For all you Mozilla folks out there... ________________________________ From: information_technology-admin@private on behalf of InfraGard Sent: Wed 7/28/2004 6:57 AM To: Information Technology Subject: [Information_technology] Daily News 07/28/04 July 27, SearchSecurity.com - Mozilla flaw allows SSL certificate abuse. A vulnerability in Mozilla and Mozilla Firefox could allow malicious sites to abuse SSL certificates of other sites, according to Secunia. The Copenhagen, Denmark-based IT security firm said in its advisory that "It is possible to make the browser load a valid certificate from a trusted Web site by using a specially crafted 'onunload' event. The problem is that Mozilla loads the certificate from a trusted Web site and shows the 'secure padlock' while actually displaying the content of the malicious Web site." The vulnerability has been confirmed using Mozilla Firefox 0.9.2 and Mozilla 1.7.1 on Windows and Mozilla Firefox 0.9.1 on Linux. Other versions may also be affected. Secunia recommends users steer clear of untrusted Web sites and "verify the correct URL in the address bar with the one in the SSL certificate." Source: http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci99558 5,00.html July 27, eWEEK - MyDoom attacks Microsoft.com through back door. A second attack by MyDoom.O began in earnest Tuesday, July 27. MyDoom.O, also known as MyDoom.M or MyDoom.M@mm, installs a Trojan known as Zincite.A on every PC that it infects. The Trojan opens TCP port 1034 and listens for further commands. Zindos spreads itself by scanning for machines listening on port 1034. When it finds one, Zindos copies itself to the infected PC and then Zincite executes the copy. Zindos then creates an executable file and launches a DDoS attack against Microsoft's main Website. Some earlier versions of MyDoom also attacked the company's site. Microsoft's site appeared to be unaffected by the activity. Analysts at Symantec Corporation said Tuesday that MyDoom.O keeps track of every system the worm infects. Symantec also said its analysts believe that Zindos is being used as an updating mechanism for the MyDoom worms, which means that their behavior and characteristics could change at any time. Also Tuesday, e-mail security provider MessageLabs Inc. said it had seen more than 530,000 copies of MyDoom.O since its arrival late Sunday. Source: http://www.eweek.com/article2/0,1759,1628178,00.asp July 25, Reuters - Islamic group warns Italy over Iraq. An Islamist group in a purported Internet statement issued a new threat to attack Italy if Prime Minister Silvio Berlusconi does not withdraw troops from Iraq. Islamist militants have regularly threatened to target Italy as part of their war on the United States and its allies. But the warnings have increased this month. The same site on Saturday carried a statement signed by another group claiming to be a branch of al Qaeda in Europe which warned Italy and Australia of "columns of rigged cars" if they did not pull troops out of Iraq. Australian Prime Minister John Howard said on Monday he would ignore the threats. "We will not parlay and negotiate with terrorists and I believe the overwhelming majority of the Australian public will agree with us," said Howard, who sent 2,000 troops to the U.S.-led war on Iraq. Berlusconi, a close U.S. ally, backed last year's invasion to overthrow Saddam Hussein and Italy has around 2,700 troops in Iraq. The Philippines withdrew troops from Iraq this month to save the life of a Filipino hostage. It joined Spain, the Dominican Republic, Nicaragua and Honduras which earlier quit what once was a 34-nation U.S.-led coalition. Source: http://www.reuters.com/newsArticle.jhtml?type=worldNews&stor yID=5766420 Internet Alert Dashboard DHS/US-CERT Watch Synopsis Over the preceding 24 hours, there has been no cyber activity which constitutes an unusual and significant threat to Homeland Security, National Security, the Internet, or the Nation's critical infrastructures. US-CERT Operations Center Synopsis: The latest variant of MyDoom created the unintended effect of creating a Denial of Service (DoS) condition in several Internet Search Engine Sites. This is due to the fact that the worm attempts to perform internet searches for valid email addresses for domain names it finds on victim computers. Current Port Attacks Top 10 Target Ports 9898 (dabber), 135 (epmap), 5554 (sasser-ftp), 137 (netbios-ns), 1434 (ms-sql-m), 445 (microsoft-ds), 4899 (radmin), 1023 (Reserved), 139 (netbios-ssn), 8000 (irdmi) Source: http://isc.incidents.org/top10.html; Internet Storm Center To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or visit their Website: www.us-cert.gov. Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and Analysis Center) Website: https://www.it-isac.org/. _______________________________________________ Information_technology mailing list Information_technology@listserv
This archive was generated by hypermail 2.1.3 : Wed Jul 28 2004 - 09:15:52 PDT