|
|
Enron Mail |
NETWORK WORLD NEWSLETTER: JASON MESERVE on
SECURITY AND BUG PATCH ALERT 01/24/02 Today's focus: Panda: Two Linux fixes and a PHP patch Dear Wincenty Kaminski, In this issue: * Patches and alerts for Debian enscript, chuid and Linux- Mandrake jmcce * Viruses, including CA's weekly Top 5 list * ScanDo pokes, prods, secures Web apps, plus other interesting reading _______________________________________________________________ TECHNOLOGY INSIDER: STREAMING MEDIA Streaming media is taking off as a corporate communications and training tool. We take you behind the scenes of the technology, showing you best practices, case studies and a feature on the individual streaming media champions leading the charge. Check it out at http://nww1.com/go/ad237.html _______________________________________________________________ Today's focus: Two Linux fixes and a PHP patch By Jason Meserve Today's bug patches and security alerts: * Debian patches enscript Enscript, a tool for converting ASCII files into other formats, has been found to use insecure temporary files in its operation. Debian users can download a fix and get more information from: http://www.debian.org/security/2002/dsa-105 * Chuid program patched Two bugs in chuid, a small program designed to solve a problem created by PHP's safe_mode - which makes it so that non-Web server-owned PHP scripts can't accept file uploads - could allow a user to change uid of files outside the designated upload directory and change files owned by root or the Web server. An updated version of chuid can be downloaded from: http://srparish.net/scripts/chuid-1.3.tar.gz * Linux-Mandrake updates jmcce There is a problem with the way jmcce, a tool for displaying Chinese text on the console, creates temporary files. A malicious user could exploit this to overwrite arbitrary files on the affected system. For more, go to: http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-008.php Today's roundup of virus alerts: * WM97/Dig-C - No, this is not about Boston's notorious Big Dig. This is a harmless Word macro virus that uses a temporary file to replicate and may display a message in Cyrillic characters. (Sophos) * Top 5 viruses for the week of Jan. 14 to 20, as reported by CA: 1. Win32.Badtrans.29020 2. Win32.Magistr.29188 3. Win32.Magistr.24876 4. Win32.SirCam.137216 5. Win32.Hybris.B <From the interesting reading department: * ScanDo pokes, prods, secures Web apps Web application security firm KaVaDo Tuesday beefed up its line of products when it announced a new vulnerability-assessment tool for Web applications called ScanDo. ScanDo approaches and probes Web applications the same way an attacker would and in doing so, discovers vulnerabilities in the applications, reports on them and allows companies to patch the holes, according to Tal Gilat, CEO of KaVaDo. http://www.nwfusion.com/news/2002/0122scando.html IDG News Service, 01/22/02 * Subscription snafu angers Norton users It's a rare company that turns away customers, but Symantec's subscription renewal service for Norton AntiVirus appears to be doing just that to some users - albeit unintentionally. http://www.nwfusion.com/net.worker/news/2002/0124norton.html PC World, 01/24/02 * Schwartau: Cyber ethics in the workplace While moderating a game of "Cyber ethical Surfivor" at a large, financial conference recently, I posed the following conundrum: "You receive an anonymous e-mail which includes all the technical and business details of a key competitor's project. Your company is way behind. If you use the information, you will likely beat your competitor and you will be a hero. If you don't use the information, your company will lose a great deal of money and you will likely be the scapegoat. If you use the information, no one - except you - will ever know. What do you do?" http://www.nwfusion.com/columnists/2002/0121schwartau.html Network World, 01/21/02 * Gibbs: Let's do IT with a dongle If I build something physical, say a chair, and you steal it, I have lost the benefit of my labor. Now I think no one in their right mind would suggest such an action is ethical or defensible. http://www.nwfusion.com/columnists/2002/0121gibbs.html Network World, 01/21/02 * Archives online What's better than free archives? Well, if you got paid for reading them that would be better. But alas, free will have to suffice: http://www.nwfusion.com/newsletters/bug/index.html _______________________________________________________________ To contact Jason Meserve: Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at mailto:jmeserve@nww.com. _______________________________________________________________ NW Fusion's Buy IT provides the resources you need to make better buying decisions. Post your IT needs anonymously and FREE! Search our directory of qualified providers, review company White Papers, and select the right provider. Buy IT helps get your projects done right. Try it today! http://nwfusion.newmediary.com/nww120601nwltrb _______________________________________________________________ FEATURED READER RESOURCE Network World Fusion's Net.Worker site Whether your company is growing larger or scaling back, corporate managers are looking for ways to cut costs while retaining and recruiting star employees. One smart solution - at least on paper - is to let some employees work from home. Network World's Net.Worker Web site bridges the gap between the telework concept and the hardware, software and services needed to make it happen. We bring you news and reviews, sound advice and keen insight into the technologies and solutions you need to manage a remote and mobile workforce. Visit http://www.nwfusion.com/net.worker/index.html _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.nwwsubscribe.com/nl _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp To unsubscribe from promotional e-mail go to: http://www.nwwsubscribe.com/ep To change your e-mail address, go to: http://www.nwwsubscribe.com/news/scripts/changeemail.asp Subscription questions? Contact Customer Service by replying to this message. Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: mailto:jcaruso@nww.com For advertising information, write Jamie Kalbach, Director of Online Sales, at: mailto:jkalbach@nww.com Copyright Network World, Inc., 2002 ------------------------ This message was sent to: vkamins@enron.com
|