-----Original Message----- From: InfraGard [mailto:infragard@private] Sent: Friday, July 25, 2003 7:31 AM To: Information Technology Subject: [Information_technology] Daily News 7/25/03 July 24, General Accounting Office GAO Report GAO-03-1037T: Further Efforts Needed to Implement Statutory Requirements in DOD. The Department of Defense (DOD) faces many risks in its use of globally networked computer systems to perform operational missions. Weaknesses in these systems, if present, could give hackers and other unauthorized users the opportunity to modify, steal, inappropriately disclose, and destroy sensitive military data. This report discusses the DOD's efforts to protect its information systems and networks from cyber attack, focusing on its reported progress in implementing statutory information security requirements. Source: http://www.gao.gov/highlights/d031037thigh.pdf July 24, Department of Homeland Security Potential For Significant Impact On Internet Operations Due To Vulnerability In Microsoft Operating Systems. The recently announced Remote Procedure Call (RPC) vulnerability in computers running Microsoft Windows operating systems could be exploited to allow the execution of arbitrary code or could cause a denial of service state in an unprotected computer. Because of the significant percentage of Internet-connected computers running Windows operating systems and using high speed connections (DSL or cable for example), the potential exists for a worm or virus to propagate rapidly across the Internet carrying payloads that might exploit other known vulnerabilities in switching devices, routers, or servers. Due to the seriousness of the RPC vulnerability, the Department of Homeland Security / Information Analysis and Infrastructure Protection National Cyber Security Division and Microsoft encourage system administrators and computer owners to take this opportunity to update vulnerable versions of Microsoft Windows operating systems as soon as possible. A patch is available on the Microsoft Website: http://microsoft.com/technet/treeview/default.asp?url=/technet/security/ bull etin/MS03-026.asp. Source: http://www.nipc.gov/warnings/advisories/2003/Potential72403.htm July 23, Government Computer News NDU prof: digital control systems can weaken security. The growing integration of digital control systems with traditional computer networks is opening a new avenue of attack against the nation's physical infrastructure, John H. Saunders, a professor at the National Defense University, said Wednesday, July 23, at the GOVSEC security conference in Washington. Controls for operating utilities, buildings and campuses are being turned over to cost-effective digital systems with remote access capabilities. Proprietary protocols and single-purpose firmware have offered a degree of security for these systems. But standardizing on a few protocols is increasing the risk. Digital control systems also are being connected to LANs, WANs and the Internet for remote administration. Government administrators can do little about the level of security at utilities, but they can increase security within their own buildings, Saunders said. Building engineers need to focus on security the way systems administrators do, by performing systems inventories and vulnerability and risk assessments, and by implementing policy, he said. Source: http://www.gcn.com/vol1_no1/daily-updates/22860-1.html July 23, Federal Computer Week Security adviser warns of cyberthreats. Officials must still figure out how to fully secure the nation's critical infrastructure against cyber attacks, said General John Gordon, retired lieutenant general from the U.S. Air Force, presidential assistant and adviser to the Homeland Security Council Tuesday, July 22. Attacks over electronic networks might become a threat as great as weapons of mass destruction, he told a meeting of the National Infrastructure Advisory Council in Washington, DC. The council, which consists of a gathering of industry and government officials, is expected to issue recommendations for tougher information security protections in October. One of the council's toughest challenges is determining what should be disclosed to private industry and the public and when it should do so, officials told the council. Source: http://www.fcw.com/fcw/articles/2003/0721/web-secure-07-23-03.asp Internet Security Systems - AlertCon: 2 out of 4 https://gtoc.iss.net/ Last Changed 22 July 2003 Security Focus ThreatCon: 2 out of 4 www.securityfocus.com Last Changed 22 July 2003 Current Virus and Port Attacks Virus: #1 Virus in USA: WORM_KLEZ.H Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports: 137 (netbios-ns), 445 (microsoft-ds), 80 (www), 1434 (ms-sql-m), 56403 (---), 113 (ident), 139 (netbios-ssn), 4662 (eDonkey2000), 20230 (---), 0 (---) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Information_technology mailing list Information_technology@listserv
This archive was generated by hypermail 2b30 : Fri Jul 25 2003 - 08:33:32 PDT