-----Original Message----- From: NIPC Watch [mailto:nipcwatch@private] Sent: Thursday, November 14, 2002 7:34 AM To: Cyber Threats Subject: [Cyber_threats] Daily News 11/14/02 November 12, InfoWorld - ISS reports more BIND flaws. New vulnerabilities have been discovered in the common Berkeley Internet Name Domain (BIND) domain name system (DNS) software that could allow hackers to carry out denial of service attacks against servers using BIND, according to an advisory issued on Tuesday by security company Internet Security Systems Inc. (ISS). The ISS advisory details three separate vulnerabilities. All three of those vulnerabilities make BIND susceptible to denial of service attacks from Internet users or rogue DNS administrators. One of the three vulnerabilities also involves a buffer overflow condition in the BIND code that could enable malicious code to be placed and executed on the machine running the name server software. The newly discovered vulnerabilities all allow hackers to use what are referred to as "malformed requests" to attack BIND. Such attacks rely on passing invalid or improperly formatted information to the BIND DNS, targeting specific weaknesses in the way the BIND code processes requests, to cause the DNS server to fail, according to Dan Ingevaldson, team leader of ISS's X-Force security research group. Source. http://www.infoworld.com/articles/hn/xml/02/11/12/021112hnbindflaws.xml?1112 alert November 12, Government Executive - Hackers could be planning major attack, says White House. A computer worm infecting a popular World Wide Web technology is proof that computer hackers have grown more sophisticated and could be preparing a significant attack, according to a senior White House official. Marcus Sachs, director of communication and infrastructure protection at the White House Office of Cyberspace Security, said hackers driven to "the back streets and back alleys of the Internet" by intense law enforcement scrutiny following the Sept. 11 attacks have quietly been building new threats. The worm, widely known as Slapper, is a prime example of their abilities, he said. The Slapper worm was identified two months ago, but federal officials still are concerned that many infected or at-risk organizations and individuals haven't taken adequate steps to protect themselves. Sachs said Slapper represents a "double barrel" feat of hacker engineering, because it targets two well-known devices that have long been considered quite secure. Some believe Slapper is a sign of threats to come. "These types of worms have the potential of becoming the much bigger problem out there," said Vincent Weafer, senior director of the Symantec Anti Virus Research Center in Santa Monica, California. Source. http://www.govexec.com/dailyfed/1102/111202h1.htm Virus: #1 Virus in USA: WORM_KLEZ.H Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 137(netbios-ns); 80(http); 1433(ms-sql-s); 21(ftp); 443(https); 4665; 139(netbios-ssn); 25(smtp); 445(microsoft-ds); 27374(asp) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Cyber_Threats mailing list Cyber_Threats@listserv http://listserv.infragard.org/mailman/listinfo/cyber_threats
This archive was generated by hypermail 2b30 : Thu Nov 14 2002 - 10:21:02 PST