Archive for the ‘security’ Category.
Hoax has victims trashing harmless file
Hoax has victims trashing harmless file. CNET May 30 2001 1:18PM ET [Tech latest]
CRACK: The new VPN authenticator
CRACK: The new VPN authenticator. [via Moreover Computer security news]
CIO Demands Security Update: Are You Ready?
CIO Demands Security Update: Are You Ready?. IDG May 29 2001 2:37PM ET [Computer security news]
Gartner: Another Windows 2000 flaw exposes Microsoft security weaknesses
Gartner (John Pescatore):
Another Windows 2000 flaw exposes Microsoft security weaknesses
The security flaw recently identified by Microsoft is only the latest in a long series of embarrassing exposures of software vulnerabilities in Windows 2000, primarily in its IIS Web-server component. This latest IIS vulnerability reveals the weaknesses inherent in Microsoft’s overreliance on issuing checklists designed to enable security-deficient software to be configured to make vulnerabilities less accessible. Gartner recognizes that Microsoft has begun to invest in improving its software-development and product-management processes to improve the security of the server operating systems (OSs) it will release in 2003 and beyond. Unfortunately, IIS predates any such focus on security at Microsoft—and it shows.
Enterprises using Windows 2000 in Internet-exposed applications must take serious precautions to ensure that IIS does not offer an open door to attacks by hackers and cybercriminals. Applying the Microsoft checklists (available at http://www.microsoft.com/security) are only the beginning. Gartner recommends that enterprises also use OS-hardening, policy-enforcement, host-based intrusion-detection or application-specific firewall software as part of all uses of IIS.
Enterprises that have not yet committed to IIS as their Web-server software should heavily weight security as a criterion in evaluating which Web-server software to use. Although IIS may come for free as part of Windows 2000, the operational costs of continually installing patches to address new IIS vulnerabilities—not to mention the cost of security incidents against IIS before it is patched—causes IIS to carry a very high total cost of ownership.
[via TechRepublic]
Viruses? Feh! Fear the Trojan
Viruses? Feh! Fear the Trojan. Viruses and e-mails get all the attention and fearful reaction, but hidden programs known as Trojans can be far more devastating — to computers and lives. Two new ones are on the loose. By Michelle Delio.
When a user runs the innocent-looking program that he or she has downloaded, or clicks on a link on a malicious website or in an HTML-formatted e-mail, a Trojan program like BackOrifice or SubSeven infects their system.
Within the past week security firms have issued warnings about two Trojans: Y3K Rat 1.6, and W32.Eurosol.
Y3K Rat is a revamped version of an old Trojan, now capable of ruining computer hard drives, breaking through many firewalls and transmitting cached passwords and copies of all activity on an infected computer to the attacker by e-mail.
W32.Eurosol steals users’ account information from a WebMoney account, an international banking system that allows those not wanting to expose their credit card numbers, or those who don’t have credit, to make purchases online.
[via Wired News]
U.S. Wooing Student Hackers
U.S. Wooing Student Hackers. The National Science Foundation will award scholarship money to computer security students who take government jobs upon graduation. Reactions are mixed. By Katie Dean. [Wired News]
