|
|
|
archives If you want an RSS feed try this
Saturday, August 02, 2003All FUD over RPC-DCOM
 Microsoft and the Windows RPC vulnerability seems to be causing every major pundit in the industry to be a little nervous. CERT has issued a major advisory, CERT® Advisory CA-2003-19 Exploitation of Vulnerabilities in Microsoft RPC Interface laying out the details of the potential exploit. Even the Department of Homeland Security's National Infrastructure Protection Centre have issued a warning in which they claim a 'Potential for significant Impact on internet operations..'. The SANS institute top port scan list shows that there is a significant trend upwards on port 445 (Windows SMB) but no other significant changes. In addition netbios-ns (137), www (80), and ms-sql-m (1434) make up the top 4. They are currently posting it as a green/yellow alert, indicating some 2000 sources are scanning for the flaw.So what's the significance of this activity? Well apart from the obvious, i.e. read the CERT advisory for the technical data. It looks to ecommnet we have another Slammer worm style of incident looming. True it has the potential to be even bigger but our (my ®©)original criticism still holds true, no public system should have the afflicted ports exposed on the internet, don't use DCOM on a web facing machine, and definitely don't use DCOM through the firewall. Related Links MSS flaw highlights e-security laziness The same MSS flaw article in The Register Department of Homeland Security Advisory (updated) MSFT bulletin (MS03-026) Growing fears over net threat posted by Robert Campbell 10:03 AM Wednesday, July 30, 2003Bye bye lap-top bye bye
 The case of the disappearing lap-tops. Laurence Alleyne was charged with theft of a laptop from Whitehall in an appearance at Bow Street Magistrates court this morning. Another reminder that laptops and PDAs are a high profile target for the opportunistic thief and possibly in this case something more sinsister as this is at least the third lap-top to have gone missing from the Government offices in London this week.We are not aware if the lap top was protected in any way or if it contained any sensitive data. A Cabinet Office spokesperson is reported to have said.."None of the laptops contained sensitive information," well they would say that wouldn't they? ecommnet recommends you secure your company's data on your laptop and PDA. Related Links Whitehall laptop theft prompts security concerns Laptop safety - a guide for spies posted by Robert Campbell 5:45 PM Monday, July 28, 2003Don't despair, PANIC!
 Veritas announced earlier today some surprising results of a research survey carried out by Dynamic Markets on the subject of email systems failure and the effect it has. 500 CIO and IT Managers across the USA, UK, Europe and South Africa were canvassed on the notion of losing access to email. Most responded with the view it would be worse than Divorce, Moving house, or all of the other traumatic of life's stressful events.This report, however 'independent' surely does corroborate the commonly held notion that to most companies email is more important than the telephone. Another recent survey carried out by vianetworks supports this view. ecommnet's view is that most business should now be considering email archiving solutions along side of dual sourced internet connections, and using load balancing mechanisms to provide fault tolerant connectivity as a matter of course. Related Links Radware fault-tolerant IP solutions email archiving Veritas press release : E-mail Difficulties Place Businesses at Risk, Cause Work Stress, and Jeopardize Jobs posted by Robert Campbell 5:52 PM
|
