Nothing says there's a hole in your security like someone walking off with your servers. You could spend millions of dollars on access lists, firewalls, USB tokens, virus scanners, VPNs, passwords and patches to secure your network from online invasions, but none of those will protect you from offline attacks.
Physical security is essential. It prevents your machines from being stolen, damaged or taken offline by someone flipping the power switch, and it restricts physical access by an adversary who might want to attack your network.
So what do we do with Jeffrey Parson, the 18-year-old whose Blaster variant attacked 7,000 computers last month? Technically, he faces one count of intentionally causing damage to a protected computer. And if that charge sticks, he could face a maximum of 10 years in prison and a $250,000 fine. Is that what's deserved by Parson and other loathsome bastards--also known by the inappropriately benign designation of hacker--like him who use their technical skills to attack and damage computers and the organizations those computers support?
EnterEdge has discovered a Denial of Service condition in ISS RealSecure Server Sensor 7.0. The condition is present when running ISS's RealSecure Server Sensor 7.0 on a Microsoft IIS server with SSL. By passing invalid unicode characters via ssl, the server sensor will shut down the IIS service. This was tested with IIS 5.0 using ISS server sensor 7.0 xpu 20.16 and 20.18. ISS was notified and has since released xpu 20.19 which resolves this DoS vulnerability.
Still recovering from a summer of Internet infections, colleges are taking unusually aggressive steps to protect campus computer networks from virus outbreaks.
Students returning to classes are finding themselves summarily unplugged if their computers are infected. Oberlin College in Ohio is threatening to fine students $25 for inadvertently spreading a virus.
Ziff Davis Media Inc.'s Aug. 19 eSeminar, "Making sense of VPN challenges," revealed high levels of concern among the several hundred attendees in areas such as justifying virtual private network costs and choosing among various technical options. This event continued, in a sense, the VPN discussion that began during our April 16 eSeminar, "VPN strategies."