June 25, 2004
- The Associate Press, as reported in the Wall St Journal online, has a story about
a Microsoft vulnerabilty that is the target of a new virus. This
vulnerability has only been recently discovered. There is no
The virus appears to actually target financial
data and may be contracted by going to unsafe web sites.
Some experts have suggested using a non
-Microsoft browser. One can be found at www.mozilla.org. Macintosh
users are unaffected by this.
Microsoft has advised users to set their
browser security selections to their highest level. This is computer
equivalent of locking your doors and barring your windows because
the monster is loose in the village. Didn't Mary Shelley warn us about this? Macintosh
users can settle on Mel Brooks warning.
June 24, 2004
- No one likes the idea of an audit. Even if you do everthing
correctly, the thought of someone poking around in your stuff
makes you uneasy. However a security audit is a good way
to test everything that you have bought and installed. Consider
a review of your hardware, software and procedures before an
intruder provides you with a complimentary audit.
An AOL employee has been arrested for the
theft and sale of millions of AOL members names. Tech Republic was one of the first to report
An editorial in the Decatur Daily warns of the threat of Spyware.
It's good to see non technical puplications take up the fight
for safe computing.
June 16, 2004
- Is it a hoax, a threat, or nothing to stay up nights worrying
over? It's a cell phone virus. A few years ago when the purpose
of the cell phone was for making calls, this was not a concern.
Contemporary cell phones are loaded with features that make them
more computer than telephone. Among the features added were Bluetooth,
that someday to be ubiquitous short range communication protocol.
This makes it easier to transfer data between devices that support
Bluetooth. The ease of data transfer is what makes the easy transfer
of viruses theoretically possible.
The experts opinions seem to vary on the
severity of the threat, if there is one. Wired has their opinion [likely to change]
and other sources, such as News.com have other ideas. [editorial
comment - At wi-tegrity we don't think these viruses will be
a problem until Outlook and VB run on cell phones.]
June 15, 2004 -
has published a warning about the latest Zafi.B virus. Like many
others, this virus spreads itself through email. It is multi-lingual
and mails itself out in Hungarian, English, Italian, Spanish,
Russian and Swedish carrying a political message. SearchSecurity.com has more information on
this latest threat.
June 14, 2004
- Recently it was reported by IDG and several other sources, that the source
code for Cisco
routers was leaked to the Internet. What this means is that the
very basic programs that run Cisco routers and switches were
made available to the world. How much of a threat is that. Probably
not too much. While such code being public could reveal the trade
secrets of Cisco equipment does its job, it does not necessarily
mean that the devices are any more easily compromised. Tech Republic recently addressed this issue.
Once again the advice is, and I sound like a broken record (20th
century precursor to the CD), to be certain all default passwords
are changed and all recommended software updates are performed
as soon as practical.
So where was the real damage? More to Cisco's
corporate pride than anything else, especially since they have
been touting their concept of self-defending networks in their
British Telecom may be abandoning plain old telephone service
(POTS) in favor of voice over IP (VoIP). VoIP uses the same technology
for your voice calls as the Internet uses for email and web surfing.
Proponents of VoIP cite cost savings and economy as the major
benefits of VoIP. Many companies, including Nortel Networks , have been selling VoIP
equipment for years. The primary market has been private telephone
systems. British Telecom's venture with the public network will
be a first for that nation.
June 11, 2004
- Spyware is the latest threat and, in theory it's older than
you think. Remember the old dial-up service called Prodigy (It
still exists in some form)? It was a fun introduction to being
able to use computers for more than filing recipes. As part of
its operating systems Prodigy created some files on your hard
disk and none of the [minimal] documentation explained. There
were all sorts of conspiracy theories about why the files were
there and how IBM and Sears Roebuck were using the files to spy
on you. Supposedly the department of Defense banned Prodigy on
their computers. These fears were unfounded. However, there is
a very real 21st problem with files on your computer telling
the world more about you than you want the world to know. Fox news has a story describing spyware and
some tips on getting rid of it.
Please don't depend on software firewalls
on your computer. By the time your firewall detects a virus,
worm or spyware installation, it's already too late. If you have
any sort of broadband connection you should have a hardware based
firewall. Even if it's a simple router/firewall appliance. Contact
for more information.
CERT has issued a warning regarding problems
with Internet Explorer running on Windows systems. Click here for more information.
June 9, 2004
- Now that we are through staring at the planet Venus, back to
some serious issues. Hiawatha Bray, of the Boston Globe has done
some research. This respected tech writer has done some serious
research on spam coming from home users' computers. This
is a serious allegation and should be looked into by anyone with
a home computer attached to a broadband service.
Not wanting to come across as a Windows
basher I usually don't jump on stories about how many people
avoid Windows systems. (wi-tegrity does perform security
evaluations of Windows Networks.) A thread on slashdot.org talks about Windows avoidance
and the alternatives. Caution - there may be some rough language
at that site.
June 7, 2004
- There is a new trend in restaurants, cafes and even bookstores.
No, it's not some super new blend of coffee or an exotic tea
- it's wireless network access. Many service establishments are
taking advantage of the fact that many of the portable computers
patrons are carrying are equipped with wireless network cards.
There are two schools of thought on this
trend. One is to make the wireless service part of the menu.
Offer your customers the chance to connect for a fee, either
based on an hourly rate or a flat monthly rate offering unlimited
air time. T-Mobile
is working very hard at this.
The second way of thinking is to feature
wireless service as a condiment (I didn't invent this comparison).
You would not charge extra for cream and sugar or an extra napkin.
You won't charge extra for someone to connect to your network
and check the stock prices or send some email. (As long as you
segregate them from your business network.)
There will be more on this subject in later
updates. We will even list some of the wi-tegrity favorites.
June 2, 2004
- The fastest growing threat to computer security is not those
nasty worms that seem to make their way around the globe faster
than the Genesis Project in the "Wrath of Kahn", but rather it
is the proliferation of open wireless systems. In a recent and,
admittedly, unscientific survey wi-tegrity demonstrated
that most wireless networks are not secure. A scan of a number
of networks in northern Bristol County and southern Norfolk County
Massachusetts show that many people have installed wireless networks
in both their homes and businesses, yet have not taken the simple
steps to secure their system. A recent CNN story confirms that this is happening
in other areas of the country as well.
Failing to secure a wireless network at
home means that not only are you providing free wireless access
to anyone in the neighborhood, you are also giving them the opportunity
to read all of your personal computer files and to capture your
bank account and credit card numbers.
Failing to secure a wireless network in
your business does pretty much the same thing as at home with
the added bonus that you could be in violation of Sarbanes-Oxley, HIPAA and who knows how many lesser known
Before you even plug in the power supply
of your brand new 802.11X wireless router do something that no
one likes to do. Read the instructions and if you aren't sure
you can maintain a secure network spend a few dollars to have
a professional do it for you. It will be the money you've spent
on security since your firewall. By the way, with an unsecured
wireless network you may as well skip the firewall. It's useless.