Issue 23 New Zealand Computer Crime & Security Survey Publication date: 15 August 2006 University of Otago The New Zealand Computer Crime and Security Survey is conducted by the Security Contents Research Group (SRG) of the University of Otago, in partnership with the Computer Security Institute (CSI), New Zealand’s Centre for Critical Infrastructure Protection • New Zealand Computer Crime & Security Survey (CCIP), and the New Zealand Police. This 2005 survey is the inaugural annual survey and is based on the CSI/FBI Computer Crime and Security Survey. The CSI/FBI Survey • 2006 NetSafe Symposium is the longest running continuous survey in the information security field and commonly - CyberSafety & Security Online known as a leading source of statistics related to computer crime and security. The 2005 survey results are based on the responses of 218 computer security practitioners in • Policy Review – New Zealand (NZ) manufacturing, governmental, financial and medical organisations, Registering, Managing & Cancelling Domain Names and tertiary education providers regarding the 2004 calendar year. All monetary figures are in NZ$, roughly equivalent to US$0.5. Four questions in the 2005 survey address • On the Radar Newsletter issues considered in a previous 2004 SRG survey, allowing some discussion of trends. • Is Encryption too Hot to Most, however, have not been addressed in New Zealand before so trend analysis awaits Handle? subsequent survey results. The trends considered in this survey are: • Surviving the Monthly Patch • Prevalence of security incidents Cycle • Percentage of the Information Technology (IT) department budget spent • Understanding Hidden on security issues Threats: Corrupted • Use of cyber-security incident insurance Software Files • Use of Intruder Detection Systems (IDS) technology • Assessment of Windows • Popularity of common workstation operating systems (OS) Vista Kernel-Mode Security Source: http://eprints.otago.ac.nz/342/ 2006 NetSafe Symposium - CyberSafety & Security Online Internet Safety Group The 2006 NetSafe Symposium - Cybersafety & Security Online was held on the 6th and 7th July 2006 at the Westpac stadium in Wellington. The Symposium was modelled on previous NetSafe conferences with a cross-sector focus on the issues of cybersafety and security online. This two day invitation-only event brought together leaders from a range of different sectors from New Zealand and the world, to look at child safety, network security (businesses, schools and community agencies), online confidence (secure transactions), and the e-crime challenges for law enforcement and the New Zealand legal system. Source: http://www.netsafe.theoutfitgroup.co.nz/conferences/netsafe_symposium_cybersafety_and_security_online.aspx Policy Review – Registering, Managing & Cancelling Domain Names Office of the Domain Name Commissioner InternetNZ, through the Office of the Domain Name Commissioner, is reviewing the existing Registering, Managing and Cancelling Domain Names Policy. CCIP Contact Details: The Registering, Managing and Cancelling Domain Names (RMC) Policy sets out the T: +64 (0)4 498-7654 general rules regarding the .nz domain name space including registration requirements, F: +64 (0)4 498-7655 the information required to be on the .nz register and the general business processes E: email@example.com that .nz operates. http://www.ccip.govt.nz Source: http://www.dnc.org.nz/story/30258-29-1.html Information Security Links On the Radar Newsletter National Infrastructure LURHQ Security Co-ordination Centre (NISCC) In this edition you’ll find: Targeted Threats = Big Business, Featured Gartner Research, Internet Threat Update and Client Success Story: Securing e-Commerce and Proving Compliance. Public Safety and Emergency Preparedness Canada Source: http://www.lurhq.com/vol14.html (PSEPC) United States Computer Is Encryption too Hot to Handle? Emergency Readiness Team (US-CERT) techworld.com CERT Coordination Center Cryptography, the science of information protection once seen as the domain of geek (CERT/CC) academics and intelligence services, is going mainstream. Australian Computer Although cryptography has long been used to protect data in motion, for example to Emergency Response Team secure important diplomatic signals or sensitive Web pages, it is now regularly being (AusCERT) applied to protect “data at rest” in databases, filing systems and storage devices while Internet Storm Center (ISC) allowing anytime, anywhere access. US-CERT Cyber Security Source: http://www.techworld.com/features/index.cfm?featureID=2712&printerfriendly=1 Bulletins Surviving the Monthly Patch Cycle Safe Computing Links Internet Storm Center The Internet Safety Group There are basically a few tactics to this in use. What strikes me in the responses we (NZ) got: most of those writing in value not breaking applications significantly more than CCIP Security Tips patching before you get hit with an exploit. Perhaps there is a lot work left to be done in order to convince (upper) management of the risks of patching late as patching even an National Cyber Alert System (USA) hour after the worm or the targeted exploit hit you might cost the company significantly more than losing a few hours left and right over a not so critical system not being 100% AusCERT National healthy with a new patch. Information Technology Alert Service (AUS) Source: http://isc.incidents.org/diary.php?storyid=1575&isc=810ede2a96acb14a9f487f3caaa8635f IT Security Awareness For Everyone (UK) Understanding Hidden Threats: Corrupted Software Files National Alerting Service US-CERT National Cyber Alert System (Netherlands) Malicious code is not always hidden in web page scripts or unusual file formats. Attackers may corrupt types of files that you would recognize and typically consider safe, so you should take precautions when opening files from other people. Source: http://www.us-cert.gov/cas/tips/ST06-006pr.html Assessment of Windows Vista Kernel-Mode Security Symantec Corporation Abstract—Windows Vista introduces several additional barriers that aim to prevent malicious code from gaining access to the operating system kernel. This paper is intended to provide a technical review of their implementation. The kernel mode security Subscribe enhancements in Windows Vista are quite substantial, resulting in a dramatic reduction Subscribe to the CCIP e-bulletin of its overall attack surface. However, we have identified certain weaknesses in the and other CCIP publications, kernel enhancements that may be leveraged by malicious code to undermine these alerts and advisories by improvements emailing “subscribe” to firstname.lastname@example.org Source: http://www.symantec.com/avcenter/reference/Windows_Vista_Kernel_Mode_Security.pdf While this e-bulletin is accurate to the best of our knowledge, CCIP does not accept any responsibility for errors or omissions. If any of the vulnerabilities affects you, you are advised to ensure that you have the most current information available. CCIP will not be liable for any loss or damage howsoever caused, arising from or in connection with the use of information contained in this e-bulletin. CCIP only issues those external alerts that we assess as serious and would affect a large number of New Zealand users. For notification of all discovered software vulnerabilities we recommend that you subscribe to a commercial Computer Emergency Response Team or to vendor alert lists. Reference in this e-bulletin in any manner to any commercial product, process or service does not constitute or imply its endorsement or recommendation by CCIP. Views and opinions expressed herein may not be used for advertising or product endorsement purposes.