|
|
Enron Mail |
NETWORK WORLD NEWSLETTER: JASON MESERVE
on SECURITY AND BUG PATCH ALERT 11/21/01 - Today's focus: Windows Media Player vulnerability Dear Wincenty Kaminski, In this issue: * Patches and alerts for Windows Media Player, SGI sendmail, HP-UX lpd, others * A Word macro virus that tries to delete .DOC and .DOT files in affected systems * A look at PsyOps and cyberterrorism, plus other interesting reading _______________________________________________________________ SPECIAL REPORT: TELEWORK Sept. 11 changed everything - including telework. Formerly viewed as a way to boost morale and productivity, lure the best hires and cut costs, telework was almost instantly transformed into a vital component of U.S. business continuity strategies. Check out our Special Report on Telework. http://nww1.com/go/ad203.html _______________________________________________________________ Today's focus: Windows Media Player vulnerability By Jason Meserve It's a short workweek here at Network World central, so there is not a lot to report today in terms of bugs and security alerts. (And who wants to be patching a server on Thanksgiving Day anyway?) Given the smaller than usual edition, those looking for holiday shopping ideas can check out our annual Yule Tools Gift Guide, put together by Senior Reviews Editor Keith Shaw with the help of some merry Network World elves. You can view all the latest gadgets at: http://www.nwfusion.com/hgg2001/ Happy Thanksgiving! Today's bug patches and security alerts: * Flaw in Windows Media Player lets any code run A bug in the way that Microsoft's Windows Media Player 6.4 handles a certain type of streaming media file can allow attackers, given the right conditions, to execute any code on target systems, Microsoft said in a security bulletin released Tuesday. At the same time, Microsoft issued a fix for the problem. http://www.nwfusion.com/news/2001/1120mediaplayer.html IDG News Service, 11/20/01 Microsoft advisory and patch information: http://www.microsoft.com/technet/security/bulletin/MS01-056.asp * SGI releases temporary sendmail patch A number of vulnerabilities have been found in sendmail, which could be exploited to gain access to sensitive information or the mail server itself. SGI does not have a permanent solution but a temporary patch is available inside this advisory: ftp://patches.sgi.com/support/free/security/advisories/20011101-01-I * ISS warns of HP-UX lpd vulnerability Internet Security Systems (ISS) is warning of a vulnerability in the HP-UX line printer daemon (lpd). A malicious user could exploit the flaw to execute code with superuser privileges. For more, go to: http://xforce.iss.net/static/7234.php * New version of OpenSSH available Version 3.0.1 of OpenSSH, an open-source version of the SSH protocol, is now available. The new version fixes a security flaw and other miscellaneous bugs. The new version can be downloaded from: http://www.openssh.com/ * Caldera patches xlock in UnixWare and Open Unix Caldera has released a patch for the xlock program that ships with Open Unix and UnixWare 7. A vulnerability in previous releases could be exploited to gain privileges. The patch can be downloaded from: ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.34/ Today's round up of virus alerts: * WM97/Marker-JX - A Word macro virus that creates a file called Jon.html in the Windows directory. It attempts to delete all .DOC and .DOT files in the Word application start-up directory and changes the summary information. (Sophos) <From the interesting reading department: * Opinion: PsyOps and network security A significant component of cyberwar and cyberterrorism is called psychological operations, or PsyOps. Simply, PsyOps is the manipulation of the psyche of an adversary or target population with information, misinformation, disinformation and propaganda. It involves perception management, or controlling what a group of people think and believe is the goal. http://www.nwfusion.com/columnists/2001/1119schwartau.html Network World, 11/19/01 * IBM creates global security services division Looking to offer a broader suite of services to companies and the government, IBM Monday announced the formation of a new division that will focus on security, safety and privacy. http://www.nwfusion.com/news/2001/1119security.html IDG News Service, 11/19/01 * Loudcloud offers four new security services Managed services provider Loudcloud Tuesday announced the availability of four new security services, beefing up the features and offerings of the Loudcloud Security Services suite. http://www.nwfusion.com/news/2001/1120loudcloud.html IDG News Service, 11/20/01 * Online archives Do you have to work on Friday? Why not kill a little time checking out our past issues? http://www.nwfusion.com/newsletters/bug/index.html _______________________________________________________________ To contact Jason Meserve: Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at mailto:jmeserve@nww.com. _______________________________________________________________ NW Fusion's BuyIT has the IT resources you need! Our directory hosts thousands of qualified service providers. Post an RFP anonymously and FREE, receive competitive bids, begin negotiations, and get your project done right! http://nwfusion.newmediary.com/nww110901nwltr1 _______________________________________________________________ FEATURED READER RESOURCE YOUR TAKE: State Department CIO Burbano revamps network in time of war New from Network World is our "Your Take" series. In this series, we conduct in-dept interviews with top network IT executives and share their experiences. First in this series, Network World Senior Editor Carolyn Duffy Marsan interviewed CIO Fernando Burbano about the status of the State Department's network upgrade, how it's changed since Sept. 11 and his advice regarding network security. http://www.nwfusion.com/yourtake/2001/1029burbano.html _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.nwwsubscribe.com/nl _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp To unsubscribe from promotional e-mail go to: http://www.nwwsubscribe.com/ep To change your e-mail address, go to: http://www.nwwsubscribe.com/news/scripts/changeemail.asp Subscription questions? Contact Customer Service by replying to this message. Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: mailto:jcaruso@nww.com For advertising information, write Jamie Kalbach, Fusion Sales Manager, at: mailto:jkalbach@nww.com Copyright Network World, Inc., 2001 ------------------------ This message was sent to: vkamins@enron.com
|