Liudvikas Bukys

Flash Security Focus:

• Flash Worms: Thirty Seconds to Infect the Internet
  Stuart Staniford, Gary Grim, Roelof Jonkman,
  Silicon Defense, 8/16/2001
  In a recent very ingenious analysis, Nick Weaver at UC Berkeley proposed the possibility of a Warhol Worm that could spread across the Internet and infect all vulnerable servers in less than 15 minutes (much faster than the hours or days seen in Worm infections to date, such as Code Red).
  In this note, we observe that there is a variant of the Warhol strategy that could plausibly be used and that could result in all vulnerable servers on the Internet being infected in less than thirty seconds (possibly significantly less). We refer to this as a Flash Worm, or flash infection.
  We have run out of hyberbolic adjectives to describe how seriously vulnerable the Internet is to security disruptions, so we won’t comment further on the social implications of this.

• Warhol Worms: The Potential for Very Fast Internet Plagues
  by
  Nicholas C Weaver
  (nweaver@cs.berkeley.edu)
  “In the future, everybody will have 15 minutes of fame”
  -Andy Warhol

[Security Focus]

Holding Intruders Accountable on the Internet (paper) [Security Focus]

The Register: We won’t tell you what this patch does, but apply it NOW

There’s an extremely serious security problem with GroupWise that requires an immediate patch, but the problem is apparently so bad that Novell can’t even bring itself to tell its users what it is.

The Utah-based software firm has issued an email to its GroupWise 5.5 Enhancement Pack or GroupWise 6 users asking them that to apply the “Padlock Fix” to their servers immediately but isn’t telling anybody why it’s needed, lest hackers exploit the problem on unpatched systems.

[Security Focus]

New IIS server fixes do more than catch-up on patches

In a message to the NTBugtaq security mailing list he edits, Russ Cooper advised Windows 2000 and Windows NT server administrators not to overlook the new patch just because it seems to repeat repairs they’ve already made.

“I’m loath to ask you to now go back to all of these machines and apply yet another patch,” he wrote. “However… there are several circumstances that may apply to your systems that might make it necessary for you to get this new Security Bulletin patch applied quickly.”

[via Security Focus]

Beware MPLS VPN Tech Challenges. ZDNet Aug 20 2001 9:18AM ET [Computer security news]

OpenCA PKCS#7 Tool 0.9.8 [freshmeat.net]

Guardent, SafeNet respond to WLAN security hole. IDG Aug 20 2001 3:55AM ET

Guardent will announce this week its 802.11 Wireless Security Assessment service, a testing system that involves mimicking attacks on the access points in customers’ WLANs to find potential cracks and make recommendations, said Jamie Fullerton, senior research scientist at Waltham, Mass.-based Guardent.

Rick Geritz, president of Baltimore-based SafeNet, said customers can shore up WEP holes by implementing the IPsec standard for VPN clients in a WLAN environment. This creates a VPN for transmitting wireless encrypted packets. SafeNet has tested its current SoftRemote offering and will announce this week that SoftRemote can perform this function.

[via Computer security news]

grsecurity 1.7-2.4.9 (Stable). Extensive security patches for 2.4.x Linux. [freshmeat.net]

Interactive Buyers Guide: Security Tokens. Network Computing Aug 18 2001 5:35AM ET [Computer security news]