Month: June 2004

New Virus May Steal Data

Posted on by admini

The infection appears to take advantage of three separate flaws with Microsoft products.

Microsoft said software updates to fix two of them had been released in April, but the third flaw was newly discovered and had no patch to fix it yet.

Car Bomb in Hilla Kills 17 Iraqis -U.S.

Experts said the infection, detected by Microsoft on Thursday, was unusually broad but wasn’t substantially interfering with Internet traffic.

Security technicians at Microsoft and elsewhere worked Friday to pin down how the infection spreads across websites.

It appears to target at least one recent version of Internet Information Server, Microsoft’s software for operating websites.

The infection makes subtle changes to the site so visitors get a piece of code that’s designed to retrieve from a Russian website software that records a person’s keystrokes and can send data back, experts say.

Such software “Trojan horses” are routinely used to fish for credit card numbers, bank accounts, passwords and the like.

“Users should be aware that any website, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code,” the U.S. Computer Emergency Readiness Team warned in an Internet alert.

Stephen Toulouse, a security program manager at Microsoft, recommended that computer owners obtain the latest security updates for Microsoft products and their antivirus and firewall programs.

Because one flaw has yet to be fixed, he said, users should also turn up security settings on Microsoft’s Internet Explorer browsers to the highest levels.

http://www.wired.com/news/infostructure/0,1377,63994,00.html?tw=newsletter_topstories_html

Read more

Web site virus attack blunted–for now

Posted on by admini

The attack, which had turned some Web sites into points of digital infection was nipped in the bud on Friday, when Internet engineers managed to shut down a Russian server that had been the source of malicious code for the attack.

Compromised Web sites are still attempting to infect Web surfers’ PCs by referring them to the server in Russia, but that computer can no longer be reached.

Still, Web surfers should still take care, as this type of attack is increasingly being used by the Internet underground as a way to get by network defenses and infect officer workers’ and home users’ computers.

A large financial client called in Symantec in late April after an employee used Internet Explorer to browse an infected Web site and his system became infected.

Last fall, a similar attack may have been facilitated through a mass intrusion at Interland, said sources familiar with that case.

The Internet Explorer flaws that allowed the Russian attack, however, affect every user of the Web browser, because Microsoft has not yet released a patch. “We are not seeing that this threat is widespread, but we believe the threat to be real,” said Stephen Toulouse, security program manager for Microsoft’s security response center.

http://techrepublic.com.com/5102-6265-5248320.html

Read more

HP gets behind the desktop

Posted on by admini

The company also intends to announce software for printing from wireless devices; data back-up and recovery software; and workstations, which are powerful desktop machines for uses such as creating digital content.

The new set of products is targeted at corporate customers and is part of HP’s “Adaptive Enterprise” strategy. That effort–which has been criticized as vague–aims to help companies better align their information technology with business goals so that they can be more nimble.

HP has focused much of its Adaptive Enterprise push on data centers, and the announcements are aimed at rounding out that vision, a company representative said.

HP is not alone in pitching its products and services as key to improving business performance and flexibility. Rival IBM talks up its “on-demand computing” push, and Sun Microsystems is working on a similar initiative.

Earlier, HP introduced a new type of desktop computer–a “blade” PC system that provides monitors and keyboards to workers but centralizes the actual computing gear, with the aim of improving its management.

The company plans to unveil the HP Compaq Business Desktop dc7100, which also aims to provide easy management. The machine comes in three designs, all of which allow IT supervisors to open up the chassis and access all internal components without tools. Users can remove the parts in as little as one minute, HP said. The dc7100 PC comes equipped with protective technology, dubbed the HP ProtectTools Embedded Security Manager. It combines hardware and software, accessed via a single interface, to handle security operations such as authentication, data encryption and secured communications, HP said.

Also bundled with the desktop PC is back-up and recovery software from Altiris that helps protect data in a hidden, secure area on the local hard drive. The software aims to enable people to recover their own data and system settings, which would help reduce the risk of data loss and the number of calls to the help desk, according to HP.

The dc7100 is slated to be available in July, with prices in the United States starting at an estimated $749.

The Embedded Security Manager is available today on certain HP business desktop and notebook PCs, HP said.

The back-up software from Altiris–dubbed HP Local Recovery–comes preloaded on a number of HP business desktops, notebooks and workstations.

HP’s new Mobile Print Driver for Windows is designed to help workers with a notebook or tablet PC connect to local and networked printers through an 802.11 or Bluetooth connection.

http://news.com.com/HP+gets+behind+the+desktop/2100-1003_3-5248595.html?part=rss&tag=5248595&subj=news.1003.5

Read more

Mac OS X security myth exposed

Posted on by admini

The stats, based on a database of security advisories for more than 3,500 products during 2003 and 2004 sheds light on the real security of enterprise applications and operating systems, according to the firm.

One thing the hard figures have shown is that OS X’s reputation as a relatively secure operating system is unwarranted, Secunia said.

