- Email: [email protected]
Security vendors move into the peer-2-peer space
neseseptformayfield..qxd
8/28/02
3:29 PM
Page 3
news the Boeing TA4 Advanced Checkout, Control & Maintenance system. RaFa told Computer World that he was not fully aware of the sensitivity of the documents he’d stolen and passed them on to hacker comrades in France. This breach was leaked to the press but raises the question how often does this happen and it is not leaked to the press? NASA investigators are currently investigating the breach. Allegedly the documents were stored in a supposedly secure database. RaFa also presented evidence of a hack into systems at Nasa’s White Sands test facility in New Mexico offering a list of user accounts as proof.
company news
Security vendors move into the peer-2-peer space The security vendors are starting to capitalise on the peer-to-peer market opportunity with Check Point and McAfee both rising to the challenge of protecting P-2-P network users. Check Point has added new capabilities to Check Point FireWall-1 to secure peer-topeer applications such as Gnutella and Kazaa. Focusing on peer-to-peer (P2P) sites, which are among the most popular and widely downloaded sites on the Internet, McAfee.com has entered into a number of partnerships that will allow for the distribution of their SecurityCenter during the download and installation of P-2-P file and music sharing applications.
The download of files using these networks causes overload on corporate network bandwidth and opens up corporate networks to threats such as viruses. “We see the P-2-P community as one of the largest, fastest growing and most active segments on the Internet, and one that would benefit greatly from our world-class security services. With the SecurityCenter we can instantly alert and inform the millions of users on the Internet of current threats”, said Srivats Sampath, president and CEO, McAfee.com. This strategic move from Check Point and McAfee looks like it will pay dividends as the Yankee group has just predicted that the numbers of P-2-P network users will grow significantly. A new report from the Yankee group predicts that the number of consumers downloading audio files via unlicensed file-sharing services will be 7.44 billion in 2005. The figure for 2001 was 5.16 billion audio files. The report concludes that this figure will drop to 3.90 billion in 2007 due to the impact of legitimate music services.
and these are only the victims that have received media coverage. One victim CloudNine suffered a fatal attack in January this year forcing the small UK ISP to close. According to Gary Milo from Webscreen Technology the increase in email distributed worms are responsible for this rise. This was demonstrated in July 2001 when at least 15 000 servers were infected by the Code Red worm, which targeted its attack on the Whitehouse website. The effects were partially alleviated by the Whitehouse changing the IP address of the White house.gov website.
2002 — So far not good, victims of DDoS attacks: • Jan — Dutch Royal Family • Jan — CloudNine • Jan — Tiscali • Jan — Don Host • Jan —GRC.com • Apr — EdNET • Apr — Softcom Technology • May — FTW Publications • May — BCD 2000 • Jun — ABCnews.com • Jun — ESPN
internet news
Who has been hit by the big bad DDoS? So far this year more than twice as many Distributed Denial-of-Service (DDoS) attacks have been publicly released this year compared to the same time last year. Webscreen have compiled a list of high profile victims
• Jun — Theweatherchannel • Jun — Fox News • Jun — 2600.com • Jun — Pakistan Government • July — Strato AG • July — RIAA According to Milo, “Many of these attacks were publicly visible and seen as loss of service to these sites, so little was lost by the companies
in admitting the attacks. Probably nine out of 10 DDoS attacks go unreported. This is in line with all other types of security breaches. Many companies interpret DDoS attacks as simply being an experience of inadequate service from their ISP and are not aware that they are under attack. ”
privacy news
EU to monitor Internet communications The European Union is plotting to change legislation to force all the European telephone carriers, mobile network operators and Internet service providers to store information recording customer's emails, phone calls and visited websites for up to two years. This legislation would apply across Europe and wouldn't be based on an opt-in basis per country. This data would be readily available to governments and law enforcement agencies. The draft framework decision was leaked to a privacy watchdog called Statewatch. The existing legislation regarding communications data retention, the 1997 EU Directive on privacy in telecommunications states that data should be retained for billing purposes only and then deleted. According to Tony Bunyan from Statewatch “EU Governments claimed that changes to the 1997 EC Directive on privacy in telecommunications would not be binding to member states”. 3
8/28/02
3:29 PM
Page 3
news the Boeing TA4 Advanced Checkout, Control & Maintenance system. RaFa told Computer World that he was not fully aware of the sensitivity of the documents he’d stolen and passed them on to hacker comrades in France. This breach was leaked to the press but raises the question how often does this happen and it is not leaked to the press? NASA investigators are currently investigating the breach. Allegedly the documents were stored in a supposedly secure database. RaFa also presented evidence of a hack into systems at Nasa’s White Sands test facility in New Mexico offering a list of user accounts as proof.
