-----Original Message----- From: NIPC Watch [mailto:nipcwatch@private] Sent: Wednesday, September 04, 2002 8:28 AM To: Cyber Threats Subject: [Cyber_threats] Daily News 09/04/02 September 3, IDG Communications Weaknesses in some Cisco software could prevent users accessing their organisation's virtual private networks. All Cisco virtual private network (VPN) client software earlier than versions 3.6 and 3.5.4 (?) including Cisco Secure VPN Client and Cisco VPN 3000 Client are affected by what Cisco describes as "multiple vulnerabilities". According to a Cisco security advisory, "exploitation of these vulnerabilities prevents the Cisco VPN Client software from functioning correctly and there are no workarounds available to mitigate the effects". Cisco's VPN 5000 Client is unaffected. Cisco New Zealand manager Tim Hemingway says the problem is a buffer overflow which would not affect all users, and only those in specific situations. "It's not a security vulnerability at all, so there is no issue with third parties getting hold of any data." Source: http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=8882 September 3, The Register Digital signatures can easily be forged and therefore can't be trusted in Outlook because of the same certificate chaining issue plaguing Internet Explorer, researcher Mike Benham says. Benham is responsible for discovering and publicizing the IE debacle, where SSL certs can be signed by an untrusted intermediary without warning to the end user, as we reported earlier. Now after a bit of further tinkering it appears that the same design flaw can be used against Outlook users. Briefly, an attacker would sign an untrusted cert with a trusted, intermediate one. Of course, just because the cert doing the signing is trusted, that's no reason why its offspring should be. Unfortunately, neither IE nor Outlook check basic constraints, and for this reason the end user is never warned that the certificate chain is questionable. Source: http://www.theregister.co.uk/content/4/26924.html Virus: #1 Virus in USA: FUNLOVE.4099 (aka PE_FUNLOVE.4099, W32/FunLove.4099, W32/FLCSS, W32.FunLove.4099) Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports - 80(http); 1433(ms-sql-s); 21(ftp); 139(netbios-ssn); 111(sunrpc); 25(smtp); 1080 (socks); 22(ssh); 53(domain); 57 Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Cyber_Threats mailing list Cyber_Threats@listserv http://listserv.infragard.org/mailman/listinfo/cyber_threats
This archive was generated by hypermail 2b30 : Wed Sep 04 2002 - 09:32:29 PDT