* Patches from EnGarde, Red Hat, OpenPKG, others * Several new Trojan horses on the loose * Microsoft shares its internal IT security practices and other interesting reading Today’s bug patches and security alerts:BIND 8 vulnerability patchedA programming error in the BIND 8 DNS server could “result in a DNS message being incorrectly cached as a negative response.” This could lead to a denial of service against legitimate domain names. For more, go to:EnGarde: https://www.nwfusion.com/go2/1201bug1a.htmlFreeBSD: https://www.nwfusion.com/go2/1201bug1b.htmlImmunix (source code):https://www.nwfusion.com/go2/1201bug1c.htmlSuSE:https://www.suse.com/de/security/2003_47_bind8.htmlTrustix: https://www.nwfusion.com/go2/1201bug1d.html**********New critical vulnerabilities discovered in IEA set of new security vulnerabilities has been discovered in Microsoft’s Internet Explorer Web browser, which used together could allow hackers to compromise user PCs, researchers warned Tuesday. IDG News Service, 11/26/03. https://www.nwfusion.com/news/2003/1126msie.html?nl**********Critical flaw in GnuPGAccording to an alert from gnupg.org, “Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing. Note that this is a real-world vulnerability which will reveal your private key within a few seconds.” For more, go to:https://www.nwfusion.com/go2/1201bug1e.htmlMandrake Linux fix:https://www.nwfusion.com/go2/1201bug1f.html**********Stunnel fix availablePrevious versions of stunnel for Linux are vulnerable to “leaking file descriptors.” This information could be used to hijack stunnel’s services. For more, go to:Mandrake Linux:https://www.nwfusion.com/go2/1201bug1g.htmlRed Hat:https://rhn.redhat.com/errata/RHSA-2003-296.htmlTrustix:https://www.nwfusion.com/go2/1201bug1h.html**********OpenPKG patches zebraA denial-of-service vulnerability has been found in zebra, “a multiserver routing software package which provides TCP/IP-based routing protocols also with IPv6 support such as RIP, OSPF and BGP.” For more, go to:https://www.openpkg.org/security/OpenPKG-SA-2003.049-zebra.html**********Red Hat patches XFree86According to an alert from Red Hat, “Multiple integer overflows in the transfer and enumeration of font libraries in XFree86 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks.” For more, go to:https://rhn.redhat.com/errata/RHSA-2003-288.htmlRed Hat issues fix for EPICA flaw in EPIC, an advanced ircII chat client, could be exploited by a malicious IRC server to crash the effected machine or potentially execute arbitrary commands. For more, go to:https://rhn.redhat.com/errata/RHSA-2003-342.htmlRed Hat releases patch for iprouteA local denial-of-service vulnerability in the iproute packages for Red Hat has been fixed. For more, go to:https://rhn.redhat.com/errata/RHSA-2003-316.htmlRed Hat patches PanAccording to a Red Hat advisory, “A bug in Pan versions prior to 0.13.4 can cause Pan to crash when parsing an article header containing a very long author e-mail address. This bug causes a crash (denial of service) but is not further exploitable.” For more, go to:https://rhn.redhat.com/errata/RHSA-2003-311.html**********Today’s roundup of virus alerts:Troj/Sysbug-A – A Trojan horse application that can be used to steal information or provide access to an infected machine. Spreads via an e-mail with a subject line of “Re[2]: Mary” and an attachment “Private.zip”. (Sophos, Panda Software)Troj/Litmus-AS – Another Trojan horse. This one provides access to the infected machine via IRC. It could also steal password information. (Sophos)Troj/HacDef-084 – A Trojan horse that operates at the kernel level of a Windows PC. It can intercept all network traffic and redirect it as well as steal other sensitive information on the infected machine. (Sophos)W32/Agobot-AS, AW – Two new versions of the Agobot Trojan horse that attempt to exploit DCOM RPC and the RPC locator vulnerabilities in Windows. In addition to allowing unauthorized access via IRC, both viruses attempt to disable certain security-related applications on the infected machine. (Sophos)W32/Sdbot-I – Yet another Trojan that provides access to the infected machine via IRC. This one spreads via weakly protected network shares. (Sophos)Psshutdown.A – A hacking tool that allows an attacker to remotely shutdown the infected machine, which could result in loss of unsaved data. (Panda Software)Randex.BF – A Trojan horse that spreads by generating random IP addresses to target using easily guessable passwords. Once inside a machine, the virus connects to an IRC server. (Panda Software)**********From the interesting reading department:Security at MicrosoftMicrosoft is committed to sharing its internal IT security practices in order to help its customers successfully secure their environments. This paper describes what the Microsoft Corporate Security Group does to prevent malicious or unauthorized use of