Category: Warnings

According to Cisco, “The Cisco FWSM may crash and reload due to a buffer overflow vulnerability while processing HTTP traffic requests for authentication using TACACS+ or RADIUS. If the user name and password are verified by the designated TACACS+ or RADIUS authentication server, the Cisco FWSM will allow further traffic between the authentication server and the connection to interact independently through the Cisco FWSM’s ‘cut-through proxy’ feature.”

The second occurs when the FWSM receives and processes an SNMPv3 message “when snmp-server host or snmp-server host poll is configured on the Cisco FWSM.”

More info: [url=http://www.eweek.com/article2/0,4149,1418087,00.asp]http://www.eweek.com/article2/0,4149,1418087,00.asp[/url]

April 1, 2004 Windows 2000 Server and Windows 2000 Advanced Server Retail Full Packaged Product (FPP) will no longer be available in the reselling channel.

April 1, 2004 Windows 2000 Server and Windows 2000 Advanced Server will no longer be offered through Microsoft Volume Licensing programs.

There are no changes to product support, which was announced October 2002, as part of the Microsoft Comprehensive Support Lifecycle.

More info: [url=http://www.microsoft.com/windows2000/server/evaluation/availability/default.asp]http://www.microsoft.com/windows2000/server/evaluation/availability/default.asp[/url]

Anti-virus company Sophos said the worm, which it had christened W32/Yaha-Y, spread via network shares and email. Emails sent by the worm were randomly selected from a list contained inside the worm.

Computer Associates’ analysis of the worm showed that its payload modified the lmhosts file on an infected computer to block access to symantec.com, microsoft.com, sophos.com, avp.ch, mcafee.com trendmicro.com, pandasoftware.com, www3.ca.com and ca.com – all anti-virus companies’ sites, apart from Microsoft. It appears from the code that the author also intended to install a key-logging trojan [email]anyuser@yahoo.com.txt[/email] in the cookies folder of affected machines.

As with previous Yaha variants, the worm may also attempt Denial of Service attacks against these targets: pakrail.com, paic.com.pk, jamaat.org, kse.net.pk and pak.gov.pk.

More info: [url=http://www.smh.com.au/articles/2003/12/11/1071086178204.html]http://www.smh.com.au/articles/2003/12/11/1071086178204.html[/url]

The research paper and an accompanying survey, both released by AssetMetrix Research Labs, an arm of IT asset management vendor AssetMetrix, points out that although there are large numbers of machines in enterprises still running Windows 98, the Redmond, Wash.-based developer is set to retire the operating system and will stop posting security fixes for the OS in mid-January 2004.

AssetMetrix’s survey of 670 companies found that 80 percent of the firms were still running at least one machine with Windows 98 and the older OS, Windows 95. Together, the two operating systems account for over 27 percent of all installed Windows machines, a number substantially higher than the meager seven percent share of Windows XP.

As of January 16, 2004, Microsoft will shift Windows 98 into what it dubs the ‘non-supported phase,’ which means that although online help for the operating system will continue, the company is not obligated to release security ‘hotfixes’ for uncovered vulnerabilities. To compound the issue, Microsoft earlier this week announced that it was discontinuing distribution for all editions of Windows 98 except for Windows 98 Second Edition, a move required by a settlement reached with Sun Microsystems in a dispute over Java.

“But the largest potential risk to corporations using Windows 95 and 98 is the probability of an Internet-based security exploit being discovered after January that can affect a Win9X PC,” said AssetMetrix’s report. Among his other recommendations: make sure that all PCs, regardless of the operating system, have the latest security fixes from Microsoft installed, inventory the enterprise’s PCs to determine how many are running Windows 95 and 98, and obtain installation images prior to December 23, when Microsoft will stop the distribution of most flavors of Windows 98.

More info: [url=http://www.techweb.com/wire/story/TWB20031211S0009]http://www.techweb.com/wire/story/TWB20031211S0009[/url]

However, it warned that for many organisations cameras represent a significant liability or security risk and listed dangers such as such as inappropriate candid shots of employees and pictures of production lines.

“Most organisations that provide phones to their employees and that are evaluating new, feature-rich mobile phones should require the vendor or carrier/supplier to permanently disable the camera or provide a device without a camera,” said Jack Gold, vice president with Meta Group’s Technology Research Services division.

More info: [url=http://www.electricnews.net/frontpage/news-9384314.html]http://www.electricnews.net/frontpage/news-9384314.html[/url]

The flaws exploit the ASN.1 (Abstract Syntax Notation 1) syntax notation used by the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols, which are widely used for exchanging data securely on the internet.

By submitting data that was purposefully constructed, a malicious client could, theoretically, gain control over certain servers running SSL or TLS software.

Oracle could have reduced the risk presented by these bugs had it removed certain features from the OpenSSL software libraries included with its servers, according to Thor Larholm, a senior security researcher with PivX Solutions, a network security consultancy.

More info: [url=http://www.computerweekly.com/articles/article.asp?liArticleID=127127&liFlavourID=1&sp=1]http://www.computerweekly.com/articles/article.asp?liArticleID=127127&liFlavourID=1&sp=1[/url]