CRIME FW: [Information_technology] Daily News 6/05/03

From: George Heuston (GeorgeH@private)
Date: Thu Jun 05 2003 - 10:54:11 PDT

  • Next message: Ryan Nutick: "CRIME In case you haven't seen yet..."

    -----Original Message-----
    From: InfraGard [mailto:infragard@private] 
    Sent: Thursday, June 05, 2003 7:23 AM
    To: Information Technology
    Subject: [Information_technology] Daily News 6/05/03
    
    June 04, Microsoft
    Microsoft Security Bulletin MS03-020: Cumulative Patch for Internet
    Explorer. This cumulative patch includes the functionality of all
    previously
    released patches for Internet Explorer 5.01, 5.5 and 6.0, and eliminates
    two
    vulnerabilities: a buffer overrun vulnerability that occurs because
    Internet
    Explorer does not properly determine an object type returned from a web
    server, and a flaw that results because Internet Explorer does not
    implement
    an appropriate block on a file download dialog box. It could be possible
    for
    an attacker to exploit this vulnerability to run arbitrary code on a
    user's
    system. This cumulative patch will cause window.showHelp( ) to cease to
    function if you have not applied the HTML Help update. Microsoft has
    assigned a risk rating of "Critical" to this patch. Source:
    http://www.microsoft.com/technet/treeview/default.asp?url=/t
    echnet/security/bulletin/MS03-020.asp
    
    June 04, Post Newsweek Tech Media
    PKI momentum builds, program manager says. A dozen years after the start
    of
    the federal push for a public-key infrastructure, the technology is
    gaining
    momentum, and more agencies will be using PKI in a matter of months, a
    federal program manager predicts. By year's end, Tim Polk, the PKI
    program
    manager at the National Institute of Standards and Technology,
    estimated,
    eight to 10 agencies will be heavily engaged in PKI, nearly twice the
    number
    involved today. Polk spoke today at a conference on IT security in
    Washington sponsored by the research and advisory firm Gartner Inc. As
    governments and businesses move from paper to electronic documents, PKI
    holds promise as an effective way to protect and validate those
    documents
    and verify identities. PKI also is being used with employee
    identification
    smart cards. Source:
    http://www.gcn.com/vol1_no1/daily-updates/22320-1.html
    
    June 03, National Journal
    Computer security officials discount chances of 'digital Pearl Harbor'.
    The
    notion that the cyberterrorism against the United States could create a
    "digital Pearl Harbor" is fading three computer-security experts said
    Tuesday. Casey Dunlevy of Carnegie Mellon's Software Engineering
    Institute
    (SEI), and Richard Hunter of Gartner Group, said disgruntled insiders,
    not
    foreign terrorists, pose the greatest cybersecurity threat to companies.
    "But could [cyber terrorism] be a force multiplier in terrorist attacks"
    by,
    for example, disabling all traffic lights after a bombing? "I think we
    have
    to consider that," said Dunlevy. He said computers recovered from
    Afghanistan demonstrated al Qaeda's use of steganography, a technique
    for
    embedding secret data within pictures or text. "We will eventually see a
    cyber element to terrorist activity," Dunlevy said. But both he and
    Hunter
    said terrorist groups also are likely to continue to engage in money
    laundering and cybercrime as a means of purloining resources. Source:
    http://www.govexec.com/dailyfed/0603/060303td2.htm
    
    June 02, Federal Computer Week
    Rural region models safety system. The Virginia Department of
    Transportation, several private-sector health and nonprofit groups and a
    number of jurisdictions in the valley are developing an integrated,
    Web-based communications platform for first responders. Led by the
    Northern
    Shenandoah Valley (NSV) Steering Committee, the initiative began three
    years
    ago as an effort to improve highway safety and the response to crashes
    and
    hazardous material spills along the state's Interstate 81 corridor. But
    after September 11, 2001, there was a "pretty significant sea change" in
    the
    project's scope, said Jack Potter, chairman of the NSV committee. The
    steering committee began refining the Integrated Intelligent
    Transportation
    System - Public Safety System during the past year. The system
    automatically
    collects and aggregates data for future analysis, can act as a disease
    surveillance system, and even provides specific information about
    certain
    patients whom paramedics frequently treat. Source:
    http://www.fcw.com/geb/articles/2003/0602/web-nsv-06-02-03.asp
    
    
    Internet Security Systems - AlertCon: 1 out of 4
    https://gtoc.iss.net/
    Last Changed 8 April 2003
    
    Security Focus ThreatCon: 1 out of 4
    www.securityfocus.com
    Last Changed 18 April 2003
    
    Current Virus and Port Attacks
    Virus: #1 Virus in USA: WORM_LOVGATE.F
    Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus
    Tracking Center [Infected Computers, North America, Past 24 hours, #1 in
    United States]
    
    Top 10 Target Ports:
    137 (netbios-ns), 80 (www), 1434 (ms-sql-m), 445 (microsoft-ds), 113
    (ident), 139 (netbios-ssn), 0 (---), 53 (domain), 4662 (eDonkey2000), 25
    (smtp)
    Source: http://isc.incidents.org/top10.html; Internet Storm Center
    
    _______________________________________________
    Information_technology mailing list
    Information_technology@listserv
    



    This archive was generated by hypermail 2b30 : Thu Jun 05 2003 - 11:29:46 PDT