WPA 2 security spec In the works
According to the Wi-Fi alliance, the next generation of Wi-Fi Protected Access
(WPA) will be launched sometime in 2004. WPA 2, the new standard, is expected
to bring higher security levels to the existing WPA standard that was launched
This is good news for wireless security since WPA has already overtaken Wired
Equivalent Privacy (WEP) as the de facto security standard for Wi-Fi alliance
certification. The prime reason behind this has been the higher levels of wireless
data security in WPA than WEP. WPA is a subset of the proposed 802.11i security
standard from IEEE.
Improper URL display in Internet Explorer
CERT has announced a vulnerability in Internet Explorer that does not properly
display the location of HTML documents. This technical glitch can be exploited
by attackers to mislead users into revealing sensitive information.
An attacker can convince a user that they were viewing a legitimate site when
in fact they are visiting a site controlled by the attacker. The attacker could
then use additional social engineering techniques to trick the victim into disclosing
sensitive information such as credit card numbers, account numbers, and passwords.
CERT recommends applying the patch (832894) referenced in Microsoft Security
Bulletin MS04-004, or a more recent IE cumulative patch to solve the vulnerability.
Other safety measures include entering the URL manually and using trusted bookmarks
for sensitive sites. It is not advisable to click on URLs from untrusted sources
like unsolicited mail or instant messages.
Checkpoint Firewall-1 vulnerabilities
Security firm Internet Security Systems (ISS) has discovered a security flaw
in the recently added HTTP Application Intelligence component of Checkpoint
Firewall-1. This component acts as an application proxy between untrusted networks
and network servers for detecting and preventing potential attacks. Vulnerabilities
also exist within the HTTP Security Server application proxy of Firewall-1 (including
those prior to Application Intelligence releases).
Enabling HTTP Application Intelligence or HTTP Security Server might lead to
the system getting attacked. The vulnerability may be exploited by remote unauthenticated
attackers to gain super-user access to the firewall and thereby directly compromise
of the server. This means that Firewall-1s running in default configuration
are highly vulnerable.
The affected versions are Checkpoint Firewall-1 NG-AI R55, R54, including
SSL hotfix; Checkpoint Firewall-1 HTTP Security Server included with NG FP1,
FP2, FP3; and Checkpoint Firewall-1 HTTP Security Server included with 4.1.
ISS and Checkpoint have released updates to patch the firewall. The updates
can be found at: http://www.checkpoint.com/techsupport/alerts/index.html
StatNook: Asia sees Security investment of $1.7 billion
According to a research report by IDC, the APAC region has witnessed significant
growth in terms of enterprise security solution investments during 2003.
This is a good sign of Asian enterprises becoming more aware of the need for
IDC's recent report on "Asia/Pacific IT Solutions Market Spending Analysis
and Forecast, 2003-2007," reveals that among the seven major enterprise
solutions examined in the Asia/Pacific region (excluding Japan), the largest
investment was on storage, surpassing $4.0 billion in 2003 followed by Enterprise
Resource Management (ERM) at $3.9 billion, and Security at $1.7 billion.
Based on these figures, the 2003-2007 compound annual growth rates (CAGR) for
the Security, Customer Relationship Management (CRM) and e-commerce solutions
are projected to reach a high of 25%, 23% and 20% respectively.
Security Genesis: The first PC virus
If the enterprise had an option to go back in the history of IT security and
undo something, 1986 would be one of the first. This was the year that witnessed
the first PC virus.
Some excerpts of the details on the first PC viruses as illustrated by IBM Research.
In 1986, the first PC virus was created. It was the Brain virus from Pakistan.
Brain was a boot sector virus and only infected 360k floppy disks. Interestingly,
even though it was the first virus, it had full-stealth capability.
A CIO's views on Information Security
A number of issues on Internal Security Threats were discussed at a Nasscom
technology forum, titled 'Information Security: The Key imperatives'. Sanjay
Sharma, Head-Information Technology, IDBI Bank was one of the panelists at this
forum. Here are his views on various issues relating to Internal Security.
On access rights
"You need to ensure that adequate rights are given to outsourced staff.
Consider the role a particular person is performing in the organization when
assigning rights. When such staff are relocated, replaced or removed, their
access rights should be modified accordingly, and immediately. This needs to
be factored into the security policy."
On management of IDs
"Establish the IDs of people logging in (outsourced staff change). You
need to put in (robust) infrastructure to manage identities across systems.
Don't have multiple IDs (as people tend to forget these). You can set up IDs
such that they are same as the employee number."
On security logs
"Going through (lengthy) log files is a tedious task. You need to use some
tools to filter the data and avoid false positives. Examine the logs for IDS,
Firewalls, and anti-virus. In addition, you need to conduct external audits
and arrange for ethical hacking."