[infowarrior] - Cyber Security Group Flunks Washington

[Richard Forno]

www.internetnews.com/security/article.php/3570596

Cyber Security Group Flunks Washington
By Roy Mark
December 13, 2005

WASHINGTON -- Neither the Bush administration nor Congress is providing
significant leadership or legislation to secure the United States against
cyber attacks, a security trade association charged Tuesday.

In its first public criticism of the White House and lawmakers' efforts to
follow up on President Bush's 2003 much-ballyhooed National Strategy to
Secure Cyberspace, the Cyber Security Industry Alliance (CSIA) said
Washington has taken only limited steps to improving the security of the
nation's infrastructure.

The steps are so limited, the CSIA contends, that it gave both the White
House and Congress a D for their efforts in 2005.

Currently, there is little strategic direction or leadership from the
executive branch in the area of information security, said Paul Kurtz, CEO
of the CSIA. Ensuring the resiliency and integrity of our information
infrastructure and protecting the privacy of our citizens should be higher
on the priority list for our government.

Kurtz said this year's massive data breaches, a barrage of security
vulnerabilities and the disruption of communications during Hurricane
Katrina highlight the urgent need for improved information security
preparedness and response.

Instead, Congress has so far failed to pass either data-breach disclosure or
spyware legislation. Lawmakers did approve creating the new position of
Assistant Secretary of Cyber Security with the Department of Homeland
Defense, but the White House has yet to fill the slot.

Six months downstream, it's time to put a person in that place, Kurtz
said. Part of leadership is delegation.

Kurtz called the 2004 Homeland Security Presidential Directive calling for
the United States to reduce identity fraud and protect personal privacy a
toothless tiger with no money attached to it.

Kurtz also noted government cyber-security funding has been cut.

CSIA believes the government has a responsibility to lead, set priorities,
coordinate and facilitate protection and response, Kurtz said.

To underscore the economic impact of Washington's inaction on cyber
security, the CSIA also issued its first Digital Confidence Index (DCI),
benchmarking the confidence of Americans in the country's information
infrastructure. The first numbers came up with a DCI ranking of 58 on a
100-point scale.

The DCI benchmarks six areas of U.S. confidence: finance, health data,
telecommunications, Internet, consumer data and power grids.

A score of 58 on the DCI is less than a passing grade. That's not a good
sign, said James Lewis, director of the Technology and Public Policy
Program for the Center of Strategic and International Studies. It's getting
kind of old that we're not making progress.

Lewis added, The effect of a loss of confidence in the networks Americans
rely on every day for business transactions, electricity, personal and
business communications and even health services will be felt over time.

Having flunked Washington's 2005 cyber security efforts, the CSIA, whose
members include Entrust, RSA Security, McAfee and Symantec, challenged
lawmakers and the administration to a new set of goals.

CSIA's 2006 agenda will address implementing national laws on data breach
notification and spyware, filling the Assistant Secretary of Cyber Security
position and increasing funding for cyber-security research and development.

The purpose of our [agenda] is not to dwell on past events or direct blame
on any one institution, Kurtz said. Rather, we wanted to assess where we
are today in terms of protecting the integrity of the information
infrastructure so that we can determine which steps need to be taken to make
improvements. 



You are a subscribed member of the infowarrior list. Visit 
www.infowarrior.org for list information or to unsubscribe. This message 
may be redistributed freely in its entirety. Any and all copyrights 
appearing in list messages are maintained by their respective owners.

[infowarrior] - Forget 3G, South Korea has the right idea on cellphones...

[Richard Forno]

South Korea to Standardize Cellular Phone Accessories
CA051212-06

Data cables and earphones, which differ from one handset manufacturer to
another, are going to be standardized in South Korea. South Korea's three
mobile communication service providers: SK Telecom, KTF and LG Telecom
agreed on the external interface of cellular phones and signed a MOU
(Memorandum of Understanding).

Accordingly, reuse of cellular phone accessories such as
earphone/microphones and data cables will be possible. Consumers who change
handset models will not have to buy new accessories.

In addition, the lack of standardization prohibited development of
value-added services which synchronize cellular phones with their external
devices. In the future there will be various value-added services which
synchronize the cellular phone input/output port and external devices. [M.
Robertson, Portelligent]

http://www.phonescoop.com/news/item.php?n=1502



You are a subscribed member of the infowarrior list. Visit 
www.infowarrior.org for list information or to unsubscribe. This message 
may be redistributed freely in its entirety. Any and all copyrights 
appearing in list messages are maintained by their respective owners.

[infowarrior] - Nessus 3 released, remains free

[Richard Forno]

Nessus 3 released, remains free
Published: 2005-12-13
http://www.securityfocus.com/brief/79?ref=rss

Version 3 of the widely popular Nessus vulnerability scanner has been
released to the public for various Linux distributions and FreeBSD.

Prior versions of Nessus were released under the GPL open-source license,
but version 3 has become closed-source free software amid some controversy
from open-source and GPL advocates. The release offers an entirely new
scanning engine with significant performance improvements that make it at
least twice as fast, on average, compared to Nessus 2. Versions of Nessus 3
for Windows 2000/XP/2003, Mac OS X and Solaris will not be released until
early 2006. Other platforms, such as OpenBSD, are not supported.

Tenable Security, the sole sponsor of Nessus, has moved Nessus to the
closed-source realm to improve adoption of its commercial products which
significantly enhance Nessus for enterprise environments. The company was
founded by Nessus author Renaud Deraison, Dragon IDS author Ron Gula, and
Jack Huffard, along with Markus Ranum as the CSO.

Nessus remains the world's most popular free vulnerability scanner, and is
used by hackers, security professionals, and organizations alike to test
systems and networks for security vulnerabilities. Infocus articles
discussing Nessus' use are available. Tenable continues to maintain the
Nessus 2.x GPL branch and also still offers 7-day delayed access to more
than 9,000 vulnerability checks via its free, registered feed. 



You are a subscribed member of the infowarrior list. Visit 
www.infowarrior.org for list information or to unsubscribe. This message 
may be redistributed freely in its entirety. Any and all copyrights 
appearing in list messages are maintained by their respective owners.