Category: News

The worm, which spread rapidly last week, included code to make it respond to instructions posted on a number of Web sites.

Antivirus companies now believe that the virus writers responsible for Sober.P made changes to these Web sites to temporarily stop the worm spreading.

Antivirus company F-Secure saw the worm drop to one percent of virus activity on Tuesday morning from 40 percent of virus activity on Monday — although rival antivirus company Sophos had reported that Sober.P was 84 percent of virus activity on Monday. “Sober monitors certain URLs,” said Mikko Hyppönen, director of antivirus research for F-Secure. “What the worm does depends on the content of the Web site. Someone has changed the content of the Web site and taken remote control of the infected machines.”

Hyppönen said the worm did not have an in-built mechanism to stop spreading it on Tuesday.

Antivirus company Sophos confirmed it had also seen the worm stop spreading, but expects more activity from it.

“The Sober worm is programmed to ‘poll’ out to the Internet to see if a new component update is available,” said Graham Cluley, senior technology consultant for Sophos. “What that update does is entirely up to the virus author — it could mean all of those infected machines could launch a new virus outbreak, begin a DDoS attack, or initiate a spam campaign.”

Last week, Sober.P was reported to be circulating the Internet in massive quantities.

Sophos said the mass-mailing worm accounted for 5.4 percent of all email and 84 percent of virus activity that the company saw over the weekend.

Sober.P — which security companies have variously tagged as Sober.N, Sober.O or Sober.S — travels as an attachment in emails written in English and German. One of the most widely reported emails contains an alluring message stating that the recipient has won free tickets to the 2006 World Cup in Germany, but many other types have also been spotted. Once opened, the virus sends itself to email addresses harvested from the newly infected machine.

http://news.zdnet.co.uk/internet/security/0,39020375,39198261,00.htm

The Gatekeeper Test was an entertaining test of wits for security pros: A series of progressively trickier multiple choice questions (two per working day) were to be offered between 2 to 14 May, culminating in an open question tie-breaker question at the end. Security experts from 20 countries in Europe, the Middle East and Africa were to compete with their compatriots, with a Tablet PC awarded to the the best in each country. The overall winner was to get a VIP trip to Microsoft’s TechEd conference in Amsterdam this July. There were even league tables so you could compete with your mates.

The test attracted more than 20,000 IT pros, according to Microsoft, but right from the off things went awry. The system failed to accept to correct answer on some occasions, as Reg reader Stuart Antcliff discovered: “After pressing submit with, what I hope was, the correct answer it took me to their nice file not found page; I was even using IE because I figured it wouldn’t work with other browsers. A quick test shows this happens with enough browsers to make it funny (I didn’t find one that worked). Is this a cunning plan to lure us into working out what is wrong?
Is it all part of the test?”

Elsewhere, competitors learned they if they answered incorrectly they could press backspace and re-answer questions without any scoring penalty. Similar tricks allowed the unscrupulous to artificially inflate their scores.

“After two days some people already at 1,750 points, when the maximum they could have achieved was 350 points per day,” one anonymous participant told South African site ITWeb.

Microsoft tried to discount earlier results (involving the equivalent of the £2,000 question on Who Wants to be a Millionaire?) but after three days of headache, suspended the competition, as iexplained in its test blog. In a statement, Microsoft said it plans to re-start the game at unspecified time. It blames technical issues for problems with the game, which, we note, was never meant to be particularly serious, anyway.

“The Gatekeeper Test experienced an intermittent ViewState clustering issue on the live environment. This means that certain servers in the cluster lost session state information due to data stored in the ViewState. Consequently, intermittent user scores were not being stored, resulting in a compromised scorecard for some participants.” Microsoft has decided to close the game immediately to avoid any disadvantage to certain participants.

The Gatekeeper Test registration site has been reinstated and participants can continue to take advantage of the education tools which are provided on the site, in preparation for the test re-start.

New participants also have the opportunity to register for the test ahead of the re-start date,” it said.

http://www.theregister.co.uk/2005/05/11/ms_gatekeeper_test_fiasco/

The monthly security bulletin addresses a vulnerability found in Windows 2000 Service Pack 3 and 4, which the company ranks as “important,” its second-highest severity rating. The flaw also appears in the older Windows 98, Windows 98 Second Edition and Windows Millennium Edition. “A remote code execution vulnerability exists in the way that Web View in Windows Explorer handles certain HTML characters in preview fields,” Microsoft said in its bulletin. “By persuading a user to preview a malicious file, an attacker could execute arbitrary code in the context of the logged-on user.” That attacker could install programs and view, change or delete data, or create new accounts with full user rights, Microsoft said.

Security company Symantec has rated the risk from the flaw as “medium,” noting that some user interaction is required for it to be used for an attack. For example, the PC user would have to download a corrupt document or save the document from an e-mail attachment, then browse to the document using Windows Explorer. “It would be fairly easy for an attacker to create a malicious document that could compromise a system and circulate this document through email or websites,” Oliver Friedrichs, senior manager at Symantec Security Response, said in a statement on Tuesday. “In order to combat this new and other security risks, users should always avoid opening files from unknown sources or following links to unverified sites. In addition, all users should deploy Internet security solutions such as antivirus software and firewall technology.”

More recent versions of the operating system are not affected by the flaw. Microsoft said it has tested Windows XP Service Pack 1 and 2, Windows XP 64-Big Edition Service Pack 1 and Version 2003 for Itanium, XP Professional x64 Edition, Windows Server 2003 and its Service Pack 1, Windows Server 2003 for Itanium-based systems and its related Service Pack 1 for the vulnerability.

