Crit.org - Articles

CSS Support Could Be Internet Explorer's Weakest Link

Crit [dot] Org — Thu, 17 Mar 2005 00:00:00 EST

Microsoft will be doing a lot to make developers and customers happy with its pending Internet Explorer release, if partner sources with inside information on the IE 7.0 browser are right. But there's one area where Microsoft won't be winning a lot of applause.

The company will continue to drag its feet by refusing to provide full support for the CSS2 (Cascading Style Sheets Level 2) W3C (Worldwide Web Consortium) standard, Microsoft partners say.

Sources claiming familiarity with Microsoft's IE 7.0 plans said the company will add some additional CSS2 support to its new standalone browser.

VOIP faces threats from spam and offshoring, but how bad?

Crit [dot] Org — Thu, 17 Mar 2005 00:00:00 EST

Picture the world of voice traffic on the Internet as a dark and forbidding place, rife with mobsters, con artists and shadowy sellers of dubious products.

Now picture getting hundreds of calls from these people every day. Imagine your worst day ever of telemarketing, back before the Do Not Call list, and then magnify it 10 times over.

That's the depressing future of VOIP (voice over IP), according to a report just released by the Burton Group. According to analyst Daniel Golding, the report's author, low costs brought on by outsourcing and offshoring, coupled with VOIP communications that are essentially free, can bring you exactly that kind of future, unless you take precautions.

Hackers Control More Than 1 Million PCs

Crit [dot] Org — Thu, 17 Mar 2005 00:00:00 EST

At least a million machines are under the control of hackers worldwide, said security experts in Germany, indicating that the bot and botnet problem is worse than anyone thought.
Using only three computers as "honeypots," machines deliberately left open to attack, thus attracting hackers and their bots so researchers can capture data on their actions, German security analysts at Aachen University were able to identify more than 100 botnets during a three-month project. Those botnets ranged in size from only a few hundred compromised PCs to several of up to 50,000 systems.

The volume, the Honeynet Project researchers said, was staggering. Even using conservative estimates, they projected over a million PCs worldwide are currently under the control of hackers running botnets.

McAfee Unveils Managed Security Tools For SMBs

Crit [dot] Org — Thu, 17 Mar 2005 00:00:00 EST

McAfee released a new tool that helps small and midsize businesses centralize management of protection against viruses and spyware. The tool, dubbed the McAfee ProtectionPilot, was unveiled Wednesday and is part of the new McAfee SMB Editions product suites.

According to David Roberts, senior vice president of channels for North America at the Santa Clara, Calif.-based vendor, the new product will be sold exclusively through the channel.

"This is designed to make it easy for channel partners to get into managed services for the small- and medium-size business market," he said. "As we looked at the needs of the SMB customer, we realized that it was best to let our channel partners help them out."

Specifically, the ProtectionPilot gives customers a graphical dashboard that coordinates realtime virus and spyware information from all over the network. It also boasts a threat information monitor that automatically shows emerging viruses of medium and higher importance as identified by McAfee AVERT.

Legislation Won't Stall The Spyware Juggernaut

Crit [dot] Org — Thu, 17 Mar 2005 00:00:00 EST

Spyware has reached such epidemic proportions that legislators in the US Congress as well as state legislatures are responding to public outrage by drafting bills to prohibit its distribution, stem abusive practices and protect Internet user privacy. Unfortunately, pending and recently enacted anti-spyware laws are considerably flawed and could actually cause more harm than good. In fact, many experts believe we'd be better off if we'd simply put more effort into enforcing existing laws that prohibit fraud and deceptive business practices. And nearly all knowledgeable parties acknowledge that spyware is a technology problem that requires a technology solution.
New Laws, Plenty Of Flaws

Three pieces of legislation are receiving attention and attracting most of the debate.

- Bill S.2145, the SPY BLOCK Act, seeks to "to regulate the unauthorized installation of computer software, to require clear disclosure to computer users of certain computer software features that may pose a threat to user privacy, and for other purposes.... "

Symantec Fixes DNS Cache Poisoning Problem

Crit [dot] Org — Thu, 17 Mar 2005 00:00:00 EST

Symantec on Tuesday released updated hotfixes for several of its gateway products that suffer from a vulnerability hackers have already used to poison DNS caches and redirect users to malicious sites.

Although Symantec released patches earlier this month for its Gateway Security 5300 and 5400 Series, the Windows and Solaris editions of its Symantec Enterprise Firewall, 7.0.x and 8.0, and its Symantec VelociRaptor, the new fixes "further hardens the DNSd for protection against an additional potential vector identified by Symantec engineers during our post-analysis," said the Cupertino, Calif.-based security firm in a bulletin on its Web site.

U.S. Government to Test Windows Patches Early

Crit [dot] Org — Mon, 14 Mar 2005 00:00:00 EST

The U.S. government will join select partners of Microsoft in receiving security patches as early as a month before they become generally available. The early-access program, already available to some customers, provides beta test versions of patches so customers can be prepared when vulnerabilities are publicly disclosed.

Microsoft signed a $500 million software deal with the U.S. Air Force last year, which stipulated that the Air Force will join the Security Update Validation Program and test patches before they are officially released. In turn, the military will become a beta tester for Microsoft's updates.According to the Wall Street Journal, the Air Force will first receive the prerelease patches, which, following testing, will be distributed to other government agencies by the Department of Homeland Security.

Desktop Anti-Spyware Is Inadequate

Crit [dot] Org — Mon, 14 Mar 2005 00:00:00 EST

Desktop defenses against spyware are ineffective, said a survey released Monday, an opinion backed by a security analyst wired into the identity theft scene.

Security appliance maker Blue Coat polled more than 300 IT professionals whose companies are using desktop-based anti-spyware solutions from vendors such as Computer Associates, Webroot, Symantec, Lavasoft, Microsoft, and Spybot, and found that nearly three out of four reported that current programs "are ineffective in preventing spyware from infecting their networks."

The survey, which was conducted last month and included IT managers from around the world working in small-, medium-, and large-sized enterprises, also found that spyware was becoming an ever-bigger blight. Eight-four percent of those surveyed said that the spyware problem is worse, or at best the same, as it was three months ago.

Court Stifles Bogus Anti-Spyware Vendor

Crit [dot] Org — Mon, 14 Mar 2005 00:00:00 EST

A company that allegedly scared users into buying its software by offering to eradicate nonexistent spyware has been ordered to cease and desist by a U.S. court, the Federal Trade Commission said Friday.
The FTC filed against Spokane, Wash.-based MaxTheater and its principal, Thomas Delanoy, to stop the company from touting SpyWareAssassin through bogus "scans" claiming the user's PC was infected with spyware.

According to the FTC, which was awarded a temporary restraining order by a U.S. District Court on Friday, SpyWareAssassin used Web sites, banner ads, and popups to drive traffic to its Web site where the company warned "...you WILL eventually experience credit card and/or identity theft and your computer will crash and cease working for good."

Windows More Secure than Linux?

Crit [dot] Org — Mon, 14 Mar 2005 00:00:00 EST

Contrary to popular wisdom, Windows appears to be more secure than a popular version of Linux, according to an upcoming report from two security researchers.
The researchers found that Windows Server 2003 actually had fewer security vulnerabilities identified last year than Linux and that the holes in Windows took less time to patch.

But the study is already attracting controversy for its methodology. Linux proponents note that the two systems have different configurations and are not easily comparable since they contain different functionality out of the box.