digital assets at Microsoft. Microsoft.com, Nov. 2003.https://www.nwfusion.com/go2/1201bug1i.htmlPatching: Process mattersThe list of all-too-familiar names – Nachi, Klez, Lovsan, SoBig, BugBear, Swen, Blaster and Yaha – represents only a sampling of the most prevalent worms and viruses that slithered into corporate networks this fall. But they all have one thing in common: Patches were readily available before most damage had been done. So why do these intruders continue to wreak such havoc? Network World, 12/01/03.https://www.nwfusion.com/research/2003/1201howtopatch.html?nlLock down your WLANTake these nine steps, then breathe more easily. Network World, 12/01/03.https://www.nwfusion.com/research/2003/1201howtowlan2.html?nlMirage protects the LANMirage Networks is wheeling out an appliance designed to halt quick-spreading, LAN-based worms and viruses by neutralizing individual infected machines rather than cordoning off entire parts of affected networks. Network World, 12/01/03.https://www.nwfusion.com/news/2003/1201mirage.html?nlA better VPN on the way?There might soon be a new standard that makes IP Security VPNs more secure and easier to configure. Network World, 12/01/03.https://www.nwfusion.com/news/2003/1201ike.html?nlTechNet to release enterprise security toolArthur Coviello, president and CEO of RSA Security, co-chair of TechNet New England and a cybersecurity task force member, described the tool and the task force’s goals to Network World Editor in Chief John Dix. Network World, 12/01/03.https://www.nwfusion.com/news/2003/1201technet.html?nlSecurity notes: The many paths to security policy enforcementCisco recently launched a strategic push to adapt first its routers and then its switches to be able to automatically block Microsoft-based desktops from network connection if the user needs updated anti-virus software or a Microsoft patch. Network World Fusion, 12/01/03.https://napps.nwfusion.com/weblogs/security/003787.html?nlKeeping watch for interstellar computer virusesAdd one more worry to the computerized world of the 21st century. Could a signal from the stars broadcast by alien intelligence also carry harmful information in the spirit of a computer virus? Could star folk launch a “disinformation” campaign – one that covers up aspects of their culture? Perhaps they might even mask the “real” intent of dispatching a message to other civilizations scattered throughout the Cosmos. Space.com, 11/11/03.https://www.space.com/scienceastronomy/space_hackers_031111.htmlWells Fargo offers reward for stolen computersWells Fargo is offering a $100,000 reward for information leading to the arrest and conviction of thieves who stole computers earlier this month containing confidential information about some of its customers. IDG News Service, 11/22/03.https://www.nwfusion.com/news/2003/1122wellsfargo.html?nlHatch says he’s ‘shocked’ at hacking of filesSen. Orrin Hatch (R-Utah) who has made cracking down on the theft of digital files over computer networks one of his crusades, said Tuesday that he was “shocked” that a member of his own staff hacked into Senate Democrats’ protected files on the computer network of the Senate Judiciary Committee he heads. The Salt Lake Tribune, 11/26/03.https://www.sltrib.com/2003/nov/11262003/utah/114498.aspDigital crackdownBattling digital crooks requires a rare combination of skills. There’s no blood here – just stacks of cold hard drives, waiting to give up their secrets. The Boston Globe, 12/01/03.https://www.nwfusion.com/go2/1201bug1j.html Related content news Cisco CCNA and AWS cloud networking rank among highest paying IT certifications Cloud expertise and security know-how remain critical in building today’s networks, and these skills pay top dollar, according to Skillsoft’s annual ranking of the most valuable IT certifications. Demand for talent continues to outweigh s By Denise Dubie Nov 30, 2023 7 mins Certifications Certifications Certifications news Mainframe modernization gets a boost from Kyndryl, AWS collaboration Kyndryl and AWS have expanded their partnership to help enterprise customers simplify and accelerate their mainframe modernization initiatives. By Michael Cooney Nov 30, 2023 4 mins Mainframes Cloud Computing Data Center news AWS and Nvidia partner on Project Ceiba, a GPU-powered AI supercomputer The companies are extending their AI partnership, and one key initiative is a supercomputer that will be integrated with AWS services and used by Nvidia’s own R&D teams. By Andy Patrizio Nov 30, 2023 3 mins CPUs and Processors Generative AI Supercomputers news VMware stung by defections and layoffs after Broadcom close Layoffs and executive departures are expected after an acquisition, but there's also concern about VMware customer retention. By Andy Patrizio Nov 30, 2023 3 mins Virtualization Data Center Industry Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe