* Patches from NetBSD, Gentoo, others * Beware new worm that targets Microsoft vulnerabilities * Identity management takes on new shape, importance, and other interesting reading Today’s bug patches and security alerts:IBM products vulnerableAccording to a Panda Software advisory, “IBM has reported that some of its products are vulnerable to ‘credential impersonation’ attacks, based on capturing the details of legitimate users.” This impacts a number of Tivoli and WebSphere applications. For more, go to:https://www-1.ibm.com/support/docview.wss?uid=swg21168762 **********Linksys router flaw not as bad as first thought We reported late last week that the Web-based administration console for the Linksys WRT54G Wireless G router could still be available via ports 80 and 440 on the WAN connection even if that option is disabled. This is only the case if the built-in firewall (enabled by default) is also turned off. Linksys has released a Beta firmware upgrade that fixes the issue, but those that have the firewall turned on with their existing firmware should not be vulnerable. I tested the firewall-enabled theory and it works. The new firmware can be downloaded from:https://www.linksys.com/download/**********Windows 2000 domain issue fixedA flaw in Windows 2000 could let users with expired passwords into the system if the Fully Qualified Domain Name (FQDN) has eight characters. A fix is available. For more, go to:https://support.microsoft.com/default.aspx?scid=kb;en-us;830847 **********Opera “phishing” vulnerabilityLike many Web browsers, Opera allows shortcut icons that help visually identify a site by logo. However, the browser excepts icons with larger widths, which could be used to obscure the URL of the current site. This could be exploited to redirect users to phishing sites that look like legitimate operations. For more, go to:https://security.greymagic.com/security/advisories/gm007-op/ **********NetBSD patches cvs vulnerabilityA heap overflow in the cvs version control system could be remotely exploitable. A fix is available for NetBSD users with the application installed:https://www.nwfusion.com/go2/0607bug1a.html**********Gentoo issues two neon-related patchesA number of format string and heap overflow vulnerabilities have been found in neon, a WebDAV and HTTP client used by multiple applications. Two different patches are available from Gentoo related to the neon:Sitecopy:https://forums.gentoo.org/viewtopic.php?t=181991TLA:https://forums.gentoo.org/viewtopic.php?t=180911Gentoo patches MPlayer, xine-libA flaw in the way MPlayer and xine-lib handle RTSP media streams could result in a remotely exploitable buffer overflow. For more, go to:https://forums.gentoo.org/viewtopic.php?t=178957*********Mandrake Linux releases patch for krb5According to Mandrake Linux, “Multiple buffer overflows exist in the krb5_aname_to_localname() library function that if exploited could lead to unauthorized root privileges.” For more, go to:https://www.nwfusion.com/go2/0607bug1b.html**********Today’s roundup of virus alerts:New worm targets two Microsoft vulnerabilitiesAnti-virus software companies are warning customers about a new e-mail worm that targets unpatched Microsoft Windows machines with either of two recently disclosed software vulnerabilities. The new worm, known as both “Plexus” and “Explet.A,” was first detected on Wednesday and spreads by exploiting Windows machines with vulnerabilities used by two recent worms, Sasser and Blaster. IDG News Service, 06/04/04.https://www.nwfusion.com/news/2004/0604newworm.html?nlW32/Korgo-A – A virus that attempts to exploit the Microsoft LSASS vulnerability. It scans for other infected hosts and contains a backdoor component that could allow more malicious code to be uploaded to the infected machine. (Sophos)W32/Korgo-D – A Korgo variant that exploits the LSASS vulnerability, scans for potential IP addresses to infect and uploads the information to a set of IRC servers. The virus also deletes “ftpupd.exe” and tries to disable certain anti-virus applications. (Sophos)W32/Agobot-JM – Another Agobot variant that exploits a number of Microsoft Windows vulnerabilities, all of which have patches available. This variant terminates security-related applications and prevents access to anti-virus Web sites. It also tries to steal application keys for certain popular programs. (Sophos)**********From the interesting reading department:Review: McAfee’s low-end AV management tool shinesWe take a quick look at McAfee Security’s ProtectionPilot 1.0 management console. Network World, 06/07/04.https://www.nwfusion.com/reviews/2004/0607productpeek.html?nlTech Update: WSS protects SOAP messagesThe Web Services Security specification defines mechanisms to protect messages designed for use with Web services. Network World, 06/07/04.https://www.nwfusion.com/news/tech/2004/0607techupdate.html?nlManagement Strategies: Worth the waitSecurity clearances take more than a year to obtain, but federal IT work pays well. Network World, 06/07/04.https://www.nwfusion.com/careers/2004/0607man.html?nlIdentity management takes on new shape, importanceDriven by network security concerns, regulatory legislation and cost savings, identity management is climbing the corporate importance meter. Network World, 06/07/04.https://www.nwfusion.com/news/2004/0607specialfocus.html?nlStart-up picks up bad behaviorsStart-up Determina makes its debut this week with server-based intrusion-prevention system software that blocks attacks – such as buffer overflows often seen with computer worms such as Blaster and Sasser – that can compromise corporate computers. Network World, 06/07/04.https://www.nwfusion.com/news/2004/0607determina.html?nlVendors offer tools to control, secure WLANsNewbury Networks and ActivCard respectively this week will roll out tools to let customers better manage and secure their wireless networks. Network World, 06/07/04.https://www.nwfusion.com/news/2004/0607wireless.html?nlNetegrity updates eProvision productIdentity management software company Netegrity last week unveiled IdentityMinder eProvision 4.0, with improved workflow features that let administrators create and manage policies for extending or curtailing user access to network resources and applications. Network World, 06/07/04.https://www.nwfusion.com/news/2004/0607netegrity.html?nlDataPower, Reactivity add to their XML security lineAmid the growing corporate interest in Web services-based infrastructures, DataPower and Reactivity this week will introduce upgrades designed to help users boost XML security. Network World, 06/07/04.https://www.nwfusion.com/news/2004/0607reactivity.html?nl Related content news analysis Western Digital keeps HDDs relevant with major capacity boost Western Digital and rival Seagate are finding new ways to pack data onto disk platters, keeping them relevant in the age of solid-state drives (SSD). By Andy Patrizio Dec 06, 2023 4 mins Enterprise Storage Data Center news analysis Global network outage report and internet health check Cisco subsidiary ThousandEyes, which tracks internet and cloud traffic, provides Network World with weekly updates on the performance of ISPs, cloud service providers, and UCaaS providers. By Ann Bednarz and Tim Greene Dec 06, 2023 286 mins Networking news analysis Cisco uncorks AI-based security assistant to streamline enterprise protection With Cisco AI Assistant for Security, enterprises can use natural language to discover policies and get rule recommendations, identify misconfigured policies, and simplify complex workflows. By Michael Cooney Dec 06, 2023 3 mins Firewalls Generative AI Network Security news Nvidia’s new chips for China to be compliant with US curbs: Jensen Huang Nvidia’s AI-focused H20 GPUs bypass US restrictions on China’s silicon access, including limits on-chip performance and density. By Anirban Ghoshal Dec 06, 2023 3 mins CPUs and Processors Technology Industry Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe