* Patches from Gentoo, OpenPKG, others * Beware latest Rbot and Bagle variants * WilTel and VeriSign team on security services, and other interesting reading Windows XP SP2 update: I mentioned last week that my wife’s laptop had prompted us to download the new service pack. Well, I had hit download before leaving for work on Thursday, but as of yet, I haven’t seen anything prompting me to install it or confirming it’s downloading at all. So we’re still in a holding pattern. Three other machines that various family members own have also gotten the download prompt, but I’m telling them to hold off until I see how it affects the laptop first.Today’s bug patches and security alerts:Cisco warns of IOS flawCisco warned of another security vulnerability to its products this week, one that could allow an attacker to disable remote administration access to a Cisco device running IOS. Network World Fusion, 08/27/04. https://www.nwfusion.com/news/2004/0827cisflaw.html?nlCisco advisory: https://www.nwfusion.com/go2/0830bug1a.html**********Flaw found in Winamp “skins”A bug in the way Winamp “skins” are implemented could be exploited by an attacker to run their code of choice on the targeted machine. An exploit for this has been found and takes the form of a virus. Download version 5.05 to fix the problem:https://www.winamp.com/player/********** ISS warns of flaws in LibKmpA buffer overflow has been found in LibKmp, an ISAKMP library used by many VPN vendors. An attacker could exploit this to compromise VPN systems that use the library. For more, go to:https://xforce.iss.net/xforce/alerts/id/181********** Gentoo, OpenPKG patches zlibA denial-of-service vulnerability has been found in zlib, a compress library used by a number of popular applications including Apache. For more, go to:Gentoo:https://forums.gentoo.org/viewtopic.php?t=215238OpenPKG:https://www.openpkg.org/security/OpenPKG-SA-2004.038-zlib.html**********Trustix releases a pseudo service packA new update from Trustix fixes flaws in courier-imap, samba and zlib. For more, go to:https://www.trustix.org/errata/2004/0043**********Gentoo, Mandrake Linux and SGI release kernel updatesAccording to the Gentoo alert, “Multiple information leaks have been found in the Linux kernel, allowing an attacker to obtain sensitive data which may be used for further exploitation of the system.” For more, go to:Gentoo:https://forums.gentoo.org/viewtopic.php?t=214573Mandrake Linux:https://www.nwfusion.com/go2/0830bug1b.htmlSGI:https://www.nwfusion.com/go2/0830bug1c.html**********Today’s roundup of virus alerts:W32/Rbot-HC – A typical Rbot variant that spreads via network shares (using the file “BLING.EXE”) and allowing backdoor access via IRC. The virus tries to delete network shares and also logs keystrokes. (Sophos)W32/Rbot-HE – Very similar to Rbot-HC, except that it infects the file “WUAMGRD.EXE” in the Windows System directory. (Sophos)W32/Rbot-X – Another Rbot variant that spreads via network shares, infects the file “MSlti32.exe” in the Windows System directory and allows backdoor access via IRC. (Sophos)W32/Forbot-E – A bot that attempts to exploit various Windows vulnerabilities, including LSASS, to spread between machines. It infects the “SVXHOST.EXE” file and terminates security-related applications. (Sophos)W32/Forbot-L – Similar to Forbot-E above, except it uses the file “w32usb2.exe” as its infection point. (Sophos)W32/Wukill-C – An e-mail pain-in-the-neck that spreads in a message titled “MS” with an attachment called “mshelp.exe”. It copies itself to a number of places, but no word on any permanent damage it may cause. (Sophos)Troj/Agent-BX – A Trojan horse that runs as a DLL in the Windows System directory (msoleapi.dll) and is used to collect information from the infected system and send it to a remote site. (Sophos)W32/Sdbot-OC – Guess what this virus does? Yes, it spreads via network shares and allows backdoor access via IRC. It installs itself as “NTSYSMGR.EXE” and as “COOL.EXE” and can be used to terminate security-related applications running on the infected machine. (Sophos)W32/Bagle-AJ – Another Bagle variant that spreads via e-mail, peer-to-peer networks and network shares. When the virus infects a machine it displays the message “Can’t find a viewer associated with the file”. (Sophos)**********From the interesting reading department:States prepping cyberalert planLooking to gauge the risk of attacks against their networks, state officials this week will vote on new measures that would assess threats and dictate specific actions to take to protect key resources. Network World, 08/30/04.https://www.nwfusion.com/news/2004/083004nastd.html?nlBehind the