Category: News

The report, prepared for the House of Representatives’ Committee on Government Reform, found that almost all agencies had improved their computer-security grade since last year. However, several key federal departments continued to fail to adequately protect their networks and earned an “F.” Two agencies, the Department of Health and Human Services and the National Aeronautics and Space Administration, slipped in the rankings since 2002.

The newest department in the federal government, the Department of Homeland Security, got off to a bad start with an overall “F” for its computer security, despite the fact that securing the nation’s network is part of its mission.

Davis took the private sector to task for poor security overall as well. “The culture of our top-level chief executives in the private sector, and top executives in government, must be changed,” he said in the statement. “We must get those at the very top, the decision makers, the ones accountable to the shareholders, the customers or the electorate, to recognise that lack of network security in an organisation is a material weakness and one that deserves necessary resources and immediate action.”

This year, two agencies earned an “A”: the Nuclear Regulatory Commission and the National Science Foundation. Ironically, a privately maintained nuclear reactor under the NRC’s jurisdiction suffered an attack by the Slammer worm in early 2003.

More info: [url=http://www.silicon.com/management/government/0,39024677,39117281,00.htm]http://www.silicon.com/management/government/0,39024677,39117281,00.htm[/url]

The beta version of Windows XP Service Pack 2 is expected to be made available to testers soon via Microsoft’s developer Web site. The final version is expected to be released in the first half of next year, Microsoft said.

“The Windows XP SP2 beta is intended to provide software developers and IT professionals an opportunity to conduct early testing and to allow Microsoft to collect valuable customer feedback,” the software company said in a fact sheet it provided to reporters. “During this beta, Microsoft hopes to garner significant feedback from developers and IT professionals that will be incorporated into and improve the final product.” Microsoft said that the software will be made available to information technology managers and developers via the MSDN Web site, and the company also will test the software using a number of people who have registered to be beta testers. In all, there will be hundreds of thousands of testers, Microsoft said.

Among the security improvements in Service Pack 2 are a beefed-up version of Windows Firewall, previously called Internet Connection Firewall, and software designed to block pop-up ads and prevent the unintended downloading and installation of software. The company also turned off the Windows Messenger service, which had been abused by some hackers. The improved firewall will be turned on by default and is designed to prevent all ports from accepting information from outside networks, unless permitted to by an application.

Microsoft also said it has taken a number of steps to reduce a type of exploit known as a buffer overrun, but the company warned that it is probably impossible to completely eliminate such vulnerabilities. “Although no single technique can completely eliminate this type of vulnerability, Microsoft is employing a number of security technologies to reduce the likelihood and potential of an attack in a number of different ways,” Microsoft said.

Additionally, the company said the new Windows XP will make it easier for customers to turn on the automatic update feature, which downloads and installs critical updates automatically.

Microsoft stressed the importance of the additional security features for smaller businesses and consumers. All computers that are connected to the Internet need protection against network-based attacks like Blaster,” Microsoft said. The software maker has been under pressure to improve the security of Windows after a spate of high-profile attacks earlier this year.

The new Service Pack will upgrade Windows XP to support a later version of the short-range Bluetooth wireless technology, Microsoft said. It also includes a utility that makes it easier to connect a PC in a wide range of wireless hot spots, places where wireless Web access is available to the public, without adding special software.

More info: [url=http://news.com.com/2100-1016_3-5120138.html?tag=nefd_top]http://news.com.com/2100-1016_3-5120138.html?tag=nefd_top[/url]

The attack began at 11:20am GMT Tuesday, shutting down the company’s main [url=http://www.sco.com]www.sco.com[/url] website, according to company spokesman Blake Stowell. SCO has raised the ire of the open-source community by claiming that the Linux operating system contains software that violates SCO’s intellectual property.

More info: [url=http://www.computerweekly.com/articles/article.asp?liArticleID=127156&liFlavourID=1&sp=1]http://www.computerweekly.com/articles/article.asp?liArticleID=127156&liFlavourID=1&sp=1[/url]

At InfoSecurity 2003, a conference and expo targeting enterprise security that opened Monday in New York City and wraps up Thursday, a slew of security providers rolled out a solid slate of creative new wares.

