News briefs: Cisco issues another IOS vulnerability alert

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

• Cisco has issued another vulnerability alert for its IOS software. This one involves the Firewall Authentication Proxy for FTP and Telnet sessions feature in some versions of IOS. The feature is vulnerable to a remotely exploitable buffer-overflow condition, says a Cisco Security Advisory issued last week. The Firewall Authentication Proxy feature lets network administrators apply security policies on a per-user basis. The affected software versions are IOS 12.2ZH and 12.2ZL, 12.3, 12.3T, 12.4 and 12.4T. Cisco says it is not aware of any malicious use of the vulnerability. The company has made free software available to address the vulnerability and published workarounds in the advisory to mitigate its effects.
• September is starting to look like a quiet month for Microsoft's security response team. The company said last week that its monthly release of security fixes, expected Tuesday, will cover only one issue: an unidentified flaw in the Windows operating system. The bug is rated as critical, meaning a worm could take advantage of it without user action. The patch, called an "update" by Microsoft, will come as part of the company's monthly patch-release cycle. Microsoft releases most software patches on the second Tuesday of each month, a date that has come to be known as "Patch Tuesday" by security professionals. In August, Microsoft released six updates on Patch Tuesday.
• Former WorldCom CEO Bernard Ebbers last week won six more months of freedom when a federal judge granted him a reprieve while his lawyers appeal his conviction. In July Ebbers was sentenced to 25 years in prison for his role in the accounting fraud that nearly brought down WorldCom, now known as MCI. According to reports, Ebbers lawyers are appealing on grounds that the judge in the case gave the jury inappropriate instructions about Ebbers' knowledge of the accounting fraud. Ebbers had been expected to report to a medium-security federal prison in Oakdale, La., on Oct. 12. Absent a successful appeal, he'll likely report to prison in April. According to court documents the judge says she granted the stay because Ebbers is not likely to flee and because his lawyers raised questions that could result in a change on his conviction and possibly a new trial.
• Why would an online auction company be interested in buying an Internet telephone company? Industry experts are trying to answer that question after learning last week that eBay is reportedly in talks to acquire Skype, one of the world's largest providers of VoIP services. A report in The Wall Street Journal says eBay is considering paying between $2 billion and $3 billion to acquire Skype. That Skype is talking to another prospective buyer shouldn't surprise many people. The Luxembourg-based VoIP service provider already has held negotiations with a number of interested buyers, including News Corp., Microsoft and Yahoo, but none of these talks have led to deals. And that eBay is snooping around the market for a good buy should equally come as no big surprise. As its core business online auction business matures, the company has been looking to expand into new product areas and international markets.

Read more about security in Network World's Security section.