Security Bytes: State Department probes computer break-ins

By SearchSecurity.com Staff 12 Jul 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

State Department probes computer break-ins
The U.S. State Department has apparently detected large-scale break-ins of computers in its headquarters and offices that deal with China and North Korea. According to Reuters and The Associated Press, a State Department spokeswoman would only confirm that the problem was not a computer virus and that an investigation was underway. "The department detected anomalies in network traffic and we felt it prudent to take measures to ensure our system's integrity," she said. "We take each and every potential threat very seriously. Cybersecurity contingency plans were in place and we activated them immediately."

Like the private sector and other government agencies, the State Department has been constantly battling attempts by multiple sources to penetrate its computer system. The AP quoted sources saying investigators believe hackers may have stolen sensitive information and passwords and installed backdoors that may allow them to return to unclassified government computers.

Adobe Acrobat, Reader flaws repaired
Adobe Systems Inc. has closed security holes in its Acrobat and Reader programs that attackers could exploit to cause a buffer overflow and tamper with files. The vendor said the first problem is a boundary error in Adobe Acrobat that appears when .pdf files are distilled. This can be exploited to cause a buffer overflow using a specially crafted file. The flaw affects versions 6.0 through 6.0.4 for Macintosh and Windows systems. Adobe recommended users upgrade to version 6.0.5.

The second problem affects Adobe Acrobat and Adobe Reader and is caused by insecure default file permissions being set on the installed files and folders. Attackers could exploit this to bypass security restrictions and remove or replace files. The problem affects Adobe Acrobat 6.0.4 and Adobe Reader 6.0.4 for Mac OS, and users are advised to upgrade to Adobe Acrobat 6.0.5 or Adobe Reader 6.0.5.

Flaws surface in Juniper programs
Users of Juniper Network's JUNOS software should upgrade to versions built on or after May 10, 2006, in order to close a security hole. Attackers could exploit the issue to consume all kernel packet memory and cause a vulnerable router to crash. The French Security Incident Response Team (FrSIRT) said in an advisory that the flaw is due to an error when handling malformed IPv6 packets. This affects JUNOS version 6.4 through 8.0 running on M-series, T-series, and J-series routers and built before May 10, 2006.

Separately, FrSIRT warned of a second vulnerability affecting Juniper Networks DX versions 5.1.x and prior.

"This flaw is due to an input validation error in the logging feature that does not validate user-supplied parameters [such as user names] before being stored in the log file and displayed via the administrative interface," FrSIRT said. Attackers could exploit this "to cause arbitrary scripting code to be executed by the administrator's browser in the security context of an affected Web site."

FrSIRT said it is not aware of any official supplied patch for this issue.

Tags: Identity Theft and Data Security Breaches,  Securing Productivity Applications,  Network Firewalls, Routers and Switches,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Identity Theft and Data Security Breaches Health Net healthcare data breach affects1.5 million Massive T-Mobile UK security breach involves insiders Chip and PIN adoption serves lesson for U.S. payment industry Group to shed light on secure identity management threats Heartland CIO is critical of First Data's credit card tokenization plan Heartland CIO on end-to-end encryption, credit card tokenization Heartland CIO on PCI, E3 project Visa probes tokens, encryption for PCI card data protection University data breach exposes 163,000 women to identity theft TJX thrives following breach, bucks sour economy Securing Productivity Applications Software piracy group offers cash to whistleblowers How to secure a .pdf file How do hackers bypass a code signing procedure to inject malware Quiz: How to build secure applications How to detect software tampering Adobe fixes 29 flaws in Acrobat, Reader Adobe warns of critical update for Reader, Acrobat 9.1.3 Why should we place data files on a separate partition than the OS? Adobe updates ColdFusion, JRun, Flex Serious Adobe Flash flaw being exploited Network Firewalls, Routers and Switches How to prepare for a secure network hardware upgrade Best Network Firewall Products What is the difference between static and dynamic network validation? Screencast: Smoothwall offers firewall defense in lean times New Cisco IOS bugs pose tempting targets, says Black Hat researcher How to implement virtual firewalls in a complex network infrastructure How to manage network bandwidth with distributed ISP bandwidth Firewall rule management best practices Should enterprises be running multiple firewalls? What are the disadvantages of proxy-based firewalls?

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) CISP-PCI  (SearchFinancialSecurity.com) cookie poisoning  (SearchSecurity.com) drive-by pharming  (SearchSecurity.com) extrusion prevention  (SearchSecurity.com) identity theft  (SearchSecurity.com) parameter tampering  (SearchSecurity.com) pretexting  (SearchCIO.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary