NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH ALERT 09/16/04 Today's focus: Microsoft warns of JPEG handling flaw
Dear [EMAIL PROTECTED], In this issue: * Patches from Microsoft, F-Secure, Mandrake Linux, others * Beware latest MyDoom variants * NEC extends quantum cryptography range and speed, and other ��interesting reading * Links related to Virus and Bug Patch Alert * Featured reader resource _______________________________________________________________ This newsletter is sponsored by SBC Gimme Shelter! Converged Services Spell Relief For Beleaguered Network Managers Switched IP networks are rapidly becoming the corporate communications architecture of choice. By converging voice, data and video onto IP telephony platforms and Virtual Private Networks, enterprises can supply bandwidth when and where end users need it, while significantly lowering administrative and equipment costs. Click here to download this Whitepaper now http://www.fattail.com/redir/redirect.asp?CID=81135 _______________________________________________________________ CHECK OUT NW FUSION'S NEW WHITE PAPER LIBRARY NW Fusion's White Paper Library was recently re-launched with new features and improved capabilities! Sort NW Fusion's library of white papers by Date and Vendor, view white papers by TECHNCIAL CATEGORY, mouse over white paper descriptions and take advantage of our IMPROVED white paper search engine. CLICK HERE: http://www.fattail.com/redir/redirect.asp?CID=81167 _______________________________________________________________ Today's focus: Microsoft warns of JPEG handling flaw By Jason Meserve Today's bug patches and security alerts: JPEG handling flaw threatens PCs, Microsoft warns A security flaw in the way many Microsoft applications process JPEG images could allow an attacker to gain control over a computer running the software, Microsoft warned Tuesday. IDG News Service, 09/14/04. <http://www.nwfusion.com/news/2004/0914jpeghandl.html?nl> Microsoft advisory: <http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx Microsoft patches WordPerfect converter A flaw in the WordPerfect converter code could be exploited by an attacker to run their code of choice on the affected machine. Most recent versions of Office and Works are impacted by the problem. For more, go to: <http://www.microsoft.com/technet/security/Bulletin/MS04-027.mspx ********** Mozilla updates browsers after bug hunt Mozilla released a series of security updates for its Firefox and Mozilla 1.7 browsers yesterday that resolve the first security vulnerabilities to come from the Mozilla Foundation's Security Bug Bounty Program. Its Thunderbird email client also needs patching for similar reasons. The Register, 09/15/04. <http://www.theregister.co.uk/2004/09/15/mozilla_patches/> ********** New Apache bug fix update available The Apache Software Foundation and the Apache HTTP Server Project have released Version 2.0.51 of the popular server. This is a bug fix release that repairs problems in IPv6, configuration file parsing, mod_ssl, and mod_dav_fs. For more, go to: <http://httpd.apache.org/download.cgi?update=200409150645> Mandrake Linux: <http://www.nwfusion.com/go2/0913bug2a.html> SuSE: <http://www.suse.com/de/security/2004_32_apache2.html> ********** iDefense warns of flaw in F-Secure Internet Gatekeeper Content Scanning Server A denial-of-service vulnerability has been found in the F-Secure Internet Gatekeeper Content Scanning Server. The server does not properly handle malformed packets on port 18,971. An attacker could exploit this to crash the server. For more, go to: <http://www.nwfusion.com/go2/0913bug2b.html> F-Secure patch: <http://www.f-secure.com/security/fsc-2004-2.shtml> ********** Mandrake Linux, OpenPKG release Samba patches A flaw in version of Samba prior to 3.0.6 and 2.2.11 that could exploited in a denial-of-service attack against the Samba Daemon (smbd). For more, go to: Mandrake Linux: <http://www.nwfusion.com/go2/0913bug2c.html> OpenPKG: <http://www.openpkg.org/security/OpenPKG-SA-2004.040-samba.html> ********** Vendors patch CUPS According to an alert from Debian, "Alvaro Martinez Echevarria discovered a problem in CUPS, the Common UNIX Printing System. An attacker can easily disable browsing in CUPS by sending a specially crafted UDP datagram to port 631 where cupsd is running." For more, go to: Debian: <http://www.debian.org/security/2004/dsa-545> Mandrake Linux: <http://www.nwfusion.com/go2/0913bug2d.html> SuSE: <http://www.suse.com/de/security/2004_31_cups.html> ********** Axis patches vulnerable network cameras A number of Axis video cameras are vulnerable to an attack by a remote user. Each of the cameras has an on-board HTTP server for management and service images. An attacker could bypass the authentication scheme to gain access. For more, go to: <http://www.securityfocus.com/bid/11011> ********** Today's roundup of virus alerts: Virus writers add network sniffer to worm Virus writers have grafted a network sniffer into the latest variant of the SDBot worm series. So far there are no reports of SDBot-UH in the wild but the inclusion of selective network sniffing along with keystroke logging features and other backdoor capabilities has security researchers worried. The Register, 09/14/04. <http://www.theregister.co.uk/2004/09/14/network_sniffer_worm/> W32/Rbot-IY - An Rbot variant that spreads