The Search Engine Report - Number 90 - May 6, 2004:
"Search Engine Watch News
Search Engine Strategies Toronto & London!
Search Engine Articles By Danny Sullivan
SearchDay Articles
Search Engine Articles
Search Engine Resources"
http://searchenginewatch.com/sereport/article.php/3350871
Saturday, May 08, 2004
Why your personal firewall could be obsolete - TechUpdate - ZDNet:
"If your business has turned the use of personal firewalls into a required countermeasure, now's a good time to start thinking more strategically before buying any more personal firewall technology from a third party.
Although it still has a serious flaw that Microsoft will have no choice but to fix, the morphing of Windows XP's built-in personal firewall from a toy into a more serious security technology means that now's also a good time for the remaining independent personal firewall vendors like Zone Labs to be thinking about long term survival strategies. For the cottage industry of personal firewalls that includes giants like Symantec and McAfee (a division of Network Associates) and smaller players like Zone Labs, Sygate, Internet Security Systems (makers of BlackICE), and Panda Software, this was an inevitable turn of events.… "
http://64.95.71.98/techupdate/stories/main/Preview4987.html
"If your business has turned the use of personal firewalls into a required countermeasure, now's a good time to start thinking more strategically before buying any more personal firewall technology from a third party.
Although it still has a serious flaw that Microsoft will have no choice but to fix, the morphing of Windows XP's built-in personal firewall from a toy into a more serious security technology means that now's also a good time for the remaining independent personal firewall vendors like Zone Labs to be thinking about long term survival strategies. For the cottage industry of personal firewalls that includes giants like Symantec and McAfee (a division of Network Associates) and smaller players like Zone Labs, Sygate, Internet Security Systems (makers of BlackICE), and Panda Software, this was an inevitable turn of events.… "
http://64.95.71.98/techupdate/stories/main/Preview4987.html
Friday, May 07, 2004
Patches Could Have Lessened Sasser Worm Spread:
"Sasser's spread began to stabilize Tuesday, but not after infecting hundreds of thousands of computers since Friday by exploiting a known Windows flaw for which Microsoft Corp. issued a software patch three weeks ago. "
Twenty British Airways flights were each delayed about 10 minutes Tuesday due to Sasser troubles at check-in desks, while British coastguard stations used pen and paper for charts normally generated by computer.
On Monday, the worm hit public hospitals in Hong Kong and one-third of Taiwan's post office branches. Major corporations around the world also were infected.
Home users were particularly hit hard, computer security experts say, because they generally lack the know-how to install patches and tend not to have the firewalls needed to keep Sasser from spreading to other computers via the Internet.
Late this summer, Microsoft plans to introduce a Windows XP update that would turn on a built-in firewall and automatically obtain and install security patches regularly. Microsoft is currently testing the update.
For now, computer users must manually turn such settings on—through "System" or "Automatic Updates" in Windows' Control Panel—or they must periodically check the company's Web site for new patches.…
http://www.eweek.com/article2/0,1759,1585008,00.asp?kc=ewnws050504dtx1k0000599
"Sasser's spread began to stabilize Tuesday, but not after infecting hundreds of thousands of computers since Friday by exploiting a known Windows flaw for which Microsoft Corp. issued a software patch three weeks ago. "
Twenty British Airways flights were each delayed about 10 minutes Tuesday due to Sasser troubles at check-in desks, while British coastguard stations used pen and paper for charts normally generated by computer.
On Monday, the worm hit public hospitals in Hong Kong and one-third of Taiwan's post office branches. Major corporations around the world also were infected.
Home users were particularly hit hard, computer security experts say, because they generally lack the know-how to install patches and tend not to have the firewalls needed to keep Sasser from spreading to other computers via the Internet.
Late this summer, Microsoft plans to introduce a Windows XP update that would turn on a built-in firewall and automatically obtain and install security patches regularly. Microsoft is currently testing the update.
