It looks like you're using an Ad Blocker.

Please white-list or disable in your ad-blocking tool.

Thank you.


Some features of ATS will be disabled while you continue to use an ad-blocker.


E-Mail Flaw Tests U.S. Safety Net

page: 1

log in


posted on Mar, 7 2003 @ 09:40 PM
E-Mail Flaw Tests U.S. Safety Net

By Michelle Delio

02:00 AM Mar. 07, 2003 PT

What appeared to be just another alert detailing a security flaw in a widely used e-mail transfer application this week has since been revealed to have also been a trial run of the new U.S. Department of Homeland Security's cyberprotection system.

According to information circulated by the SANS Institute, a security information outfit, Monday's disclosure of a vulnerability in Sendmail -- which is installed on at least 1.5 million systems and handles a large amount of the Internet's e-mail traffic -- was coordinated by the new federal department.

After being alerted back in December to the Sendmail flaw by Internet Security Systems, a private security firm, Homeland Security officials contacted more than 20 software vendors that bundle Sendmail with their products, including Hewlett-Packard, IBM, Apple Computer and Sun Microsystems, to coordinate the development and release of patches.

Homeland Security also made sure critical military and government systems were patched before Internet Security Systems released a general alert on Monday.

It's difficult to gauge the effects of the early warning system, however, since subsequent information about the flaw suggests that it may not be as dangerous as originally thought.

Security pros said the government's effort to protect systems before the hole went public is a good first step.

But they also wondered whether any national cybersecurity force could ever be truly useful in the "real world," where systems administrators don't have the luxury of knowing that vulnerability information will be kept under wraps while they shore up their systems.

Security experts have criticized security information clearinghouses like the CERT Coordination Center and the FBI's National Infrastructure Protection Center (now part of Homeland Security) for being too slow to report important issues.

"By the time CERT or NIPC issues an alert, the warning has often been posted hours beforehand on one or more of the major security mailing lists," said network security consultant Mike Sweeney. "Security people want to have information about a flaw before the problem lands in their systems."

Security researcher Robert Ferrell agreed.

"Hours are an eternity in IT terms," he said. "The Slammer worm did a great deal of its damage in 10 minutes. By the time the official advisories came out, we were mopping up."

Experts said that the only way a national clearinghouse will be effective is if it has people monitoring the major security mailing lists and immediately relaying any information posted there.

Preliminary alerts based on unsubstantiated information could be marked as such, and later alerts with confirmed information could be circulated after the government team has had a chance to analyze the information.

"So long as DHS keeps trying to cover all their bases and refrains from reporting until they're sure about everything, they'll come in dead last every time," Ferrell said.

"This is a fast-paced world where every move is a gamble. If you want to be in the notification business, you have to be prepared to deal with the fact that you're going to be wrong at least some of the time, and you must keep what you know to be true and what you suspect might be true separate, distinct and clearly marked."

Page 1 of 2 next


log in