Microsoft is urging people with Windows SP3 and SP4 to download the security update. For the older versions, Microsoft noted on its Web site that it does not offer security patches to older versions of its software that it no longer supports, unless the vulnerability is rated “critical.”

The software giant did not offer any workarounds. A Microsoft representative referred questions regarding what actions Windows 98 users should take to the company’s Microsoft Lifecycle Support site.

The software giant also released two security advisories of problems that do not necessarily require a patch from Microsoft. One notes a default setting in Windows Media Player Digital Rights Management could allow a user to open a Web page without requesting permission. The second is a clarification of Microsoft’s simple mail transfer protocol (SMTP) Tar Pit feature in Windows Server 2003 Service Pack 1 for Exchange Server 2003.

“Microsoft does not require or recommend that all customers implement this (Tar Pit) feature. It has been provided as an option for reducing the effectiveness of certain attacks that utilize standard features of the simple mail transfer protocol,” the advisory notes.

http://news.com.com/Fix+in+for+Windows+flaw/2100-1002_3-5701804.html?part=rss&tag=5701804&subj=news

CIOs have a new name to know: Zubulake. And if they don’t, they could be heading for trouble. Zubulake is shorthand for the case of Zubulake v. UBS Warburg LLC, which was heard recently in a federal court in New York. The court’s decisions in that case established new standards for retaining electronic data.

“The courts are increasingly depending on companies and their lawyers to produce electronic evidence and to make sure it’s not destroyed,” says Adam Rosman, a lawyer at Zuckerman Spader LLP in Washington. “It was an obligation that didn’t previously exist.”

CIOs have had to contend with hackers, worms and viruses for years. And they’re getting a handle on new federal regulations that set additional security requirements. But even veteran IT executives may be ignorant of some crucial aspects of security law, like the requirements coming out of the Zubulake case, lawyers say.

These security measures, while important legally, fail to attract adequate attention because they’re evolving standards, they’re mixed in with responsibilities traditionally handled by other executives, or they’re simply downplayed by the executive suite.

“There is some important work to be done to bring the CIO and the security officers up to speed,” says J. Beckwith Burr, a partner at Wilmer Cutler Pickering Hale and Dorr LLP, which has headquarters in Boston and Washington.

1 A threat of legal or regulatory action against your company should spur you to adopt more-conservative data-retention procedures. This is just as important as abiding by the rules for data storage that have emerged from the Zubulake case and better-known mandates, such as the Sarbanes-Oxley Act. “When you get wind that someone might be thinking of suing you, you have to immediately change your document destruction procedures so you don’t destroy anything that might be evidence,” says Stuart Meyer, a partner at Fenwick & West LLP in Mountain View, Calif.

2 Security threats from employees represent another often-overlooked risk that could land CIOs and companies in legal trouble. Companies have an obligation to secure their information, even from their own employees, says Robert M. Weiss, a partner at Neal, Gerber & Eisenberg LLP in Chicago. For example, if an unauthorized employee accessed another employee’s personnel file, officers and the company itself could be sued.

3 Corporate relationships with third-party service providers also present potential legal problems, lawyers say. For example, most contracts today limit the liability of outsourced providers to the cost of the contract. “So if there is a security meltdown, contractually the vendor isn’t responsible,” Burr says.

4 Changes in best practices have come quickly with new laws, regulatory requirements and court decisions, and the implications could go well beyond initial expectations. Take, for example, federal laws such as the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act and Sarbanes-Oxley. Most CIOs know that security standards are changing, and many use audits to find holes in their companies’ policies and procedures.

5 Double-edged audits. “If you have knowledge of a security gap and you don’t correct it and something happens, it’s hard to escape liability,” says David MacDonald, a New York-based partner at Kirkland & Ellis LLP. On the other hand, companies that fail to make reasonable efforts to find security gaps may also be liable.

http://www.computerworld.com/securitytopics/security/story/0,10801,101552,00.html

The security-advisories service is designed to alert customers to new security-flaw information in a more timely manner. When gray-hat hackers and private research outfits publish new security-related information, Microsoft will use the service to let customers know.

http://www.microsoft-watch.com/article2/0,1995,1813518,00.asp?kc=MWRSS02129TX1K0000535

Security vendor VeriSign found 66 percent would choose to give up their passwords for a Starbucks coffee, during an informal on-the-street survey conducted Thursday in San Francisco. Only 41 of those quizzed (or 15 per cent) on San Francisco[s Market Street refused to hand over the goodies. Two out three three people (180 of 272) were approached. 51 provided a clue about their password in exchange for a $3 Starbucks gift voucher. 57 per cent reported having four or more passwords, and 79 per cent reported using the same password for multiple websites or applications. The survey also found that some people continue to store passwords on Post-it notes. Other popular locations for passwords include the contacts folder of email applications, on PDAs and in the notes function of a mobile phone.

“A lot of people are still unaware of how this information can be used across the network and don’t understand the implications,” said Mark Griffiths, VeriSign marketing director for authentication services. “We’re trying to educate the average user.”

Survey participants, for example, said they felt comfortable revealing their passwords, because they were not asked to share their user name or logon. And while other people were not willing to release their password, they were agreeable to giving out hints–such as their mother’s maiden name or the name of their dog, which are also frequently used as a second source of identification by Web sites.

Those that revealed their password or gave hints received a $3 gift card for Starbucks–the price of a latte. my name is joe and my password is … How do you know I gave you the right password?

http://news.com.com/2061-10789_3-5697143.html?part=rss&tag=5697143&subj=news
http://www.securityfocus.com/news/11101?ref=rss