* Patches from Symantec, Gentoo, Conectiva, others * Beware IM worm that exploits JPEG flaw * Gov't panel: No cybersecurity mandates needed, and other interesting reading Today’s bug patches and security alerts:Symantec patches VPN/Firewall AppliancesThree high-risk flaws have been fixed in Symantec’s line of VPN/Firewall Appliances, all of which are remotely exploitable. The flaws could be used in a DoS attack, to identify WAN services, and potentially change firewall configuration information. For more, go to:https://www.nwfusion.com/go2/0927bug2a.html **********Bug in CA UniCenter Management Portal Computer Associate’s UniCenter Management Portal has a “forgot password” link that could be exploited by an attacker with a script to find valid user names. This information could be the basis for a brute force attack against the system passwords. CA recommends disabling the feature. For more, go to:https://www.nwfusion.com/go2/0927bug2b.html**********New version of Sudo available:A new version of Sudo (1.6.8p1) is available. The release fixes a number of bugs and a security flaw that could allow an attacker to read files they wouldn’t normally have access to. For more, go to:https://www.sudo.ws/sudo/alerts/sudoedit.html **********Gentoo patches HeimdalAccording to an alert from Gentoo, “Several bugs exist in the Heimdal ftp daemon which could allow a remote attacker to gain root privileges.” For more, go to:https://security.gentoo.org/glsa/glsa-200409-19.xml Gentoo patches CUPSAccording to experts, an attacker can easily disable browsing in CUPS by sending a specially crafted UDP datagram to port 631 where cupsd is running. For more, go to:https://security.gentoo.org/glsa/glsa-200409-25.xmlGentoo releases patch for FoomaticA flaw in Footmatic, a system for connecting printer drivers with spooler systems, could be exploited by an attacker to take control of the system. For more, go to:https://security.gentoo.org/glsa/glsa-200409-24.xml**********iDefense warns of flaw in Ipswitch WhatsUp GoldA flaw in the way Ipswitch’s WhatsUp Gold handles reserved DOS names could be exploited by a remote user to crash the application. For more, go to:https://www.nwfusion.com/go2/0927bug2c.html**********Gentoo, Mandrake Linux patch XFree86A couple of integer overflows have been found in the XFree86 application for Linux. For more, go to:Gentoo:https://security.gentoo.org/glsa/glsa-200409-34.xmlMandrake Linux:https://www.nwfusion.com/go2/0927bug2d.html**********Conectiva patches imlibA heap overflow error in imlib, an imaging library for X and X11, could be abused by an attacker to execute arbitrary code on the victim’s machine. For more, go to:https://www.nwfusion.com/go2/0927bug2e.htmlConectiva releases kernel updateA missing check in the Conectiva kernel’s Discretionary Access Control in the chown system call could allow a local user to change groups. For more, go to:https://www.nwfusion.com/go2/0927bug2f.html**********Debian issues patch for wvA buffer overflow in wv, an application that allows access to Microsoft Word files, could be exploited by an attacker to run their code of choice on the affected machine. For more, go to:https://www.debian.org/security/2004/dsa-550**********Today’s roundup of virus alerts:Instant messaging worm exploits JPEG flawSecurity experts have spotted the first attempts to create an Internet worm that propagates using instant messages and exploits a recently disclosed flaw in Microsoft software. IDG News Service, 09/29/04.https://www.nwfusion.com/news/2004/0929instamessa.html?nlHackers use porn to target Microsoft JPEG holeMalicious hackers are seeding Internet news groups that traffic in pornography with JPEG images that take advantage of a recently disclosed security hole in Microsoft’s software, according to warnings from anti-virus software companies and Internet security groups. IDG News Service, 09/28/04.https://www.nwfusion.com/news/2004/0928hackeusep.html?nlW32/Noomy-A – An e-mail virus with backdoor IRC capabilities. This virus can be used to send Spam and launch ICMP DoS attacks against Microsoft, Sophos and Kaspersky Websites. The virus uses random messages and attachment names to spread. (Sophos)SentinelSteal – A hacking tool that can be used for keystroke logging, screen capture and blocking access to certain Websites. It uploads the information it gathers via FTP or e-mail. (Panda Software)Bagle.BA – A new Bagle variant that spreads via e-mail entitled “photo-gallery! =)” with an attachment called “FOTO.ZIP”. It installs a keystroke logger on to the infected machine. (Panda Software)Bagle.BB – Yet another Bagle variant that spreads via e-mail. The infected attachment is named “Joke”, “Price” or “price” with an extension of .com, .cpl, .exe or .scr. (Panda Software)W32/Xbot-C – A new bot variant that spreads via non-secure network shares and can be accessed through an IRC channel. An attacker can use the infected machine to launch DoS attacks, execute arbitrary code on the machine and kill security-related applications. (Sophos)W32/Forbot-AK – This Forbot variant steals game keys, IM login information, and system information details. The worm tries to delete network shares. (Sophos)W32/Forbot-AN – Another Forbot variant that uses “sys32snd.exe” as its infection point. (Sophos)W32/Rbot-KX – This Rbot variant installs itself as “iiexplorer.exe” after accessing the machine via network shares. It exploits a number of known Windows vulnerabilities and can be used for a variety of malicious applications. (Sophos)W32/Rbot-LC – Another Rbot variant. This one uses the filename “microhost.exe” in the Windows System folder as its infection point. (Sophos)**********From the interesting reading department:Microsoft To Provide IE Patches for Windows XP OnlyFortunato_NC writes “Microsoft has decided that future IE updates, including those related to security, will only be available to customers using Windows XP. This news.com article has the complete scoop. A choice quote: ‘Microsoft may be turning the lemons of its browser’s security reputation into the lemonade of a powerful upgrade selling point.’ This should provide a huge boost to Mozilla and other alternative browser backers.” Slashdot, 09/23/04.https://slashdot.org/article.pl?sid=04/09/23/1411217Gov’t panel: No cybersecurity mandates neededNow is not the time for the U.S. government to mandate cybersecurity standards to private industry, despite significant threats and a lack of understanding by many company executives, a panel of government officials said Tuesday. IDG News Service, 09/28/04.https://www.nwfusion.com/news/2004/0928govtpanel.html?nlDr. Internet: A more secure version of FormMailYour recent column on FormMail left me scratching my head. Why would anyone continue to recommend this buggy, insecure and poorly written script? Network World, 09/27/04.https://www.nwfusion.com/columnists/2004/092704internet.html?nlNutter’s Help Desk: How many firewalls are enough?Management is concerned that our more sensitive servers may not be as protected as they should be. We already have one firewall protecting our Internet connection. Should we look at an additional firewall to protect the servers that management is concerned about? Network World, 09/27/04.https://www.nwfusion.com/columnists/2004/092704nutter.html?nlOn Security: Make security personalA significant percentage of cybercrime is actually the fault of the very companies that want to protect themselves. Many companies make timid, awkward and ineffective attempts at teaching their staff about company security policies. This occurs because most corporate security policies are boring, unintelligible tomes. Ergo: No one pays attention to them. Network World, 09/27/04.https://www.nwfusion.com/columnists/2004/092704schwartau.html?nlComputer Viruses Cripple Colorado DMVMr. Christmas Lights writes “The Denver Post has written the last three days (Tue, Wed, Thu) about how computer viruses have crippled the Colorado Department of Motor Vehicle’s computers since last Friday. This has prevented them from issuing new/renewed licenses, so they are providing 30-day extension stickers. Slashdot, 09/23/04.https://slashdot.org/article.pl?sid=04/09/23/1617242 Related content news analysis Western Digital keeps HDDs relevant with major capacity boost Western Digital and rival Seagate are finding new ways to pack data onto disk platters, keeping them relevant in the age of solid-state drives (SSD). By Andy Patrizio Dec 06, 2023 4 mins Enterprise Storage Data Center news analysis Global network outage report and internet health check Cisco subsidiary ThousandEyes, which tracks internet and cloud traffic, provides Network World with weekly updates on the performance of ISPs, cloud service providers, and UCaaS providers. By Ann Bednarz and Tim Greene Dec 06, 2023 286 mins Networking news analysis Cisco uncorks AI-based security assistant to streamline enterprise protection With Cisco AI Assistant for Security, enterprises can use natural language to discover policies and get rule recommendations, identify misconfigured policies, and simplify complex workflows. By Michael Cooney Dec 06, 2023 3 mins Firewalls Generative AI Network Security news Nvidia’s new chips for China to be compliant with US curbs: Jensen Huang Nvidia’s AI-focused H20 GPUs bypass US restrictions on China’s silicon access, including limits on-chip performance and density. By Anirban Ghoshal Dec 06, 2023 3 mins CPUs and Processors CPUs and Processors Technology Industry Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe