[nukkad] Feds warn of broad Internet attack

["Gurunath M." <>]

----------------------------------------------------------------------------
What we need is either less corruption, or more chance to
participate in it.
----------------------------------------------------------------------------

http://www.msnbc.com/news/946460.asp?cp1=1

      Feds warn of broad Internet attack 
     
      DHS: Hackers could exploit flaw in Windows software 
     

      ASSOCIATED PRESS 
     
      WASHINGTON, July 31 - Government and industry experts consider brewing 
hacker activity a precursor to a broad Internet attack that would target 
enormous numbers of computers vulnerable from a flaw in Windows software from 
Microsoft Corp. 

     

             
      
                 
                 
           
           
           
            
             
             
           
            

                 
                 
                   
           
            
           
            

             EXPERTS DESCRIBED AN unusual confluence of conditions that 
heighten prospects for a serious disruption soon. They cite the high numbers of 
potential victims and increasingly sophisticated attack tools already tested 
successfully by hackers in recent days.
             An alert distributed Thursday among U.S. government agencies 
warned of "widespread scanning and exploitation" of victim computers by hackers 
who were developing "improved and automated exploit tools."
             The Homeland Security Department cautioned Wednesday that it had 
detected an "Internet-wide increase in scanning" for victim computers. In an 
unusually ominous alert, it warned the threat could cause a "significant 
impact" on the Internet. 
             Experts advised computer users with renewed urgency to apply a 
free repairing patch that Microsoft has offered on its Web site since July 16, 
when it acknowledged that the flaw affected nearly all versions of its flagship 
Windows operating system software.
             (MSNBC is a Microsoft-NBC joint venture.)
             An attack could come "any day now," predicted Chris Wysopal of 
AtStake Inc., a security company in Cambridge, Mass. Another company, Qualys 
Inc., put the threat at the top of a newly released ranking of the Internet's 
most severe vulnerabilities.   
     
        
               
               
             
             
           
           
             Alan Paller of the SANS Institute in Bethesda, Md., said a 
disruption could be worse by orders of magnitude than previous high-profile 
attacks - such as the summer 2001 outbreak of the "Code Red" virus - because of 
the numbers of vulnerable systems.
             Security companies guarding government and corporate networks have 
identified sporadic break-in attempts worldwide using such tools and have 
monitored hackers in discussion groups and chat rooms exchanging tips about how 
to improve the effectiveness of their programs.
             Applying Microsoft's repairing patch takes a few moments for home 
users but is a more daunting challenge for large corporations with tens of 
thousands of Windows computers.
             "People are definitely aggressively trying to patch this," said 
Ken Dunham, an analyst at iDefense Inc., an online security company. "But a 
large rollout may need to take some time."
             
       Microsoft warns of Windows flaw
             Researchers' biggest fears - that hackers will quickly unleash 
automated "worm" software that attacks large numbers of computers within 
minutes - have so far been unrealized.
             "Everybody is predicting a widespread event, going from zero to 60 
very quickly," said Dan Ingevaldson, an engineering director for Atlanta-based 
Internet Security Systems Inc. He estimated the likelihood of a major Internet 
attack as "closer to imminent than probable."
             Depending on the hackers' designs, attack tools could be 
engineered to disrupt Internet traffic by clogging data pipelines, delete 
important files or steal sensitive documents. Experts cautioned that a 
particularly clever hacker could leave little trace of an attack.
             Oliver Friedrichs, the senior manager for security response at 
Symantec Corp., predicted that widespread attacks will not occur soon because 
hackers still need to resolve important glitches in their own attack tools.   
       
            



             "It is a little early," Friedrichs said. "The exploit needs to be 
perfected. The effort applied to the exploit is certainly increased, but we're 
not sure if that's indicative of when we might see a widespread threat. People 
certainly need to be aware of this."
             FBI spokesman Bill Murray said bureau investigators were studying 
several hacker tools designed so far and were highly concerned about a 
wide-scale Internet attack. "We implore the private sector - both business and 
home users - to visit the Microsoft Web site and install the patches and 
mitigations necessary to prevent this from creating a negative effect on the 
Internet as a whole," Murray said.
             The Microsoft flaw affects Windows technology used to share data 
files across computer networks. It involves a category of vulnerabilities known 
as "buffer overflows," which can trick software into accepting dangerous 
commands.
             
             © 2003 Associated Press. All rights reserved. This material may 
not be published, broadcast, rewritten or redistributed.
     



---


[This message contained attachments that have been removed.]



------------------------------------------------------------------------------
To join/leave, use the form at: http://www.mumbai-central.com/nukkad/#options
This list is archived at: http://www.mumbai-central.com/nukkad/archive.html