Archive for the ‘LINKS’ Category.
Gartner: Another Windows 2000 flaw exposes Microsoft security weaknesses
Gartner (John Pescatore):
Another Windows 2000 flaw exposes Microsoft security weaknesses
The security flaw recently identified by Microsoft is only the latest in a long series of embarrassing exposures of software vulnerabilities in Windows 2000, primarily in its IIS Web-server component. This latest IIS vulnerability reveals the weaknesses inherent in Microsoft’s overreliance on issuing checklists designed to enable security-deficient software to be configured to make vulnerabilities less accessible. Gartner recognizes that Microsoft has begun to invest in improving its software-development and product-management processes to improve the security of the server operating systems (OSs) it will release in 2003 and beyond. Unfortunately, IIS predates any such focus on security at Microsoft—and it shows.
Enterprises using Windows 2000 in Internet-exposed applications must take serious precautions to ensure that IIS does not offer an open door to attacks by hackers and cybercriminals. Applying the Microsoft checklists (available at http://www.microsoft.com/security) are only the beginning. Gartner recommends that enterprises also use OS-hardening, policy-enforcement, host-based intrusion-detection or application-specific firewall software as part of all uses of IIS.
Enterprises that have not yet committed to IIS as their Web-server software should heavily weight security as a criterion in evaluating which Web-server software to use. Although IIS may come for free as part of Windows 2000, the operational costs of continually installing patches to address new IIS vulnerabilities—not to mention the cost of security incidents against IIS before it is patched—causes IIS to carry a very high total cost of ownership.
[via TechRepublic]
Proposed Pennsylvania Bill To Control E-Mail Monitoring in the Workplace
BusinessWire: Proposed Pennsylvania Bill To Control E-Mail Monitoring in the Workplace
drafted by a content filtering company,
mandates employee notification,
“controlling monitoring” = writing a memo saying employees have no expectation of privacy.
[via The Register]
Structured grep and Python
OnLamp: Structured grep and Python “When text files are structured, like HTML, XML, or even news or mail files, you can take advantage of that structure in your search. You can search for words that appear within certain tags, like in the title element of an HTML document, or within the From field of a mail file. All you need is a tool that understands the structure of your text…
Jani Jaakkola and Pekka Kilpeläinen’s structured text search and index tool, sgrep, handles all structured text in a generic way. Sgrep’s expression language allows you to provide details about the structure to sgrep so it can find exactly what you want.” [Zope Newbie News]
Viruses? Feh! Fear the Trojan
Viruses? Feh! Fear the Trojan. Viruses and e-mails get all the attention and fearful reaction, but hidden programs known as Trojans can be far more devastating — to computers and lives. Two new ones are on the loose. By Michelle Delio.
When a user runs the innocent-looking program that he or she has downloaded, or clicks on a link on a malicious website or in an HTML-formatted e-mail, a Trojan program like BackOrifice or SubSeven infects their system.
Within the past week security firms have issued warnings about two Trojans: Y3K Rat 1.6, and W32.Eurosol.
Y3K Rat is a revamped version of an old Trojan, now capable of ruining computer hard drives, breaking through many firewalls and transmitting cached passwords and copies of all activity on an infected computer to the attacker by e-mail.
W32.Eurosol steals users’ account information from a WebMoney account, an international banking system that allows those not wanting to expose their credit card numbers, or those who don’t have credit, to make purchases online.
[via Wired News]
Social Security numbers at risk on the Net
Social Security numbers at risk on the Net. CNET May 23 2001 12:50PM ET [Computer security news]
David Gelernter’s New Desktop
FEED Magazine: David Gelernter’s New Desktop. Users can browse this stream of cards or search by keyword, topic, or file type. Scopeware is an elegant alternative to the current desktop, an interface that, in Gelernter’s view, is still mired in a bygone era when megabytes were scarce and CPUs lethargic. [via Tomalak’s Realm]
