Bank Hack Shows Need for Separate Servers
A single compromised server leaves 100 banks vulnerable. Also: OpenOffice/StarOffice virus hype, online banking surveys and rogue hotspots.
Hackers gain access to server hosting bank Web sites: A hosting provider
for smaller community banks was recently compromised by hackers, placing at
risk more than 100 different banks across the U.S.
This problem is only going to get worse as time goes on. The biggest problem
here was that so many highly desirable targets were located on a single server.
It's impossible to tell whether the criminals who attacked the server
were aware of this fact ahead of time, but it would have been obvious once their
initial compromise was successful. When employing hosting services it is critical
to fully understand how the site is being secured. Equally important is knowing
what else is located on the same server to determine whether or not it places
your site at higher risk, either from hacking or denial of service attacks.
Snort http_inspect bypass: A flaw discovered in the Sourcefire's Snort
IDS system may allow attackers to bypass detection rules relating to attacks
on Apache Web servers through the use of malformed HTTP requests.
Although not reported to be in the wild, the nature of the attack allows it
to be trivially retrofitted into existing attack tools. The issue cannot be
readily addressed through signature updates. Third-party interim patches have
Enterprises using Snort sensors to monitor Apache Web environments should be
aware of the vulnerability in Snort and consider updating to the revised detection
engine when it becomes available. The bypass constitutes a blind spot that could
be used by miscreants while attacking Web applications, but does not introduce
any new exploitable conditions.
NetBSD drops default installation of Sendmail: NetBSD has dropped Sendmail
as part of its core offering, instead allowing NetBSD owners to choose to configure
it themselves or replace it with some other MTA, such as Postfix. About time!
OpenOffice/StarOffice Macro Virus: Media outlets recently hyped a blog
entry by researchers at anti-virus company Kaspersky Lab regarding their observation
of the first known virus targeting OpenOffice and StarOffice documents. While
it exists, the virus is not in the wild in any remarkable way, is unlikely to
spread and is generally insignificant. Enterprises should do nothing.
Virus.StarOffice.Stardust.a is a macro virus written in Star Basic.
On execution, it downloads an adult-content image file and opens this file as
a new document. There are no reports it is network-aware. There are no reports
it is spreading. Indeed, there is only one competent report of its existence
-- the blog entry itself.
Macro viruses have been out of vogue for about seven years. This virus will
not change this fact.
Security fears stunt online bank growth: A recent Christian
Science Monitor article attempts to link fears about security threats
to a reticence about banking online. The article draws information from two
distinctly separate polls. The first states that the majority of Americans are
concerned about identity theft and sale of their personal information, while
the second states that online banking growth will be limited to 4 percent between
2006 and 2010.
More fun with statistics. There is no data cited which states that it is security
fears that will limit the expected adoption of online banking, merely two surveys
which found information that the article's author has decided to link.
Americans need not bank online to have concerns over the sale of their personal
information or security threats. Equally, no reason is provided for the expected
low growth rate of online banking users.
More are opting for online banking: As a comparison to the Christian Science
Monitor article, this Seattle
Times article cites virtually all of the same statistics but comes to
the conclusion that more and more people will adopt virtual online banks as
their banks of choice.
The speculation about the numbers in this article focus on the fact that many
virtual online banks are offering higher interest rates than their brick and
mortar counterparts. Two stories, two very different views.
Web encryption: VeriSign released an article recently discussing
how many Web sites are accepting connections from their visitors at less than
the common encryption strength, 128-bit.
The article points out an interesting fact, namely that your Web site certificate's
strength in no way guarantees that the client will use that strength. However,
it completely ignores the reality that the strength of encryption during SSL
transactions has yet to be shown to be a concern. Loss of sensitive information
occurs once the data has been decrypted by the server, not in transit, which
is all that the SSL strength ensures.
column was originally published in our weekly Security Watch
newsletter. To subscribe, click here.
Rogue hotspots offer rich pickings for hackers?: RSA
Security is suggesting that criminals are likely to move from e-mail-based
phishing attacks to setting up and running rogue wireless hotspots. They claim
the data that could be monitored via such a setup will yield them a greater
volume of accurate details, such as bank login information and credit card details.
Well, how's this for casting FUD. Sure, there's no doubt that a
rogue hotspot could get more accurate information than, say, a single phishing
e-mail might. However, phishing e-mails are sent out in the millions, if not
billions, daily while a rogue hotspot is only going to connect to hundreds,
possibly thousands, a day. The report certainly rings true in its assertion
that many wireless users of hotspots make little effort to determine whether
they are accessing the legitimate access point or one under criminal control.
Better controls in this regard, coupled with user education, is required. For
now the best idea is to ensure that sensitive information is not being sent
in the clear while connected to a hotspot, instead opting for VPN access to
the corporate resources and then onto the Internet from there.
Russ Cooper is a senior information security analyst with Verizon Business, Inc.
He's also founder and editor of NTBugtraq, www.ntbugtraq.com,
one of the industry's most influential mailing lists dedicated to Microsoft security.
One of the world's most-recognized security experts, he's often quoted by major
media outlets on security issues.