Return-Path: <sentto-279987-2191-1001125031-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Fri, 21 Sep 2001 19:19:11 -0700 (PDT) Received: (qmail 2314 invoked by uid 510); 22 Sep 2001 02:17:37 -0000 Received: from n34.groups.yahoo.com (216.115.96.84) by 204.181.12.215 with SMTP; 22 Sep 2001 02:17:37 -0000 X-eGroups-Return: sentto-279987-2191-1001125031-fc=all.net@returns.onelist.com Received: from [10.1.4.53] by mk.egroups.com with NNFMP; 22 Sep 2001 02:17:11 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_3_2_2); 22 Sep 2001 02:17:11 -0000 Received: (qmail 26941 invoked from network); 22 Sep 2001 02:17:11 -0000 Received: from unknown (10.1.10.26) by l7.egroups.com with QMQP; 22 Sep 2001 02:17:11 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta1 with SMTP; 22 Sep 2001 02:17:10 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id TAA32460 for iwar@onelist.com; Fri, 21 Sep 2001 19:17:10 -0700 Message-Id: <200109220217.TAA32460@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 21 Sep 2001 19:17:10 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Feds,.industry.contemplated.Nimda.curfew] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Feds, industry contemplated Nimda curfew By Brian McWilliams, Newsbytes 9/21/01 <a href="http://www.computeruser.com/news/01/09/20/news13.html">http://www.computeruser.com/news/01/09/20/news13.html> Concerned that home computer users may not be aware of the true dangers of a new Internet worm, a powerful coalition of U.S. government and industry groups contemplated advising citizens to stay off the Internet completely to avoid being infected by Nimda. In a private conference call conducted today, members of the coalition--which includes representatives of such government organizations as the Federal Bureau of Investigation, the Central Intelligence Agency, and the Department of Justice, as well as corporations including Microsoft, UUnet, and Network Associates - expressed concern that the new worm could cause serious damage if not stopped promptly. "This has really got to be watched. We need to look at worst case scenarios if something were to happen," said one federal official participating on the call. The cyber-security group planned to issue a press release later this evening to draw public attention to Nimda and to direct Internet users to an advisory published today by the Computer Emergency Response Team (CERT). CERT is a federally funded computer security information clearinghouse at Carnegie Mellon University. In a similar move in late July, members of the consortium held a press conference to warn the country about the potential for a "stronger" version of the Code Red worm, which later came to be called Code Red II. While estimates of the number of systems infected today by Nimda were not available, security experts said the worm appeared to be spreading rapidly and was causing widespread Internet congestion. During the coalition's ninety-minute meeting today, technical experts expressed concerns that Nimda may have opened back doors or "file shares" on thousands of infected computers, rendering them vulnerable to future attacks. Members of the consortium also openly worried about Nimda's ability to spread itself to users who simply visit an infected Web site while using an older version of Microsoft's Internet Explorer browser. A Microsoft representative participating in the call conceded that "there seems to be potential for customer confusion" but said the company is preparing an advisory of its own to be released soon. Because Nimda is a complex worm that can infect both servers and desktop Windows computers with any of at least four different means, some members of the group suggested simplifying their warning about Nimda. "If you browse an infected Web site, you could become infected. That's most likely to scare them into patching their software," suggested one government security expert attending the call. But that notion was quickly shot down. "You're going to cause unmitigated hell. Sites like Amazon and eBay are going to say you people are creating panic and pandemonium," cautioned one official. A member of the Department of Justice's computer crime section inquired whether the worm contained any code that could issue distributed denial of service (DDoS) attacks. The response from technical experts was equivocal. They noted that while such a DDoS capability has not yet been detected, the worm does contain code that checks the system's clock--a feature which one expert called "a possible time bomb." Participants also disagreed over whether the worm, which began to hit systems hard around 9:00 a.m. Eastern today, was somehow tied to the terrorist attacks exactly one week before. At a press conference earlier today, Attorney General John Ashcroft said the U.S. does not believe there is a connection between Nimda and the attacks. But during the cyber-security consortium's meeting today, a representative of one government group suggested there may be new information to the contrary. "Let me just say that we beg to differ with that," said the official. The new worm's rapid spread, and the lack of clear information about mitigating its effects, clearly demonstrates that new mechanisms are needed for disseminating information about computer security threats, according to a university-based security expert on the call. "I think we need to change the paradigm. It's obviously not having the effect that is necessary to prevent this number of systems from being infected this rapidly," said the expert. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide! http://us.click.yahoo.com/JNm9_D/33_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:47 PDT