-----Original Message----- From: InfraGard [mailto:infragard@private] Sent: Friday, May 30, 2003 6:51 AM To: Information Technology Subject: [Information_technology] Daily News 5/30/03 May 28, Santa Cruz Sentinel Hackers threaten confidential student records. Some Santa Cruz County, CA schools and many nationwide use online systems that allow parents to monitor their children's assignments, attendance and marks over the Internet. However, the expulsion of two students who allegedly hacked into the computer system of the county's San Lorenzo Valley High School exposes the the vulnerability of online record systems. Sheriff's investigators allege that in November 2000 and January 2001, the students broke into the school's computer system using stolen passwords. They allegedly changed grades, read staff e-mail and stole credit card information. Students also allegedly carried out "denial of service" attacks on the school's computer system in August and September 2002. Source: http://www.santacruzsentinel.com/archive/2003/May/28/local/stories/05loc al.h tm May 27, vnunet.com UK police provide PR help to cyber crime victims. The UK's National High Tech Crime Unit (NHTCU) is to help handle PR for firms that have been the victims of computer crime, in an attempt to encourage more prosecutions. In December the unit launched a confidentiality charter, which allows companies to report computer crime without fear of public disclosure, but some firms are pulling out of prosecutions just before they go to court, according to John Lyons of the NHTCU. Lyons said one problem is companies fear bad publicity from prosecutions. In the event of a prosecution the unit's PR staff will work to avoid leaks and promote a positive image of companies helping the police, he said. Source: http://www.vnunet.com/News/1141184 May 26, The Hill Lawmakers see cyberterror vulnerability. Lawmakers are charging that government agencies and industry are not doing enough to protect the country's power plants, industries and financial institutions from the threat of cyberterrorism attacks. Science committee staffers have noted that 80 to 90 percent of the country's infrastructure is under private control. Staffers for the House Government Reform Technology Subcommittee are making site visits to private sector companies to assess its state of preparedness. At a subcommittee hearing in April, former White House advisor on cyber security Richard Clarke said, "I think we want to avoid regulation" and a "cyber security police." But a few weeks later, members of the National Infrastructure Advisory Committee, a White House advisory group. concluded that regulation might be the best way to get some industries to implement better cyber security, as well as physical infrastructure security. An alternative to government regulation is self-regulation through regional Information Sharing and Analysis Centers. But the threat of having competitors aware of a company's vulnerabilities has made this problematic for many organizations. Source: http://www.hillnews.com/news/052803/cyberterror.aspx May 26, InformationWeek More large companies are turning to service providers to handle their security. Only 24% of 286 companies surveyed by Forrester Research in October said they were likely or somewhat likely to outsource security monitoring. More than twice as many, 53%, said they were very unlikely to turn to other companies for such services. But more businesses may become receptive to the idea of contracting with companies such as Counterpane Internet Security, Guardent, Internet Security Systems, RedSiren, Symantec, TruSecure, Ubizen, Unisys, and VeriSign as the challenge of managing security becomes increasingly complex. Analyst firm Gartner calls managed security services the fastest-growing IT services sector. It predicts growth of more than 19% a year, with sales increasing from $547.8 million last year to $1.2 billion in 2006. Another factor that could propel the market's growth is the increasing number of federal and state laws and regulations that require companies to limit access to and keep confidential information on customers and patients, as well as provide an audit trail for investigators. For example, a law in California that takes effect in July requires state agencies and companies with customers in the state to report all security breaches that may reveal personally identifiable information. Source: http://www.informationweek.com/story/showArticle.jhtml?articleID=1010023 2 Internet Security Systems - AlertCon: 1 out of 4 https://gtoc.iss.net/ Last Changed 8 April 2003 Security Focus ThreatCon: 1 out of 4 www.securityfocus.com Last Changed 18 April 2003 Current Virus and Port Attacks Virus: #1 Virus in USA: WORM_LOVGATE.G Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports: 445 (microsoft-ds), 137 (netbios-ns), 80 (www), 1434 (ms-sql-m), 139 (netbios-ssn), 113 (ident), 0 (---), 41170 (---), 4662 (eDonkey2000), 4899 (radmin) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Information_technology mailing list Information_technology@listserv
This archive was generated by hypermail 2b30 : Fri May 30 2003 - 19:27:30 PDT