Message-ID: <20950413.1075840765091.JavaMail.evans@thyme>
Date: Mon, 14 Jan 2002 15:00:00 -0800 (PST)
From: security-bugpatch@bdcimail.com
To: vkamins@enron.com
Subject: New sniffer tool for Win 2K/XP
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-From: NW Security and Bug Patch Alert <Security-BugPatch@bdcimail.com>@ENRON
X-To: vkamins@enron.com
X-cc: 
X-bcc: 
X-Folder: \vkamins\Deleted Items
X-Origin: KAMINSKI-V
X-FileName: vincent kaminski 1-30-02.pst

NETWORK WORLD NEWSLETTER: JASON MESERVE on
SECURITY AND BUG PATCH ALERT
01/14/02
Today's focus: New sniffer tool for Win 2K/XP

Dear Wincenty Kaminski,

In this issue:

* NGSSoftware's packet sniffer for Win2K/XP
* Patches and alerts for Caldera, PGP 7.0 Outlook, Slash,
  others
* Viruses, including a worm masquerading as an update to
  Outlook Express
* Multimedia IM poses a threat to the 'Net, plus other
  interesting reading

_______________________________________________________________
Attend Aligning Performance & Availability Management with Your
Corporate Strategy

Determine the best performance and availability management
solution and maximize your business potential! Interact with
network management expert, Dennis Drogseth and top performance
management companies such as Concord Communications, Hewlett
Packard, NetQoS, and Tavve as they discuss the leading
enterprise and service provider management requirements that
will the shape the future. Register today for this Network
World seminar at: http://nww1.com/go/0114per_bug.html

_______________________________________________________________
Today's focus: New sniffer tool for Win 2K/XP

By Jason Meserve

A new packet sniffer tool is available for Windows 2000 and XP
users. NGSSniff uses the RAW_SOCKETs capability on the two
operating systems to run, meaning users do not have to install
any special drivers to use the program. Users can analyze
captured packets while the sniffer is running.

NGSSoftware offers the NGSSniff program free of charge at:
http://www.nextgenss.com/products/ngssniff.html


Today's bug patches and security alerts:


* Caldera patches vulnerability in wu-ftpd

A flaw in wu-ftpd's ftpglob() function could be exploited to
gain root access on the affected server. Caldera OpenServer
users can download a fix for the problem at:
ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.1/


* Caldera patches IMP/HORDE

A cross-scripting vulnerability has been found in IMP/HORDE
that could allow attackers to send an e-mail message with a
malformed URL. This malicious URL could be used to open the
current mail session to attackers, allowing them to read and
delete e-mail on the affected machine. Caldera OpenLinux 3.1
Server users can download an update from:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS


* Bug in PGP 7.0 Outlook plug-in

A flaw in the way the PGP 7.0 Outlook plug-in handles certain
messages can leave those encrypted messages saved as clear
text. PGP 7.1 offers a fix for the flaw:
http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp


* Vulnerability found in Slash code

A flaw has been discovered in Slash, the code that runs
Slashdot and other similar sites. The flaw could allow any
logged-in user to log in as any other user. This could be
exploited to take control of the affected site, including
posting information to the site. Users should upgrade to Slash
2.2.3. For more, go to:
http://sourceforge.net/project/showfiles.php?group_id=4421&release_id=68516



* Linux-Mandrake updates glibc

A flaw in the glob() function in the glibc library could be
used to exploit programs that pass information through the
function. A malicious user could modify information being
passed through the function. For more, go to:
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-095-1.php3


Today's roundup of virus alerts:


* JS.Gigger.A.Worm - Another worm that spreads via Outlook and
network-attached drives. This one arrives with the subject line
"Outlook Express Update," a body text of "MSNSofware Co." and
an attachment called "mmsn_offline.htm." It also attempts to
delete files on the infected C: drive. (Computer Associates,
Sophos)

* Troj/Palukka - A Trojan Horse that allows a malicious user to
control the infected machine via IRC channels. (Sophos)

* VBS/RTF-Senecs - This virus arrives in an e-mail titled
"Scene from last weekend," with body text reading "Please do
not forward" and an attachment called "scenes.zip." The
compressed attachment contain two files that when opened,
spread the virus and drop a Trojan horse on the infected
machine. (Sophos)

* Troj/Optix-03-C - A Trojan horse that acts a server for
malicious users to gain access to the infected machine. This
file is dropped by VBS/RTF-Senecs. (Sophos)

