NETWORK WORLD NEWSLETTER: JASON MESERVE on
SECURITY AND BUG PATCH ALERT
01/10/02
Today's focus: Panda: Virus authors getting trickier

Dear Wincenty Kaminski,

In this issue:

* Virus news from Panda and SiliconValley.com
* Patches and alerts for mutt, Cisco SN 5420, SGI NQE, others
* New viruses aimed at Shockwave Flash, Microsoft .Net
* Many U.S. companies at risk for cyber attacks, plus other
  interesting reading

_______________________________________________________________
This newsletter sponsored by
Akaba

NEW!  Network Security Validation System

Check your Firewalls, Servers and Applications. The people who
designed Firewalls and VPN devices for Novell, Avaya (VPNet)
and Alcatel (Internet Devices) have developed a powerful
network scanning system.  See how the next generation in
Security technology will ensure confidence in your network.

Get the "Network Security Validation:2002"  White Paper.
http://nww1.com/go/3797703a.html
_______________________________________________________________
PRODUCT INFO IN ONE CONVENIENT LOCATION!

Heard about a new product launch? Curious to find out if the
features and benefits of this new product will meet your
critical business needs? Network World Fusion's Product Central
section includes all the info you need to make informed
decision about new products and also includes a product finder
function. Check it out at http://nww1.com/go/ad216.html

_______________________________________________________________
Today's focus: Panda: Virus authors getting trickier

By Jason Meserve


I got a couple of interesting items in my inbox this week. The
first was an antivirus vendor press release doing the annual
look-back-at-last-year and look-forward-to-this-year pitch.

The Panda Software release says virus authors are getting more
tricky in their attempts to spread viruses, using social
engineering techniques to get unsuspecting users to open their
malicious wares. Panda is hoping that 2002 will not be a repeat
of 2001, when a number of simple "bait" messages caused mass
mailing viruses to spread like wildfire.

Panda also suspects that viruses in 2002 will go after known
system exploits like buffer overflows to run code on infected
machines. Users are urged to keep systems and antivirus
software up-to-date with the latest patches and updates. Sounds
like common sense to me. For more, go to:
http://www.pandasoftware.com/

The second item was an e-mail alert sent around by the authors
of the SiliconValley.com newsletter warning that their systems
had been hacked and used to send messages infected with
Magistr.B virus. Not good when a major media outlet's systems
are hacked and used to attack unsuspecting readers. Let's hope
Network World's systems never suffer such a fate.


Today's bug patches and security alerts:


* More mutt updates available from Linux vendors

A buffer overflow in mutt's e-mail address parser could be
exploited by a malicious user to overwrite arbitrary bytes in
memory. Red Hat users can download new versions of mutt from:
https://www.redhat.com/support/errata/RHSA-2002-003.html

Linux-Mandrake users can get more from:
http://www.mandrakesecure.net/en/advisories/2002/MDKSA-2002-002.php

Conectiva users:
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000449

SuSE users:
http://lists2.suse.com/archive/suse-security-announce/2002-Jan/0000.html

Trustix users:
http://www.trustix.org/pipermail/tsl-announce/2002-January/000045.html


* Cisco SN 5420 Storage Router vulnerability

According to an alert from Cisco, three vulnerabilities have
been discovered in Cisco SN 5420 Storage Router software
releases up to and including 1.1(5). Two of the vulnerabilities
can cause a denial-of-service attack. The other allows access
to the SN 5420 configuration if it has been previously saved on
the router. There is no workaround for these vulnerabilities.
For more, go to:
http://www.cisco.com/warp/public/707/SN-multiple-pub.shtml


* SGI reports NQE vulnerability

The Network Queuing Environment (NQE) that shipped in the past
with SGI contains a remotely exploitable buffer overflow
vulnerability that could lead to a malicious user gaining root
access. SGI considers this product retired and will not be
releasing a patch for the problem. For more, go to:
ftp://patches.sgi.com/support/free/security/advisories/20020101-01-I


