CyberSecurity Institute – Page 405 – Security News Curated from across the world

Report: A third of spam spread by RAT-infested PCs

Posted on December 2, 2003December 30, 2021 by admini

Graham Cluley, a senior technology consultant for Sophos, said Wednesday that the increasing use of broadband Internet connections and a general lack of security awareness have resulted in about one in three spam e-mails being redirected through the computers of unsuspecting users.

Cluley said that if a Remote Access Trojan (RAT), a type of Trojan horse program, is able to get into a PC, an attacker could take full control of that PC, as long as it is connected to the Internet.

There is also a very small chance that PC owners will have any idea their system is being used by a third party, said Cluley, who warned that attackers could remove any traces of their activity so that there would be no obvious record: “It is really just network and Internet bandwidth that is suffering–there is no permanent record left on the PC that you can look up–you wouldn’t see anything if you checked your Outlook ‘Sent Items’ folder,” he said.

More info: [url=http://zdnet.com.com/2100-1105_2-5113080.html]http://zdnet.com.com/2100-1105_2-5113080.html[/url]

VOIP Rules Inch Toward Internet

Posted on December 1, 2003December 30, 2021 by admini

Verizon Communications Inc. and SBC Communications Inc. (see story, Page 26) recently launched VOIP services in selected cities.

In arguments to the FCC, the RBOCs point to Vonage’s marketing as an illustration that VOIP is the functional equivalent of regular telephone service, but others, including manufacturers such as Cisco Systems Inc., argue that it is an Internet application like instant messaging or e-mail.

More info: [url=http://www.eweek.com/article2/0,3959,1400198,00.asp?kc=EWRSS03119TX1K0000594]http://www.eweek.com/article2/0,3959,1400198,00.asp?kc=EWRSS03119TX1K0000594[/url]

Chinese Government Establishes WiFi Security Requirements

Posted on December 1, 2003December 30, 2021 by admini

The Dec. 1 deadline for all Wi-Fi gear makers to start using the Wired Authentication and Privacy Infrastructure (WAPI) specification was set by the Standardization Administration of China, which manages standards in various industries in China.

Support for WAPI is not included in current or upcoming security specifications, such as Wi-Fi Protected Access or 802.11i, developed and enforced by industry groups the Institute of Electrical and Electronics Engineers and the Wi-Fi Alliance. WAPI adds yet another security specification that companies will have to consider as they begin installing Wi-Fi networks, adding further confusion to the market, according to security experts.

In the third quarter, the Asia Pacific region had the second largest market share for sales of Wi-Fi gear worldwide, at 18 percent.

More info: [url=http://zdnet.com.com/2100-1103_2-5112832.html]http://zdnet.com.com/2100-1103_2-5112832.html[/url]

Researchers Find Serious Vulnerability in Linux Kernel

Posted on December 1, 2003December 30, 2021 by admini

An unknown cracker recently used this weakness to compromise several of the Debian Project’s servers, which led to the discovery of the new vulnerability.

According to Symantec, this weakness would allow any local user with shell-level access to the system to escalate his privileges to root.

Symantec warned that the new flaw could be combined with any number of remote vulnerabilities to allow remote attackers to gain root access, as well.

More info: [url=http://www.eweek.com/article2/0,3959,1400418,00.asp?kc=EWRSS03119TX1K0000594]http://www.eweek.com/article2/0,3959,1400418,00.asp?kc=EWRSS03119TX1K0000594[/url]

“MiMail” Viruses Top November Infections

Posted on December 1, 2003December 30, 2021 by admini

The software firm noted that many versions of current viruses, such as “MiMail.I” are being written for financial gain, actively attempting to search for or persuade victims to enter personal information such as credit card numbers.

Viruses such as MiMail also seek out and harvest email addresses, propagating the worm onto other systems. “Swen.A,” “Dumaru”, and “Klez.H” were the top three most infectious viruses for Novemberm the firm found. Incidents of the Swen.A virus appeared more than 600,000 times, the company found, followed closely by Dumaru with just under 500,000 entries.

More info: [url=http://www.extremetech.com/article2/0,3973,1400299,00.asp?kc=ETRSS02129TX1K0000532]http://www.extremetech.com/article2/0,3973,1400299,00.asp?kc=ETRSS02129TX1K0000532[/url]

Biggest security problem–it’s human

Posted on December 1, 2003December 30, 2021 by admini

Some of us stick to a single password that we use everywhere–whether it’s a pet’s name, a memorable date or the make of our monitor.
Some of have thrust upon us by (rightly) paranoid system admins very safe, very convoluted passwords that we promptly write down on a post-it note and stick to our monitors. A few very peculiar souls actually make up their own very safe, very convoluted passwords (over eight characters with non-alpha characters please) that they actually remember them, but I’m not convinced that these people actually exist.

Passwords have an uncommon ability to draw out from the most successful, sensible and intelligent individual, an idle Neanderthal with the memory of a lobotomized goldfish. They make us stupid, but we should all by now have come to expect and accept that.

There are some pretty simple lessons to be learnt here: that you should always e-mail passwords back to account holders, and never display them onscreen; that you should use a fixed list of password prompts and never, under any circumstances, let users make up their own password prompt questions.

More info: [url=http://zdnet.com.com/2100-1107_2-5112223.html]http://zdnet.com.com/2100-1107_2-5112223.html[/url]