Articles
Writers

Computer Security Weekly, July 26, 1999


© Robert Slade

Jul 26, 1999


Bruce Schneier, in his Crypto-Gram newsletter, has noted that a variety of attacks on encryption systems have successfully penetrated the packages without directly attacking the encryption algorithm itself. This is an important, and often ignored point. The security of the system rests in the proper operation of all the parts, and doesn't just rely on the size of the lock on the front door.

Back issues of Crypto-Gram are available at http://www.counterpane.com.

Details are being held back about the inner workings, but Microsoft has issued what seems to be a fairly serious security bulletin.

Those who have been privy to the details say that it is vital, and that a huge number of sites are at risk. Apparently, any Microsoft Web Server, Exchange Server, SQL Server or IIS box is vulnerable.

Some years ago, a fire in a telephone substation in a Chicago suburb caused, because of cascading effects, a huge telephone outage in the US midwest. Apparently the lessons have not been learned. The recent Bell substation fire in Toronto caused massive disruptions, and involved:
  • automatic sprinklers going after a small fire and cuasing massive electrical arcing
  • emergency phones out of service due to power failure
  • no remote power shut-off
  • backup power that would only operate if the entire building was isolated
  • insufficient backup power capacity
  • a security policy that did not allow emergency repairs over the weekend
Netcom has had some recent outages. Interestingly, this seems to indicate something about Netcom's internal system administration, since usernames starting with certain letters of the alphabet were affected in two different incidents.
We have noted before the problem of spam and virus filters deleting mail under the mistaken impression that it contains a virus. Now the highly regarded Junkfilter is generating false results due to searching the entire text for certain strings, rather than just headers.
Bright Light Technologies has introduced a new "free" service to users of POP-based e-mail that attempts to filter out most unsolicited e-mail before it reaches the user. Unfortunately, the way in which it works forms a single point of failure, a point of attack, and a possible privacy problem. You have to route all of your email through the Bright Light servers in order to use the system. Spam can be annoying, but you might want to think twice before using this system.
A recent poster on the RISKS-FORUM Digest noted a possible problem with email attachments and long file names. Now that really descriptive filenames are possible, you might want to avoid sending out file attachments with names like

Go To Page: 1 2


The copyright of the article Computer Security Weekly, July 26, 1999 in Computer Security is owned by . Permission to republish Computer Security Weekly, July 26, 1999 in print or online must be granted by the author in writing.

Post this Article to facebook Add this Article to del.icio.us! Digg this Article furl this Article Add this Article to Reddit Add this Article to Technorati Add this Article to Newsvine Add this Article to Windows Live Add this Article to Yahoo Add this Article to StumbleUpon Add this Article to BlinkLists Add this Article to Spurl Add this Article to Google Add this Article to Ask Add this Article to Squidoo




about us Limelight Blog freelance writing jobs careers press room Site Map Terms & Conditions Privacy Policy