 |
| | | September 21, 2003
|
|
|
 |
Sunday, September 21, 2003 |
|
Security watch: Watch your security!
 The Computer Emergency Response Team/Coordination Center (CERT/CC) issued an advisory warning of a critical security vulnerability in the OpenSSH suite of network connectivity tools. According to the center, versions prior to 3.7 have a buffer management hole, which may allow an attacker to perform a Denial-of-Service (DoS) style attack or run arbitrary code on susceptible systems. OpenSSH ships with a multitude of Linux and UNIX distributions and is often run on critical infrastructure, such as various network devices.
More from: Computerworld | CRN | InternetNews.com | SearchEnterpriseLinux.com
Later in the week, CERT/CC issued an advisory for the widely distributed Sendmail Mail Transfer Agent (MTA), which runs large amounts of Internet's e-mail traffic. A buffer overflow vulnerability in Sendmail's address parsing code could allow an attacker to execute code on a server, running the popular software. Experts described the flaw as particularly severe due to the widespread use of Sendmail, especially on servers running on the Linux and UNIX platforms. CERT is advising system administrators to immediately implement the newly released patches fixing the vulnerability.
More from: InternetNews.com
Computer giant IBM found one of its products critically vulnerable too, after Boston-based Core Security Technologies Inc. uncovered a hole in its popular DB2 database software. According to the security firm, a serious buffer overflow hole exists in two components of the Linux version of the product, which may allow a user to elevate his or her privileges to administrator (i.e. root) level and potentially overtake a DB2 server. IBM's database software is used by hundreds of thousands of companies worldwide and often stores important financial and personal data.
More from: CNET News.com | Computerworld | SearchDatabase.com | TechNewsWorld
Meanwhile, Windows users were warned of a new worm outbreak. A newly appeared virus known as "Swen" or "Gibe" is pretending to be a patch coming from software maker Microsoft for its Internet Explorer, Outlook and Outlook Express applications. The worm is swiftly spreading via e-mail, Internet Relay Chat (IRC) and peer-to-peer networks.
The news came after two security firms announced they've seen working exploits of the latest critical vulnerability in the Remote Procedure Call (RPC) service of Windows. A similar security hole was the factor, which lead to the devastating Blaster attack to hit PCs worldwide recently. Analysts and researchers are noting the advent of a new worm taking advantage of the issue might be imminent.
More from: CNET News.com | Computerworld | InformationWeek | InternetWeek | The Register | Reuters | TechWeb
U.S. lawmakers review RIAA's subpoena process
A U.S. federal appeals court and Capitol Hill lawmakers have begun deliberations on the controversial subpoena process of the recently launched litigation campaign of the recording industry against online file-swappers. Under a provision in the U.S. Digital Millennium Copyright Act (DMCA), the Recording Industry Association of America (RIAA), a trade group representing the world's largest record labels, could unmask the identities of Internet users prior to filing a copyright infringement case against them.
A number of American companies, including Verizon Communications and SBC Communications have attacked the process and a number of supporters have backed their fight for consumer privacy. But in a U.S. Senate hearing this week, prominent California Democrat Sen. Barbara Boxer accused the two telecoms of "promoting illegal downloading".
In the meantime, the Business Software Alliance (BSA), a piracy fighting organization whose members include Microsoft, Apple Computer, Adobe Systems, Symantec and others, released a new study that says university campuses are a breeding ground for piracy. The report called "Internet Piracy on Campus" found two-thirds of college and university students would download pirated software. The study also claims college faculty and administrators are not actively discouraging software theft.
More from: CNET News.com 1 2 3 | eWeek | InternetNews.com 1 2 3 | NewsFactor | The Washington Post
VeriSign sued over URL redirection service
On Monday, VeriSign launched SiteFinder, a new service aimed at helping users who reach unassigned web addresses. Four days later, the California-based company was slapped with a $100 million lawsuit from Popular Enterprises LLC, alleging unfair and deceptive business practices and antitrust violations.
Internet users who type nonexistent web addresses usually receive a generic 404 (missing site) message, but as of this week they are being redirected to a VeriSign page that offers sponsored topic links. A number of companies operate similar type of web pages for their customers, including Popular Enterprises, but also corporations such as Microsoft and America Online.
VeriSign's move drew widespread criticism, alleging the web registry operator overstepped its authority. The Internet Software Consortium (ISC), the nonprofit group which makes the BIND (Berkeley Internet Name Domain) software that redirects the majority of Internet's traffic released an update blocking VeriSign's SiteFinder service.
VeriSign has declined to comment on the lawsuit, but has noted it merely meant to help web surfers with their Internet experience.
More from: Computerworld | Reuters | TechWeb
In Other News...
The board of directors of media conglomerate AOL Time Warner adopted a decision to remove "AOL" from the company's name. The long-anticipated name change comes as the America Online (AOL) division is being investigated by U.S. federal authorities for its accounting practices. AOL and Time Warner merged in January 2001, but the company has lost billions in shareholder value since then and has tattered the image of entertainment giant Time Warner.
A report released by the International Telecommunications Union (ITU) says broadband Internet use skyrocketed in 2002. According to the study, the number of high-speed Internet subscribers grew 72 percent to 62 million worldwide. South Korea is the most developed market where 21 percent of the population has a broadband connection.
Britain became the second European country to outlaw unsolicited commercial e-mail. Under the newly enacted anti-spam law, convicted spammers would face fines of over $8,000 in a magistrates court and unlimited fines in a jury trial.
Yahoo! warned its instant messaging users they need to upgrade to the company's latest IM software or risk getting shut out of the system. According to the Internet media giant, the move aims to prevent unsolicited advertising across its network, but it will also cut off access to users of alternative applications, such as Trillian, a product that offers a single user interface to numerous instant messaging communities. The news came as Microsoft had also been planning to shut out Trillian users from its MSN Messenger network. However, Cerulean Studios, the maker of Trillian, released software patches that promise to keep users' access to MSN and Yahoo!.
According to a filing with the U.S. Securities and Exchange Commission (SEC), Hewlett-Packard's CEO Carly Fiorina will step down from Cisco Systems' board of directors later this year. In the past, Fiorina has also served on the boards of pharmaceutical company Merck and breakfast cereal maker Kellogg.
|
|
|
|
|
|
| |
