On the virus front, things have been very active: last month, over 200 new threats were identified and signatures created. To see what’s been identified visit Symantec’s “Virus Definitions Added”. It was also busy at Microsoft, where 5 or more security bulletins were posted (a more typical month is 2 or 3) of especial interest: two versions of Bulletin MS02-068, which deals with a Cumulative Patch for Internet Explorer v6 (also covered in Knowledge Base document Q324929). Get more details at Microsoft’s Security Bulletins page .
The New York Times adds to our “Scary Security Statistics” file with a report that an astonishing 70% of all Wi-Fi (802.11b) access points are basically insecure, including the 30% that are using the Wireless Encryption Protocol (WEP) because of known vulnerabilities to record and replay attacks.
A SearchCIO.com story includes the following chilling text quoted from IDC’s IT industry predictions for 2003: “War in Iraq will galvanize the hackers among the terrorist ranks to use their skills, perhaps in a coordinated way, to create economic disruptions via denial of service attacks, intrusion, or even physical attack on key network assets. The denial of service attacks on the 13 Internet DNS root servers on October 22 shows the blueprint. One hacker … has threatened to release a megavirus if Iraq is attacked.” Infowar may loom on horizons where other kinds of attacks could never reach.
MessageLabs, a well-known message filtering service, warned recently that e-mail’s noise ratio (the ratio of spam, junk, and threats to mail of genuine interest) is about to go critical. The company reports that in November, 2002, about 30% of all e-mail on the Internet was spam, and estimates that in 2003 the spam ratio may surpass 50%.