Networking

Source: SNP

Some interesting discussions are going on concerning BlackIce Defender and its vulnerability to attack from remote sending it into a 'Blue Screen of Death'. The report goes on to say :

Source: OS Opinion

The 2001 Computer Crime and Security Survey from the Federal Bureau of Investigation and the Computer Security Institute makes it clear that cybercrime is on the rise. But for the first time, according to survey respondents, incidents precipitated by outside hackers outnumbered those originated by internal threats.

Experts said that trend is likely to continue as increasing numbers of outside intruders mount more attacks on computer networks and PCs.

Source: News.com

HACKERS are hijacking routers to create vast networks that could unleash devastating denial-of-service attacks, the Cyber Emergency Response Team has warned.

Poorly configured systems, insecure administrative practices or software vulnerabilities allow "even an apprentice hacker" to co-opt a router and use it in an attack, it says.

Source: SNP

I just received this 'heads up' warning about the popular audio player 'WinAmp' from the folks at Root Core : " Recently we have found a hole in the popular audio player Winamp that allows arbitrary code to be ran on the users machine. The problem is in the way Winamp handles certain urls for music streams. With a simple url Winamp can be tricked into downloading any file. This could be used to download ddos bots, virii etc . "

Source: Win Informant.

For at least the first 8 months of 2001, open-source poster child Linux was far less secure than Windows, according to the reputable NTBugTraq, which is hosted by SecurityFocus, the leading provider of security information about the Internet."

Source: CNN

Fears are growing once more that companies operating on the Internet may not be equipped to ward off electronic sabotage after anonymous "hackers" forced a small British firm out of business.

CloudNine Communications, one of Britain's oldest Internet Service Providers (ISPs), shut down last week with the loss of eight jobs in what computer experts believe is the first instance of a company being hacked out of existence.

Source: Network World Fusion

A flaw in the way Microsoft's Windows 2000 and NT 4.0 server operating systems authenticate users across domains could allow somebody with administrator privileges to extend that power to other domains, Microsoft warned Wednesday.

Source: NewsBytes

Web sites operated by several leading Internet security organizations are vulnerable to an old but serious security flaw known as the cross-site scripting (CSS) attack. A cursory survey today revealed that the corporate home pages of security software vendors including Network Associates, Kaspersky Lab, Trend Micro, SonicWall, and Command Software, were all susceptible to CSS attacks.

Some Cisco Catalyst switches, running certain CatOS based software releases, have a vulnerability wherein a buffer overflow in the Telnet option handling can cause the Telnet daemon to crash and result in a switch reload. This vulnerability can be exploited to initiate a denial of service (DoS) attack.

This vulnerability is documented as Cisco bug ID CSCdw19195. There are workarounds available to mitigate the vulnerability.

This advisory is available here.

Source: NewsNow

Cisco has warned users of a potential denial of service risk involving its popular Catalyst LAN switches.

A buffer overflow vulnerability in Telnet option handling can be used to crash the process and force a Catalyst switch to reload. This operation could be repeated by an attacker to produce a denial of service attack.