|
|
Enron Mail |
--------------------------vince kaminski -----Original Message----- From: NW Security and Bug Patch Alert <Security-BugPatch@bdcimail.com<@ENRON [NOTES:NW Security and Bug Patch Alert <Security-BugPatch@bdcimail.com<@ENRON] To: vkamins@enron.com <vkamins@enron.com< Sent: Thu Jan 03 16:50:01 2002 Subject: Flaw in AOL Instant Messenger NETWORK WORLD NEWSLETTER: JASON MESERVE on SECURITY AND BUG PATCH ALERT 01/03/02 Today's focus: Flaw in AOL Instant Messenger Dear Wincenty Kaminski, In this issue: * Patches and alerts for AOL IM, IE 6.0 and Linux mutt * Viruses, including the new ZaCker e-mail worm * CIA-backed analysis tool to be used for passenger checks, plus other interesting reading _______________________________________________________________ THE NETWORK POWER: 2001 Despite the roller coaster ride the economy has put us on this year, networking remains a thriving, vital industry. In Network World's Annual Signature Series POWER ISSUE, you'll find profiles of companies exercising their influence, people grabbing opportunity and technologies making their mark in the enterprise. Find out who has exerted the power in 2001 at: http://nww1.com/go/ad221.html _______________________________________________________________ Today's focus: Flaw in AOL Instant Messenger By Jason Meserve Today's bug patches and security alerts: * Hole in AOL Instant Messenger discovered A security flaw in the way AOL's Instant Messenger handles game sharing requests could be exploited by a malicious user to run arbitrary code on the affected machine. The victim may be helpless, short of powering down the machine, to stop the request. AOL is working on a fix, which will be applied to the servers that run IM. Users will not have to download a patch. For more: http://www.nwfusion.com/news/2002/0102aim.html * Vulnerability found in IE 6.0 Microsoft bug hunter Georgi Guninski has discovered one of the first bugs in the new Internet Explorer 6.0. According to Guninski, the GetObject() function has a poor security mechanism that can be easily exploited to transverse local files and execute arbitrary programs on the affected machine. For more, go to: http://www.guninski.com/getob3.html * Patch release for mutt A buffer overflow vulnerability exists in mutt, a mail user agent for Linux. The one-byte overflow can be exploited by a malicious user. For general updates and to get more information, go to: http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html Debian users can download the appropriate patch from: http://www.debian.org/security/2002/dsa-096 Today's roundup of virus alerts: * JS/Seeker-E - A JavaScript-based virus that attempts to set Internet Explorer's home and start pages to a pornographic site. (Sophos) * Win32/Maldal.G.Worm - An e-mail worm that spreads via Outlook by sending itself to everyone the Outlook Address book and by searching the infected hard drive for addresses embedded in HTML pages. Infected messages have the subject line of "ZaCker" and an attachment called "ZaCker.exe". The virus also will overwrite a number of file types. (Computer Associates, Sophos, Symantec) See story at: http://www.nwfusion.com/news/2002/0103zacker.html * Troj/Download-A - A Trojan Horse program that comes as two files, "dlder.exe" and "explorer.exe". They can be used to send information about an infected computer to outside sources. (Sophos) <From the interesting reading department: * CIA-backed analysis tool eyed for passenger checks Data analysis software backed by the CIA and used by some casinos to catch gambling cheats is now being tested for its potential to detect suspected terrorists and their associates when they make airline, hotel or rental-car reservations. http://www.nwfusion.com/news/2002/0102cia.html Computerworld, 01/02/02 * The VPN performance game Hardware and software VPN vendors go head to head over performance. What you need to know about their claims. http://www.nwfusion.com/power01/vpnlie/ Network World, 12/24/01 * Powering down How some network pros let off steam after a hard day at work. http://www.nwfusion.com/power01/breaks/ Network World, 12/24/01 * Archives online Well, 2002 is upon us. Look back on 2001 at: http://www.nwfusion.com/newsletters/bug/index.html _______________________________________________________________ To contact Jason Meserve: Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at mailto:jmeserve@nww.com. _______________________________________________________________ Promote your services and generate qualified leads! Register on Buy IT, NW Fusion's Vendor Directory and RFP Center. It's cost-effective and eliminates the headaches of finding new business. List your company today and access millions of dollars in RFPs posted by active buyers. Go to NW Fusion now! http://www.nwfusion.newmediary.com/091201nwwprovnwltr1 _______________________________________________________________ FEATURED READER RESOURCE JOIN IN! Network World Forums are a great place to voice your opinion and hear what your peers have to say about a latest product release or trend in networking. Our Forums cover such topics as "Should you upgrade to XP?" to a "Help Desk Forum" in which you can ask the expert advice of Network World Fusion's Help Desk editor, Ron Nutter. Our Forums are a great way to express your opinions and interact with your peers. http://www.nwfusion.com/forum/index.html _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.nwwsubscribe.com/nl _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp To unsubscribe from promotional e-mail go to: http://www.nwwsubscribe.com/ep To change your e-mail address, go to: http://www.nwwsubscribe.com/news/scripts/changeemail.asp Subscription questions? Contact Customer Service by replying to this message. Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: mailto:jcaruso@nww.com For advertising information, write Jamie Kalbach, Director of Online Sales, at: mailto:jkalbach@nww.com Copyright Network World, Inc., 2002 ------------------------ This message was sent to: vkamins@enron.com
|