Networking

Winsock RSHD/NT mishandles invalid port assignments to the stderr stream.

This enables remote attackers to launch a DoS attack.

Vulnerable systems:

Winsock RSHD/NT version 2.20.00

Whenever an rsh client connects to the daemon, it sends the port number to which the daemon will send all its informational data (stderr). When this port is an invalid one (a negative number for example), or a port below 1024, the product will consume a large amount of CPU time.

Vendor status:

Vendor was informed but no measures were taken.

Source: SANS.org

L33tdawg: This article is a little old, but should still prove to be a good resource link for those looking to improve the state of their network's security or perhaps just learn more.

Source: CERT.org

Several applications use login for authentication to the system. A remotely exploitable buffer overflow exists in login derived from System V. Attackers can exploit this vulnerability to gain root access to the server.

Source: VNUnet

I've got mixed feelings about this...

The controversy, rumours and speculation surrounding the FBI's Magic Lantern tool has attracted ridicule from the internet underground.

Not only has one virus writer constructed a piece of malware under the same name, but now infamous hacker group the Cult of the Dead Cow (cDc) has offered a helping hand to the Feds.

Source: The Register

The US Department of Defense (DoD) has invested in a extensive cybercrime training program with Computer Sciences Corporation (CSC) that will earn the firm up to $86 million over the next eight years.

Source: Business Week

L33tdawg: As far as I know in Malaysia, most banks and large organizations have a 'no free software' policy. It seems they just don't like the idea of free or open source code. I think it's perhaps due to the fact that there's no one to 'blame' should something screw up in the code. *shrug*

Source: OS Opinion

Controlling who has access to online data and who does not can be a costly proposition, but there are guidelines for getting the job done efficiently. According to a survey conducted by the Computer Security Institute and the FBI, the largest security problem confronting corporations in 2000 -- following viruses and employee abuse -- was unauthorized access to corporate resources.

Source: CERT.org

Source: Vnunet

The oldest Internet Relay Chat (IRC) server on the internet will be switched off for good at the start of next year, after denial of service (DoS) attacks eventually got the better of it.
"Well, the sad day has finally come," reads the welcome message for users logging onto the server at the University of Colorado, which it claims is "officially the oldest continuously operating IRC server on the internet".

Source: Network Computing