Forwarded From: phreakmoi <hackereliteat_private> Major Security Flaws In Int'l Web Sites From: http://www.currents.net/newstoday/98/11/03/news4.html By Steve Gold, Newsbytes NTA Monitor, a UK-based Internet security specialist firm, will next week publish research that shows more than 50 percent of business e-mail sites in 11 European countries and Japan have major flaws in their e-mail server software. According to Deri Jones, the firm's managing director, and a veteran of the UK Internet scene, these sites have the confidentiality of their Internet mail jeopardized because their mail servers are using software packages with known security risks. NTA says that the conclusion is backed up the results of what is the largest international e-mail security tests carried out to date. Its research, the firm says, highlights the lack of emphasis placed on keeping Internet e-mail servers up-to-date and free of known security problems. In particular, Jones said, the research demonstrates that many organizations are not testing their security on a regular basis. Newsbytes understands that the research involved over 16,000 unique servers, which form 100 percent of the live e-mail servers for commercial Internet domains in Belgium, Denmark, Finland, France, Germany, Ireland, Japan, Netherlands, Norway, Spain, Sweden and the UK. NTA Monitor says it ran live tests across the Internet using a subset of its Regular Monitor security testing service, which is used by over 100 major European firms for annual, quarterly or monthly testing of corporate Internet security. The testing ran between June and October 1998 and aimed to discover how prevalent the use of e-mail software products and versions with known security risks was. The survey discovered that an estimated 35 percent of all sites in all the countries are using software versions with known security holes, while an average of 42 percent of Unix based e-mail servers are insecure -- with Japan the highest at 90 percent and Denmark and Finland the lowest at 23 and 29 percent, respectively. According to the research, the UK and France are both worse than average at 56 and 55 percent, respectively, while the large majority of Unix e-mail vulnerabilities are due to the use of old versions of Sendmail with known security holes -- many of which allow machines to be totally taken over, NTA says. According to NTA's report, Finland, Germany and Netherlands all had more than 27 percent of their total mailers using the recent secure versions of Sendmail, compared with 6 percent in Japan and 15 percent in Belgium In addition to this, an average of 41 percent of NT-based mail servers are using insecure software. Interestingly, NTA's research found that the UK and Belgium are the lowest at 25 and 32 percent, respectively, while Japan is at 50 percent -- and mail servers hosting domains for more than one country are the worst at 60 percent. One interesting fact that stands out from the report is that 18 percent of sites are running Microsoft NT, with Belgium, Norway, Denmark, UK and Netherlands being the top 5 users. The most widely used NT mailer, meanwhile, was found to be NTMail. According to NTA's research, the majority of NT e-mail server insecurity is caused by the use of old or unpatched versions of Microsoft Exchange -- only version 5.5. with the correct patches is secure, the firm says. Curiously, NTA notes that Irish e-mail servers are the least secure with 70 percent running old Exchange versions. The UK, however, is most secure in Europe, although with 50 percent, that is not saying much, Newsbytes notes. According to Jones, in all the European countries, between 4 and 8 percent of e-mail servers are protected by well-known firewall brand using mail proxies -- Germany, Japan and Spain were the lowest at 4 percent, while Sweden and Denmark were the highest at 9 and 8 percent, respectively. Interestingly, NTA's research found that all the European countries had virus checking usage at 3 percent or less, except Japan at 7 percent, Norway at 5 percent and Ireland at 4 percent. "It's quite astounding that security risks are still so high. In the course of regular testing of our own customers we do see a gradual improvement in the levels of security practice," said Jones, who added that many organizations are shocked when they get their first proper test results, when they see how many of their perimeter defenses, even if built with strong products, have configuration and patch flaws. "This survey confirms the fact that organizations may be spending in excess of $15,000 per year on 24-hour Internet connectivity, but are failing to spend 10 or 20 percent of that on security," he explained. According to Jones, the variety of known risks within the range of old and flawed versions of e-mail software packages found enable hackers to crash systems, or to access confidential information within e-mail messages, and even to take control of the machines altogether and launch further attacks into data systems deep within corporate networks. "The problems are particularly serious now that many more organizations are running e-commerce; financial transactions are taking place online, with large business risks if security is breached," he said. According to Jones, the best advice anyone can give, is not to rush out to buy more security gadgets, but first of all to get your Internet security perimeter thoroughly tested. "It'll be the best value 1,500 pounds ($2,600) of security you'll ever spend," he said. Copies of the report can be purchased from NTA's Web site at http://www.nta-monitor.com . Article posted on 11/03/98 -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:10:01 PDT