-----Original Message----- From: NIPC Watch [mailto:nipcwatch@private] Sent: Wednesday, October 09, 2002 6:48 AM To: Cyber Threats Subject: [Cyber_threats] Daily News 10/09/02 October 8, CERT/CC Vulnerability Note VU#328867. Multiple vendors' firewalls do not adequately keep state of FTP traffic. Firewalls and other systems that inspect FTP applications layer traffic may not adequately maintain the state of FTP commands and responses. As a result, an attacker could establish arbitrary TCP connections to FTP servers or clients located behind a vulnerable firewall. A vulnerable firewall will see a properly terminated PASV response at the start of a packet and create a rule allowing the client to connect to the specified port on the FTP server. Source: http://www.kb.cert.org/vuls/id/328867 October 8, Pittsburgh Post-Gazette CMU taking a leading role in war against cyberterror. The Department of Defense has decided to give Carnegie Mellon University $35.5 million to help combat cyberterrorism. But the tactics the university will develop to flummox al-Qaeda and other terrorists really won't be much different than those needed to block garden-variety Internet crooks and snoops. "These problems have always existed," said Pradeep Khosla, head of the university's electrical and computer engineering department and director of the newly formed Center for Computer and Communications Security. "Terrorism only increased the visibility of these problems." With the world's electronic infrastructure expanding by leaps and bounds, it's essential to commerce, not just homeland security, that Internet users be able to verify that people on the Net are who they say they are and that computers and other components resist attacks by hackers, whether they are terrorists or pranksters, Khosla said. Source: http://www.post-gazette.com/healthscience/20021008cybersecuritysci2p2.asp _______________________________________________ Cyber_Threats mailing list Cyber_Threats@listserv http://listserv.infragard.org/mailman/listinfo/cyber_threats
This archive was generated by hypermail 2b30 : Wed Oct 09 2002 - 10:49:04 PDT