Return-Path: <sentto-279987-1099-986525176-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Thu, 05 Apr 2001 19:47:07 -0700 (PDT) Received: (qmail 9643 invoked by uid 510); 6 Apr 2001 02:46:44 -0000 Received: from mv.egroups.com (208.50.144.81) by 204.181.12.215 with SMTP; 6 Apr 2001 02:46:44 -0000 X-eGroups-Return: sentto-279987-1099-986525176-fc=all.net@returns.onelist.com Received: from [10.1.4.55] by mv.egroups.com with NNFMP; 06 Apr 2001 02:46:16 -0000 X-Sender: fc@all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_1_1); 6 Apr 2001 02:46:15 -0000 Received: (qmail 65635 invoked from network); 6 Apr 2001 02:46:15 -0000 Received: from unknown (10.1.10.142) by l9.egroups.com with QMQP; 6 Apr 2001 02:46:15 -0000 Received: from unknown (HELO all.net) (65.0.156.78) by mta3 with SMTP; 6 Apr 2001 03:47:19 -0000 Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id TAA11041 for iwar@onelist.com; Thu, 5 Apr 2001 19:46:14 -0700 Message-Id: <200104060246.TAA11041@all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 5 Apr 2001 19:46:14 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] news Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Review shows hackers accessed 155 federal computer systems At least 155 federal computers systems -- some with sensitive research information or personal data on Americans -- were temporarily taken over by hackers last year, according to a review that found widespread lax computer security. The government's lack of safeguards against domestic and foreign attackers who struck 32 federal agencies last year is ``chilling,'' one congresswoman said. ``I think it would come as quite a surprise for most Americans to learn the extent to which these federal civilian agencies are the target of attacks by foreign and domestic sources bent on espionage or other malicious actions,'' Rep. Billy Tauzin, R-La., said at a House Oversight and Investigations hearing Thursday. http://www.siliconvalley.com/docs/news/tech/072870.htm http://www.msnbc.com/news/555308.asp http://www.siliconvalley.com/docs/news/reuters_wire/1053144l.htm http://www.newsbytes.com/news/01/164168.html http://www.nandotimes.com/technology/story/0,1643,500470802-500720983-504028700-0,00.html Pentagon networks attacked 715 times in 2000 The US Army, Navy and Air Force combined suffered 715 cyber attacks last year, according to a report from the General Accounting Office (GAO) released last week. The Navy reported the most attacks, 387, with the Army slightly behind at 299. The Air Force suffered only 29 attacks in 2000, according to the report, 'Information Security -- Challenges to Improving DOD's Incident Response Capabilities.' The report says the three services suffered only 600 cyber attacks in 1999 -- significantly less than the 22,144 electronic assaults reported by the Defense Information Systems Agency (DISA), the Pentagon's IT arm, for that year. http://www.theregister.co.uk/content/8/18138.html Pentagon cyber defense impaired -- report The US military's ability to defend against cyber attacks is hampered by a dearth of coordination among the armed services, and a poorly implemented alert system, according to a new report by government investigators. The report, "Information Security -- Challenges to Improving DOD's Incident Response Capabilities," was issued last week by the General Accounting Office (GAO), Congress' investigative arm. It found the Defense Department lacks a coordinated approach to ensuring that its systems are patched against the latest software vulnerabilities, and to conducting security assessments. According to the report, the armed services performed over 150 computer security assessments last year, including some simulated hack attacks by a National Security Agency (NSA) red team, and identified hundreds of vulnerabilities in defense systems. But those audits were not coordination and prioritized. http://www.theregister.co.uk/content/8/18137.html General says the "cyber" threat is real. "My view is that as we look at our computer systems, we'd be kidding ourselves if we thought they weren't vulnerable," said Air Force Gen. Ralph E. Eberhart, U.S. Space Command commander in chief, during a March 28 interview with the American Forces Information Service. Eberhart's command assumed responsibility for computer network defense in 1999, he said. The following year, it picked up the mission of computer network attack. Today's threats against DoD -- and private sector -- computer systems