The Finnish-based antivirus company F-Secure is recommending that systems
administrators block access to all WMF files at HTTP proxy and SMTP level, as
the Windows Metafile (WMF) vulnerability reported on Monday is confirmed as
still applying to all the main versions of Windows: Windows ME, Windows 2000,
Windows XP and Windows 2003. As of yesterday there had still been no patch
issues by Microsoft.
The vulnerability was first reported on December 27, says F-Secure, at which
time Trojan downloaders were seen to be actively exploiting the vulnerability
with fully patched Windows XP SP2 machines. At its "Windows Zero-Day
Vulnerability Center," F-Secure reports as follows:
"So far WMF exploits have been typically used to install spyware and adware
although the threat of virus and worm exploits remain. Users can be infected
simply by visiting a web site with an image file ... (more)
"Beyond Consolidation: Using SANs for Better Data," a live interactive
Webcast sponsored by EqualLogic, is slated for Wednesday, June 9th, 2004, at
10 a.m. PDT, 1 p.m. EDT. Register now, and listen in to learn how SANs can
enable better data protection. By centralizing backup environments, SANs can
provide efficient disaster protection operations and rapid restores. Topics
to be discussed include backup architectures (local, network, and SAN);
extending disk-to-disk-to-tape backup configurations to truly optimized
backup and recovery operations; and how replication provides both ... (more)
The average security investment will peak at eight to 12 percent of
information technology budgets in the United States by 2006, and in Europe
and the Asia Pacific region by 2007, according to META Group, Inc.
The market research and advisory firm expects these budgets to stabilize at
five to eight percent in the United States by 2008 and in Europe and the Asia
Pacific region by 2009.
"Information security remains a top-five issue for CIOs, and the debate
regarding appropriate investment levels continues to rage," said Tom Scholtz,
vice president with META Group's Security & Risk ... (more)
Promise Technology has just launched the VTrak 15200 RAID storage system for
iSCSI SANs. Promise's VTrak 15200 is a compact, 3U rackmount-optimized
storage system that can be populated with up to fifteen low cost Serial ATA
Drives (SATA) or Parallel ATA (PATA) drives. The VTrak 15200 system combines
ATA RAID storage with a dual-port hardware-based iSCSI host interface that
delivers up to 200 MB/sec throughput for cost-effective server clustering and
SAN storage for mid-range enterprise, medium and small businesses.
"By reducing the cost and eliminating many of the challenges tradit... (more)
According to a report at the Netcraft.com site, Internet scanning for servers
running Secure Sockets Layer (SSL) has spiked in the past week, raising
suspicions that hackers may be profiling targets for future attacks.
Netcraft has a cosmopolitan client list, spread through the UK, the USA,
mainland Europe, the Middle East, Asia Pacific and Latin America.
Scans of port 443, which is used by SSL, have surged since July 15. The
report explains that SSL encrypts sensitive information for e-commerce
transactions, and that its presence can therefore indicate a high-value
target for cra... (more)