Security Bytes: State Department probes computer break-ins

By SearchSecurity.com Staff 12 Jul 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

State Department probes computer break-ins
The U.S. State Department has apparently detected large-scale break-ins of computers in its headquarters and offices that deal with China and North Korea. According to Reuters and The Associated Press, a State Department spokeswoman would only confirm that the problem was not a computer virus and that an investigation was underway. "The department detected anomalies in network traffic and we felt it prudent to take measures to ensure our system's integrity," she said. "We take each and every potential threat very seriously. Cybersecurity contingency plans were in place and we activated them immediately."

Like the private sector and other government agencies, the State Department has been constantly battling attempts by multiple sources to penetrate its computer system. The AP quoted sources saying investigators believe hackers may have stolen sensitive information and passwords and installed backdoors that may allow them to return to unclassified government computers.

Adobe Acrobat, Reader flaws repaired
Adobe Systems Inc. has closed security holes in its Acrobat and Reader programs that attackers could exploit to cause a buffer overflow and tamper with files. The vendor said the first problem is a boundary error in Adobe Acrobat that appears when .pdf files are distilled. This can be exploited to cause a buffer overflow using a specially crafted file. The flaw affects versions 6.0 through 6.0.4 for Macintosh and Windows systems. Adobe recommended users upgrade to version 6.0.5.

The second problem affects Adobe Acrobat and Adobe Reader and is caused by insecure default file permissions being set on the installed files and folders. Attackers could exploit this to bypass security restrictions and remove or replace files. The problem affects Adobe Acrobat 6.0.4 and Adobe Reader 6.0.4 for Mac OS, and users are advised to upgrade to Adobe Acrobat 6.0.5 or Adobe Reader 6.0.5.

Flaws surface in Juniper programs
Users of Juniper Network's JUNOS software should upgrade to versions built on or after May 10, 2006, in order to close a security hole. Attackers could exploit the issue to consume all kernel packet memory and cause a vulnerable router to crash. The French Security Incident Response Team (FrSIRT) said in an advisory that the flaw is due to an error when handling malformed IPv6 packets. This affects JUNOS version 6.4 through 8.0 running on M-series, T-series, and J-series routers and built before May 10, 2006.

Separately, FrSIRT warned of a second vulnerability affecting Juniper Networks DX versions 5.1.x and prior.

"This flaw is due to an input validation error in the logging feature that does not validate user-supplied parameters [such as user names] before being stored in the log file and displayed via the administrative interface," FrSIRT said. Attackers could exploit this "to cause arbitrary scripting code to be executed by the administrator's browser in the security context of an affected Web site."

FrSIRT said it is not aware of any official supplied patch for this issue.

Tags: Identity Theft and Data Security Breaches,  Securing Productivity Applications,  Network Firewalls, Routers and Switches,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Identity Theft and Data Security Breaches TJX to pay $9.75 million for data breach investigations Man pleads guilty in online banking hacking scam White House cybersecurity czar faces major hurdles Heartland breach cost $12.6 million, CEO says An inside look at security log management forensics investigations LexisNexis investigates breach, notifies thousands Senators hear call for federal cybersecurity restructuring Former Federal Reserve Bank employee arrested Attackers cash in on fundamental data handling mistakes, Verizon finds Courts turn aside data breach suits Securing Productivity Applications Adobe fixes critical Shockwave Flash Player flaw Adobe issues first quarterly patch release fixing 13 flaws Adobe shifts to Microsoft patching process, incident response plan Balancing security and performance: Protecting layer 7 on the network Software Piracy pandemic needs government role, better vendor antipiracy plans McAfee to acquire Solidcore Systems for whitelisting Adobe issues Reader update fixing zero-day flaw Microsoft to patch critical PowerPoint zero-day flaw PCI DSS: Best practices for compliance Adobe working on patch to correct new zero-day flaw Network Firewalls, Routers and Switches Firewall rule management best practices Should enterprises be running multiple firewalls? What are the disadvantages of proxy-based firewalls? IT pros find corporate firewall rules tough to navigate PCI compliance requirement 1: Firewalls Comparing an application proxy firewall and a gateway server firewall Microsoft Threat Management Gateway has some drawbacks Rising Profile Front-end/back-end firewalls vs. chassis-based firewalls How to configure a firewall to communicate with an upstream router

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) CISP-PCI  (SearchFinancialSecurity.com) cookie poisoning  (SearchSecurity.com) drive-by pharming  (SearchSecurity.com) extrusion prevention  (SearchSecurity.com) identity theft  (SearchSecurity.com) parameter tampering  (SearchSecurity.com) pretexting  (SearchCIO.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary