Networking

Stan Choe of The Charlotte Observer reports that "They're out there. For profit or for fun, those worms and viruses -- along with the human hackers who create them -- constantly probe computers for weaknesses. Chances are, if your computer is patched into a network, someone is poking around right now, or will be within the hour, security consultants say.

Nokia's virtual private network offerings will support smart card-based public key infrastructures

Nokia Internet Communications yesterday announced it is adding a range of features to its line of virtual private network software, designed to make integration with public key infrastructure systems easier. The VPN offerings will also support smart card-based public key infrastructure for the first time.

A new study has revealed that the use of web bugs, or online hidden information collectors, has increased 488 percent in the past three years. On average, a web page is nearly five times more likely to contain a web bug today than in 1998.

Microsoft released new versions of the Outlook View Control for Outlook 2002 and Outlook 2000 to close a major security vulnerability that lets malicious code do almost anything with your Outlook data, including deleting items and harvesting email addresses from messages, and even run code to work with system files. The Outlook View Control commonly appears in Team Folders Web pages and digital dashboards..

A new script that can severely limit user access to infected systems is spreading slowly worldwide, antivirus companies said.The program, a Trojan horse, called either Trojan.JS.Offensive or Trojan.Offensive, can make Windows desktop icons invisible, can prevent users from starting programs or shutting down Windows and even persists when a machine is being used in safe mode, according to information posted on Symantec Corp.'s antivirus Web site. Luckily for users, Symantec doesn't see wide distribution of the worm yet.

Despite increasing speed and complexity of networks that have made IDS solutions difficult to deploy and manage, the technology is accepted and improving. Intrusion detection systems are here to stay as an integral part of the network security infrastructure.

Over the last few days, the IBM AIX Security Team has become aware of a hacker group that has been targeting systems running the AIX operating system, breaking into these systems, and defacing web sites on those systems. The tools being used to accomplish the breakins appear to be those principally written by a Polish hacking crew using the name "Last Stages of Delirium". Similar tools that take advantage of the same vulnerabilities are available from elsewhere, too.

If you're running a wireless computer network in your office or home using one of the more common technologies for this purpose, two St. Cloud computer programmers have potentially disquieting news: The information you're zapping back and forth through the ether may be much less private than you think.

The pair of computer-security experts have set the wireless-networking world on its ear with AirSnort, a program that lets anyone with even modest know-how "sniff" network data and ultimately breach a security barrier meant to keep the information private....

Sendmail contains an input validation error, so local users may be able to write arbitrary data to process memory, possibly allowing the execution of code/commands with elevated privileges. This allows a local attacker to gain access to the root account....

Date: Fri, 24 Aug 2001 13:57:21 -0600
From: Caldera Support Info <supinfo@caldera.com>
Subject: Security Update [CSSA-2001-032.0] Linux - sendmail instant root
exploit

The TESO crew reported on Bugtraq a vulnerability affecting the telnet server which can be used by remote attackers to obtain root privileges. Initially it was thought that the netkit-telnet package, used by most linux distributions, was not vulnerable starting with version 0.14, but zen-parse showed later on that those versions, including the 0.17 one, are also vulnerable.