Backlash for German company that hired Sasser scribe
A German security firm has lost a partner for hiring the teen believed behind the Netsky and Sasser worms. SC Magazine reports antivirus vendor HBEDV cut ties with Securepoint for hiring the 18-year-old malware writer as a trainee. "We take a dim view of employing virus authors," Tjark Auerbach, CEO of HBEDV, told the magazine. "The attempt to offer a second chance to an allegedly reformed person must be balanced against the exclusive security interests of our customers." Formerly sales and technology partners, the German firms will now lead separate lives. Securepoint appeared unfazed. "They are not a big company and we don't do very much work with them," said Lutz Hausmann, technical director of Securepoint. "If they want to do this then that is fine. I don't care." Sven Jaschan, who faces criminal charges for his alleged activities, was hired by Securepoint in September and was being trained as a security software programmer. Netsky and Sasser were responsible for 70% of worm infections in the first half of 2004, according to Lynnfield, Mass.-based antivirus firm Sophos. Notable victims were U.S. carrier Delta Airlines and the European Commission.
Survey: Security, networking professionals join forces
The line between security and networking teams are blurring in response to growing threats, Q1 Labs of Waltham, Mass., concluded after surveying more than 450 IT professionals. The firm found that network and security administrators are increasingly teaming up to handle incident response and resolution. The survey also found that risk mitigation is becoming more complex, with a variety of different threats overwhelming administrators who are responsible for keeping networks up and running. "One of the more interesting results of this survey was the integration of network and security groups within the enterprise," Brendan Hannigan, executive vice president of marketing and business development at Q1 Labs, said in a statement. "Security is moving from an add-on or an individual function to a central part of network architectures. While we used to see separate groups handling each aspect, the majority of survey respondents need both networking and security experts to work together at resolving today's complex threats." The survey asked which issues and risks take up the most time and focus of respondents' network management and IT staff. The top three responses: managing external threats from worms and other malicious programs (37%); managing the volume of alerts, responding to incidents, enforcing policies and preventing downtime (31%); and responding to internal network misuse (14%).
Skype fixes flaw
Skype has updated its Internet telephony software, patching a "highly critical" vulnerability in its client for Windows-based systems, Danish security firm Secunia said in an advisory. Attackers could exploit a boundary error within the handling of command line arguments to cause a stack-based buffer overflow by tricking a user into visiting a malicious Web site that passes an overly long string -- more than 4,096 bytes -- to the "callto:" URI handler, Secunia said. Successful attackers could use the vulnerability to launch malicious code. Users should update to version 188.8.131.52, Secunia said.
Vulnerability in IMail server
An attacker could exploit a "moderately critical" boundary error vulnerability in IMail Server 8.13 to cause a buffer overflow and launch malicious code, Danish security firm Secunia said in an advisory. The vulnerability is caused by a boundary error within the IMAP service when processing "delete" commands, the firm said. This can be exploited to cause a stack-based buffer overflow by passing a "delete" command with an overly long argument of about 300 bytes. The vulnerability was confirmed in version 8.13 and Secunia said other versions may also be affected. The advisory said one solution is to restrict access to the IMAP service or disable it.
SuSE fixes Samba flaw
Linux vendor SuSE has fixed a Samba vulnerability an attacker could use to cause a buffer overflow and denial of service. The SuSE advisory said the Samba file sharing service daemon "allows a remote user to have the service consume lots of computing power and potentially crash the service by querying special wildcarded file names. This attack can be successful if the Samba daemon is running and a remote user has access to a share (even read only)." The Samba team has issued version 3.0.8 to fix the problem, the advisory said.