For now, computer users must manually turn such settings on—through "System" or "Automatic Updates" in Windows' Control Panel—or they must periodically check the company's Web site for new patches.…
http://www.eweek.com/article2/0,1759,1585008,00.asp?kc=ewnws050504dtx1k0000599
Thursday, May 06, 2004
Sasser.D Worm Arrives, Ready to Do Damage:
"A fourth version of Sasser has the potential to cause serious slowdowns and outages; a hoax e-mail claiming to contain a fix for the worm in fact contains a version of the NetSky worm.…"
Sasser.D appeared Monday afternoon and is similar to the previous three versions in most respects. The main difference in the new variant is that it uses ICMP echo requests, also known as pings, to look for other machines to infect. The Nachi worm of last summer had the same capability and, on networks with a number of vulnerable machines, the worm caused severe congestion.
The new Sasser variant could cause the same problems, experts warn. And, Sasser.D can scan multicast addresses, which has led to it causing some destabilization of routers that handle multicast traffic, analysts at The SANS Institute in Bethseda, Md., said.
Sasser.D also uses a different name for the file it leaves on infected PCs: Skynetave.exe. And it creates a remote shell on TCP port 9995, instead of 9996, which is used by the other three variants.
In addition to the new variant, there also is a hoax e-mail circulating that claims to contain a fix for Sasser. The message actually contains a new version of the NetSky worm.…
http://www.eweek.com/article2/0,1759,1584121,00.asp?kc=ewnws050404dtx1k0000599
"A fourth version of Sasser has the potential to cause serious slowdowns and outages; a hoax e-mail claiming to contain a fix for the worm in fact contains a version of the NetSky worm.…"
Sasser.D appeared Monday afternoon and is similar to the previous three versions in most respects. The main difference in the new variant is that it uses ICMP echo requests, also known as pings, to look for other machines to infect. The Nachi worm of last summer had the same capability and, on networks with a number of vulnerable machines, the worm caused severe congestion.
The new Sasser variant could cause the same problems, experts warn. And, Sasser.D can scan multicast addresses, which has led to it causing some destabilization of routers that handle multicast traffic, analysts at The SANS Institute in Bethseda, Md., said.
Sasser.D also uses a different name for the file it leaves on infected PCs: Skynetave.exe. And it creates a remote shell on TCP port 9995, instead of 9996, which is used by the other three variants.
In addition to the new variant, there also is a hoax e-mail circulating that claims to contain a fix for Sasser. The message actually contains a new version of the NetSky worm.…
http://www.eweek.com/article2/0,1759,1584121,00.asp?kc=ewnws050404dtx1k0000599
Tuesday, May 04, 2004
Symantec Security Response - W32.Sasser.B.Worm:
"W32.Sasser.B.Worm is a variant of W32.Sasser.Worm. It attempts to exploit the LSASS vulnerability described in Microsoft Security Bulletin MS04-011. This worm spreads by scanning randomly selected IP addresses of vulnerable systems.… "
Notes:
The MD5 hash value of this worm is 0x1A2C0E6130850F8FD9B9B5309413CD00.
Symantec Security Response has developed a removal tool to clean the infections of W32.Sasser.B.Worm.
Block TCP ports 5554, 9996, and 445 at the perimeter firewall and install the appropriate Microsoft patch (MS04-011) to prevent the remote exploitation of the vulnerability.
--------------------------------------------------------------------------------
W32.Sasser.B.Worm can run on, but not infect, Windows 95/98/Me computers. Although these operating systems cannot be infected, they can still be used to infect the vulnerable systems to which they are able to connect. In this case, the worm will waste a lot of resources so that programs cannot properly run, including our removal tool. (On Windows 95/98/Me computers, the tool should be run in Safe mode.)
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html
"W32.Sasser.B.Worm is a variant of W32.Sasser.Worm. It attempts to exploit the LSASS vulnerability described in Microsoft Security Bulletin MS04-011. This worm spreads by scanning randomly selected IP addresses of vulnerable systems.… "
Notes:
The MD5 hash value of this worm is 0x1A2C0E6130850F8FD9B9B5309413CD00.
Symantec Security Response has developed a removal tool to clean the infections of W32.Sasser.B.Worm.
