Ridge Says U.S. Port Security on Schedule; Hackers Strike Six Korean Agencies; Zeppieri to Command TSA Systems; Network Associates for Sale, Sources Say; IBM Faces Critical Support Security Hole

Ridge Says U.S. Port Security on Schedule

U.S. seaports and ships are “in full compliance” with new international security requirements ahead of a July 1 deadline, Homeland Security Secretary Tom Ridge said yesterday, according to CNN.com. However, critics say the standards set by the International Ship and Port Facility Security Code and by a corresponding U.S. Maritime Transportation Security Act are minimal and large security holes remain, leaving U.S. shores vulnerable. The U.S. Coast Guard said it plans vigorous enforcement of the new regulations and will board every vessel, at sea or at the dock, on its first visit to a U.S. port on or after July 1, according to CNN.com. It also will take additional precautions or deny entry into U.S. waters for noncompliant vessels on a case-by-case basis.Hackers Strike Six Korean AgenciesThe Korea Times reports that the Korea Atomic Energy Research Institute, the Ministry of Maritime Affairs and Fisheries, the National Maritime Police Agency, and the Small and Medium Business Administration were also affected. The NCSC said in a statement, As soon as we discovered some government computers were contaminated by the Peep Trojan hacking program, we took emergency measures and currently there is no risk of data outflow.” The NCSC added it shut down the hackers’ posting site, distributed anti-virus programs and updated the anti-hacking system to prevent a recurrence of the dangerous incursion. The agency, however, failed to confirm whether or not confidential information was stolen from the invaded agencies before the presence of the virus was detected.

The computer systems of six of Korean state agencies, including a pair of sensitive defense research institutes, were cracked by an anonymous hacker or hackers, according to the National Cyber Security Center (NCSC).

Zeppieri to Command TSA SystemsGovernment Computer News, Zeppieri now is CIO of the Information Resources Management Division of Justices Office of Justice Programs, and will begin work at TSA in mid-July. The appointment makes sense considering what is going on with the IWIN program, an industry executive told GCN yesterday. IWIN is a major project to equip government officials with interoperable wireless systems and involves extensive cooperation between the Homeland Security Department and Justice.

The Transportation Security Administration late yesterday said that it had chosen Justice Department systems executive David Zeppieri to be its CIO. According to a story in

Network Associates for Sale, Sources SayGCN.com reports that Network Associates executives declined to comment and would neither confirm nor deny that the Santa Clara, Calif.-based company is for sale or planning layoffs. Microsoft is armed with a number of antivirus tools for Windows and is rolling out a next-generation application layer firewall, a VPN and a Web cache solution, says GCN.com. But possession of Network Associates’ extensive intellectual property would complete a security offering for Microsoft that could go head-to-head with Symantec, CA, Trend Micro and others. Microsoft representatives said it was policy not to comment on the company’s acquisition plans.

The maker of McAfee antivirus and security products, Network Associates, has not made it public, but the company is apparently for sale, according to Wall Street sources and channel partners, and Microsoft is rumored to be the buyer.

IBM Faces Critical Support Security HoleTechWorld describes the hole in some detail; it is similar in some ways to two linked flaws in Internet Explorer publicized earlier this month. Those flaws, like the new IBM one, allowed a malicious Web page to write files onto a user’s hard drive without being detected. In that case, the bug was already being exploited by Web pages in order to place spyware on users’ PCs. The earlier exploit also made use of a “help” file. TechWorld also reports that last week, Linux vendors began patching several new, but less serious holes in the 2.6 and 2.4 kernels and in the Gentoo and Debian distributions.

Hackers could use two IBM ActiveX controls designed for automated PC support to attack PCs through the Internet Explorer browser, according to security firm eEye. A story in