-------- Original Message -------- Subject: [Information_technology] Daily News 12/26/02 Date: Thu, 26 Dec 2002 11:30:15 -0800 From: "NIPC Watch" <nipc.watch@private> To: <information_technology@private> December 23, NewsFactor Network - The code that cuts both ways - the debate over full disclosure. The focus on computer security has never been more intense, and the debate over disclosure has never been hotter. On one hand, mailing lists like BugTraq can give vendors an incentive to fix security holes by making them public. But some vendors say full disclosure only helps crackers, so they urge security experts to wait before making information available. Should security experts publicize vulnerability information, especially when releasing that data could result in functional attacks on security holes before a patch is released? Cate Quirk, an analyst with AMR Research, told NewsFactor that lists like BugTraq are necessary. "It certainly gets people on the ball, that they do need to patch security holes," she said. But despite widespread agreement that public disclosure of security flaws is necessary, experts differ on how much information should be made available, or how quickly that information should be released. Many people who discover security holes are "white hats" -- hackers who want to find vulnerabilities and have them fixed before would-be attackers can exploit them to the detriment of computer users. But white hats face several practical and ethical issues in disclosing security problems. On the other hand, if a white hat chooses to remain silent, the vulnerability in question may go unreported and unrepaired -- but crackers may also discover it independently and exploit it in secret. Source: http://www.newsfactor.com/perl/story/20319.html December 23, Wired News - IDC says that tech bucks and hack threats are up. In a series of predictions for the coming year, IDC analysts said the economy could expect a boost from an increase in corporate IT spending. Every year, IDC makes 10 predictions for the upcoming year. In the six years it has made such forecasts, it has usually gotten seven out of 10 predictions right, says IDC chief research officer John Gantz. IDC fears that a war with Iraq will galvanize hackers to use their skills, perhaps in a coordinated way, to create "economic disruptions" through denial-of-service attacks and even physical attacks on key networks. IDC went as far as to say that such an attack would bring the Internet "down to its knees" for a day or two. IDC based this prediction on an Oct. 22 DoS attack against 13 "root servers" that provide the primary roadmap for almost all Internet communications. Although investigators considered it the largest and most sophisticated attack ever against the Internet, users worldwide were largely unaffected. Still, IDC considered the attack a "blueprint" for events to come. Source: http://www.wired.com/news/infostructure/0,1377,56902,00.html _______________________________________________ Information_technology mailing list Information_technology@listserv http://listserv.infragard.org/mailman/listinfo/information_technology
This archive was generated by hypermail 2b30 : Thu Dec 26 2002 - 16:47:17 PST