By now you've heard the news that VeriSign inadvertently issued two Class 3 digital certificates to an unknown individual posing as a Microsoft employee. Apparently, VeriSign issued the bogus certificates January 29 and 30, 2001. The certificates bear the name "Microsoft Corporation," and a malicious user could use them to sign hostile code. This problem is very serious if left unchecked, so you need to stay on top of the problem until Microsoft has fixes available. You'll find more details about this matter in the related item in the Security Risks section below.
Identity theft is a growing problem across the Internet for individuals and companies alike. You can help minimize the situation by learning some of the ways intruders gather information about you and your company. Several resources are available to help. For example, in January 2001, Xinetica released a white paper that helps corporations understand the many ways intruders gather information.
In addition, I found three books that cover identity theft in a fair amount of detail. The first book is "Identity Theft" (ISBN 1559501952) by John Q. Newman, published in 1999. The 97-page book costs about $10 at most online books stores. The next book is "From Victim To Victor: A Step-By-Step Guide For Ending The Nightmare of Identity Theft" (ISBN 189212601X) by Mari Frank—a former attorney and victim of identity theft. Published in 1998, the 127-page book costs about $40. Last, but not least, is another book by Mari Frank, "The Identity Theft Survival Kit" (ISBN: 1892126001), which costs about $80. Check them out at your favorite online bookstore.
On another note, I was reading the Focus-MS mailing list this week and came across some interesting tips from list readers that might help you with your own security concerns. A particular conversation discussed how to secure diskette and CD-ROM drives from unauthorized physical access. Many administrators simply remove these devices from sensitive systems, which certainly reduces risk. However, not having the drives available when needed can be annoying. In those cases, leave the drives installed and use drive locks to protect them. Secure-IT makes a product called Disk Drive Lock for diskette drives that costs $24.95. A list reader also pointed out that the company also makes a small device called CoverLock ($29.95) that secures the computer cover to its chassis and prevents the CD-ROM drive door from opening.
I also learned this week about two slick add-ons for PC cameras that you can add to your security solution. Eagletron makes two products called TrackerPod and TrackerCam. TrackerPod is a small, robotic tripod for PC-based cameras, and TrackerCam is a software package that controls the tripod's movements. The software can manually position the tripod or cause it to automatically track movement in a given vicinity. For example, if someone enters your server room, TrackerCam can lock onto that person and follow his or her movements around the room. The tripod can pan 160 degrees and tilt up to 110 degrees while moving at up to 100 degrees per second. It sounds like a slick product. If you monitor your facilities with PC-based cameras, take a look at TrackerPod and TrackerCam.
Before I sign off this week, I want to remind you that we have our new Center for Virus Control online! The center is sponsored by antiviral software vendor Panda Software, who helps us bring you the latest information about new viruses, worms, and Trojans on our Web site each day. Each week, we'll summarize the reports in this newsletter. You'll find our latest report regarding the [email protected] worm in the Security Toolkit section below. Be sure to check it out!