Microsoft updates and iPod follow up

Last week’s item about iPods posing security risks has drawn a range of response. Before we get to them, we’ve got a Network World Fusion Radio show dedicated to the topic this week: http://www.nwfusion.com/research/2004/0715radio.html?nl

Last week’s item about iPods posing security risks has drawn a range of response. Before we get to them, we’ve got a Network World Fusion Radio show dedicated to the topic this week:

https://www.nwfusion.com/research/2004/0715radio.html?nl

The reader responses:

From Dave Ellingsberg:

“IPods are not the risk, People are!  If your users are educated and aware of security risks they will not put info on portable devices to take home. They will follow policy if the leaders follow policy.  If you have a policy about removing data from the office and enforce it at the upper levels people at lower levels will not feel compelled to take extra work home in this fashion.”

Craig (no last name given) agrees, saying it’s the people, not the technology:

“The risks can be mitigated by a strong hiring process (which includes background checks) and providing users the tools they need to do their jobs; this makes them less likely to purchase concealed storage to get work done around the rules.  It also works against the mindset that can lead to employee treachery.  Companies that keep their employees out of the ‘Dilbert Zone’ have less to worry about.”

Craig also passes along this send up from The Register:

https://www.theregister.com/2004/07/14/your_datas_is_at_risk/

But Paul Schumacher thinks some controls are necessary:

“Any portable data device, not just IPods, can present a security threat by making data more portable. Once outside the protection of the company’s security system, that data is uncontrolled. These devices, including disks, flash memories (including those of digital cameras) as well as IPods, should be tightly controlled, or prohibited, where critical private data is accessible.

With the fusion of cryptography with steganography (hiding data inside of data, such as a list of customers inside a BMP image), it is becoming very difficult to detect when something innocuous has critical data hidden within.”

Finally, our own Joel Snyder takes a Draconian, yet tongue-in-cheek, approach:

“Absolutely.  These things are a complete menace.  At our company, we have also banned floppy drives and any CD-ROM leaving the building is run through a microwave first to be sure that it does not have any data on it.  We also have enormous electromagnets around the doors so that people with magnetic tapes will have them erased.  Our new data security strategy also calls for anyone trying to walk out of the building with a laptop to be strip-searched and have the hard drive removed from the laptop.  We have acquired a large set of screwdrivers and hammers for this purpose.

In addition, we will be cutting two of the wires (the transmit pair) on our Internet connection so that data cannot be sent out of the company: only inbound bits will be allowed.”

Thanks to all those who took the time to write in.

Today’s bug patches and security alerts:

Microsoft issues seven security patches, two critical

Microsoft Tuesday released seven security patches covering a wide array of the company’s products. Two of those patches fix holes that Microsoft deemed “critical” and warned could allow remote attackers to take control of vulnerable Windows systems. IDG News Service, 07/13/04.

https://www.nwfusion.com/news/2004/0713microissue.html?nl

See also: Microsoft products also vulnerable to Mozilla flaw, IDG News Service, 07/12/04

https://www.nwfusion.com/news/2004/0712microprodu.html?nl

Microsoft’s July 2004 summary bulletin:

https://www.microsoft.com/technet/security/bulletin/ms04-jul.mspx

Microsoft Security Bulletin MS04-022 (Task Scheduler):

https://www.microsoft.com/technet/security/bulletin/ms04-022.mspx

Microsoft Security Bulletin MS04-023 (HTML Help):

https://www.microsoft.com/technet/security/bulletin/ms04-023.mspx

Microsoft Security Bulletin MS04-019 (Utility Manager):

https://www.microsoft.com/technet/security/bulletin/ms04-019.mspx

Microsoft Security Bulletin MS04-020 (POSIX):

https://www.microsoft.com/technet/security/bulletin/ms04-020.mspx

Microsoft Security Bulletin MS04-021 (IIS 4.0):

https://www.microsoft.com/technet/security/bulletin/ms04-021.mspx

Microsoft Security Bulletin MS04-024 (Windows Shell):

https://www.microsoft.com/technet/security/bulletin/ms04-024.mspx

Microsoft Security Bulletin MS04-018 (Outlook Express, cumulative):

https://www.microsoft.com/technet/security/bulletin/ms04-018.mspx

**********

Netgear HomePlug gear recalled

Netgear Wednesday voluntarily recalled 53,000 Wall Plug Ethernet Bridges due to defective plastic casing. According to the U.S. Consumer Safety Commission, which announced the recall, the device’s housing can come loose and cause an electric shock if touched. Network World Fusion, 07/14/04.

