|
archives If you want an RSS feed try this 
Thursday, December 11, 2003
 The new EU Anti-SPAM laws that come into force today are designed to make it illegal to send individuals unwanted email. This, the politicians believe will stop the deluge of junk mail appearing in everyone's email in box overnight.
I have yet to find anyone in the industry who thinks it'll have any affect what so ever, and I'd agree.
Even a cursory analysis of the average user's email in box will reveal that the vast majority of SPAM email comes from far away, Florida; China; via SPAM Bots; Open Relays; Open Proxies; or otherwise mostly untraceable routes. All of this mail is sent by people who have no regard for the law anyway. Any Anti-SPAM methodology based upon tying to identify the sender as proposed by Nick Scales, chief executive of Avecho in an article over on BBCi News, is doomed before it starts.
As Steve Linford, founder of anti-spam organisation The Spamhaus Project said in the same article; "The whole problem with these laws is that they are geared to spammers being honest and respecting laws"..... right then no problems there then ®©
Related Links
MXtreme email firewall blocks 99% of all SPAM
posted by Robert Campbell 11:38 AM
Wednesday, December 10, 2003
 Yet another flaw in Microsoft's core product set, Windows 2000 and XP, identified by eEye Digital Security, could allow an attacker to execute arbitrary code on an unprotected workstation. This vulnerability is caused by a flaw in the network management functions of the DCE/RPC service and a logging function implemented in WKSSVC.DLL. The attack vectors, along the lines of passing long strings to vsprintf() require access to TCP/UDP ports 138, 139 and 445.
It goes without saying that this represents a significant risk to all un protected workstations, and here in lies our criticism of the only just suppressed industry panic, no one should have those ports exposed to the internet. However, given the experience of the industry with SQL Slammer Worm earlier this year we should not be complacent.
Related Links
DHS/FedCIRC Advisory FA-2003-28 Buffer Overflow in Windows Workstation Service
Microsoft's Security Bulletin MS03-049
posted by Robert Campbell 9:46 AM
Tuesday, December 09, 2003
There are several articles around currently alluding to 'new research' by Hitachi showing that UK email users are aggravating IT storage requirements with gossip and jokes amounting to 20% of all email. Indeed our experience would show that this may be an underestimate, and without good management it can be considerably higher. Management is one of the key issues, supported by technology which enables proper control and monitoring of all internet usage. In the knowledge that all activity is monitored and stored in a tamper proof archive most users reduce personal usage to an acceptable level.
Email archiving solutions allow companies to comply with new requirements as well as reliving the main mail system and its associated back up system from having to cope with all the storage requirements.
Related Links
Jokes inflame 'e-mail epidemic'
Office gossip drives storage spending By Jo Best Silicon.com
Controlling email content with BorderWare MXtreme
Email Archiving and Compliance
No email use the phone
posted by Robert Campbell 8:16 PM
Monday, December 08, 2003
 PetCo.com on-line pet store is in th news again, the FTC is delving deeper into the security breach where Petco.com exposed customer credit card details on its e-commerce web site earlier this year. In what seems to be the US equivalent of a 'subject access request' the FTC is seeking information from Petco regarding the governance of customer information on its e-commerce web site.
Related Links
Online Pet Shop : I smell a rat
FTC investigates PetCo.com security hole By Kevin Poulsen, SecurityFocus
Security Focus article by Kevin Poulsen
ecommnet's answer to minimising ecommerce database vulnerabilities.
Federal Trade Commission
posted by Robert Campbell 8:41 PM
Monday, December 01, 2003
 A so called 'Low level ID theft kinda guy' was arrested late last week in possession of one or more computers stolen from a financial analyst's office. Edward Krastof has apparently admitted to the theft and authorities believe that all the data relating to customer's personal details have been recovered intact.
Wells Fargo themselves obviously don't thinks so as a spokesperson for the finance company, Doreen Woo Hoo, is quoted saying that they have '.... in the three weeks since this equipment and information went missing, we've been able to communicate by letter and by phone with virtually every affected customer.'
