- Email: [email protected]
Police ruling reveals CMA weakness
Abstracts of Recent Articles and Literature
existing products to produce off-the-shelf security solutions at reasonable prices, rather than expensive bespoke solutions. The first demonstrations will take place in London for three target audiences: the MOD, other Government departments and the commercial market. PC Week, October 8, 2996, p. 3. InterScan E-Mail Viruswall 1.5,&k Lyon. Is your network safe from a virus? Most common virus protection programs can’t catch rogue code when it’s transferred to your network in the form of a MIME E-mail attachment or a Uuencoded Internet file. Trend Micro’s InterScan E-Mail VirusWrall runs on any NTbased server, and catches viruses in E-mail attachments. The software grabs an attachment before it gets to your network’s SMTP gateway, decodes it, checks it against a list of 8000 viruses, recodes it, and sends it along. If VirusWd finds a virus, the message is either forwarded to the administrator for inspection or automatically deleted. The firewall cannot detect viruses that network users download via an HTTP or FTP server. However, using it in tandem with a client-side virus package gives double protection for keeping NT networks virus-free. PC Computing, December 1996, 296. Laroux macro virus strain hits Excel, Stewart Deck and Lisa Picarelle. Security experts at the NCSA have warned that a variant of the Laroux macro virus is quickly spreading through Microsoft’s Excel spreadsheet program. The virus affects PERSONALXLS files in Excel Versions 5.0 and 7.0 that run on Windows 3.1 or 95. Once a user’s version of Excel is infected, any worksheets created using that release will contain the virus. One security expert warned users that although the Excel virus wasn’t “designed to do explicit damage, it is still dangerous”. Stephen Cobb, director of special projects at the NCSA, said, “Most of the damage this one will cause will take place on the disinfecting and cleanup process. In removing the virus, people can delete legitimate macros. That’s where most of the data is lost. How can you tell if you are infected? If you use the Tools Macro command and see a dialogue box that says, “PERSONAL.XLSauto_open, auto-open, PERSONALXLS check_files,check_files”,you may well be. The NCSA recommends anti-virus products that provide “proactive, real-time protection at the desktop” to combat this strain of the Laroux virus. Covllputenuorld, November 18, 1996, p. 2. Police ruling reveals CMA weakness. In the UK,
686
the convictions against two police officers, PCS Paul Bignell and Victoria Parker, who accessed the Police National Computer (PNC) for personal reasons were quashed, exposing a possible loophole in the country’s Computer Misuse Act 1990. The Data Protection Registrar,Elizabeth France, has called for clarification of the laws, as it is now unclear whether it is an offence for authorized officers to browse the PNC for private reasons. Mrs France said, “We shall have to get clarification of the Act on a point of law and decide whether it is a loophole. The decision seems to suggest it is.” Back in June, the two Metropolitan police officers were found guilty ofmisusing the PNC and fined A300 each. They were convicted oflooking for information on the lover of PC Bignell’s estranged wife. However, their convictions were quashed after ajudge decided that they had permission to access the PNC even though they were using the database for private and unauthorized purposes. Elizabeth France said that the Crown Prosecution Service may have to establish the legal position of similar cases. If a loophole is found, then Government ministers will have to be consulted to close it. Computing October 3, 1996, p. 3. Telephone fraud poses threat to UK business, James Governor. Businesses in the UK are losing millions of pounds a year through telephone fraud. The results of a report written by research company benchmark show that, “Unless the threat of telephone fraud is brought to the attention of the UK’s decision makers and action is taken to alleviate the problem, telephone fraud will be a chink in the corporate security of UK industry and will dramatically alter its financial success.” Though only 6% of respondents to the survey have knowingly been victims of telephone hacking, a third of the organizations admitted they would be unaware if they had suffered from it. Telephone fraud includes unauthorized access to a corporate telephone network via a company’s PBX system or theft of confidential information. One company admitted that telephone fraud had cost it A62 000 in just four days. Of the respondents, 30% had no idea how long it would take them to detect fraud. A common hacking technique involves direct inward system access, a PBX-based function enabling employees who are not in the office to make use of facilities such as ‘onward dialling’oflong-distance calls.A spokesman for the Telecom Users’Association said,“Telephone
