Security Related News
CYBERSECURITY PLAN DISAPPOINTS MANY
On Friday the Bush Administration released the final version of the National
Strategy to Secure Cyberspace, which disappointed many in its variance from
several widely circulated drafts. The document attempts to address the growing
concern over threats to the nation's computer systems, threats that could result
in "debilitating disruption to our nation's critical infrastructures, economy,
or national security." Critics complained that the final version of the
strategy document backs away from regulations and concrete steps to improve
cybersecurity, opting instead for suggestions and softer recommendations. Allan
Paller of the SANS Institute said the document is "a wonderful statement
of the problem" but leaves out "some of the best ideas that people
had." Sen. Charles E. Schumer (D-N.Y.) also faulted the final document,
calling it "a vague set of broad principles that has no money backing it
up." Washington Post, 15 February 2003 http://www.washingtonpost.com/wp-dyn/articles/A10274-2003Feb14.html
LINUX SECURITY AUDITING TO GET A BOOST
Sardonix Audit Portal, which aims to consolidate Linux security auditing, recently
received funding from the U.S. government's Defense Advanced Research Project
Agency (DARPA). Crispin Cowan, chief scientist at Linux firm WireX, co-founded
the project. He said it will organize Linux developers to see which programs
have and have not been audited for security holes, then secure them in a systematic
fashion. Cowan will also try to develop a community where code reviewers are
graded on how well they complete their tasks. The Linux community tried a similar
project in 1998, but failed when the Linux Security Audit Project quickly lost
its focus and became a discussion board for Linux security. Cowan said that
under the DARPA agreement WireX will also provide software to the Linux community
that will help enable Linux developers to write code protected against buffer
overflow and domain-name server attacks. The Sardonix portal will also feature
developer tools to make the auditing process more accurate and efficient. DARPA
funded the portal, along with 11 other projects, as part of its $1.2 million
effort to create a more secure OpenBSD. (Cnet, 6 February 2002)
REPORTS SHOW A LULL IN COMPUTER VIRUSES
Security experts report a sharp decrease in the number and severity of computer
viruses compared to this time last year. Last year was notable for outbreaks
of the Code Red, Nimda, and Sircam viruses. According to an official at F-Secure,
a Finnish anti-virus company, Klez is the most significant concern of the year
so far. Last year F-Secure issued nine "Level One" virus warnings,
its most severe, and predicted that viruses would find their way to mobile devices
including phones and pocket PCs. The prediction has not come true, and this
year the company has not issued any "Level One" warnings. Other security
firms report similar drops in virus activity. Explanations for the decline include
better anti-virus tools, heightened user awareness of the need for protection,
stiffer criminal sentences for hackers, and even a sense of patriotism. Reuters,
12 August 2002 http://www.siliconvalley.com/mld/siliconvalley/3848828.htm
"A Long, Hard Look at the Hackers"
Governments are taking the perceived threat of cyberterrorism very seriously,
especially after the Sept. 11 attacks. The U.S.'s national strategy to secure
cyberspace postulates a scenario in which terrorists use the Internet to remotely
cripple ... http://www.acm.org/technews/articles/2002-4/1122f.html#item10
"Agencies Fail Cyber Test"
The House Government Reform subcommittee gave the federal government an overall
failing grade for its computer security efforts, which were assessed in a study
by the General Accounting Office (GAO). The GAO's study flunked 14 out of the
24 largest ... http://www.acm.org/technews/articles/2002-4/1122f.html#item11