News Stay informed about the latest enterprise technology news and product updates.

Security Bytes: Microsoft limits new program's patch testing

Other news: Another Mydoom variant hits; FBI's $170M info-share program a bust; Solaris patch issued; and T-Mobile hacker arrested.

Microsoft recruits patch testers
Microsoft is looking for software testers to poke and prod the company's patches before monthly fixes go to the public. The Security Update Validation Program lets selected corporate customers and consultants test Microsoft's patches, but the software giant has made the program invitation-only and does not expect to involve a large number of testers, Debby Fry Wilson, director of the Microsoft Security Response Center, told CNET "This is a very controlled program," she said. "We have only invited participants with whom we have a close relationship, where we are sure that confidentiality will be maintained." The program has been under development for about a year. Participants are mostly large corporations that are customers or partners of Microsoft. Unlike customers wanting to try Microsoft's recently released AntiSpyware in beta, participants in Microsoft's Security Update Validation Program will have to abide by very strict guidelines. Participants must sign a nondisclosure agreement and pledge a significant amount of human resources to the program, she said.

New Mydoom seeking victims
A undistinguished new variant of the Mydoom worm began circulating this weekend; at this point it's still too soon to tell if Mydoom-AP will achieve more than marginal success as did some of its more noteworthy predecessors. Dubbed W32/Mydoom-AP by McAfee Inc. in Sunnyvale, Calif., the mass-mailing worm spreads via e-mail attachment and popular peer-to-peer networking applications. It uses its own SMTP engine and pretends to be an innocent text attachment. However, its extensions are .cmd, .bat, .pif, .com, .scr and .exe -- all of which can also be transmitted within a .zip file.

Experts at Cybertrust Inc. in Herndon, Va., suspect that it may install a backdoor on systems because it contacts two sites for instructions. The worm also modifies the hosts file to prevent antivirus updates and kills antivirus and personal firewall programs. Mydoom-AP uses a spoofed "from" address and variable subject lines. Its attachment names include: "document," "message" and "files" among others. Updated antivirus signatures are available from many vendors. Experts also recommend filtering executable attachments, such as .exe, .pif, .scr, .com, .bat, .vbs, .lnk and .hta at the e-mail gateway.

See McAfee's description.

FBI may scrap $170 million computer program
The FBI said it will probably scrap most of a $170 million computer program that was being designed to help agents securely share information to stop terrorism. The reason? It doesn't work. According to media reports, the software, known as Virtual Case File, has been in development for four years and is the third phase of a $500 million overhaul of technology in the bureau. A top FBI official, who spoke to reporters on condition of anonymity in a background briefing, said the bureau "presumably" would ask Congress for millions of dollars more to seek bids from companies to develop another automated information-sharing system. The special commission that investigated the 9/11 attacks blamed the FBI's antiquated computer technology for hindering agents' ability to connect dots that might have prevented the attacks on New York and Washington. FBI Director Robert Mueller has promised Congress that updating the bureau's technology is a priority. "I am frustrated," Mueller is quoted as saying in several published reports. "There were problems we did not anticipate." By the end of this month, the bureau expects a report on how much of the $170 million program is salvageable. One official said about 10% of it may be usable.

Sun patches Solaris flaw
Sun Microsystems haspatched a vulnerability in Solaris 8 and 9 an attacker could exploit to access certain accounts. The problem is an error in the creation of user accounts configured for password aging via the Solaris Management Console (SMC) GUI, which causes certain accounts to be created with empty passwords. This can be exploited to log into affected accounts without supplying a password. Danish security firm Secunia said the security hole is "moderately critical" and recommended users apply the patches and supply a password when creating user accounts with the SMC.

Hacker compromises T-Mobile's network
A hacker broke into T-Mobile USA's network over a seven-month period and read e-mails and personal computer files of hundreds of customers, including the Secret Service agent investigating the hacker. According to The Associated Press, the hacker obtained an internal Secret Service memorandum and part of a mutual assistance legal treaty from Russia. The documents contained "highly sensitive information pertaining to ongoing… criminal cases," according to court records. Nicolas Lee Jacobsen, 21, a computer engineer from Santa Ana, Calif., was charged with the break-in in U.S. District Court in Los Angeles.

Dig Deeper on Microsoft Patch Tuesday and patch management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.