Symantec Firewalls Vulnerable to Intrusion, DOS

Symantec has confirmed a flaw in its firewall software products for Windows that could enable remote access or denial of service by attackers.

The company has released updates to fix the security holes, discovered by eEye Digital Security. Secunia termed the flow extremely critical because of the large installed base for the affected Norton Internet Security and Norton Personal Firewall products and the potential for the flaw to be exploited by an auto-propagating worm.

Despite the ease of repair (Symantec users can simply run the products' LiveUpdate auto-update feature), vendors expressed concern about the similarity to the mid-March revelation of a vulnerability in ISS' Black Ice products, which was exploited barely a day later by the Witty worm. That incident raised alarms about "zero day exploits" - attacks published the same day a security hole becomes public, leaving no time for network administrators to repair vulnerable systems.

Continue reading

Pushing the blog boundary

A few weeks ago I wrote - a little unfairly, perhaps - that blogs were "little more than personal Web pages". Of course, one of the reasons some blogs are interesting is that they can be much more than that, providing an alternative kind of online journalism that is often better informed and far more topical than traditional publications. Moreover, the usefulness of such blogs is increased enormously when news items are syndicated - made available as a feed that can be accessed on a regular basis and displayed automatically on a subscriber's machine. By aggregating many syndicated feeds it is possible to create a powerful form of constantly-updated, personalised information.

Like the basic blog format, syndication is not new. Its roots go back to one of the most discredited ideas of the early dot-com days: push technology. Instead of visiting a Web site, information was sent - pushed - to clients as a "Webcast". Unfortunately, the result was something horribly close to television, complete with intrusive advertising. Worse, the model employed by push pioneers like Pointcast meant that corporate intranets were soon clogged with the constant and redundant transmissions of multimedia content.

Continue reading

Anti-Phishing Site Targeted by Hack Attacks

Active hacking attacks on CodeFish Spam Watch have forced the site to pause its analysis of Internet "Phishing" scams. The site has documented the increasing sophistication of the coding and techniques employed by phishers.

Codefish operator Daniel McNamara has spent the past week defending against the attacks. "As far as we can tell the site has not been compromised as yet," McNamara wrote Sunday, saying the hack attempts were "heavy and consistent" included "multiple cross-site scripting attacks as well as SQL injection attempts."

Continue reading

DDoS Attacks Hobble E-commerce, Security Sites

Digital vandals using distributed denial of service (DDoS) attacks are proving effective in driving e-commerce and security sites offline, and even out of business. The recent attacks show the DDoS becoming a potent weapon against sites with limited resources to defend their sites or pay overusage fees from attack-related bandwidth consumption.

Authorize-It, a Kentucky firm processing online credit card transactions, says it was knocked offline for a week by a DDoS extortion scheme. The attack occurred in mid-April, roughly the same time another online card processor, 2Checkout, was also hobbled by a DDoS blackmail plot. Both 2Checkout and Authorize-It serve the small business e-commerce market.

Continue reading

What future for Google?

As a previous column noted, Google represents the culmination of the first Web search engine era. Its rise was due in part to a reaction against the portals and their increasingly baroque attempts to shoe-horn links to huge chunks of the Net into a single Web page. Google is simultaneously the ultimate portal and an anti-portal, with a studiedly minimalist home page (even if the logo varies).

Google has entered the language, the souls and the bookmarks of the world - probably most regular users of the Internet have made Google their browser's start page. Already an essential part of our Zeitgeist, the question is: What new Google will emerge in the wake of its IPO later this year?

Continue reading

SAVVIS Tops April Hosting Growth With Gains From C&W

SAVVIS Communications grew by more than 800 percent in April as it integrated the U.S. hosting assets of Cable & Wireless, which it purchased in a February bankruptcy court auction for $155 million. The shift of more than 350k hostnames from C&W to SAVVIS is one of the largest distress sales to result from the collapse of the telecom/dot-com market.

But that huge block of hostnames doesn't equate to nearly that many accounts. Over 161K of those hostnames belong to, and 60K to Domain Active. At the time of auction, C&W's 1,00 hosting customers included General Electric, Starbucks, Office Max, CBS Sportsline and Slashdot.

Top Hosting Providers By Growth, March 04 to April 04
Hosting Company Mar 04 Apr 04 Growth %
SAVVIS Communications 48,043 434,575 386,532 804.6% America
GoDaddy Inc 2,056,231 2,163,143 106,912 5.2% America
The Planet 229,829 292,527 62,698 27.3% America 116,380 177,456 61,076 52.58% America
KT Corporation 125,513 177,839 52,326 41.78% S. Korea
Telus 185,724 233,830 48,106 25.9% Canada
EV1Servers 743,309 779,391 36,082 4.9% America
China Telecom 104,158 138,131 33,973 32.6% China

Continue reading