run the spectrum from the curious, bored high school or college student to state-sponsored 'cyber' war or computer network attack, he said. http://www.af.mil/news/Apr2001/n20010405_0476.shtml House members watch DOE official hack into federal computers Members of Congress watched Thursday as an Energy Department cybersecurity expert hacked into a computer hooked to the Internet, underscoring the federal government's vulnerability to international information warfare. Members of the House Energy and Commerce Committee's Subcommittee on Oversight and Investigations looked on as Jason Bellone, a member of Energy's Office of Cybersecurity and Special Reviews, broke passwords again and again with tools available for free download over the Internet. The federal government stores vast amounts of sensitive data, said full committee chairman Billy Tauzin, R-La. And when it comes to computer security we are barely treading water. In this increasingly interconnected world, we're either going to prioritize our resources better to meet this challenges ... or we're going to find ourselves in deep, deep trouble, Tauzin said. http://www.govexec.com/dailyfed/0401/040601j1.htm FBI struggles to retain cybercrime experts The FBI suffers from a high turnover of experts in cybercrime but continues to get quality people, FBI Director Louis Freeh said Wednesday. "There's a bull market" for skilled FBI cyber-crime workers, Freeh told a World Economic Forum event held at the U.S. Chamber of Commerce. In order to keep workers in the agency, he said, "we basically rely on people's patriotism." That can be difficult when agency employees earning $50,000 to $55,000 interact every day with former FBI workers now making six figures in the private sector, he said. Fortunately for the agency, the number of qualified applicants continues to far outnumber the job vacancies. The number of criminal cases involving computer technology is growing exponentially, Freeh said, and the top challenge facing the FBI in working against cybercrime is maintaining the balance between protecting personal privacy and enforcing laws. He said the same constitutional balance between privacy and the necessity of a government to stop crimes should apply to the electronic age. http://www.govexec.com/dailyfed/0401/040501td.htm Companies taking over cyberalerts Federal agencies soon will have a commercial resource at their beck and call when dealing with security vulnerabilities and cyberattacks. The Federal Computer Incident Response Capability, the central civilian organization for security alerts and recovery, last week signed a contract with Science Applications International Corp. and its partner Global Integrity Information Security to provide the day-to-day operations for the center. Responsibilities include issuing vulnerability alerts and helping agencies respond and recover when actually hit with a cyberattack, said Dave Jarrell, director of FedCIRC, which is based at the General Services Administration. http://www.fcw.com/fcw/articles/2001/0402/web-saic-04-05-01.asp Bush, citing privacy, swears off E-Mailing family President Bush has sworn off e-mail as a form of communication, citing privacy concerns. Bush used to have a wide circle of family and friends to whom he exchanged e-mails as a way to stay in touch, particularly during his presidential campaign when he traveled frequently. But that has come to a screeching halt now that Bush is in the White House. ``I used to be an avid e-mailer, and I e-mailed to my daughters or e-mailed to my father, for example, and I don't want those e-mails to be in the public domain,'' Bush said on Thursday to the American Society of Newspaper Editors. He said he does not e-mail out of concern his private communications could be subject to freedom of information laws and could be made public. Bush said, however, that his administration will cooperate fully with freedom of information requests if they do not jeopardize national security. http://www.siliconvalley.com/docs/news/reuters_wire/1053059l.htm http://www.newsbytes.com/news/01/164171.html ------------------------ Yahoo! Groups Sponsor ---------------------~-~> Do you have 128-bit SSL encryption server security? Get VeriSign's FREE Guide, "Securing Your Web Site for Business." Get it now! http://us.click.yahoo.com/EVNB7A/c.WCAA/bT0EAA/kzAVlB/TM ---------------------------------------------------------------------_-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:06 PDT