Liudvikas Bukys

Hoax has victims trashing harmless file. CNET May 30 2001 1:18PM ET [Tech latest]

CRACK: The new VPN authenticator. [via Moreover Computer security news]

CIO Demands Security Update: Are You Ready?. IDG May 29 2001 2:37PM ET [Computer security news]

David Coursey: Why Office XP could be your last big MS upgrade. [Scripting News]

Enterprise Linux Today: NEC Set to Open Linux Clustering Research Center [via Linux Today]

Windows raises hacking insurance prices [via Security Focus]

Gartner (John Pescatore): Another Windows 2000 flaw exposes Microsoft security weaknesses

The security flaw recently identified by Microsoft is only the latest in a long series of embarrassing exposures of software vulnerabilities in Windows 2000, primarily in its IIS Web-server component. This latest IIS vulnerability reveals the weaknesses inherent in Microsoft’s overreliance on issuing checklists designed to enable security-deficient software to be configured to make vulnerabilities less accessible. Gartner recognizes that Microsoft has begun to invest in improving its software-development and product-management processes to improve the security of the server operating systems (OSs) it will release in 2003 and beyond. Unfortunately, IIS predates any such focus on security at Microsoft—and it shows.

Enterprises using Windows 2000 in Internet-exposed applications must take serious precautions to ensure that IIS does not offer an open door to attacks by hackers and cybercriminals. Applying the Microsoft checklists (available at http://www.microsoft.com/security) are only the beginning. Gartner recommends that enterprises also use OS-hardening, policy-enforcement, host-based intrusion-detection or application-specific firewall software as part of all uses of IIS.

Enterprises that have not yet committed to IIS as their Web-server software should heavily weight security as a criterion in evaluating which Web-server software to use. Although IIS may come for free as part of Windows 2000, the operational costs of continually installing patches to address new IIS vulnerabilities—not to mention the cost of security incidents against IIS before it is patched—causes IIS to carry a very high total cost of ownership.

[via TechRepublic]

BusinessWire: Proposed Pennsylvania Bill To Control E-Mail Monitoring in the Workplace drafted by a content filtering company, mandates employee notification, “controlling monitoring” = writing a memo saying employees have no expectation of privacy. [via The Register]

Apple Data Security Framework [Slashdot: News for nerds, stuff that matters]

OnLamp: Structured grep and Python “When text files are structured, like HTML, XML, or even news or mail files, you can take advantage of that structure in your search. You can search for words that appear within certain tags, like in the title element of an HTML document, or within the From field of a mail file. All you need is a tool that understands the structure of your text… Jani Jaakkola and Pekka Kilpeläinen’s structured text search and index tool, sgrep, handles all structured text in a generic way. Sgrep’s expression language allows you to provide details about the structure to sgrep so it can find exactly what you want.” [Zope Newbie News]