|
|
MS patch | Passport flaw | MS antivirus | IIS, Windows Media | AdSubtract | OpenSSH | Network device driver leaks | SETI@home | Worms | SobigE | CRM114 | Your Computer
Last April Microsoft released Windows XP SP-1, a hotfix for an "important" security flaw. The patch had what some described as "disastrous effects" on Windows XP, 2000, and NT 4.0 users because once installed, it slowed programs to a crawl.
Microsoft has since tried to address the problem by revising their guidelines for using the patch. See Microsoft Knowledge Base Article 815411: "Heap Algorithm Update for Atypically Large Heap Requests" at http://support.microsoft.com/default.aspx?scid=kb;en-us;815411
This latest bulletin explains that Windows XP SP-1 should be applied only to systems that are experiencing a specific, atypical problem. Those who are not severely affected by the memory problem the patch was designed to address are advised to wait for the release of its next Windows XP or Windows Server 2003 service pack that contains this fix.
In May, a flaw was discovered in Passport's password recovery mechanism that could have allowed an attacker to change the password on any account in which the username is known. Because the data frequently stored in Passport accounts includes such sensitive information as names, addresses, birthdates, and credit card numbers, a breach in Passport security leaves millions of users vulnerable to identity theft.
As soon as the flaw was discovered, Microsoft immediately turned off the vulnerable password recovery feature and replaced the service with a more secure version. Details on the Passport flaw, as well as Microsoft's plans to improve security in future versions of Windows, are available in Steven Musil's CNET News.com article, "Week in review: Red-faced Redmond," at http://news.com.com/2100-1083-1000686.html
In a bid to become a major player in the antivirus software field, Microsoft announced in June that it will buy antivirus technology from Romania's GeCAD Software and offer its own antivirus products.
Although Microsoft said it has no plans to bundle its virus software with Windows, most industry observers acknowledged the company has a strong competitive advantage.
More details on Microsoft's latest move are available in the IDG News Service report, "Industry wary of Microsoft's antivirus play," at http://www.infoworld.com/article/03/06/10/HNvirusreact_1.html
In May, Microsoft released a batch of patches to fix security holes in IIS versions 4, 5, and 5.1, which are all vulnerable to "cross-site scripting attacks." Additional patches were also issued to address flaws in IIS 4 and 5 that can lead to denial of service attacks.
At the same time, Microsoft released a patch that fixes a flaw in Windows Media Services for Windows 2000 and NT 4.0.
For more information, and to download the patches, see the following:
If you're using AdSubtract (a proxy server designed to block popups, animations, sounds, unwanted cookies, and the like), you should be aware that it may be vulnerable to abuse from external sources as an open proxy server due to incorrectly handled ACL checking. For details, see http://www.net-security.org/vuln.php?id=2733
Remote attackers have a better chance of accessing restricted resources because of a flaw in the way OpenSSH evaluates IP addresses and hostnames. For a complete description of the problem, including a list of affected systems and the recommended solution, see http://www.kb.cert.org/vuls/id/978316
Network device drivers that reuse old frame buffer data to pad packets are vulnerable to remote attackers seeking to harvest sensitive information.This vulnerability may also affect link layer networking protocols other than Ethernet.
Network administrators are advised to use encryption to protect network traffic. For full details, including a list of affected systems, see CERT's Vulnerability Note VU #412115 at http://www.kb.cert.org/vuls/id/412115
A potential buffer overrrun vulnerability in versions of SET@home prior to version 3.08 has been fixed in the latest release of the software.To get the software fix, download version 3.08 from the vendor's website at http://setiathome.ssl.berkeley.edu/download.html
Fizzer Worm. This complex new virus first surfaced on May 8, when it spread across the globe through email and popular file-swapping networks such as KaZaA. The virus affects computers running Windows 95/98/Me/NT/2000/ and XP. Its most worrisome feature is the key-logging program it installs on a victim's machine. This program has the capability to record everything you type into your PC, and can even record screen shots. Infected machines could expose such sensitive data as bank account numbers and passwords to malicious exploitation.
In addition to replicating itself through email, Fizzer also masquerades as a dummy media file in the KaZaA shared file folders of infected computers running P2P. Trademark file extensions of files containing Fizzer's executable code are .exe, .pif, .com, or .scr
To see Symantec's coverage of Fizzer, including removal instructions, go to http://www.symantec.com/avcenter/venc/data/pf/w32.hllw.fizzer@mm.html
Effects of worms on Internet routing . The overall impact of worms on the Internet is well documented in Ido Dubrawsky's SecurityFocus article, "Effects of Worms on Internet Routing Stability" at http://www.securityfocus.com/infocus/1702
Worms that forge headers. By now, most users are familiar with Klez-type worms that forge the "From:" header in email messages to disguise their origins (see Summer 2002 Computing News article "Worms, Worms, Worms…" http://cc.uoregon.edu/cnews/summer2002/worms.html).
The only way to definitively discover where the infested host really lives is by generating expanded headers and looking at the "Received:" lines. To find out how to do this, see the Microcomputer Services page at http://micro.uoregon.edu/fullheaders/
This annoying virus has been seen on campus recently. It affects only Windows machines, and sends its infected attachment in a Zip file (often named "your_details.zip"). Look for a "Subject" line that is either "Re: Application" or "Re: Movie." (Note: Mac users may receive these same Sobig.E emails, but the virus can contaminate only Windows machines.)
The University of Michigan Virus Busters have some good information on this virus at http://www.itd.umich.edu/virusbusters/sobig-e.html
CRM114, "the Controllable Regex Mutilator," is another spam product you might want to consider for your anti-spam arsenal.
The CRM114 system examines incoming email, system log streams, data files or other data streams, and sorts or filters them according to your specifications. It's compatible with Spam Assassin and other spam-flagging software and can be used as a syslog or firewall log filter.
One caveat: CRM114 is still experimental and without warranty of any kind. To find out more, visit the developer's home page at http://crm114.sourceforge.net/
An America Online study reports that 89% of computers with broadband connections are not as safely configured as users think they are. For detailed study results, see http://www.staysafeonline.info/press/060403.pdf