Message-ID: <20950413.1075840765091.JavaMail.evans@thyme> Date: Mon, 14 Jan 2002 15:00:00 -0800 (PST) From: security-bugpatch@bdcimail.com To: vkamins@enron.com Subject: New sniffer tool for Win 2K/XP Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-From: NW Security and Bug Patch Alert @ENRON X-To: vkamins@enron.com X-cc: X-bcc: X-Folder: \vkamins\Deleted Items X-Origin: KAMINSKI-V X-FileName: vincent kaminski 1-30-02.pst NETWORK WORLD NEWSLETTER: JASON MESERVE on SECURITY AND BUG PATCH ALERT 01/14/02 Today's focus: New sniffer tool for Win 2K/XP Dear Wincenty Kaminski, In this issue: * NGSSoftware's packet sniffer for Win2K/XP * Patches and alerts for Caldera, PGP 7.0 Outlook, Slash, others * Viruses, including a worm masquerading as an update to Outlook Express * Multimedia IM poses a threat to the 'Net, plus other interesting reading _______________________________________________________________ Attend Aligning Performance & Availability Management with Your Corporate Strategy Determine the best performance and availability management solution and maximize your business potential! Interact with network management expert, Dennis Drogseth and top performance management companies such as Concord Communications, Hewlett Packard, NetQoS, and Tavve as they discuss the leading enterprise and service provider management requirements that will the shape the future. Register today for this Network World seminar at: http://nww1.com/go/0114per_bug.html _______________________________________________________________ Today's focus: New sniffer tool for Win 2K/XP By Jason Meserve A new packet sniffer tool is available for Windows 2000 and XP users. NGSSniff uses the RAW_SOCKETs capability on the two operating systems to run, meaning users do not have to install any special drivers to use the program. Users can analyze captured packets while the sniffer is running. NGSSoftware offers the NGSSniff program free of charge at: http://www.nextgenss.com/products/ngssniff.html Today's bug patches and security alerts: * Caldera patches vulnerability in wu-ftpd A flaw in wu-ftpd's ftpglob() function could be exploited to gain root access on the affected server. Caldera OpenServer users can download a fix for the problem at: ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.1/ * Caldera patches IMP/HORDE A cross-scripting vulnerability has been found in IMP/HORDE that could allow attackers to send an e-mail message with a malformed URL. This malicious URL could be used to open the current mail session to attackers, allowing them to read and delete e-mail on the affected machine. Caldera OpenLinux 3.1 Server users can download an update from: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS * Bug in PGP 7.0 Outlook plug-in A flaw in the way the PGP 7.0 Outlook plug-in handles certain messages can leave those encrypted messages saved as clear text. PGP 7.1 offers a fix for the flaw: http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp * Vulnerability found in Slash code A flaw has been discovered in Slash, the code that runs Slashdot and other similar sites. The flaw could allow any logged-in user to log in as any other user. This could be exploited to take control of the affected site, including posting information to the site. Users should upgrade to Slash 2.2.3. For more, go to: http://sourceforge.net/project/showfiles.php?group_id=4421&release_id=68516 * Linux-Mandrake updates glibc A flaw in the glob() function in the glibc library could be used to exploit programs that pass information through the function. A malicious user could modify information being passed through the function. For more, go to: http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-095-1.php3 Today's roundup of virus alerts: * JS.Gigger.A.Worm - Another worm that spreads via Outlook and network-attached drives. This one arrives with the subject line "Outlook Express Update," a body text of "MSNSofware Co." and an attachment called "mmsn_offline.htm." It also attempts to delete files on the infected C: drive. (Computer Associates, Sophos) * Troj/Palukka - A Trojan Horse that allows a malicious user to control the infected machine via IRC channels. (Sophos) * VBS/RTF-Senecs - This virus arrives in an e-mail titled "Scene from last weekend," with body text reading "Please do not forward" and an attachment called "scenes.zip." The compressed attachment contain two files that when opened, spread the virus and drop a Trojan horse on the infected machine. (Sophos) * Troj/Optix-03-C - A Trojan horse that acts a server for malicious users to gain access to the infected machine. This file is dropped by VBS/RTF-Senecs. (Sophos) * Troj/WebDL-E - Another piece of the VBS/RTF-Senecs