Astonishing! The Love Bug virus caused more damage and earned more publicity than any other in history, yet now we have this Valentine`s Day reawakening.
Decoding enemy transmissions during World War II was one of the principal drivers behind the development of computers.
Ian Melamed, chief technology officer, SatelliteSafe
Research conducted by the International Data Corporation (IDC) in the UK has shown that 37% of users would still open an e-mail with the message "I LOVE YOU" on 14 February - this Wednesday - if it came from someone they knew.
IDC has it pat: "Despite all the publicity the Love Bug virus created last year, users are the weakest link in a corporate defence against malicious code. They can spread viruses in a matter of seconds." One answer, surely, is to embark on accelerated end-user education. When it comes to viruses, ignorance is never bliss.
* More details are emerging as to how attackers effectively shut down Microsoft`s Web presence: it seems compromised servers from many locations sent bogus ping signals to the Microsoft network from fake IP addresses, which never acknowledged the return diagnostic message. This tied up Microsoft`s servers as they waited for responses to what seemed genuine-enough ping requests. Now, to ensure this can`t happen again, Microsoft shut off the ping function on all of its Web-facing servers. Responding to pings is part of the Internet`s value system, so the hackers have struck a very significant blow.
* Last week I had news of the hacking of registration data at the World Economic Forum in Switzerland. Only now has the scale of the compromise and potential fraud been made known. Potentially stolen: 27 000 names, some with e-mail addresses andor phone numbers attached; 1 400 credit card numbers and attached names; information about the 3 200 participants, including hotel accommodation, travel schedules, session registrations and payments, and Web site passwords. All of this while $3 million was spent on physical security!
* Decoding enemy transmissions during World War II was one of the principal drivers behind the development of computers. Today, the Internet, born out of the need for highly robust military networks, is being used by Middle East terrorist factions to wage an e-jihad, or e-holy war. The terrorists are using encryption to protect the transmission of data, which, according to USA Today, is hidden deep within the endless volumes of pornography on the Web. It`s also secreted in innocuous sports chatrooms. As long as terrorists know where to look and have the appropriate decryption keys, they can share the most top-secret information, with the authorities powerless to stop it. What`s next? Sniffer technology to try and detect encrypted code across the seemingly infinite length and breadth of the Internet? It may not have been officially declared, but we are living in a state of cyberwar.
* Wire tapping and eavesdropping are serious legal and ethical issues, and no one wants to fall victim to them. But almost everyone on the Internet is a potential victim, thanks to a vulnerability, first announced three years ago, and now re-announced, in HTML-enabled e-mail clients that allows the bugging of message recipients. It`s being termed "e-mail wiretapping", or "the Reaper Exploit". Anyone with access to a logged Web server, e-mail, and JavaScript knowledge can view text added to an e-mail that is subsequently forwarded to others. Perfect for industrial espionage. Affected systems include Microsoft Outlook 98 and above and Netscape 6.
* Here`s the regular list of the most prevalent in-the-wild malware, as surveyed and reported by Trend Micro US, listed from one to 10: TROJ_MTX.A, TROJ_HYBRIS.B, VBS_KAKWORM.A, TROJ_HYBRIS.A, TROJ_BYMER, TROJ_NAVIDAD.E, TROJ_PRETTY_PARK, TROJ_CLICK, TROJ_HYBRIS.D and TROJ_SUB7.BONUS.
* As always, I like to finish with some good news: ZDNet`s third eWEEK Openhack interactive security test has proven to be unhackable. For three years eWEEK has thrown down the gauntlet to the hacking world, and this is the first time it has remained secure after 17 days. eWEEK attributes the success of the project to Argus Systems Group`s PitBull line of operating systems and the Argus engineering team that securely configured the systems. Hackers, whose ability and determination seem to know no bounds, especially with $50 000 up for the first hacker to break through, found and exploited application-level security holes to obtain root-level access. Here`s the lesson, as learnt by eWEEK: IT managers cannot secure their applications simply by keeping up-to-date with security patches. There is always one more vulnerability - even on systems that are fully up-to-date and have all available security patches installed, as the Openhack systems did. PitBull is not a silver bullet; rather, the networking controls in PitBull prevent users accessing the server over the network (even if logged in as root) from running privileged commands or from changing protected files.
(Sources: CNN, Hacker News Network, Computergram, Silicon.com and MSNBC.)
Share
