NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0474 Coast Guard E-Learning System Corrupted, Sent Users to al-Jazirah Site:
Last summer, hackers manipulated the US Coast Guard's E-Learning system so that users
were redirected to a web site operated by Arab news organization al-Jazirah, according
to an online newsletter citing the service's Chief Information Officer, Rear Admiral
David Glenn. The Coast Guard took down the E-Learning system, which is used by its
36,000 uniformed and civilian personnel, for 45 days while its Computer Incident Response
Team investigated the incident. Glenn said the redirection of the traffic was the result
of cross-site scripting that took advantage of a bug the vendor has since fixed.
Glenn said the Coast Guard experiences about 175 cyber incidents a month. About 15.3
million inbound emails pass through its network gateways every month, and 47,000 of those
contain infections or malicious payloads. Outbound emails, amounting to about 2.8 million
a month, are relatively virus-free, carrying only 10 infections per month, he said.
(www.govexec.com 08APR08)