CRIME FW: [Information_technology] Daily News 9/15/03

From: George Heuston (GeorgeH@private)
Date: Mon Sep 15 2003 - 09:27:31 PDT

  • Next message: Raan Young: "Re: CRIME FW: [Information_technology] Daily News 9/15/03"

     
    
    	-----Original Message----- 
    	From: information_technology-admin@private on behalf of InfraGard 
    	Sent: Mon 9/15/2003 7:58 AM 
    	To: Information Technology 
    	Cc: 
    	Subject: [Information_technology] Daily News 9/15/03
    	
    	
    
    	September 11, Sydney Morning Herald (Australia) — Thirty unpatched holes in
    	IE, says security researcher. As Microsoft releases details of new
    	vulnerabilities, it is yet to tackle the 30 unpatched holes in Internet
    	Explorer which have been documented by well-known security researcher Thor
    	Larholm. Larholm, a former black hat and now a senior security researcher
    	with a private company, said on Friday, September 12, that seven more
    	vulnerabilities had been added to the list he maintains, all of them having
    	been discovered by Chinese researcher Liu Die Yu. "One of these new
    	vulnerabilities exploits a new attack vector that has surfaced in IE lately,
    	namely misdirecting user input," Larholm said. According to Larholm, "This
    	allows you to redirect a user's mouseclick to (for example) the OK button on
    	a dialog asking for security confirmation by moving the browser window prior
    	to the mouse being released. This resurrects the debate on whether to
    	disable some core functionality to heighten security. Similarly, several of
    	the vulnerabilities that remain unpatched are known to be under active
    	investigation by the Microsoft Security Response Center, and I am confident
    	that a secure patch is being prepared for prompt release." Source:
    	http://www.smh.com.au/articles/2003/09/11/1063249516080.html
    	
    	September 11, KIRO TV (Seattle, WA) — Voice mail hijacked to accept collect
    	calls from crooks. The words "Yes, Yes, Yes" usually mean something
    	positive, but not in this case. A new con uses these three words to rip off
    	voice mail users. Maureen Claridge says she got stuck with a large phone
    	bill because someone hijacked her voice mail. Maureen's voice mail usually
    	sounded like this: "This is Maureen; I'm in the office, but on the other
    	line, leave a number and I'll get back to you as soon as I can." But a crook
    	hacked into it and recorded the words "yes, yes, yes." The crooks target
    	people who have simple voice mail passwords. They use the password to hack
    	into the system and change the message to accept collect calls. Then they
    	ask you a series of questions, usually three, and the answer is "yes, yes,
    	yes." The voice mail telephone company says small business people are often
    	targeted, because they don't answer their phones on the weekend. To protect
    	yourself, check your outgoing message from time to time and change your
    	password to something only you would know. Source:
    	http://www.kirotv.com/money/2476956/detail.html
    	
    	
    	AlertCon: 2 out of 4
    	https://gtoc.iss.net
    	
    	Security Focus ThreatCon: 2 out of 4
    	http://analyzer.securityfocus.com/
    	
    	Current Virus and Port Attacks
    	Virus: #1 Virus in the United States: WORM_LOVGATE.G
    	Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus
    	Tracking Center
    	[Infected Computers, North America, Past 24 hours, #1 in United States]
    	
    	Top 10 Target Ports 135 (epmap), 1434 (ms-sql-m), 137 (netbios-ns), 445
    	(microsoft-ds), 80 (www), 593 (http-rpc-epmap), 1433 (ms-sql-s), 139
    	(netbios-ssn), 21 (ftp), 17300
    	(Kuang2TheVirus)
    	Source: http://isc.incidents.org/top10.html; Internet Storm Center
    	
    	_______________________________________________
    	Information_technology mailing list
    	Information_technology@listserv
    	
    



    This archive was generated by hypermail 2b30 : Mon Sep 15 2003 - 09:59:08 PDT