CyberSecurity Institute – Page 378 – Security News Curated from across the world

For liability purposes, the courts have declared terrorism to be a predictable security threat

Posted on May 23, 2004December 30, 2021 by admini

In the class-action litigation brought by families of Sept. 11th victims against the airlines, airport security companies, airplane manufacturers and the owners and operators of the World Trade Center, the court examined two main elements:1.

Whether the various defendants owed a duty of care to the people in the World Trade Center and on the planes that crashed; and 2. In finding that the case should go to a jury, the court stated that we impose a duty on a company when the relationship between the company and user requires the company to protect the user from the conduct of others. This duty of care extends to private companies.

But the court also made a revolutionary declaration with respect to foreseeability. The court stated that, typically, a criminal act (such as terrorism or hacking) severs the liability of the defendant, but that doctrine has no application when the terrorism or hacking is reasonably foreseeable. The court went on to note that the danger of a plane crashing if unauthorized individuals invaded the cockpit was a risk that the defendant plane manufacturer should reasonably have foreseen—indicating that terrorist acts are indeed foreseeable.

A second case involved Verizon and the Maine Public Utilities Commission. The case dealt with whether Verizon could get a waiver for certain performance failure penalties that it was required to pay. Verizon argued that it should not have to pay, since its website went down due to the Slammer worm. The commission found that viruses and worms are foreseeable events, as evidenced by the regular security bulletins issued by software companies. The commission found that Verizon had not taken the reasonable steps available to it; steps that competitors AT&T and WorldCom did take (installing patches to ward against Slammer). Ultimately, the commission found that Verizon should be held accountable for its failure, indicating that virus attacks are also completely foreseeable events.

So now that threats to technology and other systems are no longer considered unforeseeable, what is a conscientious CSO to do? They must be able to prove they use best practices with respect to policies for information management, security, implementation of those policies and disaster recovery plans.

More info: http://www.csoonline.com/read/050104/flashpoint.html

Brightmail finds sanctuary with Symantec

Posted on May 21, 2004December 30, 2021 by admini

The deal will improve Brightmail’s position, although the prospect of Microsoft entering the anti-spam market is still a significant threat. The deal has long been expected, despite the fact that Brightmail filed its IPO documents just a few weeks ago.

The companies have had a close relationship since July 2000. Symantec owns 11 per cent of Brightmail already, and has a seat on the board.

In the year ending 31 January, 2004, Brightmail made about 20 per cent of its $26m revenue from an anti-virus add-on it offered using Symantec’s software.

Enrique Salem, Brightmail’s CEO, said the deal presents synergies without excessive crossover. “Symantec has the market-leading anti-spam software for consumers, and we have the market-leading product at the gateway,” he said. He also said that Brightmail’s OEM partners, which include IronPort Systems and Borderware Technologies, are safe following the deal.

Andrew Lochart, VP of product marketing at BMS rival Postini, was surprisingly positive about the news. “It eliminates one of the leading independent private companies from the market, which means the other companies, like Postini, all move up a notch,” he said. Mr Lochart also said the firm has rarely seen Symantec in competitive situations in the past. It also gives Postini, which has its sights set on an IPO too, a benchmark by which it could judge its own value.

Brightmail is probably a lot safer inside Symantec, which continues to grow and generate cash rapidly on the back of its consumer antivirus business, than it would have been alone, but both firms see Microsoft as a looming threat.

Microsoft is Brightmail’s biggest customer, bringing in more than 10 per cent of its revenue, but is expected to build its own anti-spam software. It is also expected, at some point, to offer its own flavor of antivirus software, competing with Symantec.

More info: http://www.theregister.co.uk/2004/05/21/brightmail_finds_sanctuary/

Plug and Play port scan reveals new worms

Posted on May 19, 2004December 30, 2021 by admini

The W32/Bobax-A worm, which employs the same Microsoft security vulnerability as the Sasser worm to break into computers, uses port 5000 to identify Windows XP systems (the port used for “Universal Plug and Play”).

According to the Sophos Web site, this new worm “is capable of turning infected computers into spam factories and launchpads for denial-of-service attacks against Web sites.”

The process is explained on the LURHQ security site: “unlike proxy Trojans which require the spammer to connect and send each individual piece of mail, Bobax sends the mail using a template and a list of email addresses.

This has the benefit of offloading almost all the bandwidth requirements of spamming onto the Trojaned machines, allowing the spammer to operate with minimal cost.”

Kibuv.B creates an FTP server on port 7955 for which any username/password combination will work.

Like other malware of this type, the FTP server sends a copy of the worm in response to any file request.

The vulnerabilities exploited by these two worms are not new — users with the latest patches from Microsoft are protected.

More info: http://news.zdnet.co.uk/internet/0,39020369,39155162,00.htm

Hackers penetrate global finance firms

Posted on May 19, 2004December 30, 2021 by admini

According to consultant Deloitte’s 2004 Global Security Survey, many of these hacks resulted in financial loss. But even with security attacks on the rise, a quarter of firms admitted that their security budgets were frozen.

The study reported that 83 per cent of respondents admitted their systems had been compromised in the past year, compared to only 39 per cent in 2002. Of this group, 40 per cent stated that the breaches had resulted in financial loss to their organisation.

“Financial institutions, particularly security officers, are facing greater challenges than ever,” said Simon Owen, partner at Deloitte, in a statement. “They are fighting an ongoing battle to overcome evolving security threats and to comply with an increasingly stringent regulatory environment but, at the same time, resources have stagnated.”

Companies are sliding backwards when it comes to the use of security technologies, Deloitte claimed.

While more than 70 per cent of respondents said they saw viruses and worms as the greatest threat to their systems in the next 12 months, the number with fully deployed antivirus measures was down to 87 per cent from 96 per cent in 2003. One third of respondents felt that security technologies acquired by their organisations were not being used effectively, while only one quarter felt that their strategic and security technology initiatives were well aligned.

More info: http://www.infomaticsonline.co.uk/News/1155258

A third of UK corporates open to hackers

Posted on May 13, 2004December 30, 2021 by admini

According to security firm NTA Monitor, UK businesses are drowning under a rising tide of medium and low-level security vulnerabilities as they fight to deal with high-risk security flaws.

The company’s research – based on analysis of almost 500 network perimeter security tests of clients in both the public and private sector – found that a third of corporate networks have at least 10 flaws, opening themselves to “considerable risk of malicious attack”.

High-risk flaws were discovered in only 3.9 per cent of tests, while medium flaws were found in 74.3 per cent of tests and a low-risk vulnerability of some kind was found in every test carried out.

Security issues relating to the configuration of internet routers were found to account for the most frequently identified vulnerability.

Poorly configured routers can allow an attacker to let themselves into a network and can also be used as a stepping stone to attack other systems, NTA Monitor warned.

The most common problem the security firm found threatening its customers was denial of service (DoS) attacks.

Low-level flaws were identified in all networks in both 2003 and 2004, while medium-level flaws climbed from 73 per cent in 2003 to 74.3 per cent in 2004.

http://www.vnunet.com/News/1155120

Lottery scams new flavour of the month

Posted on May 11, 2004December 30, 2021 by admini

Last month the Austrailian group, FraudWatch International, received over 1000 variations, double the number of phishing email scams.

They are to contact a claims agent to collect their winnings, typically at a free email address. The claims agent sends his victims a claim form, and asks for copies of their passport and driver’s license to verify their true identity. They can have the money wired to their bank account, they can open an account with a specified bank (bogus), or they can pick up their winnings personally.

http://www.securityfocus.com/news/8571