-----Original Message----- From: information_technology-admin@private [mailto:information_technology-admin@private] On Behalf Of InfraGard Sent: Thursday, December 11, 2003 6:56 AM To: Information Technology Subject: [Information_technology] Daily News 12/11/03 December 10, eWEEK - Security experts warn of new way to attack Windows. Security experts have found a new way to exploit a critical vulnerability in Windows that evades a workaround. Microsoft Corp. issued a patch for the vulnerability in November, but the security bulletin also listed several workarounds for the flaw, including disabling the Workstation Service and using a firewall to block specific UDP and TCP ports. Researchers at security company Core Security Technologies discovered a new attack vector that uses a different UDP port. This attack still allows the malicious packets to reach the vulnerable Workstation Service. An attacker who successfully exploits the weakness could run any code of choice on the vulnerable machine. An attacker doesn't have to individually address computers on the network, but can broadcast an attack. Such a tactic could actually create a worm that spreads faster than the SQL Slammer worm did last year. Microsoft urged customers to apply the patch. "Applying the patch does correct the problem," said Iain Mulholland, a security program manager for Microsoft. Source: http://www.eweek.com/article2/0,4149,1408902,00.asp December 10, Government Computer News - IPv6 will need security, too, experts warn. Security has been one of the selling points for the new Internet protocol, but IPv6 is not inherently secure, say those planning its implementation. The Internet Engineering Task Force is still working on IPv6 security elements and "many of them need to be tested in the real world," security consultant Richard Graveman said Wednesday, December 10, at the U.S. IPv6 Summit in Arlington, VA. One of the key security elements in IPv6 is IPSec encryption, which is mandatory in the new protocol. But security is more than IPSec, Graveman said. "Downloading an encrypted virus and installing it is just as bad as downloading an unencrypted virus," he said. Good encryption will not stop hackers either, he said. "You don't break good crypto, you go around it," he said, so proper implementation of IPv6 and a secure platform still are key to securing networks. Latief Ladid, president of the IPv6 Forum, said warned that hackers already are studying the new protocols and are uncovering security flaws. Source: http://www.gcn.com/vol1_no1/daily-updates/24398-1.html December 10, Dow Jones Business News - SCO Group Website disabled by another hacker attack. The Website of SCO Group Inc. has been temporarily disabled by a hacker attack that began early Wednesday, December 10, the company said. It marks the third time this year the Lindon, UT, software firm's site has been the target of a "denial of service" attack. In such assaults, hackers bombard an Internet site with traffic in an attempt to overwhelm its server computers and shut it down. The latest attack began at 6:20 a.m. EST, and it isn't clear when it will cease, said SCO spokesman Blake Stowell. Past attacks against the company's site have lasted for several days. Stowell said the company has notified law-enforcement authorities. The attack is preventing SCO customers from downloading updates or security fixes to their software. Source: http://biz.yahoo.com/djus/031210/1527001248_1.html December 09, Government Computer News - Moonv6 testing to continue. Initial ten-day testing in October on the nation's largest native IPv6 network by the Department of Defense (DoD) and the University of New Hampshire demonstrated IPv6 linkage of academic and military sites from New Hampshire to San Diego. Time was short, and there was a dearth of applications written for the new Internet Protocol. "We had a limited number of vendor implementations to work with," said Ben Schultz, managing engineer of the University of New Hampshire's interoperability laboratory. Opportunities to test security also were limited, he said Tuesday, December 9, at the U.S. IPv6 Summit in Arlington, VA. Under those constraints, the File Transfer Protocol, Hypertext Transfer Protocol, Secure HTTP, Telnet and Domain Name System applications worked, Schultz said. The Moonv6 test bed is a collaboration by JITC, the university lab and the North American IPv6 Task Force. The second phase of testing, scheduled to run from February 2 to April 14, will dig deeper into security, mobility and routing protocol testing, as well as network stability and management, JITC's Major Roswell Dixon said. Source: http://www.gcn.com/vol1_no1/daily-updates/24375-1.html December 09, Government Executive - Agencies get failing grades on cybersecurity . Federal efforts to secure critical computer systems and sensitive information are improving, but more than half of all agencies are still doing very poorly at the task, lawmakers said Tuesday, December 9. Overall, the federal government received a grade of D for cybersecurity, up from a grade of F a year earlier, according to the 2003 Federal Computer Security Scorecard released Tuesday. The scorecard, which is compiled by the House Government Reform subcommittee, is based on information reported by each agency and federal inspectors general to Congress and the Office of Management and Budget. Senator Susan Collins (R-ME), who chairs the Senate Governmental Affairs Committee, urged agencies to take immediate action to improve cybersecurity. "The administration has reason to believe that cyberattacks could be part of terrorists' game plans," she said. "We cannot afford to be caught off guard." Source: http://www.govexec.com/dailyfed/1203/120903c1.htm Current Alert Levels AlertCon: 2 out of 4 https://gtoc.iss.net Security Focus ThreatCon: 1 out of 4 http://analyzer.securityfocus.com/ Current Virus and Port Attacks Virus: #1 Virus in the United States: WORM_LOVGATE.G Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 135 (epmap), 1434 (ms?sql?m), 1433 (ms?sql?s), 445 (microsoft?ds), 80 (www), 137 (netbios?ns), 554 (rtsp), 21 (ftp), 53 (domain), 139 (netbios?ssn) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Information_technology mailing list Information_technology@listserv
This archive was generated by hypermail 2b30 : Thu Dec 11 2003 - 09:42:52 PST