existing products to produce off-the-shelf security solutions at reasonable prices, rather than expensive bespoke solutions. The first demonstrations will take place in London for three target audiences: the MOD, other Government departments and the commercial market. PC Week, October 8, 2996, p. 3. InterScan E-Mail Viruswall 1.5,&k Lyon. Is your network safe from a virus? Most common virus protection programs can’t catch rogue code when it’s transferred to your network in the form of a MIME E-mail attachment or a Uuencoded Internet file. Trend Micro’s InterScan E-Mail VirusWrall runs on any NTbased server, and catches viruses in E-mail attachments. The software grabs an attachment before it gets to your network’s SMTP gateway, decodes it, checks it against a list of 8000 viruses, recodes it, and sends it along. If VirusWd finds a virus, the message is either forwarded to the administrator for inspection or automatically deleted. The firewall cannot detect viruses that network users download via an HTTP or FTP server. However, using it in tandem with a client-side virus package gives double protection for keeping NT networks virus-free. PC Computing, December 1996, 296. Laroux macro virus strain hits Excel, Stewart Deck and Lisa Picarelle. Security experts at the NCSA have warned that a variant of the Laroux macro virus is quickly spreading through Microsoft’s Excel spreadsheet program. The virus affects PERSONALXLS files in Excel Versions 5.0 and 7.0 that run on Windows 3.1 or 95. Once a user’s version of Excel is infected, any worksheets created using that release will contain the virus. One security expert warned users that although the Excel virus wasn’t “designed to do explicit damage, it is still dangerous”. Stephen Cobb, director of special projects at the NCSA, said, “Most of the damage this one will cause will take place on the disinfecting and cleanup process. In removing the virus, people can delete legitimate macros. That’s where most of the data is lost. How can you tell if you are infected? If you use the Tools Macro command and see a dialogue box that says, “PERSONAL.XLSauto_open, auto-open, PERSONALXLS check_files,check_files”,you may well be. The NCSA recommends anti-virus products that provide “proactive, real-time protection at the desktop” to combat this strain of the Laroux virus. Covllputenuorld, November 18, 1996, p. 2. Police ruling reveals CMA weakness. In the UK,
686
the convictions against two police officers, PCS Paul Bignell and Victoria Parker, who accessed the Police National Computer (PNC) for personal reasons were quashed, exposing a possible loophole in the country’s Computer Misuse Act 1990. The Data Protection Registrar,Elizabeth France, has called for clarification of the laws, as it is now unclear whether it is an offence for authorized officers to browse the PNC for private reasons. Mrs France said, “We shall have to get clarification of the Act on a point of law and decide whether it is a loophole. The decision seems to suggest it is.” Back in June, the two Metropolitan police officers were found guilty ofmisusing the PNC and fined A300 each. They were convicted oflooking for information on the lover of PC Bignell’s estranged wife. However, their convictions were quashed after ajudge decided that they had permission to access the PNC even though they were using the database for private and unauthorized purposes. Elizabeth France said that the Crown Prosecution Service may have to establish the legal position of similar cases. If a loophole is found, then Government ministers will have to be consulted to close it. Computing October 3, 1996, p. 3. Telephone fraud poses threat to UK business, James Governor. Businesses in the UK are losing millions of pounds a year through telephone fraud. The results of a report written by research company benchmark show that, “Unless the threat of telephone fraud is brought to the attention of the UK’s decision makers and action is taken to alleviate the problem, telephone fraud will be a chink in the corporate security of UK industry and will dramatically alter its financial success.” Though only 6% of respondents to the survey have knowingly been victims of telephone hacking, a third of the organizations admitted they would be unaware if they had suffered from it. Telephone fraud includes unauthorized access to a corporate telephone network via a company’s PBX system or theft of confidential information. One company admitted that telephone fraud had cost it A62 000 in just four days. Of the respondents, 30% had no idea how long it would take them to detect fraud. A common hacking technique involves direct inward system access, a PBX-based function enabling employees who are not in the office to make use of facilities such as ‘onward dialling’oflong-distance calls.A spokesman for the Telecom Users’Association said,“Telephone