News

The Summer of Lockdown

The world was gripped by this summer's FIFA Soccer World Cup tournament. Crazed fans wore wild wigs and body paint, old rivalries flared, new ones erupted and, of course, there was the head butt heard 'round the world. At Microsoft Tech Ed in Boston, you couldn't walk 50 feet through the corridors without bumping into a group gathered around one of the dozens of plasma screen TVs installed for the occasion.

Not everyone could just drop what they were doing to watch the games, however. Most of us still had to trudge into work. That's where the Web came in. According to a July 2006 poll conducted by St. Bernard Software, more than half (54 percent) of the respondents admitted to watching the World Cup on streaming video at work. That could explain the bizarre screams coming from down the hall.

A similar poll done in May, also by St. Bernard, revealed that 85 percent of the 266 IT managers surveyed had no plans to block Internet access to World Cup footage. So productivity may have taken a hit during the games, but it's probably wise for employers to not try to stop the soccer madness. No sense getting those rowdy soccer fans all riled up.

Click on Through
You still think it's safe to click through to other links while surfing around? Unfortunately, you can no longer implicitly trust even familiar sites and links any more. There's a new free service called LinkScanner that lets you test the security of suspected hyperlinks -- even if you use them all the time.

LinkScanner examines a link and tells you if the associated site has been hijacked for criminal use or compromised by malicious code. Try it out at www.explabs.com. Click on LinkScanner and type in the URL you want to scan. After a few seconds, you'll either get clearance telling you the link is secure or a warning to not use it because it has been compromised.

Read Only
There's a new Outlook plug-in that promises to give Microsoft's Rights Management Services (RMS) a run for its money. Taceo (Latin for "to be silent") lets you encrypt and assign privileges at the individual file and e-mail levels. This struck me as a solid approach when I first looked at RMS as well -- file protection at the file level. You can add permission controls like "do not print" and "do not forward," and prevent someone from cutting, pasting or editing a message. You can also set privileges to expire after a certain time or evolve over time.

Taceo uses 1024-bit RSA asymmetric encryption and 192-bit 3-DES encryption to lock down files. It can also encrypt digital signatures. This is a fairly airtight approach, and should keep Microsoft's RMS team high-stepping.

Hacked
In late July, hackers defaced Netscape.com's social networking site using a cross site scripting attack. The relatively harmless attack was allegedly launched by devotees of Digg.com, a competing networking site. Finnish security vendor F-Secure first discovered the hack while researching cross-site scripting vulnerabilities. The hackers used an XSS vulnerability to insert JavaScript code into the Netscape homepage and other pages on the site.

The Digg diggers used cross-site scripting to show pop-up alerts with humorous (at least to the perpetrators) messages that redirected visitors to their site. Fortunately, there was no malicious code inserted or sensitive data stolen. Shortly after the attack, Netscape issued a statement explaining that the vulnerability had been patched and assuring visitors they were safe.

Worried about suffering a similar fate? The Acunetix Web Vulnerability Scanner can automatically audit web applications. It determines whether or not they are secure from potential vulnerabilities like this recent cross site scripting attack. The company also offers free initial audits to help you determine your Web site's security. Better safe than cross site scripted.

About the Author

Lafe Low is the editorial liaison for ECG Events.

Featured

comments powered by Disqus

Subscribe on YouTube

Upcoming Training Events

0 AM
TechMentor @ Microsoft HQ
August 11-15, 2025