You can bank on Barclays, but perhaps not when it comes to e-business. The security breach of the week belongs to the UK banking giant, which during the course of an upgrade of its online banking service left users` details open for other customers to see. UK-based research analyst Jupiter Communications says 40% of consumers are wary of using online financial services because of security and privacy concerns. And who can blame them?
There cannot be anything more irritating than the hoax virus warnings that have proliferated the last few weeks.
Ian Melamed, MD, Ian Melamed Secure Computing
On the same tack, GartnerGroup says Internet merchants suffer 12 times more from fraud than traditional retailers. And there are still those who insist that e-business will just happen. Not without some major work in the security domain, it won`t.
Where there`s a will, there`s a way and there`s certainly a will to find a way around the UK government`s controversial Regulation of Investigatory Powers (RIP) Bill, which would grant government powers to intercept private e-mails. A report, "The Regulation of Investigatory Powers Bill - Technically Inept: Ineffective Against Criminals While Undermining the Privacy, Safety and Security of Honest Citizens", shows how easy it is bypass the RIP Bill. Through a combination of encryption, secure Internet protocols, anonymous offshore services and information hiding techniques, Internet companies and users can avoid government snooping. The report was produced by security experts Brian Gladman and Ian Brown, members of the advisory council for the Foundation for Information Policy Research. Rather disturbingly, many other European countries are looking to follow the UK`s example.
The security business deal of the year is undoubtedly Symantec buying Axent Technologies for $975 million. It gives Symantec ownership of some of the best network security services in the industry; and increasingly companies are coming to understand that it is services, rather than product, that make security policies work or not. The combined company is expected to report revenue of $1 billion and have a market capitalisation of $4.4 billion. See, there is money in security after all!
Microsoft takes so much flak for its security loopholes that it`s almost refreshing to see another vendor caught short. This time it`s Sun Microsystems, which has confirmed there`s a hole in its Solaris operating system which can let hackers in. Sun has written and tested a patch, but you can bet your bottom dollar there`ll be more.
But then Microsoft certainly does deserve some of the flak. This week it issued its long-awaited first Service Pack for Windows 2000, and it turns out you have to disable personal firewalls to get it to work. There are more than 3.5 million users of these personal firewalls. Service Pack is vital to Windows 2000`s success, but this revelation is another body blow for the operating system. Now Microsoft says it will give personal firewall vendors advanced access to code for future Windows 2000 Service Packs to avoid repetition of this bug. Microsoft is reported as having known of the problem, but refusing to fix it.
On the other hand, firewalls are anything but secure, if last week`s experience is anything to go by. An audience of several hundred network security professionals were shown how easy it is to bypass firewalls as three hackers repeatedly penetrated Checkpoint Software`s Firewall-1, one of the most trusted and popular firewalls. How did they do it? By impersonating an authorised administrator; by tricking the firewall into believing an unauthorised Internet connection is actually an authorised virtual private network connection; and through exploiting data sniffing configuration errors. Checkpoint says the attacks rely on improper firewall configuration, which can`t happen in the real world, can they?
Viruses might not be hogging the headlines, but they`re no less prevalent. Here`s the list of the 10 most prevalent in-the-wild malware as surveyed by Trend Micro US: VBS_Kakworm.A, TROJ_SKA, VBS_Stages.A, VBS_Loveletter, VBS_Netlog.Worm, Joke_Smallpen, Troj_Pretty_Park, Joke_Geschenk, Joke_Flipped and VBS_Netlog.B.
On the topic of viruses, there cannot be anything more irritating than the hoax virus warnings that have proliferated the last few weeks. You know the drill by now - an e-mail advises you of a new virus, "much worse than Melissa", able to "destroy Macintosh and IBM compatible computers", and for which there is no cure. You are implored to pass it on to everyone you know, thereby giving the hoax e-mail access to your address book, which is precisely what today`s viruses try and do. This practice is equivalent to the physical chain letters that used to be so popular, and a lot of people fall for it. Make sure you don`t, as all you do is generate unnecessary traffic. And if you want to check if a virus is real, visit http://www.antivirus.com/vinfo/hoaxes/hoax.asp.
Sources: ComputerWire, Silicon.com and Trend Micro.
Share
