-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Tuesday, April 15, 2003 7:22 AM To: Information Technology Subject: [Information_technology] Daily News 4/15/03 April 14, New York Times Cyberattacks with offline damage. Most experts think of cyberattack as something that will happen in the virtual world, with effects on computer networks or access to bank accounts. But in a new paper, Aviel D. Rubin of the Information Security Institute at Johns Hopkins University, describes cyberattacks involving the use of online tools against the offline world. Using tools that have been published by search engines like Google that allow programmers to automate searches on a large scale, the paper describes a relatively simple program that could set the victim up to receive catalogs from hundreds of thousands of Web sites that have sign-up forms. Rubin's attack could be enormously disruptive to the target, and could paralyze the local post office that has to deal with the onslaught. As the report notes, the exploit could be used as a diversion to accompany a deadly terrorist act, like mailing an envelope containing anthrax spores. The paper can be found at www.avirubin.com/scripted.attacks.pdf Source: http://www.nytimes.com/2003/04/14/technology/14NECO.html April 14, Government Computer News Council offers guidance on enterprise architecture. A section of the Industry Advisory Council has published four white papers on enterprise architecture for government agencies. IAC's Enterprise Architecture Shared Interest Group released the documents last week. The council is a subsidiary of the Federation of Government Information Processing Councils of Fairfax, Virginia. The white papers, developed for the Federal Enterprise Architecture Program Management Office, are titled: Advancing Enterprise Architecture Maturity Business; Line Architecture and Integration; Interoperability Strategy-Concepts, Challenges and Recommendations; Succeeding with Component-Based Architecture in E-Government. The documents are available for downloading at the IAC Website: http://www.iaconline.org/ Source: http://www.gcn.com/vol1_no1/daily-updates/21716-1.html April 11, IDG News Service XML security standard touted at show. A group of application security vendors affiliated with the Organization for the Advancement of Structured Information Standards (OASIS) will next week announce a proposal for an XML standard for application vulnerabilities at the RSA Conference hosted by RSA Security in San Francisco. The group, made up of Citadel Security Software, GuardedNet, NetContinuum, SPI Dynamics and Teros, is promoting the development of the Application Vulnerability Description Language (AVDL), which is intended to standardize information about application vulnerabilities, enabling different products to share vulnerability information in a heterogeneous network environment, according to a statement released by the five companies. If widely adopted, the AVDL standards will enable customers to deploy diverse security technology to protect their network without having to sacrifice integration and interoperability, according to Wes Wasson, chief security strategy officer at NetContinuum. Source: http://www.nwfusion.com/news/2003/0411standorgan.html Internet Security Systems - AlertCon: 1 out of 4 https://gtoc.iss.net/ Last Changed 8 April 2003 Security Focus ThreatCon: 1 out of 4 www.securityfocus.com Last Changed 10 April 2003 Current Virus and Port Attacks Virus: #1 Virus in USA: WORM_LOVGATE.F Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports: 137 (netbios-ns), 80 (www), 1434 (ms-sql-m), 113 (ident), 445 (microsoft-ds), 25 (smtp), 139 (netbios-ssn), 4662 (eDonkey2000), 3136 (---), 53 (domain) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Information_technology mailing list Information_technology@listserv
This archive was generated by hypermail 2b30 : Tue Apr 15 2003 - 10:50:26 PDT