* Patches from Mandrake Linux, Debian, Gentoo, others * Beware new editions of Bagel virus * Gearhead: Secure communications with SSH, and other interesting reading Normally, I’d put something like this down below in the interesting reading area, but it’s just too off the wall:IPods pose security risk for enterprises, Gartner saysThe iPod may be popular, but also poses such a major security risk for businesses, that enterprises should seriously consider banning the iPod and other portable storage devices, according to a study by research firm Gartner. IDG News Service, 07/06/04.https://www.nwfusion.com/news/2004/0706ipodspose.html?nl What do you think? Are iPods and other assorted portable media devices a real security risk? Does your company ban them? Drop me a line at jmeserve@nww.comToday’s bug patches and security alerts: Enterasys warns of DoS flaw in XSR Security Router XSR-1800A flaw in the Policy-Based Routing method used in the Enterasys XSR Security Router XSR-1800 series could be exploited in a denial-of-service attack against the affected device. A patch is not yet available, but Enterasys recommends disabling Policy-Based Routing as a workaround. For more, go to:https://www.nwfusion.com/go2/0705bug2a.html**********Mandrake Linux patches kernelA number of flaws in the Mandrake Linux kernel have been found. They could be exploited to read kernel memory or potentially gain root privileges on the affected machine. For more, go to: https://www.nwfusion.com/go2/0705bug2b.html**********Debian, Gentoo patch PavukA buffer overflow in Pavuk, a Web spider and Web site mirroring tool, could be remotely exploited to run an attacker’s code of choice on the affected machine. For more, go to: Debian:https://www.debian.org/security/2004/dsa-527Gentoohttps://forums.gentoo.org/viewtopic.php?t=192026**********Gentoo patches mit-krb5Multiple buffer overflow vulnerabilities exist in Kerberos5 krb5_aname_to_localname() function. An update is available. For more, go to:https://forums.gentoo.org/viewtopic.php?t=191790Gentoo releases patch for EsearchAccording to Gentoo, “The eupdatedb utility in esearch creates a file in /tmp without first checking for symlinks. This makes it possible for any user to create arbitrary files.” For more, go to:https://forums.gentoo.org/viewtopic.php?t=192713**********Debian patches webminTwo vulnerabilities have been found in the Debian Webmin module. One flaw could allow an attacker to launch a brute force attack to crack user passwords. Another could be exploited to bypass access control rules and gain read access to configuration information. For more, go to:https://www.debian.org/security/2004/dsa-526**********OpenPKG releases png patchA buffer overflow in png caused by some incorrect loop offset values could be exploited in a denial-of-service attack against the affected machine. For more, go to:https://www.openpkg.org/security/OpenPKG-SA-2004.030-png.txt**********Today’s roundup of virus alerts:Bagel source code is revealedAnti-virus software companies are warning customers that new editions to the Bagle family of e-mail worms are spreading on the Internet, and depositing copies of the worm’s source code on computers they infect. IDG News Service, 07/07/04.https://www.nwfusion.com/news/2004/0707bagelsourc.html?nlW32/Bagle-AD – Another Bagle variant that uses a variety of e-mail messages to spread. When it infects a machine it displays a fake error message. Fortunately, the worm seems to stop working after July 6. (Sophos)W32/Rbot-CR – An Rbot variant that tries to exploit a number of Windows vulnerabilities to spread between computers. It copies itself to the “taskmngrs.exe” file in the Windows System directory and uses IRC to allow backdoor access to the infected machine. (Sophos)W32/Rbot-AS – This Rbot variant exploits weak passwords on network shares to spread between machines. After copying itself into “LSAS.EXE” in the Windows System directory, the virus provides backdoor access via IRC. (Sophos)W32/Rbot-CP – Similar to Rbot-AS, except it uses the filename “TSKDBG.EXE”. (Sophos)W32/Evaman-A – A virus that spreads via e-mail, harvesting names from Yahoo and the infected machine. The infected message looks like a returned message and has the misspelled line: “This is a multi-part message in MIME formart”. (Sophos)W32/Lovgate-F – A new Lovegate variant that spreads via e-mail (with attachment names looking like porn files) and weakly protected network shares. It infects the Command.exe and iexplorer.exe files. (Sophos)W32/Sdbot-JS – A virus that drops two files on the infected machine “GFHHR.EXE” and “KHJBB.EXE”. It spreads by exploiting weak passwords on network shares and allows backdoor access via IRC. (Sophos)**********From the interesting reading department:Passwords can sit on hard disks for yearsTyping your password or credit card number into a computer is a moment’s work. But if you think your personal details disappear as soon as you hit the Return key, think again: they can sit on the computer’s hard disk for years waiting for a hacker to rip them off. New Scientist, 06/05/04.https://www.newscientist.com/news/news.jsp?id=ns99995064Dr. Internet: Not-so-Cool Web appMy PC seems to have been infected with something that has taken over my Internet settings. The Internet Explorer home page has been changed to a search site, and I can’t set it back. Every time I connect to the Internet, my screen gets filled with pop-ups (many pornographic), and I can’t make them go away. My anti-virus software is up to date but doesn’t find anything to remove. I tried Spybot and Ad-aware, but neither of them have solved the problem. Any ideas? Network World, 07/05/04.https://www.nwfusion.com/columnists/2004/070504internet.html?nlGearhead: Secure communications with SSHSSH provides an encrypted communications channel between a client and a server over TCP/IP connections. Using SSH you can safely log on to a terminal session on another computer, and no one can “listen in.” Network World, 07/05/04.https://www.nwfusion.com/columnists/2004/070504gearhead.html?nlNutter’s Help Desk: How to size/implement an SSL VPNOur company is moving forward with a pilot project on implementing an SSL-based VPN that could turn into a production situation if all goes well. We are trying to decide what unit capacity to purchase, and we’re also looking at having redundancy as transparent as possible to the user in the final system. Suggestions? Network World, 07/05/04.https://www.nwfusion.com/columnists/2004/0705nutter.html?nl Related content news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Cloud Computing Networking news Gartner: Just 12% of IT infrastructure pros outpace CIO expectations Budget constraints, security concerns, and lack of talent can hamstring infrastructure and operations (I&O) professionals. By Denise Dubie Dec 07, 2023 4 mins Network Security Data Center Industry feature Data centers unprepared for new European energy efficiency regulations Regulatory pressure is driving IT teams to invest in more efficient servers and storage and improve their data-center reporting capabilities. By Maria Korolov Dec 07, 2023 7 mins Enterprise Storage Enterprise Storage Enterprise Storage news analysis AMD launches Instinct AI accelerator to compete with Nvidia AMD enters the AI acceleration game with broad industry support. First shipping product is the Dell PowerEdge XE9680 with AMD Instinct MI300X. By Andy Patrizio Dec 07, 2023 6 mins CPUs and Processors Generative AI Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe