JusticeDept.com

May 29, 2009

Obama Creating A “Cyber Czar”

Filed under: Uncategorized — Tags: , , , , , — @ 1:17 pm

Washington, DC — President Barack Obama considers computer security a top priority. Immediately after taking office, the President ordered the National Security and Homeland Security Advisors to conduct an immediate Cyber Security Review. The creation of the positioin “Cyber Czar” is a direct result of the security review.

——————————————

President Obama Directs the National Security and Homeland Security Advisors to Conduct Immediate Cyber Security Review

Melissa Hathaway Selected to Lead the Review

President Obama has directed the National Security and Homeland Security Advisors to conduct an immediate review of the plan, programs, and activities underway throughout the government dedicated to cyber security.

This 60-day interagency review will develop a strategic framework to ensure that U.S. Government cyber security initiatives are appropriately integrated, resourced and coordinated with Congress and the private sector.

“The national security and economic health of the United States depend on the security, stability, and integrity of our Nation’s cyberspace, both in the public and private sectors. The President is confident that we can protect our nation’s critical cyber infrastructure while at the same time adhering to the rule of law and safeguarding privacy rights and civil liberties,” said Assistant to the President for Counterterrorism and Homeland Security John Brennan.

Melissa Hathaway, who has served as Cyber coordination Executive to the Director of National Intelligence, will lead the review and will serve as Acting Senior Director for Cyberspace for the National Security and Homeland Security Councils during the review period.

April 24, 2009

What’s So Great About Firefox?

Filed under: Uncategorized — Tags: , , , , , — @ 5:23 pm

Mozilla has released a new version of the Firefox web browser. “Firefox has security, speed and new features that will change the way you use the Web. Don’t settle for anything less.”

The Safest Web Browser

Mozilla says, “Simply put, your online security is our top priority. Firefox includes strict anti-phishing and anti-malware measures, plus easy ways to tell the good guys from the bad like our new one-click site ID info. And, thanks to our open source process we have thousands of security experts around the globe working around the clock to keep you (and your personal information) safe.”

April 15, 2009

U.S. Electrical Grid Attacked by Hackers

Filed under: Uncategorized — Tags: , , , , — @ 1:56 pm

Hackers planted malware onto the network of the U.S. electrical grid. It is likely their intent was to cripple the power infrastructure. According to security researcher Roger Thompson the hackers probably gained access like many others by exploiting holes in software, such as, Windows.

“Any computer connected to the Internet is potentially vulnerable. Getting to the actual infrastructure devices directly — that’s always possible, but a whole lot less likely. In any industry, critical or not, there are always plenty of PCs that have been compromised.”

There is debate over whether the owner of a compromised computer can be held criminally responsible for allowing their PC to be taken-over.

April 11, 2009

Coordinating Virus and Spyware Defense

Filed under: Uncategorized — Tags: , , , , — @ 7:30 pm

by CERT

Using anti-virus and anti-spyware software is an important part of cyber security. But in an attempt to protect yourself, you may unintentionally cause problems.

Isn’t it better to have more protection?

Spyware and viruses can interfere with your computer’s ability to process information or can modify or destroy data. You may feel that the more anti-virus and anti-spyware programs you install on your computer, the safer you will be. It is true that not all programs are equally effective, and they will not all detect the same malicious code. However, by installing multiple programs in an attempt to catch everything, you may introduce problems.
How can anti-virus or anti-spyware software cause problems?

It is important to use anti-virus and anti-spyware software (see Understanding Anti-Virus Software and Recognizing and Avoiding Spyware for more information). But too much or the wrong kind can affect the performance of your computer and the effectiveness of the software itself.

Scanning your computer for viruses and spyware uses some of the available memory on your computer. If you have multiple programs trying to scan at the same time, you may limit the amount of resources left to perform your tasks. Essentially, you have created a denial of service against yourself (see Understanding Denial-of-Service Attacks for more information). It is also possible that in the process of scanning for viruses and spyware, anti-virus or anti-spyware software may misinterpret the virus definitions of other programs. Instead of recognizing them as definitions, the software may interpret the definitions as actual malicious code. Not only could this result in false positives for the presence of viruses or spyware, but the anti-virus or anti-spyware software may actually quarantine or delete the other software.
How can you avoid these problems?

