Cisco outlines fix for ARP storms

* Patches from Debian, Gentoo, others * Poisoned Web sites soar sixfold * Black Hat/Defcon hackfests next week promise rollicking action, and other interesting reading

Today's bug patches and security alerts:

New Cisco advisory outlines fix for ARP storms on wireless LANs

Cisco has just released a new security advisory that details what caused the address storms that recently afflicted Duke University's wireless net. The advisory, posted on the company’s Web site, says that Cisco’s wireless LAN controllers have "multiple vulnerabilities in the handling of Address Resolution Protocol (ARP) packets." These vulnerabilities "could result in a denial of service (DoS) in certain environments." The vendor is offering free software to patch this problem, and notes that "there are workarounds to mitigate the effects of these vulnerabilities."

Cisco advisory

**********

Users urged to patch serious hole in BIND 9 DNS server

A security researcher has reported a serious vulnerability in BIND 9, the software widely used in the Internet's DNS addressing system. The vulnerability in BIND 9 could allow an attacker to force the DNS server to return an incorrect Web site to a user, a trick known as DNS cache poisoning, or pharming. IDG News Service, 07/25/07.

SANS Internet Storm Center advisory

Patches:

Debian

OpenPKG

Mandriva

Ubuntu

**********

Researchers claim first iPhone vulnerability; exploit steals data, operates phone

Three security researchers claimed Sunday that they have found the first exploitable vulnerability in Apple's iPhone, a flaw that allows them to steal any data from the device or even to turn it into a remote surveillance tool. Computerworld, 07/23/07.

Also:

Consumer Reports: iPhone Hacking Raises Security Concerns for all Smartphone Users

**********

Researcher publishes attack code for Mozilla flaw

Mozilla is working on patching its Firefox browser after a hacker posted details of a flaw that could let criminals run unauthorized software on a victim's machine. The flaw lies in Firefox's URL handler component, which was the source of another bug, disclosed Tuesday by Mozilla. IDG News Service, 07/25/07.

Mozilla advisory

Blog: Remote Command Execution in FireFox et al

**********

Five new updates from Gentoo:

MPlayer (multiple buffer overflows, code execution)

MIT Kerberos 5 (code execution, root privileges)

Festival (privilege escalation)

GIMP (multiple integer overflows, code execution)

NVClock (code execution)

**********

Two new patches from Debian:

tcpdump (integer overflow, code execution)

ImageMagick (multiple flaws)

**********

Five new fixes from Debian:

ClamAV (denial of service)

Iceape (multiple flaws)

Iceweasel (multiple flaws)

Xulrunner (multiple flaws)

Firefox (multiple flaws)

**********

Today's malware news:

Funny.zip

There's a fairly large seeding of Trojan-Downloader.Win32.Agent.brk going on. The e-mail messages that are sent typically contain funny.zip as the attachment. E-mail subjects vary but are typically "spammy" in nature. F-Secure Blog, 07/25/07.

Poisoned Web sites soar sixfold, Sophos says

The number of infected Web pages has soared nearly sixfold since the first of the year, according to security company Sophos. Detailed in a just-released threat report, the spike shows just how widespread Web attacks have become, Sophos said today. In June, the company detected an average of almost 30,000 newly-infected pages each day; earlier in the year, the tally was as low as only 5,000 new pages daily. Computerworld, 07/25/07.

**********

From the interesting reading department:

Black Hat/Defcon hackfests next week promise rollicking action

Rigorous and sometimes raw disclosure of network vulnerabilities will all be part of the action at next week’s back-to-back hackfests, Black Hat and Defcon in Las Vegas. Network World, 07/23/07.

Study: Largest vendors account for fewer software flaws

The top 10 most vulnerable software vendors are contributing a smaller percentage of all vulnerability disclosures per year compared to five years ago, a study by IBM's Internet Security Systems X-Force team has found. Computerworld, 07/25/07.

Free security tool ferrets out unpatched software

A Danish security vendor is offering a free tool designed to inform users when their applications need patching. IDG News Service, 07/24/07.

McAfee sets Rootkit Detective free

The freeware program promises the ability to find and remove so-called rootkits -- self-cloaking malware attacks that install themselves as kernel modules or drivers and are most often used to hide other types of threats such as keyword-logging programs -- and send data about the attacks that are discovered back to McAfee. Computerworld, 07/25/07.

'Dangling pointers' more dangerous than thought, says security vendor

An issue largely ignored because the security risk was deemed only theoretical might soon become a significant and dangerous security risk, according to Web application security vendor Watchfire. Computerworld, 07/23/07.

Ransomware

How do you protect yourself? Keep your data backed up -- often -- in a manner that cannot be infected by ransomware. Keep multiple backup sets so you can restore your data to some point in the past, not just the last time a backup was made (your last backup may contain the infection). Gibbsblog, 07/23/07.

Fox News server found unsecured

Security analysts spotted a gaping security hole in Fox News Network's Web site on Monday, revealing file directories and sensitive content, although it appears the problem has been fixed. IDG News Service, 07/23/07.

Online communities a godsend for IT managers, survey says

Study shows IT managers who participate in online communities for troubleshooting, systems and security management, and application deployment benefit professionally by saving time when solving IT problems. Network World, 07/23/07.

A lesson from an answering machine: the importance of input anchoring in password recognition

I recently made a discovery that shows the importance of anchoring the input when trying to match a password. By this I mean that there should be no extra characters accepted either before or after the password (i.e., no extra characters that could be part of the password). Unanchored matching greatly weakens the defense against brute forcing the password. Symantec Security Response Weblog, 07/24/07.

Black Hat: Researchers say forensics software can be hacked

The software that police and enterprise security teams use to investigate wrongdoing on computers is not as secure as it should be, according to researchers at iSec Partners Inc. Network World, 07/25/07.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.