Patches
March 19,
Microsoft -
Announced two new vulnerabilities:
-
A flaw
in the Windows Script
Engine provides Windows
operating systems, from
Win98 to XP, with the
ability to execute script
code. Script code can
be used to add functionality
to web pages, or to
automate tasks within
the operating system
or within a program.
Script code can be written
in several different
scripting languages,
such as Visual Basic
Script, or JScript.
Source:
http://www.microsoft.com/technet/security/bulletin/MS03-008.asp
March 19,
CNET News -
Programmers disclosed a
security hole this week
in a part of the heart of
the Linux operating system
that could let users of
a machine take it over even
if they don't have privileges
to do so. Sources: http://news.com.com/2100-1016-993278.html
& http://www.linuxsecurity.com/advisories/index.html
March 17,
Microsoft -
An unchecked buffer In Windows
WebDAV protocol could cause
a compromise of IIS 5.0
web servers. The resultant
impact of this vulnerability
would be to allow an attacker
to run code of their choice
Source: http://www.microsoft.com/technet/security/bulletin/MS03-007.asp
March 4, sendmail.org
- Releases a fix for
a critical security problem
in header parsing.
The flaw allows an attacker
to send a specially formatted
email that could take control
of a mail server running
Sendmail and execute a malicious
program. Source:
http://www.sendmail.org/8.12.8.html
March 3,
ISS - ISS X-Force
has discovered a buffer
overflow vulnerability in
the Sendmail Mail Transfer
Agent (MTA). Sendmail is
the most common MTA and
has been documented to handle
between 50% and 75% of all
Internet email traffic. Source:
https://gtoc.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
February
2003 Articles
Cyber
Threats
May 19,
ZDNet -Analysts at Gartner
have advised their customers
to stop using Microsoft
Passport until the software
company can prove its security
is adequate. Recommendations
in an article published
by analysis heavyweight
Gartner urging its customers
to break all connections
with Microsoft's Passport
authentication services.
Source: http://news.zdnet.co.uk/story/0,,t281-s2134860,00.html
March 19,
CNET News -
A self-proclaimed hacker
claims to have stolen three
unreleased security advisories
from a corporate computer
and posted them to a public
mailing list. Source: http://news.com.com/2100-1002-993375.html
March 19,
ZDNet -Two Siemens phones
are rendered useless by
a short SMS that locks up
the handsets' software,
the company has admitted.
A short text message is
spelling death for mobile
phones in Europe.
The wireless email, among
the 1 billion sent each
day in the region, can freeze
or completely disable two
mobile phones made by German
handset maker Siemens, spokesman
Jacob Rice said in New Orleans
on Tuesday. Source: http://news.zdnet.co.uk/story/0,,t281-s2132143,00.html
March 18,
Reuters - Male. Obsessed
with computers. Lacking
a girlfriend. Aged 14 to
34. Capable of sowing chaos
worldwide. That is the profile
of the average computer-virus
writer, an anti-virus expert
said on Tuesday. About
1,000 viruses are created
every month by virus writers
increasingly intent on targeting
new operating systems
Source: http://www.reuters.com/newsArticle.jhtml?type=topNews&storyID=2397074
February
2003 Articles
Information
Technology
March 20,
BBC News - Computer
security experts are warning
about a new e-mail virus
that feeds on public interest
in the war against Iraq.
The Ganda worm comes as
an e-mail attachment with
a variety of subject lines
such as "Spy pics" and "GO
USA !!!!". Source: http://news.bbc.co.uk/2/hi/technology/2868023.stm
March 18,
ComputerWorld - Human
error, not technology, is
the most significant cause
of IT security breaches,
according to a security
survey released by the Computing
Technology Industry Association
Inc. (CompTIA).
The survey, "Committing
to Security: A CompTIA Analysis
of IT Security and the Workforce,"
suggests more training and
certification of IT workers
will help the U.S. protect
itself against cyberthreats.
Source: http://www.computerworld.com/careertopics/careers/training/story/0,10801,79485,00.html
March 12,
eWeek - As wireless
networks continue to gain
acceptance and become integral
to corporate computing environments,
IT departments continue
to ignore the myriad security
problems inherent to wireless
LANs, according to a new
study by RSA Security Inc.
Source: http://www.eweek.com/article2/0,3959,926129,00.asp
March 10,
ComputerWorld - Several
users welcomed the growing
willingness of vendors and
security researchers to
work together to identify
and fix software vulnerabilities
in the wake of last week's
disclosure of a major hole
in a widely used e-mail
protocol. But they also
expressed concern over the
practice by some in the
security community to release
vulnerability information
to certain users before
making it available to the
public. Source: http://www.computerworld.com/securitytopics/security/holes/story/0,10801,79163,00.html
February
2003 Articles