Security firm hires Sasser mastermind
The 18-year-old mastermind of the Sasser and Netsky worms, currently facing criminal charges, has a new job with a German firewall firm. Sven Jaschan has been hired by Securepoint and is being trained as a security software programmer. A company spokesman has been quoted in the media as saying Jaschan "has a certain know-how in this field." Graham Cluley, senior technology consultant for Lynnfield, Mass.-based antivirus firm Sophos, worries this could send a message to hackers that malicious activity pays. "It's very important that the security community does not send out a message that writing viruses or worms is cool, or a route into employment," Cluley said. "Jaschan is infamous for his involvement in the Sasser and Netsky worm outbreaks. It might have been less controversial if he had found employment in another part of the IT industry." Countless enterprises have been hit by Sasser and Netsky in the past year. A report from Sophos in July showed 70% of all virus infections in the first six months of 2004 could be linked to Jaschan. "There can be no doubt that the viruses Jaschan is said to have written were deliberately malicious, attempting to steal computer resources and blast innocent Web sites off the Internet," Cluley said. "The customers of the firewall security company will no doubt ask for an adequate explanation for his employment, and those who lost money as a result of his worms may wonder when they will be compensated."
Arrest made in Cisco source code theft
A man in Britain has been arrested in connection with the May theft of source code from Cisco Systems Inc., the IDG News Service reported. A Scotland Yard spokeswoman confirmed the arrest Friday, saying the Metropolitan Police Computer Crime Unit searched residences in Manchester and Darbyshire, U.K., Sept. 3 and confiscated computer equipment. They also arrested a 20-year-old man suspected of committing "hacking offenses" under Britain's Computer Misuse Act of 1990. While authorities haven't discussed specifics of the case, the arrest was linked to the Cisco source code, according to Julie Prinsep, a Yard spokeswoman. The suspect is out on bail, scheduled to appear before authorities at a London police station again in November, Prinsep told the IDG News Service. Meanwhile, authorities are forensically examining the computer equipment they seized. The arrest marks a major breakthrough in the case, which involves the posting of more than 800MB of source code from Cisco's Internetwork Operating System (IOS) to a Russian Web site in May. Some experts speculated the theft could cause big problems not just for those who use Cisco products but for the entire Internet because a large volume of Web traffic passes through routers produced by the San Jose, Calif.-based network giant.
Sun acknowledges NSS flaw
Sun Microsystems said an attacker could remotely exploit a buffer-overflow vulnerability in the Netscape Network Security Services (NSS) library suite to launch malicious code. NSS is used by most Sun Java Enterprise System (JES) components such as Web Server, App Server and Portal Server. "This vulnerability may allow a remote unprivileged user to execute arbitrary code on vulnerable systems during SSLv2 connection negotiation," Sun said in its advisory. The vulnerability affects Sun Java Enterprise System 2003Q4 and 2004Q2. Sun said there is no workaround but has made patches available.
Multiple flaws in Linux's GdkPixBuf
An attacker could exploit multiple vulnerabilities in GdkPixBuf to cause a denial of service and launch malicious code. Copenhagen, Denmark-based IT security firm Secunia described four "highly critical" problems in its advisory:
- A variant of a recently disclosed vulnerability in Qt exists in the .bmp image processing functionality. This can be exploited to make an affected application enter an infinite loop when a specially crafted .bmp image is processed.
- An input validation error in the "pixbuf_create_from_xpm()" function when decoding .xpm images can be exploited to cause an integer overflow when a specially crafted .xpm image is processed. Successful exploitation may in turn result in a heap-based buffer overflow, which potentially allows execution of arbitrary code.
- A boundary error in the "xpm_extract_color()" function when decoding .xpm images can be exploited to cause a stack-based buffer overflow when a specially crafted .xpm image is processed. Exploitation of this may also allow arbitrary code execution.
- An input validation error in the .ico image decoding functionality can be exploited to cause an integer overflow when a specially crafted .ico image is processed. Successful exploitation causes an affected application to crash.
Secunia said it's not aware of an official updated version that addresses the vulnerabilities. But updates recently have been issued by various Linux vendors, including Red Hat, Mandrake, Fedora and Debian.
FTC lightly endorses cash rewards for spammers
The Federal Trade Commission last week gave limited endorsement to a congressional bounty for people who help authorities track down spammers. Though reservations about its effectiveness still exist, the agency said such a reward system should go only to insiders at spam operations that can produce evidence leading to convictions, according to the Washington Post. The rewards would range from $100,000 to $250,000 and be federally funded but without further burdening or diverting resources from other FTC enforcement efforts. Despite passage of a federal antispam law this year, unsolicited junk e-mail -- including pornographic material -- continues to grow and now consumes between half and two-thirds of all e-mail processed, according to earlier reports. The cash bounty idea is endorsed by prominent cyberlaw professor Lawrence Lessig of Stanford University but opposed by companies such as Microsoft and America Online Inc., which question their necessity and legality.