Category: Warnings

Vulnerable access points transmit security keys over the air in unencrypted text, meaning that an eavesdropper could intercept them. The affected equipment transmits clear-text versions of Wired Equivalent Privacy (WEP) static keys to a Simple Network Management Protocol (SNMP) server. Attackers would only be able to snatch WEP keys if they were able to monitor data sent between the access point and the SNMP server.

The devices are affected only when the command “snmp-server enable traps wlan-wep” is enabled, and it does not affect dynamically set WEP keys.

Cisco said users should upgrade to IOS version 12.2(13)JA1 or later, or switch off the SNMP command in question.

Users can also get around the problem by switching to an authentication protocol that uses dynamically set keys, several of which are supported by the access points.

More info: [url=http://zdnet.com.com/2100-1105_2-5113232.html]http://zdnet.com.com/2100-1105_2-5113232.html[/url]

An unknown cracker recently used this weakness to compromise several of the Debian Project’s servers, which led to the discovery of the new vulnerability.

According to Symantec, this weakness would allow any local user with shell-level access to the system to escalate his privileges to root.

Symantec warned that the new flaw could be combined with any number of remote vulnerabilities to allow remote attackers to gain root access, as well.

More info: [url=http://www.eweek.com/article2/0,3959,1400418,00.asp?kc=EWRSS03119TX1K0000594]http://www.eweek.com/article2/0,3959,1400418,00.asp?kc=EWRSS03119TX1K0000594[/url]

The Dec. 1 deadline for all Wi-Fi gear makers to start using the Wired Authentication and Privacy Infrastructure (WAPI) specification was set by the Standardization Administration of China, which manages standards in various industries in China.

Support for WAPI is not included in current or upcoming security specifications, such as Wi-Fi Protected Access or 802.11i, developed and enforced by industry groups the Institute of Electrical and Electronics Engineers and the Wi-Fi Alliance. WAPI adds yet another security specification that companies will have to consider as they begin installing Wi-Fi networks, adding further confusion to the market, according to security experts.

In the third quarter, the Asia Pacific region had the second largest market share for sales of Wi-Fi gear worldwide, at 18 percent.

More info: [url=http://zdnet.com.com/2100-1103_2-5112832.html]http://zdnet.com.com/2100-1103_2-5112832.html[/url]

Security firm Sophos said that a great many copies of the message have been circulating by email.

Even though Sysbug is unlikely to become a major security threat, IT managers need to be alert as any one of their staff could make the mistake of opening the attachment.

Kevin Hogan from Symantec’s Security Response team told silicon.com’s sister site ZDNet UK that the Trojan is unlikely to spread much further because it does not self-replicate.

“I don’t see it getting worse because it relies on manual spamming – unless they re-spam it,” he said.

Cluley recommends that companies work on user awareness of these risks, and also implement a combined anti-spam and antivirus product at their gateway.

Sysbug comes just months after another virus that claimed to be compromising pictures of Hollywood star Julia Roberts.

[Editor Note: Yes, we are protected]

More info: [url=http://www.silicon.com/software/security/0,39024655,39117071,00.htm]http://www.silicon.com/software/security/0,39024655,39117071,00.htm[/url]

Users have the ability to interact with other people’s mailboxes and can send, receive and read messages, as well as open and manipulate Outlook folders.

Microsoft has given the administrator — who has requested anonymity for himself and his company — a patch, and the company says the vulnerability exists only in certain configurations.

The admin said that, three months ago, his team had upgraded two front-end and back-end servers to Windows Server 2003 and Exchange Server 2003. Shortly after the upgrade, users randomly began reporting that they were being logged on to other people’s mailboxes with full privileges.

Microsoft released a statement late last week about this situation, and the company said the security issue occurs only if Kerberos authentication is disabled.

More info: [url=http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci938649,00.html]http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci938649,00.html[/url]

Its research suggests 72 per cent of Australia’s leading companies are vulnerable to an “SQL injection attack” that gives the attacker unrestricted access to the corporate database. The SQL attack occurs when a hacker adds code to a standard URL address that tricks the application into giving access to stored information.

“If the vulnerability is so widespread, then the only possible explanation is that there’s a flaw in corporate governance.

“The risk of web-based application attacks is commonly known in the IT industry, as are simple, publicly available measures to prevent such attacks.”

B-sec security consultant Justin Derry said SQL injection stood out as the No.1 concern in recent security assessments.

More info: [url=http://australianit.news.com.au/articles/0,7204,7916529%5E15318%5E%5Enbv%5E15306,00.html]http://australianit.news.com.au/articles/0,7204,7916529%5E15318%5E%5Enbv%5E15306,00.html[/url]