Put your right leg in and take your right leg out

By on
Put your right leg in and take your right leg out

The year has got off to a quick start.

Hopes of improvement in security look as if they will remain just hopes, as the hokey-cokey of one step forwards, one step back continues.

In last month's issue, Robert Schifreen noted that the username component of URLs was being used to mask addresses in phishing scams. But it gets worse - Internet Explorer has a bug that will completely conceal the remainder of the URL, not just obfuscate it.

For a moment, December looked like a record month for Microsoft: patch day rolled around and nothing was issued. The silence was deafening, until an unexpected patch sneaked into the update facility. Meanwhile, a slew of remote exploits and this URL bug are pending fixes, so maybe it is not all roses in Redmond.

Unsurprisingly, patching was one of the top issues identified in our reader survey (full analysis on page 20), with several readers pointing accusing fingers straight at Microsoft. However, many also said they were looking forward to the software giant's ongoing investment in patch management tools. It looks as if the outcry might be developing an undertone of optimism.

We should certainly hope so. The desperate state of patch deployment last year opened the door to onslaught after onslaught of viruses and worms. And with spammers now making widespread use of exploited PCs for sending junk mail, the hackers writing the malware have gained backers with deep pockets.

If anyone was harbouring any misconceptions about whether spammers are really just misunderstood marketers, that should shut them up. Except for those in government: both sides of the Atlantic have passed new laws that make it illegal to send spam. Lawmakers seem to have overlooked the possibility that a spammer willing to infect thousands of PCs with trojans might not be too bothered by the prospect of a slap on the wrist and a £5,000 fine.

All these new threats are bad enough, but it is all compounded by the plethora of old ones still hanging around: Code Red is now a venerable two-and-a-half years old, but still doing the rounds. So is Slammer, and after all the publicity you'd have to be living in a cave somewhere not to have heard about it.

And wireless networks are as open as ever: SC Magazine's Dan Ilett went on an exploratory wardrive through London to see what progress has been made. His conclusion? Not much progress at all. His findings start on page 32, and they are pretty bleak.

What does this mean for 2004? Probably that it will be just like 2003, only more so. While infosec spending is creeping upwards, the threats are currently outpacing us. We have some great technology, and best practices galore, but the hurdles of budget, management and education are no lower than before. Without some remarkable breakthroughs, 2004 is going to be a long hard year for all of us.

Jon Tullett is UK and online editor for SC Magazine

Copyright © SC Magazine, US edition
In Partnership With

Most Read Articles

Log In

Username / Email:
  |  Forgot your password?