Month: May 2005

An identity metasystem is much like a metadirectory, according to industry watchers. A metadirectory, or uber-directory service, is designed to users to view data from different directory systems in a unified way.

In a white paper published this month to the Microsoft Web site, Microsoft describes the identity metasystem this way: “This metasystem, or system of systems, would leverage the strengths of its constituent identity systems, provide interoperability between them, and enable creation of a consistent and straightforward user interface to them all.

“The ID metasystem is a new concept that we just started talking more formally about last week,” said Michael Stephenson, director of product management with the Microsoft Windows Server team. The identity metasystem is an outgrowth of the WS-* Web services architecture that Microsoft and its partners have been championing for the past couple of years. Stephenson said that while the digital ID platform vision advances, Microsoft and its partners will continue to submit the various WS-* protocols to standards bodies in a royalty-free manner.

As outlined by Microsoft in its metasystem white paper, the digital ID metasystem will build on top of two of the WS-* protocols: the WS-Trust and WS-Metadata Exchange ones. Security token servers and WS-SecurityPolicy-based clients that require user-identification-vertification will plug into this base.

According to Microsoft, “Examples of technologies that could be utilized via the metasystem include LDAP claims schemas, X.509, which is used in Smartcards; Kerberos, which is used in Active Directory and some UNIX environments; and SAML, a standard used in inter-corporate federation scenarios.”

Microsoft envisions individual vendors building their own implementations of the digital ID metasystem. Infocard Infocard, which is similar to a virtual credit card or membership card, will be the common user interface for the Microsoft digital-ID metasystem, Stephenson said. Company officials have said that Microsoft will build into future versions of Windows, starting with Longhorn, an InfoCard client.

http://www.microsoft-watch.com/article2/0,1995,1817451,00.asp

While reports of this type of crime have circulated for several years, most victimized companies remain reluctant to acknowledge the attacks or enlist the help of law enforcement, resulting in limited awareness of the problem and few prosecutions.

Extortion is “becoming more com’monplace,” said Ed Amoroso, chief information security officer at AT&T. “It’s happening enough that it doesn’t even raise an eyebrow anymore.”

“In the past eight months we have seen an uptick with the most organized groups of attackers trying to extort money from users,” said Rob Rigby, director of managed security services at MCI (Profile, Products, Articles). While MCI has been asked to help with prosecutions in other cybercrime cases, Rigby says he does not recall a service provider being subpoenaed in a DDoS extortion case.

Quantifying the extortion problem is difficult because the FBI, ISPs and third-party research firms can’t provide figures on the number of DDoS attacks that include demands for money. An indeterminable number of victims are choosing to meet the demands of extortionists rather than turn to law enforcement because they’re worried about negative publicity.

The law does not prohibit paying, said Kathleen Porter, an attorney at Robinson & Cole LLP in Boston, who has extensive experience with e-commerce and Internet law. Companies are not required by law to report these crimes, Porter said, adding that she suspects that many are reticent to do so because they fear being sued over the risks that such an attack might create for their customers.

Anti-DDoS services cost around $12,000 per month from carriers such as AT&T and MCI, said John Pescatore, an analyst at Gartner Inc. The most popular type of anti-DDoS equipment used by service providers is Cisco Systems’s (Profile, Products, Articles) Riverhead gear and Arbor Network’s detection tools. This equipment can filter about 99 percent of the attack traffic, Pescatore said, although sometimes network response times drop by a few seconds.

Last fall, the Bellevue, Wash., payments-processing firm, which authorizes credit card transactions for more than 114,000 merchants, had its Internet-based service disrupted by extortionists demanding payment to cease a massive DDoS attack.

“Today, we’ve not yet seen a successful apprehension of anyone involved,” said Authorize.Net President Roy Banks.

http://www.infoworld.com/article/05/05/16/HNddosextortion_1.html?source=rss&url=http://www.infoworld.com/article/05/05/16/HNddosextortion_1.html

The worm, which spread rapidly last week, included code to make it respond to instructions posted on a number of Web sites.

Antivirus companies now believe that the virus writers responsible for Sober.P made changes to these Web sites to temporarily stop the worm spreading.

Antivirus company F-Secure saw the worm drop to one percent of virus activity on Tuesday morning from 40 percent of virus activity on Monday — although rival antivirus company Sophos had reported that Sober.P was 84 percent of virus activity on Monday. “Sober monitors certain URLs,” said Mikko Hyppönen, director of antivirus research for F-Secure. “What the worm does depends on the content of the Web site. Someone has changed the content of the Web site and taken remote control of the infected machines.”

Hyppönen said the worm did not have an in-built mechanism to stop spreading it on Tuesday.

Antivirus company Sophos confirmed it had also seen the worm stop spreading, but expects more activity from it.

“The Sober worm is programmed to ‘poll’ out to the Internet to see if a new component update is available,” said Graham Cluley, senior technology consultant for Sophos. “What that update does is entirely up to the virus author — it could mean all of those infected machines could launch a new virus outbreak, begin a DDoS attack, or initiate a spam campaign.”

Last week, Sober.P was reported to be circulating the Internet in massive quantities.

Sophos said the mass-mailing worm accounted for 5.4 percent of all email and 84 percent of virus activity that the company saw over the weekend.

Sober.P — which security companies have variously tagged as Sober.N, Sober.O or Sober.S — travels as an attachment in emails written in English and German. One of the most widely reported emails contains an alluring message stating that the recipient has won free tickets to the 2006 World Cup in Germany, but many other types have also been spotted. Once opened, the virus sends itself to email addresses harvested from the newly infected machine.

http://news.zdnet.co.uk/internet/security/0,39020375,39198261,00.htm

The report involved 15 schools which used open source software and 33 that didn’t. It concluded that the cost of a primary school computer running open source software was half that of one running proprietary software, while in secondary schools an open source PC was 20 percent cheaper.

Stephen Uden, Microsoft’s education relations manager, claimed that this sample size was too small to draw firm conclusions from. Uden also defended Microsoft against the charge that schools that choose its software are getting worse value than those that take the open source path.

“Obviously costs are an important part of this. But most head teachers are interested in quality. We spend more time looking at better learning for kids,” said Uden. He pointed out that three of the primary schools involved were supported by a secondary school, giving them access to valuable support–something he claimed distorted the findings.

The 24-page report looked at three areas–technical infrastructure, administration and management, and curriculum software–and overall delivered a mixed verdict about what open source software offers today. The report found that open source software was generally superior as an operating system on both servers and PCs. But the schools involved were split as to whether open source applications were better than their proprietary counterparts. One teacher reported that some colleagues welcomed StarOffice, but others refused to use it and stuck with Word. At another school, open source software had been installed on laptops alongside proprietary alternatives, but appeared to be never used.

Becta described the position on content-specific open source software as “weaker”, as the schools involved in the study were only using a very small range of open source teaching applications.

Despite this, OpenForum Europe–which supports the use of open source software in business–has hailed Becta’s report. “This report underlines the massive opportunity that exists for all schools to get the best value for money from their IT budgets,” said Mike Banahan, director of OpenForum Europe. “The advent of Open Source Software solutions in education opens up the whole UK education market for the first time in a decade to competitive choice, removing the inevitability of lock-in.”

http://news.zdnet.com/2100-9593_22-5706457.html?part=rss&tag=feed&subj=zdnet