Tuesday, August 12, 2003

Worm's spread shows holes in patch system. The MSBlast worm's quick spread supports the view that patches, while necessary to increase the security of specific computers, can't be relied upon to protect large networks. [CNET News.com]

No kidding. Try getting it right the first time.


7:36:40 PM    comment []  

Bloomberg/The Salt Lake Tribune: SCO Execs Unloading Shares Chief Financial Officer Robert Bench began the $1.2 million in executive share sales four days after Lindon -based SCO filed its lawsuit against Armonk, N.Y.-based IBM on March 6. Before Bench's sale, SCO insiders had not sold shares in more than a year, according to the Washington Service, a firm that tracks insider transactions.  [Linux Today]
3:07:20 PM    comment []  

Win32 Blaster Worm is on the Rise

Win32 Blaster Worm is on the Rise
Windows
Software
Operating Systems
Posted by CmdrTaco on Tuesday August 12, @10:06AM
from the i-can't-hold-her-together-any-longer-captain dept.
EvilNight writes "You know you've got it when a 60 second shutdown timer pops up on your screen. The virus uses the RPC vulnerability. It looks like it's reaching critical mass today. Luckily, it's an easy one to stop: Download this security update. Once you've installed that patch, go here and download the removal tool."

[Slashdot]


1:18:13 PM    comment []  

TVC: RSS News Feeds for Law. Genie Tyburski's Virtual Chase now offers a new section of the Legal Research Guide entitled RSS Feeds for Law. [Jerry Lawson: News Aggregators]

Query: will those teaching legal research to law students use blogs as sources?  What about newsfeeds?  I certainly hope so.

 


10:21:41 AM    comment []  

CERT® Advisory CA-2003-20 W32/Blaster worm  From CERT/CC:
The CERT/CC is receiving reports of widespread activity related to a new piece of malicious code known as W32/Blaster. This worm appears to exploit known vulnerabilities in the Microsoft Remote Procedure Call (RPC) Interface.
The W32/Blaster worm exploits a vulnerability in Microsoft's DCOM RPC interface as described in VU#568148 and CA-2003-16.  Upon successful execution, the worm attempts to retrieve a copy of the file msblast.exe from the compromising host. Once this file is retrieved, the compromised system then runs it and begins scanning for other vulnerable systems to compromise in the same manner. In the course of propagation, a TCP session to port 135 is used to execute the attack. However, access to TCP ports 139 and 445 may also provide attack vectors and should be considered when applying mitigation strategies. Microsoft has published information about this vulnerability in Microsoft Security Bulletin MS03-026.
Trend Micro, Inc. has published a set of steps to accomplish these goals. Symantechas also published a set of steps to accomplish these goals.
9:54:06 AM    comment []  

© Copyright 2003 Elmer Masters .
Last update: 9/2/2003; 11:13:49 AM .

Click here to visit the Radio UserLand website. Valid CSS! Subscribe to "<CONTENT /> v.3" in Radio UserLand. Click to see the XML version of this web page. Click here to send an email to the editor of this weblog.