Security Web Digest: Major Open Source Software Repository Compromised

Free Software Foundation servers "root compromised" in March, not discovered until recently. FSF to tighten procedures. Survey says 32% of Internet users hit by hack or virus SilverBack Technologies unveils portable net


The system housing the primary FTP servers for the GNUSoftware Project was compromised an Intruder, the Free Software Foundation (FSF) announced Thursday, warning that a Trojan horse was also found. The GNU Project, which is a clearing house for a variety of freely available open-source software, was root compromised some time in July 2003 but the FSF did not discover the intrusion until the end of the month, according to executive director Bradley Kuhn. As a result of the compromise, executive director Bradley Kuhn said the Foundation would immediately discontinue local shell access to the FTP server for GNU maintainers.


Nearly 32 percent of Internet users surveyed in mid-July said they had been affected by a hacker or computer virus in the past two years. The survey, conducted by Edelman, a public relations firm, questioned more than one thousand adults nationwide. About 43 percent of them said they felt vulnerable on their home computers, while 17 percent felt they were vulnerable from viruses and hackers at work.


SilverBack Technologies Inc. this week unveiled the SilverBack Portable, which combines monitoring and security software with a laptop computer for on-site security audits. SilverBack Portable enables IT staff, consultants, systems integrators and solutions providers to conduct on-site IT performance evaluations and profitable IT/security audits, according to the vendor. SilverBack Portable is available immediately; Pricing begins at $15,900 for a laptop and SilverBack software licenses.

The U.S. Navy this week announced that it awarded a $5.8 million contract to Securify Inc. thats designed to help the service tackle one of its most pressing security challenges: integrating thousands of legacy applications into its multibillion-dollar Navy/Marine Corps Intranet (N/MCI) program. The two-year deal, signed officially last month, will give the Navy unlimited use of Securifys SecureVantage security management product. The goal is to ensure that all of the Navys networks, including applications and shipboard networks, comply with the more robust security policies put in place by the N/MCI contract.


Some companies sick of spam email have actually done more harm than good when implementing anti-spam filters. Ferris Research suggests the cost to businesses of false positives could be as high as $3.5 billion. This takes into account time spent chasing emails which have been mistakenly filtered out or sifting through junk mail folders to find genuine emails. "It costs an individual about $50 per year in lost productivity, due to searches they make for lost messages, communication with other parties about the status of email and updates they make to their spam custom-filters and white lists, said Chris Williams, co-author of the report. On the other hand, Ferris estimates that spam will cost US businesses around $10 billion this year.