|Compliance and Privacy News|
This is a special edition of our newsletter. We're excited to have an advance copy of the The EMEA VeriSign Security Review, and we've been given permission to let you see it even before our sponsors are issuing it themselves. It's not often we get to scoop our sponsor, and this one is special enough to bring the news to you early.
The EMEA VeriSign Security Review
Hackers relentlessly exploited several critical Microsoft vulnerabilities and launched another zero-day attack. A busy month for phishers as new scams target the navy and air force community.
Welcome to 2006! Eyes Open.
In the latest zero-day attack, malicious code targeted at the Microsoft .WMF vulnerability (MS06-001) hit the wild before the security community knew about it, causing a massive chain reaction of snort signature development, debates over next steps, independent patching, and, finally, Microsoft's official patch release two weeks after the attack.
The attack targets a graphics rendering engine vulnerability in Windows 2000, Windows XP, and Windows Server 2003. Approximately 1000 Web sites were affected. Separate attacks were launched via Instant Messaging and email spam.
VeriSign iDefense Security Intelligence Service has upgraded threat levels to 3 (Elevated) and 4 (High) at the height of the crisis. The user community was pleased when Microsoft decided to release an unscheduled patch to stop this threat from spreading more widely. The VeriSign rating has since returned to 2 (Guarded).
November's infamous Sober outbreak threatened to resume after January 6th, but has so far been dormant. VeriSign iDefense Security Intelligence Service has more details, and VeriSign continues to monitor URLs generated and probed by Sober-infected systems.
Multiple vulnerabilities were identified in the Linux kernel, which could be exploited by remote or local attackers to cause a denial of service. Fixes are available through upgrading to Linux Kernel 22.214.171.124, http://www.kernel.org/
A public exploit targeted at the Veritas NetBackup Volume Manager Daemon (vmd) vulnerability is available. An attacker could send a packet to Volume Manager and launch a denial-of-service attack remotely. Symantec has issued a support advisory.
Apple QuickTime, widely deployed in Windows and Mac systems as well on the popular iPods, has five critical flaws all to do with image handling. These flaws have the potential for arbitrary code execution or buffer over flow, and they affect QTIF, TIFF, and GIF images. Apple has provided a patch for all five flaws.
The BlackBerry Enterprise Server may be vulnerable to denial-of-service attacks, according to a group of German hackers. An attacker could launch a DoS attack by sending "specially crafted" packets to the router, according to a vulnerability note posted on the U.S. Computer Emergency Readiness Team's Web site. The result could be disrupted communications between the BlackBerry Enterprise Server and BlackBerry devices. BlackBerry has developed a fix for the reported vulnerability.
Hackers have exposed details of a previously undocumented flaw in Microsoft's handling of Wi−Fi which affects users of Windows 2000 and XP. A security researcher explained that the issue centers on the way in which the operating systems look for wireless networks during startup. When a Wi−Fi equipped laptop starts up using Windows 2000 or XP it immediately starts scanning for wireless networks. If none is found it sets up an ad hoc link using the name of the last wireless network accessed. If a hacker was aware of the last used network ID, it could be used to establish a direct local link with the Windows PC offering access to all local drives. However, the problem only arises if the target machine is not running a firewall. One of the changes in Windows XP SP2 turns the built-in firewall on by default.
Several new phishing scams emerged in the last month, one preying on sympathizers of recent mining accident, and two others targeting U.S. Navy and Air Force personnel.
The US Federal Bureau of Investigations (FBI) issued a warning on Jan. 11, 2006, alerting Internet users of a new phishing e-mail requesting financial aid for Randy McCloy Jr., the sole survivor of the West Virginia mine explosion that killed 12 men. The e-mail appears as though it is from a doctor treating the survivor. The doctor reportedly describes the McCloy's condition and discusses the funds needed for a full recovery. Internet users who receive any such e-mails are asked to file a complaint with the Internet Crime Complaint Center.
In addition, naval seamen who use the Navy Knowledge Online (NKO) Web portal and Air Force personnel with access to the Air Force Portal are also exposed to phishing emails leading them to fictitious Websites. Users are urged to double check the Website address and to change their portal password if they believe they have fallen victim to the scams.
How companies can manage strong authentication intelligently Mike Davies, VeriSign EMEA
According to the latest figures from the Department of Trade & Industry, eight out of ten UK firms offer its employees the option of working from home for at least part of their working day. As the UK heads towards a more mobile workforce, this number bodes well for the economy's ability to integrate a more diverse range of people whose personal circumstances mean they may otherwise be left out.
Moreover, the penetration of key technologies in the UK means working from home is now more feasible than ever before. Over 27 million people have access to the Internet in the UK while, according to BT, there are 9.8 million broadband subscribers.
So surely these should be happy days for UK Plc? That would be the case were it not for the enormous security implications that arise as a result of home workers - as well as customers and partners -trying to access corporate networks via the internet.
Five years ago, organisations dealt with remote access by giving users a simple username and password. But recent security lapses, inspired primarily by phishing attacks, mean many organisations feel this level of security is insufficient. And when access to corporate networks is increasingly part of a company's duty of care under the regulations laid down in Sarbanes Oxley, there are many who would support a complete ban on remote access to corporate networks via the 'net.
Each month, our highly experienced security consultants share their expertise in an area of your concern. This month, senior product manager Doug Barbin discusses log monitoring. Send your questions to firstname.lastname@example.org.
Monitoring Your Server Logs
Q: What is a reasonable resource allocation for monitoring server logs?
A: Depending on your audit and compliance requirements, monitoring logs can become a resource drain. To put it plainly, it can be a pain. But it is a good security practice and gives you the type of visibility you don't get from a firewall or intrusion detection service. It is also required by key regulations such as Sarbanes-Oxley, GLBA, NERC, and PCI. If you find yourself going through tedious manual processes to produce a log monitoring report, or if you find it hard to justify expensive software for this purpose, consider using VeriSign's Host Log Monitoring-Audit Service. It is designed to meet the logging needs of auditors and IT managers looking to review exception events after they have occurred. Auditors generally do not need to be notified of these events in real-time or near-real-time, but they need to get to the details when they review the log report. The VeriSign service is delivered to a portal so you and your auditor can run granular reports against specific requirements.
To meet your auditing requirements and get actionable information from your vast log data, outsourcing is the way to go.
Doug Barbin is a senior product manager at VeriSign.
8-10 February 2006
13-17 February 2006
13-15 February 2006
15 February 2006
13-16 February 2006
23-24 February 2006
Readers should note that references to VeriSign's sponsorship are historical. That sponsorship ended on 28 February 2007, and is simply included here for context and historical purposes. VeriSign is not formally associated with this site in any manner, and has asked us to emphasise this point.