Category: Warnings

Most implementations of WPA, in order to make use of the cryptography accessible to unsophisticated users with normal home computing equipment, allow users to enter a common shared phrase into a WPA user interface on the computer.

Other key management techniques are available to WPA, but these generally require more expensive and complex network management equipment, such as authentication servers.

Moskowitz states that after sniffing a few packets of data from certain points in Wi-Fi standard communication, an attacker could use a “dictionary attack” on the data offline in an attempt to guess the passphrase.

According to Moskowitz: “A key generated from a passphrase of less than about 20 characters is unlikely to deter attacks.

More info: [url=http://www.eweek.com/article2/0,3959,1375027,00.asp?kc=EWRSS03119TX1K0000594]http://www.eweek.com/article2/0,3959,1375027,00.asp?kc=EWRSS03119TX1K0000594[/url]

The “critical update,” released late on Tuesday, applies to three of the four major applications in Office 2003–the Word word-processing program, the PowerPoint presentation application and the Excel spreadsheet software, according to a Microsoft bulletin.

The problem happens when a document created with one of those applications is opened with an earlier version of Office.

If the document contains graphics elements created using the OfficeArt tool, the earlier version of Office will misinterpret that part of the document and add invalid data to the file when it is saved.

An attempt to re-open the file with the Office 2003 application that created it could result in a corrupted document, missing content or other errors.

More info: [url=http://news.com.com/2100-1012_3-5103267.html]http://news.com.com/2100-1012_3-5103267.html[/url]

All share enough characteristics, ranging from packaging their payloads in compressed .zip files to targeting specific Web sites for denial-of-service attacks, that convince analysts that one individual, or a group of attacks working together, are conducting the assault.

To compound the problem, the variants’ .zip files have been purposefully corrupted, said Dunham, so that they’re not correctly scanned by some anti-virus software.

“The Zip files are designed to choke up some anti-virus software, making the programs give up on the scanning and move on, letting the worm through,” he noted.

Organizations should aggressive update their anti-virus definitions, filter against the worms’ known file attachments, scan compressed files,

It appears that some of Symantec’s concern has been driven by the recent re-appearance of a variety of Trojan that exploits a security flaw in Microsoft’s Internet Explorer that allows miscreants to insert malicious code into Windows PCs through Web and HTML content.

The payload delivered by the latest variety of Trojan to appear, Qhosts-1, manipulates the way PCs find Web sites on the Internet.

According to Weafer there was evidence of links between servers implicated in spamming activities and the Trojan, which he said may point to the possibility that Qhosts-1 has propagated more widely than previously thought possible through email-borne HTML content.
More info: [url=http://zdnet.com.com/2100-1105_2-5086013.html]http://zdnet.com.com/2100-1105_2-5086013.html[/url]

The first advisory, “Long argv[] Buffer Overflow,” warns that an attacker could possibly crash Mac OS X and execute commands as root.

The Systemic Insecure File Permissions advisory states some applications on the vulnerable Mac OS X systems are installed with insecure file permissions and are globally writable. This lets attackers with file-system access to an OS X machine replace binaries and obtain additional privileges from unsuspecting users, who may run the replaced version of the binary.

The third vulnerability, Arbitrary File Overwrite via Core Files, enables attackers with certain access rights to overwrite arbitrary files and read certain files.

There is no patch available for these vulnerabilities.

An Apple Computer spokesperson could not say where the company would issue a fix, but Apple is working on a statement about the issue.

More info: [url=http://www.informationweek.com/story/showArticle.jhtml;jsessionid=SJHW4MC3SCD14QSNDBGCKHQ?articleID=15800094]http://www.informationweek.com/story/showArticle.jhtml;jsessionid=SJHW4MC3SCD14QSNDBGCKHQ?articleID=15800094[/url]

There are rumours of a new variant of the RPC attack out there. Let’s hope that it will be a quiet weekend.