CRIME FW: [Information_technology] Daily News 02/03/03

From: George Heuston (GeorgeH@private)
Date: Mon Feb 03 2003 - 13:14:58 PST

  • Next message: George Heuston: "CRIME Costs of Slammer"

    -----Original Message-----
    From: NIPC Watch [mailto:nipc.watch@private] 
    Sent: Monday, February 03, 2003 8:27 AM
    To: Information Technology
    Subject: [Information_technology] Daily News 02/03/03
    
    February 02, New York Times
    Departing security official highlights cyber threat. Richard A. Clarke,
    the
    blunt, sometimes abrasive White House adviser who raised the alarm about
    unconventional national security threats ranging from failed states to
    biological and computer terrorism for more than a decade, quietly
    resigned
    as President Bush's special adviser for cyberspace security on Friday.
    In an
    interview after his last day in office, Clarke warned that although the
    government had made considerable progress in defending its electronic
    infrastructure from computer attacks, the United States faced ever
    greater
    peril, given its growing dependence on the Internet. "A sophisticated
    cyberattack may not result in massive deaths," he said. "But it could
    really
    hurt our economy and diminish our ability to respond to a crisis,
    especially
    if it is combined with a war, or a terrorist attack." Clarke said the
    attack
    last weekend by a computer bug known as the Sapphire worm showed the
    vulnerability of the United States' increasingly Internet-based economy.
    Though it was a relatively simple bug, he said, Sapphire, which has also
    been called Slammer, ravaged systems throughout the United States and
    overseas in just a few hours, shutting down some of the Bank of
    America's
    automated teller machines and Continental Airlines' online ticketing
    system,
    and denying access to the Internet to millions of personal computer
    owners.
    "Don't assume that the damage done by hackers in the past is predictive
    of
    the future," Clarke said. "As Sept. 11 showed, as long as our
    vulnerabilities are large, some enemy will exploit them in a new and
    hugely
    damaging way." Clarke said the nation is safer today than before Sept.
    11
    because al Qaeda's sanctuary in Afghanistan is gone and because
    Americans
    had rounded up hundreds of al Qaeda operatives abroad and tightened
    aviation
    security overseas and domestically. Clarke said he was leaving his post
    now
    because "11 years in the White House and a total of 30 in government is
    more
    than enough," and because President Bush would soon unveil a new
    national
    strategy to protect the nation's information infrastructure, which
    Clarke
    and his team had drafted. Source:
    http://www.nytimes.com/2003/02/02/politics/02RESI.html
    
    
    January 31, Federal Computer Week
    Cybersecurity RDagenda unveiled. The Institute for Information
    Infrastructure Protection (I3P) has unveiled its 2003 Cyber Security
    Research and Development Agenda, which identifies critical areas that
    require significant research and development to help secure the nation's
    information infrastructure. The agenda, announced January 30, outlines
    eight
    crucial RDgaps that are not being sufficiently addressed by ongoing
    government, private-sector or academic research: 1) Enterprise security
    management; 2) Trust among distributed autonomous parties; 3) Discovery
    and
    analysis of security properties and vulnerabilities; 4) Secure system
    and
    network response and recovery; 5) Traceback, identification and
    forensics;
    6) Wireless security; 7) Metrics and models; 8) Law, policy and
    economics.
    The I3P, a consortium of 23 leading cybersecurity research institutions
    from
    academia, national labs and nonprofit organizations, is funded by the
    Commerce Department and the National Institute of Standards and
    Technology.
    The agenda will help the White House's Office of Science and Technology
    Policy better coordinate RDefforts across government agencies, said
    Susan
    Hays, deputy associate director for technology at the office. I3P
    received
    input, gathered over nine months in 2002, from more than 900 experts and
    security professionals from the private sector, academia and government,
    said Michael Vatis, chairman of I3P. Source:
    http://www.fcw.com/fcw/articles/2003/0127/web-cyber-01-31-03.asp
    
