Report: IRS network easy prey for ID thieves
Millions of taxpayers' identities are at risk because of network security holes at the Internal Revenue Service (IRS), according to a Congressional report released Monday. The Government Accountability Office (GAO) found that the IRS probably doesn't know if outsiders are browsing through citizens' tax returns because it doesn't effectively police its computer systems for unauthorized use, the Reuters news agency reported.
Reuters noted that the report was released three days after the deadline for filing personal income-tax returns, at a time when concerns about identity theft and computer security are running high.
"This lack of systems security at the IRS is completely unacceptable and needs to be corrected immediately," House Judiciary Chairman James Sensenbrenner, R-Wis., told Reuters.
The report said the IRS has taken steps in recent years to protect the information it collects, fixing 32 of the 53 problems that turned up in a 2002 review, for example. But the GAO found 39 new security problems on top of the 21 that remain unfixed.
In a letter dated April 14, a Treasury Department official said many of the security holes outlined in the report have been fixed and others should be completed by October. The agency will figure out whether tax returns and financial-crime information have been inappropriately disclosed, Acting Deputy Treasury Secretary Arnold Havens told Reuters.
AV firms warn of new Sober variant
Several antivirus firms warned Tuesday that a new variant of the Sober worm was in the wild, using its own Simple Mail Transfer Protocol (SMTP) engine to spread. According to Symantec, Sober-N sends itself as an e-mail attachment to addresses it gathers from other infected computers. The e-mail may be in either English or German, the Cupertino, Calif.-based company said.
Finish security firm F-Secure Corp. said the worm's spreading speed wasn't yet clear Tuesday morning. But, the firm noted in its daily lab blog, "Many previous Sober variants have been fairly big problems."
Santa Clara, Calif.-based McAfee said Sober-N's message reads as follows:
Subject: I've_got your EMail on my_account!
Body: "Hello, First, Very Sorry for my bad English. Someone is sending your private e-mails on my address. It's probably an e-mail provider error! At time, I've got over 10 mails on my account, but the recipient are you. I have copied all the mail text in the windows text-editor for you & zipped then. Make sure, that this mails don't come in my mail-box again. Bye."
Attachment: your_text.zip (containing the file mail.document.Datex-packed.exe)
McAfee to fix Internet Security Suite 2005 flaw
Local users could exploit a vulnerability in McAfee Internet Security Suite 2005 to gain escalated privileges, according to Reston, Va.-based security firm iDefense. McAfee has acknowledged the problem and will provide automated fixes, the firm said.
"The vulnerability… exists in the default file Access Control List (ACL) settings that are applied during installation," iDefense said in its advisory. "When an administrator installs McAfee Internet Security Suite 2005, the default ACL allows non-administrator users to modify the installed files."
Because some of the programs run as system services, iDefense said a malicious user "can simply replace an installed McAfee Internet Security Suite 2005 file with [his] own malicious code that will later be executed with system privileges."
Sun fixes Solaris flaws
Sun Microsystems has fixed flaws in the Solaris operating system an attacker could exploit to hijack network ports or gain extra user privileges. The Santa Clara, Calif.-based company said the first problem is that local unprivileged users "may be able to start processes on non-privileged network ports." By "stealing" the port, Sun said in its advisory, "these processes may act as modified or 'Trojaned' versions of the service that typically runs on that port. This condition could lead to service disruption, a sensitive information leak or possible compromise of remote systems." The problem has been patched in Solaris 8 and 9 on the SPARC and x86 platforms.
The second problem is that Xsun(1) -- the Solaris server for X Version 11 -- and Xprt(1) -- the Solaris print server for X Version 11 -- contain multiple buffer overflows in the handling of the "font.alias" file. Sun said this "may allow a local unprivileged user to execute arbitrary code with the privileges of the Xsun or Xprt server." The Xsun server runs with "gid root" privileges on Solaris SPARC systems and "uid root" privileges on Solaris x86 systems. The Xprt server runs with "gid root" privileges on both SPARC and x86 systems. The flaws have been patched in Solaris 7, 8 and 9 on both platforms.