MyDoom Removal Service Available

If you think your site has been hit by the Mydoom virus, call Aavex Technology at 630-365-0025. Aavex can come out and scan your entire site for Mydoom and remove it fromeach infected machine.  If you have not reviewed your security program call Aavex to learn how a vulnerability assessment will help you in protecting your information assets.

MyDoom worm scores hit, knocks out SCO site

One security expert called the denial of service attack 'spectacularly successful' 
Story by Bernhard Warner

FEBRUARY 01, 2004 ( REUTERS ) - The MyDoom Internet worm claimed its first scalp Sunday, paralyzing the Web site of software firm The SCO Group Inc. with a massive data blitz. 
In a statement issued this morning, the Utah-based company confirmed MyDoom knocked its site, http://www.sco.com, out of commission with a distributed denial of service attack. 

"Internet traffic began building momentum Saturday evening and by midnight Eastern Time the SCO Web site was flooded with requests beyond its capacity," the statement read. More....

Stepping Up to Sarbanes-Oxley

When it comes to compliance, some aspects of meeting the law's requirements may fall to the IT security group. 
Security Manager's Journal by Mathias Thurman 
JANUARY 26, 2004 ( COMPUTERWORLD ) - Most information security professionals are probably familiar with at least one of the many recent regulations that have an information security element to them. For my company, the legislation of concern is the Sarbanes-Oxley Act, which has presented new financial accounting and reporting requirements. I recently reviewed the law to see what the IT security group needed to do to ensure compliance. It was without a doubt the most boring document I've read in months. More.... 

Md. computer testers cast a vote: Election boxes easy to mess with
In Annapolis, tales of trickery, vote rigging 

By Stephanie Desmon
Sun Staff
Originally published January 30, 2004

For a week, the computer whizzes laid abuse - both high- and low-tech - on the six new briefcase-sized electronic voting machines sent over by the state.
One guy picked the locks protecting the internal printers and memory cards. Another figured out how to vote more than once - and get away with it. Still another launched a dial-up attack, using his modem to slither through an electronic hole in the State Board of Elections software. Once inside, he could easily change vote totals that come in on Election Day.

"My guess is we've only scratched the surface," said Michael A. Wertheimer, who spent 21 years as a cryptologic mathematician at the National Security Agency. More.... 

Wi-Fi Week: Mobility at the cost of security
Rupert Goodwins
ZDNet UK
January 28, 2004, 12:25 GMT

The mass media has had a lot of fun with wireless security: war driving, virus insertion and bandwidth stealing have all had their day in the sun. Public hot spots are more vulnerable to attack than private networks, where individual users can have their hardware authenticated as permanent network members. This means when you log onto a hot spot, there is a possibility that it has been compromised. It's not unknown for people to mount man-in-the-middle attacks, where they set up a bogus hot spot that overlaps with the provider's legitimate one, and then intercept logins.

If you are not connected to a service securely -- using SSL for websites, SSH for text services or a corporate VPN -- then you should be aware that your link may be transmitted in the clear and open to interception.  Some service providers do have extra security in their wireless links, but if they also allow roaming then you should check that the security is in place no matter who's running the hot spot. More....

Vulnerabilities

Advisories