The costs for the company must be enormous, with all that communication, letter and phone, and having to provide new account numbers for every customer and enabling customers to sign up for a one year subscription to Privacy Guard ®, a credit monitoring service. The press release doesn't say how many individuals were involved but one suspects that it was significant.
Protecting data stored on network file systems or lap top hard disks or any where else on the network, especially if that data is outside the usual controls of the corporate infrastructure must be a priority for security personnel.
Related Links
Wells Fargo Press Release
Protecting Lap top data
Protecting and controlling the use of PDAs
Network file encryption
Identity Theft
Canada Customs and Revenue Agency Stolen Laptop Computers
Crackdown on identity theft an article from the BBC
Police arrest ID thief in Wells Fargo case
The Wells Fargo Example By Mark Rasch SecurityFocus
Wells Fargo : Real Customer Experience
posted by Robert Campbell 4:37 PM
Saturday, November 29, 2003
 The BBC's Technology commentator Bill Thompson did not have any e-mail on Tuesday and he is not best pleased, we think he's only go himself to blame. In the recent article published on his BBC Blog Bill actually refers to the solution; multiple redundant connections, he should consider if being deprived of his internet connection is as devastating as he believes. In truth he probably doesn't really care that much but some companies really do. In a recent survey most small to medium sized businesses rated their internet; by which we assume their email; connection was more important than their telephone line.
In practical terms there are several devices such as the Radware LinkProof application switch that allow a user to use multiple ISP connections to provide highly resilient load balanced connections to the internet. These devices are now becoming aggressively priced to the extent that even a relatively small business using cable and ADSL would be able to create a highly cost effective resilient connection.
Some people however don't get the point, rather like anti virus and firewall solutions were 10 years ago, they still take the attitude that '..it won't happen to me.'
In discussion with a customer recently, we considered that they actually processed at least £40,000 every day over a single Internet connection. They have not invested in the basic infrastructure to provide any kind of fault tolerance on that connection,choosingg to continue with a single ISP, one web server and one firewall. The cost of providing the resilient infrastructure would have been around £50k. Why? one might well ask!
Related Links
Radware LinkProof
Can the net take the strain? Bill Thompson BBC.
posted by Robert Campbell 8:16 PM
 A CERT Advisory from the security team at Free BSD Project, FreeBSD-SA-03:19.bind: bind8 negative cache poison attack details the recently exposed vulnerability in the DNS deamon. Initial evidence is that this affects all bind8 implementations and may not be restricted to BSD.
All current implementations of BSD from 4.4 to builds of 5.1 prior to correction date are affected, patches are available from the usual ftp sources on the freebsd.org web site.
Related Links
Free BSD Org
BorderWare NameVault High Performance Secure DNS Appliance
Security Focus Advisory
posted by Robert Campbell 2:34 PM
Tuesday, November 25, 2003
 Opinion Having spent two days last week mixing it at the NEFF with various members of the police force and various fraud specialists form a wide variety of industries and public sector bodies including the National Audit Office and security specialists from the several of the high street banks. I'm even more paranoid than I was before, if that were possible.
I was especially impressed with the afternoon's discussion on the second day headed by Colin Wittaker of APACS on e-commerce fraud. I was, however, equally very depressed with the technical session on corporate security where at least one participant told the amazed audience his answer to the problem of email viruses was to only allow one PC, not connected to the corporate LAN, to be attached to the Internet.
There seems to be plenty of evidence that real criminals are getting more organised and the risks are increasing every day for all of us, as individuals and companies alike. Yet the willingness of otherwise well educated decision makers to enter into meaningful discussions regarding investment in multi-level security measures is woefully lacking, staggeringly so in my opinion.
Why is this ? There are probably many facets to the answer to that question, but as technologists we have a responsibility to adjust our responses and participate in the bigger debate as grown ups and not continually snipe at the most obvious without thinking first. Like adolescent school kids with half formed ideas or brainwashed middle class left wing pinkos with shallow reasoning and single issue politics, 7/10th of our industry seems to think nirvana can be obtained if we just dumped Windows and Bill into the Pacific.
