News
The Summer of Lockdown
The world was gripped by this summer's FIFA Soccer World Cup tournament. Crazed fans wore wild wigs and body paint, old rivalries flared, new ones erupted and, of course, there was the head butt heard 'round the world. At Microsoft Tech Ed in Boston, you couldn't walk 50 feet through the corridors without bumping into a group gathered around one of the dozens of plasma screen TVs installed for the occasion.
Not everyone could just drop what they were doing to watch the games, however. Most of us still had to trudge into work. That's where the Web came in. According to a July 2006 poll conducted by St. Bernard Software, more than half (54 percent) of the respondents admitted to watching the World Cup on streaming video at work. That could explain the bizarre screams coming from down the hall.
A similar poll done in May, also by St. Bernard, revealed that 85 percent of the 266 IT managers surveyed had no plans to block Internet access to World Cup footage. So productivity may have taken a hit during the games, but it's probably wise for employers to not try to stop the soccer madness. No sense getting those rowdy soccer fans all riled up.
Click on Through
You still think it's safe to click through to other links while surfing around?
Unfortunately, you can no longer implicitly trust even familiar sites and links
any more. There's a new free service called LinkScanner that lets you test the
security of suspected hyperlinks -- even if you use them all the time.
LinkScanner examines a link and tells you if the associated site has been hijacked
for criminal use or compromised by malicious code. Try it out at www.explabs.com.
Click on LinkScanner and type in the URL you want to scan. After a few seconds,
you'll either get clearance telling you the link is secure or a warning to not
use it because it has been compromised.
Read Only
There's a new Outlook plug-in that promises to give Microsoft's Rights Management
Services (RMS) a run for its money. Taceo (Latin for "to be silent")
lets you encrypt and assign privileges at the individual file and e-mail levels.
This struck me as a solid approach when I first looked at RMS as well -- file
protection at the file level. You can add permission controls like "do not
print" and "do not forward," and prevent someone from cutting,
pasting or editing a message. You can also set privileges to expire after a certain
time or evolve over time.
Taceo uses 1024-bit RSA asymmetric encryption and 192-bit 3-DES encryption to lock down files. It can also encrypt digital signatures. This is a fairly airtight approach, and should keep Microsoft's RMS team high-stepping.
Hacked
In late July, hackers defaced Netscape.com's social networking site using
a cross site scripting attack. The relatively harmless attack was allegedly
launched by devotees of Digg.com, a competing networking site. Finnish security
vendor F-Secure first discovered the hack while researching cross-site scripting
vulnerabilities. The hackers used an XSS vulnerability to insert JavaScript
code into the Netscape homepage and other pages on the site.
The Digg diggers used cross-site scripting to show pop-up alerts with humorous (at least to the perpetrators) messages that redirected visitors to their site. Fortunately, there was no malicious code inserted or sensitive data stolen. Shortly after the attack, Netscape issued a statement explaining that the vulnerability had been patched and assuring visitors they were safe.
Worried about suffering a similar fate? The Acunetix Web Vulnerability Scanner
can automatically audit web applications. It determines whether or not they
are secure from potential vulnerabilities like this recent cross site scripting
attack. The company also offers free initial audits to help you determine your
Web site's security. Better safe than cross site scripted.
About the Author
Lafe Low is the editorial liaison for ECG Events.