This story appeared in the October/November 2004 issue of Web Host Industry Review magazine. Click here to subscribe for free.
November 4, 2004 -- (WEB HOST INDUSTRY REVIEW) -- Several official European bodies - including the UK's National Infrastructure Security Coordination Centre (niscc.gov.uk), Germany's Office for Information Security (bsi.bund.de/english/) and Cybercrime Convention creator Council of Europe (coe.int) ? are weighing in on security vulnerabilities and offering advice that may impact the use of a range of Internet software.
The European organizations have each focused on security issues they claim are leaving European users and businesses at risk, alternately recommending caution with use of gateway security software that relies on the Multi-Purpose Internet Mail Extensions protocol, use of alternatives to Microsoft's Internet Explorer browser and ratification of the 2001 Cybercrime Convention, which is being called the first international agreement covering crimes on the Internet.
The caution on MIME gateway security products, which include Web and email content filtering and antivirus software, came from UK-based security firm Corsaire, which partnered with NISCC in publicizing the vulnerabilities. The groups published details on a number of security holes related to MIME, which encodes HTTP attachments and file transfers.
Some of the software makers with products listed as potentially vulnerable - including Mozilla, Microsoft, Sun, Samba and others - have responded to an early heads-up on the issues from NISCC and Corsaire and are providing patches. However, the UK security outfits advised the industry to treat the issues with particular concern since they are the same types of vulnerabilities exploited by high-profile worms including Nimda, Netsky and Badtrans.
Germany's Office for Information Security, known as BSI, offered its own advisory on secure Internet use, recommending the Mozilla or Opera browsers over Microsoft's Internet Explorer, which has been battered by vulnerabilities and attacks during the last year.
In the US, the call to use alternate browsers came earlier, from CERT, which indicated it was not in the business of endorsing software from any particular vendor, but nonetheless included use of an Explorer alternative in more than one of its recent advisories.
In Germany, a BSI official said in an interview with news Web site Berliner Zeitung that the federal computer security agency itself uses alternative browsers, suggesting that other government users would be safer from worms and other attacks by doing the same. Reinforcing the government's stance, which could be a harbinger of more Microsoft loss in the European government market, was a warning from the non-governmental Federation of German Consumer Organizations, which concurrently cautioned users about possible ID and financial information theft when using Explorer.
Those warnings follow a recent spate of phishing attacks that resulted in the disclosure of the banking information of German users. The problem was also highlighted at a recent meeting of the Council of Europe, which is pointing to the increased occurrence and risk of Internet crime and is pushing for the ratification of its Cybercrime Convention. The international treaty aims to align international efforts to fight crime online.
At a Council of Europe meeting in Strasbourg, France, in September, the Council reported that while Internet crimes accounted for only 1.3 percent of all recorded criminal activity in Germany in a year, online crimes accounted for $8.3 billion US, more than half of the damages from all recorded crimes in the region.
The Council highlighted phishing attacks, which attempt to lure users into divulging credit card accounts and other information used for theft, as a particularly fast-growing form of crime.
Another troubling finding from the Council was an increase in Web sites promoting hate, racism and violence. While the majority of the sites were hosted in the US, many of them originated in Europe, according to the Council.
The organization, which is made up of 45 member states, also estimated that child pornography and organized crime are thriving on the Internet and pointed out the need for acceptance, ratification and the eventual enforcement of the 2001 Cybercrime Convention.
The September conference was aimed at persuading new countries to sign and ratify the Convention by bringing together experts from the public and private sectors across the globe to discuss practical solutions to cyber-crime, including new challenges such as cyber-terrorism and money-laundering online.
The Convention, the only international treaty on cyber-crime, was launched nearly three years ago, was enacted in July and has so far been ratified by Albania, Croatia, Estonia, Hungary, Lithuania and Romania. Other nations, including Canada, Japan, South Africa and the US have signed the convention, but have not ratified it.
