Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2004-03-19 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

XP SP2 Preview, Apache Update,Don't click on that attachment

Published: 2004-03-19
Last Updated: 2004-03-20 13:48:50 UTC
by Deborah Hale (Version: 1)
0 comment(s)

Microsoft Releases a Preview of Service Pack 2 for Windows XP


To aid IT professionals in planning and testing for the deployment of Windows XP SP2. Microsoft is making available a preview, based on Release Candidate 1 of the SP2.



WARNING! This technical preview is unsupported and is intended for testing purposes only. Do not use in production environments.



http://www.microsoft.com/sp2preview/


Apache HTTP Server 2.0.49 Released



According to the release information, this release is a bug fix release to fix bugs that were found in version 2.0.48 three which were security vulnerabilities.


** When using multiple listening sockets, a denial of service attack is possible on some platforms due to a race condition in the handling of short-lived connections.


** Arbitrary client-supplied strings can be written to the error log
which can allow exploits of certain terminal emulators.


** A remotely triggered memory leak in mod_ssl can allow a denial
of service attack due to excessive memory consumption.


The new release is available for download at:
http://httpd.apache.org/download.cgi


A overview of the release can be found at:
http://httpd.apache.org/docs-2.0/new_features_2_0.html




Don't Click that Attachment


No matter how many times we say it, no matter how often it is repeated, we obviously can't say it enough. DON'T CLICK ON THE ATTACHMENT!


Today a small business that I am involved with called me in a panic. Something was wrong with their network. After much probbing and proding, I finally got it out of them. Someone had clicked on an attachment that they had received in an email.

It appears that one of the gals had gotten an email from the "administrator" that indicated that her "email account was being disabled due to misuse". Of course it was from the administrator so it must be legitimate (even though she had NEVER gotten an email from the administrator before). I immediately knew what had happened but was a little confused by how it had happened. They had an anti-virus program installed and it was set up to auto-update every week.


Hop in the car and go to their office to check it out. Upon arrival I discovered the problem, they had installed an update to a software program that they use. The update required them to disable their antivirus program for installation of the update. You guessed it, they disabled the AV on all of the computers to install the client side of the update and forgot to re-enable it. Consequently they had NO protection at all.


While taking care of things at this location, I received a call from their location about 20 miles away. Yep, you guessed it, they had received an email from administrator, and they had disabled the AV for the program update. Finishing the cleanup at the first location I headed to the second location to clean that one up too.


I think this company learned two valuable lessons today!


1. Don't click on attachments in emails regardless of who they come from!

2. Don't disable your anti-virus software. If you do have to in order to do a program update, make sure you turn it back on.


Maybe someday all software companies will figure out how to install their software updates without disabling the AV software. Until then, we have to protect ourselves!




Deb Hale



Keywords:
0 comment(s)
Diary Archives