In-Depth

In Brief

Avoiding Time Warner’s Backup Mistakes; Learning from Loveletter; Tivoli Offers Security Index

• By Mathew Schwartz
• 05/25/2005

Avoiding Time Warner’s Problems

If IT managers need ammunition for selling secure backups to senior management, here’s a recent lesson: Time Warner, which announced that backup tapes—with personal information relating to 600,000 of its current and former employees—went missing while being transported by Iron Mountain to a backup facility. Time Warner has been notifying the affected employees and any affected family members, and the U.S. Secret Service is also helping investigate the loss.

According to Time Warner, “the missing tapes contained company data including names and U.S. Social Security numbers of: current and former U.S.-based employees of Time Warner and its current and former affiliates (and U.S. citizens working for the company abroad); some of their dependents and beneficiaries; and certain other individuals who have provided services to the company.”

Time Warner’s chief security officer, Larry Cockell, said in a statement that “while we have no evidence to suggest the information on the tapes has been accessed or misused, we are providing current and former employees with resources to monitor their credit reports while our investigation continues.” Beyond those disclosures, however, Time Warner has been mum. “For security reasons and to ensure that we do not hamper the ongoing investigation, we cannot discuss in further detail what information might be on the tapes,” he said.

The Time Warner data loss mirrors the recent loss or theft of data from such organizations as Bank of America, ChoicePoint, Lexis-Nexis, and Wells Fargo. Companies that retain or sell data seem to finally be taking notice. So says security vendor NetIQ, which surveyed over 600 IT managers from North American enterprises, government agencies, educational institutions, and non-profit organizations about their current security fears.

According to the results, nearly every security manager reports being “concerned with protecting sensitive information from employees and contractors.” Spending, however, doesn’t yet reflect those concerns. “IT managers’ security resources continue to be focused on traditional malware, viewing viruses and worms as the leading threat to the IT environment,” says NetIQ.

To protect sensitive information on backup tapes, experts recommend organizations develop and implement policies and technologies to enforce more-secure backups. That way if tapes go missing, the information on them is encrypted, meaning attackers can’t recover it.

Loveletter’s Fifth Anniversary

Remember Loveletter, also known as I-Worm.Loveletter, one of the most widespread and damaging e-mail worm outbreaks of its time?

About five years ago, the worm circulated as a Microsoft Visual Basic script in e-mails with the subject line “ILOVEYOU.” Users clicked on the attachment in droves, and the worm spread rapidly.

So what’s changed since Loveletter showed up? Very little, according to Steven Sundermeier, vice president of products and services for antivirus vendor Central Command Inc. “While the overall sophistication of some worms has gradually increased, and the motive for virus writing has altered,” he says, “virus authors today are still heavily relying on social engineering,” by which he means enticing file names and expert enough graphic design to trick users into thinking they’re viewing a real site or service.

Furthermore, e-mail worms today remain widespread. “The sad part,” he says, “is that many worms in circulation are dependant on some sort of human interaction in order to spread.” In April 2005, for example, Central Command notes the top five viruses and worms were “nothing more than average e-mail-based worms not much different in terms of complexity and spreading procedures than that of I-Worm.LoveLetter.”

Tivoli Offers Security Index

Users of Tivoli Security Compliance Manager (SCM) from IBM can now—for a price—get daily updates from the IBM Global Business Security Index, a security intelligence service. The feed allows an organization “to automatically recognize IT systems that are missing key security patches based on the latest advisory information,” notes IBM. The information should also better facilitate maintaining centralized, and automated, security policy checks.

On average, IBM says, the service “detects 100 million suspected or actual attacks against customers each month.” It’s maintained by IBM security researchers and draws data from half a million devices deployed in Fortune 500 and government organizations in 34 countries. Information covers such operating systems as Windows, Linux Red Hat, AIX, Solaris, and HP.