NETWORK WORLD NEWSLETTER: JASON MESERVE
on SECURITY AND BUG PATCH ALERT
11/21/01 - Today's focus: Windows Media Player vulnerability

Dear Wincenty Kaminski,

In this issue:

* Patches and alerts for Windows Media Player, SGI sendmail,
  HP-UX lpd, others
* A Word macro virus that tries to delete .DOC and .DOT files
  in affected systems
* A look at PsyOps and cyberterrorism, plus other interesting
  reading

_______________________________________________________________
SPECIAL REPORT: TELEWORK

Sept. 11 changed everything - including telework. Formerly
viewed as a way to boost morale and productivity, lure the best
hires and cut costs, telework was almost instantly transformed
into a vital component of U.S. business continuity strategies.
Check out our Special Report on Telework.
http://nww1.com/go/ad203.html

_______________________________________________________________
Today's focus: Windows Media Player vulnerability

By Jason Meserve

It's a short workweek here at Network World central, so there
is not a lot to report today in terms of bugs and security
alerts. (And who wants to be patching a server on Thanksgiving
Day anyway?)

Given the smaller than usual edition, those looking for holiday
shopping ideas can check out our annual Yule Tools Gift Guide,
put together by Senior Reviews Editor Keith Shaw with the help
of some merry Network World elves. You can view all the latest
gadgets at:
http://www.nwfusion.com/hgg2001/

Happy Thanksgiving!


Today's bug patches and security alerts:


* Flaw in Windows Media Player lets any code run

A bug in the way that Microsoft's Windows Media Player 6.4
handles a certain type of streaming media file can allow
attackers, given the right conditions, to execute any code on
target systems, Microsoft said in a security bulletin released
Tuesday. At the same time, Microsoft issued a fix for the
problem.
http://www.nwfusion.com/news/2001/1120mediaplayer.html
IDG News Service, 11/20/01

Microsoft advisory and patch information:
http://www.microsoft.com/technet/security/bulletin/MS01-056.asp


* SGI releases temporary sendmail patch

A number of vulnerabilities have been found in sendmail, which
could be exploited to gain access to sensitive information or
the mail server itself. SGI does not have a permanent solution
but a temporary patch is available inside this advisory:
ftp://patches.sgi.com/support/free/security/advisories/20011101-01-I


* ISS warns of HP-UX lpd vulnerability

Internet Security Systems (ISS) is warning of a vulnerability
in the HP-UX line printer daemon (lpd). A malicious user could
exploit the flaw to execute code with superuser privileges. For
more, go to:
http://xforce.iss.net/static/7234.php


* New version of OpenSSH available

Version 3.0.1 of OpenSSH, an open-source version of the SSH
protocol, is now available. The new version fixes a security
flaw and other miscellaneous bugs. The new version can be
downloaded from:
http://www.openssh.com/


* Caldera patches xlock in UnixWare and Open Unix

Caldera has released a patch for the xlock program that ships
with Open Unix and UnixWare 7. A vulnerability in previous
releases could be exploited to gain privileges. The patch can
be downloaded from:
ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.34/


Today's round up of virus alerts:


* WM97/Marker-JX - A Word macro virus that creates a file
called Jon.html in the Windows directory. It attempts to delete
all .DOC and .DOT files in the Word application start-up
directory and changes the summary information. (Sophos)


>From the interesting reading department:


* Opinion: PsyOps and network security

A significant component of cyberwar and cyberterrorism is
called psychological operations, or PsyOps. Simply, PsyOps is
the manipulation of the psyche of an adversary or target
population with information, misinformation, disinformation and
propaganda. It involves perception management, or controlling
what a group of people think and believe is the goal.
http://www.nwfusion.com/columnists/2001/1119schwartau.html
Network World, 11/19/01


* IBM creates global security services division

Looking to offer a broader suite of services to companies and
the government, IBM Monday announced the formation of a new
division that will focus on security, safety and privacy.
http://www.nwfusion.com/news/2001/1119security.html
IDG News Service, 11/19/01


* Loudcloud offers four new security services

Managed services provider Loudcloud Tuesday announced the
availability of four new security services, beefing up the
features and offerings of the Loudcloud Security Services
suite.
http://www.nwfusion.com/news/2001/1120loudcloud.html
IDG News Service, 11/20/01


* Online archives

Do you have to work on Friday? Why not kill a little time
checking out our past issues?
http://www.nwfusion.com/newsletters/bug/index.html

_______________________________________________________________
To contact Jason Meserve:

Jason Meserve is the Multimedia Editor of Network World
Fusion and writes about streaming media, search engines and
IP Multicast. Jason can be reached at mailto:jmeserve@nww.com.
_______________________________________________________________
NW Fusion's BuyIT has the IT resources you need!  Our directory
hosts thousands of qualified service providers.  Post an RFP
anonymously and FREE, receive competitive bids, begin
negotiations, and get your project done right!
http://nwfusion.newmediary.com/nww110901nwltr1
_______________________________________________________________
FEATURED READER RESOURCE

YOUR TAKE: State Department CIO Burbano revamps network in time
of war

New from Network World is our "Your Take" series. In this
series, we conduct in-dept interviews with top network IT
executives and share their experiences. First in this series,
Network World Senior Editor Carolyn Duffy Marsan interviewed
CIO Fernando Burbano about the status of the State Department's
network upgrade, how it's changed since Sept. 11 and his advice
regarding network security.
http://www.nwfusion.com/yourtake/2001/1029burbano.html
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.nwwsubscribe.com/nl
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp

To unsubscribe from promotional e-mail go to:
http://www.nwwsubscribe.com/ep

To change your e-mail address, go to:
http://www.nwwsubscribe.com/news/scripts/changeemail.asp

Subscription questions? Contact Customer Service by replying to
this message.

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: mailto:jcaruso@nww.com

For advertising information, write Jamie Kalbach, Fusion Sales
Manager, at: mailto:jkalbach@nww.com

Copyright Network World, Inc., 2001

------------------------
This message was sent to:  vkamins@enron.com