admini – Page 415 – CyberSecurity Institute

US-listed firms may face IT security audits

Posted on November 8, 2003December 30, 2021 by admini

The audit must be conducted by an independent party and assess “the risk and magnitude of the harm that could result from the unauthorised access,” alteration or destruction of company computers, says the draft, prepared by Representative Adam Putnam.

“Given the magnitude of the threat and the depth of the vulnerabilities that exist today, it is imperative that we address this matter aggressively and collaboratively in order to enhance the protection of the nation’s information networks on behalf of the American people and the US economy,” Putnam said in a statement this week.

Miller said the final recommendation could include legislative, regulatory or self-regulatory approaches.

More info: [url=http://news.zdnet.co.uk/business/0,39020645,39117721,00.htm]http://news.zdnet.co.uk/business/0,39020645,39117721,00.htm[/url]

‘Critical’ patch sent out for Office flaw

Posted on November 6, 2003December 30, 2021 by admini

The “critical update,” released late on Tuesday, applies to three of the four major applications in Office 2003–the Word word-processing program, the PowerPoint presentation application and the Excel spreadsheet software, according to a Microsoft bulletin.

The problem happens when a document created with one of those applications is opened with an earlier version of Office.

If the document contains graphics elements created using the OfficeArt tool, the earlier version of Office will misinterpret that part of the document and add invalid data to the file when it is saved.

An attempt to re-open the file with the Office 2003 application that created it could result in a corrupted document, missing content or other errors.

More info: [url=http://news.com.com/2100-1012_3-5103267.html]http://news.com.com/2100-1012_3-5103267.html[/url]

Weakness Reported in Wireless Security Protocol

Posted on November 6, 2003December 30, 2021 by admini

Most implementations of WPA, in order to make use of the cryptography accessible to unsophisticated users with normal home computing equipment, allow users to enter a common shared phrase into a WPA user interface on the computer.

Other key management techniques are available to WPA, but these generally require more expensive and complex network management equipment, such as authentication servers.

Moskowitz states that after sniffing a few packets of data from certain points in Wi-Fi standard communication, an attacker could use a “dictionary attack” on the data offline in an attempt to guess the passphrase.

According to Moskowitz: “A key generated from a passphrase of less than about 20 characters is unlikely to deter attacks.

More info: [url=http://www.eweek.com/article2/0,3959,1375027,00.asp?kc=EWRSS03119TX1K0000594]http://www.eweek.com/article2/0,3959,1375027,00.asp?kc=EWRSS03119TX1K0000594[/url]

Conqueror Worm?

Posted on November 6, 2003December 30, 2021 by admini

Last week’s elevated warning levels surrounding MiMail.C, a new, fast-spreading worm, gave IT departments time to brace themselves for a new round of attacks–but only barely.

The arrival of this new family of worms is not without attendant irony: MiMail.C arrived just as SoBig finally lost its spot at the top of the “Most Popular Virus” heap.

MiMail may or may not achieve a similar “status,” but the time between first deployment and release of refined versions spanned just a couple of months.

But those vendors–and all IT security professionals, for that matter–face an ongoing challenge of shortening the time between detection, alert announcement, and effective prevention and/or removal tools.

More info: [url=http://www.securitypipeline.com/showArticle.jhtml;jsessionid=Z2SCZM2ERD0ASQSNDBGCKHY?articleId=16000158]http://www.securitypipeline.com/showArticle.jhtml;jsessionid=Z2SCZM2ERD0ASQSNDBGCKHY?articleId=16000158[/url]

Users look to redefine security approach

Posted on November 6, 2003December 30, 2021 by admini

In a presentation to the RSA Security Conference in Amsterdam, members of the Royal Mail, ICI and BT Global Services outlined their position on what defines a secure network and how they want to see it achieved.

“This isn’t pushing for a new BS7799 standard or anything,” said Paul Simmonds, global information security director at chemical manufacturer ICI.

The eventual goal is to shift the security market away from trying to keep networks pure from outside influences with a hardened perimeter, and concentrate on securing data access and enabling more business-to-business secure traffic.

He described Microsoft’s Rights Management Services (RMS) as interesting, but said that an ideal solution would see documents passed over a variety of operating systems and computing environments without sacrificing any degree of confidentiality.

Cisco has already been contacted and other large IT vendors are on the target list.

More info: [url=http://www.vnunet.com/News/1147499]http://www.vnunet.com/News/1147499[/url]

Brazil police bust gang of Internet hackers

Posted on November 6, 2003December 30, 2021 by admini

The operation, dubbed “Trojan Horse” and involving 205 officers, targetted a gang that stole more than $10 million last year by breaking into banks and clients computers, federal police said in a statement.

Police said the gang had created Internet sites and programs capable of uncovering the passwords of clients who transferred money on the Web.

Once the gang obtained the passwords, funds were stolen electronically from accounts and transferred to other bank accounts held in the names of third persons.

More info: [url=http://economictimes.indiatimes.com/cms.dll/html/uncomp/articleshow?msid=269501]http://economictimes.indiatimes.com/cms.dll/html/uncomp/articleshow?msid=269501[/url]