Saturday, November 20, 2004

Linux security alert!

-Linux iptables:
Linux is vulnerable to an integer underflow in the iptables code that handles firewall rules, which can be exploited by a remote attacker to crash the server. To exploit this vulnerability, the attacker would construct a packet that, when processed by the firewall, would crash the server. Machines without the firewall enabled are not vulnerable to this attack.
All affected users should upgrade to a repaired version of the Linux kernel or should watch their vendors for a patched version of the kernel for their distribution.
-OpenSSL 0.9.7e:
The OpenSSL project team has released version 0.9.7e of OpenSSL, the open source toolkit for SSL/TLS. This new version repairs a race condition in the CRL-checking code and bug fixes in code dealing with S/MIME.
The OpenSSL project team strongly recommends all users of OpenSSL upgrade to version 0.9.7e or newer as soon as possible.
PuTTY is a free version of telnet, SSH, and a Xterm emulator for Windows and Unix machines. A buffer overflow in the code that handles SSH2_MSG_DEBUG packets during a SSH2 connection can be exploited by a remote attacker to execute arbitrary code on the server with the permissions of the user account running PuTTY.

Thursday, November 18, 2004

What's the Unix RPC and how we have to do protection?

Like any network resources, applications need to have a way to talk to each other over the network.RPC is one of the most popular protocols for doing it.It employes a service called the Portmapper(in most of Unix's OS known as rpcbind) to arbitrate between client requests and ports that it dynamically assigns to listening applications.The attackers using some tools such as "rpcinfo" to enumerate the services (which are based on RPC) such as rwhod or rusersd.
RPC Portmappers typically run on TCP/UDP 111 and TCP/UDP 32771 on some Sun boxes, then you should do at least the following items:
1. Filter TCP/UDP 111 and TCP/UDP 32771 on the firewall.
2. Disable RPC based services from /etc/rc* or /etc/init.d on your Unix/Linux machine.
3. Check with your RPC vendor to learn which options are available to protect youe services.
4. Using Sun's Secure RPC that authenticates based on public-key cryptographic mechanisms.

Wednesday, November 17, 2004

Nokia Demonstrates IPv6 Phone

Nokia Corp. on Tuesday demonstrated the use of IPv6, the next generation Internet protocol, on a handset.
The Finnish company demonstrated what it called the industry's "first Mobile IPv6 call." Mobile IPv6 is the mobility protocol for IPv6 enabled handsets.
The demonstration at the 3G World Congress Convention and Exhibition in Hong Kong showed real-time streaming video with seamless handoff between two CDMA access networks using Mobile IPv6.
The next generation protocol advances the Internet's current IPv4 protocol by enabling terminals to maintain their IP connectivity as they move across networks and different access technologies. In addition, Mobile IPv6 provides route optimization techniques to reduce handoff latencies.
"IPv6 is the next-generation of the Internet protocol and has many advantages over IPv4 both for the network operators and the end-users," Adam Gould, vice president of technology management and planning for Nokia CDMA. "IPv6 allows the deployment of millions of always-on, IP enabled devices, each with it's own unique IP address."

Voice Over IP Brings Potential for New Type of Spam!

Spam over Internet telephony not prevalent yet, experts sayAs reported in recent news, those who send unsolicited sales pitches for everything from free money and tropical vacations to discounted prescription medicine are beginning to use the power of the Internet and the interconnectedness of cell phones to send unsolicited text and voice messages to users of short messaging services (SMS) and voice over IP (VoIP) telephones.Experts at the anti-virus company Sophos recently discovered, Troj/Delf-HA, a Trojan horse that attempts to send text messages en masse to SMS-equipped mobile phones. Troj/Delf-HA installs itself in the Windows system folder and inserts a command in the registry that ensures the virus runs when the computer is started up. Then it connects to a Russian Web site and downloads a text file containing the details of the SMS message the virus attempts to send using forms found on many Russian cellular service providers' Web sites which allow users to send text messages to SMS-equipped cell phones. Sophos lists the Trojan's prevalence as low on it Web site where the company also provides a

Monday, November 15, 2004

Sun to Introduce Newest Version of Solaris Today

Sun Microsystems plans to unveil the latest version of its flagship Solaris operating system and offer a free version of the program to make it more attractive to corporate and academic computer users.

