* Patches from Red Hat, Mandrake Linux * Beware StartPage.AB Trojan * Security start-ups offer new brands of protection, and other interesting reading Today’s bug patches and security alerts:Red Hat announces exploit in Enterprise Linux productRed Hat has announced a security vulnerability in its recently-released Red Hat Enterprise Linux 3 product. The exploit allows any user with a local account on the affected machine to elevate his or her privileges to root level … but apparently only on machines running the AMD64 architecture. The bug resides directly in the kernel and is not a fault of the hardware. Geek.com, 01/22/04.https://www.geek.com/news/geeknews/2004Jan/gee20040122023558.htm Red Hat advisory:https://rhn.redhat.com/errata/RHSA-2004-017.html **********Mandrake Linux, Red Hat patch slocateA buffer overflow vulnerability in slocate, a secure version of the file search utility locate, could be exploited by a malicious user to gain the group privilege of slocate. The attacker could use this to view all data in the slocate database. For more, go to:Mandrake Linux:https://www.nwfusion.com/go2/0126bug1a.htmlRed Hat: https://rhn.redhat.com/errata/RHSA-2004-040.html**********Mandrake Linux patches jabberA flaw in the way jabber handles SSL connections could be exploited to crash the server, resulting in a denial of service. For more, go to: https://www.nwfusion.com/go2/0126bug1b.html**********Today’s roundup of virus alerts:StartPage.AB – A Trojan horse that changes the home page and search options in Internet Explorer. It also attempts to prevent the user from visiting anti-spyware sites and prevents changes to the registry from being saved. (Panda Software)W32/Dumaru-Y – A Windows virus that spreads via an e-mail message with an attached executable that is poorly disguised as a JPEG image. The virus has its own SMTP engine for mass mailing and also acts as a backdoor Trojan. (Sophos)W32/Flopcopy-A – A simple virus that spreads via floppy disks. It infects any floppy that’s inserted into the infected machine using a file called recycle.exe. (Sophos)**********From the interesting reading department:Review: Patch managementIn our test of SecurityProfiling’s SysUpdate 4.1.4 with its new Policy Compliance and Enforcement Module 1.0, we found that while the product is moving in the right direction toward policy-based patch management, it’s still a little rough around the edges. Network World, 01/26/04.https://www.nwfusion.com/reviews/2004/0126rev.html?nlSpywareWhat is spyware? And what harm can it do to my network? Even in its most innocuous form, spyware is an invasion of privacy. Network World, 01/26/04.https://www.nwfusion.com/research/2004/0126spy.html?nlSecurity start-ups offer new brands of protectionThree security start-ups this week are vying for a spot in the corporate network with products designed to protect data by monitoring for network-based attacks and stopping outbound transmission of sensitive data. Network World, 01/26/04.https://www.nwfusion.com/news/2004/0126security.html?nlOptions shrink for ID managementEnd users and vendors are evaluating their identity management efforts as the long-anticipated convergence of provisioning and access management software matures. Network World, 01/26/04.https://www.nwfusion.com/news/2004/0126accessmgmt.html?nlCipherTrust adds spam filter to gatewayE-mail security company CipherTrust is boosting the anti-spam features of its gateway appliance with a software upgrade that includes four additional methods for users to detect unwanted messages. Network World, 01/26/04.https://www.nwfusion.com/news/2004/0126ciphertrust.html?nlCisco warns of IP PBX security hole on IBM hardwareCisco this week released a security bulletin warning of a vulnerability in its IP telephony software running on IBM server hardware. Network World Fusion, 01/23/04.https://www.nwfusion.com/news/2004/0123cisvoip.html?nlNAI’s McAfee the latest to add anti-spywareNetwork Associates Inc. (NAI) will become the latest security software maker to address the growing problem of stealth surveillance software known as spyware when it announces a new consumer product for locating and removing the applications Monday. IDG News Service, 01/23/04.https://www.nwfusion.com/news/2004/0123nais.html?nlPanel’s GOP staff saw Democratic strategy memosFrom the spring of 2002 until at least April 2003, members of the GOP committee staff exploited a computer glitch that allowed them to access restricted Democratic communications without a password. Star-Telegram, 01/22/04.https://www.dfw.com/mld/dfw/news/nation/7769461.htm Related content news Dell provides $150M to develop an AI compute cluster for Imbue Helping the startup build an independent system to create foundation models may help solidify Dell’s spot alongside cloud computing giants in the race to power AI. By Elizabeth Montalbano Nov 29, 2023 4 mins Generative AI news DRAM prices slide as the semiconductor industry starts to decline TSMC is reported to be cutting production runs on its mature process nodes as a glut of older chips in the market is putting downward pricing pressure on DDR4. By Sam Reynolds Nov 29, 2023 3 mins Flash Storage Technology Industry news analysis Cisco, AWS strengthen ties between cloud-management products Combining insights from Cisco ThousandEyes and AWS into a single view can dramatically reduce problem identification and resolution time, the vendors say. By Michael Cooney Nov 28, 2023 4 mins Network Management Software Cloud Computing opinion Is anything useful happening in network management? Enterprises see the potential for AI to benefit network management, but progress so far is limited by AI’s ability to work with company-specific network data and the range of devices that AI can see. By Tom Nolle Nov 28, 2023 7 mins Generative AI Network Management Software Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe