Wireless Networks Continue to Bleed Data,
Study Reveals
New study says 80 percent of companies
have at least some unsecured wireless traffic
by
Mathew Schwartz 6/30/2004 Enterprise Systems
Are corporate networks bleeding secrets wirelessly? A new study
by security company Red-M says 80 percent of companies have at
least some unsecured wireless network traffic broadcasting
corporate secrets beyond the company walls. In other words,
someone within range with a wireless sniffer could intercept
potentially sensitive information.
Red-M studied 100 global companies in a range of industries
over the course of six months. Of those studied, education,
manufacturing, paper and packaging, and food and beverage
industries were particularly at risk. Electronics companies,
followed by IT, fared slightly better, with about four out of five
broadcasting data. Two-thirds of the banks and financial services
institutions studied likewise broadcast data.
“Most businesses haven’t yet grasped the fact that once
there is any sort of wireless device on their premises—and today
you have to presume there is at least one device in your company—it
acts as a point of insecurity by broadcasting company information
over the airwaves,” says Red-M’s CEO, Karl Feilder. More....
Are the Browser Wars Back?
How Mozilla's Firefox trumps Internet Explorer.
By Paul Boutin,
Slate
Posted Wednesday, June 30, 2004, at 11:03 AM PT
I usually don't worry about PC viruses, but last week's Scob attack snapped me awake. The clever multi-stage assault, carried out by alleged Russian spam crime lords, infiltrated corporate Web servers and then used them to infect home computers. The software that Scob (also known as Download.ject) attempted to install on its victims' machines included a keystroke logger.
In less than a day, Internet administrators sterilized the infection by shutting down the Russian server that hosted the spyware. But not before a barrage of scary reports had circled the world. "Users are being told to avoid using Internet Explorer until Microsoft patches a serious security hole," the BBC warned. (Disclosure: Microsoft owns Slate.) CNET reporter Robert Lemos zeroed in on why the attack was so scary. "This time," he wrote, "the flaws affect every user of Internet Explorer." That's about 95 percent of all Net users. No matter how well they had protected themselves against viruses, spyware, and everything else in the past, they were still vulnerable to yet another flaw in Microsoft's browser.
Scob didn't get me, but it was enough to make me ditch Explorer in favor of the much less vulnerable Firefox browser. Firefox is built and distributed free by the Mozilla Organization, a small nonprofit corporation spun off last year from the fast-fading remnants of Netscape, which was absorbed by AOL in 1999. Firefox development and testing are mostly done by about a dozen Mozilla employees, plus a few dozen others at companies like IBM, Sun, and Red Hat. I've been using it for a week now, and I've all but forgotten about Explorer.
More....
Top Five Security Control Points Auditors
Miss Make sure you check these essential control points
in any Windows network audit by Derek Melber, Enterprise
Systems Security
6/30/2004
Auditors face two limiting factors: time and money. Budgets
normally prohibit an auditor from compiling a 100-percent-complete
audit on all computers, even for small and mid-size networks. As
for the time restriction, if a company has tens of thousands of
computers, it is impossible to consider auditing all of them. So
how can you be more proficient and efficient in audits of Windows
networks?
One or more of the missed audit control points I describe below
may come as a surprise. You might be checking a portion of the
control point but miss the entire picture. You may not consider an
item on this list to even be a security concern because it isn't
part of your audit program. However, these control points have
security written all over them and should be included in every
audit program for Windows networks. Missed Control Point #1:
Domain Admins Missing from Local Administrators Group More....
McAfee: New Lovegate worm spreading
It's infecting computers worldwide, including those at some Fortune 500 firms
News Story by Jaikumar Vijayan
JULY 02, 2004 (COMPUTERWORLD) - A new version of the Lovegate worm has begun infecting computers worldwide, including those belonging to several Fortune 500 companies, according to a statement from antivirus firm McAfee Inc.
