There are 15 messages in this issue. Topics in this digest: 1. Re: Burning backup images to DVDs? From: Seantific <spunkovision@xxxxxxxxx> 2. Re: New Memory Stumped From: "Vince" <timechaser@xxxxxxxxxxxxx> 3. EXTREMELY CRITICAL FIREFOX BUGS!!!! From: K-lang <cade00000@xxxxxxxxx> 4. Massachusetts gets serious on spammers From: K-lang <cade00000@xxxxxxxxx> 5. Mac OS X 10.4 - Widget security: fact and fiction From: K-lang <cade00000@xxxxxxxxx> 6. SpywareBlaster Database Update From: Seantific <spunkovision@xxxxxxxxx> 7. New Opera version From: K-lang <cade00000@xxxxxxxxx> 8. Here come troubles: Mydoom.BQ, Wurmark-J & MYTOB.ED From: K-lang <cade00000@xxxxxxxxx> 9. Mac OS X Mail Account Wizard Exposure of User Credentials From: K-lang <cade00000@xxxxxxxxx> 10. Netscape HTTP Authentication Prompt Spoofing Vulnerability From: K-lang <cade00000@xxxxxxxxx> 11. iTunes MPEG-4 File Parsing Buffer Overflow Vulnerability From: K-lang <cade00000@xxxxxxxxx> 12. Symantec offers Norton AntiVirus 10.0 for Mac From: K-lang <cade00000@xxxxxxxxx> 13. Mac OS X pty Permission Security Issue From: K-lang <cade00000@xxxxxxxxx> 14. Mac OS X Security Update Fixes Multiple Vulnerabilities From: K-lang <cade00000@xxxxxxxxx> 15. Secunia - Medium Risk Virus Alert: Sober.p From: K-lang <cade00000@xxxxxxxxx> ________________________________________________________________________ ________________________________________________________________________ Message: 1 Date: Wed, 11 May 2005 19:27:35 -0700 (PDT) From: Seantific <spunkovision@xxxxxxxxx> Subject: Re: Burning backup images to DVDs? What software did they come with? BOBBY <bcrook@xxxxxxxxxxxxx> wrote: I just purchased Acronis TI and have read that one of the backup options is to burn the image to DVDs. This requires Packet-Writing software I'm told. I read on an informational atricle that Win XP had it's own Packet-Writind software and that some drives included that software also. My D drive is a LITE-ON COMBO LTC-48161H DVD/CDR and my E drive is a LITE-ON DVD+RW LDW-401S DVD/CDR. Would either of these contain the Packet-Writing software or where can I find that within Win XPHome? Bobby Any intrusive unwanted visitors on your PC? http://grc.com/optout.htm http://www.cexx.org/ MCH - http://shorterlink.com/?PBFUJ5 __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com [Non-text portions of this message have been removed] ________________________________________________________________________ ________________________________________________________________________ Message: 2 Date: Wed, 11 May 2005 20:57:20 -0000 From: "Vince" <timechaser@xxxxxxxxxxxxx> Subject: Re: New Memory Stumped That has always been my policy with software, specifically when I reformat and reinstall for someone. I make them purchase and keep up the antivirus I recommend along with a couple of spyware programs. Then if they tell me they have a problem the software better be up to date. If not I will not re do the machine again. Looks like I will need to use the same policy now when I replace hardware. Get what I say or get someone else to do the job. They can't be saving a penny for me to spend extra hours. Vince --- In mycomputerheadaches@xxxxxxxxxxxxxxx, "T. Hunt" <ilrover@xxxx> wrote: "I rarely charge to install memory but you will use the memory I recommend or you'll take your system somewhere else. Life's too short. Tom" ________________________________________________________________________ ________________________________________________________________________ Message: 3 Date: Wed, 11 May 2005 20:04:07 -0700 (PDT) From: K-lang <cade00000@xxxxxxxxx> Subject: EXTREMELY CRITICAL FIREFOX BUGS!!!! To prevent the script injection exploit from stealing cookies or other sensitive data, disable Javascript before visiting UNTRUSTWORTHY sites. In Firefox: 1. Select the "Options" dialog from the "Tools" menu 2. Select the "Web Features" icon 3. Uncheck the "Enable Javascript" checkbox 4. Click "OK" In the Mozilla Suite: 1. Select the "Preferences" dialog from the "Edit" menu 2. Click the tiny icon next to the "Advanced" item in the left pane to expand the list 3. Select "Scripts and Plug-ins" 4. Uncheck the "Navigator" checkbox under "Enable Javascript for" 5. Click "OK" Re-enable Javascript for trustworthy sites that require it. SOURCE: http://www.mozilla.org/security/announce/mfsa2005-42.html K-lang wrote: By the way, the way to verify which sites are on you whitelist, in Firefox, click Tools>Options>Web Features>Allowed Sites button next to the 'Allow web sites to install software' checkbox. The following are OK to have in your whitelist: update.mozilla.org addons.mozilla.org These two sites can no longer be used as part of the exploit described= here. If you have installed other Firefox extensions not found in the two sites listed above (like stumbleupon.com) then you might have other sites listed in your white list. It may be prudent at this point in time to delete those other ones besides those two above. You can add them later when a patch is created or a new version is made available to cover this vulnerability. How many extensions do you have installed for Firefox? I have 22 and I've only just begun :). K-lang wrote: A patch is expected shortly, but in the meantime users can protect themselves by switching off JavaScript. In addition, the Mozilla Foundation has now made the flaws effectively impossible to exploit by changes to the server-side download mechanism on the update.mozilla.org and addons.mozilla.org sites. An attacker could create a malicious page using frames and a JavaScript history flaw to make software installations appear to be coming from a "trusted" site. By default, Firefox allows software installations from update.mozilla.org and addons.mozilla.org, but users can add their own sites to this whitelist. The second part of the exploit triggers software installation using an input verification bug in the "IconURL" parameter in the install mechanism. The effect is that a user could click on an icon and trigger the execution of malicious JavaScript code. Because the code is executed from the browser's user interface, it has the same privileges as the user running Firefox, according to researchers. Mozilla Foundation said it has protected most users from the exploit by altering the software installation mechanism on its two whitelisted sites. However, users may be vulnerable if they have added other sites to the whitelist. Users who have not added any additional sites to their software installation whitelist are no longer at risk. wgnhim wrote: I usually leave this stuff for some of our resident computer gurus to post, but this story seems really important for anyone using Firefox. http://www.techweb.com/wire/security/163100258 Steve --------------------------------- Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. [Non-text portions of this message have been removed] ________________________________________________________________________ ________________________________________________________________________ Message: 4 Date: Wed, 11 May 2005 20:18:06 -0700 (PDT) From: K-lang <cade00000@xxxxxxxxx> Subject: Massachusetts gets serious on spammers Computerworld reports that the Attorney General of Massachusetts has sued seven individuals and two companies who allegedly formed a spam ring. The group is allegedly responsible for sending hundreds of millions of unwanted, deceptive e-mail messages each month in violation of both U.S. federal and Massachusetts state law. The nine defendants are charged with sending illegal spam, as well as advertising and promoting illegitimate software, prescription drugs and mortgages. The primary target in the lawsuit is Leo Kuvayev, the alleged organizer of the ring. He is a Massachusetts resident and allegedly the leader of one of the largest Internet spam rings in this country, if not the world. The ring allegedly operated from suburbs in Boston and Russia and used domain names registered in Monaco, Australia and France and servers in China, Korea, Brazil and Taiwan. The Microsoft Corp. assisted in the investigation of the alleged spam ring. A Microsoft team gathered and provided evidence of the spam by capturing the e-mail messages in special Hotmail e-mail accounts. --------------------------------- Discover Yahoo! Stay in touch with email, IM, photo sharing & more. Check it out! [Non-text portions of this message have been removed] ________________________________________________________________________ ________________________________________________________________________ Message: 5 Date: Wed, 11 May 2005 20:28:29 -0700 (PDT) From: K-lang <cade00000@xxxxxxxxx> Subject: Mac OS X 10.4 - Widget security: fact and fiction This was posted in another group I am a part of: By Rob Griffiths "The recent Dashboard: Widget (In)Security article raises some interesting and valid concerns about Tiger's new Dashboard widgets. Of particular concern is the fact that a widget can do anything in your user space that you can do=97including erasing files, changing ownership and permissions, running AppleScripts and command-line utilities, and so forth. These are certainly scary things to consider, especially given Apple's marketing focus on the "warm and fuzzy" nature of widgets. However, I worry that the article may spread a bit more concern over the dangers of widgets than there actually should be. Why do I say that? Consider for a moment not a widget, but a regular application. Applications have the ability to do everything widgets can do=85 and much more. Recall the last time you installed an application. You probably put it in the system-wide Applications folder=97so now any user can run it. You may have also been asked to provide your administrative password as part of the installation process. But did you stop to consider that this application could do anything at all it wants to when you double-click it? Perhaps you did, but most of us have become so accustomed to just downloading, installing, and using applications that we may not have given it a second thought. But what if the application's author had malicious intentions? In that case, you're in big trouble. During installation, especially if you provided your admin password, the program could have installed, for instance, a background process that logs all your keystrokes and then sends them out to a collection server. Or it could have a time bomb coded inside the program, such that on your 35th launch of the application, it deletes your entire user's directory. Many more such things are possible, especially given that application authors have access to the full power of OS X's development environment. (Fran=E7ois Joseph de Kermadec has a good write-up on this comparison of applications and widgets in his O'Reilly Developer Weblog if you'd like even more detail on the subject.) http://oreillynet.com/pub/wlg/7056 And yet, despite the scary capabilities of third-party applications to completely destroy our machines, we continue to download and use them. And we probably do so without digging into their package contents or grepping files for commands that might erase files. Why? Because we trust the source of the program, and the programs do useful things for us. Widgets are exactly the same as applications in this sense: while they are truly useful, they have the power to damage our machines. How do we resolve then the conflict between usefulness and potential destruction? First, I completely agree with Dori Smith's advice in the "Widget (In)Security" article=97everyone should disable Safari's "Open= `safe' files after downloading". (I find it ironic that Apple chose to put "safe" in quotes, implying that these items aren't really safe=85which is actually the truth!) This is the simplest step you can take to insure that you don't accidentally install a widget or an application that you didn't intend to install. This will also take care of the truly malicious Web pages which use _JavaScript to automatically download a widget without your knowledge. (Still, such widgets won't be active until you click one in the Dashboard panel.) Second, trust your sources: don't be the first on the block to download a new widget or application. Don't get programs from peer-to-peer networks. Read the reviews on Macworld, check the comments on the various software update sites, use Google to research the program in question. If a program you're installing is asking you for your administrative password, try to find out why=97is it because it writes something to a protected directory? E-mailing the author is often the best way to get the answer to this question. And finally, back up your key files! This is probably the most prudent advice of all=97if you have a good, current backup, then even the most destructive of widgets or applications will only cause you a bit of lost time to restore your backup. Without a good backup, you'll be in much worse shape. I do think Apple needs to update Safari so that safe downloads are not enabled by default=97enabling this feature was a very unwise move on the company's part. I also think the system should notify you via a pop-up dialog box if a new widget or application is added to the Widgets or Applications directories, and you haven't been involved in the process (that is, you didn't initiate the process nor respond to a dialog box). And there should be an easy way to remove a widget from the Dashboard bar, so users don't have to dig into folders in the Finder to do so. But I don't want Apple to start limiting the power of widgets, because if they do, widgets will be less useful. What's more, overall system security won't be much better=97applications will still have the ability to do whatever they want, for example. Do we then start limiting applications' capabilities, for fear of malicious programs? But