You may never think about it, but many of your online activities may be monitored and analyzed. Advertising companies, government agencies, and private users can use traffic analysis to gather information about which Web sites and pages you visit, what newsgroups you read, and whom you talk to on IRC. While there is no need to be paranoid (or is there???), you can keep your online communication private. The Tor project can help you with that.
Several high-profile distributors of the BSD version of the Telnet protocol have rolled out patches for a critical bug that could cause system-hijack attacks.
The bug, which was reported by iDefense Inc., is a remotely exploitable buffer overflow that could allow the execution of arbitrary code with user privileges. A successful attacker would have to convince the user to launch a Telnet session with a malicious server. A malicious Web page could be designed that could launch the Telnet client on the user's system by clicking a link, or, using the IFRAME tag, by loading the page.
Security software company Symantec acknowledged that software flaws in some of its antivirus products could allow malicious hackers to use denial of service (DOS) attacks to crash systems running the software, disrupting automatic protection features. On Monday, the company posted a notice on its Web page that described two DOS vulnerabilities in the 2004 and 2005 editions of Symantec Norton Antivirus, Norton Internet Security and Norton System Works. The company has patched the holes and distributed software updates to users of the LiveUpdate automatic update service.
The board was dumbfounded. Only six individuals were on the circulation list that detailed its confidential deals, and yet details of the company's acquisition plans were appearing on a Yahoo notice board within minutes of being distributed. This was not only embarrassing — it could land them in hot water as the firm was listed on the US stock market. It seemed a little too "James Bond", but someone suggested that they use a little counter-intelligence to try to get to the bottom of it. The decoy message leaked too, but it gave them a lead. The source had to be internal.
Recent surveys looking for the number one reason behind IT security breaches point an accusing finger at staff abuse of workplace IT systems, one of the more recent and memorable examples being civil servants using the web to access offensive or inappropriate material.
Such stories project a less-than-responsible view of staff when it comes to using IT at work. Whether intentional or otherwise, from an abuse of trust or an abuse of understanding, the misuse of a network by a workforce dangerously undermines its integrity.