- Email: [email protected]
MS Passport authentication system improved
news in The Mail on Sunday was in the public interest. Shayler's solicitor John Wadham, director of civil rights group Liberty, said: “We are definitely going to appeal to the House of Lords, particularly because we want to see the Official Secrets Act reformed and we hope the House of Lords will be able to help on that.”us
INDUSTRY NEWS NDUSTRYEWS
Security under threat from poor practices Evidian has discovered that corporate security could be under threat because of delays when reacting to security problems. For example, Evidian’s research has shown that employees continue to have access to the IT network for an average of two weeks after leaving a company’s employ. Mark Hutchinson from Evidian said: “Companies are unnecessarily exposing themselves to potential breaches of security. Even a novice hacker could infiltrate corporate systems within the time it takes to restrict access. This situation is particularly critical now, when thousands of employees are being laid off by large companies worldwide. This creates frustration and resentment that may tempt ex-employees to exact revenge on their old companies.” Evidian’s information was gathered from 100 mediumto-large companies and public sector organizations in Europe.
Communication breakdowns occur when managers and HR departments fail to inform IT managers that an employee has left. Security is also threatened by shared passwords as, even if an ex-employee’s access is restricted, they are still able to use colleagues’ passwords to access information. A previous Evidian report showed that the delay between an employee leaving and his access privileges being revoked can often be measured in months rather than hours or minutes. Hutchinson said: “In extreme cases, we have found that passwords still work a year after an employee has left the company.” He continued: “The focus in most companies is still very much on firewalls and controlling external access...but now we know the devil more frequently lurks within.” It seems that most current research still points to a company’s biggest asset also being its biggest danger.
MS Passport authentication system improved On 20 September Microsoft announced plans to expand its Passport authentication service to work with enterprises and network service providers. The aim is for Passport to deliver universal, single, open sign-on that spans multiple enterprises and services. Microsoft, in a major change of strategy, will move Passport from browser and Web mechanisms for user
authentication over the Internet to communications based on Kerberos, an authentication system designed to enable two parties to exchange private information across an otherwise open network. The future Passport will use Kerberos directly from the user’s OS to the enterprise’s server OS. A Gartner survey has found that limited consumer interest and a general distrust of the service form the main barrier to Passport’s success. Gartner, therefore, offers enterprises the following advice. • Be aware of consumer’s privacy concerns. • Understand the low levels of trust in Internet companies and retailers. • Take note of the strong consumer resistance to using Passport for ‘one-click’ shopping where they need to store financial and creditcard account information. Microsoft has also announced a range of measures designed to help ensure system security, called the Strategic Technology Protection Program (STPP) This programme includes a downloadable security toolkit, virus related information service and server related security updates. Microsoft VP Brian Valentine said: “Taken as a whole, these measures give customers a comprehensive collection of tools and technologies that not only help ensure the security of their systems, but also minimize administrators' management burden... I cannot emphasize enough how very serious we are about this programme.”
Virus News
Internet worm ‘Vote’ spreads in MS Outlook Yet another Internet worm is on the loose. Like many others that spread via MS Outlook, I-Worm.Vote sends messages to all addresses stored in the Outlook address book then it overwrites all HTML files on the local disk drives. When Windows is next restarted, the worm attempts to delete all files in the Windows directory, and reboots the computer. The worm spreads as an attachment that much be opened to spread. The email message reads: Subject: Fwd: Peace BeTweeN AmeriCa and IsLam !
Message: Hi iS iT A waR Against AmeriCa Or IsLaM !? Let’s Vote To Live in Peace!
Attachment name: WTC. exe
If the worm is executed it sends infected messages to all addresses stored in the Outlook address book, then it opens two Internet browsers utilizing sites that are presently closed. It also replaces the Internet Explorer start-up page with one of its own. Then, the worm drops two different VBS files. The first file, ‘MixDaLaL.vbs’ runs immediately in the Windows folder. This file has a script program that searches for files with HTM and HTML extensions on all removable and local hard drives, and overwrites them with the following text: 3
INDUSTRY NEWS NDUSTRYEWS
Security under threat from poor practices Evidian has discovered that corporate security could be under threat because of delays when reacting to security problems. For example, Evidian’s research has shown that employees continue to have access to the IT network for an average of two weeks after leaving a company’s employ. Mark Hutchinson from Evidian said: “Companies are unnecessarily exposing themselves to potential breaches of security. Even a novice hacker could infiltrate corporate systems within the time it takes to restrict access. This situation is particularly critical now, when thousands of employees are being laid off by large companies worldwide. This creates frustration and resentment that may tempt ex-employees to exact revenge on their old companies.” Evidian’s information was gathered from 100 mediumto-large companies and public sector organizations in Europe.
Communication breakdowns occur when managers and HR departments fail to inform IT managers that an employee has left. Security is also threatened by shared passwords as, even if an ex-employee’s access is restricted, they are still able to use colleagues’ passwords to access information. A previous Evidian report showed that the delay between an employee leaving and his access privileges being revoked can often be measured in months rather than hours or minutes. Hutchinson said: “In extreme cases, we have found that passwords still work a year after an employee has left the company.” He continued: “The focus in most companies is still very much on firewalls and controlling external access...but now we know the devil more frequently lurks within.” It seems that most current research still points to a company’s biggest asset also being its biggest danger.
MS Passport authentication system improved On 20 September Microsoft announced plans to expand its Passport authentication service to work with enterprises and network service providers. The aim is for Passport to deliver universal, single, open sign-on that spans multiple enterprises and services. Microsoft, in a major change of strategy, will move Passport from browser and Web mechanisms for user
authentication over the Internet to communications based on Kerberos, an authentication system designed to enable two parties to exchange private information across an otherwise open network. The future Passport will use Kerberos directly from the user’s OS to the enterprise’s server OS. A Gartner survey has found that limited consumer interest and a general distrust of the service form the main barrier to Passport’s success. Gartner, therefore, offers enterprises the following advice. • Be aware of consumer’s privacy concerns. • Understand the low levels of trust in Internet companies and retailers. • Take note of the strong consumer resistance to using Passport for ‘one-click’ shopping where they need to store financial and creditcard account information. Microsoft has also announced a range of measures designed to help ensure system security, called the Strategic Technology Protection Program (STPP) This programme includes a downloadable security toolkit, virus related information service and server related security updates. Microsoft VP Brian Valentine said: “Taken as a whole, these measures give customers a comprehensive collection of tools and technologies that not only help ensure the security of their systems, but also minimize administrators' management burden... I cannot emphasize enough how very serious we are about this programme.”
Virus News
Internet worm ‘Vote’ spreads in MS Outlook Yet another Internet worm is on the loose. Like many others that spread via MS Outlook, I-Worm.Vote sends messages to all addresses stored in the Outlook address book then it overwrites all HTML files on the local disk drives. When Windows is next restarted, the worm attempts to delete all files in the Windows directory, and reboots the computer. The worm spreads as an attachment that much be opened to spread. The email message reads: Subject: Fwd: Peace BeTweeN AmeriCa and IsLam !
Message: Hi iS iT A waR Against AmeriCa Or IsLaM !? Let’s Vote To Live in Peace!
Attachment name: WTC. exe
If the worm is executed it sends infected messages to all addresses stored in the Outlook address book, then it opens two Internet browsers utilizing sites that are presently closed. It also replaces the Internet Explorer start-up page with one of its own. Then, the worm drops two different VBS files. The first file, ‘MixDaLaL.vbs’ runs immediately in the Windows folder. This file has a script program that searches for files with HTM and HTML extensions on all removable and local hard drives, and overwrites them with the following text: 3