Network Intelligence released the newest version of its security event management (SEM) software, enVision 2.001. The new software, which is integrated into Network Intelligence’s own line of security appliances, sports additional device support, improved analysis of security events — it can handle as many as 50,000 sustained events per second, according to Network Intelligence — and a new method of calculating the severity of events based on Homeland Security’s severity levels.

Cryptolog launched Unicity, a software-only solution that deploys digital certificates to end users based on ‘zero knowledge’ authentication and virtual smart cards.

Unicity uses the technique to issue digital certificates — used to authenticate users for financial transactions, to access protected documents, and to encrypt and sign e-mail messages — without the need for cumbersome hardware, said Cryptolog.

OpenService used InfoSecurity to unveil Security Threat Manager 2.0, the latest edition of its real-time threat assessor and security monitor.

New to STM 2.0 are improvements to its reporting skills — it now links detected threats to the lines of business they target, giving administrators a clearer picture of what’s actually under attack — topology visualizations that provide a graphical view of threat activity and allow IT staff to ‘drill down’ into the attack.

NeoScale Systems announced the impending release of CryptoStor for Tape 1.2, a high-speed tape protection appliance that compresses, encrypts, and digitally signs data as it’s recorded on physical or virtual tape libraries.

New to 1.2 is support for IBM Tivoli Storage Manager, adding to existing support for backup apps from Veritas, Legato, Hewlett-Packard, and Computer Associates.

Based on a client/server architecture, Global Command Center lets administrators access, share, and synchronize firewall configurations across the enterprise; create and enforce firewall and VPN policies; and monitor and control firewall activity from a central location.

More info: [url=http://www.techweb.com/wire/story/TWB20031210S0005]http://www.techweb.com/wire/story/TWB20031210S0005[/url]

It’s not an easy trek, becoming a security manager. But of all the possible security executive jobs out there, none is probably as challenging as the public-sector job.

The government CSO most likely has climbed his career mountain without a Sherpa or a harness to catch him if he falls. For starters, cultural and situational issues unique to government jobs make for a particularly tough journey for the government CSO. In the US Office of Management and Budget’s 2001 Government Information Security Reform Act report to Congress, for example, six IT security weaknesses in government were identified. They included a lack of attention to IT security by senior management and nonexistent IT security performance measures. In addition, the report cited poor security education and awareness, a lack of fully funded and integrated security, a failure to ensure that contractor services are adequately secure, and a problem with detecting, reporting and sharing information on vulnerabilities.

Although those weaknesses exist outside the public sector, they are exacerbated in government agencies where procedural problems and incompetent management can inflate them. Government security officers have less control than their civilian counterparts.

While industry executives are constrained by their budgets, government employees have to buy goods and services from a government-approved list, and they are bureaucratically hampered in their hiring. In the private sector, CSOs answer solely to the executive team. Public-sector CSOs have lists of executives they report to.

More info: [url=http://www.cio.com.au/index.php?id=1487268597&fp=16&fpid=0]http://www.cio.com.au/index.php?id=1487268597&fp=16&fpid=0[/url]

On Monday, Microsoft posted a new note to its Microsoft Developer Network (MSDN) community site, stating that the company is now planning to ax certain products from all Microsoft sales channels starting December 23.

MSDN Subscriber Downloads program manager Andy Boyd had posted a note on December 4 stating that Microsoft intended to remove Windows 98, SQL Server 7 and a number of versions of Office 2000 from MSDN downloads and all other Microsoft sales channels.

The December 8 note explains that Microsoft intends to ax the NT 4.0 Terminal Server and Option Pack releases only.

More info: [url=http://www.microsoft-watch.com/article2/0,4248,1407759,00.asp]http://www.microsoft-watch.com/article2/0,4248,1407759,00.asp[/url]