Information Security News mailing list archives
Enterprises Vulnerable To Y2K Hacks
From: mea culpa <jericho () DIMENSIONAL COM>
Date: Fri, 24 Sep 1999 15:22:34 -0600
From: "Noonan, Michael D" <michael.d.noonan () intel com> Enterprises Vulnerable To Y2K Hacks Companies racing to meet Y2K deadlines may unwittingly be exposing their networks to hackers. The changeover to the year 2000 presents an opportune time for computer hackers and writers of malicious code to launch attacks on enterprise networks that could be mistaken for Y2K glitches, according to security experts. Meanwhile, the discovery of trap doors embedded in Y2K software, along with the rise of Y2K viruses, have heightened IT manager awareness of the need to safeguard networks from millennium attacks. "Many companies are making sure that they are Y2K-compliant, but that doesn't mean the systems are secure," said Ernst and Young analyst Thomas Klevinsky, a member of the consultancy's penetration testing services. In some cases companies that aren't yet Y2K-compliant are farming out programming work to contractors without completing a thorough background check, security experts noted. This is very risky, increasing the likelihood that trap doors can be installed on systems, thus enabling intruders to gain unauthorized access. In fact, some companies have already uncovered attempts to sabotage systems. Mark Gembicki, president of WarRoom Research, a security consultancy, said a few of his clients have found malicious code embedded in programs sent out for Y2K remediation that are associated with the years 2013 and 2017. Essentially, the traps "open up a portal for organizations to see more proprietary information" once installed on systems, Gembicki said. -- Rutrell Yasin http://www.internetwk.com/lead/lead092399.htm ISN is sponsored by Security-Focus.COM
Current thread:
- Enterprises Vulnerable To Y2K Hacks mea culpa (Sep 24)