-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Wednesday, January 15, 2003 7:28 AM To: Information Technology; Cyber Threats Subject: [Cyber_threats] Daily News 01/15/03 January 14, Government Computer News Spread of handheld devices raises security questions. Wireless security is a major concern for agencies that deal with ever-more tech-savvy employees bringing to work handheld devices that don't mesh with federal security guidelines, said CDW Government Inc. president James R. Shanks. As agencies are working to bolster network security, the proliferation of wireless devices is raising new security challenges, said Shanks. The potential mobilization of military troops for a war with Iraq is "adding fuel to the fire," Shanks said. Meanwhile, agencies also are working to merge a vast range of applications for use on wireless devices and figure out how to manage the applications from central servers. Some companies that develop wireless software have met with standards writers to better align their products to meet federal and commercial security needs, said Larry S. Kirsch, senior vice president of CDWG. And a few companies have begun to pitch products that inventory and update network administrators when any user taps into the server via a wireless device. Source: http://www.gcn.com/vol1_no1/daily-updates/20869-1.html January 13, Government Computer News Open-source group names top 10 Web vulnerabilities. The Open Web Application Security Project has released a list of the top 10 vulnerabilities in Web applications and services. The group said it wants to focus government and private-sector attention on common weaknesses that require immediate remediation. In the longer term, this list is intended to be used by development teams and their managers during project planning," the report noted. "Ultimately, Web application developers must achieve a culture shift that integrates security into every aspect of their projects." OWASP is a volunteer open-source community project created to bring attention to security for online apps. The OWASP vulnerabilities are well known, but continue to represent significant risk because they are widespread. They can be exploited by code in HTTP requests that are not noted by intrusion detection systems and are passed through firewalls and into servers despite hardening. The complete report and list of vulnerabilities is available on the organization's Web site, www.owasp.org. Source: http://www.gcn.com/vol1_no1/daily-updates/20862-1.html January 13, Info World Microsoft adds category to security rating system. After customers complained that they couldn't identify the most serious security vulnerabilities, Microsoft has added a fourth category to its vulnerability rating system. But critics feel that the extra tier adds even more complexity to an administrator's job. Under the new system, fewer bulletins get the "critical" stamp. Only vulnerabilities that could be exploited to allow malicious Internet worms to spread without user action are now rated critical. Many issues that were previously rated critical are now "important," a new category in the rating system. These "important" vulnerabilities could still expose user data or threaten system resources, but they might not receive the urgent attention from administrators that they deserve. A two-tiered system would let administrators quickly decide whether they need to drop all tasks at hand and apply a patch, or whether the risk is small enough that they can wait and include it in a weekly patch cycle. Source: http://www.infoworld.com/articles/hn/xml/03/01/13/030113hnmsfourt h.xml?s=IDGNS Virus: #1 Virus in USA: WORM_KLEZ.H Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports: 137 (netbios-ns), 80 (http), 1433 (ms-sql-s), 21 (ftp), 4662 (???), 53 (domain), 135 (???), 445 (microsoft-ds), 139 (netbios-ssn), 27374 (asp) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Cyber_Threats mailing list Cyber_Threats@listserv http://listserv.infragard.org/mailman/listinfo/cyber_threats
This archive was generated by hypermail 2b30 : Wed Jan 15 2003 - 08:42:01 PST