[ISN] Gates fussy over security in Sydney

From: InfoSec News (isn@private)
Date: Mon Jun 28 2004 - 02:45:40 PDT

  • Next message: InfoSec News: "[ISN] DoS Attack May Tap Web Graphics Flaw"

    By Nathan Cochrane
    June 28, 2004
    Years spent battling Washington have left an impression on Bill Gates.
    The Microsoft co-founder and one of the world's richest men is in
    Sydney today for a press appearance so tightly scripted and controlled
    it could have been orchestrated by US President George W. Bush's media
    A tactic the Bush camp uses - and which Mr Gates will adopt - is to
    stifle discussion by accepting just one question from each reporter.
    Also like a visiting head of state, Mr Gates will share a podium with
    Prime Minister John Howard for a stage managed pre-election publicity
    photo opportunity. The two will join charity groups to launch a scheme
    that puts computers running the company's software within reach of the
    Similar schemes running free software and donated recycled PCs have
    operated for the last decade without such high-profile backing or
    Mr Gates borrows another play out of the US President's Secret Service
    manual, requiring all journalists to submit their passports for
    verification prior to entry, and then locking them inside a hotel
    meeting room where the conference will be held.
    At least the assembled do not have to submit their retinas or
    fingerprints for scanning - possibly because Microsoft can't come to
    grips with good security.
    Despite launching its "Trustworthy Computing" campaign two-and-a-half
    years ago, secure IT systems still elude the world's biggest software
    maker. Roundly criticised by computer security experts as little more
    than a marketing ploy, Microsoft's plan to secure every PC in the
    world that runs its software never got on the rails.
    Following years of almost weekly security stuff-ups, last month the
    company back-flipped on a promise to release critical security updates
    to those it alleges have pirated its PC operating system, the
    ubiquitous Windows. Microsoft was roundly condemned by security
    experts for what will, in effect, remove a software "condom" from the
    internet, laying at risk all users.
    And then last Friday, websites running Microsoft's Internet
    Information Server - software that delivers usually corporate web
    pages to surfers - suffered what may be the company's most
    embarrassing glitch to date. A "trojan horse" program variously called
    "Download.Ject'', "Scob'' and "Toofer'' that, like the warriors of
    Homer's epic who hid inside an innocuous outer shell only to wreak
    havoc once brought inside, hopped from one site to the next exploiting
    security lapses in Microsoft software that could lead to theft of
    confidential information such as credit card details.
    Anyone visiting a compromised website had everything they typed copied
    to a computer in Russia, researchers said. The exploit, which
    Microsoft and independent researchers gave the highest threat-level of
    "critical", short-circuited most security precautions on both the
    infected corporate server and on the surfer's PC.
    The hacker's server was shut-down at the weekend by Russian law
    enforcement, but the perpetrators remain at large.
    Those running the market-leading open source Apache web server, who
    use desktop operating systems such as Mac OS X or GNU/Linux, or
    Windows web browsers other than Explorer (such as Opera or Mozilla)  
    were inoculated from the virus.
    ISN mailing list
    Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie!
    (Broke? Spend 15 minutes a day on the project!)

    This archive was generated by hypermail 2b30 : Mon Jun 28 2004 - 04:06:29 PDT