The debate over free e-mail rages on between M-Web and Absa Bank; without taking sides, for me it comes down to a simple issue: that of liability. If you are paying good money, you have some comeback on the organisation supplying you with the service; if it`s free, what obligation do they have to supply you with excellent service? Or even to update their security, anti-virus definitions or anti-spam and anti-porn filters?
Wherever you look, security or its absence is bringing business to its knees.
Ian Melamed, chief technology officer, SatelliteSafe
This issue was highlighted a few weeks back when Microsoft`s free Hotmail was reported not to be updating its anti-virus definitions (thereby, with 80 million users, creating the world`s largest virus dissemination network). Now comes the news that UK universities are being spammed with pornographic junk e-mails via Hotmail - despite Hotmail having porn filters in place. One of them, Warwick University, is now considering legal action.
The e-mails usually have obscene subject lines, contain links to pornographic Web sites, and seem to come from a user at the warwick.ac.uk domain name, used by the Midlands university. But they aren`t coming from Warwick staff or students, or passing through their computers. Rather, they have been traced to a US-based ISP, Starnet, which has failed to respond to requests for assistance.
As fast as ISPs close down spamming e-mail account holders, though, they simply obtain a new Hotmail account, and off they go. The list of UK universities to be smeared is long: Brighton, Cardiff, Cranfield, East London, Herriot-Watt, Northumbria, Portsmouth, Royal Holloway, Southampton, St Andrew`s, Swansea and Westminster.
* If there`s one constant in an ever-changing security world, it is that companies do not take to heart the lessons imparted by an ever-active market. Recently we saw the Anna Kournikova virus follow more or less the same route as the I Love You virus. Now, after the most publicised and embarrassing security violation of all time, that of Microsoft`s denial-of-service attack, comes the news that almost no companies have changed their network configuration as a consequence. Icelandic DNS (domain name software) specialist Mice and Men has shown in a survey that 25% of Fortune 1000 and 38% of dot-coms are still vulnerable to server outage - the same stats as before the Microsoft incident. Microsoft had been running its DNS server from one network segment, a single point of failure that allowed the system to be taken out with ease. The converse is true of the situation with BIND (Berkeley Internet Name), where a series of vulnerabilities was discovered and reported in late January. Some 80% of Web servers use the software, giving hackers an easy in. Since the flaw was reported, the percentage of Fortune 1000 companies exposed to the vulnerability has dropped from 33 to 12; and dot-coms from 40 to 13.
* The e-marketplace as it has unfolded conceptually holds much promise for companies wishing to trade electronically, thereby reducing costs and boosting efficiencies. However, reports in from market researchers show our good old bugbear, lack of security, is severely hampering their acceptance and take-up. That`s the word from the UK, where a staggering 95% of companies which haven`t used e-marketplaces are concerned that financial transactions might not be secure. An ICL survey of 200 companies cites lack of security as the killer factor, while 44% of companies fear that commercially sensitive information would fall into competitors` hands. Wherever you look, then, security or its absence is bringing business to its knees.
* February`s cyber break-in at the World Economic Forum in Davos, Switzerland, has had a relatively satisfying sequel with the news that Swiss police have arrested an as-yet unnamed man in Geneva. The hackers, you may recall, stole information including credit card details, mobile numbers and home addresses of top Davos attendees and sent it to the SonntagsZeitung newspaper. Four hackers calling themselves "virtual monkeywrench" admitted to the paper they had stolen the information, but meant no further harm. Of course.
* Microsoft is getting yet more negative publicity: this time security experts have discovered a fault in Windows 2000 that could allow a malicious user to hijack a system and perform any action. The flaw is in the Windows 2000 Event Viewer, and it could allow an ordinary user to carry out privileged system commands. Microsoft has confirmed and issued patches - make sure you get yours.
* Interesting development from McAfee: what it claims are the first dedicated virus-scanning appliances. I suppose it was only a matter of time before anti-virus suppliers would try and merge hardware and software to produce the ultimate in efficient scanning. The same logic was applied years ago to hardware-based firewalls. McAfee is beta testing Linux-based machines, known as Virus Screen ASAP, which will reside on the perimeter of a network and scan incoming and outgoing packets for viruses, reducing the load on network servers. The Virus Screen appliance can scan up to 75 000 e-mails an hour, and will launch at the end of this month.
(Sources: Hacker News Network, Computergram, Yahoo, Silicon.com, eNews and CNET.)
Share