* Patches from Microsoft, SCO, SuSE, others * Beware new version of Bagle e-mail worm * Check Point blend ensures remote nodes meet security policies, and other interesting reading Editor’s note: Spread your influence by casting your votes in this first-of-its-kind survey gauging crucial questions of industry power, from executive hairstyles to comedic appeal. We’ll tally the votes and publish the winners in our annual year-end Power Issue, coming Dec. 27. We promise to keep your anonymity, so feel free to elaborate on your choices, too. http://www.nwfusion.com/survey/power2004.htmlEditor’s note: Spread your influence by casting your votes in this first-of-its-kind survey gauging crucial questions of industry power, from executive hairstyles to comedic appeal. We’ll tally the votes and publish the winners in our annual year-end Power Issue, coming Dec. 27. We promise to keep your anonymity, so feel free to elaborate on your choices, too.https://www.nwfusion.com/survey/power2004.htmlWith Windows XP Service Pack 2 out “in the wild”, what are your plans for installing it (or not)? Drop me a line at jmeserve@nww.com. I’ll be running some of the responses on Monday. Today’s bug patches and security alerts:AOL IM ‘Away’ message flaw deemed critical Computer security companies are warning users of AOL’s Instant Messenger software that a serious security hole in the product could allow remote attackers to execute malicious code on computers that run the popular IM software. IDG News Service, 08/09/04.https://www.nwfusion.com/news/2004/0809aolima.html?nliDefense advisory:https://www.nwfusion.com/go2/0809bug2a.htmlSlashdot discussion on the subject:https://slashdot.org/article.pl?sid=04/08/10/1230229 **********Mac OS X security update availableA new update for Mac OS X fixes flaws in libpng, Safari and the TCP/IP network stack. The most serious is the libpng buffer overflow, which could be exploited to run arbitrary code. For more, go to:https://docs.info.apple.com/article.html?artnum=61798 **********Microsoft patches Exchange Server 5.5 Outlook Web Access flawMicrosoft’s Exchange Server 5.5 Outlook Web Access application is vulnerable to a cross-scripting attack. An attack could be exploit this to execute code remotely on the affected machine. For more, go to:https://www.microsoft.com/technet/security/Bulletin/MS04-026.mspx**********SCO updatew Mozilla for OpenServerVersion 1.6 of Mozilla is now available for SCO OpenServer. The update fixes a number of vulnerabilities in previous releases, the most serious of which could allow an attacker to run any application on the affected machine. For more, go to:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.8Sendmail for SCO OpenServer patchedA Sendmail update for SCO OpenServer is available that fixes a DoS vulnerability in the popular e-mail server system. An attacker could also exploit the flaw to run arbitrary code with root privileges. For more, go to:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11SCO patches OpenSSL on OpenServerA number of vulnerabilities have been found in OpenSSL, which could affect any application that utilizes the open source version of SSL encryption. For more, go to:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10SCO fixes uudecode vulnerabilitySCO’s implementation of uudecode for OpenServer does not properly check to see if the file it is writing is a symlink or pipe. A fix is available. For more, go to:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.12SCO patches XscoAccording to an alert from SCO, “A buffer overflow in ReadFontAlias from dirfile.c of Xsco may allow local users and remote attackers to execute arbitrary code via a font alias file with a long token.” For more, go to:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.3**********SuSE, Trustix patches kernelA race condition has been found in the Linux kernels of SuSE and Trustix. A local attacker could exploit the flaw to read kernel memory information. For more, go to:SuSE:https://www.suse.com/de/security/2004_24_kernel.htmlTrustix:https://www.trustix.org/errata/2004/0041**********Conectiva, Debian patches squirrelmailFour vulnerabilities have been found in squirrelmail, the most serious of which could allow an attack to run unauthorized SQL queries. For more, go to:Conectiva:https://www.nwfusion.com/go2/0809bug2b.htmlDebian:https://www.debian.org/security/2004/dsa-535**********Today’s roundup of virus alerts:Trojan hits Windows PDAs for first timeAfter finding the third malicious program targeting wireless devices in fewer than 60 days, security specialists are warning that it’s only a matter of time before attackers launch a serious attack against mobile phones and PDAs. Network World, 08/09/04.https://www.nwfusion.com/news/2004/080904pdavirus.html?nlNew