Security problems with Windows 95

Security problems with Windows 95

December Network Security First virtual bank claims to be secure Security problems with Windows 95 At the beginning of November the world’s first ...

161KB Sizes 3 Downloads 145 Views

December

Network Security

First virtual bank claims to be secure

Security problems with Windows 95

At the beginning of November the world’s first ‘virtual bank’ was launched in Pineville, Kentucky, USA. Computer Week/y reports that three US banks, Wachovia Corp., Huntington Bancshares and Cardinal Bancshares, have joined forces to create the Security First Network Bank. This, they claim, is the first operation of its kind to offer a full range of services on the Internet. Until now, any fiscal transactions across the Net - especially those that involve making card payments for ordered goods have been plagued with reports of plundered account numbers. Hackers using sniffer software to detect transactions and IDS are usually held responsible for this. Where Security First appears to have made a breakthrough is in devising sufficiently resistant security systems to keep such villains at bay.

Microsoft’s Windows 95 operating systems has been criticized by industry experts for being vulnerable to security breaches, reveals Computer Weekly. The problem is said to arise because Microsoft is alleged to have deliberately left out some security features because they slow down the system. These include protection from unauthorized boot-ups from floppy disks and barriers to keep out temporary files sent across the Internet. Microsoft, in the UK, has confirmed that some of the security features had been removed from Windows 95 to speed up the operating system and suggested that users who need better security should use Windows NT. This has led to a number of companies rushing to sell add-on security features for Windows 95 to allow corporate users to feel safe with the operating system.

At the core of the bank’s cyberspace presence are HP9000 PA-Rise Unix servers, running a specially customized version of HP-UX provided by SecureWare. The federally approved operating system is part of a three-tier security platform featuring encryption technologies from Netscape and various firewalls and filtering routers. Never the less, gaining federal approval was a hard-earned coup for Security First. Security First maintains that even if hackers did breach its external defences, the worst they could do would be to initiate bill payment, the maximum transfer at any one time being limited to $3000. He adds, ‘The processing costs involved in breaking the algorithm would be no less than $20 000, so the economics of hacking just wouldn’t make sense.” It is clear that Security First’s venture will be watched closely by the rest of the banking community,

4

Long distance phone calls via the Internet Telescape Communications Inc., a Canadian company, has launched a piece of software that enables its users to make long-distance telephone calls over the Internet. The Globe and Mail reports that the company expects the software to sell to people who want to cut their communications costs for long-distance engineering, education, medicine, training and any activity involving document sharing. The product, called ts telecom, also enables users to send digital documents back and forth over the same line on which they are talking - while they are talking - and to post a picture, called a picture signature that can be changed during the conversation.

7

But talking on the Internet is not like talking on the telephone. Because of the technology built into most computers, the line can only be open in one direction at a time. You cannot talk and hear the other person at the same time. The product gives users a visual cue on their computer screens when the other party has released the microphone button and it’s their turn to talk. One of Telescape’s competitors, Camelot Corp., has software called Digiphone that is two-way, but the sound cards in most PCs are incapable of sending and receiving at the same time. There are also issues of security and privacy. Internet conversations can travel through many different computers on the network, where they are vulnerable to interception. However, Internet telephony is young and will evolve quickly.

Protection from viruses for E-mail Integralis have announced the launch of the Simple Mail Transport Protocol (SMTP) version of its electronic mail security software. The company claims that MIMEsweeper for Internet protects the corporate LANs from viruses and macro bombs hidden within incoming E-mail. The version of the product for the Internet offer Internet users automated security checks on incoming E-mail and Internet transactions, alerting network managers to the presence of unidentifiable attachments or viruses. In addition, an Authorised Mail User (AMU) utility enables the administrator to control which network users can send and receive E-mail via the Internet. The product incorporates store and forward

01995 Elsevier Science Ltd