Posts Tagged ‘Security’

Microsoft plans quick fix for IE

Microsoft is to due to issue a patch to fix a security flaw believed to have affected as many as 10,000 websites.

The emergency patch should be available from 1800 GMT on 17 December, Microsoft has said.

The flaw in Microsoft’s Internet Explorer browser could allow criminals to take control of people’s computers and steal passwords.

Internet Explorer is used by the vast majority of computer users and the flaw could affect all versions of it.

So far the vulnerability has affected only machines running Internet Explorer 7.

According to Rick Ferguson, a senior security adviser at security firm Trend Micro, the flaw has so far been used to steal gaming passwords but more sensitive data could be at risk until the security update is installed.

MICROSOFT SECURITY ADVICE

Change IE security settings to high (Look under Tools/Internet Options)
Switch to a Windows user account with limited rights to change a PC’s settings
With IE7 or 8 on Vista turn on Protected Mode
Ensure your PC is updated
Keep anti-virus and anti-spyware software up to date

“It is inevitable that it will be adapted by criminals. It’s just a question of modifying the payload the trojan installs,” he said.

It is relatively unusual for Microsoft to issue what it calls an “out-of-band” security bulletin and experts are reading the decision to rush out a patch as evidence of the potential danger of the flaw.

Some experts have suggested that users switch browsers until the flaw is fixed.

Firefox, Opera, Chrome and Apple’s Safari system are not vulnerable to this current flaw.

But Graham Cluley, senior consultant with security firm Sophos, said no browser is exempt from problems.

“Firefox has issued patches and Apple has too. Whichever browser you are using you have to keep it up to date,” he said.

“People have to be prepared and willing to install security updates. That nagging screen asking if you want to update should not be ignored,” he said.


More remote workers using next door’s broadband

The number of workers in the UK who admitted they “hijack” the wireless connection of others has gone up from six per cent to 11 per cent over the last 12 months. Globally the figure is 12 per cent*, with big increases all over the world.

That’s among the findings of the second annual survey of remote working commissioned by networking giant Cisco Systems, which paints a picture of general (and increasing) slackness about IT security threats. The poll of 2,000 remote workers and IT pros from ten countries, including the UK, found that many remote workers were happy to risk opening suspicious emails and attachments. Nearly half (48 per cent) admitted to opening dodgy emails in the UK, something of a black spot for the issue. The US scored better (by comparison, at least) with 27 per cent of those surveyed admitting that they exposed themselves to this risk.

Remote workers feel less urgency to be vigilant in their online behavior, with 56 per cent stating that the internet is becoming safer, an increase of eight percentage points from last year. This “happy factor”, most pronounced in the world’s fastest-growing economies such as Brazil, India and China, is having some undesirable consequences.

Punters half know that they are safer behind a corporate system, but that doesn’t stop them from engaging in all manner of bad behaviour. As well as opening unsolicited emails and hijacking Wi-Fi connections, remote workers are in the habit of loaning out work computers to friends and family. Unsurprisingly they also use work computers for personal use, such as downloading music and visiting social networking sites. Worse still, from a security perspective, many are in the habit of accessing work files from personal devices that haven’t been screened by IT departments.

Cisco reckons the reasons why punters flout corporate security policies when working from home are largely psychological.

“While working at home, people tend to let their guard down more than they do at the office, so adhering to security policies doesn’t always intuitively seem applicable or as necessary in the private confines of one’s home,” Stewart said. “The blurring of the lines between work and home, and between business lives and personal lives, presents a growing challenge for businesses seeking to capitalise on the productivity benefits of the remote workforce.”

More than half of respondents (55 per cent) to the survey reckon that remote workers are becoming less diligent about online security, an increase of 11 percentage points over the last 12 months. As well as the US and the UK the survey, conducted by market research firm InsightExpress, involved quizzing punters in France, Germany, Italy, Japan, China, India, Australia, and Brazil. The sample countries were chosen to represent a diverse set of social and business cultures.

The number of remote workers is growing worldwide, with as many as 46.6m staffers expected to be spending at least one day working at home by 2011, according to estimates from analyst firm Gartner.

Cisco is calling for greater security diligence so that firms and individuals can enjoy the benefits of remote working without exposing their organisations to security risks. Security awareness and education are at least as important as technology in these efforts, Cisco notes. ®

*The reasons offered for squatting a neighbour’s wireless connection provide an insight into the thinking of remote workers. Answers offered in the survey included: “I needed it because I was in a bind”, “It’s more convenient than using my wireless connection”, “I can’t tell if I’m using my own or my neighbour’s wireless connection” and “My neighbour doesn’t know, so it’s OK”.

Source – The Register