-----Original Message----- From: NIPC Watch [mailto:nipcwatch@private] Sent: Monday, November 04, 2002 6:53 AM To: Cyber Threats Subject: [Cyber_threats] Daily News 11/04/02 November 3, The Washington Post ISP says it will test Internet security measures. SBC Communications Inc., one of the nation's largest Internet service providers, plans to create a laboratory to tests methods of defeating viruses and attacks on Web sites. The decision to create the research center, to be announced Monday, was endorsed by a top official of a government Internet security board. SBC said it is creating the laboratory in response to an increase in viruses, worms and so-called denial-of service attacks, in which hackers overwhelm a Web site or computer system by flooding it with traffic. Authorities say attacks are doubling every year. The SBC lab, to be based in Austin, will mimic servers, firewalls and other structures of an ISP. Fred Chang, chief executive of the unit that will run the lab, said the center could produce some early anti-hacker technologies within 18 months and "quite significant innovations" in three to five years. SBC appears to be responding to calls for network providers to play a larger role in Internet security, which is currently left largely to computer users installing software or firewalls. Source: http://www.washingtonpost.com/wp-dyn/articles/A62201-2002Nov3.html October 31, The Washington Post Attacks exposed Internet's vulnerabilities: Experts urge greater cooperation from users, ISPs to protect Internet's infrastructure. Last week's attacks on the Internet's core systems revealed much about those systems' vulnerabilities, and the next hacker who tries it almost certainly will benefit from that information, experts said. The strike against the Internet's road map was deflected before it could affect ordinary users, but in media reports after the attacks, several DNS operators disclosed or estimated the level of Internet data or "traffic" that it took to overwhelm their servers. That kind of information could spur malicious hackers to mount larger assaults on the Internet's architecture, said Steve Gibson, president and founder of Gibson Research Corp., in Laguna Hills, Calif. "From the attacker's standpoint, you don't really know just how much bandwidth is required to pull the DNS servers down," Gibson said. "Now everybody knows, and those who previously thought the DNS was too big a target may be reexamining that notion." Source: http://www.washingtonpost.com/wp-dyn/articles/A47438-2002Oct31.html October 31, The Washington Post Root-server attack traced to South Korea, U.S. Last week's attacks on the Internet's backbone likely emanated from computers in the United States and South Korea, FBI Director Robert Mueller today said. "The investigation is ongoing," Mueller said at an Internet security conference in Falls Church, Va. He did not offer more details on the investigation, nor did he outline the evidence investigators have gathered so far. East Asia is a major source of cyber crime and computer attacks, in part because of the relatively high number of broadband users in the region's countries. According to several recent studies, only the United States surpasses South Korea as an origin of computer attacks. Such statistics don't necessarily prove the actual source of cyber attacks, since attackers frequently can mask their identities and locations. Mueller's remarks today came in a speech in which he encouraged private industry to cooperate with law enforcement in fighting cyber crime. Muller also discussed his agency's likely role in cyber security under a newly formed homeland security agency. Source: http://www.washingtonpost.com/wp-dyn/articles/A46872-2002Oct31.html October 31, Cisco Cisco Security Advisory: Cisco ONS15454 and Cisco ONS15327. Cisco announced that multiple vulnerabilities exist in the Cisco ONS15454 optical transport platform and the Cisco ONS15327 edge optical transport platform. All Cisco ONS software releases earlier than 3.4 are vulnerable. The ONS hardware is managed via the TCC, TCC+, TCCi or the XTC control cards which are usually connected to a network isolated from the Internet and local to the customer's environment. This limits the exposure to the exploitation of the vulnerabilities from the Internet. There are workarounds available to mitigate the effects of these vulnerabilities, which are posted on Cisco's website. Cisco is also offering free software upgrades to address these vulnerabilities for all affected customers. Source: http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml Virus: #1 Virus in USA: PE_FUNLOVE.4099 Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 137(netbios-ns); 80(http); 1433(ms-sql-s); 139(netbios-ssn); 25(smtp); 53(domain); 21(ftp); 515(printer); 135; 22(ssh) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Cyber_Threats mailing list Cyber_Threats@listserv http://listserv.infragard.org/mailman/listinfo/cyber_threats
This archive was generated by hypermail 2b30 : Mon Nov 04 2002 - 11:03:44 PST