Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Ex-Bay Networks CEO: Nortel's enterprise group could do well on its own
Net neutrality advocates score big win with broadband stimulus rules
Security guard charged with hacking hospital systems
Cisco looks to accelerate virtualization deployments
Apple patching serious SMS vulnerability on iPhone
Could Cisco take on Microsoft with office app service?
Nortel enterprise data chief wants to bring back Bay Networks
Government releases $4 billion in broadband stimulus funds
Why the iPhone can't be 'killed'
IBM bundles x86 servers with VMware, offers special financing
Users note virtualization foot-dragging among app vendors
Five slick search engines you should know about
FTC opens all out assault on economic cyber-scammers
Happy birthday! The Walkman turns 30
Cisco won't take on Amazon in cloud
Security /

'Knockout' disaster recovery advice

Related linksToday's breaking news
Send to a friendFeedback

Sign up to receive this and other networking newsletters in your inbox.

By Jason Meserve
Security and Bug Patch Alert, 02/04/02

One of my favorite commercials during the Super Bowl was for Computer Associate's BrightStor product. The ad featured two CEO underlings, the guys with all the knowledge for a big meeting, accidentally knocking themselves silly and rendering their knowledge useless. The idea was to highlight disaster recovery and data backup.

While this is not directly related to bug patches and security alerts, it does show the need for a good disaster recovery plan. We've got a couple of good resources on Fusion dedicated to this topic. First is a disaster recovery roundtable that took place at last week's ComNet show. Network World Events Editor Sandra Gittlen quizzed executives from DataMirror, Tivoli, CA and Enterasys on the importance and how-tos of disaster recovery planning.

You can hear the session, using RealPlayer, by going to:

www.nwfusion.com/media/comnet2002/disaster.html

We've also got a 7-minute audio primer dedicated to the topic of disaster recovery planning. The primer is available in Windows Media and Real format, and can be found at:

www.nwfusion.com/primers/disaster/disasterprimer.html

Today's bug patches and security alerts:

* Flaw reported in Lotus Domino Webserver

According to an alert issued by Peter Grundl, the Domino Webserver does not handle URL requests for denial-of-services devices correctly. This vulnerability can be exploited by a malicious user to bring down the Webserver. All versions of Domino prior to 5.0.9a running on Windows 2000 are vulnerable. Users can download a patch for the problem from:

notes.net/qmrdown.nsf

* Debian updates rsync fix

Last week, we reported that Debian had released a patch for rsync, a synchronization tool for Linux. Turns out the patch did not work properly and ended up disabling rsync. An updated patch is available at:

www.debian.org/security/2002/dsa-106

* Conectiva patches pine

A flaw in the way pine, a popular e-mail client for Unix and Linux, handles embedded URLs could allow a malicious user to run arbitrary code on the affected machine. For more and links to the appropriate download, go to:

distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000460

* Linux-Mandrake updates gzip

Two problems have been discovered in gzip, a file compression program for Linux and Unix. First, a file with a name longer than 1,020 characters will crash the program. Second, a buffer overflow exists if gzip is run on a server such as an FTP server. For more, go to:

www.mandrakesecure.net/en/advisories/2002/MDKSA-2002-011.php

Today's roundup of virus alerts:

Nothing new to report on the virus front today. Instead, we bring you the Top 10 viruses in January, as reported by Sophos:

1. W32/Badtrans-B (Badtrans variant).

2. W32/MyParty-A (My Party).

3. W32/Magistr-B (Magistr variant).

4. W32/Sircam-A (Sircam).

5. W32/Nimda-A (Nimda).

6. W32/Maldal-G (Maldal variant).

7. W32/Magistr-A (Magistr).

8. W32/Gokar-A (Gokar), tied with W32/Klez-E.

8. W32/Klez-E (Klez variant), tied with W32/Gokar-A.

10. W32/Nimda-D (Nimda variant).

From the interesting reading department:

* Swat the Buffer Bugs

Here's how a buffer overflow attack happens: A cracker acquires a popular piece of Internet-related software, such as a Web server or an instant messaging client, and analyzes the code. It's pretty easy to find the input buffers, where anyone on the 'Net can send a string of data into the system. And it's also pretty easy to find the code that feeds that data into each buffer. If that code doesn't limit the length of the data string, the cracker knows he has a foolproof way into the system.

www.computerworld.com/cwi/story/0,1199,NAV47-74_STO67572,00.html

Computerworld, 01/21/02

* Buyer's Guide: Vulnerability-assessment tools

Do you know where the holes are in your network? Vulnerability-assessment scanners can help you find them before hackers do. Check out a review of eight different vulnerability-assessment scanners, our interactive Buyer's Guide, where you can find the right product for you, and more.

www.nwfusion.com/reviews/2002/0204bgtoc.html

Network World, 02/04/02

* Novell raising security profile

CEO Jack Messman wants Novell to be known for its security offerings, which means a team of developers has been hired to rescue the company's dormant BorderManager product from the scrap heap and enhance its other authentication and access software.

www.nwfusion.com/news/2002/0204border.html

Network World, 02/04/02

* Rumsfeld: Cyber, other threats to change U.S. military

The vulnerability of U.S. information networks and a belief that a future attack against the U.S. may be launched in cyberspace is high in the mind of U.S. Secretary of Defense Donald Rumsfeld as he plots to change the U.S. armed forces so they can better defend against unconventional threats.

www.nwfusion.com/news/2002/0201rumsfeld.html

IDG News Service, 02/01/02

* Microsoft appoints chief security strategist

Microsoft has appointed Scott Charney as chief security strategist, giving him the task of developing strategies to enhance the security of Microsoft products, services and infrastructure, the company announced in a statement Thursday.

www.nwfusion.com/news/2002/0201mstrategy.html

IDG News Service, 02/01/02

* ASPs look to bolster security offerings

Security already was a stumbling block for application service providers intent on convincing companies to rely on remotely hosted applications. Now with security issues getting more attention because of proliferating viruses and increased feelings of vulnerability after Sept. 11, ASPs are renewing efforts to provide the best security services available.

www.nwfusion.com/news/2002/0204carrier.html

Network World, 02/04/02

* ArcSight sets sights on security mgmt.

Enterprise customers looking to fortify their networks tend to buy lots of security products from lots of vendors because of the choice of firewalls, intrusion-detection systems and syslog analysis tools available. One downside to this is that getting a read on overall network security can involve dealing with a slew of separate management consoles.

www.nwfusion.com/news/2002/129801_02-04-2002.html

Network World, 02/04/02

* Archives online:

Nothing beats the Patriots win last night in the Super Bowl. If you're still recovering and want to look busy, read our archives:

www.nwfusion.com/newsletters/bug/index.html

 

RELATED LINKS

Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at jmeserve@nww.com.

Security and Bug Patch Alert archive
Past newsletters.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.