NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH ALERT 08/16/04 Today's focus: XP SP2: Fallout and reactions
Dear [EMAIL PROTECTED], In this issue: * Patches from Yahoo, SCO, Gentoo, others * Beware latest Agabot variants * FDA reads riot act to device makers, and other interesting ��reading * Links related to Virus and Bug Patch Alert * Featured reader resource _______________________________________________________________ This newsletter is sponsored by Oracle An Economist Intelligence Unit White Paper: From Grid to Great? Grid computing is breaking out. Familiar mostly to academics, government groups, and scientific researchers, this technology that links together the power of diverse computers to create powerful, fast and flexible systems is beginning to catch on in the corporate world. Included in this white paper, results and interviews from a global survey among Sr Executives, click to download now http://www.fattail.com/redir/redirect.asp?CID=72604 _______________________________________________________________ CHECK OUT NW FUSION'S NEW WHITE PAPER LIBRARY Just launched: NW Fusion's White Paper Library with new features and improved capabilities! Sort NW Fusion's library of white papers by Date and Vendor, view white papers by TECHNICAL CATEGORY, mouse over white paper descriptions and take advantage of our IMPROVED white paper search engine. CLICK HERE: http://www.fattail.com/redir/redirect.asp?CID=72569 _______________________________________________________________ Today's focus: XP SP2: Fallout and reactions By Jason Meserve Windows XP Service Pack 2 (XP SP2) has been out a week now. Microsoft already has a tool out that allows enterprise users to block its download: <http://www.nwfusion.com/0816bug1a.html> And a FAQ dedicated to the update: <http://www.nwfusion.com/0816bug1b.html> The general reader response has been one of "wait and see" when it comes to applying updates in the corporate environment: Greg Goodson writes: "Given Microsoft's track record with XP Service Packs there is no way I would just deploy it across the enterprise. The other issue is how will it react to existing Firewall and other 3rd party security software. What non-Microsoft software products will be blown up by the upgrade. There isn't a comprehensive list of know issues yet published, at least that I have found. I certainly can not afford to take down every XP workstation while Microsoft tries to figure out what went wrong and giving the answer it worked ok on their machines is not an answer." Steve Van Domelen says: "We are definitely taking a wait-and-see approach. I have heard IBM is also holding its release (our provider for all desktop/laptops systems) since it is known to break some of their software. We used to take Windows updates automatically, but this one has warning signs all over it. I am especially concerned about their approach to automatically install software or features that we specifically do not want (firewall, popup killer). We already have a non-Microsoft approach for these and it will certainly cause problems, confusion and excessive work to my already budget-constrained staff. I could go on, but you get the picture and I'm sure you've heard it all before." Mark Carhart writes in with: "[We] will be doing serious testing in a non-work environment one month after the service pack is released. Once the non-work environment testing is completed we will move to step 2, testing one computer in a work environment and working out any problems before the final step which his a complete rollout." Not everyone is pessimistic though: Mark Thornhill says: "I've been using SP2 on one of my machines for a little over a month. I really like it, though it took some getting used to and some minor custom setting changes. But, overall, I think it's a great move for [Microsoft]. The popup blocker, I feel, is a lifesaver. I can't tell you how many times one of our users will end up with gator or some other program loaded and BAM, they're tagged. I have plans of implementing it early September in my business." Peter Goyer writes in: "We are deploying it as we speak. The service pack may solve some of our security issues. They are not severe, so a more radical approach is not required. We will always have students that download songs and other things they are not supposed to. This is a small step but hopefully [Microsoft] rolled out a worthwhile one." If you've got a success or horror story, let us know at <mailto:[EMAIL PROTECTED]> For more XP SP2 coverage: Windows Service Pack 2 puts users on the defensive Corporate customers that use Microsoft's Automatic Updates feature to patch will have to install blockers on their desktops this week to thwart the delivery and installation of Windows XP SP 2. Network World, 08/16/04. <http://www.nwfusion.com/news/2004/081604xpsp.html?nl> Hunt for XP SP2 flaws seen in full swing While users are testing Service Pack 2 for Windows XP to prevent compatibility problems, hackers are picking apart the security-focused software update looking for vulnerabilities, security experts said. IDG News Service, 08/13/04. <http://www.nwfusion.com/news/2004/0813huntforx.html?nl> Radio: Windows XP Service Pack 2 Windows XP Service Pack 2 is here. The latest upgrade for Microsoft's flagship desktop operating system comes with a number of security enhancements, to say the least. Joe Wilcox, senior analyst at Jupiter Research and author of the Microsoft Monitor Weblog, joins us to discuss the impact of XP Service Pack 2 on your applications. Network World Fusion, 08/12/04. <http://www.nwfusion.com/research/2004/0812radio.html?nl> Initial Windows XP SP2 fallout limited Since Microsoft began the staged rollout of Windows XP Service Pack 2 late last week only minor compatibility issues have come up, but that might be because many users are waiting to install the update. IDG News Service, 08/12/04. <http://www.nwfusion.com/news/2004/0812initiwindo.html?nl> Today's bug patches and security alerts: Yahoo patches IM client A flaw in the third-party component used in Yahoo Messenger could be exploited to crash an affected system. For more, go to: <http://messenger.yahoo.com/security/update5.html> ********** HP security fix wrap up HP has released a variety of security updates for its HP-UX operating system. The flaws fixed include a root access vulnerability in CIFS Server; a code execution flaw in Apache/PHP; a second Apache flaw; a buffer overflow in Mozilla; a data corruption problem in Process Resource Manager; and, a remote access vulnerability in xfs and stmkfont. All of them can be downloaded by logging into the HP IT Resource Center: <http://itrc.hp.com/> ********** Vendors patch gaim Two remotely exploitable buffer overflows have been found in gaim, a general purpose Instant Messaging client that works with multiple IM services. For more, go to: Gentoo: <http://forums.gentoo.org/viewtopic.php?t=209642> Mandrake Linux: <http://www.nwfusion.com/go2/0816bug2c.html> SuSE: <http://www.suse.com/de/security/2004_25_gaim.html> ********** SCO patches tcpdump for UnixWare A flaw in the tcpdump network-monitoring tool makes it susceptible to a denial-of-service attack when a specially crafted packet is received. For more, go to: <ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.9> ********** Gentoo patches MPlayer A bug in the TranslateFilename() function used by MPlayer could be exploited by embedding code in a music file. The code would be executed on the affected machine with the privileges of the user that opened MPlayer. For more, go to: <http://forums.gentoo.org/viewtopic.php?t=205018> Gentoo issues fix for SqWebMail A flaw in SqWebMail, a groupware application, could be exploited using a cross-scripting attack. An attacker could use this modify the SqWebMail and steal cookie information. For more, go to: <http://forums.gentoo.org/viewtopic.php?t=206288> Gentoo releases fix for SpamAssassin The Gentoo SpamAssassin implementation is vulnerable to a denial-of-service when it tries to process a malformed message. For more, go to: <http://forums.gentoo.org/viewtopic.php?t=208324> ********** Conectiva releases Apache fix A format string vulnerability in the Apache ssl_log function could allow an attacker to execute arbitrary messages in the log messages for HTTPS. For more, go to: <http://www.nwfusion.com/go2/0816bug2d.html> ********** OpenPKG releases cvstrac fix According to an advisory from OpenPKG, "Richard Ngo discovered a vulnerability in the CVS repository web browsing tool CVSTrac [2]. If properly exploited an attacker can execute arbitrary code on the CVSTrac host with the privileges of the associated Web server." For more, go to: <http://www.openpkg.org/security/OpenPKG-SA-2004.036-cvstrac.txt> ********** Mandrake Linux shores up Shorewall A flaw in Shorewall could allow unauthorized users to over overwrite arbitrary files on the affected machine. For more, go to: <http://www.nwfusion.com/go2/0816bug2e.html> ********** Today's roundup of virus alerts: Symbian bugged by Mosquito bite Users of mobile phones running the Symbian operating system are vulnerable to a Trojan contained in an illegally adapted version of the Mosquitos game, Symbian said Thursday. IDG News Service, 08/13/04. <http://www.nwfusion.com/news/2004/0813symbibugge.html?nl> W32/Agobot-ZX - This Agobot variant installs itself as "sysdrv32.exe" in the Windows System folder. It spreads via network shares and can disable security-related applications running on the infected machine. It can also provide backdoor access via IRC. (Sophos) W32/Agobot-LX - A multipurpose Agobot variant that acts similar to ZX above with the added bonus of being able to sniff network traffic and steal activation keys for popular games. This variant installs itself as "windrvconf.exe" in the Windows System folder. (Sophos) W32/Agobot-MA - Very similar to Agobot-LX, except this version installs itself as "wmon32.exe" in the Windows System directory. (Sophos) W32/Cali-A - A mass-mailing worm that spreads with an .exe attachment and can be used in a denial-of-service attack against a number of hard coded sites. The virus scans infected machines for e-mail addresses to target. (Sophos) W32/Annil-G - This worm spreads via e-mail, network shares and peer-to-peer networks. It's main focus is to spread and doesn't seem to cause any real permanent damage. It may try to prevent users from downloading executable files. (Sophos) Troj/Iefeat-K - A Trojan horse that tries to download adware from remote sites. It installs itself as "addtt.exe" on the infected machine. (Sophos) W32/Rbot-FV - According to Sophos, "W32/Rbot-FV is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process." (Sophos) W32/Rbot-FY - Similar to Rbot-FV above, except this variant uses the file "wuamgrd.EXE". (Sophos) W32/Saros-A - This worm can be used to drop malware on the infected machine and display a message at given time intervals. It installs itself in the Windows System folder as NonYou.exe, Love-ScreenSaver.scr, and MSOutlookInternetUpdate.exe. (Sophos) W32/Sdbot-MH - A bot that installs itself as "winsx.exe" in the Windows System folder and can be used to provide backdoor access to the infected machine via IRC. (Sophos) ********** >From the interesting reading department: Tales from the copy room It wasn't long ago when the biggest security issue in the photocopier industry was how to keep randy employees from scanning body parts. But times have changed. A new generation of jazzed-up office copiers can scan documents, send faxes or e-mail, and store reams of document images. The new networked machines are akin to modern desktop computers and servers, which makes them more vulnerable to predatory hackers. IDG News Service, 08/11/04. <http://www.nwfusion.com/news/2004/0811talesfrom.html?nl> FDA reads riot act to device makers Amid growing concern about security in hospital patient-care systems, the federal agency that regulates medical devices last week announced a get-tough policy to improve equipment safety. Network World, 08/16/04. <http://www.nwfusion.com/news/2004/081604fdapatch.html?nl> Technology Update: Network modeling detects anomalies New relational network-modeling systems detect security threats by recognizing when network traffic patterns vary from the norm. Network World, 08/16/04. <http://www.nwfusion.com/news/tech/2004/081604techupdate.html?nl> Check Point primps for small firms President Jerry Ungerman talks about SMB needs, the company's SofaWare and Zone Labs acquisitions, and more. Network World, 08/16/04. <http://www.nwfusion.com/nlvirusbug496> On the lookout for spyware Organizations are increasingly eyeing spyware as a threat that needs to be blocked from reaching end users' desktops. Network World, 08/16/04. <http://www.nwfusion.com/news/2004/081604spyware.html?nl> McAfee upgrades security management software McAfee next week plans to ship an updated version of its anti-virus management product, ePolicy Orchestrator, that adds capabilities such as intrusion-prevention management and rogue-computer detection. Network World, 08/16/04. <http://www.nwfusion.com/news/2004/081604epo.html?nl> EBay taps WholeSecurity to fend off phishers The online auction giant is licensing WholeSecurity's Web Caller-ID software, which detects spoofed sites. EBay will include Web Caller-ID in the Account Guard feature of the eBay Toolbar that stays resident in users' browsers, alerting them whenever they visit a site purporting to be eBay or its online payment subsidiary PayPal. Network World, 08/16/04. <http://www.nwfusion.com/news/2004/081604wholesecurity.html?nl> Vendors target remote-access security Juniper and WatchGuard are coming out with new gear to provide small businesses and corporate offices with remote-access technology that can be managed from central consoles. Network World, 08/16/04. <http://www.nwfusion.com/news/2004/0816juniper.html?nl> Blaster suspect pleads guilty to spreading worm A 19-year-old pleaded guilty in a Minnesota federal court on Wednesday to spreading the W32.Blaster-B worm over the Internet. IDG News Service, 08/12/04. <http://www.nwfusion.com/news/2004/0812blastsuspe.html?nl> _______________________________________________________________ To contact: Jason Meserve Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at <mailto:[EMAIL PROTECTED]>. Check out his Multimedia Exchange weblog at: <http://www.nwfusion.com/weblogs/multimedia/> _______________________________________________________________ This newsletter is sponsored by Oracle An Economist Intelligence Unit White Paper: From Grid to Great? Grid computing is breaking out. Familiar mostly to academics, government groups, and scientific researchers, this technology that links together the power of diverse computers to create powerful, fast and flexible systems is beginning to catch on in the corporate world. Included in this white paper, results and interviews from a global survey among Sr Executives, click to download now http://www.fattail.com/redir/redirect.asp?CID=72604 _______________________________________________________________ ARCHIVE LINKS Virus and Bug Patch Alert archive: http://www.nwfusion.com/newsletters/bug/index.html Breaking security news, updated daily http://www.nwfusion.com/topics/security.html _______________________________________________________________ The Future of the Wide-area Wireless Enterprise - New Webcast Hear how high volume manufacturers are going to drive the enterprise value up, by innovating in the standards space by driving the cost down. Find out what big changes are happening this year to seriously change the mobile and wireless landscape. http://www.fattail.com/redir/redirect.asp?CID=72498 _______________________________________________________________ FEATURED READER RESOURCE WONDERING IF YOUR PAY IS UP TO SNUFF? Check out Network World's 2004 Salary Calculator to see if you're getting paid what you're worth. Using data collected in the 2004 Network World Salary Survey, we've programmed this calculator with several categories that could affect your pay. Answer the questions and find out what the average salary is for your job category. Click here: <http://www.nwfusion.com/salary/2004/calculator.html> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED] ------------------------ Yahoo! Groups Sponsor --------------------~--> Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar. Now with Pop-Up Blocker. Get it for free! http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/BCfwlB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/kumpulan/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
