-----Original Message----- From: InfraGard [mailto:infragard@private] Sent: Tuesday, July 01, 2003 7:56 AM To: Information Technology Subject: [Information_technology] Daily News 7/01/03 June 30, SecurityFocus PetCo plugs security hole. Pet supply retailer PetCo.com plugged a hole in its online storefront over the weekend that left as many as 500,000 credit card numbers open to anyone able to construct a specially-crafted URL. Twenty-year old programmer Jeremiah Jacks discovered the hole. He used Google to find active server pages on PetCo.com that accepted customer input and then tried inputting SQL database queries into them. "It took me less than a minute to find a page that was vulnerable," says Jacks. The company issued a statement Sunday saying it had hired a computer security consultant to assist in an audit of the site. Source: http://www.securityfocus.com/news/6194 June 30, U-Wire Computer virus leaks files from Harvard. The Bugbear.b virus hit the Harvard University campus June 6. When Bugbear.b infects a machine, it sends messages to recipients in an individuals' address book. In addition to a virus-laden attachment, such e-mails often contain text fragments from files on that machine, which may include documents and private correspondence. Harvard students reported receiving seemingly misaddressed messages bearing harmless communications. But at least one message received by at least three Harvard undergraduates contained a confidential memo concerning a case before the Administrative Board. Educational privacy law can penalize institutions who negligently or intentionally transmit their students' records. Director of Harvard Arts and Sciences Computer Services Frank Steen said that his department reacted quickly to the Bugbear virus and that the actual number of computers infected was minimal. Source: http://www.uwire.com/content//topnews062703003.html June 30, eSecurity Planet Bill would require customer notification of hacks. Legislation was introduced Friday to require businesses or government agencies to notify individuals if a database has been broken into and personal data has been compromised. The Notification of Risk to Personal Data Act would set a national standard for notification of consumers when a database breach occurs. Only California, which has a notification law going into effect Tuesday, requires businesses or government to disclose attacks on databases that compromise an individual's personal information. The legislation, introduced by U.S. Sen. Dianne Feinstein (D-CA), is based, in part, on the new California law and requires a business or government entity to notify an individual when there is a "reasonable basis to conclude that a hacker or other criminal has obtained unencrypted personal data maintained by the entity." Source: http://www.esecurityplanet.com/trends/article.php/2229261 Internet Security Systems - AlertCon: 1 out of 4 https://gtoc.iss.net/ Last Changed 10 June 2003 Security Focus ThreatCon: 1 out of 4 www.securityfocus.com Last Changed 11 June 2003 Current Virus and Port Attacks Virus: #1 Virus in USA: PE_FUNLOVE.4099 Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports: 137 (netbios-ns), 445 (microsoft-ds), 80 (www), 1434 (ms-sql-m), 113 (ident), 139 (netbios-ssn), 0 (---), 7274 (---), 4662 (eDonkey2000), 25 (smtp) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Information_technology mailing list Information_technology@listserv
This archive was generated by hypermail 2b30 : Tue Jul 01 2003 - 08:32:46 PDT