UK lawmakers have bust one of the largest fraud scams ever: a far-reaching $3.9 billion Internet banking rip-off which faked the Web pages of Bloomberg and Euroclear - the international system for clearing securities and Eurobonds.
US insurance policies issued against hacker-inflicted damage will cost 25% more if your company uses Windows NT.
Ian Melamed is chief technology officer of SatelliteSafe
The International Chamber of Commerce`s Commercial Crime Service uncovered the scam, which involved the sale of bogus guarantees purporting to be from 29 European banks, with a face value of millions of pounds. They were "validated" by Web sites with domain names such as www.euroclear30.50megs.com and www.bloomberg.50megs.com, reflecting backing for the bonds of up to $415 million.
Some victims parted with six-figure sums for the documents. There have been similar scams involving the International Monetary Fund, the US Securities and Exchange Commission and the Federal Reserve Bank. The absolute hoot of this one is that the Web pages were being hosted on 50megs.com, a free Internet host.
*Warner Bros Online had the mortifying experience of having its servers hacked and used to broadcast an unsolicited e-mail to all subscribers encouraging participation in a pyramid scheme. Warner Bros apologised to all, and insisted it placed a high premium on security and would ensure it did not recur.
*That pales into insignificance against Japanese audiovisual giant Pioneer, which sent the Troj_Hybris virus to 10 000 of its customers via an e-mail. Fortunately, the company reacted quickly to the situation and the virus inflicted little damage to the 19 servers it infected.
*And some stiff punishment for deliberately sending a virus. A British businessman has had his computer equipment confiscated and been sentenced to 175 hours of community service after sending the bug to his friend and competitor. He sent the virus as an e-mail attachment with the subject heading: "Our latest prices are attached, please take a look." The recipient notified police, and the culprit`s business was raided. The act was considered by the presiding judge to be a childish prank.
*To FTP or not to FTP? For most companies, that`s not even a question. After all, FTP is the global standard for data transfer across the Internet. Everyone depends on it, but they may want to reconsider that dependency after the revelation of a high-risk vulnerability. PGP`s security response team, Covert Labs, has reported the flaw on servers running Sun Solaris, HP-UX, SGI Irix, NetBSD and FreeBSD. It could allow remote attackers to compromise these servers for data theft, network intrusions or Web site defacement. The error concerns a wildcard function in FTP: when an FTP server tries to match filename patterns when a user doesn`t know the entire filename, it uses partial filenames rather than specifics and relies on the glob() function. As always, take extreme care and apply whatever patches are available.
*Microsoft should have expected it: the industry certainly did. Within weeks of announcing its first security product with huge fanfare, the Internet Security and Acceleration (ISA) Server`s Web Proxy service, the world`s largest software company has had to admit that it has a bug and is vulnerable to crashes and denial-of-service attacks. This in the same week that Microsoft committed itself as never before to producing secure software. The flaw, as confirmed by Microsoft, arises because ISA cannot process some requests if they exceed a certain length, causing it to crash if its Web Publishing features are enabled. Microsoft says: "Processing such a [malformed] request would result in an access violation, which would cause the Web Proxy service to fail. This would disrupt all ingoing and outgoing Web proxy requests until the service was restarted." The implication: a hacker could stage a denial-of-service attack, but could not take control of the firewall or access the systems behind it. A patch is available.
*Microsoft`s vulnerabilities could prove expensive. US insurance policies issued against hacker-inflicted damage will cost 25% more if your company uses Windows NT. This is because "there are so many security holes in Microsoft products", Wurzler, an underwriting company, has advised. Wurzler bases its decision on an insured organisation`s turnover, the probability of an attack and the chances of success of an attack. Such insurance policies are offered in tandem with a thorough security audit.
(Sources: ZDNet, The Register, Silicon.com and IDG.net.)
Share