The attack of the US$2 million worm

Posted on by admini

Out of 162 companies contacted, 84 percent said their business operations have been disrupted and disabled by Internet security events during the last three years.

Though the average rate of business operations disruption was one incident per year, about 15 percent of the surveyed companies said their operations had been halted and disabled more than seven times over a three-year period.

The portents for enterprises are alarming, given the increased use of the Internet for core business activities.

About three-fourths of the companies contacted by Aberdeen indicated they are increasing online sales and customer service, 55 percent will do more procurement and sourcing through the Web, and 48 percent want to enhance online distribution and fulfillment activities.

“Increasing usage of the Internet for these core business functions means that business disruptions from Internet security can seriously impact a company’s revenue,” Aberdeen analyst Jim Hurley said in a release.

The market researcher calculates that the median annual revenue loss rate can vary from US$6,700 for a US$10 million company to US$20.1 million for a Global 5,000 company with US$30 billion revenue.

The first six months of 2004 saw an increasing number of attacks on Internet security.

Disruptive Internet agents that have raised the level of concern include worms, viruses, spyware, hacker attacks, denial-of-service attacks, attacks on e-mail and Web systems, and attacks on company data and applications.

Some of the most malicious mass-mailing worms roaming the Net include the Bagle and Sasser worms.

Security experts recently unearthed a pernicious pop-up program that reads keystrokes and steals passwords.

Most businesses are worried that their operations are exposed to Internet-based threats.

For instance, 80 percent of survey respondents indicated that they’re worried about network outages, 86 percent are worried about Internet security threats, 84 percent are worried about compromised IT systems; 85 percent are worried about compromises to data integrity; and 71 percent are worried about human errors that may lead to Internet business disruptions.

http://www.zdnet.com.au/news/security/0,2000061744,39152626,00.htm

Read more

Cover Your Apps – 5 Security Myths

Posted on by admini

With firewalls and patch management now being standard practices, the network perimeter has become increasingly secure. Determined to stay a step ahead, hackers have moved up the software stack, focusing on the Web site itself. According to a Gartner analyst, more than 70 percent of cyberattacks occur at the application layer.
1. “The Web site uses SSL, so it’s secure.”
SSL by itself does not secure a Web site. SSL does not protect the information stored on the site once it arrives.
2. “A firewall protects the Web site, so it’s safe.”
Firewalls allow traffic to pass through to a Web site but lack the ability to protect the site itself from malicious activity.
3. “The vulnerability scanner reported no security issues, so the web site is secure.”
Vulnerability scanners have been used since the early ’90s to point out well-known network security flaws. However, they neglect the security of custom Web applications running on the Web server, which usually remain full of holes. Up-to-date vulnerability scanners now achieve more than 90 percent vulnerability coverage on the average network–but they sparsely target the Web-application layer because there are no well-known security issues present in custom-written Web code.
4. “Web application security is a developer problem.”
Sure, developers are part of the problem, but many factors beyond their control contribute to software security. For example, source code can originate from a variety of locations besides in-house. A company might have code developed by an offshore firm to intermingle with existing code.
5. “Security assessments are performed on the Web site every year, so it’s secure.”
The high rate of change in normal Web-site code rapidly decays the accuracy of even the most recent of security reports. As each new revision of a Web application is developed and pushed, the potential for new security issues increases.

http://www.varbusiness.com/sections/news/breakingnews.jhtml%3Bjsessionid=N241AGHB04JH2QSNDBCSKHY?articleId=22104030

Read more

New Virus May Steal Data

Posted on by admini

The infection appears to take advantage of three separate flaws with Microsoft products.

Microsoft said software updates to fix two of them had been released in April, but the third flaw was newly discovered and had no patch to fix it yet.

Car Bomb in Hilla Kills 17 Iraqis -U.S.

Experts said the infection, detected by Microsoft on Thursday, was unusually broad but wasn’t substantially interfering with Internet traffic.

Security technicians at Microsoft and elsewhere worked Friday to pin down how the infection spreads across websites.

It appears to target at least one recent version of Internet Information Server, Microsoft’s software for operating websites.

The infection makes subtle changes to the site so visitors get a piece of code that’s designed to retrieve from a Russian website software that records a person’s keystrokes and can send data back, experts say.

Such software “Trojan horses” are routinely used to fish for credit card numbers, bank accounts, passwords and the like.

“Users should be aware that any website, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code,” the U.S. Computer Emergency Readiness Team warned in an Internet alert.

Stephen Toulouse, a security program manager at Microsoft, recommended that computer owners obtain the latest security updates for Microsoft products and their antivirus and firewall programs.

