Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Of interest to the community ..

  • From: Robert Mathews
  • Date: Fri Jun 14 16:57:16 2002
  • Country: = United States of America =
  • Distribution: GENERAL
  • Verified-originator: Prof. Robert Mathews

	F Y I ...  presently floating ...  If you have seen it before,
please excuse.


"Microsoft Warns of New Security Flaws"

Reuters - 06/13/02

Microsoft disclosed a trio of critical software vulnerabilities on
Wednesday. The company has issued a patch for a hole that can cause system
shutdowns or enable hackers to run malicious code on a computer; the flaw
affects users of Windows XP, Windows Routing and Remote Access Server,
Windows NT 4.0, NT 4.0 Terminal server edition, and Windows 2000. The
other security flaws include an Internet Explorer vulnerability that could
allow intruders to commandeer computers via an old Internet protocol, and
a hole in Microsoft's instant messaging and chat programs that would
permit hackers to run their code on victim machines. The Wednesday
announcement brings the total number of security bulletins Microsoft has
released this year to 30, demonstrating the company has made little actual
progress toward its target of more secure software since making it a
primary goal about six months ago. Nevertheless, David Gardner of
Microsoft's Security Response Center claims that the initiative has had
positive effects--for one thing, engineers are detecting these flaws
before they are identified and revealed by outside researchers.

"Coding Flaw Might Assist Hackers"
By Riva Richmond
The Wall Street Journal - 06/13/02
P. B4

Computer-security specialists are exploring whether the Internet
infrastructure could become a ripe target for hackers because of findings
that faulty deployments of the Abstract Syntax Notation One (ASN.1)
computer language makes Simple Network Management Protocol (SNMP)
vulnerable to intrusions. At the core of the problem are certain versions
of programming code used to read ASN.1, which fail when attempting to deal
with very long or distorted messages, giving rise to system crashes or
memory overflow that hackers could exploit. If such errors have widely
proliferated, other protocols may be open to attacks that could shut down
routers and switches, severely hampering online access.  Such protocols
are used by the telecom sector, and are also incorporated into
nuclear-control systems, power-control systems, printer-job management,
package tracking, secure communications, and online multimedia
applications.  Sourcefire founder Martin Roesch and other experts say that
the problem is being investigated by tech firms, private researchers, and
government agencies.  The National Infrastructure Protection Board's
Debbie Weierman notes that her agency has been collaborating with experts
from the NSA, the Federal Computer Incident Response Center, CERT, private
groups, and others since March to see how widespread the ASN.1 flaw is.
Microsoft, Lucent, and Oracle are among the private-sector companies that
have investigated or are investigating how their products may be affected
by the ASN.1 problem. Meanwhile, TruSecure's Paul Robertson believes
high-level hackers have devised malicious programs that exploit the flaw.

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.