Thank god for people like Tim Mullen a reasoned analyst if ever there was one.
Related Links
Busting the Worm Writers
Microsoft's hacker bounty is wasted money
Proposed: a Bounty for Bugs
The Flaw of Security Through Diversification by Mark Burnett
The 7 Top Management Errors that Lead to Computer Security Vulnerabilities
posted by Robert Campbell 8:44 PM
Concerns seem to be appearing over the latest version of Exchange and Outlook Web Access. In an article over at ZDnet by Matthew Broersma
posted yesterday he reports that Microsoft's initial explanation relates to the use of the Kerberos authentication mechanisms. This is just the latest in a series of issues that have affected the OWA component, and while remote access to one's Exchange server is a highly desireable thing doing it with Exchange, IIS and OWA alone is asking for serious trouble and cost. Using BorderWare's MXtreme can easily put most of these risks behind you.
Related Links
MXtreme and OWA
posted by Robert Campbell 5:45 PM
Saturday, November 22, 2003
 The National High Tech Crime Unit notch up another major success and six men have been jailed for a major Identity Theft scam involving Lloyds TSB, Halifax and Co-Operative banks. The gang using information gleaned from an on-line house auction site were able to personate identities of individuals whom had died and use these fake identities to open bank accounts, obtain loans.
Related Links
Jail for internet identity fraud - BBC News
The National High Tech Crime Unit We'd love to give you a more relevent link but the NHTCU's web site is entirely FLASH™ and is completely unusable and inaccessible.
EU hi-tech crime agency created
posted by Robert Campbell 7:31 PM
Friday, November 21, 2003
 A high speed wireless hot-spot - GNER are presently trialling a mobile WI-FI technology that is set to change the face of 1st class rail travel on the East Coast main line between Edinburgh and London Kings Cross.
In ecommnet's experience the myth of working on the train is just that; a myth, the network coverage of O2's GPRS wireless network is so poor that even collecting the odd email has been almost impossible. We were involved in the O2 beta test program for their XMAIL service, in principle an excellent concept. Being able to read one's exchange email on a pocket PC / XDA handset meant dumping the laptop on those long journeys from Newcastle to London, traveling light really making a difference to the fatigue value of a day trip to the 'smoke'.
 GNER are advertising the service and suggesting that the use of VPN software will enable users to connect to the corporate network. The system is powered by satellite, and the problem will be to make standard IPSec VPN technology work over the high latency satellite bridge. In our experience this is not possible. There is however one VPN technology that will work in such an environment; that is SmartGate from V-One Sytems.
Related Links
Broadband boost for train travellers
WI-FI Trial - The Time Table - Take Part
posted by Robert Campbell 8:46 PM
Top Virus List Our BorderWare MXtreme Email Firewall is getting a fair pasting the running totals now are shown in the table . I think this customer is getting their money's worth out of this evaluation.
| Virus Name | Number |
| I-Worm.Dumaru.a | 169 |
| I-Worm.Mimail.c | 94 |
| Exploit.IFrame.FileDownload | 94 |
| I-Worm.Mimail.txt | 60 |
| I-Worm.Mimail.g | 31 |
| I-Worm.Mimail.j | 31 |
| I-Worm.Swen | 30 |
| I-Worm.Sober | 28 |
| I-Worm.Klez.h | 17 |
| I-Worm.Mimail.h | 15 |
Related Links
BorderWare Email Firewall and anti SPAM Appliance
MXtreme : Microsoft Exchange & Outlook Web Access security vulnerabilities
posted by Robert Campbell 6:25 PM
 B&Q the DIY store took it's advertising motto to heart the other day and left its online customers exposed. The 'You Can Do IT when you B&Q IT' strapline could come back to haunt them after it was revealed earlier this week that anyone, even those without any real IT knowledge could bypass the store's security measures and gain access to another's users details. Likewise too Argos seems to have failed at the same hurdle and similarly demonstrated any real understanding of either the technical issues or the seriousness of their actions.