Like its predecessors, Lovegate.ad@MM is a mass-mailing worm that spreads through e-mail and network file sharing and by exploiting a previously disclosed vulnerability in the remote procedure call interface in multiple Windows versions. Last year's widespread Blaster worm took advantage of the same flaw.
The worm drops a back door on infected systems and also tries to propagate itself on other systems using a variety of methods, including mailing itself using its own SMTP engine, according to the McAfee advisory.
This is the 30th version of the Lovegate worm, but it's one of only a few that have been assessed as a medium risk by the company. "It's a little bit more successful than the other ones," said Chris Schmugar, virus research manager at McAfee.
The company has received reports of infections from several of its major clients, Schmugar said. In some cases, hundreds and even thousands of systems have been infected, he said.
Usenix: Experts debate security through diversity
Most of those on hand for a debate on OS and browser diversity like the idea
News Story by Tom Krazit
JULY 01, 2004
(IDG NEWS SERVICE) - The sheer number of worms and viruses directed at Microsoft Corp.'s Windows operating system and Internet Explorer browser have many in the computer industry wondering whether the cyberworld would be more secure if more users relied on alternatives to Microsoft's products. That description appeared to fit about two-thirds of the few hundred system administrators and engineers attending a debate between two prominent security experts at the Usenix 2004 conference in Boston yesterday. A show of hands before and after the debate indicated that most of those in attendance would prefer a more diverse group of operating system and Web browser software.
A monoculture, whether it be in biological terms or in computing terms, has been shown to be inherently dangerous to members of that group, said Dan Geer, chief scientist at Verdasys Inc. Geer was formerly chief technology officer at security company @stake Inc. until he was fired last year for authoring a report critical of Microsoft's dominance of the computing industry and the insecurity of its products that stems from that position. Microsoft is an @stake client.
More....
Spyware Gets Top Billing
An infection on the CEO's home system leads to a call for new preventive measures.
Security Manager's Journal by Mathias Thurman
JULY 05, 2004 (COMPUTERWORLD) - This week, I was suddenly called into my boss's office for an urgent meeting. From the look on his face, I expected to hear that we had a serious security incident under way. Instead, he asked what our department was doing about
spyware.
Apparently, a spyware program had infected our CEO's home computer, so he asked the CIO if we had a plan to deal with adware and
spyware. The CIO marched down to a vice president's office to ask the same question. That VP then asked a director, who asked me whether we have any infrastructure to deal with an increase in spyware activity within our company. The short answer is that we don't have any. So now the question is, Why don't we have that infrastructure in place?
It's funny how these sorts of inquiries roll downhill. At a previous job, I once had to bring in several vendors after the CEO read an article about public-key infrastructure. We explained to him that PKI was still in its infancy and would cost several million dollars to implement. The project died quickly after that.
More....
Wireless Hackers Leave No Tracks
Unprotected WLANs give hackers an untraceable way to launch attacks across the Internet.
Security Manager's Journal by Vince Tuesday
I'm a parasite. I didn't pay for the bandwidth I'm using right now. I didn't ask for permission to use it -- I don't even know whom to ask. But I'm on holiday, I have a few bits of work to finish up before I can relax, and I need to send my e-mail. The broadband service in the rented house doesn't work, so I stuck in my wireless LAN card and found two WLANs covering the house. One has a Secure Set Identifier of
"lopez" and has Wired Equivalent Privacy turned on; the other has an SSID of "default" and no
WEP.
My wireless card has automatically associated with the "default" base station, which gave me a Dynamic Host Configuration Protocol address. Now I'm connected to the Internet at 11Mbit/sec. with no fee and no restrictions on what I can do.
When WLANs hit the mainstream a few years ago, the security focus was on confidentiality, and vendors included WEP to encrypt data in the air. WEP has flaws -- it might not stop a snooper in your parking from reading your data -- but just the fact that
"lopez" had it turned on was enough to turn my attention elsewhere. Why hack
"lopez" when "default" is sending in the clear? More....
Vulnerabilities
