| Virus Warnings / Patches | Risk | Virus Name | Date Discoverd |
|
 |
| Top Security News |
3Com Tipping On Flaw Disclosures
3Com and its Tipping Point division have established a web site, where security researchers can be rewarded for disclosing vulnerabilities...
SonicWALL To Launch SSL-VPN Solutions for Remote Network Access
Thursday, SonicWALL announced that it will launch the industry's first range of SSL-VPN solutions for remote network access supporting unlimited numbers of concurrent tunnels at no additional cost...
McAfee Takes it to the MAX
McAfee has made available its SecurityAlliance eXchange or MAX, which offers partners access to pre-qualified leads, renewal data and order status information...
Patriot Act Surfs Through House
The USA Patriot Act made a successful run through the US. House of Representatives in a concerted government effort to make the anti-terrorism law, passed in the wake of 9/11, a permanent fixture in federal statutes.
Spam Wars: Blue Security Strikes Back
You sit down at your desk in the evening after work. You've had a difficult day, as usual. You just want to come home and check your eBay bids...
A BB Hole In Windows
Microsoft announced the a vulnerability in some of their products in the Remote Desktop Services (RDS)...
SpreadFireFox Spreading the Spam
The open source wonder known as Firefox has been feeling the love of the hacker community...
Cisco Patching Up A Few Holes
Cisco, the networking hardware monster, ironed on some patches for vulnerabilities found in their VoIP products that allow nefarious hackers to unscrupulously eavesdrop on private conversations...
Microsoft's New Dangerous Game
Just when you thought it might be safe to plug in your network cable again, the news of the day brings you right back down to earth...
Microsoft Security Crunch: Word and Windows
Microsoft announced a security update to repair problems in both Windows and their Word data processing software...
The ASC Looks to Define Spyware
Let's take a crack at defining spyware/adware. Irritating is the first word that comes to mind...
|
|
|
| |
 |
|
The Internet is both a wonder and a curse. It has the ability to connect people around the world instantaneously. It's the universal marketplace. A soldier in Iraq can see his little girl in Kentucky and talk to her. The entire world, China, Iran, the U.S. Norway, everywhere connected all the time. It's both enlightening and frightening when you think about it. It is bringing people closer together from around the world.
The curse part comes in because, since everyone is connected, everyone opens themselves up, to viruses, adware, spam, identity theft, credit fraud and many other forms of electronic vandalism and theft. The problem is when you can talk to everyone, they can lob you over the head and take your wallet. The same rule applies to the Internet.
On Monday, the General Accounting Office (GAO) pointed this fact out to the Senate Committee on Homeland Security and Governmental Affairs. They brought up the failure by the Department of Homeland Security (DHS) to adequately protect the electronic infrastructure of the U.S. and to a lesser extent the world.
The GAO told the committee the DHS needs to actually work out and develop cybersecurity because until it does, the Internet itself is vulnerable to a major assault. They need leadership and an Internet recovery plan. The GAO said the DHS doesn't even have a threat assessment system.
In a SecurityProNews story a few weeks ago, Jason Miller talked about hackers cracking the Department of Defense (DoD). Right now, there's a gentleman in Britain wanted by the U.S. government because he hacked, easily according to him, in the DoD networks. He said he was looking for UFO information. What he found was technology information of some things the DoD was working on but he also found a lot of other people from around the world wandering the DoD network. Skynet still sound impossible?
David Powner, director of IT management at the GAO addressed the committee and said "Until DHS addresses its many challenges ... it cannot function as a cybersecurity focal point for coordinating federal law and policy. The result is increased risk. Large portions of our critical infrastructure are unprepared to effectively handle a cybersecurity attack."
According to Senator Tom Coburn, R - Okla., "The United States does not have a robust ability to detect a coordinated attack on our critical infrastructure, nor does it have a measurable recovery and reconstitution plan for key mechanisms of the Internet and telecommunications system." Which mean we'll never even see it coming.
Back in May, the GAO completed an assessment of the cyber infrastructure and telecommunications in the U.S. They determined the DHS needed to address 13 areas and they haven't done it. Much of Powner's remarks restated what the report said. Those include developing and enhancing analysis and warning, provide and coordinate incident response, and recover and identifying and assessing cyber threats and vulnerabilities just to name a few.
Interestingly enough, when the threats were assessed, good old-fashioned, Uzi wielding terrorists were the bottom of the list. The list included bot-network operators, criminal groups, foreign intelligence services, hackers, insiders, phishers, spammers, spyware/malware authors and last was terrorists. So what does this tell us? The DoD needs to be more worried about the guy in Britain hacking in its computers looking for UFOs than they do Al Quaida hacking into their computers.
Some progress is being made however. One of the first major steps was Secretary of Homeland Security Michael Chertoff recognizing cybercrime and cyberterrorism were certainly areas that needed to be addressed. To that end, he's creating a position with a little more bureaucratic clout. The Assistant Secretary of Cyber and Telecommunications Security will have a tough job ahead of them.
The report said and Powner reiterated DHS has a long way to go in protecting the American electronic infrastructure. Right now, the strongest point in this cyber security effort remains private industry. Many companies out there work to improve security at various points along the way. Some build software to install on the computers. Some hardware companies include some protection in their routers and their modems. Others simply look to identify vulnerabilities in Windows or browsers and then you have companies like Microsoft and Mozilla who seek to protect their product and are constantly combing over look for holes. But as things go, this is not enough. It's truly a war in most respects.
Despite all these efforts, banks still get ripped by insiders. Spam and malware still make it on to computers. Small business websites still get held for ransom by denial of service attacks. Viruses still surface and shutdown government and private industry networks for hours costing them millions of dollars in some cases.
Some groups like CIDDAC, SANS and CSIA work to help bridge gaps between government and private industry but there needs to be a coordinated effort. The DHS's job with cyber and telecommunications security will have to coordinated and orchestrate all those efforts. They've got to be able with teenage hackers who want to be cool as much as any corporate espionage effort or concentrate phishing attack to get personal information.
The protection of the cyber infrastructure in the U.S. and world won't be easy. It will be terribly complicated and incredibly vast but with a coordinated effort it can be done. Cyber security is crucial to the protection of the U.S. not so much from a traditional security view point, no guns will be involved. It's more from the viewpoint that so much of the U.S. is networked together in one form or another with much of the rest of the world. This means that cyber security isn't something we can wait on, it's an absolute necessity and it's needed very soon.
By the time Skynet became self-aware it had spread into millions of computer servers across the planet. Ordinary computers in office buildings, dorm rooms; everywhere. It was software; in cyberspace. There was no system core; it could not be shutdown. The attack began at 6:18 PM, just as he said it would.
About the Author:
John Stith is a staff writer for SecurityProNews covering the latest security issues. |
|
, Inc. 2549 Richmond Rd. Lexington KY, 40509
