The number of computer security incidents and attacks detected at businesses worldwide soared by 37 per cent between the fourth quarter of 2002 and the first quarter of this year, fueled in part by a surge in the number of mass-mailing worms, according to a report from Atlanta-based Internet Security Systems Inc.
The large increase in worms and other security-related incidents point to a challenging year ahead for IT security staff, the organization said in a statement. The tally includes relatively minor activities, such as scanning corporate networks for vulnerabilities, and more serious events such as the Slammer worm, which emerged in January and, according to some experts, was the fastest spreading worm yet. The number of worms and hybrid threats between Jan. 1 and March 31 totalled 752, compared with 101 in the fourth quarter of 2002, the report found.
SuSE enterprise Linux set for summer
SuSE Linux AG now plans to ship its SuSE Linux Enterprise Desktop operating system in June. SuSE Linux Enterprise Desktop, which is in beta testing phase now, would be the company’s third desktop operating system, joining home and small office versions.
With many companies using Microsoft Corp.’s Windows as a client to SuSE Linux’s server operating system, SuSE Linux Enterprise Desktop will offer small and large companies an option to run SuSE software on the desktop as well.
Redmond embeds Win XP with Wi-Fi software
Trying to enhance the appeal of Windows XP among wireless users, Microsoft Corp. recently announced it is making a free upgrade available that supports the Wi-Fi Protected Access (WPA) with a new security solution from the Wi-Fi Alliance. The new software is meant to be a replacement for the Wired Equivalent Privacy (WEP) standard that reportedly has more robust methods of data encryption and network authentication, which gives Windows XP users a better guarantee of security, according to Microsoft officials.
According to Microsoft, WPA improves data encryption by resolving existing cryptographic “weaknesses” and introducing a new method to generate and then distribute encryption keys automatically. Each bit of data can be encrypted with a unique key thereby improving security. WPA also works to improve authentication by authenticating each and every user on a network, while at the same time keeping those same users from joining “rogue” networks.
Second Sendmail flaw is uncovered
Systems running Sendmail are at risk of hacker attacks because of a flaw in the way the commonly used e-mail server software handles long e-mail addresses, experts warned earlier this month. This second serious bug announced in recent weeks has some Sendmail users looking for alternatives.
Sendmail does not adequately check the length of e-mail addresses. An e-mail message with a specially crafted address can trigger a stack overflow, potentially allowing an attacker to gain control of a vulnerable Sendmail server, the CERT Coordination Center warned in an advisory, which an be found at www.cert.org/advisories/CA-2003-12.html. Sendmail servers that aren’t directly connected to the Internet are also at risk, since the vulnerability is triggered by the contents of a malicious e-mail message that can be handed on from server to server, CERT said.
Sun drops plans for branded Linux
Sun Microsystems Inc. is ending a seven-month effort to establish its own Linux distribution, because of reluctance on the part of users to deal with yet another version of the open source operating system. A Sun spokesperson said marketing of the Sun Linux 5.0 software that the company announced last August is being curtailed in favour of developing partnerships with other Linux vendors. Sun had positioned its release as nothing but a slightly tweaked version of a standard Linux 2.4 kernel. But the company acknowledged that it felt pressure from users who weren’t interested in having to install and manage multiple versions of Linux.
Officials wouldn’t identify the Linux vendors that Sun is talking with about possible partnership deals. No deadline has been set for reaching any agreements.
