NASA blocks Excite users access

[InfoSec News <isn () C4I ORG>]

Forwarded By: infosec () infosec 20m com

http://www.msnbc.com/news/432831.asp?cp1=1


FOR NEARLY 72 HOURS earlier this week, subscribers of Excite at Home's
high-speed cable-modem service were unable to visit the Web site for
NASA's Jet Propulsion Laboratory in Pasadena, Calif., and other NASA
sites. The lab's Web site is one of the Internet?s most popular
destinations and a frequent target for hackers; the site was hit at
least 12 times since May 1998, according to Attrition.Org, which
monitors hacking activity. Government experts said it was
unprecedented for a U.S. agency to block all customers of a major
commercial Internet provider even temporarily. A NASA spokeswoman
said the agency doesn't talk about its efforts to secure its
computers. Technicians at the Jet Propulsion Lab complained in an
e-mail to Excite at Home on July 7 that it was detecting attempts by
two subscribers to break into its computers. Bryan Johnson, NASA's
system administrator, wrote an internal e-mail three days later
warning employees that Excite At Home had been unresponsive to our
requests and other NASA center requests for support regarding these
scans,? and that the lab was blocking Excite at Home customers. The
message suggested ways that NASA employees and contractors who use the
service while working at home could bypass the block.
  
By Wednesday, however, Excite at Home wrote to NASA, saying it had
identified the offending users and have taken the appropriate action
against the accounts. NASA then lifted the block. A spokeswoman for
Excite at Home said that the issue was resolved and that the company
is installing an automated e-mail system to improve responsiveness to
complaints about hackers.

Agencies can make their own policies about when to take action. There
are no governmentwide policies on when agencies can take such extreme
measures, said David Jerrell, who runs the Federal Computer Incident
Response Capability, which alerts agencies to hacking efforts.
Normally that's not done unless the ISP [internet service provider]
is not responding to requests for assistance, he said. We can't be
cutting off those citizens for long periods of time.

A person familiar with the matter said NASA detected two Excite at
Home subscribers trying to exploit a specific vulnerability in
software known as wu-ftp, and experts issued formal warnings about
the flaw on July 7. Another lab employee wrote in a public Internet
message on July 12 that the vulnerabilities have got me worried, and
asked for technical advice.
 
This week's decision wasn't the labs first move to block access to its
Web sites. In March, the lab acknowledged that it had temporarily
barred all Internet users in Brazil, Latin America's most populous
country.  In February, Dow Jones & Co. formed a joint venture with
Excite At Home Corp. to build a Web portal, called Work.com, for small
and midsize businesses.
 

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".