* Sun releases patch for CDE Subprocess Control Service

A buffer overflow flaw in the CDE Subprocess Control Service
(dtspcd) daemon could be exploited by a malicious user to gain
root access on the affected system. Sun users can download the
appropriate patch from:
http://sunsolve.sun.com/securitypatch


* Debian patches libgtop

Two flaws in the libgtop daemon could allow a malicious user to
gain privileges of the application, usually those for the
"nobody" user. Debian users can get more information and
patches from:
http://www.debian.org/security/2002/dsa-098


* Microsoft investigating alleged flaw in IE browser

Microsoft said it's investigating an alleged flaw in recent
versions of its Internet Explorer browser software that could
allow attackers to spoof legitimate Web sites, steal content
from browser cookies and gain access to certain types of files
on a victim's system.
http://www.nwfusion.com/news/2002/0108ieflaw.html
Computerworld, 01/08/02


* Linux-Mandrake updates BIND

Previous versions of BIND 9.x that shipped with Linux-Mandrake
8.0 and 8.1 contain insecure permissions, configuration files
and executables. This new release tightens things up a bit. For
more, go to:
http://www.mandrakesecure.net/en/advisories/2002/MDKSA-2002-001.php


* Red Hat fixes exim

A flaw in the way exim handles some incoming data could expose
the affected system to arbitrary malicious code. For more, go
to:
https://www.redhat.com/support/errata/RHSA-2001-176.html


* Patch available for stunnel

Red Hat has released a patch for stunnel to fix a format string
vulnerability that could be exploited to execute arbitrary code
on the affected system. For more, go to:
https://www.redhat.com/support/errata/RHSA-2002-002.html


* Conectiva patches proftpd

Two vulnerabilities in proftpd could allow a malicious user to
bypass some security features or launch a denial-of-service
attack against the affected machine. For more, go to:
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000450


Today's roundup of virus alerts:


* First virus identified that infects Shockwave Flash files

Antivirus software vendors say they have spotted the first
computer virus that uses Macromedia's Shockwave Flash files to
transmit itself once a victim clicks to run the Flash movie.
Identified as SWF/LFM-926 by antivirus software vendor Sophos,
this virus is not yet "in the wild," infecting computers. The
Shockwave Flash virus was sent to Sophos as a sample via
anonymous e-mail, and this specimen is now being shared and
analyzed among several antivirus vendors.
http://www.nwfusion.com/news/2002/0108flashvirus.html
Network World, 01/08/02

* XM97/Bdoc2-A - An Excel macro virus that displays a message
on April 26 and attempts to shut down the current Windows
session if the day is a multiple of 5. (Sophos)

* WM97/Opey-AX - A Word macro virus that changes user summary
information in the infected document. It also makes changes to
the autoexec.bat file to display a Happy Birthday message on
certain days of the year. (Sophos)

* W32.Donut - A virus only Homer Simpson could love. Symantec
reports this is a concept virus designed to test potential
weaknesses in Microsoft's .Net architecture. (Symantec)


>From the interesting reading department:


* Suggested fix for AIM hole has back door, spyware

Software recommended by security group w00w00 to plug a hole in
AOL's Instant Messenger opens the user's system to hacker
attacks and can direct the user's Web browser to pornographic
Web sites," w00w00 said Tuesday.
http://www.nwfusion.com/news/2002/0109aimhole.html
IDG News Service, 01/09/02


* Many U.S. companies at risk for cyberattacks

U.S. computer systems are increasingly vulnerable to
cyberattacks, partly because companies are not implementing
security measures already available, according to a new report
released Tuesday.
http://digitalmass.boston.com/news/2002/01/08/cyber_attack.html
Reuters, 01/08/02


