Category: News

In recent months the Australian market has seen the release of several new players in the VoIP space and analyst predictions to the effect that 2005 will be the year that VoIP takes off in a big way.

There has even been a public discussion paper released by the Australian Communication Authority on regulation of the potentially disruptive new technology, and various public responses from telecommunications providers. A study commissioned by contact centre software provider Concerto showed that those in charge of contact centres were still only tentatively appraising the technology.

The managers came from a broad range of industry segments and took part in the research in January and February of this year. Of those 100, only 2 percent listed VoIP technology as being next on their shopping lists for their call centres, and only 6 percent said that VoIP was the technology that had made the most impact on improving productivity in their call centre over the past 12 months.

In contrast to the lack of interest in VoIP technology, 9 percent of respondents said they would soon be purchasing speech recognition software for their call centres, although only 1 percent said speech recognition technology had had the most impact on productivity in their contact centre in the past 12 months.

“Call centres are carefully evaluating the business benefits that will drive investment in VoIP and converged technologies,” said Concerto Australia and New Zealand general manager Gerry Tucker.

http://www.zdnet.com.au/news/communications/0,2000061791,39184629,00.htm

SUVP was disclosed by the Wall Street Journal; until then, the year-old program had been a closely-guarded secret. It’s so secret, in fact, that a search on Microsoft’s Web site for “SUVP” comes up empty.

Microsoft said that SUVP’s testing is beneficial to everyone, since “the end result is high-quality update for customers.”

The spokesperson denied that the Air Force, or any other organization or company participating in SUVP — the Air Force is the only participant that’s been named so far — gets a jump when it comes to patches. “The program is not designed to give the Air Force or any customer who participates in SUVP, a competitive advantage, and the service does not receive mission-critical patches before any other customer.”

http://www.techweb.com/wire/security/159900380

Recent days of Security News From_the_desk_of_Paul_-_031505.pdf

IT managers and their staffs now have the Windows Security Log Encyclopedia, a new Windows tool for monitoring, intrusion detection and for carrying out computer forensics.

The new tool covers all nine audit categories of Windows Server 2003 and illuminates the subtle, yet critical, differences between Windows Server 2003, 2000, and XP regarding security events.

According to Smith, “The Windows security log is vital to successfully monitor all aspects of Windows security. Commenting on the techniques used to develop the tool, Smith added, “I have reverse-engineered every event ID in the security log, along with the codes and other detailed fields within each event.

Smith has provided design consultation to developers of event log monitoring products and written more than a dozen articles on the subject, several of which now reside on Microsoft’s TechNet Web site.

This valuable tool is freely available online at www.ultimatewindowssecurity.com.

http://www.securitypronews.com/news/securitynews/spn-45-20050312OnlineWindowsSecurityLogEncyclopediaFree.html

A silicon.com article (http://software.silicon.com/security/0,39024655,39128296,00.htm) revealed Immunity and its founder Dave Aitel have been causing a stir in the security world in recent months with a business model branded “unethical” but entirely above-board. The greatest source of growing concern appears to focus on the NDA and the potential for anybody to sign up and pay the price for notification of vulnerabilities.

One rival bug finder, who operates along the more traditional lines of informing the affected vendor of the flaw in its product and working with them to patch it before releasing any details of the vulnerability, has hit out at Immunity Inc. Drew Copley, senior research engineer at eEye Digital Security, told silicon.com the situation of signing members to a non-disclosure agreement in return for information on security vulnerabilities is “extremely unethical”. Simon Perry, VP security strategy at CA, told silicon.com: “Knowledge cannot be effectively controlled. “NDAs in the IT community as a whole are not taken seriously and there do not appear to be adequate controls to ensure that the information does not leak to those who have an interest in creating a dangerous exploit. It does not improve security overall,” he added.

Perry also questioned whether Aitel’s customers are getting value for money. Because vendors are kept out of the loop, flaws go un-patched while Immunity’s customers are given a workaround. “You’re given a workaround by Immunity, but you don’t have a fix — a patch from the vendor that permanently addresses the problem.

http://software.silicon.com/security/0,39024655,39128621,00.htm

At its recent TechFest event, it described how its Vigilante project is using “honeypots” to automatically spot and remove worms as they enter networks. Microsoft added that this is a research project, and it has not decided if or when such tools should be built into Windows.

A computer honeypot is a server with an unpublished IP address. Honeypots are usually connected to the internet rather than a LAN, and the use of otherwise redundant IP addresses virtually guarantees that any attempts to access the server are from a worm or other unauthorised activity. Worms often select random IP addresses to attack, so are just as likely to attack a honeypot server as they are a genuine server. Monitoring tools running on the honeypot inspect the incoming TCP/IP connections and can automatically produce signature files that would allow a suitable firewall to filter out any such packets sent to production servers.

Honeypots are popular with security experts, but Microsoft would be the first major software vendor to build such tools into mainstream computer software. It is well placed to do so because honeypot systems are best deployed using server virtualisation tools.

Microsoft detailed the Vigilante project in a paper written by two Microsoft researchers with Manuel Costa and Jon Crowcroft from the University of Cambridge. In a section examining the scale of the problem, the authors note, “Worms can spread too fast for people to respond. For example, the Slammer worm infected 90 percent of vulnerable hosts in 10 minutes.”

The report concludes that honeypots can deal with the problem. “Our preliminary results show that Vigilante can effectively contain fast-spreading worms that exploit unknown vulnerabilities.”

Lab data from the Vigilante project indicates that a small number of honeypot systems could protect a large network of servers. “[Our data] shows that a very small fraction of detectors, 0.001, is enough to contain [infection from a worm like Slammer] to less than 10 percent of the vulnerable population.” The researchers noted, “Dynamic dataflow analysis is able to detect an attack even when it does not overwrite program data structures. Dynamic dataflow analysis can also be used with self-modifying code and dynamically generated code. Furthermore, access to the source code is not required.”

In addition to the honeypot project, Microsoft is developing a protective architecture that can re-write software as it is being run, to add new checks to prevent hackers from hijacking servers by exploiting buffer overflows.

http://www.vnunet.com/news/1161845