Enterprises Vulnerable To Y2K Hacks

[mea culpa <jericho () DIMENSIONAL COM>]

From: "Noonan, Michael D" <michael.d.noonan () intel com>

Enterprises Vulnerable To Y2K Hacks

Companies racing to meet Y2K deadlines may unwittingly be exposing their
networks to hackers.

The changeover to the year 2000 presents an opportune time for computer
hackers and writers of malicious code to launch attacks on enterprise
networks that could be mistaken for Y2K glitches, according to security
experts.

Meanwhile, the discovery of trap doors embedded in Y2K software, along
with the rise of Y2K viruses, have heightened IT manager awareness of the
need to safeguard networks from millennium attacks.

"Many companies are making sure that they are Y2K-compliant, but that
doesn't mean the systems are secure," said Ernst and Young analyst Thomas
Klevinsky, a member of the consultancy's penetration testing services.

In some cases companies that aren't yet Y2K-compliant are farming out
programming work to contractors without completing a thorough background
check, security experts noted. This is very risky, increasing the
likelihood that trap doors can be installed on systems, thus enabling
intruders to gain unauthorized access.

In fact, some companies have already uncovered attempts to sabotage
systems. Mark Gembicki, president of WarRoom Research, a security
consultancy, said a few of his clients have found malicious code embedded
in programs sent out for Y2K remediation that are associated with the
years 2013 and 2017.

Essentially, the traps "open up a portal for organizations to see more
proprietary information" once installed on systems, Gembicki said. --
Rutrell Yasin

http://www.internetwk.com/lead/lead092399.htm

ISN is sponsored by Security-Focus.COM