Because one flaw has yet to be fixed, he said, users should also turn up security settings on Microsoft’s Internet Explorer browsers to the highest levels.

http://www.wired.com/news/infostructure/0,1377,63994,00.html?tw=newsletter_topstories_html

Read more

Web site virus attack blunted–for now

Posted on by admini

The attack, which had turned some Web sites into points of digital infection was nipped in the bud on Friday, when Internet engineers managed to shut down a Russian server that had been the source of malicious code for the attack.

Compromised Web sites are still attempting to infect Web surfers’ PCs by referring them to the server in Russia, but that computer can no longer be reached.

Still, Web surfers should still take care, as this type of attack is increasingly being used by the Internet underground as a way to get by network defenses and infect officer workers’ and home users’ computers.

A large financial client called in Symantec in late April after an employee used Internet Explorer to browse an infected Web site and his system became infected.

Last fall, a similar attack may have been facilitated through a mass intrusion at Interland, said sources familiar with that case.

The Internet Explorer flaws that allowed the Russian attack, however, affect every user of the Web browser, because Microsoft has not yet released a patch. “We are not seeing that this threat is widespread, but we believe the threat to be real,” said Stephen Toulouse, security program manager for Microsoft’s security response center.

http://techrepublic.com.com/5102-6265-5248320.html

Read more

HP gets behind the desktop

Posted on by admini

The company also intends to announce software for printing from wireless devices; data back-up and recovery software; and workstations, which are powerful desktop machines for uses such as creating digital content.

The new set of products is targeted at corporate customers and is part of HP’s “Adaptive Enterprise” strategy. That effort–which has been criticized as vague–aims to help companies better align their information technology with business goals so that they can be more nimble.

HP has focused much of its Adaptive Enterprise push on data centers, and the announcements are aimed at rounding out that vision, a company representative said.

HP is not alone in pitching its products and services as key to improving business performance and flexibility. Rival IBM talks up its “on-demand computing” push, and Sun Microsystems is working on a similar initiative.

Earlier, HP introduced a new type of desktop computer–a “blade” PC system that provides monitors and keyboards to workers but centralizes the actual computing gear, with the aim of improving its management.

The company plans to unveil the HP Compaq Business Desktop dc7100, which also aims to provide easy management. The machine comes in three designs, all of which allow IT supervisors to open up the chassis and access all internal components without tools. Users can remove the parts in as little as one minute, HP said. The dc7100 PC comes equipped with protective technology, dubbed the HP ProtectTools Embedded Security Manager. It combines hardware and software, accessed via a single interface, to handle security operations such as authentication, data encryption and secured communications, HP said.

Also bundled with the desktop PC is back-up and recovery software from Altiris that helps protect data in a hidden, secure area on the local hard drive. The software aims to enable people to recover their own data and system settings, which would help reduce the risk of data loss and the number of calls to the help desk, according to HP.

The dc7100 is slated to be available in July, with prices in the United States starting at an estimated $749.

The Embedded Security Manager is available today on certain HP business desktop and notebook PCs, HP said.

The back-up software from Altiris–dubbed HP Local Recovery–comes preloaded on a number of HP business desktops, notebooks and workstations.

HP’s new Mobile Print Driver for Windows is designed to help workers with a notebook or tablet PC connect to local and networked printers through an 802.11 or Bluetooth connection.

http://news.com.com/HP+gets+behind+the+desktop/2100-1003_3-5248595.html?part=rss&tag=5248595&subj=news.1003.5

Read more

Mac OS X security myth exposed

Posted on by admini

The stats, based on a database of security advisories for more than 3,500 products during 2003 and 2004 sheds light on the real security of enterprise applications and operating systems, according to the firm.

One thing the hard figures have shown is that OS X’s reputation as a relatively secure operating system is unwarranted, Secunia said.

This year and last year Secunia tallied 36 advisories on security issues with the software, many of them allowing attackers to remotely take over the system — comparable to figures on operating systems such as Windows XP Professional and Red Hat Enterprise Server.

“Secunia is now displaying security statistics that will open many eyes, and for some it might be very disturbing news,” said Secunia chief executive Niels Henrik Rasmussen.

A few other organizations maintain comparable lists, including the Open Source Vulnerability Database (OSVDB) and the Common Vulnerabilities and Exposures (CVE) database, which provides common names for publicly known vulnerabilities.

Windows XP Professional saw 46 advisories in 2003-2004, with 48 percent of vulnerabilities allowing remote attacks and 46 percent enabling system access, Secunia said.

Suse Linux Enterprise Server (SLES) 8 had 48 advisories in the same period, with 58 percent of the holes exploitable remotely and 37 percent enabling system access.

A recent Forrester Research Inc. study comparing Windows and Linux vendor response times on security flaws was heavily criticized for its conclusion that Linux vendors took longer to release patches.

http://www.computerworld.com.au/index.php/id;1870365808;fp;16;fpid;0

Read more