Total Members: 14197
Posted by: Amker
« on: 22. September 2007., 23:42:59 »September 22, 2007 (Computerworld) -- Symantec Corp.'s early warning system gave its enterprise customers a brief scare late Friday when it erroneously sent an alert that said an Internet-crippling attack was in progress.
The message, which went out to users of Symantec's DeepSight advanced alert system around 8:40 p.m. EDT, had a subject head that simply read: "DeepSight Increased ThreatCon from 1 to 4 Alert."
ThreatCon uses a 1-through-4 scoring system, with 1 being the least alarming and 4 the most dire, to indicate Symantec's take on the current state of Internet security. According to the company's own definition, Level 4 is tagged as "Full alert" and reserved for those times when "extreme global network incident activity is in progress. Implementation of measures in this Threat Condition for more than a short period probably will create hardship and affect the normal operations of network infrastructure."
Symantec has never set ThreatCon to Level 4. In fact, even a Level 3 is rare. One of the last times the Cupertino, Calif. security company issued a Level 3 alert was in May 2004, when the Sasser worm was on the rampage.
In the body of the e-mailed alert, however, careful readers found the words: "Summary: threatcon test threatkhanh otrs" buried among several links.
The alert was a false alarm, Symantec said just over an hour later in a follow-up message at 9:45 p.m. EDT. "The DeepSight Threat Management System is NOT at ThreatCon 4. At 18:40 MST on September 21, 2007 an erroneous ThreatCon 4 update was issued through DeepSight TMS due to product testing. This ThreatCon 4 update should be disregarded."
A similar message posted on the DeepSight Threat Management System Web-based console ended with: "The ThreatCon has been returned to the correct level, ThreatCon 1."
(Copyright by Computerworld)
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9038358&intsrc=hm_list
The message, which went out to users of Symantec's DeepSight advanced alert system around 8:40 p.m. EDT, had a subject head that simply read: "DeepSight Increased ThreatCon from 1 to 4 Alert."
ThreatCon uses a 1-through-4 scoring system, with 1 being the least alarming and 4 the most dire, to indicate Symantec's take on the current state of Internet security. According to the company's own definition, Level 4 is tagged as "Full alert" and reserved for those times when "extreme global network incident activity is in progress. Implementation of measures in this Threat Condition for more than a short period probably will create hardship and affect the normal operations of network infrastructure."
Symantec has never set ThreatCon to Level 4. In fact, even a Level 3 is rare. One of the last times the Cupertino, Calif. security company issued a Level 3 alert was in May 2004, when the Sasser worm was on the rampage.
In the body of the e-mailed alert, however, careful readers found the words: "Summary: threatcon test threatkhanh otrs" buried among several links.
The alert was a false alarm, Symantec said just over an hour later in a follow-up message at 9:45 p.m. EDT. "The DeepSight Threat Management System is NOT at ThreatCon 4. At 18:40 MST on September 21, 2007 an erroneous ThreatCon 4 update was issued through DeepSight TMS due to product testing. This ThreatCon 4 update should be disregarded."
A similar message posted on the DeepSight Threat Management System Web-based console ended with: "The ThreatCon has been returned to the correct level, ThreatCon 1."
(Copyright by Computerworld)
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9038358&intsrc=hm_list