Another day, another Microsoft security hole - this time really serious; so serious indeed that it has led to the overall compromising and defacement of many Web sites worldwide, including at least one locally.
It led to the defacement of ITWeb on Friday. Yes folks, along with some of the highest profile Web sites in the world - including three Microsoft sites, as well as those of Vodacom, Unilever, Nintendo and British Telecom - SA`s very own online IT news service was defaced. Cyber war has reached us...
Almost all security breaches are caused by human error, with mismanagement and wrong choices of technology allowing hackers to walk in through the front door.
Ian Melamed, Chief Technology Officer, SatelliteSafe
Last week Microsoft announced to the world at large that it had uncovered a security hole in its flagship Web server software, Internet Information Services (IIS) 5.0, which could compromise Window 2000. It raced against the clock to get system administrators to apply the patch to their Web servers online before their systems could be compromised.
The details of the flaw have been covered well enough for me not to address them here, but Prime Suspectz, from Brazil, was the group of hackers responsible for the defacements, and they have demonstrated again the power hackers have, and the extraordinary vulnerability of the software we`ve come to depend on for our corporate systems.
ITWeb`s service was back to normal within an hour after the pre-dawn hack, and editor-in-chief Ranka Jovanovic noted that: "At least we were in the big league!"
ITWeb has implemented the appropriate patch. If your company is one of the five million that run IIS, may I recommend you do so too?
* The Jet Propulsion Laboratories, a Nasa facility, is often hacked because of its compelling data. Its 5 000 employees were recently sent a note warning them that their social security numbers might have been stolen from a corporate server. Might have been stolen? Isn`t that reassuring that so vital a facility can`t advise on the security of its systems? Word from the US is that the laboratory`s servers can`t be secured because of their age and complexity, a situation that also prevails at other Nasa sites. What`s next: hacking a space shuttle?
* And are hackers beating around the Bush? The White House has come under a distributed denial-of-service attack. The servers which support Whitehouse.gov were taken down by extreme traffic between 5am and 8am on 4 May. Initial intelligence was that it was co-ordinated by Chinese hackers as part of their overall campaign against the US after the recent US spy plane incident.
* It`s official, then. Almost all security breaches are caused by human error, with mismanagement and wrong choices of technology allowing hackers to walk in through the front door. A Computer Security Institute study has found that hackers take advantage of simple, obvious vulnerabilities caused by poor management, and 93% of breaches arise from errors in configuring systems. Some 49% of breaches made through firewalls are caused by mismanagement, and 7% of these are caused by inadequate technology. Some 44% are caused by poor management and equally poor technology.
* Consultancy @Stake concurs: the single biggest cause of network security breaches is stupid moves by PC users. Despite the risk of fraud, corporate computer users leave passwords on paper notes, fail to change passwords from the default, and incorrectly configure hardware. They encrypt data but leave it on a machine in an unencrypted format or lock it with a blank password and fail to change system passwords during updates. Some companies connect servers directly to the Internet, bypassing router firewalls.
* There`s a nasty virus in the wild: Troj/Unite-C, a configurable, password-stealing Trojan from Russia. Its very name is one of the configurable options, and so it will change. When run, it can copy itself to the Windows system directory and add a new key to the Registry containing the path to the file. It can stay resident and monitor the system, or run on restart. It will establish a TCP port connection to try and send out the stolen information. The latest anti-virus definitions will do the necessary, so don`t be caught unprepared.
* And back to Microsoft. Crackers have found a way to get round Microsoft`s registration protection scheme for Windows XP, and the software has not yet been launched! Web sites have been sprouting like mushrooms on free servers such as Geocities, providing details of how to unlock Windows XP beta without contacting Microsoft. Using the mechanisms, crackers can also remove the 180-day trial expiry period. A cracker named Methyd seems to be the responsible party.
(Sources: Silicon.com, Cnet and ZDNet.)
Share