* Troj/WebDL-E - Another piece of the VBS/RTF-Senecs puzzle.
This Trojan horse drops the Troj/Sub7-21-I Backdoor onto the
infected machine and sends out an alert via an ICQ account.
(Sophos)

* Troj/Sub7-21-I - Used by hackers as a backdoor into infected
systems, this Trojan can be used to acquire sensitive
information about the infected machine, including user
passwords. (Sophos)

* W32/Lohack-A - An e-mail mass-mailer that comes with the
subject of "Hacking course..." and an attachment called
"hacking.exe." It looks for e-mail addresses stored on the
infected machine in various file types. (Sophos)


>From the interesting reading department:


* Threat to 'Net

The Internet engineering community has run into a significant
technical hurdle in the development of an industry standard to
support instant messages with multimedia attachments, such as
audio or video clips.
http://www.nwfusion.com/news/2002/0114instantmessaging.html
Network World, 01/14/02


* Web portals pose security challenge

A growing number of companies are setting up Web portals to let
employees and trading partners access critical business
information and services, even though securing such systems
presents a daunting challenge.
http://www.nwfusion.com/news/2002/0114portals.html
Network World, 01/14/02


* Wireless insecurities

It's a sight that would make any sales manager proud: your
company's top sales rep is dutifully e-mailing detailed reports
on the day's activities over a public wireless 802.11b network
as he waits for his lunch across the street from the office.
But would your sales manager be quite so happy if she knew the
sensitive data transmissions sent from the rep's laptop could
be grabbed by anyone else within a few hundred yards?
http://www.infosecuritymag.com/articles/january02/cover.shtml
Information Security, January 2002


* Secure Computing offers firewall appliance

Secure Computing Thursday introduced its first firewall
appliance based on Sidewinder 5.2, previously sold only as
software that had to be installed on a hardware platform by
enterprise customers.
http://www.nwfusion.com/news/2002/0110seccomputing.html
Network World Fusion, 01/10/02


* Vendors eye VoIP security

As the voice-over-IP market continues to grow, network
equipment and software vendors are beginning to step up with a
raft of products to lock down the security of IP telephony data
streams.
http://www.nwfusion.com/edge/news/2002/0110voipsec.html
InfoWorld, 01/10/02


* Donut virus set to poke holes in .Net

A new virus emerged Wednesday that is the first to target
Microsoft's .Net platform for building and deploying Web
services, posing an early risk for the buildout of the next-
generation Internet, according to an antivirus vendor.
http://www.nwfusion.com/news/2002/0110donut.html
IDG News Service, 01/10/02


* Free archives online

It may be tough to get a free cup of coffee, but you can get
our newsletter's archive free:
http://www.nwfusion.com/newsletters/bug/index.html

_______________________________________________________________
To contact Jason Meserve:

Jason Meserve is the Multimedia Editor of Network World
Fusion and writes about streaming media, search engines and
IP Multicast. Jason can be reached at mailto:jmeserve@nww.com.
_______________________________________________________________
Get your wireless service from the carrier ranked #1 by Forbes
magazine.  Now get Unlimited Night & Weekend Minutes, plus up
to $165 in savings when you activate on select calling plans
and purchase a Nokia 3360 or 8260 from AT&T Wireless. To learn
more go to http://nww1.com/go/ad207.html
_______________________________________________________________
FEATURED READER RESOURCE

STREAMING MEDIA IN THE ENTERPRISE

Streaming media allows corporations to save money on travel and
training, but it is not easy to set up. Network World's
Technology Insider: Streaming Media provides insightful
analysis and information on this hot technology including the
nuts and bolts of implementing streaming media. Also check out
the case studies of major companies that are currently using
streaming media for training, education and corporate
announcements. Visit:
http://www.nwfusion.com/techinsider/2002/0114stream/index.html
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.nwwsubscribe.com/nl
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp

To unsubscribe from promotional e-mail go to:
http://www.nwwsubscribe.com/ep

To change your e-mail address, go to:
http://www.nwwsubscribe.com/news/scripts/changeemail.asp

Subscription questions? Contact Customer Service by replying to
this message.

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: mailto:jcaruso@nww.com

For advertising information, write Jamie Kalbach, Director of
Online Sales, at: mailto:jkalbach@nww.com

Copyright Network World, Inc., 2002

------------------------
This message was sent to:  vkamins@enron.com