Lost any data recently? If you have, you`re in good company; as with cycling (you only have two kinds of riders: those who have fallen and those who are soon to fall), you`ve either lost data, or are going to soon.
And with it comes that sickening feeling of loss, doom, anger and helplessness. In my years of running the Virus Helpline, I wonder how many people we helped to recover data.
Donald Duck is picking up where the Love Bug left off.
Ian Melamed, MD, Ian Melamed Secure Computing
Now, from California, comes the story of Nikki Stange, data crisis counsellor at DriveSavers, a company focused on recovering data for its clients. Her first step, before moving to actual data recovery, is to calm down and de-stress her clients, most of whom are so wound up they`re not thinking straight. Some impressive clients, too: including Isaac Hayes, who lost an entire album he was recording digitally; and Bill Oakley, executive producer of The Simpsons. When his Macintosh crashed, it took with it 12 complete Simpsons scripts.
Her company recovered both computers` data. It`s also recovered data from a computer that was on-board a vessel that sank on the Amazon. Stange`s company claims a 90% success rate; it`s not too tough if you have the skills and right methodologies.
And, of course, much of the stress can be avoided if you backup, backup, backup!
In a world dominated by ongoing security violations, some good news for once. American Express has announced a disposable credit card number for members. Cardholders using this option can log on to a secure Web site and receive a one-time-use number to buy over the Internet. Don`t leave home without it.
So Linux is exempt from those nasty security problems that plague the primitive, backward old Windows world? Think again. Internet Security Systems reports that Linux-based servers have been reported as carrying Trinity v3, a distributed denial-of-service (DDoS) tool that could be launched simultaneously on target computers. This was the technique used against Amazon, eBay and other e-companies earlier this year. DDoS attacks can bring a server or a network to its knees by flooding target machines with large amounts of traffic. Trinity v3 uses eight flood techniques to launch an attack, under the direction of a hacker.
Another Unix problem: eight "format string" vulnerabilities have been found so far. An attacker can get a Unix computer to display a string of text characters with formatting commands. By manipulating the formatting commands, the attacker can trick the computer into running a program. This is one of the mechanisms that can be used to plant DDoS tools on Unix servers.
Donald Duck is picking up where the Love Bug left off. Limited so far to the Philippines, where Love Bug originated, DonaldD.trojan acts in a similar manner, arriving in an e-mail attachment, executing once opened, and collecting user names and passwords from the victim. Keep those anti-virus patterns updated, folks!
And the potential for Wireless Application Protocol viruses and DoS attacks grows apace. The latest threat to rear its ugly head is the discovery that a Nokia 7110 cellphone can be jammed if it receives a malformed SMS message. There`s also the discovery in Germany of a malicious hacking utility, SMS Flooder, that can bombard SMS networks and specific numbers with bogus messages, effectively shutting down networks and denying users access to their phones. Limited to Germany for now, but there is a clear pattern emerging.
The trend can also be seen in the Palm world. With the first Trojans for the Palm platform in the wild, Symantec has produced a beta of an anti-virus stored directly on the Palm. It occupies 12kb of memory and can be obtained at Symantec`s Web site. Some companies already have anti-virus definitions available for when a Palm is docked against a PC, but this is the first one for deployment directly on the Palm; this would protect you against viruses being contracted through wireless or infrared data transfer.
The self-titled Pimpshiz has been busy: another 50 Web sites were defaced last week. Pimpshiz is pro-Napster, the MP3 company which lost out to the US recording industry, and has so far defaced 110 sites. His latest round of attacks range from Nasa to the Communications Workers of America. His mechanism for accessing the sites: an unpublished hole in Windows NT. Pimpshiz has promised a "huge episode five" soon. Can`t wait...
Sources: Silicon.com, ComputerWire, ZDNet and CNET.
Share
