-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Wednesday, January 08, 2003 1:40 PM To: Information Technology; Cyber Threats Subject: [Cyber_threats] Daily News 01/08/03 January 07, Associated Press Revised White House security initiative focuses on agencies. An internal draft of the Bush administration's revised plan to improve cybersecurity, the National Strategy to Secure Cyberspace, is circulating among government offices and industry executives this week. In the new plan, the number of initiatives to tighten security for vital computer networks was reduced from 86 to 49. The plan no longer includes a number of voluntary proposals for America's corporations to improve security, focusing instead on suggestions for U.S. government agencies, such as a broad new study assessing risks. Among the draft's changes was the removal of an explicit recommendation for the White House to consult regularly with privacy advocates and other experts about how civil liberties might be affected by proposals to improve Internet security. The draft notes that the new Department of Homeland Security (DHS) will include a privacy officer to ensure that monitoring the Internet for attacks would balance privacy and civil liberties concerns. The draft proposes to use the DHS to launch some test attacks against civilian U.S. agencies and to improve the safety of automated systems that operate the nation's water, chemical and electrical networks. The new version also says the Defense Department can wage "cyber warfare" if the nation is attacked. It warns that although it can be difficult or even impossible to trace an attack's source, the government's response "need not be limited to criminal prosecution." The new version also puts new responsibilities on the CIA and FBI to disrupt other countries' use of computer tactics to collect intelligence on government agencies, companies and universities. Source: http://www.washingtonpost.com/wp-dyn/articles/A18662-2003Jan6.html January 07, InfoWorld MSN Messenger outage affects millions. Microsoft Corporation's MSN Messenger service went down yesterday. According to a Microsoft spokesman, the service went down at approximately 9 a.m. EST, and the root cause of the outage is still unknown. The outage affected all 75 million worldwide users of Microsoft's .Net Messenger Service, including Windows Messenger and MSN Messenger subscribers, according to a statement from Larry Grothaus, lead product manager for MSN. The .Net Messenger Service is the back-end service that powers both the Windows Messenger and the MSN Messenger clients. MSN Hotmail e-mail service and other MSN services weren't affected, he said. Although service was restored for some users by about 2 p.m. EST, some users were still unable to log onto the messaging software later in the afternoon. Microsoft didn't have any more difficulties with the service late yesterday, but some users may still be shut out as the service scales back up, according to Grothaus. Source: http://www.computerworld.com/softwaretopics/software/groupware/st ory/0,10801,77308,00.html January 06, CNET News FCC considers changes to the broadband market. U.S. regulators plan to unveil a major overhaul in telecommunications policy in the coming weeks that could strengthen the hand of local phone monopolies in a number of key areas, including high-speed Internet access. At stake are regulations governing how local phone companies must treat competitors seeking access to their lines and facilities. Those rules, set in 1996, were intended to be the cornerstone of a competitive marketplace for services that piggyback on the local phone networks. But some top policy-makers at the Federal Communications Commission (FCC) have recently indicated that they believe consumers would do better if such rules were sharply curtailed. Small companies are worried about being driven out of business, companies as large as ATTare concerned about losing access to local phone networks, and the big local phone companies see a policy victory they've sought for years. At stake is control over the future broadband networks and services, and by extension the range of services choices that will be available to consumers and businesses in any given market. Since 1996's telecommunications deregulation, market competition has been fierce among cable companies, local phone giants, and a slew of rivals ranging from Covad to ATTthat use the local phone companies' networks for their own services. Source: http://news.com.com/2100-1033-979356.html January 06, Security Focus California disclosure law has national reach. A new California law requiring companies to notify their customers of computer security breaches applies to any online business that counts Californians as customers, even if the company isn't based in the Golden State. So warned Scott Pink, deputy chair of the American Bar Association's Cybersecurity Task Force, in a conference call Monday organized by an industry trade group, Information Technology Association of America, and attended by approximately 50 representatives of technology companies and law firms. The law, called "SB 1386," is intended to combat identity theft. It was passed last September and will take effect on July 1, 2003. To trigger the law, a breach must expose certain type of information: specifically, customers' names in association with their social security number, driver's license number, or a credit card or bank account number. After such an intrusion, the company must notify the effected customers in "the most expedient time possible and without unreasonable delay." The disclosure only needs to be made to California residents. But as a practical matter, Pink said, online businesses may find it easier to notify everyone impacted by a breach, rather than trying to cherry-pick Californians for special treatment. Companies that ignore the law face potential exposure to class action lawsuits. The law addresses a chronic problem in e-commerce - companies that are hacked are often reluctant to go public for fear of bad publicity or civil liability. But in forcing companies to come clean, the California law takes the opposite approach of the Bush administration's emerging cyber security policies, which encourage secret disclosure to government officials, rather than public warnings. Source: http://online.securityfocus.com/news/1984 Virus: #1 Virus in USA: PE_FUNLOVE.4099 Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports: 137 (netbios-ns), 1433 (ms-sql-s), 80 (http), 445 (microsoft-ds), 139 (netbios-ssn), 4662 (???), 135 (???), 25 (smtp), 53 (domain), 443 (https) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Cyber_Threats mailing list Cyber_Threats@listserv http://listserv.infragard.org/mailman/listinfo/cyber_threats
This archive was generated by hypermail 2b30 : Wed Jan 08 2003 - 18:41:09 PST