[ insider_reports_insider ]
Flaw With Winamp Could Compromise Enterprise Security.
Jeremy Muncy
Contributing Writer
2004-08-31
 Insider Reports RSS Feed
A recently discovered flaw in the popular Winamp multimedia player by AOL subsidiary, Nullsoft is sure to hit a sour note with unfortunate victims. Spyware authors are exploiting the way Winamp loads its graphical themes (skins) for the distribution and infection of PCs.
 | | Winamp Security Flaw... |  |
"We received several reports from users who were hacked after clicking on a link distributed on several IRC (Internet relay chat) channels," said Chaouki Bekrar, a consultant and co-founder of K-Otik.
A representative of America Online said the company had been made aware of the problem but that a fix had not yet been created. "We're looking into the reports and will provide more information, as necessary, at the appropriate time," the representative said.
Multistate CyberSecurity Plan Coming Soon?
State officials will vote on a new plan this week that would identify potential threats to state networks and offer recommendations for handling them. If given the green light, the plan would establish a color-coded alert system (a la Homeland Security terrorism alert).
The National Association of State Telecommunications Directors (NASTD) members were warned that their networks had the potential for being desirable targets for terrorists. "We should regard cyber terrorism as a weapon of mass destruction," said William Pelgrin, chairman of the Multistate Information Sharing and Analysis Center (MS-ISAC).
Web Snare Snags Bad Guys
Over 150 arrests or convections have resulted from Operation Web Snare, a joint operation between the FBI, DOJ, and various other law enforcement agencies. The targets of the operation were phishers, hackers, spammers, spoofers and various sundry cyber-miscreants.
According to the FBI, suspects nabbed in this investigation were responsible for hacks, scams and spoofs affecting more than 150,000 people costing victims in excess of $215 million.
IOS Flaw Threatens Cisco.
A security alert has been issued for Cisco devices running IOS. The latest threat could allow an attacker the capability to disable remote administration access.
A string of specifically crafted TCP packets sent to a port 25 telnet connection, or reverse telnet port, on an IOS-based Cisco router or switch could block all telnet Remote Shell (RSH), Secure Shell (SSH) and HTTP access to the device. Telnet, reverse telnet RSH, SSH and HTTP connections made before an attack would still be intact, Cisco says.
A software fix for this threat is in the works. In the meantime, it might not be a bad idea to keep your eye on :25.
Can You Hear Me Now?
Jacob Brown of Trenton, New Jersey has been banned from sending any further spam text messages to Verizon clients. Verizon had sought nearly $150,000 in damages but seemed satisfied with the permanent injuction.
``The ruling shows this won't be tolerated,'' said Steve Zipperstein, an attorney for Verizon. ``It's annoying in your car, in your house, when you're out, to get messages that you don't want.''
Messages were sent to users in several states. The content for the advertisements were mortgage loans, products for losing weight, and even pornographic web sites.
About the Author:
Jeremy Muncy is a staff writer for WebProNews.com
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
RSS
Archive
Contact Us
Advertise
