Internet Security and Prevention

Report: Internet applications to become more vulnerable in 2005
According to IT consultants at Unisys, applications and their sub-systems will come under increasing hacker vulnerability in 2005. Whereas most attacks are currently made against operating systems or browsers, Unisys believes that applications are the next target as they are just as vulnerable but are not as high on IT managers' agendas for patching. The company expects so-called 'lemon laws' to spring out of such attacks, as customers seek legal redress for faulty software. "In 2005 we will see security challenges with significant business impact - legal, economic and technological," said Unisys chief security advisor Sunil Misra in his end of year report. "Enterprises will find themselves challenged as never before to make focused, strategic and pervasive investments in security. But those investments will be necessary for any organisation." The company also forecasts that next year the mobile arena will become the focus for virus writers, and that hackers will increasingly group together to carry out co-ordinated attacks. As phones become more capable and connected using a variety of radio technologies, they become more vulnerable to attacks seeking to steal personal data, Unisys warned. The company also pointed to the increasing danger posed by a new generation of hackers motivated by economic gain who will not hesitate to cause major damage to systems if their demands are not met.

Are desktop search engines safe to use?
Desktop search features and newer computer indexing tools such as Google's Desktop Search could cause security risks. The reason is simply because companies that use the Secure Sockets Layer (SSL protocol) to remote access or VPN, these protocols could copy content accessed during any SSL session and make it available to anybody that later uses the same computer. Caches created by PC search tools get around the security many SSL vendors have put in place to purge cached data from remote machines as secure sessions shut down. These so-called cache-cleaning agents wipe out temporary files created during SSL sessions, but they don't wipe out the copies made by the search tools. "You could end up caching and indexing files you don't want cached and indexed on machines outside your control," says Dan Harman, remote access administrator for real estate developer Lewis Group in Upland, Calif., which uses SSL remote-access gear made by Whale Communications Ltd.

Trojan horse spies on unsuspecting Internet banking customers
Security experts say they've discovered a Trojan horse that records e-banking user details and Web surfing habits. Antivirus company Sophos is warning that the Banker-AJ Trojan is targeting online customers of British banks such as Abbey, Barclays, Egg, HSBC, Lloyds TSB, Nationwide and NatWest. The Trojan affects computers running Microsoft Windows. The company said that once installed, the Trojan waits for users to visit their online banking Web sites, then captures passwords and takes screenshots of the session. The information is relayed to the hackers behind the ploy, who use the data to steal money. "It's the next generation of phishing attacks," said Graham Cluley, senior technology consultant for Sophos. "These rely on people going to real, legitimate sites. Once the Trojan determines that you've gone there, it starts taking keystroke logs and snaps shots of machines and sends it back to hackers." Phishing scammers typically set up bogus Web sites to capture victims' personal information. They send e-mails that appear to come from trusted companies to lure people to the fake sites, where victims are asked to enter information such as credit card data. Attacks frequently target bank customers, but eBay and Amazon.com have also been recent targets.

Internet attacks on corporate networks constantly increasing
Many security companies will be making product announcements at this week's Computer Security Institute (CSI) show in Washington, D.C., but the show starts on an eye-opening note with a new survey indicating network security breaches are definetely on the increase. According to a research report sponsored by Britestream Networks Inc., 76 per cent of respondents believe their network is more secure than it was a year earlier, but at the same time 81 per cent say that attacks on their network are increasing. The national survey was conducted last month by Q&A Research among 300 IT professionals in companies with annual revenues of more than US$30 million. Other findings from the report were equally sobering. For instance, one in five respondents said a hacker had gained access to their company's network. "We were surprised that many IT managers are feeling fairly secure," said Warren Pino, CEO of Q&A Research Inc. "Because they made investments in network security last year, two-thirds of respondents feel that their network is more secure than their competitor's.

Group sets minimum standards for Internet security firewalls
A small group of security companies has set a baseline standard for application firewalls and has challenged the industry's biggest players to put their goods to the test. The Applications Security Consortium, comprised of F5 Networks, Imperva, NetContinuum and Teros, plans to make its formal launch at the Computer Security Institute's annual conference in Washington, D.C., on Tuesday. The joint initiative aims to establish "minimum criteria" for protecting Web-based applications. "The four of us have expertise in application firewalls, and it occurred to us independently that there was a need for clarification in the market," said Gene Banman, chief executive of NetContinuum, who noted the group formed last month. "The incumbent security vendors have made claims about application firewalls that have created confusion in the space." The Applications Security Consortium's five criteria for application firewalls say a product must: Detect and block application inputs containing malicious executable commands.

Security hole makes available employee payroll records on the Web
Many payroll records of at least twelve companies were available to the Internet by an Internet security hole in the online W-2 service of PayMaxx, the accounting firm has acknowledged today. The security flaw, uncovered by a Web application programmer this week, affected a limited number of customers, PayMaxx said Thursday in a statement sent to CNET News.com. PayMaxx closed the site Wednesday, after the researcher claimed that two security holes had exposed data on more than 25,000 people. Only six attempts to access unauthorized data were made in the week before the company shuttered the site, Tennessee-based PayMaxx said. The company said no other attempts had been made to exploit the vulnerability. "Based on our initial analysis, the potential exposure is limited to a small number of companies and W-2 forms," PayMaxx said. "We have no evidence to substantiate that any other access has occurred."

Even with XP-2, there are still many security bugs left in Windows
Two new security holes in Internet Explorer 6.0 were unveiled by a security firm Wednesday that enables hackers to bypass some security features, even in Microsoft's most secure OS, Windows XP SP2. According to Danish security company Secunia, the "highly critical" vulnerabilities stem from a flaw in IE's drag-and-drop feature and in the browser's security zone. Hackers could exploit these bugs by enticing users to malicious Web sites, where specially crafted files--including image and help files--could compromise the PC, leaving it open to attack or hijack. Both bugs can be exploited to circumvent Windows XP SP2's Local Computer zone lockdown security feature, said Secunia. "This has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2," wrote Secunia in its online alert.