even if Apple doesn't change anything, am I going to lose any sleep over the apparent malicious capabilities of an evil widget? Certainly not any more than I lose worrying about malicious applications =97 which is to say, none. Update: After posting this entry, I saw a new page with some additional Dashboard concerns. While this doesn't change my overall conclusion that widgets are not inherently more dangerous than any application, it does point out a couple of new things that Apple really must address. http://www1.cs.columbia.edu/~aaron/files/widgets/ First, a malicious widget can replace a system-provided widget simply by using the same name=97the user's widgets take precedence over the stock widgets. Second, and even worse, if a widget has been auto-installed via Safari, there's no warning about the privileged nature of the widget. Finally, the page discusses a method of privilege escalation that could theoretically allow a widget to run with root privileges without any user intervention. Taken together, these bugs would allow a malicious developer to do some nasty stuff, especially for those who haven't disabled Safari's auto-install feature. If you do nothing else, please disable Safari's auto-install option. Until Apple releases some updates, that (or using another browser that won't auto-install) is your best protection, short of not adding any new widgets to your system." --------------------------------- Discover Yahoo! Get on-the-go sports scores, stock quotes, news & more. Check it out! [Non-text portions of this message have been removed] ________________________________________________________________________ ________________________________________________________________________ Message: 6 Date: Wed, 11 May 2005 20:33:47 -0700 (PDT) From: Seantific <spunkovision@xxxxxxxxx> Subject: SpywareBlaster Database Update When was the last time you updated SpywareBlaster? When you are done updating, you should have these many items in your SB database: 3530 Any intrusive unwanted visitors on your PC? http://grc.com/optout.htm http://www.cexx.org/ MCH - http://shorterlink.com/?PBFUJ5 --------------------------------- Yahoo! Mail Stay connected, organized, and protected. Take the tour [Non-text portions of this message have been removed] ________________________________________________________________________ ________________________________________________________________________ Message: 7 Date: Wed, 11 May 2005 21:04:01 -0700 (PDT) From: K-lang <cade00000@xxxxxxxxx> Subject: New Opera version Opera 8.01 Technical Preview 1 Build: 7583 Released: May 6, 2005 Release Notes Unfortunately, a number of users have been experiencing frequent crashes when clicking links on certain pages since installing Opera 8.0 Final. This build contains a fix for these crashes. Changes since Opera 8.0 Final Display (Presto) Fixed a crash that could occur when clicking links Improved handling of the HTTP 204 status code Plugged a memory leak related to XMLHttpRequest (seen at Gmail, for instance) SVG SVG animations are now disabled along with GIF animations (F12) Fixed several crashes Fixed various small problems User Interface Fixed a problem with UTF-8 BOM characters that could prevent setup files from installing Download link http://snapshot.opera.com/windows/w801p1.html This is a beta release. Use at your own risk. --------------------------------- Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. [Non-text portions of this message have been removed] ________________________________________________________________________ ________________________________________________________________________ Message: 8 Date: Wed, 11 May 2005 21:41:49 -0700 (PDT) From: K-lang <cade00000@xxxxxxxxx> Subject: Here come troubles: Mydoom.BQ, Wurmark-J & MYTOB.ED Mydoom.BQ, Wurmark-J & MYTOB.ED Secunia - Virus Alert =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Secunia Virus Alert: Wurmark-J Risk Rating: MEDIUM RISK Confirmed By: 3 Vendors =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Secunia Virus Information has issued a MEDIUM RISK alert for: Wurmark-J Learn More About Wurmark-J Online At Secunia: http://secunia.com/virus_information/17852/ Virus Information Available At Secunia: - Virus aliases - Vendor severity ratings - Vendor changelogs - Short descriptions - File sizes - Grouped virus profiles with information from multiple antivirus vendors - Links to removal tools/instructions - Links to extensive vendor reports - Searchable index of all virus information Secunia Website: http://secunia.com/ More Information About Secunia Virus Alerts: http://secunia.com/secunia_virus_alerts/ =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Secunia Virus Alert: MYTOB.ED Risk Rating: MEDIUM RISK Confirmed By: 3 Vendors =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Secunia Virus Information has issued a MEDIUM RISK alert for: MYTOB.ED Learn More About MYTOB.ED Online At Secunia: http://secunia.com/virus_information/17851/ Virus Information Available At Secunia: - Virus aliases - Vendor severity ratings - Vendor changelogs - Short descriptions - File sizes - Grouped virus profiles with information from multiple antivirus vendors - Links to removal tools/instructions - Links to extensive vendor reports - Searchable index of all virus information Secunia Website: http://secunia.com/ More Information About Secunia Virus Alerts: http://secunia.com/secunia_virus_alerts/ =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Secunia Virus Alert: Mydoom.BQ Risk Rating: MEDIUM RISK Confirmed By: 4 Vendors =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Secunia Virus Information has issued a MEDIUM RISK alert for: Mydoom.BQ Learn More About Mydoom.BQ Online At Secunia: http://secunia.com/virus_information/17859/ Virus Information Available At Secunia: - Virus aliases - Vendor severity ratings - Vendor changelogs - Short descriptions - File sizes - Grouped virus profiles with information from multiple antivirus vendors - Links to removal tools/instructions - Links to extensive vendor reports - Searchable index of all virus information Secunia Website: http://secunia.com/ More Information About Secunia Virus Alerts: http://secunia.com/secunia_virus_alerts/ =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --------------------------------- Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. [Non-text portions of this message have been removed] ________________________________________________________________________ ________________________________________________________________________ Message: 9 Date: Wed, 11 May 2005 21:46:43 -0700 (PDT) From: K-lang <cade00000@xxxxxxxxx> Subject: Mac OS X Mail Account Wizard Exposure of User Credentials Secunia Security Advisories ---------------------------------------------------------------------- TITLE: Mac OS X Mail Account Wizard Exposure of User Credentials SECUNIA ADVISORY ID: SA15301 VERIFY ADVISORY: http://secunia.com/advisories/15301/ CRITICAL: Not critical IMPACT: Exposure of sensitive information WHERE: From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Markus W=F6rle has reported a security issue in Mac OS X, which may expose sensitive information to malicious people. The problem is caused due to a design error in the Mail account creation wizard, which transmits a user's credentials in plain text to test their validity, before the user is asked to choose an optional encryption (e.g. IMAP over SSL). This may cause a user's plain text credentials to be disclosed to a third party during the account creation process even though the user chooses to use encryption. The security issue has been reported in Mail 2.0 on Mac OS 10.4. Other versions may also be affected. SOLUTION: Enter a invalid password before setting encryption options. PROVIDED AND/OR DISCOVERED BY: Markus W=F6rle ---------------------------------------------------------------------- --------------------------------- Discover Yahoo! Get on-the-go sports scores, stock quotes, news & more. Check it out! [Non-text portions of this message have been removed] ________________________________________________________________________ ________________________________________________________________________ Message: 10 Date: Wed, 11 May 2005 21:49:24 -0700 (PDT) From: K-lang <cade00000@xxxxxxxxx> Subject: Netscape HTTP Authentication Prompt Spoofing Vulnerability ---------------------------------------------------------------------- TITLE: Netscape HTTP Authentication Prompt Spoofing Vulnerability SECUNIA ADVISORY ID: SA15267 VERIFY ADVISORY: http://secunia.com/advisories/15267/ CRITICAL: Less critical IMPACT: Spoofing WHERE: From remote SOFTWARE: Netscape 7.x http://secunia.com/product/85/ DESCRIPTION: A vulnerability has been reported in Netscape, which can be exploited by malicious people to spoof HTTP authentication prompts. For more information, see vulnerability #2 in: SA14407 The vulnerability has been confirmed in version 7.2. Other versions may also be affected. SOLUTION: Use another product. PROVIDED AND/OR DISCOVERED BY: Originally discovered in Mozilla by: Christian Schmidt Reported in Netscape by: Juha-Matti Laurio OTHER REFERENCES: SA14407: http://secunia.com/advisories/14407/ ---------------------------------------------------------------------- __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com [Non-text portions of this message have been removed] ________________________________________________________________________ ________________________________________________________________________ Message: 11 Date: Wed, 11 May 2005 21:53:44 -0700 (PDT) From: K-lang <cade00000@xxxxxxxxx> Subject: iTunes MPEG-4 File Parsing Buffer Overflow Vulnerability Secunia Security Advisories ---------------------------------------------------------------------- TITLE: iTunes MPEG-4 File Parsing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA15310 VERIFY ADVISORY: http://secunia.com/advisories/15310/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: iTunes 4.x http://secunia.com/product/2916/ DESCRIPTION: A vulnerability has been reported in iTunes, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the MPEG-4 file parsing and can be exploited to cause a buffer overflow via a specially crafted MPEG-4 file. Successful exploitation may allow execution of arbitrary code. SOLUTION: Update to version 4.8. http://www.apple.com/support/downloads/itunes48.html PROVIDED AND/OR DISCOVERED BY: The vendor credits Mark Litchfield of NGS Software. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=3D301596 ---------------------------------------------------------------------- --------------------------------- Yahoo! Mail Stay connected, organized, and protected. Take the tour [Non-text portions of this message have been removed] ________________________________________________________________________ ________________________________________________________________________ Message: 12 Date: Wed, 11 May 2005 22:03:50 -0700 (PDT) From: K-lang <cade00000@xxxxxxxxx> Subject: Symantec offers Norton AntiVirus 10.0 for Mac Symantec Corp. on Tuesday announced its new Norton AntiVirus 10.0 for Macintosh. The new release offers new features as well as compatibility with Mac OS X v10.4 "Tiger." Symantec expects the software to be widely available in May for US$69.95. A US$30 mail-in rebate is available for users of competitive products and for current Norton users as well. New features in this release include the Global Threat Assessment Dashboard, a Dashboard widget for Tiger which provides information on local virus protection and an overview of global threats. Users can connect to Symantec's Security Response servers to download the most recent virus threat info. New contextual menu support lets users scan files and directories by right-clicking or control-clicking particular files and directories. And new custom SafeZones let users specify a particular area of their drive, specific volumes or files, to be routinely scanned for threats. http://enterprisesecurity.symantec.com/products/products.cfm?productid=3D645= --------------------------------- Discover Yahoo! Get on-the-go sports scores, stock quotes, news & more. Check it out! [Non-text portions of this message have been removed] ________________________________________________________________________ ________________________________________________________________________ Message: 13 Date: Wed, 11 May 2005 22:41:48 -0700 (PDT) From: K-lang <cade00000@xxxxxxxxx> Subject: Mac OS X pty Permission Security Issue Secunia Security Advisories ---------------------------------------------------------------------- TITLE: Mac OS X pty Permission Security Issue SECUNIA ADVISORY ID: SA15224 VERIFY ADVISORY: http://secunia.com/advisories/15224/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: Local system OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Matt Johnston has discovered a security issue in Mac OS X, hich can be exploited by malicious, local users to gain knowledge of potentially sensitive information. The problem is that non-setuid root applications can't change the permissions of ptys. This can be exploited to sniff other users' ttys opened via non-setuid root applications (e.g. screen). The security problem has been confirmed in version 10.3.9. Prior versions may also be affected. SOLUTION: The security problem has reportedly been fixed in version 10.4. PROVIDED AND/OR DISCOVERED BY: Matt Johnston ---------------------------------------------------------------------- __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com [Non-text portions of this message have been removed] ________________________________________________________________________ ________________________________________________________________________ Message: 14 Date: Wed, 11 May 2005 22:45:51 -0700 (PDT) From: K-lang <cade00000@xxxxxxxxx> Subject: Mac OS X Security Update Fixes Multiple Vulnerabilities Secunia Security Advisories ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA15227 VERIFY ADVISORY: http://secunia.com/advisories/15227/ CRITICAL: Highly critical IMPACT: Security Bypass, Spoofing, Exposure of sensitive information, Privilege escalation, System access WHERE: From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes various vulnerabilities. 