Block TCP ports 5554, 9996, and 445 at the perimeter firewall and install the appropriate Microsoft patch (MS04-011) to prevent the remote exploitation of the vulnerability.
--------------------------------------------------------------------------------
W32.Sasser.B.Worm can run on, but not infect, Windows 95/98/Me computers. Although these operating systems cannot be infected, they can still be used to infect the vulnerable systems to which they are able to connect. In this case, the worm will waste a lot of resources so that programs cannot properly run, including our removal tool. (On Windows 95/98/Me computers, the tool should be run in Safe mode.)
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html
Keyboard Shortcuts with Windows XP Home Edition:
"When speed counts, the keyboard is still king. Almost all the actions and commands you can perform with a mouse you can perform faster using combinations of keys on your keyboard. These simple keyboard shortcuts can get you where you want to go faster than several clicks of a mouse. You'll work faster on spreadsheets and similar documents, too, because you won't lose your place switching back and forth between mouse and keys.
Here are some of the most useful keyboard shortcuts:"
http://www.microsoft.com/windowsxp/home/using/tips/personalize/keyboardsc.asp
"When speed counts, the keyboard is still king. Almost all the actions and commands you can perform with a mouse you can perform faster using combinations of keys on your keyboard. These simple keyboard shortcuts can get you where you want to go faster than several clicks of a mouse. You'll work faster on spreadsheets and similar documents, too, because you won't lose your place switching back and forth between mouse and keys.
Here are some of the most useful keyboard shortcuts:"
http://www.microsoft.com/windowsxp/home/using/tips/personalize/keyboardsc.asp
Monday, May 03, 2004
ZDNet: Printer Friendly - Alarm growing over bot software:
"Known as bot software, the remote attack tools can seek out and place themselves on vulnerable computers, then run silently in the background, letting an attacker send commands to the system while its owner works away, oblivious. The latest versions of the software created by the security underground let attackers control compromised computers through chat servers and peer-to-peer networks, command the software to attack other computers and steal information from infected systems.
News.context
What's new:
Internet security watchers warn that the most common kind of bot software has been upgraded. A new variant incorporates publicly available code for breaching security through a vulnerability on almost every Windows system sold in the past five years.
Bottom line:
Bot software has spread widely--just how quickly is difficult even for security experts to evaluate. Symantec puts the number of computers compromised in the hundreds of thousands. Other security experts have put the number in the millions. Moreover, with source code commonly available, bot software gets quickly updated to take advantage of the latest flaws.…"
http://zdnet.com.com/2100-1105_2-5202236.html?tag=adnews
"Known as bot software, the remote attack tools can seek out and place themselves on vulnerable computers, then run silently in the background, letting an attacker send commands to the system while its owner works away, oblivious. The latest versions of the software created by the security underground let attackers control compromised computers through chat servers and peer-to-peer networks, command the software to attack other computers and steal information from infected systems.
News.context
What's new:
Internet security watchers warn that the most common kind of bot software has been upgraded. A new variant incorporates publicly available code for breaching security through a vulnerability on almost every Windows system sold in the past five years.
Bottom line:
Bot software has spread widely--just how quickly is difficult even for security experts to evaluate. Symantec puts the number of computers compromised in the hundreds of thousands. Other security experts have put the number in the millions. Moreover, with source code commonly available, bot software gets quickly updated to take advantage of the latest flaws.…"
http://zdnet.com.com/2100-1105_2-5202236.html?tag=adnews
URLScan Security Tool:
"UrlScan version 2.5 is a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, the UrlScan security tool helps prevent potentially harmful requests from reaching the server. UrlScan 2.5 will now install as a clean installation on servers running IIS 4.0 and later.…"
http://www.microsoft.com/technet/security/tools/urlscan.mspx
"UrlScan version 2.5 is a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, the UrlScan security tool helps prevent potentially harmful requests from reaching the server. UrlScan 2.5 will now install as a clean installation on servers running IIS 4.0 and later.…"
http://www.microsoft.com/technet/security/tools/urlscan.mspx
Subscribe to:
Posts (Atom)
Posts
