Month: November 2005

Symantec pcAnywhere Denial of Service

By donna

A buffer overflow has been resolved in Symantec pcAnywhere that could lead to a Denial of Service. The buffer overflow occurs prior to authentication and can lead to termination of the pcAnywhere component. pcAnywhere must be restarted to function as designed. Affected Product(s):  Symantec pcAnyware 11.0.1 and 11.5.1 Note: This vulnerability affects all 32-bit versions of pcAnywhere. Updates are available for supported versions only. Users of versions prior to 11.0.1, are encouraged to upgrade to a supported version Symantec ResponsePatches for this issue can be downloaded from the following locations: For consumer versions of Symantec pcAnywhere: http://www.symantec.com/techsupp/files/pca/index.html For enterprise versions … Continue reading Symantec pcAnywhere Denial of Service

Apple released Security Update 2005-009

By donna

Apple released the Security Update 2005-009 affecting Apple operating systems (client and server) and Safari browser. Affected products:Mac OS X 10.4 through 10.4.3Mac OS X 10.3.9Safari View the security advisory by Apple at http://docs.info.apple.com/article.html?artnum=302847 Ensure to install the following updates for your system:Apple Security Updates: Security Update 2005-009(Tiger Client) Security Update 2005-009(Tiger Server) Security Update 2005-009(Panther Client) Security Update 2005-009(Panther Server) The above updates delivers a number of security enhancements and is recommended for all Macintosh users.

Hacked Server Exposes Brokerage Customers’ Data

By donna

Online brokerage Scottrade says a server compromise at a service provider may have exposed the financial details of its customers, including banking account information and Social Security numbers. The security breach follows warnings from U.S. securities regulators that hackers and phishing fraudsters have stepped up their targeting of online investors, prompting enhanced education efforts by brokerage firms and the U.S. government. Scottrade, which has 1.4 million customers, said it was notified Oct. 25 that a hacker had compromised a server at eCheck Secure, an electronic payment service provided by The Troy Group Inc. “As a result, some of your personal … Continue reading Hacked Server Exposes Brokerage Customers’ Data

Microsoft Partner Program Restructures the Security Solutions Competency

By donna

According to Thomas Dawkins, group product manager and the person responsible for Microsoft’s security partner strategy, the revised Security Solutions Competency is a direct response to many discussions Microsoft has had with industry partners, analysts, field sales staff and others, who made specific recommendations on ways to make the program more useful to partners who work with products, services or solutions based around security. “Our partners want business opportunities, a relationship that supports the development and growth of their security business, and meaningful program requirements that help position them as trusted advisers to customers,” Dawkins says. “Most importantly, they want … Continue reading Microsoft Partner Program Restructures the Security Solutions Competency

FTC Study Shows Technology Gaining in the Battle Against Spam

By donna

According to a new study released today by the Federal Trade Commission, spammers continue to harvest email addresses from public areas of the Internet, but Internet Service Providers’ anti-spam technologies can block the vast majority of spam sent to these email addresses. The FTC staff report also found that consumers who must post their e-mail addresses on the Internet can prevent them from being harvested by using a technique known as “masking.” http://www.ftc.gov/opa/2005/11/spam3.htmDocument: Email Address Harvesting and the Effectiveness of Anti-Spam Filters (requires PDF viewer)

Windows SynAttackProtect Predictable Hash Remote DoS Vulnerability

By donna

Microsoft Windows is prone to a denial of service vulnerability. The vulnerability arises due to a design error in the function responsible for the hash table management for ‘SynAttackProtect’. Reports indicate that the affected function used by the TCP/IP stack creates a predictable hash, allowing an attacker to send a large number of SYN packets with an identical hash value. A successful attack can eventually lead to a denial of service condition due to the lookup algorithm becoming very inefficient at performing searches. Vulnerable:  Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 … Continue reading Windows SynAttackProtect Predictable Hash Remote DoS Vulnerability

Sun Java JRE Sandbox Security Bypass Vulnerabilities

By donna

Sun Java JRE Sandbox Security Bypass Vulnerabilities Affected Software: Sun Java JDK 1.5.xSun Java JRE 1.3.xSun Java JRE 1.4.xSun Java JRE 1.5.x / 5.xSun Java SDK 1.3.xSun Java SDK 1.4.x Some vulnerabilities have been reported in Sun Java JRE (Java Runtime Environment), which can be exploited by malicious people to compromise a user’s system. 1) An unspecified error may be exploited by a malicious, untrusted applet to read and write local files or execute local applications. The vulnerability has been reported in JDK/JRE 5.0 Update 3 and prior on Windows, Solaris and Linux platforms. SDK/JRE 1.4.2_xx and prior, and 1.3.1_xx releases … Continue reading Sun Java JRE Sandbox Security Bypass Vulnerabilities