- +
Your World. . . Hacked 02/10/2007 10:51:23
As your business becomes more collaborative and global, the risks to your company’s trade secrets rise proportionally. Fortunately, there are new strategies to protect the data that allows you to competeThe call to Bob Bailey, an IT executive with a major US government contractor, came on an otherwise ordinary day in October 2003. "Why are you attacking us?" demanded the caller, an IT leader with a Silicon Valley manufacturer. He wanted to know why Bailey's company had launched a denial-of-service attack against his network
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Enterprise Wireless WLAN Security
Did you GET the memo? Getting you from Web 1.0 to Web 2.0 Security
Optimized Back-up and Recovery for VMWare for VMWare Infrastructure with EMC Avamar
Realizing the Value of Unified Communications
Solve Exchange Storage Problems Once and For All: A New Approach without Stubs or Links
Radicati Market Quadrant 2008 on Corporate Web Security
Still Sneaking In: The Threats Your Security Tools Aren't Telling You About
Market Trends: Multienterprise/B2B Infrastructure Market | Worldwide | 2008
Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
Microsoft Tuesday patched nine vulnerabilities in Windows, Exchange, SQL Server and the company's Domain Name System (DNS) server and client software.
All nine flaws were rated "important" by Microsoft, the second-highest threat rating in the company's four-step scoring system.
One of the Microsoft fixes for Windows DNS was part of a group of patches issued Tuesday by software vendors to plug a multi-platform hole. The researcher who uncovered the vulnerability called the group patch effort the "largest synchronized security update in the history of the Internet."
Microsoft patched its iterations of DNS in MS08-037, the security bulletin that called out two DNS bugs in every supported version of Windows except Vista.
"We've had four updates to Microsoft's DNS since 2007 -- and one led to a bot, Rinbot, in April 2007," noted Andrew Storms, director of security operations at nCircle Network Security.
Storms was referring to the episode last year when researchers spotted then-new variants of Rinbot exploiting a zero-day flaw in Windows DNS Server Service. The most recent patch for Windows DNS was released as MS08-020 in April, part of that month's eight-update, 10-fix batch of updates.
The fix for the DNS cache poisoning vulnerability, which Dan Kaminsky, a noted researcher and director of penetration testing with US-based IOActive, reported to Microsoft, is part of a larger, coordinated rollout Tuesday. Internet Software Consortium (ISC) has also updated its popular open-source BIND DNS software, which vendors like Red Hat and Sun Microsystems will be pushing to their users Tuesday.
"This is pretty bad, pretty bad," said Kaminsky. "I wish I could go into full detail, but ..."
Kaminsky, who held a news conference Tuesday with Jerry Dixon, former director of the national Cyber Security Division at the US Department of Homeland Security, to discuss the DNS cache poisoning bug, said he would withhold specifics of the vulnerability for about a month. He plans to present his findings at the Black Hat security conference, which runs August 2-7 in Las Vegas.
"But look at how many people have worked this entire year to make this happen," Kaminsky hinted. "This is not your every-day vulnerability. There are vulnerabilities and then there are vulnerabilities. But that doesn't mean you panic."
He predicted that exploits will be crafted for the DNS flaw. "I don't think this will survive reverse engineering."
Storms of nCircle put it into perspective. "A reliable DNS cache exploit means that the probability of redirecting an unsuspecting user to a malicious website has just increased dramatically," he said, urging users -- enterprise administrators in particular -- to install the patch pronto. "Every network administrator in the world needs to drop that iPhone, get off their BlackBerry and patch their DNS now."
Computerworld Member Login
Prioritizing Services with IT Service Management (ITSM)
Computerworld Live Webinar
Wednesday 20th, August 2008
11:00am EST (Sydney, Australia)
To be repeated on:
Thursday 4th, September 2008
11:00am EST (Sydney Australia)
Sign up and receive a free copy of The Forrester WaveTM Service Desk Management Tools, Q2 2008 at the conclusion of the Webinar.
Attend and discover:
- How to deliver value to your business through ITSM
- Best practice ITSM implementation
- Why emphasis is changing from optimizing IT management processes to better servicing customers and demonstrating real dollar value
- If service-oriented ITSM is best for your business
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Tumbleweed appoints O2 Networks to its Australian Channel Partner Program 2008-08-29 12:31:00+10
HP ProCurve Brings Big Business Gigabit Switching Features to Small Businesses 2008-08-29 12:00:00+10
Nortel and LG Electronics are First in World to Demonstrate Mobile LTE Handover 2008-08-29 11:30:00+10
GlobalConnect Provides Treatment for Healthcare Provider’s Contact Support Requirements 2008-08-29 09:59:00+10
Sybase and Logica Partner To Mobilise The Supply Chain 2008-08-29 09:47:00+10
The Next CIO is You
The revolution is underway. Market dynamics are fanning the flame of change and innovation. Business is ultimately only as good as its IT organization. And an IT organization is only as good as its CIO. Read on to discover the revolution changing the role of the CIO. Are you on board?
