JPEG's No Longer Safe For Viewing?
09.15.04
Yesterday, Microsoft released a patch for a flaw in the way their operating systems and other software process the widely used JPEG image format. The flaw potentially allows hackers to create an image file capable of executing malicious code on an unsuspecting user's computer.
Internet Explorer is vulnerable to this flaw, this means that people who us IE could fall subject to an attack just by visiting a Web site that has affected images on it.
"The potential is very high for an attack," said Craig Schmugar , virus research manager for security software company McAfee. "But that said, we haven't seen any proof-of-concept code yet." Such code illustrates how to abuse flaws and generally appears soon after a software maker publishes a patch for one of its products.
This JPEG flaw affects at least a dozen Microsoft software applications and operating systems, which include Windows XP, Windows Server 2003, Office XP, Office 2003, Internet Explorer 6 Service Pack 1, Project, Visio, Picture It and Digital Image Pro. Microsoft has a full list of the affected products on their website .
Sniffing Worm On The Loose. A new worm has been released that comes equipped with network-sniffing software that allows it to scour for passwords from other computers connected to the infected PC.
The variant of the SDbot worm opens a back door for hackers and then reports back the stolen information using a network sniffer and keystroke logger embedded in the code.
"The complete SDBot family is dangerous, but it's not spreading that fast so our risk rating is low," said Raymund Genes , European president of Trend Micro. "The SDBot is perfect for spying, but anyone with updated antivirus protection should be fine."
Microsoft's Anti-Spam Solution A No Go. The IETF, The Internet Engineering Task Force, has rejected Microsoft's technical contribution to the Sender ID proposal.
Microsoft's proposals have already been opposed by the open source community; most are concerned with the licensing terms. The Apache Software Foundation and Debian have said that they would not deploy the scheme.
"There is at least rough consensus that the participants of the working group cannot accurately describe the specific claims of the patent application", said Andrew Newton , co-chair of the IETF working group reviewing Sender ID with other members.
The IETF has said they will continue to evaluate the Sender ID technology.
Microsoft has released a statement stating they still have support from key industry players. "AOL, Cloudmark, IronPort, VeriSign, Bell Canada and the 54-member Email Service Provider Coalition have voiced support for the Sender ID license offered by Microsoft".
Patch Fixes DoS Flaw For Samba. The most recent version of the Samba software fills a hole that could allow denial of service (DoS) attacks to disrupt networks. Samba allows Windows files and printers to be shared by Unix and Linux systems.
If Samba was subject to a DoS attack they could have been disconnected from the server by either overrunning the computer's memory to such an extent that it cannot function or by sending a specially crafted network request that would crash the NetBIOS function.
"We have not had any reports in the wild of these" flaws being used by attackers, said Gerald Carter, a member of the Samba Team.
Hackers Going After Symantec DoS Style. Following the latest MyDoom worm where the authors asked for jobs in the anti-virus industry, a new variant is designed to launch a DoS attack against Symantec.
"The latest version of MyDoom, W32/MyDoom-X, attempts to launch a denial-of-service attack against Symantec's Web site on September 29th," said Graham Cluley, senior technology consultant at antivirus firm Sophos.
The upcoming attack against Symantec's Web site would not be the first MyDoom DoS attack. Earlier this year, the SCO Web site was knocked out by a DoS attack.
Originally posted: http://www.securitypronews.com/ 9.15.04 |