* Patches from Gentoo, SGI, others * Beware Bagel.U * Face-off: Is patch mgmt. the best protection against vulnerabilities?, and other interesting reading Today’s bug patches and security alerts:SGI Advanced Linux Environment security update #15A new update for SGI ProPack v2.3 and SGI ProPack v2.4 for the SGI Altix family of systems that fixes issues with kdelibs, gdk-pixbuf, wu-ftpd and ntp. For more, go to:https://www.nwfusion.com/go2/0329bug1a.html SGI Advanced Linux Environment security update #16Another new update for SGI ProPack v2.3 and SGI ProPack v2.4 for the SGI Altix family of systems. This release patches the OpenSSL vulnerability we’ve mentioned over the past week. For more, go to: https://www.nwfusion.com/go2/0329bug1b.html**********Gentoo issues fix for ApacheAs we reported last week, the Apache Software Foundation has released Version 2.0.49 of the popular Apache Web server application. The new release isprimarily a bug fix, including three potential denial-of-service vulnerabilities. Get the update here:https://forums.gentoo.org/viewtopic.php?t=153486 **********HP Web Jetadmin flaw patchedHP is warning of a vulnerability in its Web Jetadmin tool. A number of weak HTS scripts could be exploited by ” a remote authenticated user to read and write files on the system and execute scripts.” For more, go to:https://www.securitytracker.com/alerts/2004/Mar/1009555.html HP advisory:https://www.nwfusion.com/go2/0329bug1c.html**********Freshmeat flaw fixedA cross-scripting vulnerability has been found in Freshmeat, a community site for open source projects. The flaw, which potentially allowed malicious JavaScript to be executed via links in comment fields, has been fixed. For more, go to:https://www.steve.org.uk/Hacks/Freshmeat.html**********Potential flaw in Blogger toolA flaw in Google’s Blogger application could allow scripts to be injected into user profile fields. Google has been notified of the problem, but a fix is not yet available. For more, go to:https://www.nwfusion.com/go2/0329bug1d.html**********Today’s roundup of virus alerts:Bagel.U a virus of few wordsAnti-virus software companies are again warning e-mail users about a new version of the prolific Bagel virus, which is spreading on the Internet through infected e-mail messages and targeting machines running the Microsoft Windows operating system. IDG News Service, 03/26/04.https://www.nwfusion.com/news/2004/0326newbagel.html?nlW32/Lovgate-Z – Another Lovegate variant that spreads via e-mail, file sharing networks, and weakly-protected network shares. The virus overwrite EXE files on the infected machine as well as installs backdoor functionality. (Sophos)W32/Sober-E – This is another variant of the Sober mass mailing worm. Sophos does not have further details, but says it has no reports of the virus in the wild. (Sophos)Mywife.A – A virus that terminates anti-virus applications running on the infected machine, potentially leaving it unprotected from future infection. (Panda Software)Snapper.A – An e-mail worm that attempts to exploit an Internet Explorer iFrame vulnerability to run when the infected message is viewed in the preview pane. The virus also tries to download CGI code to exploit another Windows vulnerability. Both flaws exploited have patches available. (Panda Software)Cone.E – This virus spreads via e-mail and peer-to-peer networks and is used to launch a denial-of-service attack against a remote Web site. (Panda Software)Starr.A – Not dangerous in its own right, but this tool allows system and Internet activities to be monitored. The information gathered could be used for malicious purposes. (Panda Software)Troj/Ranckbot-A – A Trojan horse that drops a variant of the Sdbot worm on the infected machine. (Sophos)W32/Nyxem-A – An e-mail worm that spreads via a message and attachment claiming to porn. (Sophos)**********From the interesting reading department:Face-off: Is patch mgmt. the best protection against vulnerabilities?Two industry insiders, Eric Schultze of Shavlik Technologies and Steven Hofmeyr of Sana Security, debate the best approach to dealing with software flaws. Network World, 03/29/04:Yes:https://www.nwfusion.com/columnists/2004/0329faceoffyes.html?nlNo:https://www.nwfusion.com/columnists/2004/0329faceoffno.html?nlTester’s Challenge updateNetwork World’s most recent Tester’s Challenge published two weeks ago called on the major operating system vendors to streamline the process of supplying security update information to customers. Network World, 03/29/04.https://www.nwfusion.com/news/2004/0329testchallenge.html?nlTalking security with Motorola’s William BoniCSO William Boni talks intrusion-detection, how his company is protecting itself and why IT security folks need to stick together. Network World, 03/29/04.https://www.nwfusion.com/news/2004/0329yourtakeboni.html?nlSymantec preps SMB gatewaysSymantec next month plans to ship three new gateway security appliances for use by small to midsize businesses as combined VPN/firewall, Web filtering and intrusion-detection systems. Network World, 03/29/04.https://www.nwfusion.com/news/2004/0329symantec.html?nlAT&T unveils security alert serviceAT&T last week launched one of the first proactive services designed to alert users that their network might be under attack. Network World, 03/29/04.https://www.nwfusion.com/news/2004/0329attprotect.html?nlTime to enlist a ‘national guard’ for IT?The U.S. is unprepared to recover quickly from a major cyberterrorism attack and might require government intervention to organize IT professionals, according to military emergency management officials at a security conference. Network World, 03/29/04.https://www.nwfusion.com/news/2004/0329vermont.html?nlSmall businesses get alternative for SSLStart-up enKoo is coming out with a low-cost remote-access appliance based on Secure Sockets Layer that might not have all the bells and whistles of other such gear, but does offer customers practical means for accessing important data. Network World, 03/29/04.https://www.nwfusion.com/news/2004/0329enkoo.html?nlMicrosoft program: ‘You patch, we pay’Under a new program, Microsoft is paying for security assessments of its customers’ networks to help improve policies in areas such as software patch management and assuage fears about the security risks posed by Microsoft products. IDG News Service, 03/25/04.https://www.nwfusion.com/news/2004/0325mspatch.html?nl Related content how-to Doing tricks on the Linux command line Linux tricks can make even the more complicated Linux commands easier, more fun and more rewarding. By Sandra Henry-Stocker Dec 08, 2023 5 mins Linux news TSMC bets on AI chips for revival of growth in semiconductor demand Executives at the chip manufacturer are still optimistic about the revenue potential of AI, as Nvidia and its partners say new GPUs have a lead time of up to 52 weeks. By Sam Reynolds Dec 08, 2023 3 mins CPUs and Processors Technology Industry news End of road for VMware’s end-user computing and security units: Broadcom Broadcom is refocusing VMWare on creating private and hybrid cloud environments for large enterprises and divesting its non-core assets. By Sam Reynolds Dec 08, 2023 3 mins Mergers and Acquisitions news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Cloud Computing Networking Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe