CIA says it cant keep up with hackers
CIA says it cant keep up with hackers. CNET Jun 21 2001 3:58PM ET [via Computer security news]
Samba Officially Supported on Solaris
Sun and Veritas:
Samba Officially Supported on Solaris
[via Linux Today]
Why Smart Agents Are A Dumb Idea
Clay Shirky: From June 1999; Why Smart Agents Are A Dumb Idea [Tomalak’s Realm]
Wired-side SNMP WEP key exposure in 802.11b Access Points
ISS X-Force:
Wired-side SNMP WEP key exposure in 802.11b Access Points – (June 20, 2001)
Internet Security Systems (ISS) X-Force has discovered a vulnerability
in several 802.11b Access Point devices. This problem may reveal the
Wired Equivalent Privacy (WEP) key that is associated with the wired
network.X-Force confirmed the following products are vulnerable:
3Com AirConnect Model Number AP-4111
Symbol 41X1 Access Point Series
Multiple Vendor 802.11b Access Point SNMP authentication flaw – (June 20, 2001)
ISS X-Force has discovered a serious flaw in the authentication
mechanism of the Atmel VNET-B Simple Network Management Protocol (SNMP)
implementation. Atmel devices are provided via Original Equipment
Manufacturer (OEM) agreements to Netgear and Linksys. These devices do
not implement any SNMP security measures, which may allow an attacker
to gain access to or control a wireless LAN (WLAN).Affected Versions:
Atmel 802.11b VNET-B based Access Point
with firmware versions up to and including 1.3
Linksys WAP11
with Atmel firmware versions up to and including 1.3
Netgear ME102
with Atmel firmware versions up to and including 1.3
Solaris bug gives hackers free rein
ZDNet: Solaris bug gives hackers free rein (in.lpd vulnerability)
[via Security Focus]
Tiny Software Personal Firewall
CanadaComputes.com:
Tiny Software Personal Firewall.
Tiny Software: Comparison of PC software firewall products.
[via Moreover Computer security news]
Yet Another IIS Hole
eEye: Yet Another IIS Hole.
All versions of Microsoft Internet Information Services Remote buffer overflow (SYSTEM Level Access) “Attackers that leverage the vulnerability can, from a remote location, gain full SYSTEM level access to any server that is running a default installation of Windows NT 4.0, Windows 2000, or Windows XP and using Microsoft’s IIS Web server software. With system-level access, an attacker can perform any desired action, including installing and running programs, manipulating Web server databases, adding, changing or deleting files and Web pages, and more…
Vendor Status:
Microsoft has released a patch for this vulnerability that can be downloaded from: http://www.microsoft.com/technet/security/bulletin/MS01-033.asp “Microsoft strongly urges all web server administrators to apply the patch immediately.”
Also eEye Digital Security recommends removing the .ida ISAPI filter from your Web server if it does not provide your Web server with any _needed_ functionality.
[via ZopeNewbies]
Securing Windows 2000: First Steps (article)
Securing Windows 2000: First Steps (article) Nowhere near as thorough as the NSA recommendations, but OK for extremely basic first steps. [Security Focus]
VPN Service Said To Ease Setup Pain
VPN Service Said To Ease Setup Pain. ZDNet Jun 18 2001 9:10AM ET [Computer security news]