puzzle. This Trojan horse drops the Troj/Sub7-21-I Backdoor onto the infected machine and sends out an alert via an ICQ account. (Sophos) * Troj/Sub7-21-I - Used by hackers as a backdoor into infected systems, this Trojan can be used to acquire sensitive information about the infected machine, including user passwords. (Sophos) * W32/Lohack-A - An e-mail mass-mailer that comes with the subject of "Hacking course..." and an attachment called "hacking.exe." It looks for e-mail addresses stored on the infected machine in various file types. (Sophos) >From the interesting reading department: * Threat to 'Net The Internet engineering community has run into a significant technical hurdle in the development of an industry standard to support instant messages with multimedia attachments, such as audio or video clips. http://www.nwfusion.com/news/2002/0114instantmessaging.html Network World, 01/14/02 * Web portals pose security challenge A growing number of companies are setting up Web portals to let employees and trading partners access critical business information and services, even though securing such systems presents a daunting challenge. http://www.nwfusion.com/news/2002/0114portals.html Network World, 01/14/02 * Wireless insecurities It's a sight that would make any sales manager proud: your company's top sales rep is dutifully e-mailing detailed reports on the day's activities over a public wireless 802.11b network as he waits for his lunch across the street from the office. But would your sales manager be quite so happy if she knew the sensitive data transmissions sent from the rep's laptop could be grabbed by anyone else within a few hundred yards? http://www.infosecuritymag.com/articles/january02/cover.shtml Information Security, January 2002 * Secure Computing offers firewall appliance Secure Computing Thursday introduced its first firewall appliance based on Sidewinder 5.2, previously sold only as software that had to be installed on a hardware platform by enterprise customers. http://www.nwfusion.com/news/2002/0110seccomputing.html Network World Fusion, 01/10/02 * Vendors eye VoIP security As the voice-over-IP market continues to grow, network equipment and software vendors are beginning to step up with a raft of products to lock down the security of IP telephony data streams. http://www.nwfusion.com/edge/news/2002/0110voipsec.html InfoWorld, 01/10/02 * Donut virus set to poke holes in .Net A new virus emerged Wednesday that is the first to target Microsoft's .Net platform for building and deploying Web services, posing an early risk for the buildout of the next- generation Internet, according to an antivirus vendor. http://www.nwfusion.com/news/2002/0110donut.html IDG News Service, 01/10/02 * Free archives online It may be tough to get a free cup of coffee, but you can get our newsletter's archive free: http://www.nwfusion.com/newsletters/bug/index.html _______________________________________________________________ To contact Jason Meserve: Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at mailto:jmeserve@nww.com. _______________________________________________________________ Get your wireless service from the carrier ranked #1 by Forbes magazine. Now get Unlimited Night & Weekend Minutes, plus up to $165 in savings when you activate on select calling plans and purchase a Nokia 3360 or 8260 from AT&T Wireless. To learn more go to http://nww1.com/go/ad207.html _______________________________________________________________ FEATURED READER RESOURCE STREAMING MEDIA IN THE ENTERPRISE Streaming media allows corporations to save money on travel and training, but it is not easy to set up. Network World's Technology Insider: Streaming Media provides insightful analysis and information on this hot technology including the nuts and bolts of implementing streaming media. Also check out the case studies of major companies that are currently using streaming media for training, education and corporate announcements. Visit: http://www.nwfusion.com/techinsider/2002/0114stream/index.html _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.nwwsubscribe.com/nl _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp To unsubscribe from promotional e-mail go to: http://www.nwwsubscribe.com/ep To change your e-mail address, go to: http://www.nwwsubscribe.com/news/scripts/changeemail.asp Subscription questions? Contact Customer Service by replying to this message. Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: mailto:jcaruso@nww.com For advertising information, write Jamie Kalbach, Director of Online Sales, at: mailto:jkalbach@nww.com Copyright Network World, Inc., 2002 ------------------------ This message was sent to: vkamins@enron.com