Privacy, Security Archive

Blaster winds down, but security experts predict more Windows trouble ahead. Some believe that a new attack is imminent.

I am a "Technologist", a Technology enthusiast that is usually the one that is called should a major catastrophe strike an end user. My saga of computer rescues becomes a plot that is ever so thickening, if not only for the fact that's it's becoming incredibly easy for hackers and malicious code writers these days to invade personal property to find, seek, and destroy. Each year, virus and hacker threats increase, and in addition the damage trail left behind is something of a problem. Not to forget, a majority of "PC Panic" cases I've come across are often times the same common, "major" problem.

In a world of constant security struggles, insurance companies are throwing their hat in the ring. Companies will now have the option to take out a policy on their IT. What effect will this have? It could be big. Remember, insurance price is based largely on risk. This could be bad news for companies with software known to be insecure. Read the article here.

"This week, however, Linux was also awarded with CC security certification, and as one might expect, this announcement greeted with cheers from the open source community. There's just one catch: Linux got a lower security rating than Windows 2000 did last year." Read it at WinInformant. Update: The WinInformant article is a little slanted in its reporting, since the ratings discussed have little to do with how secure either OS is in real-world use. Keep in mind that to achieve the higher rating, the computer is not allowed to be connected to any network, since network-connected computers are inherently vulnerable. A CNN article shoots a little straighter on the subject. The certification is not a contest to see which is more secure, simply a test to see if the OS matches a certain objective set of criteria. You have to severely cripple a modern OS to make it meet government high security certification.

A hacker group released code designed to exploit a widespread Windows flaw, paving the way for a major worm attack as soon as this weekend, security researchers warned.

Researchers outline a way to speed the cracking of alphanumeric Windows passwords, reducing the time to break such codes to an average of 13.6 seconds from 1 minute 41 seconds.

Software designed by humans will always have flaws, says Microsoft, but the company argues that its security record is improving. Microsoft has admitted it does not expect to ever release completely secure, flawless code, but denied that its software was any less secure than any other complex code.

Following Vnunet's "Linux hacks hit all-time high" article a few days back, mi2g once again copped criticism from the wider IT security community. Nonetheless, the original data upon which their report was based illustrates that concerns about Open Source security complacency may have some merit.

A fundamental constituent of Microsoft's Trustworthy Computing initiative is "Reliability. The customer can depend on the product to fulfil its functions." No-one wants to be a guinea pig and, after all, Microsoft hardly have a track record of designing secure platforms. Not entirely true. Recent accreditation to CM-EAL4 puts Windows 2000 on a security par with most hardened versions of Unix.

Microsoft faces a possible investigation and significant fines for a security lapse that could have exposed the personal information of millions of consumers.

On a normal system, if an attacker gains root or administrator access, he or she can run rampant. Not so on a trusted system -- at least so long as it is properly configured. Read the article at NewsFactor.

A key code for installing Microsoft's Windows Server 2003 has leaked onto the Internet, a loss that could lead to widespread piracy of the OS. In the meantime, the battle for "Trustworthy Computing" is still on.

Counting viruses is simplistic, but there is evidence that Windows is becoming more resistent, and Linux is becoming more of a target. The report also points out that Apple is becoming vulnerable, "now that it is fielding an operating system with embedded Internet protocols and Unix utilities.". Read the article at ZDNet UK by John McCormick.

"Wireless networks are replacing wired networks very rapidly. More and more people want to stay connected on the road. What this transition brings is - more security problems. While wired networks have been around for ages and have had the time to make good security defences, wireless networks and new in comparison and still have a long way to go. This book aims to give you the knowledge you need to bring maximum security to your network, by teaching you how that security can and will be broken." Read the review at Help Net Security.