-----Original Message----- From: InfraGard [mailto:infragard@private] Sent: Wednesday, July 02, 2003 8:26 AM To: Information Technology Subject: [Information_technology] Daily News 7/02/03 June 30, The Register ZoneAlarm bells ring over freeware flaw. A recent post on the Bugtraq mailing list has revealed a serious flaw in the core design of the personal firewall ZoneAlarm running on Microsoft Windows. ZoneAlarm could theoretically be tweaked into opening an unsecured Internet connection and leaking information into web servers anywhere. By introducing a Trojan into a user computer, hackers could theoretically force an Internet connection bypassing the security of the freeware firewall, provided that the affected user clicked on the product's pop ups without reading them. Although the attack has yet to be deployed in the wild, it could potentially be used to bypass the security of the freeware version of ZoneAlarm and leave millions of users data exposed. ZoneLabs points out that the bug was only tested on version 3.1 of ZoneAlarm (it is now up to 3.7). ZoneLabs is currently working to resolving this bug. Source: http://www.theregister.co.uk/content/55/31481.html June 30, Computerworld General Clark wants more proactive government role in cybersecurity. Retired supreme allied commander General Wesley K. Clark told hundreds of government and private-sector representatives Monday that a better balance between market incentives and government regulation is urgently needed, particularly in the areas of cybersecurity and critical-infrastructure protection. Clark's comments were made in Philadelphia during the Government Symposium on Information Sharing and Homeland Security. "To make the standards work in the private sector, you start with insurance and with the federal government underwriting risks. [However], there may be areas where you can't do that and you simply have to mandate it and say that in order to be licensed as a business, you must meet certain standards," he said. Clark said there is little or no incentive for the private sector to move away from the current security model, which is centered on not reporting security incidents. Source: http://www.computerworld.com/securitytopics/security/story/0,10801,82646 ,00. html June 30, IDG News Service Microsoft security service said to allow some account hijackings. A newly disclosed vulnerability could let attackers reset passwords and hijack older Microsoft .Net Passport accounts, according to a message on an online mailing list. .Net Passport enables customers to use a single e-mail address and account password to sign on to a variety of affiliated services and Web sites including the Hotmail e-mail service. Microsoft has implemented a Secret Question feature to validate the identity of a user who needs to reset an account password. But according to the security list discussion, attackers can manipulate this feature on .Net Passport accounts that were set up before Microsoft implemented the Secret Question function. To take advantage of the vulnerability, an attacker must know both the e-mail address and the home country of the account owner. In the case of U.S.-based accounts, an attacker also needs the state and the zip code of the account owner. Microsoft did not immediately respond to requests for comment. Source: http://www.pcworld.com/news/article/0,aid,111403,00.asp June 24, Federal Computer Week City tries new path to fiber network. San Francisco is the first U.S. local government customer for a system that uses existing sewer systems to build fiber-optic networks. Developed and commercialized by Vienna, Austria, the system strings fiber-optic cable through a city's sewers as an alternative to ripping up streets to lay cable. In sewers too narrow for people to access, robots navigate the pipes and perform installations. The San Francisco city and county are building a two-mile, fiber-optic pilot project. The project will connect additional facilities to E-Net, the city-owned, conventional fiber-optic network that links government buildings. Source: http://www.fcw.com/geb/articles/2003/0623/web-fiber-06-24-03.asp Internet Security Systems - AlertCon: 1 out of 4 https://gtoc.iss.net/ Last Changed 10 June 2003 Security Focus ThreatCon: 1 out of 4 www.securityfocus.com Last Changed 11 June 2003 Current Virus and Port Attacks Virus: #1 Virus in USA: WORM_KLEZ.H Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports: 137 (netbios-ns), 80 (www), 445 (microsoft-ds), 1434 (ms-sql-m), 7345 (swx), 139 (netbios-ssn), 113 (ident), 0 (---), 9007 (---), 6346 (gnutella-svc) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Information_technology mailing list Information_technology@listserv
This archive was generated by hypermail 2b30 : Wed Jul 02 2003 - 09:58:01 PDT