Return-Path: <sentto-279987-4375-1011854175-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Wed, 23 Jan 2002 22:38:08 -0800 (PST) Received: (qmail 16201 invoked by uid 510); 24 Jan 2002 06:36:10 -0000 Received: from n26.groups.yahoo.com (216.115.96.76) by all.net with SMTP; 24 Jan 2002 06:36:10 -0000 X-eGroups-Return: sentto-279987-4375-1011854175-fc=all.net@returns.groups.yahoo.com Received: from [216.115.97.188] by n26.groups.yahoo.com with NNFMP; 24 Jan 2002 06:24:36 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_1_3); 24 Jan 2002 06:36:14 -0000 Received: (qmail 60894 invoked from network); 24 Jan 2002 06:36:14 -0000 Received: from unknown (216.115.97.171) by m2.grp.snv.yahoo.com with QMQP; 24 Jan 2002 06:36:14 -0000 Received: from unknown (HELO red.all.net) (12.232.72.98) by mta3.grp.snv.yahoo.com with SMTP; 24 Jan 2002 06:36:14 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g0O6amH00875 for iwar@onelist.com; Wed, 23 Jan 2002 22:36:48 -0800 Message-Id: <200201240636.g0O6amH00875@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Wed, 23 Jan 2002 22:36:48 -0800 (PST) Subject: [iwar] [fc:Internet.Less.Secure.-.Despite.More.Spending,.Web.Is.A.More.Dangerous.Place] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Internet Less Secure - Despite More Spending, Web Is A More Dangerous Place Ref: Associated Press, 21 Jan 2002 <a href="http://www.canoe.ca/CNEWSTechNews0201/21_security-ap.html">http://www.canoe.ca/CNEWSTechNews0201/21_security-ap.html> by Anick Jesdanun -- AP Internet Writer NEW YORK (AP) -- Spending on Internet security continues to grow, yet the worldwide supernetwork remains more vulnerable than ever to viruses, break-ins and terrorism. Simply put, hackers are getting smarter, and computer networks are getting more complex and difficult to keep safe. "The rate of growth of our vulnerabilities is exceeding the rate of improvements in security measures," said Michael Vatis, former director of the FBI's National Infrastructure Protection Center. "We're not improving fast enough to keep pace with the problem, let alone get ahead of the problem." Bruce Schneier, chief technical officer at Counterpane Internet Security, said companies that invest in security may be reducing their own risks, but new networks with minimal protections are constantly joining the Internet. "Overall, security goes down," Schneier said. "Things are bad out there, and things are getting worse." CERT Coordination Center, the government-funded computer emergency response team at the Carnegie Mellon University, says it received reports last year of 52,658 security breaches and attacks, and 2,437 computer vulnerabilities -- more than double the figures for 2000. Part of the increase results from greater awareness, and network operators are reporting incidents they wouldn't have noticed in the past, said Marty Lindner, a team leader at CERT. But hackers have also produced better tools for automating attacks, making them more numerous, Lindner added. Last year, the Internet was hit with a new class of worms, which unlike viruses do not require human intervention to spread. Code Red and Nimda found new ways to propagate rapidly and tied up Internet traffic worldwide by exploiting well-known software vulnerabilities. One version of Code Red was also programmed to launch a strike on the White House's Web site on a given date, though the site's administrators took corrective action in time. A second version installed a program that could give outsiders control of infected computers. "A single threat can now combine a number of different attacks," said Stephen Trilling, a research director at security company Symantec Corp. In addition to unleashing Medusa-like threats, hackers are also quicker to exploit new vulnerabilities, giving system administrators less time to react, said Chris Rouland, director of the X-Force research team at Internet Security Systems Inc. According to a study from Computer Economics, a research firm, Code Red and Nimda caused more than $3 billion in damages and economic disruption worldwide. The worms prompted several companies and network operators to bolster their defenses. As a result, computer security companies saw revenue growth of 15 percent to 20 percent last year, according to Chris Christiansen, a research analyst at IDC. But that's still lower than the 30 percent to 50 percent growth experienced in past years, Christiansen said. And while security companies said the Sept. 11 attacks initially prompted more inquiries and sales, IDC found no lasting boost in revenues. Steve Lipner, director of security assurance at Microsoft Corp., sought to put security risks in perspective, saying millions of people use the Internet daily "without any ill effect at all." Even so, Microsoft Chairman Bill Gates directed employees last week to put security and privacy ahead of new capabilities in the company's products. "If we don't do this, people simply won't be willing -- or able -- to take advantage of all the other great work we do," he said in an e-mail memo. Many security breaches, including Code Red and Nimda, exploited flaws in Microsoft products, and security experts disclosed last month that hackers could seize control of computers running Windows XP -- marketed as the company's most secure system -- unless users installed a patch to fix it. The risks aren't limited to Microsoft products. Jerry Freese, director of intelligence at security firm Vigilinx Inc., warned of dangers in the burgeoning world of wireless networks that allow hackers to intercept private communications and even break into systems. Freese said wireless technologies will face some of the security challenges that wired systems went through earlier. Another risk lies in home high-speed networks, he said. Home users tend to be less knowledgeable about security yet their computers are getting powerful enough for hackers to take over and launch denial-of-service strikes, which aim to paralyze a Web site or computer system by flooding it with fake traffic. Of greatest concern are cyberattacks that could bring down electric power grids, automated teller machines and public transportation systems, disrupting the economy and posing safety risks to the public. As more efforts are directed at improving physical security -- at national borders and airports, terrorists will look for targets elsewhere -- in cyberspace, said Michael Erbschloe, author of "Information Warfare: How to Survive Cyberattacks." Erbschloe, who is also vice president of research at Computer Economics, said newcomers to the Net, including small- and medium-sized businesses, represent the weakest links. "Large companies have learned their lessons pretty well, and most government (agencies) are taking this far more seriously," Erbschloe said. "But we still have a growing new population. A lot of people don't have a clue." ------------------------ Yahoo! Groups Sponsor ---------------------~--> Sponsored by VeriSign - The Value of Trust When building an e-commerce site, you want to start with a secure foundation. Learn how with VeriSign's FREE Guide. http://us.click.yahoo.com/kWSNbC/XdiDAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-12-31 02:15:03 PST