News Stay informed about the latest enterprise technology news and product updates.

Security Bytes: Infected computer leaks nuke plant documents

Elsewhere, data theft leaves consumers cold; port sniffing sparks concern of an impending attack; security holes in RealPlayer and Veritas servers are patched; and CSOs call compliance, internal threats big pressures.

Infected computer leaks nuke plant documents to the Internet
An infected computer at Mitsubishi Electric Plant Engineering [MPE] has allowed users of a peer-to-peer file-sharing system to read confidential documents related to nuclear power plant inspections.

Lynnfield, Mass.-based antivirus firm Sophos said the leak occurred when a 30-year-old engineer used his personal computer for company business. The data -- 40MB of it -- was apparently distributed to users of the Winny peer-to-peer file-sharing system. The PC was infected with an unnamed computer virus that allowed Winny users across Japan to access the data, which included photographs of the insides of the nuclear power plants and the names and addresses of inspecting engineers.

According to Japanese media reports, authorities have been quick to reassure the public that it doesn't believe the information was directly related to radioactive substances. Sites referred to in the leaked data include Kansai Electric Power's Mihama nuclear plant and a power station in Tsuruga, as well as pressurized water reactors in Tomari and Sendai, Sophos said.

"This incident strongly illustrates the importance of maintaining resolute computer security," Sophos Senior Security Analyst Gregg Mastoras said in a statement. "When an individual's personal data is compromised, it often leads to devastating consequences, but when information about a nuclear power plant is leaked, the stakes increase exponentially."

Data theft leaving consumers cold
All the headlines about hackers breaking into big-name computer networks is getting to online consumers, if a recent Gartner Inc. survey is any indication. The Stamford, Conn.-based research and advisory firm said that in the 12 months ending in May 2005, an estimated 73 million U.S. adults said they received more than 50 phishing e-mails in the past year. That's a 28% increase over the year before, when 57 million people reported that they had received phishing e-mails.

Gartner said 2.4 million consumers reported losing money directly because of the phishing attacks. Of these, approximately 1.2 million lost $929 million during the year preceding the survey. Three of every four online shoppers said they are more cautious about where they buy goods online, and one of three reported buying fewer items than they otherwise would have because of security concerns.

More than 80% of U.S. online consumers said their concerns about online attacks have affected their trust in e-mail from companies or individuals they don't know personally, Gartner said. Of these consumers, more than 85% delete suspicious e-mail without opening it. "This figure has serious implications for banks and other companies that want to use the e-mail channel to communicate more cost-effectively with their customer base," said Avivah Litan, vice president and research director at Gartner. "For example, a bill sent electronically costs about half of what a bill costs when sent through regular mail."

Port scans spark concern of an impending attack
Gartner has also issued a warning that increased scanning on Transmission Control Protocol [TCP] Port 445 could be the harbinger of an attack used to exploit the SMB packet buffer-overflow vulnerability. Microsoft released a patch for this flaw June 14. Attackers could exploit the flaw to install programs; view, change or delete data; or create new accounts with full user rights.

Gartner said such sniffing on Port 445 "is a serious concern for enterprise security managers, because it may indicate an impending mass malicious-code attack." Gartner said such attacks typically follow a predictable timeline where:

  • 1.) A security vulnerability is identified and a patch is released;
  • 2.) Attackers use the patch to reverse-engineer the vulnerability;
  • 3.) Exploit code is developed and circulated on the Internet;
  • 4.) Attackers scan for vulnerable systems; and
  • 5.) A mass attack is launched.

"The Port 445 activity may indicate that -- in the week since Microsoft released the Windows patch -- attackers have reached the fourth state in this process and may be preparing a mass attack employing the widely used SMB protocol," Gartner warned.

Critical RealPlayer flaw patched
RealNetworks has patched a critical security hole in its popular RealPlayer product. The security hole, discovered by Aliso Viejo, Calif.-based eEye Digital Security, allows a remote attacker to overwrite heap memory with arbitrary data and execute malicious code in the context of the user who executed the player.

"This specific flaw exists within the vidplin.dll file used by RealPlayer," eEye said in an advisory. "By specially crafting a malformed .avi movie file, a direct heap overwrite is triggered, and reliable code execution is then possible. This vulnerability can be triggered when a user views a Web page, or opens an .avi file via e-mail, instant messenger or other common file transfer programs.

Veritas patches server flaws
Mountain View, Calif.-based Veritas Software has patched a security hole in its server products, Danish security firm Secunia said in an advisory. The flaw affects NetBackup BusinesServer 4.0, NetBackup DataCenter 4.0, NetBackup Enterprise Server 5.0 and NetBackup Server 5.0.

"A vulnerability has been reported in Veritas NetBackup for NetWare Media servers, which can be exploited by malicious people to cause a denial of service," Secunia said. "The vulnerability is caused due to a boundary error when handling request packets and can be exploited to cause a buffer overflow via a specially crafted request packet. Successful exploitation crashes the application."

CSOs cite compliance, internal threats as big pressures
Policy compliance, internal security threats and increased job complexity topped the list of concerns for more than 60 security executives who met in Chicago Thursday for the third CSO Interchange. According the survey, nearly 100% of CSOs feel they are well prepared to handle spam, worms and viruses, denial-of-service attacks and hacker attacks. But 88% feel their organizations are least prepared to handle inadvertent loss of data, social engineering and inappropriate use. Meanwhile, 75% reported their jobs have become more difficult or substantially more difficult than they were last year. Among other findings:

  • 64% of CSOs said they're more concerned about compliance this year than last, and 38% said their compliance budget grew in the past year;
  • 74% said their organization must comply with more than five laws and regulations;
  • 68% said their security budget is less than 10% of their total IT budget;
  • 83% outsource less than 10% of their security, and 40% do not outsource security processes at all; and
  • 70% feel they do not receive sufficient early warning for cyberattacks.

CSO Interchange was founded by former White House advisor Howard Schmidt and Qualys CEO Philippe Courtot as a forum where CSOs could exchange ideas, discuss challenges and learn from the real-world experiences of their peers.

"The goal of CSO Interchange is to provide an environment where security executives can interact with their peers, share best practices and freely discuss the issues they face," Schmidt said in a statement. "Sharing information about security issues and openly discussing solutions helps security professionals make more informed decisions that will better protect the organizations and the customers they serve."

Dig Deeper on Information security policies, procedures and guidelines

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.