"SMB's Especially Attractive To Spyware Criminals"
On April 24th, Webroot released "Spyware & Small Business", an
informative guide developed exclusively for small and medium-sized
businesses to educate and inform them on the massive risks spyware
poses to their company's networks and assets.
Webroot warns that SMBs are especially attractive to spyware
criminals due to their often limited IT resources and lack of network
security. According to a survey of SMBs conducted by Webroot, more
than 50 percent of small and medium-sized businesses experienced a
spyware attack during the first quarter of 2006. The ramifications
of these spyware attacks on the businesses themselves were particularly
disturbing. Of those attacked, 63 percent experienced slowed system
performance, 56 percent reported a reduction in employee productivity,
34 percent experienced a negative impact on their bottom line and 20
percent reported a loss in sales.
We think our colleagues at Webroot are right about this threat.
Obviously they would like you to buy their product to protect against
all this doom. We however think that you as an administrator would
be better served by CounterSpy Enterprise. Reason? It was built "by
admins for admins", and this month won Network Computing's prestigious
Well-Connected Awards. They said:
"Getting rid of spyware is a difficult task, but to do it well,
antispyware tools must reduce administrative load. In our tests,
Sunbelt's CounterSpy Enterprise performed remarkably well from an
administrative perspective. This product can be deployed and updated
more efficiently than any other product we reviewed, and it integrates
seamlessly with ActiveDirectory. Policy configuration, exclusion
lists and status reporting were all top-notch."
Get a 30 day eval of CSE and see for yourself!
Double-Take Fights Hurricanes
For Ron Sattan, IT Manager at award-winning, full service engineering
company, Hatch Mott McDonald, last year's Hurricane Katrina was a
good test of its new disaster recovery plan. "If the old plan had
been in place, we definitely wouldn't have been as comfortable
having to close our Mobile office, and we would not have recovered
so quickly," said Sattan. Read the Byte and Switch article here:
Need To Stress Test Your FTP Server?
Infigo released a simple and user friendly GUI FTP fuzzer tool for
stress testing FTP server implementations. It's a very configurable
tool, which means that you can precisely define which FTP commands
will be fuzzed with the parameter size and test strings.
Running this fuzzer against FTP server implementations resulted in
uncovering numerous security vulnerabilities (overflows, format
strings) in various FTP servers. After short period of fuzzing,
fuzzer revealed buffer overflow vulnerabilities in for example:
Try this on your own FTP server and see if it holds up. You can download it from:
- ArgoSoft FTP Server (RNTO Unicode overflow)
- Golden FTP Server (NLST overflow)
- FileZilla FTP Server (MLSD)
- FileZilla remote server interface (homemade protocol)
- WarFTPD (various exceptions and WDM.exe overflow)