Networking

A group of government and private security experts took the unusual step Monday of publicly urging businesses worldwide to guard themselves against the Code Red worm, set to reactivate Tuesday with possibly dire consequences for the Internet.

Representatives from Microsoft, federal security agencies and various trade groups held a globally televised press conference to urge businesses to install a Microsoft software patch that prevents Code Red from infecting servers running Microsoft's server software.

Verizon Wireless and AT&T Wireless Group are investigating a security breach that may have allowed outsiders to see confidential information of at least hundreds of their customers. Officials from both companies confirm that they are looking into an apparent security breach that permitted information of a number of users to be circulated publicly in Internet chat rooms. The situation has prompted investigations by at least two police units in California and Oklahoma.

Laptops have become a valuable part of the computing arsenal. They allow users powerful mobile computers with the same capacity and software of many desktops. They also allow connectivity, even outside the office, thus freeing people to take their workplace with them. This is extremely valuable for employees who must travel frequently while remaining in continual communication with their offices. Unfortunately, the mobility, technology and information that make laptops so useful to employees and organizations also makes them valuable prizes for thieves.

Network administrators have been scrambling to secure their servers since news of a vulnerability in the Telnet program -- used to remotely access servers -- first came to the public's attention last week when a group of network security enthusiasts called TESO Security posted advisories to several security mailing lists.

Survey Sites Top Two Security Breaches Come From "Insiders". Layoffs, mergers and acquisitions increase chance of security breach. Companies are increasing their spending on network security on Network Security.

Security software developer Camelot and eWeek magazine announced today the results of a nationwide network security survey revealing authorized users, such as employees, contractors and consultants, commit the majority of security breaches at companies.

Techno-hypemeister and headline glutton Steve Gibson has joined the Electronic Pearl Harbor dog and pony show alongside Ron Dick's NIPC, bellowing and trumpeting about lakes of fire to be ignited by the Code Red IIS worm which is due to return from dormancy this week. The worm went silent on the 28th, though a few machines with incorrectly set clocks will undoubtedly continue to scan, perpetuating the infection somewhat.

SANS, Microsoft, the NIPC, CERT/CC and four other leading security organizations released the following alert today (Sunday, January 29) at 4 pm. EDT.

A Very Real and Present Threat to the Internet: July 31 Deadline For Action

Summary: The Code Red Worm and mutations of the worm pose a continued and serious threat to Internet users. Immediate action is required to combat this threat. Users who have deployed software that is vulnerable to the worm (Microsoft IIS Versions 4.0 and 5.0) must install, if they have not done so already, a vital security patch.....

This is a copy of a CERT warning issued late 7/26 that warns about a possible large resurfacing of the Code Red worm and its variants on August 1st:

Security companies that want to be taken seriously don't hire
hackers, whether their exploits have been for good or bad
purposes, according to Adam Joseph, CEO and president of
Trusecure.

Joseph said hackers undoubtedly have great skills in penetrating
companies' computer systems but he and other security
professionals are working on a different level - the business of
risk prevention.

Only two out of 50 firewalls at a leading Swiss bank were configured correctly -- just one
instance of security that is all that it should be

Network security is being overestimated by IT managers because they are failing to manage
protective software properly, according to a security expert.