9/16/03

Dear Members,

This is intended to be a quick heads-up to InfraGard members.

There appears to be a major OpenSSH vulnerability that is quietly being
exploited at some high-profile targets. OpenSSH 3.7p1 was released
earlier this am. Linux appears to be particularly vulnerable;
no clear information on others such as OpenBSD, nor other
versions/implementations of SSH.

Note that there are many implementations of SSH that run on many devices,
including network appliance-class devices.

Until more information is available, system operators should
patch your systems to OpenSSH >= 3.7p1 and check your firewalls
allowing SSH only from trusted sources.

September 16, vnunet.com — U.S. declares global war on hackers. The increasing
sophistication and speed of cyberÅ|attacks has prompted the launch of a U.S.A led global internet monitoring service. The Department of Homeland Security will join with Carnegie Mellon

University's Computer Emergency Response Team Coordination Center (Cert/CC).
Dubbed USA Cert, the watchdog aims to act as a "coordination point for the prevention,
protection and response to cyberÅ|attacks across the internet." It will coordinate national
and international efforts to prevent cyber |attacks, protect systems and respond to the effects of attacks across the internet. "Our nation's growing use of the internet for safety critical applications as well as business transactions, coupled with the increased sophistication and speed of cyber attacks, increases the risk [of] significant damage in short periods of time," said Richard Pethia, director of Cert/CC. USA Cert will begin as a partnership between Cert/CC and the National Cyber Security Division of the Department of Homeland Security.

Source: http://www.vnunet.com/News/1143664
InfraGard Team