* Investigate your options in advance – Research available anti-virus and anti-spyware software to determine the best choice for you. Consider the amount of malicious code the software recognizes, and try to find out how frequently the virus definitions are updated. Also check for known compatibility issues with other software you may be running on your computer.

* Limit the number of programs you install – Many vendors are now releasing packages that incorporate both anti-virus and anti-spyware capabilities together. However, if you decide to choose separate programs, you really only need one anti-virus program and one anti-spyware program. If you install more, you increase your risk for problems.

* Install the software in phases – Install the anti-virus software first and test it for a few days before installing anti-spyware software. If problems develop, you have a better chance at isolating the source and then determining if it is an issue with the software itself or with compatibility.

* Watch for problems – If your computer starts processing requests more slowly, you are seeing error messages when updating your virus definitions, your software does not seem to be recognizing malicious code, or other issues develop that cannot be easily explained, check your anti-virus and anti-spyware software.

April 7, 2009

CONFICKER WORM IMPORTANT ANNOUNCEMENT

Filed under: Uncategorized — Tags: , , , , , — @ 6:30 pm

US-CERT saw no evidence of nefarious behavior associated with Conficker on April 1, 2009. It is important to understand that it is still unclear what Conficker is intended for and capable of doing. Systems with infections must be cleaned now. An infected system could enable an attacker to remotely take control of that system and install additional malicious software. Even though April 1, 2009 has passed, the exact time and intended purpose of the Conficker/Downadup worm remains unknown. The possible malicious uses of this worm range from data theft, phishing/spam efforts, and, the scenario of most concern, distributed denial-of-service (DDoS) attacks. Users must remain vigilant in detecting the Conficker Worm and systematically cleaning systems of these infections to prevent potential, future cyber events. PLEASE READ THE CURRENT ACTIVITY UPDATE for more information about the Conficker worm.

April 3, 2009

Safer Net Surfing

Filed under: Uncategorized — Tags: , , , , — @ 1:49 pm

by NIST

When you type www.irs.gov—or the Web address of your bank or an e-commerce site—into your web browser, you want to be sure that no one is hijacking your request and sending you to a bogus look-alike page. You’re relying on the integrity of the Internet’s “phone book,” the Domain Name System (DNS). Computer scientists at the National Institute of Standards and Technology (NIST) are playing a major role in making sure that what you type is what you get by providing standards, guidance and testing necessary to bolster the trustworthiness of the global DNS. A draft update of NIST’s guidelines for DNS security is now available for public comment.

Most recently, NIST computer scientists provided technical assistance to the General Services Administration to meet the end-of-February deadline to secure the top-level .gov (“dot-gov”) domain, the first major step of a new government-wide DNS security upgrade. NIST researchers develop the standards, specifications and operational procedures used by federal civilian agencies to safeguard their information systems. The Internet relies on the DNS system that converts the user-friendly names (www.nist.gov) into a unique Internet Protocol address (129.6.13.45) necessary to route data to its destination.

The DNS as currently deployed lacks the ability to authenticate the source or integrity of responses returned from the system, and as a result it is easy to spoof responses and redirect users to fake or look-alike destinations. NIST and others are working to add “steel doors and locks” to enhance DNS security. NIST computer scientists led the development of new Internet Engineering Task Force (IETF) standards to add digital signatures and associated key management procedures to DNS protocols. These additions, called DNSSEC, allow users to validate the authenticity and integrity of the data and will provide the basis for a new trust infrastructure for the DNS and protocols and systems that rely on it.

“We hope that the dot-gov deployment of DNSSEC will encourage rapid deployment in other sectors, including government contractors, trading partners and general e-commerce sites,” said Scott Rose, one of the NIST computer researchers.

In addition to developing the standards and deployment protocol guidance for DNSSEC, NIST researchers have developed the Secure Naming Infrastructure Pilot (SNIP) distributed testbed (www.dnsops.gov) to assist agencies and vendors in experimenting with and evaluating specific DNSSEC solutions. NIST is a member of an industry-government DNSSEC-Deployment Initiative, coordinated by the Department of Homeland Security, to foster adoption and implementation of DNSSEC specifications across Internet domains.

