Posts Byadmin - 13/856 - Terrorism.com
Al-Qaida Remains Elusive in Afghanistan
January 30, 2003 | adminU.S. troops and their allies are finding it tough to pin down Taliban and al-Qaida remnants, a fact driven home by fighting that sputtered out this week with little indication of who the enemy was or what gains, if any, had been made. The military says the fighters were loyalists of rebel warlord Gulbuddin Hekmatyar. But former Taliban officials and other Afghans in Kandahar province, site of the fighting, say the men were remnants of the Taliban. They even name leaders: Sirajuddin and Abdul Rahman. Western intelligence, the United Nations and the rebels themselves say opponents of the United States and President Hamid Karzai have stepped up their recruiting and efforts to reorganize. Full Story
Security Company Breaks With CERT Over Disclosure
January 30, 2003 | adminA long-simmering dispute between the CERT Coordination Center and vulnerability research companies flared into public view Jan. 27, when Next Generation Security Software Ltd. (NGSS) announced that it’s severing its relationship with CERT, saying that the government-sponsored Internet security reporting center had passed vulnerability information to third parties. The dispute between NGSS and CERT arose over a batch of six software vulnerabilities that NGSS shared with CERT at the same time it disclosed them to the affected software vendor, according to Mark Litchfield, cofounder of Sutton, England-based NGSS. Before a patch was issued or the public notified about the vulnerability, the affected software vendor was approached by two government agencies concerning the undisclosed vulnerability. Those agencies said CERT had informed them about the flaw, according to Litchfield. Full Story
Worm Attack Heightens Net Terrorism Concern
January 30, 2003 | adminThe Internet attack that froze bank ATM networks, canceled airline flights and shut down computers at a 911 emergency center last weekend probably wasn’t the work of an enemy government or cyberterrorist, security experts and government officials say. Although Saturday’s Slammer worm was more damaging than most cyberassaults, the world’s computer networks are pricked and probed by intruders an average of 1,500 times a week, with only a tiny fraction of attacks causing serious damage. However, on the eve of a possible war with Iraq, the Slammer attack has heightened international worries that anti-American sentiment could spill into the digital world and wreak havoc in ways unthinkable the last time the United States went to war in the Persian Gulf. Full Story
Too Few Firms Have Disaster Recovery Plan
January 30, 2003 | adminHalf of companies are unprepared for disaster. Almost half of European IT departments do not have a current disaster recovery strategy. Research from the Storage Network Industry Association (SNIA), revealed exclusively to Computing, suggest that the high-profile of the issue following the 2001 terrorist outrage in New York has not lasted. When asked ‘How often do you update your disaster recovery plan?’, 23 per cent of the respondents answered: ‘What plan?’ Another 24 per cent said they did not update their plan at least once a year. ‘This shows the gap between wish and execution,’ said Daniel Sazbon, vice-chairman of SNIA Europe. Full Story
The Case of Slammer and the Broken Patching Process
January 30, 2003 | adminThough it could have been worse, the Slammer worm that crippled networks last weekend at a pace of 200,000 to 300,000 attacks per hour really shouldn’t have been as big or as widespread as it was. Microsoft (Nasdaq: MSFT) had discovered the vulnerability in its SQL Server 2000 software back in July and had issued a patch for it. In fact, companies that had installed SQL Service Packs 2 or 3 or patches from other sources issued since the security hole was discovered escaped virtually unscathed, which brings us to the big question: How could Slammer have had such a devastating effect if the patch was available? Full Story
New Cyber Crime Law to be Introduced
January 30, 2003 | adminIndia Tuesday said it is set to introduce comprehensive legislation to counter the rising threat of cyber terrorism. The law and justice ministry is drafting the law in consultation with the ministries of communication and information technology, home, defence and finance, a government spokesman said. Though the Information Technology Act 2000 incorporates punishments for various cyber crimes, a separate law is needed to deter “sophisticated and menacing” forms of such illegal activities, the spokesman said. Full Story
How the Net Leaves Itself Open to Attack
January 30, 2003 | adminThe net is making itself unnecessarily vulnerable to crippling attacks, warn experts. Analysis of the queries sent to one of the net’s core address books show that 98% of them could have been handled by other parts of the network. Dealing with these queries on the outer reaches of the net rather than at its core could help limit the damage of concerted attacks on key servers say experts. The report and advice comes as the net recovers from the damage wrought by the Slammer worm that exploited holes in Microsoft software. Full Story
Internet Attack Hunt Difficult
January 30, 2003 | adminLeading experts on Internet security are skeptical that the FBI and other investigators will be able to track down the person responsible for last weekend’s attack on the Internet. These experts, including many who provide technical advice to the FBI and other U.S. agencies, said exhaustive reviews of the blueprints for the attacking software are yielding few clues to its origin or the author’s identity. “The likelihood of being able to track down the specific source of this is very unlikely,” said Ken Dunham, an analyst at iDefense Inc., an online security firm. “We don’t have the smoking gun.” Did Honker do it? Many top experts believe the programming for the Internet worm was based on software code published on the Web months ago by a respected British computer researcher, David Litchfield, and later modified by a virus author known within the Chinese hacker community as “Lion.” Full Story
Few Clues in Web Worm Whodunit
January 30, 2003 | adminLeading experts on Internet security are skeptical that the FBI and other investigators will be able to track down whoever was responsible for last weekend’s attack on the Internet. These experts, including many who provide technical advice to the FBI and other U.S. agencies, said exhaustive reviews of the blueprints for the attacking software are yielding few clues to its origin or the author’s identity. “The likelihood of being able to track down the specific source of this is very unlikely,” said Ken Dunham, an analyst at iDefense, an online security firm. “We don’t have the smoking gun.” The worm’s author could face up to life in prison under new U.S. anti-terror legislation passed two months ago, some legal experts said. Full Story
FAA: Slammer Didn't Hurt Us, But Other Attacks Coming
January 30, 2003 | adminThe U.S. Federal Aviation Administration survived last weekend’s slammer worm attack with only one administrative server compromised, and the agency that controls commercial air traffic in the U.S. is taking a multi-pronged attack to network security, said Daniel Mehan, assistant administrator for information services and chief information officer at the FAA. Mehan, speaking to the media at the ComNet Conference and Expo Tuesday, said no “mission-critical” computers were compromised by the Slammer attack, which shut down Internet service in some parts of Asia and slowed connections worldwide. A combination of keeping up to date with patches, keeping workers trained and using a variety of anti-hacking strategies kept the FAA’s important computer systems running during the Slammer attack, he added. Full Story