    January 31, Computerworld
    Free benchmark could have found Slammer vulnerability. Industry experts
    and
    users said the Slammer worm should have been a non-issue for companies
    because the patches and a free tool capable of detecting the
    vulnerability
    exploited by the worm were available six months ago. In particular, they
    point to the issuance in July of the Consensus Minimum Security
    Benchmarks,
    also known as the Gold Standard. Developed jointly by five federal
    agencies,
    including the National Security Agency (NSA) and the FBI's National
    Infrastructure Protection Center, as well as the SANS Institute and the
    Center for Internet Security (CIS), the Gold Standard benchmark can be
    used
    to test Windows 2000 Professional systems running as workstations for
    proper
    configuration. Alan Paller, director of research at SANS, said an NSA
    study
    of the benchmark concluded that by running it on a network a company
    could
    eliminate more than 90% of known vulnerabilities. Claude Bailey, an IT
    security analyst at one of the nation's largest financial management
    firms,
    said that while the Gold Standard is a good starting point, his security
    administrators say the problem isn't in detecting the vulnerability but
    in
    deploying the patches and fixes across an organization of 50,000
    employees -- and guaranteeing that the patch won't cause more problems.
    "We
    tested the original patch [for the SQL vulnerability], and it had
    problems,"
    said Bailey. Now, with the financial firm in the middle of tax season,
    there's too much to lose to deploy patches that break other parts of the
    network. Source:
    http://www.computerworld.com/securitytopics/security/holes/s
    tory/0,10801,78063,00.html
    
    January 30, SecurityFocus
    E-voting security debate. Some respected computer scientists and
    security
    experts in California's Silicon Valley say the risks posed by malicious
    hackers, equipment failure or subtle programming errors make
    fully-electronic voting systems a bad idea. "There's no voter-validated
    record, so Trojan horses or accidents can happen without any evidence
    that
    anything has gone wrong," correctly," says Peter Neumann, a scientist at
    SRI
    International, a non-profit research institute. Electronic voting
    systems
    usually featuring touch screens and simple ATM-like interfaces. By some
    estimates one out of five votes were cast electronically last November.
    The
    systems are not connected to the Internet; instead, voters' ballots are
    typically stored on an internal hard drive until the polls close. Then
    they're copied a portable disk or a non-volatile memory card and taken
    to a
    central counting facility. It's the paperless nature of the transaction
    that
    bothers critics. "The problem is that.it's really up to the company that
    wrote the software to say that there were no errors or deliberate
    tampering
    that interfered with the vote," says David Dill, a computer science
    professor at Stanford University. The computer scientists say they'd be
    happier, but not convinced, if companies making the electronic voting
    systems released their code for public review. On Friday they are going
    to
    attempt to persuade Santa Clara County to embrace a system in which
    electronic voting stations print a hard copy of the voter's ballot. The
    voter can then review the printout before manually depositing it in a
    ballot
    box. Source: http://online.securityfocus.com/news/2197
    
    January 29, Silicon.com
    Exposed server is a magnet for hack attacks. The amount of hacking
    activity
    on the Internet has been revealed after one company set up an anonymous
    'dummy test' server--and found it was maliciously attacked 467 times
    within
    24 hours of being installed. The server, which contained no data and had
    no
    public profile, was attacked every single day over the next three weeks.
    PSINet Europe ran the test on an unprotected server at its Internet Data
    Center in Amsterdam, and registered a total of 626 malicious attacks
    over
    the three week period. A significant number of attacks originated from
    broadband or cable ISPs. PSINet's report into the experiment says that:
    "High bandwidth links do not only provide end users with faster download
    times--they also allow hackers to attack a wider target audience with a
    wider array of tools." PSINet also found that the bulk of the attacks
    originated from the United States and Western Europe and not in the most
    commonly expected areas of the former Eastern Bloc countries. Within
    Europe,
    Germany, Italy, the Netherlands and the UK were the most popular
    locations,
    while the countries most associated with attackers--Russia, Bulgaria and
    Romania--did not even feature. The findings of the PSINet Europe test
    are
    backed up by figures from the Gartner Group, which reported that 90 per
    cent
    of security breaches occur as a result of networks being incorrectly
    configured and managed. Source:
    http://zdnet.com.com/2100-1105-982554.html
    
    Virus: #1 Virus in USA: PE_FUNLOVE.4099 Source:
    http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus
    Tracking
    Center [Infected Computers, North America, Past 24 hours, #1 in United
    States]
    
    Top 10 Target Ports: 137 (netbios-ns), 1434 (ms-sql-m), 80 (http), 1433
    (ms-sql-s), 53 (domain), 21 (ftp), 139 (netbios-ssn), 445
    (microsoft-ds),
    135 (???), 4662 (???) Source: http://isc.incidents.org/top10.html;
    Internet
    Storm Center
    
    _______________________________________________
    Information_technology mailing list
    Information_technology@listserv
    http://listserv.infragard.org/mailman/listinfo/information_technology
    



    This archive was generated by hypermail 2b30 : Mon Feb 03 2003 - 13:48:39 PST