Create an Account
username: password:
 
  MemeStreams Logo

Dept. of Homeland Security Raises the Red Flag
search
Home Agent Weblogs Social Network Post Help About

Rattle
Picture of Rattle
Rattle's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Rattle's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
  Music
Business
  Tech Industry
  Telecom Industry
Games
Health and Wellness
Holidays
Miscellaneous
  Humor
  MemeStreams
   Using MemeStreams
Current Events
  War on Terrorism
  Elections
Recreation
  Travel
Local Information
  SF Bay Area
   SF Bay Area News
Science
  Biology
  History
  Nano Tech
  Physics
  Space
Society
  Economics
  Futurism
  International Relations
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
  Military
  Security
Sports
Technology
  Biotechnology
  Computers
   Computer Security
    Cryptography
   Cyber-Culture
   PC Hardware
   Computer Networking
   Macintosh
   Linux
   Software Development
    Open Source Development
    Perl Programming
    PHP Programming
   Spam
   Web Design
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Dept. of Homeland Security Raises the Red Flag
Topic: Computer Security 3:38 pm EDT, Aug  2, 2005

A post on The Lazy Genius blog points out that US-CERT believes we should be on the lookout for usage of bugs in the wild based on what Lynn discovered. Basically, network administrators should be vigilant and prepared.

US−CERT Operations Center Synopsis: A presentation at Defcon entitled "Live penetration Test of the Backbone" was scheduled to include use of an exploit disclosed by Michael Lynn earlier this week. The exploit is NOT the weak version demo'd by Lynn, but a fully working version that is capable of re−routing traffic, man in the middle and / or dropping the router. EFF lawyers toned down the presentation to avoid ISS and/or Cisco lawsuits. Analysis: There is an exploit. It will fall into the wrong hands. Prepare your Networks.

RECOMMENDATIONS AND COUNTERMEASURES If your network doesn’t need IPv6, disable it. This will eliminate exposure to this vulnerability. On a router which supports IPv6, disable it by issuing the command "no ipv6 enable" and "no ipv6 address" on each interface.

There seems to be a fair amount of concern over this situation present in the pharmaceutical and health care industry, although few are talking publicly. Over at the HIPAA Blog there is the following post advising what most are advising:

What does this all mean? Beats the hell out of me. But it is a good lesson for everyone who is subject to HIPAA (and even those who aren't) that you need to keep track of your systems and software, find out about security issues ASAP, and make sure you patch up any security issues as soon as you find out about them. That may mean making sure your IT staff knows what's up, or leaning on your vendors to make sure they're taking the right steps to keep your backside covered.

Everyone should have their guard up. The keyword of the day is vigilance.

Dept. of Homeland Security Raises the Red Flag

Thread [1]


  
 
Powered By Industrial Memetics		RSS2.0