[ISN] Major Security Flaws In Int'l Web Sites

From: mea culpa (jerichoat_private)
Date: Wed Nov 04 1998 - 04:55:24 PST

  • Next message: mea culpa: "[ISN] 10th anniversary of the Internet Worm"

    Forwarded From: phreakmoi <hackereliteat_private>
    Major Security Flaws In Int'l Web Sites
    From: http://www.currents.net/newstoday/98/11/03/news4.html
    By Steve Gold, Newsbytes
    NTA Monitor, a UK-based Internet security specialist firm, will next week
    publish research that shows more than 50 percent of business e-mail sites
    in 11 European countries and Japan have major flaws in their e-mail server
    According to Deri Jones, the firm's managing director, and a veteran of
    the UK Internet scene, these sites have the confidentiality of their
    Internet mail jeopardized because their mail servers are using software
    packages with known security risks. 
    NTA says that the conclusion is backed up the results of what is the
    largest international e-mail security tests carried out to date. Its
    research, the firm says, highlights the lack of emphasis placed on keeping
    Internet e-mail servers up-to-date and free of known security problems. 
    In particular, Jones said, the research demonstrates that many
    organizations are not testing their security on a regular basis. 
    Newsbytes understands that the research involved over 16,000 unique
    servers, which form 100 percent of the live e-mail servers for commercial
    Internet domains in Belgium, Denmark, Finland, France, Germany, Ireland,
    Japan, Netherlands, Norway, Spain, Sweden and the UK. 
    NTA Monitor says it ran live tests across the Internet using a subset of
    its Regular Monitor security testing service, which is used by over 100
    major European firms for annual, quarterly or monthly testing of corporate
    Internet security. 
    The testing ran between June and October 1998 and aimed to discover how
    prevalent the use of e-mail software products and versions with known
    security risks was. 
    The survey discovered that an estimated 35 percent of all sites in all the
    countries are using software versions with known security holes, while an
    average of 42 percent of Unix based e-mail servers are insecure -- with
    Japan the highest at 90 percent and Denmark and Finland the lowest at 23
    and 29 percent, respectively. 
    According to the research, the UK and France are both worse than average
    at 56 and 55 percent, respectively, while the large majority of Unix
    e-mail vulnerabilities are due to the use of old versions of Sendmail with
    known security holes -- many of which allow machines to be totally taken
    over, NTA says. 
    According to NTA's report, Finland, Germany and Netherlands all had more
    than 27 percent of their total mailers using the recent secure versions of
    Sendmail, compared with 6 percent in Japan and 15 percent in Belgium
    In addition to this, an average of 41 percent of NT-based mail servers are
    using insecure software. Interestingly, NTA's research found that the UK
    and Belgium are the lowest at 25 and 32 percent, respectively, while Japan
    is at 50 percent -- and mail servers hosting domains for more than one
    country are the worst at 60 percent. 
    One interesting fact that stands out from the report is that 18 percent of
    sites are running Microsoft NT, with Belgium, Norway, Denmark, UK and
    Netherlands being the top 5 users. The most widely used NT mailer,
    meanwhile, was found to be NTMail. 
    According to NTA's research, the majority of NT e-mail server insecurity
    is caused by the use of old or unpatched versions of Microsoft Exchange --
    only version 5.5. with the correct patches is secure, the firm says. 
    Curiously, NTA notes that Irish e-mail servers are the least secure with
    70 percent running old Exchange versions. The UK, however, is most secure
    in Europe, although with 50 percent, that is not saying much, Newsbytes
    According to Jones, in all the European countries, between 4 and 8 percent
    of e-mail servers are protected by well-known firewall brand using mail
    proxies -- Germany, Japan and Spain were the lowest at 4 percent, while
    Sweden and Denmark were the highest at 9 and 8 percent, respectively. 
    Interestingly, NTA's research found that all the European countries had
    virus checking usage at 3 percent or less, except Japan at 7 percent,
    Norway at 5 percent and Ireland at 4 percent. 
    "It's quite astounding that security risks are still so high. In the
    course of regular testing of our own customers we do see a gradual
    improvement in the levels of security practice," said Jones, who added
    that many organizations are shocked when they get their first proper test
    results, when they see how many of their perimeter defenses, even if built
    with strong products, have configuration and patch flaws. 
    "This survey confirms the fact that organizations may be spending in
    excess of $15,000 per year on 24-hour Internet connectivity, but are
    failing to spend 10 or 20 percent of that on security," he explained. 
    According to Jones, the variety of known risks within the range of old and
    flawed versions of e-mail software packages found enable hackers to crash
    systems, or to access confidential information within e-mail messages, and
    even to take control of the machines altogether and launch further attacks
    into data systems deep within corporate networks. 
    "The problems are particularly serious now that many more organizations
    are running e-commerce; financial transactions are taking place online,
    with large business risks if security is breached," he said. 
    According to Jones, the best advice anyone can give, is not to rush out to
    buy more security gadgets, but first of all to get your Internet security
    perimeter thoroughly tested. 
    "It'll be the best value 1,500 pounds ($2,600) of security you'll ever
    spend," he said.  Copies of the report can be purchased from NTA's Web
    site at http://www.nta-monitor.com . 
    Article posted on 11/03/98
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:10:01 PDT