https://www.nwfusion.com/net.worker/news/2004/0714homeplug.html?nl

Related NetGear page:

https://kbserver.netgear.com/kb_web_files/xe102.asp

**********

@Stake warns of flaw in WebSTAR

According to an alert from @Stake, “4D WebSTAR is a software product that provides Web, FTP, and Mail services for Mac OS X.  There are numerous vulnerabilities that allow for an attacker to escalate privileges or obtain access to protected resources.” For more, go to:

https://www.atstake.com/research/advisories/2004/a071304-1.txt

**********

OpenPKG patches dhcpd

A number of flaws have been found in the OpenPKG DHCP daemon. The majority of the flaws could be used in a denial-of-service attack against the DHCP server. For more, go to:

https://www.openpkg.org/security/OpenPKG-SA-2004.031-dhcpd.html

**********

HP patches DCE for HP OpenVMS

According to HP advisory, “A problem has been detected where an exploit program sends invalid packet data which causes a buffer overflow in DCE servers.” A fix is available for those with access to HP’s support site:

https://www2.itrc.hp.com/service/patch/mainPage.do

**********

Gentoo patches XDM

A flaw in the Gentoo X Display Manager (XDM) may allow authorized users to access machine remotely using X, despite permissions being turned off by an administrator. For more, go to:

https://forums.gentoo.org/viewtopic.php?t=194287

Gentoo releases patch for Shorewall

Shorewall, a tool for configuring Netfilter, is flawed in the way it handles temporary files. An attacker could exploit this to overwrite files on the affected system. For more, go to:

https://forums.gentoo.org/viewtopic.php?t=195470

Gentoo fixes libpng

A buffer overflow in the libpng image viewer could be exploited in a denial-of-service attack or to potentially execute commands on the affected machine. For more, go to:

https://forums.gentoo.org/viewtopic.php?t=195437

**********

 Today’s roundup of virus alerts: 

Companies warn of mass Trojan distribution

Anti-virus and e-mail security companies sent out warnings Tuesday about a Trojan horse program that they claim is being mass-distributed on the Internet using unsolicited commercial, or spam, e-mail. IDG News Service, 07/13/04.

https://www.nwfusion.com/news/2004/0713compawarn2.html?nl

W32/Agobot-WD – A typical Agobot variant that uses network shares to spread and installing itself in the Windows System directory (as “winxtc.exe”). The virus disables security applications and access to related sites. (Sophos)

Troj/Keylog-Q – A password-stealing Trojan horse that takes screen shots, storing them as JPEGs, and records keyboard and mouse movements in a .crt file in the Windows folder. The resulting files are uploaded to an FTP server specified by the virus author. (Sophos)

W32/Rbot-DJ – An Rbot variant that installs itself as “updata.exe” in the Windows System folder and provides backdoor access via IRC. No word on how it spreads, but based on previous releases, probably network shares. (Sophos)

W32/Rbot-DL – Another Rbot variant that provides backdoor access via IRC. This one spreads via network shares and exploiting known vulnerabilities in Windows. It installs itself as “winsyst.exe” in the Windows System folder. (Sophos)

W32/Rbot-DP – Similar to Rbot-DJ above, except it infects a DirectX file. (Sophos)

W32/Rbot-DR – See Rbot-DJ and DP. (Sophos)

W32/Korgo-U – This virus exploits the Windows LSASS vulnerability to spread between machines. It deletes the FTPUPD.EXE file on the infected machine and terminates system tray processes. (Sophos)

**********

From the interesting reading department:

Key Microsoft patch tools delayed again

Microsoft said Monday that the ship date for two of the key components in its lineup of patch management tools has slipped again, this time into the first half of 2005. Network World Fusion, 07/13/04.

https://www.nwfusion.com/news/2004/0713wuspatch.html?nl

Microsoft starts to define its isolation technology

Microsoft Tuesday finally laid bare details of its plans to create an isolation technology that lets corporations blocks infected or misconfigured clients from accessing a network. Network World Fusion, 07/13/04.

https://www.nwfusion.com/news/2004/0713msnap.html?nl

Microsoft’s ISA Server 2004 hits the streets

Amid a concerted effort to heighten the profile of its security offerings, Microsoft Tuesday announced the availability of its Internet Security and Acceleration Server 2004 at its Worldwide Partner Conference in Toronto. IDG News Service, 07/14/04.

https://www.nwfusion.com/news/2004/0714microisas.html?nl

Wireless Wizards: Securing Wi-Fi in a public library

In a public library environment, what are some methods that would allow us to provide “secure” Wi-Fi access (for Web browsing) to the public, while protecting their privacy and minimizing administration time? Network World, 07/12/04.

https://www.nwfusion.com/columnists/2004/0712wizards1.html?nl

Gearhead: Secure communications with SSH, Part 2

A look at SSH Tectia, a suite of SSH products supported under Linux, AIX, Solaris, HP-UX and Windows. Network World, 07/12/04.

https://www.nwfusion.com/columnists/2004/071204gearhead.html?nl