Useful Resources for Spam

Spam-blocker - Brightmail Canada Instant
Spam - Free Removal Spam
Spam-assassin - Junk Email Eliminator
Spam - 2004 Anti Antispam Control Firewall Internet Norton Parental Privacy Security Vi
Spam - List No SpamSpam-killer - Reporting Junk Email

Security Showdown

Smaller vendors of security apps say larger companies aren’t providing enough protection By Thomas Claburn
Four vendors of application-security products have created an alliance to challenge five large security and networking vendors– Check Point Software Technologies, Cisco Systems, Juniper Networks, McAfee, and Symantec–to protect customers from hacker attacks and other breaches.
At the Computer Security Institute Conference in Washington, D.C., held last week, the CEOs of F5 Networks, Imperva, NetContinuum, and Teros challenged their larger rivals to join them in putting their products to the test before ICSA Labs, an independent information-security-product certifier. Their goal is to promote more consistent metrics for customers to evaluate products.
In a prepared statement, the foursome suggest that some of their larger rivals are selling security short. “We are united regarding the minimum criteria that any security product must meet to provide acceptable protection for mission-critical Web applications,” the companies state. “We believe these minimums aren’t being met by many vendors. The result is a false sense of security that exposes consumers and corporations to a higher risk of identity theft and other similar data-loss threats. Our goal is to pave the way for minimum standards that will ensure the safety of consumers as well as corporate and government environments on the Web.”
The application-security vendors “normally don’t talk to each other,” says Bob Walters, CEO of Teros. “But we came together to help improve the situation.” Gene Banman, CEO of NetContinuum, notes that his company and its allies have built their businesses around better Web-application security.
“It’s pretty remarkable that these companies have come together,” says James Slaby, an analyst with the Yankee Group. “It shows the difficulty of competing against entrenched incumbents.”
The criticisms are accurate, Slaby says. The smaller, specialized vendors offer application-specific security that considers the context of external network requests, as opposed to generic packet filtering typically offered by the larger vendors. Slaby suggests that packet filtering isn’t enough to identify some attacks.

Weekly Virus Report

NewsNow Weekly Virus Report - IFRAME.BoF Exploit, Mydoom.AE, Mydoom.AF and Gavir.A Worms This week's report on viruses and intruders looks at the IFRAME.BoF exploit, as well as the Mydoom.AE, Mydoom.AF and Gavir.A worms. IFRAME.BoF is an exploit for a buffer overrun vulnerability that occurs in Internet Explorer v6.0 and allows an attacker to remotely execute arbitrary code on the vulnerable computer. This vulnerability is rated as extremely critical. The exploit can be included in a malicious web page or in an email message in HTML format, which contain executable code.

How to interpret Windows XP/.NET/2000 Installation date

... I have asked about Windows XP/2003(.NET) for deactivation and activation solutions more.Maybe you had the same problem before.I have no decide to learn activation procedure, you can find out on the internet or maybe did it.But I'll explain the way that can interpret the installation date and determine the deactivation time and date based on 120 or 180 days of Windows evaluation policy.This will answer to at least the following questions:1.How many days time left to deactivation?2.If the time is over and deactivation didn't occur then you can be certain about your activation.The easiest way is go to the command prompt, then run "systeminfo" and see the "Orginal Install Date" section for the installation date and time.The SystemInfo GUI doesn't have this section.Use command prompt version.The other way is open "regedit" then go to the:"HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion"int he right pane find "InstallDate", read the decimal value of "InstallDate" and go to the to calculate the value.Note than for windows server 2003 Enterprise you have to re-install or repair to product key take effect, as I know.