Mass TCP Port Attack Could Be Imminent, Analyst Warns

Posted on by admini

In Windows 2000, Windows XP and Windows Server 2003, Microsoft uses TCP Port 445 to run SMB directly over TCP/IP to handle the sharing of files, printers, serial ports, and also to communicate between computers.

She said software engineers at Redmond would continue to analyze and monitor for any malicious activity but stressed that she was not aware of any customers being attacked via sniffing against TCP Port 445 and have not received any indication of malicious activity associated with MS05-027.

John Pescatore, VP of security research at Gartner Inc., said the reports of increased sniffing on Port 445 are a “serious concern for enterprise security managers” because such activity usually means a mass attack is imminent.

“[Administrators must] immediately review all firewall policies (including those covering personal firewall software) to ensure that Port 445 access is blocked wherever possible [and] update all intrusion prevention system filters (both network- and host-based) to block attempts to exploit this vulnerability,” Pescatore added.

http://www.eweek.com/article2/0,1759,1830698,00.asp?kc=EWRSS03119TX1K0000594

Read more

SMBs Urged to Take Security Steps

Posted on by admini

One of several seminars being featured during Ziff Davis Internet’s SMB (small and midsize business) Solutions Virtual Tradeshow, a hot-button virtual panel titled “Security Priorities: Getting the Most Protection for Your Dollar” featured three presenters.

Each presenter examined different aspects of the SMB security issue, along with polls and a question-and-answer interactive box for participants to type in questions relating to the topic.

The first speaker, Michael Grieves, consulting partner for channel strategies firm Core Strategies and director of research of the MIS department at the University of Arizona, said that because smaller businesses don’t have the resources of their larger brethren, members of such organizations “have got to go look in the mirror” to find somebody to handle their security needs, adding that it is a fairly lonely proposition. Grieves went on to present a set of what he called “realistic security steps” that SMBs can use to protect themselves and to sense and respond to incidences without needing the sorts of resources to which larger enterprises have access. According to Grieves, these four steps are making IT security a priority; taking obvious steps such as keeping systems up-to-date and implementing virus protection; being paranoid about security; and developing an emergency plan of action before any emergencies arise.

John Norman, a systems engineer at Advanced Systems Group, focused on sensible security strategies for SMBs, said that perhaps the biggest problem SMBs face in developing a security strategy is one of prioritization. In determining these priorities, Norman noted that it may not be feasible to protect some of a company’s assets and to weigh security costs against the time, money and convenience required.

SMBs may need to hire consultants to obtain expertise and outsource such services as regular audits and firewall maintenance, he said.

Meanwhile, Forrester Research analyst Paul Stamp discussed data his group has collected about the importance of security among SMBs. According to Stamp, about 28 percent of North American SMBs spend between 2 percent and 4 percent of their budgets on IT security, while another 28 percent spent less than 2 percent. In addition, about 12 percent of decision-makers for the SMBs Stamp surveyed “didn’t know” how much their companies spent on security.

http://www.eweek.com/article2/0,1759,1830641,00.asp?kc=EWRSS03119TX1K0000594

Read more

Targeted Trojan-horse attacks hitting U.S., worldwide

Posted on by admini

This week, security company Symantec sorted through low-volume e-mail threats submitted to its response team for analysis and found several that had targeted U.S. government agencies or had been submitted to Symantec from government sources in the United States. Two programs that fit the profile–identified by Symantec as Trojan.Mdropper.B and Trojan.Riler.C–were among the threats warned about by the NISCC.

Last month, law enforcement agencies in Israel found that private detectives had allegedly used targeted Trojan-horse programs to steal information from their clients’ competitors, according to press reports.

The latest attacks are targeted at only a few companies or government agencies at a time and show signs of significant background research into the target, said Mark Sunner, chief technology officer for e-mail security firm MessageLabs.

While data on the attacks is scarce, with the company only detecting two attacks per week, they are a serious threat, he said.

The United States Computer Emergency Readiness Team, or US-CERT, has not released a statement on the NISCC advisory.

The stealthy attacks have frequently been sent to a specific person at the targeted organization and show that attackers are researching the best way to convince the victim that the document containing the Trojan horse is real. Moreover, tradition e-mail-borne mass-mailing viruses typically have not stolen documents. Both MyFip and the latest string of attacks discovered by MessageLabs and NISCC appear to come from China.

http://www.securityfocus.com/news/11222

Read more

IT Security? The Key for Employee Productivity

Posted on by admini

Key findings include: 75 percent of small and medium businesses were hit by at least one virus, with some affected over 100 times, 40 percent of respondents have been hit by hackers at least once, with some targeted more than 200 times, 29 percent don’t use anti-spam software, 34 percent don’t use spyware software, 4 percent don’t use anti-virus software and 9 percent don’t have Internet firewalls.

With these statistics demonstrating how computer security and spam issues reduce employee performance, I’m amazed that we don’t see 100 percent of small and medium businesses taking advantage of the protective technology available,” said Paul Cousino, director of Research Services at Maritz’ Information Technology Group.

http://www.ebcvg.com/articles.php?id=777

Read more

Seagate preps hard-disk encryption technology

Posted on by admini

The technology, called Hardware-Based Full Disc Encryption (FDE), automatically encrypts all the data written to the drive, according to Mark Pastor, strategic marketing senior director at Seagate. The technology will be available for notebook PC makers on 40GB, 80GB and 120GB versions of the Momentus 5400-series drives, which will have a spin speed of 5,400 rpm and use the Ultra ATA-100 interface.

The hard-disk drives with the encryption technology will have exactly the same performance as the drives in the series that don’t use the technology. But the drives with the security feature will be more expensive, Pastor said.

http://www.macworld.co.uk/news/index.cfm?RSS&NewsID=11901

Read more

Microsoft: No New Sybari Sales for Unix, Linux

Posted on by admini

On the day the software giant completed its purchase of Sybari Software Inc., a deal first announced in February, Microsoft Corp. announced it would immediately discontinue new sales of Sybari’s flagship Antigen suite for the Unix and Linux platforms.

The move means that Sybari Antigen 6.0 for Lotus Domino servers running IBM’s AIX Unix operating system will be dropped from the product line. Amy Roberts, director of product management in Microsoft’s security business and technology unit, said the company will continue to market Antigen for Domino on Windows NT.

In an interview with Ziff Davis Internet News, Roberts said Sybari customers on the Unix and Linux platforms will continue to receive anti-virus updates through the life of the existing contract.

http://www.eweek.com/article2/0,1759,1830182,00.asp?kc=EWRSS03119TX1K0000594

Read more