CRIME FW: [Information_technology] Daily News 02/03/03

GeorgeH@private

-----Original Message-----
From: NIPC Watch [mailto:nipc.watch@private] 
Sent: Monday, February 03, 2003 8:27 AM
To: Information Technology
Subject: [Information_technology] Daily News 02/03/03

February 02, New York Times
Departing security official highlights cyber threat. Richard A. Clarke,
the
blunt, sometimes abrasive White House adviser who raised the alarm about
unconventional national security threats ranging from failed states to
biological and computer terrorism for more than a decade, quietly
resigned
as President Bush's special adviser for cyberspace security on Friday.
In an
interview after his last day in office, Clarke warned that although the
government had made considerable progress in defending its electronic
infrastructure from computer attacks, the United States faced ever
greater
peril, given its growing dependence on the Internet. "A sophisticated
cyberattack may not result in massive deaths," he said. "But it could
really
hurt our economy and diminish our ability to respond to a crisis,
especially
if it is combined with a war, or a terrorist attack." Clarke said the
attack
last weekend by a computer bug known as the Sapphire worm showed the
vulnerability of the United States' increasingly Internet-based economy.
Though it was a relatively simple bug, he said, Sapphire, which has also
been called Slammer, ravaged systems throughout the United States and
overseas in just a few hours, shutting down some of the Bank of
America's
automated teller machines and Continental Airlines' online ticketing
system,
and denying access to the Internet to millions of personal computer
owners.
"Don't assume that the damage done by hackers in the past is predictive
of
the future," Clarke said. "As Sept. 11 showed, as long as our
vulnerabilities are large, some enemy will exploit them in a new and
hugely
damaging way." Clarke said the nation is safer today than before Sept.
11
because al Qaeda's sanctuary in Afghanistan is gone and because
Americans
had rounded up hundreds of al Qaeda operatives abroad and tightened
aviation
security overseas and domestically. Clarke said he was leaving his post
now
because "11 years in the White House and a total of 30 in government is
more
than enough," and because President Bush would soon unveil a new
national
strategy to protect the nation's information infrastructure, which
Clarke
and his team had drafted. Source:
http://www.nytimes.com/2003/02/02/politics/02RESI.html

January 31, Federal Computer Week
Cybersecurity RDagenda unveiled. The Institute for Information
Infrastructure Protection (I3P) has unveiled its 2003 Cyber Security
Research and Development Agenda, which identifies critical areas that
require significant research and development to help secure the nation's
information infrastructure. The agenda, announced January 30, outlines
eight
crucial RDgaps that are not being sufficiently addressed by ongoing
government, private-sector or academic research: 1) Enterprise security
management; 2) Trust among distributed autonomous parties; 3) Discovery
and
analysis of security properties and vulnerabilities; 4) Secure system
and
network response and recovery; 5) Traceback, identification and
forensics;
6) Wireless security; 7) Metrics and models; 8) Law, policy and
economics.
The I3P, a consortium of 23 leading cybersecurity research institutions
from
academia, national labs and nonprofit organizations, is funded by the
Commerce Department and the National Institute of Standards and
Technology.
The agenda will help the White House's Office of Science and Technology
Policy better coordinate RDefforts across government agencies, said
Susan
Hays, deputy associate director for technology at the office. I3P
received
input, gathered over nine months in 2002, from more than 900 experts and
security professionals from the private sector, academia and government,
said Michael Vatis, chairman of I3P. Source:
http://www.fcw.com/fcw/articles/2003/0127/web-cyber-01-31-03.asp

