Cisco outlines fix for ARP storms

Virus and Bug Patch Alert This newsletter is sponsored by Quantum Whitepaper: Solve Storage's Catch-22 Regulations require increasing data storage, but your budget and staff aren't unlimited. Discover how data de-duplication maximizes storage efficiency and capacity while minimizing tape backups, eliminating common data center problems, ensuring reliable and quick recovery, and much more. Network World's Virus and Bug Patch Alert Newsletter, 07/26/07 Cisco outlines fix for ARP storms By Jason Meserve Today's bug patches and security alerts: New Cisco advisory outlines fix for ARP storms on wireless LANs Cisco has just released a new security advisory that details what caused the address storms that recently afflicted Duke University's wireless net. The advisory, posted on the company’s Web site, says that Cisco’s wireless LAN controllers have "multiple vulnerabilities in the handling of Address Resolution Protocol (ARP) packets." These vulnerabilities "could result in a denial of service (DoS) in certain environments." The vendor is offering free software to patch this problem, and notes that "there are workarounds to mitigate the effects of these vulnerabilities." Network World Security Buyers Guide Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyers Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise. Click here to go to the Security Buyers Guide now. Cisco advisory ********** Users urged to patch serious hole in BIND 9 DNS server A security researcher has reported a serious vulnerability in BIND 9, the software widely used in the Internet's DNS addressing system. The vulnerability in BIND 9 could allow an attacker to force the DNS server to return an incorrect Web site to a user, a trick known as DNS cache poisoning, or pharming. IDG News Service, 07/25/07. SANS Internet Storm Center advisory Patches: Debian OpenPKG Mandriva Ubuntu ********** Researchers claim first iPhone vulnerability; exploit steals data, operates phone Three security researchers claimed Sunday that they have found the first exploitable vulnerability in Apple's iPhone, a flaw that allows them to steal any data from the device or even to turn it into a remote surveillance tool. Computerworld, 07/23/07. Also: Consumer Reports: iPhone Hacking Raises Security Concerns for all Smartphone Users ********** Researcher publishes attack code for Mozilla flaw Mozilla is working on patching its Firefox browser after a hacker posted details of a flaw that could let criminals run unauthorized software on a victim's machine. The flaw lies in Firefox's URL handler component, which was the source of another bug, disclosed Tuesday by Mozilla. IDG News Service, 07/25/07. Mozilla advisory Blog: Remote Command Execution in FireFox et al ********** Five new updates from Gentoo: MPlayer (multiple buffer overflows, code execution) MIT Kerberos 5 (code execution, root privileges) Festival (privilege escalation) GIMP (multiple integer overflows, code execution) NVClock (code execution) ********** Two new patches from Debian: tcpdump (integer overflow, code execution) ImageMagick (multiple flaws) ********** Five new fixes from Debian: ClamAV (denial of service) Iceape (multiple flaws) Iceweasel (multiple flaws) Xulrunner (multiple flaws) Firefox (multiple flaws) ********** Today's malware news: Funny.zip There's a fairly large seeding of Trojan-Downloader.Win32.Agent.brk going on. The e-mail messages that are sent typically contain funny.zip as the attachment. E-mail subjects vary but are typically "spammy" in nature. F-Secure Blog, 07/25/07. Poisoned Web sites soar sixfold, Sophos says The number of infected Web pages has soared nearly sixfold since the first of the year, according to security company Sophos. Detailed in a just-released threat report, the spike shows just how widespread Web attacks have become, Sophos said today. In June, the company detected an average of almost 30,000 newly-infected pages each day; earlier in the year, the tally was as low as only 5,000 new pages daily. Computerworld, 07/25/07. ********** From the interesting reading department: Black Hat/Defcon hackfests next week promise rollicking action Rigorous and sometimes raw disclosure of network vulnerabilities will all be part of the action at next week’s back-to-back hackfests, Black Hat and Defcon in Las Vegas. Network World, 07/23/07. Study: Largest vendors account for fewer software flaws The top 10 most vulnerable software vendors are contributing a smaller percentage of all vulnerability disclosures per year compared to five years ago, a study by IBM's Internet Security Systems X-Force team has found. Computerworld, 07/25/07. Free security tool ferrets out unpatched software A Danish security vendor is offering a free tool designed to inform users when their applications need patching. IDG News Service, 07/24/07. McAfee sets Rootkit Detective free The freeware program promises the ability to find and remove so-called rootkits -- self-cloaking malware attacks that install themselves as kernel modules or drivers and are most often used to hide other types of threats such as keyword-logging programs -- and send data about the attacks that are discovered back to McAfee. Computerworld, 07/25/07. 'Dangling pointers' more dangerous than thought, says security vendor An issue largely ignored because the security risk was deemed only theoretical might soon become a significant and dangerous security risk, according to Web application security vendor Watchfire. Computerworld, 07/23/07. Ransomware How do you protect yourself? Keep your data backed up -- often -- in a manner that cannot be infected by ransomware. Keep multiple backup sets so you can restore your data to some point in the past, not just the last time a backup was made (your last backup may contain the infection). Gibbsblog, 07/23/07. Fox News server found unsecured Security analysts spotted a gaping security hole in Fox News Network's Web site on Monday, revealing file directories and sensitive content, although it appears the problem has been fixed. IDG News Service, 07/23/07. Online communities a godsend for IT managers, survey says Study shows IT managers who participate in online communities for troubleshooting, systems and security management, and application deployment benefit professionally by saving time when solving IT problems. Network World, 07/23/07. A lesson from an answering machine: the importance of input anchoring in password recognition I recently made a discovery that shows the importance of anchoring the input when trying to match a password. By this I mean that there should be no extra characters accepted either before or after the password (i.e., no extra characters that could be part of the password). Unanchored matching greatly weakens the defense against brute forcing the password. Symantec Security Response Weblog, 07/24/07. Black Hat: Researchers say forensics software can be hacked The software that police and enterprise security teams use to investigate wrongdoing on computers is not as secure as it should be, according to researchers at iSec Partners Inc. Network World, 07/25/07.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Hogwarts IT director quits 2. Serious hole in BIND 9 DNS server 3. Free security tool ferrets out unpatched software 4. Cisco outlines fix for ARP storms on WLANs 5. 12 IT skills that employers can't say no to 6. Cisco outlines vision for the new data center 7. Security team claims successful iPhone hack 8. What will Windows 7 look like? 9. 11 corporate anthems to die for 10. Andreessen thanks EDS/Cisco for $138M MOST E-MAILED STORY: Hogwarts IT director quits

Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by Quantum Whitepaper: Solve Storage's Catch-22 Regulations require increasing data storage, but your budget and staff aren't unlimited. Discover how data de-duplication maximizes storage efficiency and capacity while minimizing tape backups, eliminating common data center problems, ensuring reliable and quick recovery, and much more. ARCHIVE Archive of the Virus and Bug Patch Alert Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007