Blaster Redux? SSL Worm Threat Rising

Heads up! Sounds like there's a storm brewing.

Blaster Redux? SSL Worm Threat Rising:

"Security experts have spotted the first signs of a Blaster-like worm circulating underground, prompting fears that major Internet disruptions could be less than a week away.

Anti-virus firms on Wednesday warned of abnormal port-scanning activity and evidence of a backdoor Trojan infecting machines through a known vulnerability in Microsoft (Quote, Chart) IIS servers.

And, as was the case when the Blaster virus hammered corporate networks last August, a patch for the flaw has already been issued by Microsoft.

'This is an urgent situation. We're in the mode right now where we are strongly recommending that the patches be applied. The only way this won't be as disruptive as Blaster is for people to patch their IIS servers,' according to Symantec's Jonah Paransky.
Paransky, a senior manager of security product management at Symantec, told internetnews.com it was 'highly likely we're see self-propagating malicious code' released in the coming days."

Password protection no match for Easter egg lovers

Unbelievable. This is the third year in a row that this story has run and people still don't seem to get it. Do not share your password with strangers.

Password protection no match for Easter egg lovers:

"Forget sophisticated, AV-disabling network worms masquerading as an e-vite party link from a college friend. Next time you want to access someone's computer system without permission, just offer candy.

A recent survey of 172 office workers waiting for commuter trains at a London financial district transit station found a shocking 71% turned over their passwords in exchange for a chocolate Easter egg. Some even gave up the goods for a pen.

'We were really quite shocked at how easy it was to get them to give such sensitive information away,' said Neil Stinchcombe, one of the researchers who took part in the third annual survey on office scruples to help promote the upcoming Infosecurity Europe 2004 conference this month in London.

'Slightly more people gave up their passwords last year, but we did it in the West End, which is our theater district,' Stinchcombe explained. 'These are more security conscious people this year, and still they gave up their passwords so easily.' "

The cost of spyware

Network World's Mark Gibbs weighs in on the costs of spyware and why it's critical you keep this stuff off of your machine.

The cost of spyware: "If you're starting to think these programs are dangerous, you're right. They often slow down browsing and overall PC performance, can make your system unstable, and waste huge amounts of time and money. And on top of that, hacker-type spyware easily can bypass every bit of security you have, creating horrendous security problems.

So what might spyware be costing you? We'll start by assuming a fully loaded user salary is $72,000 per year and there are 260 working days per year. If a spyware infection involves nothing more than getting rid of it when found, and that process takes the user and the support person she works with, say, two hours to fix, then we're looking at a cost per incident of:

($72,000/260 days)*((2 people * 2 hours)/(8 hours per day)) = $138"