-----Original Message----- From: NIPC Watch To: Daily Distribution Sent: 1/28/02 5:59 AM Subject: NIPC Daily Report 28Jan 02 NIPC Daily Report 28 January 2002 The NIPC Watch and Warning Unit compiles this report to inform recipients of issues impacting the integrity and capability of the nation's critical infrastructures. White House cybersecurity strategy to focus on private sector buy-in. The White House plans to include extensive input from private sector contributors in its national cybersecurity strategy, due out in June. The strategy will avoid calling for legislative edicts, and instead seek "market-based" motivations for companies in various sectors to beef up their electronic security. (Newsbytes, 25 Jan) FedCIRC prepares security tools. The Federal Computer Incident Response Center (FedCIRC) is preparing a range of security tools to be made available over the next year. Programs include a patch dissemination system that will help security managers handle the abundance of security patches available for commercial software, and a collaboration system that will offer federal officials a closed environment to discuss sensitive but unclassified security issues. Also, FedCIRC plans to pilot a new tool being developed by CERT/CC that will automatically analyze incident information from agencies' security applications. (Federal Computer Week, 25 Jan) Broadband security threats. A commercial security technology company says broadband access to the Internet poses serious security threats that leave ISP's and customers vulnerable to a variety of attacks. In particular, broadband is exploitable for use as a launching pad for denial-of-service attacks, and is susceptible to mail-relay activity through misconfigured mail servers. (Info Security News, 26 Jan) Amtrak's financial woes have worsened. Despite robust passenger growth over the past five years, Amtrak's financial condition has deteriorated and the national passenger railroad probably cannot get through this fiscal year without additional federal subsidies. The report on Amtrak's financial condition said the railroad cannot possibly meet the congressional requirement to become "operationally self-sufficient" by 2 December. The Amtrak Reform Council will issue a report next month that is all but certain to recommend some private-sector solution. (Washington Post, 26 Jan) BWI focus of national security program. The Transportation Security Administration will redesign some security procedures at Baltimore-Washington International Airport as part of its program for testing airport security methods and operations that will be used at airports nationwide. (Washington Post, 26 Jan) Malicious software report. W32/Myparty@MM is a new mass-mailing worm that arrives in e-mail messages under the subject line 'new photos from my party!'. Running the attachment infects the local machine, and the virus sends itself out to the Windows Address Book and addresses found within .DBX files. Symantec rates this worm a Threat Level 3, with a high distribution. (Symantec, 26 Jan) Hackers hit western governments. The hacker group 'Pentaguard' defaced Government Web sites in Australia, Britain and the US over the weekend. The assault was one of the largest systematic attacks on official sites. The defacement was unusual in that it simultaneously targeted three governments in different time zones. (New Zealand Herald, 27 Jan)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:38:39 PDT