|
|
Enron Mail |
---------------------- Forwarded by Vince J Kaminski/HOU/ECT on 04/26/2000
09:15 AM --------------------------- "NW Security and Bug Patch Alert" <Security-BugPatch@bdcimail.com< on 04/25/2000 05:43:21 PM Please respond to "Security and Bug Patch Alert Help" <NWReplies@bellevue.com< To: <vkamins@enron.com< cc: Subject: Social engineering NETWORK WORLD FUSION FOCUS: JASON MESERVE on SECURITY AND BUG PATCH ALERT TODAY'S FOCUS: Social engineering 04/25/00 Dear Wincenty Kaminski, ~~~~~~~~~~This issue is sponsored by Mission Critical Software~~~~~~~~~ FREE SECURITY eSEMINAR Windows NT and Windows 2000 security expertise at your fingertips! Mission Critical Software presents Windows Security: Step-by-Step as part of its new, innovative on-demand eSeminar site. Reduce the risk and impact of a security incident by ensuring your NT systems are properly configured and managed. Review the SANS Institute Security Checklist to lock out violators. Register NOW for this and other tracks and product demos! http://nww1.com/go/1178675a.html Nobody Does Windows 2000 better. Nobody. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Subscribe to the "Whitepapers Download" newsletter from Network World!! Keep up-to-date with summaries and links to the latest vendor-sponsored whitepapers on Network World Fusion. Subscribe to Whitepapers Download at http://www.nwfusion.com/go/wppromo.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Today's Focus: Social engineering --------------------------------------------------------------- By Jason Meserve Here's an interesting topic that came up in a Butler Group OpinionWire e-mail newsletter: social engineering. Instead of using technical skills to break into computers, hackers often use the weakness of the human mind to gain access to corporations. Hackers befriend users and trick them into giving away sensitive information that can be used to gain access to systems. These hackers also use trickery such as pretending to be from tech support to get unsuspecting users to give up their username and password information. Serbian hackers used the technique to gain access to Web sites registered by Network Solutions, Inc., according to the Butler Group. The hackers then defaced these sites as a form of political and social protest. While no data was stolen, the incidents bring up an interesting point. While you may have security in place, it is still important to educate users on security practices, such as never giving passwords or other sensitive information out to unknown people or Web sites. AOL warns its users all the time that administrators do not ask for password information when dealing with customers. Make sure your employees aren't unwittingly leaving the front door open to attack. One other note before we get to the latest alerts. Last week, a brain cramp had me misreading information about the alleged backdoor passwords in Microsoft software. The problem is associated with InterDev 1.0, not Version 7.0 as previously reported. Also, I was remiss in not mentioning that Microsoft recommends deleting the DVWSSR.DLL library that installs as part of a number of Web software applications, including FrontPage 98 Extensions. The library could be used in buffer overflow attacks. Now on with the latest patches and alerts: Panda Software warns of W95/CIH virus W95/CIH (or Chernobyl) is set to go active on April 26, the anniversary of the Chernobyl nuclear disaster of 1986. The virus infects various executables with 1K byte of code, and on the 26th is set to destroy the Flash BIOS of Intel Pentium processors, rendering the computer useless until the Flash BIOS is restored to its original settings. For more information: http://www.pandasoftware.com/vernoticia.asp?noticia=674&;idioma=2 ********** Microsoft releases procedure to eliminate "Server-Side Image Map Components" vulnerability A vulnerability in several Web server products from Microsoft could let a malicious Web site visitor perform actions that the system permissions allow, but could not have been accessed without this hole. The risk is in FrontPage 97 and 98 extensions htimage.exe and imagemap.exe, which provide server-side image-mapping support. Microsoft says the affect of this bug is limited, but the company is providing a means of remedying the situation. For more information on the procedure: http://www.microsoft.com/technet/security/bulletin/fq00-028.asp ********** Buffer overflow in Red Hat's imwheel module A buffer overflow condition in the imwheel module that comes with Red Hat Powertools could allow a local user to execute arbitrary commands as root. For more information: http://bugzilla.redhat.com/bugzilla/ ********** Red Hat releases new openldap packages The new openldap package fixes a vulnerability in Red Hat Linux Versions 6.1 and 6.2. The old version of the package creates a link to the /tmp directory that is world writable. This could allow users to destroy any file on a mounted file system. For more information: http://bugzilla.redhat.com/bugzilla ********** RealNetworks releases patch for denial-of-service vulnerability in RealServer RealNetworks' RealServer streaming media server contains a vulnerability that could allow a malicious user to cause a stack overflow and shut down the system until it is rebooted by an administrator. RealNetworks says the problem lies in the PNA protocol-handling scheme. Download the patch: http://service.real.com/help/faq/servg270.html ********** Bug in Netscape Navigator could allow others to view bookmarks A flaw has been discovered in Netscape Navigator that could allow a malicious Web site operator to view a person's bookmark file. By using a combination of JavaScripts, cookies and frames, an operator could view the contents of a bookmark file, if the browser user is set to "default." Also, support for cookies and JavaScript needs to be turned on. The problem could be part of Microsoft Internet Explorer as well. While no code can be run on the client machine, the problem could expose private information in the bookmark file. http://www.zdnet.com/pcweek/stories/news/0,4153,2553337,00.html ********** Patch available for "Malformed Environment Variable" vulnerability A vulnerability in Windows NT 4.0 and Windows 2000 could allow a malicious user to make some or all of the memory on a server unavailable, effectively slowing and shutting down the machine. The CMD.EXE command processor has an unchecked buffer in part of the code that handles environment strings. Microsoft does not believe this to be a major threat. For more information: http://www.microsoft.com/technet/security/bulletin/fq00-027.asp ********** Patch available for "Mixed Object Access" vulnerability Microsoft scores the hat trick with its third vulnerability of the week. This patch fixes a limited problem in Windows NT 4.0 and 2000 that could allow a user to change information in Active Directory without permission. The scope of the problem is very small and only pertains to certain object attributes. For more information: http://www.microsoft.com/technet/security/bulletin/fq00-026.asp ********** WM97/Astia-AI reported in the wild by Sophos Many people like to write these Word macro viruses. For hackers, these must be the equivalent of the little Pascal programs that sorted simple lists, which I had to write back in my early days as a computer science major. Hackers must start with these viruses before jumping to the big leagues of distributed-denial-of-service attacks. This particular strain creates Book.dot and Book.src files in the Word StartUp directory and affects the Normal.dot file. The virus will pop up a window titled "TITANUS" if a user enters the Visual Basic Macro Editor. It will then attempt to infect an open document. Just another pain to be aware of. For more information: http://www.sophos.com/virusinfo/analyses/wm97astiaai.html ********** Georgi Guninski reports another IE problem Georgi Guninski is the king of finding bugs in Microsoft Internet Explorer. This time, Guninski has found an error in the way Microsoft implements its Java Virtual Machine that could circumvent the cross- frame security policy built into the browser. This could allow malicious users to use the Document Object Model to gain access to files on a vulnerable machine. Guninski reports that fixing the problem is not as easy as turning off Active Scripting. For a demonstration of the problem: http://www.nat.bg/~joro/jsinject.html ********** Problem with Panda Security 3.0 DeepZone is reporting a problem with Panda Security 3.0's key handling. Local users could override their privileges and gain access to administrator rights. This could allow an unauthorized user to uninstall the product. For more information and patches: http://www.pandasoftware.com (user name and password required) ********** Denial-of-service problem with some versions of Cisco IOS A defect in multiple Cisco IOS software versions will cause a Cisco router to reload unexpectedly when the router is tested for security vulnerabilities by security scanning software programs. The defect can be exploited repeatedly to produce a consistent denial-of-service attack. Cisco recommends upgrading affected systems as soon as possible. For more information and to see which versions are affected: http://www.cisco.com/warp/public/707/iostelnetopt-pub.shtml ********** FreeBSD Generic-NQS contains a local root compromise Generic-NQS Versions 3.50.7 and earlier contain a vulnerability that allows a local user to easily obtain root privileges. Generic-NQS is a queuing system for running a batch process across multiple machines. Patches: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/generic-nqs -3.50.9.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/generic-nqs -3.50.9.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/generic-nq s-3.50.9.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/generic-nq s-3.50.9.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/generic-n qs-3.50.9.tgz ********** Other interesting tidbits: Libsafe 1.3 stack protection software Some engineers at Bell Labs and MandrakeSoft have developed software for preventing "smash attacks" against the network stack of a Linux box. The software is said to prevent attackers from smashing the return address and taking control of the flow of a running program. For more information: http://www.bell-labs.com/org/11356/html/security.html ********** Alcatel and Funk team to tighten LAN security Alcatel is making it possible to keep unauthorized LAN users out of resources they shouldn't be using with a security package from Funk Software. The package uses Remote Authentication Dial-In User service RADIUS) to give network professionals the ability to create logical workgroups and virtual LANs, even when those users are spread out on different LAN segments or move from location to location with laptops. Network World, 04/19/00. http://www.nwfusion.com/news/2000/0419alcatelfunk.html ********** Miss a newsletter? Don't fear, if you're new to the newsletter or are looking for past newsletters, you can check out the archives at: http://www.nwfusion.com/newsletters/bug/ To contact Jason Meserve: ------------------------- Jason Meserve is a staff writer with Network World, covering search engines, portals, videoconferencing, IP Multicast and document management. He also oversees the "Security Alerts" page on Fusion (http://www2.nwfusion.com/security/bulletins.html). Jason can be reached at mailto:jmeserve@nww.com. ------------------------- May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.nwwsubscribe.com/nl ********************************************************* Subscription Services To subscribe or unsubscribe to any Network World e-mail newsletters, go to: http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp To change your email address, go to: http://www.nwwsubscribe.com/news/scripts/changeemail.asp Subscription questions? Contact Customer Service by replying to this message. Other Questions/Comments Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: mailto:jcaruso@nww.com For advertising information, write Jamie Kalbach, Account Executive, at: mailto:jkalbach@nww.com Network World Fusion is part of IDG.net, the IDG Online Network. IT All Starts Here: http://www.idg.com Copyright Network World, Inc., 2000
|