Spyware, Viruses, & Security forum

General discussion

NEWS: April 22, 2004

Worst Security Problem: Attachments

Security policies and education aren't enough

Want to ruin a security manager?s day? Open an attachment?any unknown attachment will do.

According to a written survey of 200 IT and security managers conducted by Watchguard Technologies at this year?s RSA Conference, about half of all IT managers say the worst security offense a user can commit is opening an unknown attachment.

Opening unknown attachments, of course, is exactly what can launch Microsoft Word and Excel macro viruses, viruses, and worms, as well as Trojan horse software. Given the prevalence of viruses and worms, it?s obvious many users do indeed double-click that attachment. In fact, about 80 percent of respondents indicated a virus had also gotten loose on their network within the last year. Many would be traced back to ill-advised attachment opening.

Of course, if organizations just adjusted their security policies to prohibit opening unknown attachments, or having IT take a look first, then educated users, the problem would go away, right?


Discussion is locked
You are posting a reply to: NEWS: April 22, 2004
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS: April 22, 2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Phishing Scams Increase 1,200% in 6 Months

In reply to: NEWS: April 22, 2004

Beware your email. In the last six months, the number of phishing email scams has increased 1,200 percent, putting end users and major companies at an even greater risk of theft and damage, according to a new study.

MessageLabs reports that last September its analysts had only seen 279 phishing emails. But that number had risen nearly 800-fold to 215,643. Phishing emails peaked in January with 337,050.

''It's a very dangerous trend,'' says Paul Wood, chief information analyst at MessageLabs. ''It's preying on people's vulnerabilities. They're being conned into downloading viruses or giving away their financial information... Some people are having a lot of money siphoned from their bank accounts.''


Collapse -
Network Associates to change name

In reply to: NEWS: April 22, 2004

Security specialist Network Associates is changing its name and selling one of its product lines in a move to boost profitability.

The Santa Clara, Calif.-based company announced Thursday it is changing its name to McAfee, the name of its most prominent product line and the name of a company Network Associates acquired. In addition, it will sell its Sniffer line of manageability tools to Silver Lake Partners and Texas Pacific Group for $275 million in cash.

Silver Lake and Texas Pacific will then form a new company, called Network General, Both companies are known as turnaround artists. Silver Lake, for instance, helped Seagate go private, and then public again.

With the sale of Sniffer, Network Associates will focus primarily on security and detection.


Collapse -
(OT) MSN Messenger's got game

In reply to: NEWS: April 22, 2004

Microsoft on Thursday introduced a new subscription service for playing games using its MSN Messenger instant messaging software.

The move, which coincides with the release of an upgrade to the software, comes on the heels of a new version of America Online's rival ICQ instant messenger, which also features games.

MSN Messenger, ICQ, AOL's AIM and Yahoo's instant messenger are competing to attract millions of computer users who want the ability to communicate online at quick speeds, without many of the hassles of e-mail exchanges.


Collapse -
Microsoft Internet Explorer Gags on Compression

In reply to: NEWS: April 22, 2004

Microsoft says that Internet Explorer 6 may have problems with compressed HTTP data. Since IE may not read all the data in the HTTP response from the server, a web page may not completely appear, or IE may just crash. Microsoft has a hotfix, which will be included in a future service pack. To get the fix right away, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 823386. Note that you may get charged for this call.


Collapse -
Net threat overstated, says security researcher

In reply to: NEWS: April 22, 2004

Paul Watson, security researcher for Rockwell Automation, says a flaw he discovered in the Transmission Control Protocol (TCP) and its potential to harm the Internet have been exaggerated, since major Internet service providers (ISPs) addressed the flaw in the previous two weeks. The flaw would have allowed a knowledgeable attacker to shut down connections between routers. Smaller networks and e-commerce sites that run their own routers may be at risk if they believe they are not vulnerable to attack. Cisco has released updated software to address the flaw, and other hardware makers are following suit. The flaw lies in how routers handle sessions--continuous streams of packets from a single source that are grouped with sequence numbers. An attacker could theoretically send illicit commands by guessing the next number in a sequence, however, the odds were considered high: one in 4.3 billion. Mr. Watson found that in certain applications, such as the border gateway protocol (BGP), a longer session reduces the odd to one in 260,000. An attacker with a broadband connection could launch all 260,000 possible packets in fifteen seconds, denying service with far fewer packets than in a typical traffic flood. Both Mr. Watson and US-CERT (United States Computer Emergency Response Team) recommend adding a random 128-bit number to session packets; encryption can further protect data.

Also in http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci960715,00.html

Collapse -
Panda Software Reports a Spam Message That Downloads a Trojan

In reply to: NEWS: April 22, 2004

The message is sent with the subject field: Osama Bin Laden Captured

Panda Software's PandaLabs has detected a spam message currently being sent to users which tries to get
recipients to visit an advertising page and which also downloads a Trojan to users computers.

The address indicated in the message takes users to what appears to be an advertising page. However, the page contains code that exploits a vulnerability (detected by Panda antivirus as Exploit/MIE.CHM). The code also downloads and runs a file (detected as VBS/Psyme.C). Finally, a file called EXPLOIT.EXE, which contains the Trojan Trj/Small.B is downloaded from Internet onto users' machines.


Collapse -
Cisco fixes critical protocol flaw

In reply to: NEWS: April 22, 2004

Cisco has released a fix to a flaw in a popular communications protocol that some experts said could take down the Net and has announced a new, unrelated security bug.

After the United Kingdom's National Infrastructure Security Co-ordination Centre sent out an advisory Tuesday describing the problem, Cisco and several other vendors acknowledged that their products could be affected by the flaw.

Cisco posted an alert to customers on its Web site and provided information for obtaining updated software. The problem affects a broad range of Cisco products, from its Internet Protocol routers and Ethernet switches to its optical, Internet Protocol telephony and storage products, according to the warning.


Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Best Black Friday Deals

CNET editors are busy culling the list and highlighting what we think are the best deals out there this holiday season.