The two vulnerabilities were revealed at the beginning of this week, (17th Nov 2003) by Silicon.com, and related to the way a user of either site could gain access to another users account just by guessing a likely username and answering what appears to be a simple reminder question.
True the users themselves are implicated in this particular instance, they should have some responsibility to make their password reminder questions more difficult and the answer less obvious, but the manner in which this password reminder system was implemented by both sites is, frankly, appalling.
Perhaps the fines imposed by the FTC for similar lax behaviour by GUESS and Victoria's Secret should be imposed on these two too.
Related Links
Now Argos exposes customer account details online - November 17 2003 by Will Sturgeon
How many times do shops have to be warned? November 17 2003 by silicon.com
posted by Robert Campbell 6:14 PM
Monday, November 10, 2003
 ecommnet is to attend and exhibit at the North East Fraud Forum, to be held on the 17th and 18th of November at St. James's Park, home of Newcastle United FC.
The conference covering all forms of fraud is a timely one, only today the Association for Payment  Clearing Services (APACS) launched its new campaign to make shoppers and retailers more aware of credit card fraud on the run up to Christmas.
Card Not Present fraud has seen an increase of over 33% over the last few years and amounts to over a quarter of the total credit card fraud in the UK annually. The total figure is over £400M and covers losses from mail order, fax and online retailers, mainly in the high value technology sector.
Increasingly as consumers seek bargains on the 'net this type of fraud will rise unless the industry takes specific measures to counteract the growing sophistication of the criminal.
Related Links
North East Fraud Forum
APACS Card Watch web site with special focus on 'plastic card fraud'
Card Security Week 10-15 November 2003 Keeping Your Card Safe on the New High Street
Chip and PIN programme in the UK
CIFAS - The UK's Fraud Prevention Service
posted by Robert Campbell 4:25 PM
Monday, November 03, 2003
AV companies, including Trend Micro and Kaspersky Labs are warning of a medium risk virus propogating in the wild. The so called MIMAIL virus appears too have a number of variants all of which affect Win-32/Outlook style mail clients.
ecommnet's practical experience is shown below with two tables; extracts of various live reports from a BorderWare MXtreme email firewall from a customer where the e-mail firewall is on evaluation.
Number of Virus Attacks |
| Virus Name | Num per Week |
| I-Worm.Mimail.c | 36 |
| I-Worm.Dumaru.a | 28 |
| I-Worm.Mimail.txt | 25 |
| Exploit.IFrame.FileDownload | 21 |
| I-Worm.Sober | 20 |
| I-Worm.Mimail.g | 13 |
| I-Worm.Swen | 10 |
| I-Worm.Mimail.h | 3 |
| I-Worm.Tanatos.b | 3 |
| I-Worm.Tanatos.dam | 3 |
|
Traffic Analysis Report |
| Mail Filter (acted upon) | Num per Week |
| STA High Spam (Token Analysis) | 302 |
| STA Low Spam (Token Analysis) | 63 |
| BULK (DCC Checksum) | 438 |
| Blackhole List (RBL) | 216 |
| Brightmail Spam | 0 |
| Forbidden Attachment | 16 |
| Virus | 169 |
| Malformed | 28 |
| Pattern Filter SPAM | 0 |
| Pattern Filter Reject | 3 |
| Attempted Relay, Rejected | 46 |
| Dropped | 175 |
| Undeliverable | 0 |
| Reject on No Reverse DNS | 0 |
| De-queued by Admin | 0 |
| Clean or not Scanned | 6063 |
| Total Messages | 7519 |
| Percent Blocked | 19 |
|
The report shown covers the last 7 days only, and is ample demonstration of the prevalence of the virus. The fact is that the MXtreme e-mail firewall with the Kaspersky anti virus engine has prevented well over 1000 items of SPAM, and 169 viruses, and almost 300 other undesireable emails in less than a week.
Related Links
BorderWare e-mail firewall MXtreme
MS Outlook Web Access Vulnerabilities
posted by Robert Campbell 8:17 PM
|
