* Patches from Red Hat, OpenPKG, others * Beware latest variations of the Minmail worm * Sobig virus tops charts for 2003, and other interesting reading Network World needs your help. We’re looking for the weirdest, most wild, descriptive and/or silly network product name you’ve come across. Got one to share? Fill out this short form and you could win a fabulous Network World prize: http://www.nwfusion.com/survey/favprod2003.htmlNetwork World needs your help. We’re looking for the weirdest, most wild, descriptive and/or silly network product name you’ve come across. Got one to share? Fill out this short form and you could win a fabulous Network World prize:https://www.nwfusion.com/survey/favprod2003.htmlToday’s bug patches and security alerts: Linux kernel vulnerability behind Debian attackA serious vulnerability in the Linux 2.4 kernel that allows users on a Linux machine to gain unlimited access privileges has been discovered, according to a security advisory posted by developers of the noncommercial Debian Linux distribution. The bug affects versions of the Linux kernel prior to 2.4.23, and was the method used during a recent attack on Debian’s servers, according to the advisory. IDG News Service, 12/02/03. https://www.nwfusion.com/news/2003/1202linuxkerne.html?nlDebian advisory:https://www.nwfusion.com/go2/1201bug2a.htmlMore kernel updates:Mandrake Linux:https://www.nwfusion.com/go2/1201bug2b.html Red Hat:https://rhn.redhat.com/errata/RHSA-2003-392.htmlSlackwarehttps://www.nwfusion.com/go2/1201bug2c.html Trustix:https://www.nwfusion.com/go2/1201bug2d.html**********Cisco warns of wireless security holeCisco is warning customers using its Aironet wireless access points about a security vulnerability that could allow attackers to obtain keys used to secure communications on wireless networks. The vulnerability affects Aironet 1100, 1200 and 1400 series access points. IDG News Service, 12/03/03.https://www.nwfusion.com/news/2003/1203ciscowarns.html?nlCisco advisory:https://www.nwfusion.com/go2/1201bug2e.html**********BIND 8 patch for UnixWare availableAs we reported earlier this week, a programming error in the BIND 8 DNS server could “result in a DNS message being incorrectly cached as a negative response.” This could lead to a denial of service against legitimate domain names. For more, go to:ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33**********SGI releases ProPack v2.3 security update for IRIXThis new security update for IRIX fixes vulnerabilities in stunnel and glibc. For more, go to:https://www.nwfusion.com/go2/1201bug2f.html**********OpenPKG patches screenA buffer overflow has been found in OpenPKG’s Virtual Screen Manager GNU screen. Attackers could gain control of other users’ screens or potentially gain elevated privileges on the affected machine. For more, go to:https://www.openpkg.org/security/OpenPKG-SA-2003.050-screen.html**********Red Hat issues updated Net-SNMP packagesA new version of Net-SNMP, a set of Simple Network Management Protocol tools, is now available. This release fixes a number of minor flaws in previous releases. For more, go to:https://rhn.redhat.com/errata/RHSA-2003-335.html**********SecuriTeam warns of AlaCart flawA flaw in the AlaCart shopping cart application could be exploited to remotely inject SQL commands into the application. An attacker could use this to gain elevated privileges on the affected machine. For more, go to:https://www.securitytracker.com/alerts/2003/Dec/1008341.html**********Today’s roundup of virus alerts:W32/Mimail-L – An interesting variation of the Mimail worm. This one too spreads via e-mail claiming to be from Wendy and an attachment with naked pictures of her. When the virus runs, it attempts to send itself to everyone in the Outlook address book. If that fails, the virus sends out a fake e-mail (no attachment) claiming to be a confirmation for a kiddie porn download service. The opt-out message and links are to anti-spam companies, in the hopes of creating a denial-of-service via angry users. (Sophos)W32/Mimail-M – A slight variation on Mimail-L, this time targeting different Web sites and services. (Sophos)W32/Agobot-AG – Another version of the Agobot family of viruses. This one spreads via weakly protected network shares and allows unauthorized third-party access to the infected machine via IRC. (Sophos)**********From the interesting reading department:Sobig virus tops charts for 2003The Sobig e-mail worm that clogged in-boxes in August was the most prolific virus of 2003, according to a top 10 list of viruses published by anti-virus software vendor Sophos. IDG News Service, 12/03/03.https://www.nwfusion.com/news/2003/1203sobigvirus.html?nlRampant Epidemics of Powerful Malicious Software“Malicious software,” the insidious purveyor of viruses and other threats, has consistently gotten faster and more powerful. The New York Times, 12/01/03.https://www.nytimes.com/2003/12/01/technology/01comp.htmlRidge calls on business for security blueprintCalling on the private sector to do its part in securing the U.S. computer network infrastructure, top officials from the U.S. Department of Homeland Security Wednesday warned members of the high-technology industry that unless they took concrete steps toward cybersecurity, their industry could face government regulation. IDG News Service, 12/03/03.https://www.nwfusion.com/news/2003/1203ridgecalls.html?nlReport: Domestic security tech efforts laggingThe U.S. is not taking advantage of its technology expertise to fight terrorism because U.S. government agencies are still reluctant to share terrorism-related information with each other, two years after the Sept. 11 terrorist attacks, according to a new report authored by leading IT and national security experts. IDG News Service, 12/02/03.https://www.nwfusion.com/news/2003/1202report.html?nlSecurity Webcast week at MicrosoftThis week, Microsoft is offering a series of live Webcast events that cover various areas of security. All of the events are or will be available for on-demand viewing. Naturally, you’ll need Windows Media Player to view these.https://www.microsoft.com/technet/security/webcasts/default.asp Related content how-to Doing tricks on the Linux command line Linux tricks can make even the more complicated Linux commands easier, more fun and more rewarding. By Sandra Henry-Stocker Dec 08, 2023 5 mins Linux news TSMC bets on AI chips for revival of growth in semiconductor demand Executives at the chip manufacturer are still optimistic about the revenue potential of AI, as Nvidia and its partners say new GPUs have a lead time of up to 52 weeks. By Sam Reynolds Dec 08, 2023 3 mins CPUs and Processors Technology Industry news End of road for VMware’s end-user computing and security units: Broadcom Broadcom is refocusing VMWare on creating private and hybrid cloud environments for large enterprises and divesting its non-core assets. By Sam Reynolds Dec 08, 2023 3 mins Mergers and Acquisitions news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Network Security Network Security Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe