Donna's SecurityFlash

Network Associates, Inc., the leading provider of intrusion prevention solutions, today announced the availability of McAfee(R) LinuxShield, providing comprehensive anti-virus protection for Linux-based platforms.  With McAfee LinuxShield, enterprise users can proactively protect file servers running Red Hat and SuSE from viruses, worms and other malicious code threats.

http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/05-24-2004/0002180048&EDATE=

Annual Awards Highlight Top 'Real-World' Solutions in Windows NT/2000/2003 Tools

W2KNews, the world's largest online newsletter dedicated to Windows NT/2000/2003 issues, announces the winners of the Fifth Annual Target Awards. The Target Awards are given to top Windows NT/2000/2003 utilities in 28 different categories through an online reader poll.  Categories include [b]Best Anti-spam, Best Anti-virus, Best Active Directory Management tool, Best Enterprise Security tool, Best Network Traffic Monitor and a number of other areas[/b].

"The Target Awards represent our attempt to highlight the ultimate shortlist of the best tools that system administrators look for in a number of categories," says Stu Sjouwerman, editor-in-chief of W2KNews.

2004 W2KNews Target Award Winners:

Category | Product | Company

Active Directory Management | AppManager for AD | NetIQ
Active Directory Security | Directory Security  Administrator | NetIQ
Anti-spam Tools for Servers | iHateSpam for Server | Sunbelt Software
Anti-Spyware Tools | Ad-aware | Lavasoft
Anti-Virus Tools | Panda Antivirus | Panda Software
Backup | Backup Exec |  Veritas
Configuration Management | Altiris Client Management Suite | Altiris
Disk Defragmentation | Diskeeper | Executive Software
Domain Management | Directory and Resource Administrator | NetIQ
Emergency (Disk) Management | ERD Commander 2003 | Winternals
Event Log Management/Monitoring | ServersAlive | WoodStone
Exchange Management | Exchange Administrator | NetIQ
File Recovery Tools | Undelete | Executive Software
Firewalls | Open BSD | Open Source
High Availability/Fault-Tolerance | Double-Take | NSI Software
Intrusion Detection | NetIQ Security | NetIQ Manager
Network Traffic Monitors | Sniffer Distributed | Network Associates
Patch Management | HFNetChk Pro | Shavlik Technologies
Print Management | Print Manager Plus | SoftwareShelf
Remote Control | VNC | AT&T Labs Cambridge
Scripting/Automation | ScriptLogic Enterprise | Scriptlogic, Inc.
Server Performance Boosters | AutoPilot | Sunbelt Software
Software Distribution | InstallShield AdminStudio | InstallShield Sw. Corp.
Storage Management | StorageCentral SRM | Veritas
System/Application Monitoring | AppManager Suite | NetIQ
User Management | Hyena | SystemTools.com
Vulnerability Scanners | GFI LanGuard NSS | GFI Software
Wireless Security | MS Windows Server 2003/XP | Microsoft

http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/05-24-2004/0002180141&EDATE=
                                   

Linus Torvalds and the Linux kernel development team have adopted a contribution tracking system, under which developers digitally sign patches to acknowledge their right to contribute them. The system will help track contributions and ensure proper developer credit, according to the Open Source Development Labs (OSDL), which oversees Linux development.

The system is based on a digital signature called a Developer's Certificate of Origin (DCO). All contributors are called upon to "sign off" on a submission before it may be considered for inclusion in the kernel. The DCO ensures that appropriate attribution is given to developers of original contributions and derivative works, as well to those contributors who receive submissions and pass them, unchanged, up the kernel tree, according to the OSDL.

http://www.linuxdevices.com/news/NS3012318028.html

The two OS X flaws allow malicious code to be transmitted through Internet browsers -- such as Internet Explorer -- on which users have left the default settings in place. Even after downloading the patch, "it is still possible to execute arbitrary code on a vulnerable user's system," says security expert Niels Henrik Rasmussen.

NewsFactor has more info.

In tests, Avaya and Cisco attempt to strut VoIP security stuff.

http://www.nwfusion.com/reviews/2004/0524voipsecurity.html

While the FBI and Cisco scrambled last week to recover source code stolen from the network giant, expert opinion differs about how serious a threat the incident is for corporate customers.

http://www.nwfusion.com/news/2004/0524ciscoios.html

Now someone from Comcast is confirming it. "We're the biggest spammer on the Internet," network engineer Sean Lutner said at a meeting of an antispam working group in Washington, D.C., last week.

Lutner said Comcast users send out about 800 million messages a day, but a mere 100 million flow through the company's official servers. Almost all of the remaining 700 million represent spam erupting from so-called zombie computers--a breathtaking figure that adds up to six or seven spam-o-grams for each American family every day.

http://news.com.com/Attack+of+Comcast%27s+Internet+zombies/2010-1034_3-5218178.html

Security software maker Zone Labs updated its desktop firewall on Monday, adding new features that aim to put the kibosh on viruses, the company said.

The antivirus features will be offered in a commercial version of its basic free product, Zone Alarm, and as part of a comprehensive security suite, said Fred Felman, vice president of marketing of Zone Labs, an independent division of security technology company Check Point Software Technologies.

While a basic version of Zone Alarm can be downloaded for free from the company's Web site, the antivirus features will only be available in commercial versions.

http://news.com.com/New+Zone+Alarm+to+warn+of+viruses/2100-7349_3-5218624.html

Virus writers come low down in the pecking order of computer hackers, said Kevin Mitnick, once the world's most notorious hacker.

In an interview with Computer Weekly, Mitnick, now working as a computer security consultant and author, said Sven Jaschan's technical skills were nothing special. He was amazed that so many businesses fell victim to a worm that in his view was relatively easy to prevent.

"He was no great technical expert. There was a published vulnerability and he took his worm and used his exploit code to be able to propagate it in the many systems that Sasser touched," he said.

Businesses should feel embarrassed if the worm hit them, Mitnick said. "Companies should have known better - you don't leave port 445 open to a hostile network. It is foolish."

Mitnick said he understood Jaschan's obsession with computers. "I was a computer enthusiast myself and I spent the great majority of my time hacking."

Jaschan's arrest and police raids on his collaborators are unlikely to deter youngsters in the future, he added. "People doing this stuff do not assess the risk of being caught. They operate under the illusion of vulnerability."

http://www.zone-h.org/en/news/read/id=4245/

PHP-Nuke is spreading over the Internet as a popular CMS system. If you have a PHP-Nuke installation which has been hacked into, read on to find out how to regain control of your site. If your site hasn't been hacked, read on to learn how to secure your installation.

http://www.zone-h.org/en/news/read/id=4247/

It is reported that Netscape Navigator is prone to a URI obfuscation weakness that may hide the true contents of a URI link. The issue occurs when an image is contained within a properly formatted HREF tag.

This weakness could be employed to trick a user into following a malicious link.

An attacker can exploit this issue by supplying a malicious image that appears to be a URI link pointing to a page designed to mimic that of a trusted site. If an unsuspecting victim is to mouseover the link in an attempt to verify the authenticity of where it references, they may be deceived into believing that the link references the actual trusted site.

Vulnerable: Netscape Navigator 7.1

http://www.securityfocus.com/bid/10389/discussion/

A new service wants to clue you in on who's reading your e-mail and when, but it could be easily sandbagged.

Rampell Software's DidTheyReadIt service lets people put secret return receipts on their outgoing e-mail, reporting on when, how many times and for how long their messages are read. The service, set for official launch on Monday, can also track whether the message has been forwarded and where, geographically, it has been read.

However, the underlying technology of DidTheyReadIt is not novel, and at least two other companies, including Postel Services, already provide a similar service. They can track e-mail with the use of tiny image tags, or Web bugs, embedded in an e-mail message. Once the e-mail is opened, a command from the image language is sent back to the company's servers, reporting on and tracking the message.

Web bugs are commonly used to monitor advertising campaigns and e-mail promotions, and spammers have long used the tags to monitor e-mail usage without the recipient's knowledge. But the tracking technology has caused privacy concerns in the past.

As a result, AOL and Microsoft Outlook and others offer image blockers in Hypertext Markup Language-based e-mail that can block the Web bugs by default.

http://news.com.com/Tracker+keeps+tabs+on+e-mail+readers/2100-1038_3-5217924.html

Judge orders Microsoft to search its systems

A Baltimore federal judge has asked Microsoft to search its own computers and archives for information that could help explain a top executive's instructions to destroy old e-mails.

District Judge J. Frederick Motz ordered the company on Thursday to interview attorneys and search for any record of discussions leading to a January 2000 e-mail from Windows Group Vice President James Allchin, in which he ordered Windows division employees to destroy e-mails after 30 days.

An attorney for start-up Burst.com, which is suing the software giant for patent infringement, said Allchin's e-mail and previous company policies seemed to be aimed at destroying evidence that could be used against Microsoft by the U.S. Department of Justice or in other litigation. Microsoft has argued in court that some e-mail deletion policies were set by its internal IT department.

http://news.com.com/Judge+orders+Microsoft+to+search+its+systems/2100-1032_3-5218193.html

Some of you are aware that I'm maintaining the site Calendar of Updates (COU),  where we can track or post software updates in a calendar format using the Invision Power Board software, we recently started posting computing tips and hear about breaking security news (Thanks to Harry Waldron for posting breaking news).  COU board was off last May 16 due to server upgrade.  It was finally up and running on the 20th of May.  After 2 days, COU is down again.  There is a high CPU usage as per host.  The host need to shutdown the site temporarily while trying to solve the cause of the high CPU usage.  I'm posting this information here, just in case others will wonder why the site is down.

I can only hope that the host will solve the strange issue and the site will be up again tomorrow or on Monday.

Would like to thank the COU moderating team, calendar contributors, software authors, registered members and guests for the continuous support.  Thanks for the messages.  Thanks to Steven Burn (site owner of Ur I.T. Mate Group) for his offer/help/support.  I know you are there waiting. I'm waiting too! :o)

Apple Computer Inc., long considered to be relatively immune to the security holes and viruses that plague longtime rival Microsoft Corp.'s Windows, said on Friday a security hole in its software leaves users' computers vulnerable to attack.

Apple, warning of a rare security hole in the company's OS X operating system for the second time this month, said in a release that a "theoretical vulnerability" in an application used to get help while browsing the Web could expose users to a malicious software code.

The specific nature of the security hole, such as whether it makes the computer vulnerable to outsiders or allows virus-like code to enter the operating system, was not made clear. Cupertino, California-based Apple's officials declined to provide specific comment beyond the release.

Reuters

Related article: Apple issues Mac OS X security patch

Apple Computer on Friday issued an update to Mac OS X to address flaws that security firms said could allow malicious code to be run on a Macintosh.

The update fixes a pair of flaws that could be used to create a virus that spreads through a Web link sent via e-mail messages. An attacker also would have to create a Web site with special programming to exploit the vulnerability.

ZDNet

Release Date: 2004-05-21 
Critical: Moderately critical 
Impact: DoS
System access
Where: From remote
 
Software: Norton AntiVirus 2004

Description:
Yuu Arai has discovered a vulnerability in Norton AntiVirus 2004, which can be exploited by malicious people to perform various actions on a user's system.

The vulnerability is caused due to insufficient input validation in an ActiveX control used by the application. This can be exploited by e.g. tricking a user into visiting a malicious website.

Successful exploitation allows execution of arbitrary code already residing on a user's system, launching an unauthorised URL (pop-up) on the system, or causing Norton AntiVirus to stop responding.

Solution:
Updates are available via the LiveUpdate feature.

http://secunia.com/advisories/11676/

Symantec Response

Symantec verified the issues LAC reported in Symantec Norton AntiVirus 2004. Symantec product engineers have developed a fix and released patches for all impacted product versions through Symantec's LiveUpdate.

Symantec recommends all users of Symantec Norton AntiVirus 2004 update immediately to apply this fix.

Symantec users who normally run manual LiveUpdates will already be protected. However, to ensure all available patches have been properly applied to Symantec products, users should run a manual LiveUpdate as follows:

• Open any installed Symantec product
• Click on LiveUpdate in the toolbar
• Run LiveUpdate until all available Symantec product updates are downloaded and installed

Symantec is not aware of any active exploits for or customer impact from this issue.

As a part of normal user best practice, Symantec recommends a multi-layered approach to security.

Users, at a minimum, should run both a personal firewall and antivirus application with current updates to provide multiple points of detection and protection to both inbound and outbound threats.

Users should keep vendor-supplied patches for all application software and operating systems up-to-date.

Users should be cautious of mysterious attachments and executables delivered via email and be cautious of visiting unknown/untrusted websites or opening unknown URL links.

Do not open unidentified attachments or executables from unknown sources or that you didn't request or were unaware of. Always err on the side of caution. Even if the sender is known, the source address may be spoofed.

If in doubt, contact the sender to confirm they sent it and why before opening the attachment. If still in doubt, delete the attachment without opening it.

CVE
A CVE candidate number has been requested from the Common Vulnerabilities and Exposures (CVE) initiative. This advisory will be revised appropriately when received.

This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.

Credit
Symantec appreciates the cooperation of Yuu Arai and the Little eArth Corporation security research team in identifying these issues.

http://www.sarc.com/avcenter/security/Content/2004.05.20.html

Ten years ago, a person needed good programming skills to write an effective virus. Presently, it seems that virus making tools make the field open to anyone, giving rise to 'script kiddies'--teenagers with little programming skills making a huge impact on the Internet. However, Mikael Albrecht of antivirus firm F-Secure says the script kiddy threat is less pernicious than the public believes. 95% of virus writers are not good programmers and have a difficult time getting their viruses to work. David Perry of Trend Micro says that although there have been a handful of brilliant virus writers, most do not have the skills for a commercial software venture, producing 'junk' viruses. Though script kiddies often force systems administrators to constantly update their antivirus protection, they also force antivirus vendors to write protections for vulnerabilities that competent attackers could exploit. Of the 75,000 viruses in existence, only 1,000 have successfully infected a computer.

http://www.newsfactor.com/story.xhtml?story_id=24111

A vulnerability has been reported in Microsoft Windows XP that may result in execution of malicious code in the context of the currently logged in user. The flaw exists in Windows Explorer and may allow for executable content that is referenced from inside of a folder to be executed automatically when the folder is accessed.

This vulnerability poses a security risk since it is assumed that opening a folder is a safe action and that executable content cannot be run when a folder is accessed. Additionally, it has been reported that this issue may be exploitable remotely if the malicious folder is accessed from an SMB share.

A proof of concept exploit has been provided that executes NetMeeting and installs a keylogger on a vulnerable system.

http://www.securityfocus.com/bid/10363

The purpose of this article is to help administrators and power users use behavioral analysis to determine if a binary is harmful malware, by analyzing it in a lab environment without the use of anti-virus software, debuggers, or code disassembly.

http://www.securityfocus.com/infocus/1780

A Trojan horse may be responsible for an online banking scam that has cost at least two Winnipeg customers thousands of dollars.

The Winnipeg Police Service this week is investigating two cases where money was transferred unknowingly from bank accounts. One family charges that $2,500 has been taken from their account and a retired teacher in April reported $2,000 removed from his account without his knowledge. The department also has information pertaining to five other individuals who lost money with the same scam.

http://itworldcanada.com/Pages/Docbase/ViewArticle.aspx?id=idgml-017ef952-cc9e-4d5e&s=334096