Networking

Source: SecurityFocus

L33tdawg: A pretty interesting article which I'm sure spoonfork would have something to comment about or perhaps add in ? *grin*

Source: CNN

CERT have now published details of the vulnerabilities discovered by Internet Security Company ProCheckUp Ltd in Netscape Enterprise Server.

The first vulnerability discovered is a remotely exploitable DoS attack on Sun Netscape Enterprise 4.0 to 4.1 web servers, running on the Windows operating system. Essentially, remote attackers by entering a simple command within their web browser can cause the server to crash. The mitigating factor is that web publishing has to be enabled, however this is quite common.

Source: Xatrix

This is very similar to the AIM overflow recently discovered. The details of this vulnerability will not be released until a further time (when a patch has been implemented, probably). ICQ2000 clients are vulnerable. ICQ2001 clients do not appear to be vulnerable under default setup conditions.

ICQ protocol uses the same TLV (2711) packet and there is a similar weakness in the parsing of the packet.

Source: iWon

L33tdawg: "...computer systems are increasingly vulnerable to cyber attacks, partly because companies are not implementing security measures already available..." This is precisely what I'm talking about when I say that system admins aren't being vigilent enough when it comes to patching security holes in their machines.

The first virus that infects files in the popular Macromedia Flash format has been discovered, raising concerns that malicious code writers will gain a new method for infecting Internet users.

Anti-virus software vendor Sophos said it received a copy of the virus, which it has named SWF/LFM-926, in a Flash "movie" file attached to an e-mail from an anonymous sender.

Source: Info Security Magazine

Source: The Register

Nvidia has settled a lawsuit brought against two computer enthusiasts who published confidential information after allegedly hacking into the graphic chip firm's Web site. Terms are undisclosed.

The two, aged 19 and 21, posted "intellectual property and information about unannounced products" on enthusiast site M3DZone after posing as employees and Nvidia partners, CNET reports.

Source: InfoSecNews

If any benchmarks or reviews become available, I'll definitely update on this. If it is as effective as initially assumed, that would definitely be dope.

Webscreen Technology will start launching the WS100 with CHARM technology on January 25. The WS100 is a hardware device that protects web sites from distributed denial-of-service (DDoS) attacks.

Barclays Bank and the Royal Bank of Scotland are to work with some of the world's largest financial institutions to launch a secure online direct business-to- business (B2B) payment initiative.

Dubbed Project Eleanor, the proposed standard provides web-based specifications to initiate B2B payments which link into existing bank systems. Trading partners will have an alternative to traditional paper-based payment methods to execute ebusiness transactions.

vnunet