Bill Gates showed a rare touch of humour at the Professional Developers Conference when he joked that it`s normally difficult to get the press to write about programming techniques such as garbage collection. "But Oracle solved that for us," he said. "They gave us the perfect distinction between how they do garbage collection and how we do it." Well, we had a similar experience a few years back, when a "gentleman" in a brown suit was observed outside our Kramerville premises loading our black rubbish bags into his car boot. When one of our staff drove into the parking area he rapidly closed the boot and drove away. It doesn`t only happen in the States.
The US government is under fire after it was reported in the Wall Street Journal that the FBI is using packet-sniffing software, codenamed Carnivore, to keep tabs on Internet service providers.
Ian Melamed, MD, Ian Melamed Secure Computing
And here`s news of a little ruse that`s come to Johannesburg. Overall-clad men, claiming to be air-conditioner technicians and with all the credentials and equipment, make their way into your offices. If you turn your back for just a moment, they make off with your notebook computers, cellphones, handbags and anything else they can grab and run with. Our PR company fell victim to this ruse last week. So do be careful who you let into your office, and don`t let them work without supervision.
Seems Computer Associates (CA) is really trying to keep the virus threat alive. It issued a warning on the Windows 95 "Smash" virus (Win95.Smash.10262), even though it has not yet been found in the wild. CA warned the virus could be triggered on the 14th of July, and perhaps the 14th day of each successive month. In theory, the virus can reformat your hard drive. "If you get it, it`s very damaging, but right now it`s not likely you`ll get it," said a CA spokesman.
The US government is under fire after it was reported in the Wall Street Journal that the FBI is using packet-sniffing software, codenamed Carnivore, to keep tabs on Internet service providers. The FBI runs Carnivore to investigate the contents of individual packets and monitor the communications of suspected hackers, terrorists and criminals. The American Civil Liberties Union is asking US lawmakers to amend the laws that make the packet-sniffing possible. This is similar to the row in the UK surrounding the Regulation of Investigatory Powers bill. We could be seeing some foundational security and privacy issues being resolved here.
The great entrepreneurial dream can still come true. London-based start-up Intensiti Technologies has developed the highest level of security available. Its unique selling point is that it provides encryption starting from 512-bits and going up to several dozen kilobytes of crypto-level authentication. This should prevent any level of hacking. Just a year old, Intensiti is competing in the $25 billion-a-year European security market, and has won its first contract with Internet super carrier PSINet for a global security network for companies to exchange data globally in a secure environment. The network will comprise about 30 secure data centres hosted in the major cities around the world over the next year to 18 months. Now Intensiti is going global, with offices around the world.
Nasa is under fire again. This time a break-in at Nasa has led to thousands of compromised passwords and credit card numbers. The accused attacker used Nasa as a launch pad for unsolicited porn ads, credit card fraud and an IRC chat room. A sniffer was used on one of two compromised machines to intercept passwords from university traffic.
I reported a fortnight ago that super hacker Kevin Mitnick was being barred from using a typewriter to write a column for an online publication. Well, his parole officer has had a change of heart, and Mitnick may now lecture, consult and write. However, he is still barred from using a computer or any sort of Internet connection.
Some juicy anti-virus statistics. In North America, businesses forfeited a total of 6 822 person-years (defined as one person working a 24-hour-day, 365-day shift) in productivity in the last 12 months, due to security breaches, downtime and virus attack cleanups. Worldwide businesses experienced 3.3% of unplanned downtime in the last year, which translates to $1.6 trillion in lost revenue.
They`re starting to get the message. InformationWeek`s Global Security Survey shows 71% of the 4 900 executives, security professionals and technology managers who responded rank information security as a high priority for their businesses. That`s up from 60% last year and 56% two years ago. But only 38% of the respondents say their security policies are very well aligned with their business goals. Half the companies surveyed spent $50 000 or less last year on information security. Dot-com start-ups fared the worst in assessments of their security, often ignoring every single layer of security.
At last a dotcommer is being brought to book for violating customer data privacy rules. E-tailer Toysmart.com, a bankrupt Walt Disney online toy-seller, is being sued by the Federal Trade Commission for allegedly breaking a promise to customers that it would never share private information about them. Now that it`s bankrupt, it is selling all its assets, including its customer lists. With the current state of the e-commerce market, this could be the first of many violations of customer privacy.
And bad news for Hotmail users: a major security glitch in Microsoft`s free e-mail system has sent up to a million users` personal details to advertisers without their permission. It`s just one more embarrassment for the software giant`s popular e-mail service. Last year Hotmail hit the headlines when a security slip allowed any Web user to access people`s Hotmail accounts in what was described then as possibly the largest security breach ever. The current problem happens when a Hotmail user reads an e-mail containing a banner advertisement.
(Source information for some of the items in this issue of Security Patrol was gleaned from Computer Wire, Fox News, ZDNet, InformationWeek, Excite and ITWeek.)
Share