perimeterAs more attacks penetrate traditional perimeter defenses, smart organizations adopt defense-in-depth strategies in which application-level security plays an increasingly critical role. Network World, 08/30/04.https://www.nwfusion.com/research/2004/0830appsecperspective.htmlTechnical Update: Generic exploit blocking stops infectionsA new security technology called generic exploit blocking shields systems from malicious threats before they appear. When incorporated into desktop and network firewalls, the technology prevents infections rather than responding to them. Network World, 08/30/04.https://www.nwfusion.com/news/tech/2004/083004techupdate.html?nlHP exec targets security prioritiesTony Redmond, vice president and CTO at HP Services and HP Security Program Office, explains HP’s priorities, including a new service called Active Countermeasures, now in beta. Network World, 08/30/04.https://www.nwfusion.com/news/2004/083004hpqna.html?nlCast Iron device gets security, file handling boostCast Iron Systems last week unveiled an updated version of its application integration appliance designed to provide simplified data-integration capabilities for corporate projects in which a full-blown enterprise application integration system would be overkill. Network World, 08/30/04.https://www.nwfusion.com/news/2004/083004castiron.html?nlJuniper tackles remote access securityJuniper this week is announcing technology that promises to give businesses more ways to guarantee computers making remote links to corporate networks have appropriate security software in place. Network World, 08/30/04.https://www.nwfusion.com/news/2004/083004juniper.html?nlFrontBridge service secures e-mailFrontBridge Technologies this week will add secure e-mail and archiving to its lineup of hosted services to appease corporate users that seek tools to satisfy regulatory compliance issues. Network World, 08/30/04.https://www.nwfusion.com/news/2004/083004frontbridge.html?nlWilTel and VeriSign team on security servicesWilTel Communications announced last week that it’s teaming with VeriSign to offer users managed firewall and intrusion-detection services. Network World, 08/30/04.https://www.nwfusion.com/news/2004/083004wiltel.html?nlMano a monoOne IT consultant’s battle against the Microsoft monoculture. Network World, 08/30/04.https://www.nwfusion.com/research/2004/083004mono.html?nlFeds bust DDoS ‘Mafia’A Massachusetts businessman allegedly paid members of the computer underground to launch organized, crippling distributed denial of service (DDoS) attacks against three of his competitors, in what federal officials are calling the first criminal case to arise from a DDoS-for-hire scheme. The Register, 08/27/04.https://www.theregister.co.uk/2004/08/27/ddos_mafia_busted/Nokia, Pointsec team on mobile data securityEnterprises seeking higher security for their growing number of mobile devices may be interested in new encryption technology that Nokia is deploying in its smart phone products. IDG News Service, 08/26/04.https://www.nwfusion.com/news/2004/0826nokiapoint.html?nlInsider Threat Study: Illicit Cyber Activity in the Banking and Finance SectorThe Secret Service National Threat Assessment Center (NTAC) and the CERT Coordination Center of Carnegie Mellon University’s Software Engineering Institute (CERT/CC) joined efforts to conduct a unique study of insider incidents, the Insider Threat Study (ITS), examining each case from a behavioral and a technical perspective. CERT, 08/2004. (PDF document)https://www.cert.org/archive/pdf/bankfin040820.pdf Related content news Fortinet brings AI help to enterprise security teams manage threats Fortinet Advisor aims to help customers respond to threats more quickly By Michael Cooney Dec 11, 2023 3 mins Network Security Security how-to Getting started with scripting on Linux, Part 1 Once a script is prepared and tested, you can get a significant task completed simply by typing the script's name followed by any required arguments. By Sandra Henry-Stocker Dec 11, 2023 5 mins Linux feature Starkey swaps out MPLS for managed SD-WAN Hearing aid manufacturer achieves performance boost, increased reliability and cost savings after a shift from MPLS to managed SD-WAN services from Aryaka. By Neal Weinberg Dec 11, 2023 6 mins SASE SD-WAN Network Security news Nvidia races to fulfill AI demand with its first Vietnam semiconductor hub Vietnam has been a growing tech manufacturing destination for the past few years, and Nvidia said it is open to a new manufacturing partner in Vietnam. By Sam Reynolds Dec 11, 2023 3 mins CPUs and Processors Technology Industry Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe