur cosmodrome, located in the former Soviet republic of Kazakhstan. "You have to be impressed with the Russian ability to simplify a very complex action."

Lu's fiancee, who watched the launch in the Kazakh steppe, said it was a great achievement.

"After the tragedy we've endured, we just feel so proud to be part of this," Christine Romero said. "We are riding on their coattails."

A week after Malenchenko and Lu arrive, the station's current inhabitants, U.S. astronauts Kenneth Bowersox and Donald Pettit and cosmonaut Nikolai Budarin, will come home on the Soyuz TMA-1 currently docked to the station.

With its space budget a fraction of what it was in the Soviet era, Russia has struggled to find ways to earn cash for its program. It sold two trips to space in 2001 and 2002 for about $20 million each.

Russia virtually has frozen construction on its segment of the station because of money problems.

"Unless we finish the Russian section, we can forget about our scientific programs in space," Russian space agency chief Yuri Koptev said Saturday, according to the Interfax news agency. "The Americans will have their own segment, as will the Japanese, while we will work as spaceship drivers."

Koptev said NASA's new reliance on Russia after the grounding of the shuttle fleet should translate into more financial assistance from the United States. That topic will be on the agenda when he meets with NASA officials May 5.

"Russia will face an additional burden if, in the worst-case scenario, shuttle flights are resumed a year later," Interfax quoted Koptev as saying. "We need financial support from our partners."


This page is powered by Blogger. Isn't yours?

Subscribe to Posts [Atom]