Microsoft Could Have Avoided Hacker Attack
A leading supplier of e-mail security systems says Microsoft could have easily fended off the hacker who recently broke into its computer system.
The product manager at Content Technologies, Lindsay Durbin, says Microsoft fell prey to a sophisticated Trojan Horse program embedded in an e-mail sent to an employee’s personal computer.
The program allowed the hacker to collect user names and passwords of other Microsoft employees and then access the giant company¹s most secret commercial information.
The Trojan Horse that attacked Microsoft was an executable, Mr Durbin said. “When it’s run, it exports data via mail to a third party - but it will only work if the e-mail system lets it.”
Organisations with software such as Content Technologies' MAILsweeper could have a company policy which blocked all incoming executables, thus eliminating the problem, he said.
“In the New Economy cyber crime is one of the most serious issues facing businesses, yet organisations continue to react to attacks rather than prevent them in the first place.
“The Melissa virus, the I Love You bug and the latest Microsoft attack have crippled some of the world's most powerful companies, but they can easily be avoided if security is implemented as a proactive measure, not a reactive clean up,” he said.
The key to proactive security was a security policy.
"Organisations should establish a policy that suits the way it does business, educate the workforce about the policy and the reasons for its existence, and enforce the policy. This eradicates some of the most common security threats, such as human error in opening contaminated and high risk files such as executables," Durbin said.
MAILsweeper for SMTP is a content security solution that sits on the gateway and allows businesses to implement content security policies for e-mail entering and leaving the enterprise. This enables organisations to control threatening activity from the outset, including quarantining of suspect data. Comprehensive notification and alerting facilities can be set up and customer-definable auditing and reporting tools can be established.
With MAILsweeper, organisations can scan for e-mail borne viruses, block or delay transmission of oversize files, detect malicious code leading to corruption or loss of data and identify unwanted file types, such as executables, videos and images.
Content Technologies' solutions prevent unauthorised transfer of confidential information, filter out spam and detect spoofed e-mails, all of which stops the unauthorised transfer of encrypted or password-protected data based on an organisations’ security policy.
"The risks involved are too dire to ignore and monitoring suspect activity after the breach is not sufficient protection," concluded Durbin.
About Content Technologies:
Content Technologies is a leading developer of e-mail and Internet content security and policy management solutions.
Over 6,000 customers and six million users world-wide use Content Technologies MIMEsweeper family of content security solutions. The existing family of solutions includes MAILsweeper for SMTP, SECRETsweeper, MAILsweeper for Microsoft Exchange, WEBsweeper, MIMEsweeper for Domino, e-Sweeper, MAILsweeper for Archivist and PORNsweeper.
MIMEsweeper, launched in 1995, was the first product on the market to scan e-mail and attachments for content threats. The MIMEsweeper family has since become a leading solution for content security, providing organisations with content security and policy management defences against business and network integrity threats. These threats include misuse of e-mail and the Web, confidentiality breaches, exposure to e-mail legal liability, junk e-mail, Spam and spoofing, as well as e-mail-borne viruses.
Content Technologies' MAILsweeper
for SMTP Version 4.1 provides a comprehensive policy-based
content security solution that enables companies to
implement and manage policies to combat key business
security threats posed by the Internet. The company's
SECRETsweeper product enables content management of
encrypted e-mail, and
e-Sweeper provides a content security solution for Service Providers and their customers.
Content Technologies is headquartered in the UK with additional offices across the USA (Seattle, New York, Boston and Washington DC), as well as in France, Germany, Australia and Japan. The MIMEsweeper family is sold both direct and through select reseller channels made up of VARs, systems integrators and Internet Service Providers.
Content Technologies was recently acquired by Baltimore Technologies, a global leader in e-security.
For information on the complete range of e-security solutions from Baltimore please visit www.baltimore.com
All names and trademarks are recognised and
Contact: Narelle Behn-Carey Julian O’Brien or Gerry Morris
Content Technologies (04) 472-8505 (00612) 9212 3888