Slashdot Mirror

← Back to Stories (view on slashdot.org)

Federal NOC To Be Modeled After Incidents.org / DS

Posted by timothy on from the why-not-just-send-incidents-some-cash dept.

An anonymous reader writes "Computerworld is covering in more detail the new Federal 'Cybersecurity Center.' The article explains that unlike some earlier rumors indicated, the center will not try to build a super-carnivore, but instead use voluntary reports. It will be similar to the SANS Institute's Internet Storm Center, which summarizes contributions submitted to DShield.org. This system of voluntary contributors has been shown to be effective in the past by issuing early warning for a number of major Internet worms, like Code Red, Ramen and SQLSnake. Unlike Symantec's 'for pay ' Deep Sight service, which publishes alerts only to paying members, Incidents.org is a free service."

6 of 30 comments (clear)

  1. follow-up on CodeRed/Nimda by valmont · · Score: 3, Interesting
    A few months ago i posted a follow-up in my /. journal on code red and nimda queries sent to my apache server thru my residential dsl connection. I gathered a list of *all* unique queries i've received so far.

    I also came-up with a few shell scripts used as CGI to make HTTP requests back to offending hosts, exploiting the very vulnerabilities they're probing me for to, place "WARNING YOU ARE INFECTED" text messages at strategic locations on their hard drives. drop a note on my journal comments if u need more info on that.

    --
    Extraordinary Vacations. Exceptional Prices
  2. Now, if only we could report Klez.... by wowbagger · · Score: 3, Interesting

    I just want a way to stop the damn Klez worms I keep getting emailed from pixie.udw.ac.za (a university in South Africa). I've mailed their admin repeatedly, mailed their faculty, even mailed their upstream. The closest thing to a response I've gotten was a response from one of the faculty saying "Yeah, we are getting hammered by that too."

    What we need is a good way to force admins to actually ADMINISTER the systems they are responsible for, and should they refuse, to get the upstream to null-route the machine until it is fixed.

    --
    www.eFax.com are spammers
  3. Duplicating private sector by sjanich · · Score: 4, Insightful

    WOUldn't it make more sense to instead of spending money building something like incidents.org, to fund incidents.org partially with grant money from the feds, so that it can beef up somewhat, and create a Federal liason team? They would spend less and get their goal quicker.

    1. Re:Duplicating private sector by tubabeat · · Score: 3, Interesting

      It would, any fool could see that. So... given that governments usually have a high concentration of fools... we could reasonably assume they already worked that out. Which can only mean that they want to control it. Now why might a government want to supress computer security alerts...?

      --
      "Linux is a serious competitor"
      - Steve Ballmer, Chief Executive Microsoft Corp.
    2. Re:Duplicating private sector by RollingThunder · · Score: 3, Insightful

      Not if you want to start doing DShield-like data correlation, but from the ubersecure (snicker) internal government systems.

      People would have an absolute bird if it got out that attempted access logs from #insert government agency here# were being sent to a NGO for correlation.

      Although I won't deny that some greenbacks for incidents.org would be a great idea.

  4. IT purchases must be _certified_ for security? by cfadam · · Score: 3, Insightful

    Did anyone else notice this statement:

    "In an interview with Computerworld last month, Clarke said the plan may include a governmentwide policy that requires all IT purchases to be independently certified for security prior to approval."

    I would like to know what it takes for a product to get "independently certified for security", and how would/does this affect OSS?

    (If this has been posted and answered in the past, please mod me down.)