DNS protocol hit by DoS flaw A remotely exploitable flaw that could crash vulnerable servers has been identified...
in some vendors' implementations of the DNS protocol, the U.K.-based National Infrastructure Security Co-ordination Centre warned Tuesday. The "moderate risk" flaw in the recursion process used by some DNS implementations to decompress DNS messages can cause the DNS server to terminate abnormally. Cisco Systems has released patches for several products. Microsoft said its products aren't vulnerable. A list of affected vendors is expected to be available soon on the NISCC Web site.
Fix issued for 'high-risk' antivirus flaw
Computer Associates Inc. warned of a "high-risk" flaw in its antivirus products that use the eTrust Vet antivirus engine that could allow an attacker to take control of a computer without any user interaction. According to eWEEK, InoculateIT 6.0, eTrust Antivirus versions 6.0 through 7.1, eTrust Antivirus for the Gateway 7.0 and 7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, and BrightStor ARCserve Backup are vulnerable. "In the worst scenario, an external attacker may present a carefully crafted Microsoft Office document to a vulnerable computer for virus scanning and gain control of the computer without any user interaction," the magazine reported.
Red Hat issues important kernel fix
The Red Hat Security Response Team recommends users of Red Hat Desktop version 3 upgrade their kernel packages to fix flaws that could allow data corruption, privilege violations or denial of service. Version 3 of Red Hat Enterprise Linux AS, Red Hat Enterprise Linux ES and Red Hat Enterprise Linux WS are vulnerable. Red Hat described a flaw between execve() syscall handling and core dumping of ELF-format executables, a flaw in shared memory locking, another in the locking of SysV IPC shared memory regions, and a problem that could lead to data corruption on x86-architecture SMP systems. See the advisory for additional details.
Virus writers no longer seeking 'epic' infections
The founder of Russia-based Kaspersky Labs says the reason there hasn't been a major global malware outbreak the past year is because virus writers have changed their tactics. Eugene Kaspersky told an Australian CERT audience that the hacker underground is more interested in stealthily infecting machines with bots to turn the PCs in their own army of zombies. The writers are intentionally limiting their infections to 5,000 to 10,000 machines to avoid being spotted by antivirus companies, a senior systems engineer from Tokyo-based Trend Micro told ZDNet. "With 5,000 PCs under your control -- none of which are being destroyed or showing actual qualifiable damage as a result -- you will fit under the radar, probably make some money and you probably won't get arrested," said Trend's Adam Biviano.
AOL a 'gateway drug' that led to LexisNexis hacks? A trio of teenagers have reportedly told Wired News that they broke into the LexisNexis database and stole private information on more than 300,000 consumers for bragging rights and not to cause anyone undue harm. "We didn't use the info for bad reasons. It was to have the info and get kicks out of it," said "Cam0," a 16-year-old from Massachusetts. The teenager said that in 1997 he began hacking into AmericaOnline, referring to it as the "gateway drug" that led to more ambitious hacks. He also claimed credit for recently breaking into socialite Paris Hilton's T-Mobile account. Lewd pictures from her Sidekick later showed up on Web sites and celebrity phone numbers stored on the device were widely circulated.
In telephone interviews, Cam0 and cohorts "Shasta," 19, and "Krazed," 20, say they'd never heard of LexisNexis, a powerful database holding millions of files on consumers, when they came across the account number belonging to a Florida police officer. They nabbed the passcode by engaging the policeman in an online chat with Krazed, who posed as a 14-year-old girl and baited him to download a Trojan horse posed as naked pictures. Law enforcement officials confirmed the teens' account and said there's no evidence to suggest they've actually used the stolen information.