admini – Page 407 – CyberSecurity Institute

Microsoft, user differ on details of Exchange 2003 flaw

Posted on November 26, 2003December 30, 2021 by admini

Users have the ability to interact with other people’s mailboxes and can send, receive and read messages, as well as open and manipulate Outlook folders.

Microsoft has given the administrator — who has requested anonymity for himself and his company — a patch, and the company says the vulnerability exists only in certain configurations.

The admin said that, three months ago, his team had upgraded two front-end and back-end servers to Windows Server 2003 and Exchange Server 2003. Shortly after the upgrade, users randomly began reporting that they were being logged on to other people’s mailboxes with full privileges.

Microsoft released a statement late last week about this situation, and the company said the security issue occurs only if Kerberos authentication is disabled.

More info: [url=http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci938649,00.html]http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci938649,00.html[/url]

Virus warning over ‘Mary’ porn photos email

Posted on November 26, 2003December 30, 2021 by admini

Security firm Sophos said that a great many copies of the message have been circulating by email.

Even though Sysbug is unlikely to become a major security threat, IT managers need to be alert as any one of their staff could make the mistake of opening the attachment.

Kevin Hogan from Symantec’s Security Response team told silicon.com’s sister site ZDNet UK that the Trojan is unlikely to spread much further because it does not self-replicate.

“I don’t see it getting worse because it relies on manual spamming – unless they re-spam it,” he said.

Cluley recommends that companies work on user awareness of these risks, and also implement a combined anti-spam and antivirus product at their gateway.

Sysbug comes just months after another virus that claimed to be compromising pictures of Hollywood star Julia Roberts.

[Editor Note: Yes, we are protected]

More info: [url=http://www.silicon.com/software/security/0,39024655,39117071,00.htm]http://www.silicon.com/software/security/0,39024655,39117071,00.htm[/url]

Firms Wep up security nightmare

Posted on November 26, 2003December 30, 2021 by admini

The research found 28 per cent of firms have implemented wireless infrastructures, while 40 per cent plan to do so by 2005, using Wep as the security standard rather than technologies such as virtual private networks.

“Security is still a concern, but the biggest danger isn’t enterprise deployment but deployment by an end-user,” he said.

Mike Smart, European product manager at SonicWall, said: “Relying on Wep or banning wireless usage is not enough to guarantee network integrity.”

More info: [url=http://www.vnunet.com/News/1150021]http://www.vnunet.com/News/1150021[/url]

Future virus fighting

Posted on November 26, 2003December 30, 2021 by admini

In general, an unknown writer identifies a vulnerability in a common system, writes software to exploit it and releases it to his chums and the antivirus companies, sometimes into the wild. The virus is analysed, a unique pattern within it is identified and the antivirus companies release the update to their customers.

One approach to counter that is heuristic analysis, where software examines email attachments and incoming files and attempts to work out what they actually do. A more advanced form of heuristic scanning involves running the code, either in emulation or a virtual machine, and watching for dangerous activity.

Yet another approach is to monitor not the suspect code, but the entry points to the operating system: as software runs, the antivirus program constantly checks for dangerous activity.

One of the latest demonstrations comes from Washington University, where John Lockwood and his students have developed a device called the Field Programmable Port Extender (FPX) that can scan incoming bitstreams at up to 2.4 gigabits per second. The hardware builds incoming packets into a message, analyses the protocol headers and compares the contents of the message against a database of known signatures — all things that are normally done in software.

More info: [url=http://insight.zdnet.co.uk/0,39020415,39118047,00.htm]http://insight.zdnet.co.uk/0,39020415,39118047,00.htm[/url]

Microsoft To Test Providing Security Updates On CD

Posted on November 26, 2003December 30, 2021 by admini

Microsoft is considering a release of security updates on CD for users of its older operating systems who lack broadband connections to the Internet, according to an e-mail sent to prospective beta testers on Tuesday. The e-mail invites beta testers who are using Windows 98, Windows 98 Second Edition, and…

Senate OKs Anti-Spam Bill

Posted on November 26, 2003December 30, 2021 by admini

The bill, which would override all existing state anti-spam laws, puts numerous restrictions on the marketing e-mail messages companies can send to users, levies fines and jail terms for offenders, and instructs the Federal Trade Commission to report to Congress on a plan to create a ‘do-not-spam’ list, one similar to the that recently put into place by the FTC which prevents telemarketers from calling consumers who have added their names and phone numbers to the list.

Criminal charges are also part and parcel of the CAN SPAM Act, with penalties ranging up to five years in prison for such practices as hacking into another person’s computer with the intent of sending spam from the hijacked machine, falsifying header information in bulk junk mail, and registering five or more e-mail accounts using false information then using those ill-gotten accounts to blow spam onto the Internet.

More info: [url=http://www.securitypipeline.com/news/showArticle.jhtml;jsessionid=DZDJ4BPE4AWPCQSNDBCSKHY?articleId=16400839]http://www.securitypipeline.com/news/showArticle.jhtml;jsessionid=DZDJ4BPE4AWPCQSNDBCSKHY?articleId=16400839[/url]