-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Friday, February 07, 2003 7:28 AM To: Information Technology Subject: [Information_technology] Daily News 02/07/03 February 07, silicon Two held in computer virus raid. Two men from northeast England are being interviewed today by the National Hi-Tech Crime Unit (NHTCU). The move follows the execution of search warrants this morning in County Durham, United Kingdom (UK). Two addresses were searched and evidence retrieved relating to computer and drugs offences. The operation was jointly conducted with officers from Durham Constabulary and the United States multi-agency CATCH team (Computer and Technology Crime Hi-Tech Response Team), which is based in Southern California. A simultaneous search warrant was executed at an address in the state of Illinois where additional evidence in the case was seized. The two UK-based men have been identified as members of an international hacking group known as "THr34t-Krew". The NHTCU claims this group is behind a worm called the TK which has infected approximately 18,000 computers worldwide. Source: http://news.zdnet.co.uk/story/0,,t269-s2130039,00.html February 06, New York Times Assessing the odds of catastrophe. A rapidly evolving set of conceptual and computing tools allow mathematicians, engineers and insurance executives to assess the risk of low-probability, high-consequence events. The field, known as probabilistic risk assessment, helps companies and government agencies decide whether they are prepared to take the chances involved. And now some of the techniques are being used to analyze the chances of terrorist attack. Developed four decades ago, the idea behind probabilistic risk assessment is that mathematics can help determine the chances of a particular outcome (a power system failure, or a hurricane that destroys thousands of homes) based on what is known or estimated about the smaller variables that lead to those outcomes. Jim Goodnight of SAS, a maker of statistical software, said that with faster processors, more advanced software and a huge availability of memory - whether on big mainframe computers or on lashed-together PC systems - "the ability to do the incredib ly difficult modeling is becoming more reachable every day." Probabilistic models, of course, are only as useful as the assumptions fed into them. Moreover, they are best used when a system or piece of equipment is being designed. The most daunting challenge, however, may be modeling minds. In describing the challenge of modeling terrorism, Hemant H. Shah of RMS, a risk-modeling firm, said, "Hurricanes do not make an effort to strike your weak points. In the case of terrorism you're dealing with a question of intent. You're modeling an adversary in the context of conflict.'' Source: http://www.nytimes.com/2003/02/06/technology/circuits/06risk.html February 05, eSecurity Planet Problematic Windows NT patch pulled. Microsoft has pulled the security patch for Microsoft Security Bulletin MS02-071: Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation. The patch, which was first issued on December 11, actually introduces an error that may cause systems to fail. While the Slammer worm inflicted its damage on copies of Microsoft SQL Server 2000, the latest problem revolves around a security patch for Windows NT 4.0 systems. But it comes at a time when sysadmins are being scolded for not updating systems with the necessary patches in the first place. (The patch for Slammer has been around since July.) The security vulnerability was found in the WM_TIMER Message Handling in NT 4.0 and could enable privilege elevation. Patches for Windows 2000 and Windows XP were unaffected by the latest withdrawal, Microsoft said. In the updated advisory, Microsoft said it was investigating the cause of the problematic patch and promised to release an updated fix soon. The company urged Windows NT 4.0 administrators to uninstall the patch until a new fix is issued. This vulnerability has a severity rating of "Important". The updated advisory may be found on the Microsoft website: http://www.microsoft.com/technet/treeview/default.asp?url=/t echnet/security/bulletin/MS02-071.asp Source: http://www.esecurityplanet.com/trends/article.php/1579611 Virus: #1 Virus in USA: PE_FUNLOVE.4099 Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports: 137 (netbios-ns), 1434 (ms-sql-m), 80 (http), 1433 (ms-sql-s), 53 (domain), 21 (ftp), 139 (netbios-ssn), 445 (microsoft-ds), 135 (???), 4662 (???) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Information_technology mailing list Information_technology@listserv http://listserv.infragard.org/mailman/listinfo/information_technology
This archive was generated by hypermail 2b30 : Fri Feb 07 2003 - 09:49:41 PST