An Iranian hacker has managed to rob a local bank of some 700-million rials ($83 000) in the first reported case of a bank in the Islamic republic being robbed by computer, according to press reports. More info: [url=http://www.ebcvg.com/news.php?id=1175]http://www.ebcvg.com/news.php?id=1175[/url]
Selling security up corporate ladder an uphill battle
As an annoying and inconvenient cost;
As a form of risk management;
And as a strategic enabler.
It’s a fact of life that security professionals may never get the budgets they want to make their organizations secure. But educating management about the value of security will go a long way toward getting the resources they need. Many security pros said getting money to secure a company is an uphill battle — but it used to be worse. Getting management to understand the value of security also means educating them about the many facets of it, including end-user involvement.
More info: [url=http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci933459,00.html ]http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci933459,00.html [/url]
Putting cyberterrorism into context
Part of the problem is one of definition – there are broadly different definitions as to what actually constitutes ‘cyberterrorism’. There are a number of well-accepted definitions which share common similarities and are outlined below.
But increasingly, there are a number of loose definitions which are promulgated to encourage the purchase of particular computer security products or services or to generate interest in a story by the media. The purpose of this article is to present a legitimate definition of ‘cyberterrorism’ and identify some common misuses of the term.
If organizations are taking steps to protect themselves from ordinary cyber attacks of the type that are reported in the media and the 2003 Australian Computer Crime and Security Survey, then they will be well placed to protecting against all forms of cyber attack. Organizations and businesses should therefore ensure they focus on managing all threats – deliberate, accidental or natural – logical or physical – and implement appropriate security measures to manage that risk.
More info: [url=http://www.auscert.org.au/render.html?it=3552]http://www.auscert.org.au/render.html?it=3552[/url]
Microsoft Tweaks Problematic Security Patch
The original patch (MS03-045), included in the company’s first monthly advisory, plugged a buffer overrun vulnerability in the ListBox and ComboBox controls that could lead to harmful code execution. However, after the patch was released, Microsoft learned of compatibility issues with third-party products and released a new advisory with updated patches (New patch available here). The company did not say which third-party software had compatibility issues.
“The compatibility problems only affect (certain) language versions of the patch and only those versions of the patch are being re-released,” Microsoft said, noting that the new security patches support both the Setup switches originally documented as well as a set of new Setup switches.
PGP Corporation Announces Release Of PGP Desktop 8.0.3
This version adds support for Microsoft Office 2003, including Outlook 2003 and Windows Server 2003; Novell GroupWise 6.5; and Mac OS X 10.3 (Panther). More info: [url=http://www.pgp.com]http://www.pgp.com[/url]
Microsoft has a new security project called ‘Springboard’
The first Springboard work is going into the security hardening of Windows XP in Service Pack 2, due out next year, and Windows Server 2003 in Service Pack 1, due out sometime later.
Stan Sorensen, director of product marketing for SQL Server, confirms that SQL Server 2000 will go through the process.
The date for a Springboard-related deliverable for SQL hasn’t yet been determined.