Breaking Virus/Security News
On the virus front, the pace of new discoveries and alerts is picking back up: over 70 new threats have been identified and signatures created in the past two weeks. None are rated above category 1 (minimal threat) except for 2 or 3 that earn the “zoo” rating (which identifies a threat found only in antivirus labs and is not found in the wild), so there are no big alarms to raise for this newsletter. For more details, visit Symantec’s “Virus Definitions Added.” The only recent security advisory here reports a buffer overflow error in the Lotus Domino 6.0 server that is fixed in the 6.0.1 release; because the vulnerability permits malicious clients to take control over affected servers, administrators are advised to upgrade to Domino 6.0.1 ASAP.
At Microsoft, things have been extremely quiet: except for a re-issue of MS Security Bulletin MS03-004 on February 12, which advises installation of relevant Service Packs for Internet Explorer versions 5.01, 5.5, and 6.0 nothing much appears to e cooking (http://www.microsoft.com/security/security_bulletins/ms03-004.asp). That said, administrators or security professionals who work with Microsoft products may benefit from reading about and downloading the December release of the Microsoft Baseline Security Analyzer, which scans for “common system misconfigurations.”
The CERT site at www.cert.org provides new advisories about vulnerabilities in Oracle Servers and about problems inherent to the IP Session Initiation Protocol (SIP) commonly used with Voice over IP (VoIP) products. Site visitors will also find the CERT Coordination Center 2002 annual report (which includes some interesting statistics and abstracts of important activities and events in 2002) and an interesting paper on an “intrusion-aware design” model for software that attempts to define a survivability strategy for systems that addresses both strategic and tactical methods for resisting, recognizing, recovering from, and adapting to potential attacks (pointers to both documents are on the CERT home page).