Bagle version spreadingAnti-virus and computer security companies warned Internet users about a new version of the Bagle e-mail worm that was spreading quickly on the Internet Monday. IDG News Service, 08/09/04.https://www.nwfusion.com/news/2004/0809newbagle.html?nlW32/Lovgate-F – Another variant of the mass-mailing Lovegate virus. This one infects the IEXPLORE.EXE and SYSTRAY.EXE files, among others, in the Windows System directory. It can also spread via network shares. (Sophos)W32/Sdbot-LU – This Sdbot-LU virus spreads via network shares and allows backdoor access to the infected machine via IRC. No word on what files it infects on the target system. (Sophos)W32/Agobot-LT – An Agobot variant that spreads via network shares by exploiting weak passwords. It uses IRC to allow backdoor access and send the IP address of the infected machine back to a remote source. It infects the file systemcfg.exe. (Sophos)Downloader.OG – A Trojan horse that periodically tries to download malware/adware to the infected machine. It installs itself as “BRIDGEX.DLL” in the Windows System folder. (Panda Software)W32/MyDoom-R – Another copycat of the some of the more recent MyDoom variants. This one is not as successful. It does have its own mail engine and infects the file “taskmon.exe” in the Windows System folder. (Sophos)Troj/Padodor-L – A Trojan horse that attempts to steal credit card data from the infected machine. It uses a “helper” DLL file that it creates using random file names. (Sophos)W32/Rbot-FQ – This Rbot variant, like previous versions, spreads via network shares and uses IRC to allow backdoor access. The virus also tries to terminate network drives every two minutes. (Sophos)**********From the interesting reading department:Fed up hospitals defy patching rulesAmid growing worries that Windows-based medical systems will endanger patients if Microsoft-issued security patches are not applied, hospitals are rebelling against restrictions from device manufacturers that have delayed or prevented such updates. Network World, 08/09/04.https://www.nwfusion.com/news/2004/080904patchfights.html?nlHack … hack back … repeatCapture the flag might be only a game, but it was serious business at DefCon, the world’s largest annual computer hacker convention. For 36 straight hours, eight teams of experienced hackers and serious security professionals played predator and prey as they tried to hack into competitors’ networks while defending their own. Network World, 08/09/04.https://www.nwfusion.com/news/2004/080904defcon.html?nlCheck Point blend ensures remote nodes meet security policiesCheck Point Software has integrated its VPN software with tools that check remote computers meet security policies, making it simpler to install endpoint security on computers accessing VPNs. Network World Fusion, 08/11/04.https://www.nwfusion.com/news/2004/0811check.html?nlIBM tells employees not to install Windows XP updateWhile developers at Microsoft may be celebrating that they finished work on Service Pack 2 for Windows XP, IT departments around the world now face the question of whether they should update their systems, or not. IDG News Service, 08/09/04.https://www.nwfusion.com/news/2004/0809ibmtells.html?nlReview: CoreStreet scales digital certificatesWhat’s the point of deploying a digital certificate infrastructure if you can’t readily check the status of certificates? That’s where CoreStreet’s Real Time Credentials comes in. Network World, 08/09/04.https://www.nwfusion.com/reviews/2004/0809rev.html?nl Related content news Mainframe modernization gets a boost from Kyndryl, AWS collaboration Kyndryl and AWS have expanded their partnership to help enterprise customers simplify and accelerate their mainframe modernization initiatives. By Michael Cooney Nov 30, 2023 4 mins Mainframes Cloud Computing Data Center news AWS and Nvidia partner on Project Ceiba, a GPU-powered AI supercomputer The companies are extending their AI partnership, and one key initiative is a supercomputer that will be integrated with AWS services and used by Nvidia’s own R&D teams. By Andy Patrizio Nov 30, 2023 3 mins CPUs and Processors Generative AI Supercomputers news VMware stung by defections and layoffs after Broadcom close Layoffs and executive departures are expected after an acquisition, but there's also concern about VMware customer retention. By Andy Patrizio Nov 30, 2023 3 mins Virtualization Data Center Industry news US will take decades for supply chain independence in chips: Nvidia CEO Jensen Huang pointed out that Nvidia’s latest AI servers have 35,000 parts from all over the world, including Taiwan. By Sam Reynolds Nov 30, 2023 4 mins CPUs and Processors Technology Industry Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe