Breaking News: Fundamental Flaw in Internet Revealed
Many sources are reporting that officials from the United Kingdom and United States have reported that there is a major flaw in the Transmission Control Protocol (TCP). The use of this vulnerability could bring down the entire Internet. According to the article:
“The U.K. National Infrastructure Security Coordination (NISCC) said systems that rely on persistent TCP connections, for example routers using Border Gateway Protocol (BPG), are most at risk. The impact of this vulnerability varies by vendor and application, according to NISCC, but in some deployment scenarios it is rated critical.“
Interested users should read the advisory at the NISCC site here.
“Opasa“ Worm Spreading
Symantec reports that a worm by the name of W32/Opasa-mm (there W32.Opasa@mm) is spreading a bit in the field. The worm, which uses either a .html file or a .zip file with a .html file within it, has been reported from a few locations, although not yet a significant enough number to warrant much worry.
The worm spreads via P2P programs in addition to a highly polymorphic email. The worm is clever, so subsequent variants may be threats.
“Z“ Variant of “NetSky“ Appears
W32/NetSky.Z-mm, also known as NetSky.AA, has appeared. F-Secure says that it is currently a low risk. The only difference from previous variants is that W32/NetSky.Z-mm does not attempt to spread via P2P programs and does not uninstall W32/Bagle-mm variants. It listens on port 665.
More information about this worm can be found here.
FTC: “No Need for Spyware Legislation“
The Register reports that the Federal Trade Commission (FTC) does not currently believe that spyware constitutes a significant enough threat to warrant laws against its creation. The commission instead recommends industry self-regulation, which Security Manifest would like to point out is nearly as likely as the spyware industry deciding to clean off its programs from every affected machine and issue an apology message. The alternative, user education, is also not very viable.
Commissioner Mozelle Thompson says that it is “too early” for laws banning spyware to be put in place. The question of what should be considered spyware and what should be not is one to be mulled. Many advocates objected when the state of Utah declared spyware a crime on the grounds that the law was too wide, potentially also disallowing legitimate programs.
This just shows how complex the issue of spyware is. The claim that it is “too early” for spyware legislation is interesting, because really there is no perfect time for it. Spyware has been around for many years now, and is fast-emerging as more of a threat than viruses. Only time will tell whether we see legislation in this department anytime soon, but if the average of 28 spyware programs on the average user's machine is any indication, end users are already being affected by this developing pandemic.
Posted
Apr 21 2004, 07:44 AM
by
trafton