• United States

IPod security risk?

Jul 08, 20046 mins

* Patches from Mandrake Linux, Debian, Gentoo, others * Beware new editions of Bagel virus * Gearhead: Secure communications with SSH, and other interesting reading

Normally, I’d put something like this down below in the interesting reading area, but it’s just too off the wall:

IPods pose security risk for enterprises, Gartner says

The iPod may be popular, but also poses such a major security risk for businesses, that enterprises should seriously consider banning the iPod and other portable storage devices, according to a study by research firm Gartner. IDG News Service, 07/06/04.

What do you think? Are iPods and other assorted portable media devices a real security risk? Does your company ban them? Drop me a line at

Today’s bug patches and security alerts:

Enterasys warns of DoS flaw in XSR Security Router XSR-1800

A flaw in the Policy-Based Routing method used in the Enterasys XSR Security Router XSR-1800 series could be exploited in a denial-of-service attack against the affected device. A patch is not yet available, but Enterasys recommends disabling Policy-Based Routing as a workaround. For more, go to:


Mandrake Linux patches kernel

A number of flaws in the Mandrake Linux kernel have been found. They could be exploited to read kernel memory or potentially gain root privileges on the affected machine. For more, go to:


Debian, Gentoo patch Pavuk

A buffer overflow in Pavuk, a Web spider and Web site mirroring tool, could be remotely exploited to run an attacker’s code of choice on the affected machine. For more, go to:




Gentoo patches mit-krb5

Multiple buffer overflow vulnerabilities exist in Kerberos5 krb5_aname_to_localname() function. An update is available. For more, go to:

Gentoo releases patch for Esearch

According to Gentoo, “The eupdatedb utility in esearch creates a file in /tmp without first checking for symlinks. This makes it possible for any user to create arbitrary files.” For more, go to:


Debian patches webmin

Two vulnerabilities have been found in the Debian Webmin module. One flaw could allow an attacker to launch a brute force attack to crack user passwords. Another could be exploited to bypass access control rules and gain read access to configuration information. For more, go to:


OpenPKG releases png patch

A buffer overflow in png caused by some incorrect loop offset values could be exploited in a denial-of-service attack against the affected machine. For more, go to:


Today’s roundup of virus alerts:

Bagel source code is revealed

Anti-virus software companies are warning customers that new editions to the Bagle family of e-mail worms are spreading on the Internet, and depositing copies of the worm’s source code on computers they infect. IDG News Service, 07/07/04.

W32/Bagle-AD – Another Bagle variant that uses a variety of e-mail messages to spread. When it infects a machine it displays a fake error message. Fortunately, the worm seems to stop working after July 6. (Sophos)

W32/Rbot-CR – An Rbot variant that tries to exploit a number of Windows vulnerabilities to spread between computers. It copies itself to the “taskmngrs.exe” file in the Windows System directory and uses IRC to allow backdoor access to the infected machine. (Sophos)

W32/Rbot-AS – This Rbot variant exploits weak passwords on network shares to spread between machines. After copying itself into “LSAS.EXE” in the Windows System directory, the virus provides backdoor access via IRC. (Sophos)

W32/Rbot-CP – Similar to Rbot-AS, except it uses the filename “TSKDBG.EXE”. (Sophos)

W32/Evaman-A – A virus that spreads via e-mail, harvesting names from Yahoo and the infected machine. The infected message looks like a returned message and has the misspelled line: “This is a multi-part message in MIME formart”. (Sophos)

W32/Lovgate-F – A new Lovegate variant that spreads via e-mail (with attachment names looking like porn files) and weakly protected network shares. It infects the Command.exe and iexplorer.exe files. (Sophos)

W32/Sdbot-JS – A virus that drops two files on the infected machine “GFHHR.EXE” and “KHJBB.EXE”. It spreads by exploiting weak passwords on network shares and allows backdoor access via IRC. (Sophos)


From the interesting reading department:

Passwords can sit on hard disks for years

Typing your password or credit card number into a computer is a moment’s work. But if you think your personal details disappear as soon as you hit the Return key, think again: they can sit on the computer’s hard disk for years waiting for a hacker to rip them off. New Scientist, 06/05/04.

Dr. Internet: Not-so-Cool Web app

My PC seems to have been infected with something that has taken over my Internet settings. The Internet Explorer home page has been changed to a search site, and I can’t set it back. Every time I connect to the Internet, my screen gets filled with pop-ups (many pornographic), and I can’t make them go away. My anti-virus software is up to date but doesn’t find anything to remove. I tried Spybot and Ad-aware, but neither of them have solved the problem. Any ideas? Network World, 07/05/04.

Gearhead: Secure communications with SSH

SSH provides an encrypted communications channel between a client and a server over TCP/IP connections. Using SSH you can safely log on to a terminal session on another computer, and no one can “listen in.” Network World, 07/05/04.

Nutter’s Help Desk: How to size/implement an SSL VPN

Our company is moving forward with a pilot project on implementing an SSL-based VPN that could turn into a production situation if all goes well.  We are trying to decide what unit capacity to purchase, and we’re also looking at having redundancy as transparent as possible to the user in the final system. Suggestions? Network World, 07/05/04.