CRIME [C.r.i.m.e.-announce] FW: [Cyber_threats] Daily News 01/15/03

From: George Heuston (GeorgeH@private)
Date: Wed Jan 15 2003 - 07:54:55 PST

  • Next message: Sarah Mocas: "CRIME Re: [C.r.i.m.e.-announce] Re: Meeting this Friday"

    -----Original Message-----
    From: NIPC Watch [mailto:nipc.watch@private] 
    Sent: Wednesday, January 15, 2003 7:28 AM
    To: Information Technology; Cyber Threats
    Subject: [Cyber_threats] Daily News 01/15/03
    
    
    January 14, Government Computer News
    Spread of handheld devices raises security questions. Wireless security
    is a major concern for agencies that deal with ever-more tech-savvy
    employees bringing to work handheld devices that don't mesh with federal
    security guidelines, said CDW Government Inc. president James R. Shanks.
    As agencies are working to bolster network security, the proliferation
    of wireless devices is raising new security challenges, said Shanks. The
    potential mobilization of military troops for a war with Iraq is "adding
    fuel to the fire," Shanks said. Meanwhile, agencies also are working to
    merge a vast range of applications for use on wireless devices and
    figure out how to manage the applications from central servers. Some
    companies that develop wireless software have met with standards writers
    to better align their products to meet federal and commercial security
    needs, said Larry S. Kirsch, senior vice president of CDWG. And a few
    companies have begun to pitch products that inventory and update network
    administrators when any user taps into the server via a wireless device.
    Source: http://www.gcn.com/vol1_no1/daily-updates/20869-1.html
    
    January 13, Government Computer News
    Open-source group names top 10 Web vulnerabilities. The Open Web
    Application Security Project has released a list of the top 10
    vulnerabilities in Web applications and services. The group said it
    wants to focus government and private-sector attention on common
    weaknesses that require immediate remediation. In the longer term, this
    list is intended to be used by development teams and their managers
    during project planning," the report noted. "Ultimately, Web application
    developers must achieve a culture shift that integrates security into
    every aspect of their projects." OWASP is a volunteer open-source
    community project created to bring attention to security for online
    apps. The OWASP vulnerabilities are well known, but continue to
    represent significant risk because they are widespread. They can be
    exploited by code in HTTP requests that are not noted by intrusion
    detection systems and are passed through firewalls and into servers
    despite hardening. The complete report and list of vulnerabilities is
    available on the organization's Web site, www.owasp.org. Source:
    http://www.gcn.com/vol1_no1/daily-updates/20862-1.html
    
    January 13, Info World
    Microsoft adds category to security rating system. After customers
    complained that they couldn't identify the most serious security
    vulnerabilities, Microsoft has added a fourth category to its
    vulnerability rating system. But critics feel that the extra tier adds
    even more complexity to an administrator's job. Under the new system,
    fewer bulletins get the "critical" stamp. Only vulnerabilities that
    could be exploited to allow malicious Internet worms to spread without
    user action are now rated critical. Many issues that were previously
    rated critical are now "important," a new category in the rating system.
    These "important" vulnerabilities could still expose user data or
    threaten system resources, but they might not receive the urgent
    attention from administrators that they deserve. A two-tiered system
    would let administrators quickly decide whether they need to drop all
    tasks at hand and apply a patch, or whether the risk is small enough
    that they can wait and include it in a weekly patch cycle. Source:
    http://www.infoworld.com/articles/hn/xml/03/01/13/030113hnmsfourt
    h.xml?s=IDGNS
    
    Virus: #1 Virus in USA: WORM_KLEZ.H
    Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus
    Tracking Center [Infected Computers, North America, Past 24 hours, #1 in
    United States]
    
    Top 10 Target Ports: 137 (netbios-ns), 80 (http), 1433 (ms-sql-s), 21
    (ftp), 4662 (???), 53 (domain), 135 (???), 445 (microsoft-ds), 139
    (netbios-ssn), 27374 (asp)
    Source: http://isc.incidents.org/top10.html; Internet Storm Center
    
    
    _______________________________________________
    Cyber_Threats mailing list
    Cyber_Threats@listserv
    http://listserv.infragard.org/mailman/listinfo/cyber_threats
    _______________________________________________
    C.r.i.m.e.-announce mailing list
    C.r.i.m.e.-announce@private
    http://lists.whiteknighthackers.com/mailman/listinfo/c.r.i.m.e.-announce
    



    This archive was generated by hypermail 2b30 : Wed Jan 15 2003 - 15:18:12 PST