Security hole in Windows XP, server products
Versions of Windows XP and Server 2003 contain a flaw attackers could use to cause a denial of service, French security firm FrSIRT said in an advisory.
The vulnerability is in the Windows IPv6 TCP/IP stack when processing a specially crafted packet in which the SYN flag is set and the source address and port are the same as the destination address and port. A remote user could exploit this vulnerability to launch a LAND attack, which would cause a vulnerable system to crash.
Microsoft patched a variant of this flaw in April, FrSIRT said. The problem specifically affects Windows XP, XP SP1, XP SP2, Server 2003 and Server 2003 SP1. FrSIRT recommends users filter all traffic with a firewall. The organization said it is "not aware of any official supplied patch for this issue."
Sober-infected computers spew German right-wing messages
Sober started its latest Internet tear earlier this month by promising tickets for the 2006 World Cup in Germany. Now machines infected by the worm are becoming messengers of German nationalism. Lynnfield, Mass.-based antivirus firm Sophos said the Sober-Q Trojan horse -- dropped on machines by the Sober-N worm -- is being used to send out German spam with WW II-era references.
Those e-mails use various subject lines including: "Dresden Bombing Is To Be Regretted Enormously," "Armenian Genocide Plagues Ankara 90 Years On," "Dresden 1945" and "Turkish Tabloid Enrages Germany with Nazi Comparisons." The Trojan drops a file onto infected PCs that includes links to online news stories about previous versions of the Sober worm and the text: "Ich bin immer noch kein Spammer! Aber sollte vielleicht einer werden :)," which translates to "I'm not a spammer, but perhaps I should become one :)."
"Thousands of innocent computer users are unknowingly spewing out this unwanted mail as the Sober author has taken control of their PCs," Graham Cluley, Sophos' senior technology consultant, said in a statement. "By including links to news stories about previous variants of the Sober worms, it seems that the author is looking for notoriety, but it's unlikely that the thousands deluged with this spam will take kindly to his tactics. This latest piece of malware highlights the links between virus writers and spammers and reinforces the need for everyone to deploy regularly updated antivirus and antispam software as well as a firewall."
Lawmakers want a more powerful cybersecurity czar
Congress wants the nation's cybersecurity chief to have more clout and stay in office longer. The position has switched hands several times since its creation. First Richard Clarke left, then Howard Schmidt and then Amit Yoran. According to CNET News.com, Congress may try to quell some of the turmoil at the Department of Homeland Security by creating a more prestigious post. Tuesday, the House of Representatives will start deliberating a proposal for an assistant secretary for cybersecurity. The position, long a favorite of congressional security hawks, would require an appointment by the president and confirmation by Congress, CNET News.com reported. Whoever fills it would be responsible for coordinating with other federal agencies. According to the House bill, the assistant secretary would be charged with creating a "national cybersecurity response system" that would evaluate and "aid in the detection and warning of attacks" on U.S. critical infrastructure.
Security holes plague Linux kernel
French security firm FrSIRT reports in a new advisory that the Linux kernel contains "multiple vulnerabilities" attackers could use to cause a denial of service and launch malicious commands.
"These flaws are due to input validation errors in the raw device and pktcdvd block device ioctl handlers when processing specially crafted arguments passed to the 'raw_ioctl(),' 'pkt_ioctl()' and 'ioctl_by_bdev()' functions, which may be exploited by malicious users to execute arbitrary commands with kernel privileges," the advisory said. Linux Kernel version 126.96.36.199 and prior are affected. Users are advised to switch to version 188.8.131.52 via the Linux kernel Web site.
Flaw in Intel's hyperthreading technology
An attacker could use a glitch in Intel Corp.'s hyperthreading technology to steal security keys from a compromised server using a sophisticated timing attack, a researcher said Friday in a paper presented at the BSDCan 2005 conference. According to a report from the IDG News Service, hyperthreading allows software to take advantage of unused execution units in a processor. It essentially allows two separate processes, or software threads, to execute on a single processor at the same time, improving performance on software written to take advantage of the technology. By taking advantage of the fact that the processes share access to a chip's cache memory, an attacker can determine the security keys to a particular computer by monitoring the cache for those keys, said Colin Percival, an independent researcher. Intel and several software companies are working to fix for the problem, but they don't consider it critical, an Intel spokesman told the news service.