Security Bytes: University data breaches lead to IT suspensions |
 |
By SearchSecurity.com Staff
22 Jun 2006 | SearchSecurity.com |
|
|
University breaches lead to IT suspensions
Two IT staff members from Ohio University's Athens campus have been suspended and a revamping of the central IT department is underway. This in the wake of recent data breaches that compromised personal information belonging to 137,000 people. In a statement on its Web site, the university said it has hired two consultants to bolster its IT management team and created a new position of chief of staff to the CIO.
"I am angry and embarrassed by the computer security system lapses that were undetected before my time as leader of the university," Ohio University President Roderick J. McDavis said in the statement. McDavis also said the university's board of trustees asked him to invest $2 million in information security improvements. "While we cannot correct mistakes of the past, I am determined that the university will learn from these oversights and make the appropriate changes," he said.
Panda Software warns of BlackAngel worm
Glendale, Calif.-based Panda Software warned Wednesday that the BlackAngel-B worm is spreading across Spanish-speaking countries. It can modify the configuration of infected systems, preventing users from starting their computers, the firm said in an email advisory. On the fourth day after it infects a computer, BlackAngel-B activates itself, initiating a 10-second countdown. Then, without users' knowledge, it changes critical Windows registry entries and disables system recovery services. It then shuts down the computer, Panda said, causing any unsaved documents to be lost.
When a victim tries to restart an infected PC, the worm will prevent it. Because it disables Windows functions, including System Restore or the Registry Editor, users would have to reinstall the operating system from the CD to access data, Panda said.
Panda discovered the worm a few days ago and said it is distributed across MSN Messenger. It arrives in a message made to look as if it has been sent by a contact of the user, and includes an attachment "fantasma.exe," which appears to be a video and displays the threatening text: "En el 1er día te espantas, en el 2º te desesperas, en el 3º buscas ayuda y en el 4º mueres". Translated to English, the message reads: "On the 1st day you will be scared, on the 2nd you will be desperate, on the 3rd day you will look for help and on the 4th day you die."
Gartner reports antivirus market growth
The rise of spyware and other malware translated into a good 2005 for antivirus vendors, according to a new analysis from Stamford, Conn.-based Gartner Inc. The research firm said the industry grew 13.6% in 2005, with revenue totaling $4 billion. Gartner predicts the trend will continue with double-digit growth in the short term. Gartner said the strongest growth is in Canada, followed by the Middle East, Africa and countries in the Asia/Pacific region.
Vendors will continue to add security features to software, such as antispyware and firewall functions, Principal Research Analyst Nicole Latimer-Livingston wrote. "The market for stand-alone antivirus and antispyware products for businesses and consumers will eventually start to decline as interest for end-point security product suites continues to grow," Latimer-Livingston wrote. She said Symantec Corp. holds a majority of the market at 53.6%, followed by McAfee Inc. at 18.8% and Trend Micro Inc. at 13.8%. All three vendors were down from their 2004 market share, but just slightly, with none losing more than 1%, she wrote.
IBM fixes WebSphere Application Server flaw
IBM has fixed multiple security holes in its WebSphere Application Server that attackers could exploit to gain knowledge of potentially sensitive information. According to an advisory from the French Security Incident Response Team (FrSIRT):
The first issue is due to an error where the password of the datasource is revealed in plain-text in the trace file when enabling trace for ConfigService related classes.
The second issue is due to an error where certain configuration object types are erroneously exposed.
The third vulnerability is due to an error when displaying JSP files, which could cause the source code of arbitrary pages to be disclosed.
The fourth flaw is due to an error where the "UserNameToken" cache is improperly used, which could be exploited by attackers to disclose sensitive information or bypass security restrictions.
This issues affect IBM WebSphere Application Server 6.0. The solution is to upgrade to version 6.0.2 Fix Pack 11 (6.0.2.11).
|
|
|
|