via network shares and allows backdoor access via IRC. No word on what file it infects. (Sophos) W32/Rbot-JC - Another typical Rbot variant. See Rbot-IY above. This one uses a random filename. (Sophos) Troj/Optix-PRO - The only description we have of this one: "Troj/Optix-PRO is a backdoor Trojan." Fortunately, the threat level is low. (Sophos) W32/Nyxem-C - According to Sophos, This is "an internet worm which spreads via network shares and by sending itself to contacts in the Outlook address book, to Yahoo Messenger and Yahoo Pager contacts and to email addresses found within files that have an extension of HTM or DBX." (Sophos) Troj/Psyme-AS - A Javascript downloader program that exploits the ADODB stream flaw in IE. The virus replaces the Windows Media executable file (wmplayer.exe). (Sophos) W32/MyDoom-W - A new MyDoom variant that spreads via e-mail that looks to be from "Jenna K." and contains a ZIP attachment of photos. (Sophos) W32/MyDoom-X - Another MyDoom variant. This one infects "oz2.exe and to the Windows system folder with the filename oz11111.exe". The virus tries to launch a DDoS attack against symantec.com between Sept. 29 and Oct. 29. (Sophos) W32/Bagle-AM - Another Bagle variant that uses mass e-mail to spread. The virus uses a variety of subject line and attachment names for its infected messages. The virus harvests the infected machine for e-mail addresses. (Sophos) ********** >From the interesting reading department: Brazil is world 'hacking capital' Brazil has become the global capital for computer hacking and Internet fraud, according to experts meeting in the country's capital, Brasilia. BBC Online, 09/14/04. <http://news.bbc.co.uk/1/hi/world/americas/3657170.stm> NEC extends quantum cryptography range and speed NEC researchers have developed a quantum cryptography system with sufficient speed and range to make it commercially viable. It could go on sale in the second half of 2005, the researchers said Thursday. IDG News Service, 09/16/04. <http://www.nwfusion.com/news/2004/0916necexten.html?nl> Backspin: SP2 confounds the world While we should applaud Microsoft for doing something positive about security, I find it depressing that the richest software company in the world can't get the usability issues sorted out. Network World, 09/13/04. <http://www.nwfusion.com/columnists/2004/091304backspin.html?nl> 'Net Buzz: Are 4% of your co-workers morons? No one can claim ignorance of the fact that using company computers to send smutty e-mail or visit naughty Web sites can get you canned faster than telling off the boss. Network World, 09/13/04. <http://www.nwfusion.com/columnists/2004/091304buzz.html?nl> Nutter's Help Desk: Protecting Linux servers I am starting to move my company to Linux as the server platform of choice. With the seemingly continual stream of alerts about the different hacks possible, I know that I should put some type of firewall in place to protect the servers. What are my options? Network World, 09/13/04. <http://www.nwfusion.com/columnists/2004/091304nutter.html?nl> Bottom Line: A VoIP security plan of attack >From a security viewpoint, VoIP is a nightmare, combining the worst vulnerabilities of IP networks and voice networks. But VoIP's security challenges can be solved. All it takes is a plan. Network World, 09/13/04. <http://www.nwfusion.com/columnists/2004/091304snyder.html?nl> _______________________________________________________________ To contact: Jason Meserve Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at <mailto:[EMAIL PROTECTED]>. Check out his Multimedia Exchange weblog at: <http://www.nwfusion.com/weblogs/multimedia/> _______________________________________________________________ This newsletter is sponsored by SBC Dialing for Dollars CRATE & BARREL'S VOIP MOVE NETS SAVINGS AND FLEXIBILITY An apples-to-apples comparison showed that a centralized, software-based, IP-based platform could provide significant cost savings and productivity benefits over a comparable, traditional PBX system. Download whitepaper now, click here http://www.fattail.com/redir/redirect.asp?CID=81146 _______________________________________________________________ ARCHIVE LINKS Virus and Bug Patch Alert archive: http://www.nwfusion.com/newsletters/bug/index.html Breaking security news, updated daily http://www.nwfusion.com/topics/security.html _______________________________________________________________ FEATURED READER RESOURCE ACCESS NW'S IN-DEPTH REPORT ON: BLADE SERVERS Available now is Network World's Technology Insider on: Blade Servers. Find out why early adopters of blade server technology say the benefits aren't science fiction, how blade servers differ by vendor, why blade servers are perfectly suited for today's data centers, review our extensive blade server buyer's guide and more. Click here: <http://www.nwfusion.com/nlvirusbug606> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED] ------------------------ Yahoo! Groups Sponsor --------------------~--> $9.95 domain names from Yahoo!. Register anything. http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/BCfwlB/TM --------------------------------------------------------------------~-> <a href=http://English-12948197573.SpamPoison.com>Fight Spam! Click Here!</a> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/kumpulan/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
