-----Original Message----- From: InfraGard [mailto:infragard@private] Sent: Thursday, June 05, 2003 7:23 AM To: Information Technology Subject: [Information_technology] Daily News 6/05/03 June 04, Microsoft Microsoft Security Bulletin MS03-020: Cumulative Patch for Internet Explorer. This cumulative patch includes the functionality of all previously released patches for Internet Explorer 5.01, 5.5 and 6.0, and eliminates two vulnerabilities: a buffer overrun vulnerability that occurs because Internet Explorer does not properly determine an object type returned from a web server, and a flaw that results because Internet Explorer does not implement an appropriate block on a file download dialog box. It could be possible for an attacker to exploit this vulnerability to run arbitrary code on a user's system. This cumulative patch will cause window.showHelp( ) to cease to function if you have not applied the HTML Help update. Microsoft has assigned a risk rating of "Critical" to this patch. Source: http://www.microsoft.com/technet/treeview/default.asp?url=/t echnet/security/bulletin/MS03-020.asp June 04, Post Newsweek Tech Media PKI momentum builds, program manager says. A dozen years after the start of the federal push for a public-key infrastructure, the technology is gaining momentum, and more agencies will be using PKI in a matter of months, a federal program manager predicts. By year's end, Tim Polk, the PKI program manager at the National Institute of Standards and Technology, estimated, eight to 10 agencies will be heavily engaged in PKI, nearly twice the number involved today. Polk spoke today at a conference on IT security in Washington sponsored by the research and advisory firm Gartner Inc. As governments and businesses move from paper to electronic documents, PKI holds promise as an effective way to protect and validate those documents and verify identities. PKI also is being used with employee identification smart cards. Source: http://www.gcn.com/vol1_no1/daily-updates/22320-1.html June 03, National Journal Computer security officials discount chances of 'digital Pearl Harbor'. The notion that the cyberterrorism against the United States could create a "digital Pearl Harbor" is fading three computer-security experts said Tuesday. Casey Dunlevy of Carnegie Mellon's Software Engineering Institute (SEI), and Richard Hunter of Gartner Group, said disgruntled insiders, not foreign terrorists, pose the greatest cybersecurity threat to companies. "But could [cyber terrorism] be a force multiplier in terrorist attacks" by, for example, disabling all traffic lights after a bombing? "I think we have to consider that," said Dunlevy. He said computers recovered from Afghanistan demonstrated al Qaeda's use of steganography, a technique for embedding secret data within pictures or text. "We will eventually see a cyber element to terrorist activity," Dunlevy said. But both he and Hunter said terrorist groups also are likely to continue to engage in money laundering and cybercrime as a means of purloining resources. Source: http://www.govexec.com/dailyfed/0603/060303td2.htm June 02, Federal Computer Week Rural region models safety system. The Virginia Department of Transportation, several private-sector health and nonprofit groups and a number of jurisdictions in the valley are developing an integrated, Web-based communications platform for first responders. Led by the Northern Shenandoah Valley (NSV) Steering Committee, the initiative began three years ago as an effort to improve highway safety and the response to crashes and hazardous material spills along the state's Interstate 81 corridor. But after September 11, 2001, there was a "pretty significant sea change" in the project's scope, said Jack Potter, chairman of the NSV committee. The steering committee began refining the Integrated Intelligent Transportation System - Public Safety System during the past year. The system automatically collects and aggregates data for future analysis, can act as a disease surveillance system, and even provides specific information about certain patients whom paramedics frequently treat. Source: http://www.fcw.com/geb/articles/2003/0602/web-nsv-06-02-03.asp Internet Security Systems - AlertCon: 1 out of 4 https://gtoc.iss.net/ Last Changed 8 April 2003 Security Focus ThreatCon: 1 out of 4 www.securityfocus.com Last Changed 18 April 2003 Current Virus and Port Attacks Virus: #1 Virus in USA: WORM_LOVGATE.F Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports: 137 (netbios-ns), 80 (www), 1434 (ms-sql-m), 445 (microsoft-ds), 113 (ident), 139 (netbios-ssn), 0 (---), 53 (domain), 4662 (eDonkey2000), 25 (smtp) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Information_technology mailing list Information_technology@listserv
This archive was generated by hypermail 2b30 : Thu Jun 05 2003 - 11:29:46 PDT