--------------------------vince kaminski


-----Original Message-----
From: NW Security and Bug Patch Alert <Security-BugPatch@bdcimail.com>@ENRON [NOTES:NW Security and Bug Patch Alert <Security-BugPatch@bdcimail.com>@ENRON]
To: vkamins@enron.com <vkamins@enron.com>
Sent: Thu Jan 03 16:50:01 2002
Subject: Flaw in AOL Instant Messenger

NETWORK WORLD NEWSLETTER: JASON MESERVE on
SECURITY AND BUG PATCH ALERT
01/03/02
Today's focus: Flaw in AOL Instant Messenger

Dear Wincenty Kaminski,

In this issue:

* Patches and alerts for AOL IM, IE 6.0 and Linux mutt
* Viruses, including the new ZaCker e-mail worm
* CIA-backed analysis tool to be used for passenger checks,
  plus other interesting reading

_______________________________________________________________
THE NETWORK POWER: 2001

Despite the roller coaster ride the economy has put us on this
year, networking remains a thriving, vital industry. In Network
World's Annual Signature Series POWER ISSUE, you'll find
profiles of companies exercising their influence, people
grabbing opportunity and technologies making their mark in the
enterprise. Find out who has exerted the power in 2001 at:
http://nww1.com/go/ad221.html

_______________________________________________________________
Today's focus: Flaw in AOL Instant Messenger

By Jason Meserve


Today's bug patches and security alerts:


* Hole in AOL Instant Messenger discovered

A security flaw in the way AOL's Instant Messenger handles game
sharing requests could be exploited by a malicious user to run
arbitrary code on the affected machine. The victim may be
helpless, short of powering down the machine, to stop the
request. AOL is working on a fix, which will be applied to the
servers that run IM. Users will not have to download a patch.

For more:
http://www.nwfusion.com/news/2002/0102aim.html


* Vulnerability found in IE 6.0

Microsoft bug hunter Georgi Guninski has discovered one of the
first bugs in the new Internet Explorer 6.0. According to
Guninski, the GetObject() function has a poor security
mechanism that can be easily exploited to transverse local
files and execute arbitrary programs on the affected machine.

For more, go to:
http://www.guninski.com/getob3.html


* Patch release for mutt

A buffer overflow vulnerability exists in mutt, a mail user
agent for Linux. The one-byte overflow can be exploited by a
malicious user. For general updates and to get more
information, go to:
http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html

Debian users can download the appropriate patch from:
http://www.debian.org/security/2002/dsa-096


Today's roundup of virus alerts:


* JS/Seeker-E - A JavaScript-based virus that attempts to set
Internet Explorer's home and start pages to a pornographic
site. (Sophos)

* Win32/Maldal.G.Worm - An e-mail worm that spreads via Outlook
by sending itself to everyone the Outlook Address book and by
searching the infected hard drive for addresses embedded in
HTML pages. Infected messages have the subject line of "ZaCker"
and an attachment called "ZaCker.exe". The virus also will
overwrite a number of file types. (Computer Associates, Sophos,
Symantec)

See story at:
http://www.nwfusion.com/news/2002/0103zacker.html

* Troj/Download-A - A Trojan Horse program that comes as two
files, "dlder.exe" and "explorer.exe". They can be used to send
information about an infected computer to outside sources.
(Sophos)


>From the interesting reading department:


* CIA-backed analysis tool eyed for passenger checks

Data analysis software backed by the CIA and used by some
casinos to catch gambling cheats is now being tested for its
potential to detect suspected terrorists and their associates
when they make airline, hotel or rental-car reservations.
http://www.nwfusion.com/news/2002/0102cia.html
Computerworld, 01/02/02


* The VPN performance game

Hardware and software VPN vendors go head to head over
performance. What you need to know about their claims.
http://www.nwfusion.com/power01/vpnlie/
Network World, 12/24/01


* Powering down

How some network pros let off steam after a hard day at work.
http://www.nwfusion.com/power01/breaks/
Network World, 12/24/01


* Archives online

Well, 2002 is upon us. Look back on 2001 at:
http://www.nwfusion.com/newsletters/bug/index.html

_______________________________________________________________
To contact Jason Meserve:

Jason Meserve is the Multimedia Editor of Network World
Fusion and writes about streaming media, search engines and
IP Multicast. Jason can be reached at mailto:jmeserve@nww.com.
_______________________________________________________________
Promote your services and generate qualified leads!  Register
on Buy IT, NW Fusion's Vendor Directory and RFP Center.  It's
cost-effective and eliminates the headaches of finding new
business.  List your company today and access millions of
dollars in RFPs posted by active buyers.  Go to NW Fusion now!
http://www.nwfusion.newmediary.com/091201nwwprovnwltr1
_______________________________________________________________
FEATURED READER RESOURCE

JOIN IN!

Network World Forums are a great place to voice your opinion
and hear what your peers have to say about a latest product
release or trend in networking. Our Forums cover such topics as
"Should you upgrade to XP?" to a "Help Desk Forum" in which
you can ask the expert advice of Network World Fusion's Help
Desk editor, Ron Nutter. Our Forums are a great way to express
your opinions and interact with your peers.
http://www.nwfusion.com/forum/index.html
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.nwwsubscribe.com/nl
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp

To unsubscribe from promotional e-mail go to:
http://www.nwwsubscribe.com/ep

To change your e-mail address, go to:
http://www.nwwsubscribe.com/news/scripts/changeemail.asp

Subscription questions? Contact Customer Service by replying to
this message.

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: mailto:jcaruso@nww.com

For advertising information, write Jamie Kalbach, Director of
Online Sales, at: mailto:jkalbach@nww.com

Copyright Network World, Inc., 2002

------------------------
This message was sent to:  vkamins@enron.com