January 31, Computerworld
Free benchmark could have found Slammer vulnerability. Industry experts
and
users said the Slammer worm should have been a non-issue for companies
because the patches and a free tool capable of detecting the
vulnerability
exploited by the worm were available six months ago. In particular, they
point to the issuance in July of the Consensus Minimum Security
Benchmarks,
also known as the Gold Standard. Developed jointly by five federal
agencies,
including the National Security Agency (NSA) and the FBI's National
Infrastructure Protection Center, as well as the SANS Institute and the
Center for Internet Security (CIS), the Gold Standard benchmark can be
used
to test Windows 2000 Professional systems running as workstations for
proper
configuration. Alan Paller, director of research at SANS, said an NSA
study
of the benchmark concluded that by running it on a network a company
could
eliminate more than 90% of known vulnerabilities. Claude Bailey, an IT
security analyst at one of the nation's largest financial management
firms,
said that while the Gold Standard is a good starting point, his security
administrators say the problem isn't in detecting the vulnerability but
in
deploying the patches and fixes across an organization of 50,000
employees -- and guaranteeing that the patch won't cause more problems.
"We
tested the original patch [for the SQL vulnerability], and it had
problems,"
said Bailey. Now, with the financial firm in the middle of tax season,
there's too much to lose to deploy patches that break other parts of the
network. Source:
http://www.computerworld.com/securitytopics/security/holes/s
tory/0,10801,78063,00.html

January 30, SecurityFocus
E-voting security debate. Some respected computer scientists and
security
experts in California's Silicon Valley say the risks posed by malicious
hackers, equipment failure or subtle programming errors make
fully-electronic voting systems a bad idea. "There's no voter-validated
record, so Trojan horses or accidents can happen without any evidence
that
anything has gone wrong," correctly," says Peter Neumann, a scientist at
SRI
International, a non-profit research institute. Electronic voting
systems
usually featuring touch screens and simple ATM-like interfaces. By some
estimates one out of five votes were cast electronically last November.
The
systems are not connected to the Internet; instead, voters' ballots are
typically stored on an internal hard drive until the polls close. Then
they're copied a portable disk or a non-volatile memory card and taken
to a
central counting facility. It's the paperless nature of the transaction
that
bothers critics. "The problem is that.it's really up to the company that
wrote the software to say that there were no errors or deliberate
tampering
that interfered with the vote," says David Dill, a computer science
professor at Stanford University. The computer scientists say they'd be
happier, but not convinced, if companies making the electronic voting
systems released their code for public review. On Friday they are going
to
attempt to persuade Santa Clara County to embrace a system in which
electronic voting stations print a hard copy of the voter's ballot. The
voter can then review the printout before manually depositing it in a
ballot
box. Source: http://online.securityfocus.com/news/2197

January 29, Silicon.com
Exposed server is a magnet for hack attacks. The amount of hacking
activity
on the Internet has been revealed after one company set up an anonymous
'dummy test' server--and found it was maliciously attacked 467 times
within
24 hours of being installed. The server, which contained no data and had
no
public profile, was attacked every single day over the next three weeks.
PSINet Europe ran the test on an unprotected server at its Internet Data
Center in Amsterdam, and registered a total of 626 malicious attacks
over
the three week period. A significant number of attacks originated from
broadband or cable ISPs. PSINet's report into the experiment says that:
"High bandwidth links do not only provide end users with faster download
times--they also allow hackers to attack a wider target audience with a
wider array of tools." PSINet also found that the bulk of the attacks
originated from the United States and Western Europe and not in the most
commonly expected areas of the former Eastern Bloc countries. Within
Europe,
Germany, Italy, the Netherlands and the UK were the most popular
locations,
while the countries most associated with attackers--Russia, Bulgaria and
Romania--did not even feature. The findings of the PSINet Europe test
are
backed up by figures from the Gartner Group, which reported that 90 per
cent
of security breaches occur as a result of networks being incorrectly
configured and managed. Source:
http://zdnet.com.com/2100-1105-982554.html

Virus: #1 Virus in USA: PE_FUNLOVE.4099 Source:
http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus
Tracking
Center [Infected Computers, North America, Past 24 hours, #1 in United
States]

Top 10 Target Ports: 137 (netbios-ns), 1434 (ms-sql-m), 80 (http), 1433
(ms-sql-s), 53 (domain), 21 (ftp), 139 (netbios-ssn), 445
(microsoft-ds),
135 (???), 4662 (???) Source: http://isc.incidents.org/top10.html;
Internet
Storm Center

_______________________________________________
Information_technology mailing list
Information_technology@listserv
http://listserv.infragard.org/mailman/listinfo/information_technology