Backlash for German company that hired Sasser scribe
A German security firm has lost a partner for hiring the teen believed behind the Netsky and Sasser worms. SC Magazine reports antivirus vendor HBEDV cut ties with Securepoint for hiring the 18-year-old malware writer as a trainee. "We take a dim view of employing virus authors," Tjark Auerbach, CEO of HBEDV, told the magazine. "The attempt to offer a second chance to an allegedly reformed person must be balanced against the exclusive security interests of our customers." Formerly sales and technology partners, the German firms will now lead separate lives. Securepoint appeared unfazed. "They are not a big company and we don't do very much work with them," said Lutz Hausmann, technical director of Securepoint. "If they want to do this then that is fine. I don't care." Sven Jaschan, who faces criminal charges for his alleged activities, was hired by Securepoint in September and was being trained as a security software programmer. Netsky and Sasser were responsible for 70% of worm infections in the first half of 2004, according to Lynnfield, Mass.-based antivirus firm Sophos. Notable victims were U.S. carrier Delta Airlines and the European Commission.
Survey: Security, networking professionals join forces
The line between security and networking teams are blurring in response to growing threats, Q1 Labs of Waltham, Mass., concluded after surveying more than 450 IT professionals. The firm found that
Skype fixes flaw
Skype has updated its Internet telephony software, patching a "highly critical" vulnerability in its client for Windows-based systems, Danish security firm Secunia said in an advisory. Attackers could exploit a boundary error within the handling of command line arguments to cause a stack-based buffer overflow by tricking a user into visiting a malicious Web site that passes an overly long string -- more than 4,096 bytes -- to the "callto:" URI handler, Secunia said. Successful attackers could use the vulnerability to launch malicious code. Users should update to version 126.96.36.199, Secunia said.
Vulnerability in IMail server
An attacker could exploit a "moderately critical" boundary error vulnerability in IMail Server 8.13 to cause a buffer overflow and launch malicious code, Danish security firm Secunia said in an advisory. The vulnerability is caused by a boundary error within the IMAP service when processing "delete" commands, the firm said. This can be exploited to cause a stack-based buffer overflow by passing a "delete" command with an overly long argument of about 300 bytes. The vulnerability was confirmed in version 8.13 and Secunia said other versions may also be affected. The advisory said one solution is to restrict access to the IMAP service or disable it.
SuSE fixes Samba flaw
Linux vendor SuSE has fixed a Samba vulnerability an attacker could use to cause a buffer overflow and denial of service. The SuSE advisory said the Samba file sharing service daemon "allows a remote user to have the service consume lots of computing power and potentially crash the service by querying special wildcarded file names. This attack can be successful if the Samba daemon is running and a remote user has access to a share (even read only)." The Samba team has issued version 3.0.8 to fix the problem, the advisory said.