* Wireless LAN security fix on tap from IEEE group

Network executives worried about the security of their wireless
LANs may soon be able to sleep a little easier: The standards
committee responsible for the broken wireless LAN encryption
algorithm, Wired Equivalent Privacy, has approved a fix to the
system that can be applied to existing equipment.
http://www.nwfusion.com/news/2002/128615_01-07-2002.html
Network World, 01/07/02


* McAfee touts antivirus pack for NetWare 6.0

Network Associates' McAfee division this week becomes the first
vendor to offer antivirus software for Novell's NetWare 6.0
server, although others, including Computer Associates, expect
to have competing products ready within weeks.
http://www.nwfusion.com/news/2002/128752_01-07-2002.html
Network World, 01/07/02


* Panda introduces Exchange antivirus tool to the U.S.

In the wake of a rash of nasty e-mail viruses over the past
year, European antivirus tools vendor Panda Software this week
made the first U.S. release of its Panda Antivirus for Exchange
2000 software available.
http://www.nwfusion.com/news/2002/0104panda.html
Network World Fusion, 01/04/02


* Check Point adds security assessment to OPSEC

Leading firewall and virtual private network vendor Check Point
Software Tuesday announced an expansion of its OPSEC security
initiative, adding assessment tools to the framework.
http://www.nwfusion.com/news/2002/0108checkpoint.html
IDG News Service, 01/08/02


* Secure IM software proliferates

The market for secure, business-grade instant messaging
software is picking up steam, with several start-ups now
offering packages that automatically encrypt real-time chat
sessions between users. However, these packages do not yet
offer secure communications with users of popular consumer-
oriented IM systems from AOL, Microsoft and others.
http://www.nwfusion.com/news/2002/0109secureim.html
Network World Fusion, 01/09/02


* NetScreen offers new VPN-firewall gear

NetScreen this week introduced VPN gear that makes it possible
for users to tailor-fit protection for specific network
resources without having to buy multiple boxes. Four new
NetScreen VPN appliances have at least four 10/100 Ethernet
ports, each of which can oversee a separate, independently
configured security domain.
http://www.nwfusion.com/news/2002/0109netscreen.html
Network World Fusion, 01/09/02


* Archives:

It is 2002 now. Look back on all the events of 2001 at:
http://www.nwfusion.com/newsletters/bug/

_______________________________________________________________
To contact Jason Meserve:

Jason Meserve is the Multimedia Editor of Network World
Fusion and writes about streaming media, search engines and
IP Multicast. Jason can be reached at mailto:jmeserve@nww.com.
_______________________________________________________________
Promote your services and generate qualified leads!  Register
on Buy IT, NW Fusion's Vendor Directory and RFP Center.  It's
cost-effective and eliminates the headaches of finding new
business.  List your company today and access millions of
dollars in RFPs posted by active buyers.  Go to NW Fusion now!
http://www.nwfusion.newmediary.com/091201nwwprovnwltr1
_______________________________________________________________
FEATURED READER RESOURCE

Network World Fusion's Net.Worker site

Whether your company is growing larger or scaling back,
corporate managers are looking for ways to cut costs while
retaining and recruiting star employees. One smart solution -
at least on paper - is to let some employees work from home.
Network World's Net.Worker Web site bridges the gap between the
telework concept and the hardware, software and services needed
to make it happen. We bring you news and reviews, sound advice
and keen insight into the technologies and solutions you need
to manage a remote and mobile workforce.

Visit http://www.nwfusion.com/net.worker/index.html
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.nwwsubscribe.com/nl
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp

To unsubscribe from promotional e-mail go to:
http://www.nwwsubscribe.com/ep

To change your e-mail address, go to:
http://www.nwwsubscribe.com/news/scripts/changeemail.asp

Subscription questions? Contact Customer Service by replying to
this message.

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: mailto:jcaruso@nww.com

For advertising information, write Jamie Kalbach, Director of
Online Sales, at: mailto:jkalbach@nww.com

Copyright Network World, Inc., 2002

------------------------
This message was sent to:  vkamins@enron.com