company news
Security vendors move into the peer-2-peer space The security vendors are starting to capitalise on the peer-to-peer market opportunity with Check Point and McAfee both rising to the challenge of protecting P-2-P network users. Check Point has added new capabilities to Check Point FireWall-1 to secure peer-topeer applications such as Gnutella and Kazaa. Focusing on peer-to-peer (P2P) sites, which are among the most popular and widely downloaded sites on the Internet, McAfee.com has entered into a number of partnerships that will allow for the distribution of their SecurityCenter during the download and installation of P-2-P file and music sharing applications.
The download of files using these networks causes overload on corporate network bandwidth and opens up corporate networks to threats such as viruses. “We see the P-2-P community as one of the largest, fastest growing and most active segments on the Internet, and one that would benefit greatly from our world-class security services. With the SecurityCenter we can instantly alert and inform the millions of users on the Internet of current threats”, said Srivats Sampath, president and CEO, McAfee.com. This strategic move from Check Point and McAfee looks like it will pay dividends as the Yankee group has just predicted that the numbers of P-2-P network users will grow significantly. A new report from the Yankee group predicts that the number of consumers downloading audio files via unlicensed file-sharing services will be 7.44 billion in 2005. The figure for 2001 was 5.16 billion audio files. The report concludes that this figure will drop to 3.90 billion in 2007 due to the impact of legitimate music services.
and these are only the victims that have received media coverage. One victim CloudNine suffered a fatal attack in January this year forcing the small UK ISP to close. According to Gary Milo from Webscreen Technology the increase in email distributed worms are responsible for this rise. This was demonstrated in July 2001 when at least 15 000 servers were infected by the Code Red worm, which targeted its attack on the Whitehouse website. The effects were partially alleviated by the Whitehouse changing the IP address of the White house.gov website.
2002 — So far not good, victims of DDoS attacks: • Jan — Dutch Royal Family • Jan — CloudNine • Jan — Tiscali • Jan — Don Host • Jan —GRC.com • Apr — EdNET • Apr — Softcom Technology • May — FTW Publications • May — BCD 2000 • Jun — ABCnews.com • Jun — ESPN
internet news
Who has been hit by the big bad DDoS? So far this year more than twice as many Distributed Denial-of-Service (DDoS) attacks have been publicly released this year compared to the same time last year. Webscreen have compiled a list of high profile victims
• Jun — Theweatherchannel • Jun — Fox News • Jun — 2600.com • Jun — Pakistan Government • July — Strato AG • July — RIAA According to Milo, “Many of these attacks were publicly visible and seen as loss of service to these sites, so little was lost by the companies
in admitting the attacks. Probably nine out of 10 DDoS attacks go unreported. This is in line with all other types of security breaches. Many companies interpret DDoS attacks as simply being an experience of inadequate service from their ISP and are not aware that they are under attack. ”
privacy news
EU to monitor Internet communications The European Union is plotting to change legislation to force all the European telephone carriers, mobile network operators and Internet service providers to store information recording customer's emails, phone calls and visited websites for up to two years. This legislation would apply across Europe and wouldn't be based on an opt-in basis per country. This data would be readily available to governments and law enforcement agencies. The draft framework decision was leaked to a privacy watchdog called Statewatch. The existing legislation regarding communications data retention, the 1997 EU Directive on privacy in telecommunications states that data should be retained for billing purposes only and then deleted. According to Tony Bunyan from Statewatch “EU Governments claimed that changes to the 1997 EC Directive on privacy in telecommunications would not be binding to member states”. 3