This year and last year Secunia tallied 36 advisories on security issues with the software, many of them allowing attackers to remotely take over the system — comparable to figures on operating systems such as Windows XP Professional and Red Hat Enterprise Server.

“Secunia is now displaying security statistics that will open many eyes, and for some it might be very disturbing news,” said Secunia chief executive Niels Henrik Rasmussen.

A few other organizations maintain comparable lists, including the Open Source Vulnerability Database (OSVDB) and the Common Vulnerabilities and Exposures (CVE) database, which provides common names for publicly known vulnerabilities.

Windows XP Professional saw 46 advisories in 2003-2004, with 48 percent of vulnerabilities allowing remote attacks and 46 percent enabling system access, Secunia said.

Suse Linux Enterprise Server (SLES) 8 had 48 advisories in the same period, with 58 percent of the holes exploitable remotely and 37 percent enabling system access.

A recent Forrester Research Inc. study comparing Windows and Linux vendor response times on security flaws was heavily criticized for its conclusion that Linux vendors took longer to release patches.

http://www.computerworld.com.au/index.php/id;1870365808;fp;16;fpid;0

Read more

Wi-Fi Security Spec Ratified

Posted on by admini

Proponents of the standard said that the 802.11i specification could have an immediate impact on VPN infrastructure, which could be relegated to a lesser role inside a corporate network.

The standard was ratified on 24th June at an IEEE standards committee meeting in Piscataway, N.J. The 802.11i standard adds a needed layer of security to Wi-Fi, which has become widespread both in the consumer and corporate spaces.

Early attempts at security, such as WEP (Wired Equivalent Privacy), provided some basic security but were derided as too easy to crack.

“Intel is ecstatic,” said Robin Ritch, director of security industry marketing for Intel Corp. in Santa Clara, Calif., who said all of the company’s Centrino chip sets, including the older models, are compliant with the specification.

As expected, vendors are already rolling out firmware enabling 802.11-compliant security protocols, although the software won’t officially be pushed to customers until September, when the Wi-Fi Alliance is expected to begin interoperability testing to make sure devices can talk to one another, Ritch said. Devices compliant with the 802.11i spec will likely be certified as compliant with WPA2, the second generation of Wi-Fi Protected Access, she said.

802.11i’s encryption protocols are based on the AES (Advanced Encryption Standard) and meet the limited encryption requirements for the Federal Information Processing Standard 140-2 specification for the protection of sensitive information.

The new standard will add Layer 2 security to a Wi-Fi card, sufficient for wireless access inside a corporate network, Ritch said.

In the early days of Wi-Fi, Intel recommended users connect to a VPN while roaming wirelessly, even when inside their corporate network.

The security provided by 802.11i is sufficient enough that IT managers can eliminate VPNs except when workers are connecting remotely, such as at a hotel, Ritch said.

Intel’s own IT staff plans to relax its security restrictions, she said, eliminating the use of internal VPNs while employees are inside their own network.

Chris Bolinger, manager of the Field and Partner Marketing team in the Wireless Networking Business Unit of Cisco Systems, Inc., Santa Clara, Calif., said it is natural that some customers will want to migrate away from VPNs to standards-based solutions such as 802.11i. However, many customers will also stay with WPA unless they’re given a compelling reason to move to AES, he said. “We’ve always tried to provide solutions to meet customer demand in the wireless LAN space,” Bolinger said.

The performance penalty users will pay for turning on the additional 802.11i functionality is unknown. In tests of Intel’s Grantsdale/Intel 915 chip set, for example, turning on high-definition audio features integrated into the chip set required a significant amount of CPU power, according to a recent ExtremeTech review. Intel spokesman Mark Miller said Intel had not tested the effects of the new 802.11i firmware on battery life to his knowledge, but he estimated that the effects would be “negligible” on the battery life of a Centrino-based notebook.

http://www.eweek.com/article2/0,1759,1616979,00.asp

Read more

Device patrols border between Net and networks

Posted on by admini

Blue Coat’s ProxyAV, released Monday, is designed to deliver up to 249mbps throughput for “real-time” virus scanning, helping enterprises prevent Web-based viruses from entering their networks, without creating a bottleneck, Blue Coat said.

The new gear is designed to work with the company’s ProxySG system, which reviews Web objects and sends some to the ProxyAV for scanning.

ProxyAV scans the objects and sends them back to ProxySG for caching, so they can be reviewed more quickly the next time around, and repeated scanning can be avoided.

“The Proxy appliance is the key to implementing high-performance Web antivirus at the Internet gateway,” Steve Mullaney, vice president of marketing for Blue Coat, said in a statement.

Web-filtering tools can help companies check virus intrusion at the gateway between a company’s internal network and the wilds of the Internet.

Another company, ServGate, recently began selling software designed to help customers block pop-up ads, dangerous Web sites and viruses borne by Web browsers.

Customers can use Blue Coat’s Proxy setup with any antivirus software, such as products from McAfee and Panda Software, and can deploy a layered antivirus system across their companies.

http://zdnet.com.com/2100-1105_2-5242128.html

Read more