-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Monday, February 03, 2003 8:27 AM To: Information Technology Subject: [Information_technology] Daily News 02/03/03 February 02, New York Times Departing security official highlights cyber threat. Richard A. Clarke, the blunt, sometimes abrasive White House adviser who raised the alarm about unconventional national security threats ranging from failed states to biological and computer terrorism for more than a decade, quietly resigned as President Bush's special adviser for cyberspace security on Friday. In an interview after his last day in office, Clarke warned that although the government had made considerable progress in defending its electronic infrastructure from computer attacks, the United States faced ever greater peril, given its growing dependence on the Internet. "A sophisticated cyberattack may not result in massive deaths," he said. "But it could really hurt our economy and diminish our ability to respond to a crisis, especially if it is combined with a war, or a terrorist attack." Clarke said the attack last weekend by a computer bug known as the Sapphire worm showed the vulnerability of the United States' increasingly Internet-based economy. Though it was a relatively simple bug, he said, Sapphire, which has also been called Slammer, ravaged systems throughout the United States and overseas in just a few hours, shutting down some of the Bank of America's automated teller machines and Continental Airlines' online ticketing system, and denying access to the Internet to millions of personal computer owners. "Don't assume that the damage done by hackers in the past is predictive of the future," Clarke said. "As Sept. 11 showed, as long as our vulnerabilities are large, some enemy will exploit them in a new and hugely damaging way." Clarke said the nation is safer today than before Sept. 11 because al Qaeda's sanctuary in Afghanistan is gone and because Americans had rounded up hundreds of al Qaeda operatives abroad and tightened aviation security overseas and domestically. Clarke said he was leaving his post now because "11 years in the White House and a total of 30 in government is more than enough," and because President Bush would soon unveil a new national strategy to protect the nation's information infrastructure, which Clarke and his team had drafted. Source: http://www.nytimes.com/2003/02/02/politics/02RESI.html January 31, Federal Computer Week Cybersecurity RDagenda unveiled. The Institute for Information Infrastructure Protection (I3P) has unveiled its 2003 Cyber Security Research and Development Agenda, which identifies critical areas that require significant research and development to help secure the nation's information infrastructure. The agenda, announced January 30, outlines eight crucial RDgaps that are not being sufficiently addressed by ongoing government, private-sector or academic research: 1) Enterprise security management; 2) Trust among distributed autonomous parties; 3) Discovery and analysis of security properties and vulnerabilities; 4) Secure system and network response and recovery; 5) Traceback, identification and forensics; 6) Wireless security; 7) Metrics and models; 8) Law, policy and economics. The I3P, a consortium of 23 leading cybersecurity research institutions from academia, national labs and nonprofit organizations, is funded by the Commerce Department and the National Institute of Standards and Technology. The agenda will help the White House's Office of Science and Technology Policy better coordinate RDefforts across government agencies, said Susan Hays, deputy associate director for technology at the office. I3P received input, gathered over nine months in 2002, from more than 900 experts and security professionals from the private sector, academia and government, said Michael Vatis, chairman of I3P. Source: http://www.fcw.com/fcw/articles/2003/0127/web-cyber-01-31-03.asp January 31, Computerworld Free benchmark could have found Slammer vulnerability. Industry experts and users said the Slammer worm should have been a non-issue for companies because the patches and a free tool capable of detecting the vulnerability exploited by the worm were available six months ago. In particular, they point to the issuance in July of the Consensus Minimum Security Benchmarks, also known as the Gold Standard. Developed jointly by five federal agencies, including the National Security Agency (NSA) and the FBI's National Infrastructure Protection Center, as well as the SANS Institute and the Center for Internet Security (CIS), the Gold Standard benchmark can be used to test Windows 2000 Professional systems running as workstations for proper configuration. Alan Paller, director of research at SANS, said an NSA study of the benchmark concluded that by running it on a network a company could eliminate more than 90% of known vulnerabilities. Claude Bailey, an IT security analyst at one of the nation's largest financial management firms, said that while the Gold Standard is a good starting point, his security administrators say the problem isn't in detecting the vulnerability but in deploying the patches and fixes across an organization of 50,000 employees -- and guaranteeing that the patch won't cause more problems. "We tested the original patch [for the SQL vulnerability], and it had problems," said Bailey. Now, with the financial firm in the middle of tax season, there's too much to lose to deploy patches that break other parts of the network. Source: http://www.computerworld.com/securitytopics/security/holes/s tory/0,10801,78063,00.html January 30, SecurityFocus E-voting security debate. Some respected computer scientists and security experts in California's Silicon Valley say the risks posed by malicious hackers, equipment failure or subtle programming errors make fully-electronic voting systems a bad idea. "There's no voter-validated record, so Trojan horses or accidents can happen without any evidence that anything has gone wrong," correctly," says Peter Neumann, a scientist at SRI International, a non-profit research institute. Electronic voting systems usually featuring touch screens and simple ATM-like interfaces. By some estimates one out of five votes were cast electronically last November. The systems are not connected to the Internet; instead, voters' ballots are typically stored on an internal hard drive until the polls close. Then they're copied a portable disk or a non-volatile memory card and taken to a central counting facility. It's the paperless nature of the transaction that bothers critics. "The problem is that.it's really up to the company that wrote the software to say that there were no errors or deliberate tampering that interfered with the vote," says David Dill, a computer science professor at Stanford University. The computer scientists say they'd be happier, but not convinced, if companies making the electronic voting systems released their code for public review. On Friday they are going to attempt to persuade Santa Clara County to embrace a system in which electronic voting stations print a hard copy of the voter's ballot. The voter can then review the printout before manually depositing it in a ballot box. Source: http://online.securityfocus.com/news/2197 January 29, Silicon.com Exposed server is a magnet for hack attacks. The amount of hacking activity on the Internet has been revealed after one company set up an anonymous 'dummy test' server--and found it was maliciously attacked 467 times within 24 hours of being installed. The server, which contained no data and had no public profile, was attacked every single day over the next three weeks. PSINet Europe ran the test on an unprotected server at its Internet Data Center in Amsterdam, and registered a total of 626 malicious attacks over the three week period. A significant number of attacks originated from broadband or cable ISPs. PSINet's report into the experiment says that: "High bandwidth links do not only provide end users with faster download times--they also allow hackers to attack a wider target audience with a wider array of tools." PSINet also found that the bulk of the attacks originated from the United States and Western Europe and not in the most commonly expected areas of the former Eastern Bloc countries. Within Europe, Germany, Italy, the Netherlands and the UK were the most popular locations, while the countries most associated with attackers--Russia, Bulgaria and Romania--did not even feature. The findings of the PSINet Europe test are backed up by figures from the Gartner Group, which reported that 90 per cent of security breaches occur as a result of networks being incorrectly configured and managed. Source: http://zdnet.com.com/2100-1105-982554.html Virus: #1 Virus in USA: PE_FUNLOVE.4099 Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports: 137 (netbios-ns), 1434 (ms-sql-m), 80 (http), 1433 (ms-sql-s), 53 (domain), 21 (ftp), 139 (netbios-ssn), 445 (microsoft-ds), 135 (???), 4662 (???) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Information_technology mailing list Information_technology@listserv http://listserv.infragard.org/mailman/listinfo/information_technology
This archive was generated by hypermail 2b30 : Mon Feb 03 2003 - 13:48:39 PST