-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Wednesday, February 19, 2003 7:54 AM To: Information Technology Subject: [Information_technology] Daily News 02/19/03 February 18, Government Computer News Open Source group releases list of top 10 Web vulnerabilities. The Open Web Application Security Project released a list of the top ten vulnerabilities in Web applications and services on Tuesday. The group said it wants the list to focus government and private-sector attention on common vulnerabilities "that require immediate remediation." "Also, in the longer term, this list is intended to be used by development teams and their managers during project planning," the report reads. OWASP is a volunteer Open Source community project created to bring attention to Web application security. It patterned its list on the SANS Institute's and FBI's top 20 list of network vulnerabilities. Like the SANS-FBI list, the OWASP vulnerabilities are well known and have been recognized for years, but continue to represent significant risks because they remain common. They can be exploited by code in http requests that are passed through firewalls and into servers despite hardening and are not noted by intrusion detection systems. The complete report is available from the OWASP Website at www.owasp.org. Source: http://www.gcn.com/vol1_no1/daily-updates/21159-1.html February 18, Federal Computer Week Pentagon thwarts spoofed e-mail. The Pentagon said today that an attempt to send a virus through its systems last week was thwarted before damage could be caused. On the morning of February 14, someone "spoofed" the Defense Technology Information Center (DTIC) header, camouflaging the sender's real address to make recipients think the message had come from the Defense Department. The message had a virus attached and was sent through Pentagon computers to two mailing lists. "Our computers caught the virus and stripped it out," said Terry Davis, manager of the Public Web Program in the Office of the Secretary of Defense. "So what went out was the original text message that was sent in the e-mail, but the virus and the attachment were both stripped." Davis said he and a few co-workers then went into the system to put safeguards in place to prevent someone else from spoofing a DTIC header. Source: http://www.fcw.com/fcw/articles/2003/0217/web-dtic-02-18-03.asp Current Alert Levels Internet Security Systems - AlertCon: 1 out of 4 https://gtoc.iss.net/ Last Changed 3 February 2003 Security Focus - ThreatCon: 1 out of 4 www.securityfocus.com Last Changed 29 January 2003 Current Virus and Port Attacks Virus: #1 Virus in USA: PE_FUNLOVE.4099 Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports: 137 (netbios-ns), 80 (www), 1434 (ms-sql-m), 113(ident), 6348 (---), 6346 (gnutella-svc), 4662 Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Information_technology mailing list Information_technology@listserv http://listserv.infragard.org/mailman/listinfo/information_technology
This archive was generated by hypermail 2b30 : Wed Feb 19 2003 - 15:53:45 PST