The NIST team also has drafted updated recommendations for the “Secure Domain Name System (DNS) Deployment Guide” (NIST Special Publication 800-81 Rev 1), the key DNS security guidance document for civilian agencies, (Available on the Web at http://csrc.nist.gov/publications/drafts/800-81-rev1/NIST_SP-800-81-Rev1_draft.pdf.)

This first revision of the guidance proposes stronger cryptographic algorithms and keys to provide more resilience against attack. The revised publication incorporates comments from the Internet Engineering Task Force that are to update best practices and checklists in the document. The latest version of the deployment guide includes cookbook configuration instructions for two commonly deployed DNS server implementations.

The public is invited to review the draft NIST SP-800-81 revision 1 guidelines and submit comments to SecureDNS@nist.gov before March 31, 2009.

March 30, 2009

Tracking GhostNet: Investigating a Cyber Espionage Network

Filed under: Uncategorized — Tags: , , , , , — @ 1:12 pm

This report documents the GhostNet – a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% of which are high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs.

The capabilities of GhostNet are far-reaching. The report reveals that Tibetan computer systems were compromised giving attackers access to potentially sensitive information, including documents from the private office of the Dalai Lama. The report presents evidence showing that numerous computer systems were compromised in ways that circumstantially point to China as the culprit. But the report is careful not to draw conclusions about the exact motivation or the identity of the attacker(s), or how to accurately characterize this network of infections as a whole. The report argues that attribution can be obscured.

The report concludes that who is in control of GhostNet is less important than the opportunity for generating strategic intelligence that it represents. The report underscores the growing capabilities of computer network exploitation, the ease by which cyberspace can be used as a vector for new do-it-yourself form of signals intelligence. It ends with warning to policy makers that information security requires serious attention.

Conficker Worm Targets Microsoft Windows Systems

Filed under: Uncategorized — Tags: , , , , — @ 12:58 pm

US-CERT is aware of public reports indicating a widespread infection of the Conficker worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across the network if the host is not patched with MS08-067.

The presence of a Conficker infection may be detected if a user is unable to navigate to the following websites:
http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp+link_conficker_worm
http://www.mcafee.com

If a user is unable to reach either of these websites, the Conficker infection may be indicated (the most current variant of Conficker interferes with queries for these sites, preventing a user from visiting them). If a Conficker infection is suspected, the infected system should be removed from the network. Major anti-virus vendors and Microsoft have released several free tools that can verify the presence of a Conficker infection and remove the worm. Instructions for manually removing a Conficker infection from a system have been published by Microsoft in Knowledgebase Article 962007.

US-CERT encourages users to prevent a Conficker infection by ensuring all systems have the MS08-067 patch (part of Security Update KB958644, which was published by Microsoft in October 2008), disabling AutoRun functionality (see US-CERT Technical Cyber Security Alert TA09-020A), and maintaining up-to-date antivirus software.

US-CERT will provide additional information as it becomes available.

March 28, 2009

Java Security Vulnerabilities

Filed under: Uncategorized — Tags: , , , , , — @ 1:55 pm

Sun Releases Updates for Java SE
added March 26, 2009 at 08:54 am

Sun has released updates for Java SE to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with escalated privileges.

US-CERT encourages users to review the Sun Java SE 6 Update Release Notes and upgrade to Java SE version 1.6.0_13 to help mitigate the risks.

Microsoft Updates for Multiple Vulnerabilities

Filed under: Uncategorized — Tags: , , , , — @ 1:54 pm

Source: US-CERT
As part of the Microsoft Security Bulletin Summary for March 2009, Microsoft released updates to address vulnerabilities that affect Microsoft Windows and Windows Server.

A remote, unauthenticated attacker could gain elevated privileges, poison the DNS cache, execute arbitrary code, or cause a vulnerable application to crash.

Solution

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for March 2009. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

Older Posts »

Powered by WordPress