Free Republic

All, Here a scoop to Freepers which is just now hitting us security pro's. There is a first vulnerability that uses the MS Bug that MS addressed with MS 03-026 two weeks ago. It is calling itself MSBLAST.exe and is spreading in the wild unbelievably fast. http://isc.sans.org/diary.html?date=2003-08-11 A first advisory from McAffee has just been published: http://us.mcafee.com/virusInfo/defa...&virus_k=100547 Once it finds a vulnerable system, it will spawn a shell on port 4444 and use it to download the actual worm via tftp. The exploit itself is very close to 'dcom.c' and so far appears to use the "universal Win2k" offset only....

Another critical Windows flaw found Microsoft warns malformed MIDI music file could exploit flaw By David Becker Microsoft issued another passel of warnings about security holes Wednesday, including a “critical” flaw affecting most Windows PCs. The most serious of the flaws involves DirectX, a library of graphics and multimedia programming instructions used by most PC games, and could allow malicious users to run code of their choice on a vulnerable PC.        THE FLAW IS unusually widespread, affecting all versions of DirectX from version 5.2 to the current 9.0a running on all versions of Windows from Windows 98...

The High Court in London has imposed an injunction on Cambridge University security experts who claim to have uncovered serious failings in the system banks use to secure ATM PIN codes. The gagging order, preventing public disclosure of cryptographic vulnerabilities, was made at the request of CitiBank and Diners' Club against experts due to testify in a 'phantom withdrawal' case to be heard in the South African High Court next month. South African couple Anil and Vanita Singh say that £50,000 withdrawn through the Diners' Club account through British ATMs in March 2000 was never made by them. Diners...

NASA Warned of Shuttle's Vulnerablitiy By MARCIA DUNN, AP Aerospace Writer SPACE CENTER, Houston - NASA (news - web sites) was warned nine years ago that the space shuttle could fail catastrophically if debris hit the vulnerable underside of its wings during liftoff — the very scenario that may have brought down Columbia. After receiving the warning, NASA made changes in materials and flight rules to lessen the risk of debris breaking loose, Paul Fischbeck, an engineering professor at Carnegie Mellon University who conducted the 1994 analysis, said Tuesday. "There are very important tiles under there. If you lose the...

The federal government's sluggish effort to improve domestic security since Sept. 11 is leaving the U.S. vulnerable to terror attacks, Sen. Chuck Schumer said yesterday. In a new "Security Report Card" released yesterday, Schumer (D-N.Y.) gave the government an overall C-minus for its anti-terror effort to protect the nation's rail systems, airports, water supply, and ports and borders. "When it comes to domestic security, the federal government is playing Russian roulette with New York and the nation," Schumer said at a news conference in front of a Sept. 11 memorial inside Penn Station. The report also graded 10 categories within...

Security researchers say they have found a serious flaw in Microsoft's Internet Explorer browser that could expose credit card and other sensitive information of Internet surfers. The IE problem has been around for at least five years and could allow an attacker to intercept personal data when a person is making a purchase or providing information for e-commerce purposes, said Mike Benham, an independent security researcher based in San Francisco. "If you ever typed in credit card information to an SSL site, there's a chance that somebody intercepted it,'' he said, referring to the Secure Socket Layer protocol for...

Several vulnerabilities were reported in Outlook Express (OE). A remote user can send malicious e-mail with an attachment that will bypass OE's malicious file type filter and misrepresent the name and size of the file. http://securitytracker.com/alerts/2002/Jul/1004805.html

'Corrupt' CIA Ensures US Vulnerability to TerrorismJessica Cantelon, CNSNews.comJuly 15, 2002 CNSNews.com - The Central Intelligence Agency is "politicized" and "corrupt," the idea of a cabinet level Department of Homeland Security is a "ridiculous notion," and the Sept. 11 terrorist attacks were "not an act of war," but "a terrible criminal act," according to a former CIA Soviet analyst. Melvin Goodman, a current professor of international studies at the National War College in Washington, D.C., spoke recently at the Institute for Policy Studies (IPS) in the nation's capital. According to Goodman, it's "unbelievable" the U.S. wasn't better prepared for...