 |
| | | August 24, 2003
|
|
|
 |
Sunday, August 24, 2003 |
|
A cybersecurity mess
 It was, in the words of MessageLabs CTO Mark Sunner, "an unprecedented new level in virus propagation." The sixth variant of the SoBig e-mail worm, dubbed SoBig.F, showed up on Monday and in mere hours turned into the most widely e-mailed virus in Internet's history. At its peak, e-mail solutions provider MessageLabs reported one in every 17 messages was a copy of the virus. On Tuesday, America Online blocked over 23 million infected e-mails, while e-mail security firm Postini quarantined 3.2 million.
SoBig's latest version is an extremely virulent polymorphic worm, which arrives via e-mail from a usually spoofed sender address. SoBig.F harvests e-mail addresses from Windows' Address Book and cached web pages and, using its sophisticated multithreaded in-built e-mail engine, spreads with extraordinary speed.
The virus' rapid distribution created an enormous increase in Internet and internal corporate traffic. Home users, educational institutions, large corporations and governmental agencies alike were hard hit as their networks were forced to a virtual standstill.
Adding to the viral tumult, another worm was released into the wild, aiming to remove last week's Blaster threat by patching the critical vulnerability in Windows' Remote Procedure Call (RPC) interface. Although seemingly without malicious intent, the worm, known as Nachi, Welchia or Blast.D, generated massive network traffic and potentially affected the stability of infected computer systems. Nachi shut down the reservation and ticketing system of Air Canada, disrupted the internal network of U.S. military equipment vendor Lockheed Martin and caused havoc in countless other networks across the globe.
More from: CNET News.com 1 2 3 4 5 6 | Computerworld 1 2 3 4 5 | eWeek 1 2 | InternetNews.com 1 2 3 4 | The Mercury News | NewsFactor 1 2 | Reuters 1 2 3 4 5 | TechWeb 1 2 3 | VNUNET.com 1 2 3 4 5 | The Washington Post 1 2 3 | Wired News
As the two widespread worms were slowing down Internet connections, Microsoft warned its customers of three critical security vulnerabilities in the Internet Explorer browser and the Microsoft Data Access Components (MDAC). The flaws affect almost all supported Windows versions, two of which, could enable an attacker to overtake a user's PC via a specifically malformed web page or an HTML e-mail message. Microsoft has issued patches, fixing the three newly discovered holes and urges customers to immediately update their software.
More from: CNET News.com | Computerworld | E-Commerce Times | Reuters | Techworld | ZDNet
Ratcheting up the fears of IT managers, Oracle released details about "a set" of buffer overflow vulnerabilities in its Oracle9i Database Server. The flaws affect the XML Database (XDB) component and may eventually lead to a denial-of-service attack. The software giant advises customers of Oracle9i Database Server Release 2 to apply the free patches. According to Oracle, previous versions lack the security holes.
More from: CNET News.com | Computerworld | eWeek | InformationWeek
SCO shows parts of the code
At its SCO Forum held in Las Vegas this week, The SCO Group was widely expected to discuss its ongoing legal battle with the Linux community, but few thought they'd be able to catch a glimpse of the company's alleged evidence. At a keynote presentation, SCO displayed slides showing obfuscated examples of alleged infringing source code, directly copied from the UNIX operating system into Linux. Participants who signed a nondisclosure agreement were given an opportunity to see exact lines of UNIX source code and their Linux copies.
The SCO Group has filed a $3 billion lawsuit against IBM, claiming the computer giant breached trade secrets and illegally transferred UNIX technology into Linux. The group says critical Linux components, which make Linux use possible in an enterprise environment, such as SMP (Symmetrical MultiProcessing), RCU (Read-Copy Update), NUMA (Non-Uniform Memory Access), JFS (Journal File System) and others, account for over one million lines of infringing code.
The open-source community was quick to react. Linux advocates immediately denounced SCO's examples, noting some dated back to the 1970s and were covered by a BSD license.
More from: CNET News.com 1 2 3 4 5 6 | CRN | Computerworld 1 2 | InternetNews.com | Internet Week | ITworld.com | TechNewsWorld | VNUNET.com 1 2 3 4 5 6 7
Study: RIAA's tactics may be working
A newly released study of online music acquisition suggests the recording industry's recently adopted tactics of pursuing individual file-swappers may be working. The NPD Group reports from the peak of 14.5 million in April, the users who obtained music over the Internet dropped to 12.7 million in May and to 10.4 million in June. The group defines music acquisition as songs obtained from online music download stores, CD ripping and file-sharing services. Approximately two-thirds of the numbers reported account for file-trading networks.
In May, the Recording Industry Association of America (RIAA) hinted it may go after individual users of file-swapping networks, in order to clamp down on Internet music piracy. In its assessment, the NPD Group says it cannot link the sharp drop of file-sharing with RIAA's legal efforts, but notes the two events are highly unlikely to be coincidental.
Meanwhile, a Californian ISP subscriber has defied a subpoena from the recording industry. Lawyers for the anonymous woman filed an appeal in Washington, D.C., against RIAA's subpoena issued to her Internet Service Provider, Verizon Communications. The Internet user claims the order to identify her is unconstitutional since it violates her right to privacy. The appeal also notes the woman simply used Kazaa's media player to listen to songs ripped from her own CDs and attempted to prevent Internet users from downloading music from her.
Also this week, the RIAA and its movie counterpart, the Motion Picture Association of America (MPAA), announced they have appealed a court ruling, which earlier this year, found file-sharing software makers StreamCast and Grokster innocent in assisting large-scale online copyright infringement.
More from: CNET News.com 1 2 3 | InternetNews.com | NewsFactor 1 2 | PC World | The Register 1 2 |
Reuters | VNUNET.com | The Washington Post 1 2
In Other News...
As Hewlett-Packard blamed its poor quarterly results on aggressive price cutting, rival Dell announced lower prices across its product lines. Prices were slashed up to 22 percent on servers and up to 6 percent on desktop computer systems.
Software maker Novell posted a loss of $12 million, or 3 cents a share for the quarter that ended July 31. The company said it has cut 10 percent of its workforce, in order to turn to profit in the fourth quarter of 2003.
A power outage left popular auction site eBay inaccessible for over three hours. A Qwest Communications hosting facility in California was affected for only ten minutes, but technicians were forced to reboot the company's servers, which substantially prolonged the site's unavailability.
|
|
|
|
|
|
| |
