-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Tuesday, May 27, 2003 6:53 AM To: Information Technology Subject: [Information_technology] Daily News 5/27/03 May 23, Sophos Canadian university offering course in virus-writing. The University of Calgary in Canada is offering its students a course in malicious virus-writing this autumn. The course, titled "Computer Viruses and Malware," is described by university literature as focusing on "developing malicious software such as computer viruses, worms and Trojan horses that are known to wreak havoc to the tune of billions of dollars world-wide on an annual basis." The course professor, Dr. John Aycock, is said to have convinced the University authorities to allow virus writing to be part of the course in the belief that it will lead to a greater understanding of how to stop viruses. Source: http://www.sophos.com/virusinfo/articles/calgary.html May 23, Associated Press Government to appoint cybersecurity chief. The Bush administration plans to appoint a new cybersecurity chief for the government inside the Department of Homeland Security, replacing a position once held by a special adviser to the president. The new position is expected to be announced formally within two weeks. The new cyberchief will be responsible for carrying out the dozens of recommendations in the administration's "National Strategy to Secure Cyberspace," a set of proposals put together under Richard Clarke, Bush's top cyberspace adviser, just before his retirement this year. Source: http://www.washingtonpost.com/wp-dyn/articles/A31674-2003May23.html May 22, Computerworld Corporate IT risks and physical threats are changing security deployment. Growing IT and physical risks and emerging regulatory requirements are transforming the manner in which security functions need to be viewed, implemented and managed, said executives at the SecurIT 2003 Summit in Phoenix last week. For instance, it is becoming increasingly important for companies to look at IT and physical threats from a common, unified risk-management perspective, said Dennis Treece, director of corporate security at the Massachusetts Port Authority in Boston. "At the end the day, the board is going to see no difference between network and physical security," he said. It is crucial for security executives to be proactive in overcoming notions of security as an expensive and non-revenue-generating function, users said. And that means being able to put a dollar value on risk as much as possible, especially at a time when IT spending overall has been considerably tightened, Treece said. Source: http://www.computerworld.com/securitytopics/security/story/0,10801,81444 ,00. html May 22, National Journal Panel asks Ridge about cybersecurity, information analysis. Members of the House Homeland Security Committee asked Department of Homeland Security (DHS) Secretary Tom Ridge on Wednesday about cybersecurity plans and the department's relationship with the new Terrorist Threat Information Center housed at the CIA. In the conclusion of a two-part hearing before the committee, Ridge said that analysts at the information analysis and infrastructure protection directorate would not have access to all of the intelligence community's raw data, but that directorate analysts housed at the threat center would have that access. He also said information could derive from various agencies of the DHS and be sent to the threat center. Ridge also said future terrorist exercises like the one conducted a few weeks ago would include cyber attacks, though he said there are enough real cyber attacks occurring to make it unnecessary to try to simulate them. He stated that cybersecurity and physical security are so interdependent that it is impossible to focus just on cyber security. Source: http://www.govexec.com/dailyfed/0503/052203tdpm1.htm May 21, Reuters Hackers flex growing cyber muscle in China. Eighty-four percent of firms in China reported at least one cyber attack this year, up from 59 percent in 2002, according to a recent survey by Evans Data Corp. Many firms fail to take basic protective steps, such as changing default passwords when they install new software and staying up to date on software patches. Evans Data analyst Esther Schindler said inexperience may also be an issue. According to an Evans survey last year, the average Chinese programmer had about four years of experience compared with 16 in North America. Chinese firms may also use pirated software containing hidden "backdoors" and older software that is more vulnerable to attack, said Allan Paller, of the U.S.-based System Administration, Networking and Security Institute. Eric Ashdown of Ernst & Young's technology and security risk services practice for China, said China's weak enforcement of anti-hacking laws is also a problem in a culture where firms often escape with minor penalties for serious infractions. In addition, many foreign firms believe Chinese public security officials employ hackers when it is in their interest, and that state-mandated encryption software contains backdoors making systems vulnerable, he said. Source: http://www.reuters.com/newsArticle.jhtml?type=internetNewsstoryID=278955 0 Internet Security Systems - AlertCon: 1 out of 4 https://gtoc.iss.net/ Last Changed 8 April 2003 Security Focus ThreatCon: 1 out of 4 www.securityfocus.com Last Changed 18 April 2003 Current Virus and Port Attacks Virus: #1 Virus in USA: WORM_LOVGATE.F Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports: 137 (netbios-ns), 445 (microsoft-ds), 80 (www), 1434 (ms-sql-m), 139 (netbios-ssn), 19341 (---), 113 (ident), 84 (ctf), 0 (---), 4662 (eDonkey2000) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Information_technology mailing list Information_technology@listserv
This archive was generated by hypermail 2b30 : Tue May 27 2003 - 09:58:39 PDT