August 2004 – CyberSecurity Institute

DOJ Accuses Six Of Crippling Rivals’ Web Sites

Posted on August 31, 2004December 30, 2021 by admini

According to Attorney General John Ashcroft, six men were indicted this week by a federal grand jury in California on multiple charges for hiring hackers to launch denial-of-service (DoS) attacks against competitors. The case illustrates “the increased use of the Internet to damage rival businesses and communicate threats for commercial advantage,” said Ashcroft in a statement.

The DoS attacks knocked Obit competitor Weaknees.com, a Los Angeles-based online retailer, offline for two weeks. After that, similar DoS attacks were launched against Rapid Satellite of Miami Beach, Fla., and Expert Satellite of Worcester, Mass.

According to affidavits filed by the FBI in the Central District of California federal court, one of the ISP’s hosting a targeted site suffered more than $1 million in losses. That same ISP also hosted the web sites of the Department of Homeland Security and Amazon.com, both of which were temporarily disrupted by the attacks, said the FBI.

http://www.securitypipeline.com/news/45200006;jsessionid=FUTFCA5YF4FUWQSNDBCSKHY

Oracle users: Monthly patch cycle prudent

Posted on August 31, 2004December 30, 2021 by admini

Despite criticism of Microsoft’s patch cycle, reaction to Oracle’s decision so far seems positive.

The Redwood Shores, Calif.-based company announced its decision to do monthly security updates last week after news of 34 vulnerabilities in multiple versions of its database server — the majority of them critical — were widely reported.

Generally, the flaws have to do with the Procedural Language/Structured Query Language and its triggers. One flaw allows an attacker to gain control of the database server without a userID or password, while others allow low-privileged users to take over the database server.

“Oracle is moving to a monthly patch rollup model because we believe a single patch encompassing multiple fixes, on a predictable schedule, better meets the needs of our customers,” Oracle spokesman added. “The problem isn’t when patches aren’t available, it’s when the patches are released and people don’t apply them.

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1002437,00.html

Secret Service warns banks to beware the enemy within

Posted on August 31, 2004December 30, 2021 by admini

In 87% of the cases the insiders employed simple, legitimate user commands to carry out the attacks, and in 78% of the incidents, the insiders were authorised users with active computer accounts. Most were motivated by financial gain, with 30% of user organisations realising losses above $500,000.

The report states: “Management attention on financial performance, to the exclusion of good risk management practices, seems to be a recurrent theme in some of the cases in this study.” Reducing the risk of these attacks requires organisations to look beyond their information technology and security to their overall business processes, says the report authors.

The study confirms Gartner research, published in 2003, showing that insiders represent a significant and underappreciated class of threat agent.
Gartner estimates that through 2008, insiders, working alone or with outsiders, will account for the majority of financial losses from the unauthorised use of computers and networks.

The analyst group recommends that financial service providers conduct a confidential inventory of all individuals with the technical skills, means or motivation to damage the company’s systems or misuse information. Firms should then look to reduce or eliminate the threat from these parties, wherever possible, by taking steps such as changing passwords and access rights immediately when an insider’s status changes – for example, when an employee leaves, relationships with auditors or suppliers change or consultants complete a project.

http://www.finextra.com/topstory.asp?id=12404

Tired of reading long web pages…

Posted on August 29, 2004December 30, 2021 by admini

Just want to see an even briefer summary… Well now, we have the summary page: Summary Page Same content… Just faster to scan. Hope you enjoy and any comments feedback is really appreciated.

WinFS Axed From Longhorn Client and Server

Posted on August 27, 2004December 30, 2021 by admini

The Windows File System (WinFS) — technology that was set to simplify information storage and retrieval — won’t make it into the final, shipping versions of Longhorn client, company officials confirmed.

Longhorn is still slated to include both the Indigo and Avalon subsystems, contrary to some rumors to the contrary over the past couple of days. And Microsoft is still expecting to deliver as part of Longhorn updated “fundamental” application-programming interfaces providing core power management, driver management, application installation/deployment, digital rights management and other basic tasks.

http://www.microsoft-watch.com/article2/0,1995,1640454,00.asp

Security appliances add dynamic profiling to firewall technology

Posted on August 25, 2004December 30, 2021 by admini

SecureSphere 3.0 includes multiple layers of security, including a standards-based deep inspection firewall, Web and database firewalls, and protection from zero-day worms via Imperva’s new Worm Profiling technology.

The Dynamic Database Firewall, meanwhile, relies on the database elements of the dynamic profile to detect unusual database queries.

http://zdnet.com.com/2110-1104_2-5323921.html