1) A boundary error in htdigest can be exploited to cause a buffer overflow by passing an overly long realm argument. NOTE: htdigest is by default only locally accessible and not setuid / setgid. 2) An integer overflow error in the AppKit component when processing TIFF files can be exploited by malicious people to compromise a user's system. For more information: SA13607 3) An error in the AppKit component when parsing certain TIFF images can result in an invalid call to the "NXSeek()" function, which will crash an affected Cocoa application. 4) An error within the handling of AppleScript can be exploited to display code to a user that is different than the code, which will actually run. 5) An error in the Bluetooth support may cause Bluetooth-enabled systems to share files via the Bluetooth file exchange service without notifying the user properly. 6) An input validation error can be exploited to access arbitrary files on a Bluetooth-enabled system using directory traversal attacks via the Bluetooth file and object exchange services. 7) The chfn, chpass, and chsh utilities invoke certain external helper programs insecurely, which can be exploited by malicious, local users to gain escalated privileges. 8) A vulnerability in Finder can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges due to insecure creation of ".DS_Store" files. For more information: SA14188 9) A boundary error within the Foundation framework when handling environment variables can be exploited to cause a buffer overflow and may allow execution of arbitrary code. 10) An error in Help Viewer can be exploited to run JavaScript without the normally imposed security restrictions. 11) A security issue in the LDAP functionality may under certain circumstances result in passwords initially being stored in plain text. 12) Errors within the parsing of XPM files can potentially be exploited by malicious people to compromise a vulnerable system. For more information: SA12549 13) An error in lukemftpd can be exploited by malicious users to bypass chroot restrictions. In order to restrict users to their home directory, both their full name and short name must be listed in the "/etc/ftpchroot" file. However, the problem is that users can change their full name and thereby bypass this restriction. 14) A boundary error in the Netinfo Setup Tool (NeST) when processing input passed to the "-target" command line parameter can be exploited by malicious, local users to cause a buffer overflow and execute arbitrary code with escalated privileges on a vulnerable system. 15) When enabling the HTTP proxy service in Server Admin, it is by default possible for everyone (including users on the Internet) touse the proxy service. 16) A vulnerability in sudo within the environment clearing can be exploited by malicious, local users to gain escalated privileges. For more information: SA13199 17) An error in the Terminal utility can be exploited to inject data via malicious input containing escape sequences in window titles. 18) An error in the Terminal utility can be exploited to inject commands into a user's Terminal session via malicious input containing escape characters in x-man-path URIs. 19) A boundary error in vpnd can be exploited by malicious, local users to cause a buffer overflow and execute arbitrary code with escalated privileges on systems configured as a VPN server. SOLUTION: Apply Security Update 2005-005. Security Update 2005-005 (Client): http://www.apple.com/support/downloads/securityupdate2005005client.html Security Update 2005-005 (Server): http://www.apple.com/support/downloads/securityupdate2005005server.html PROVIDED AND/OR DISCOVERED BY: 1) JxT 3) Henrik Dalgaard 4) David Remahl 5) Kevin Finisterre, digitalmunition.com. 6) Kevin Finisterre, digitalmunition.com. 10) David Remahl 13) Rob Griffiths 14) Nico 17) David Remahl 18) David Remahl 19) Pieter de Boer ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=3D301528 David Remahl: http://remahl.se/david/vuln/004/ http://remahl.se/david/vuln/010/ http://remahl.se/david/vuln/011/ http://remahl.se/david/vuln/012/ digitalmunition.com: http://www.digitalmunition.com/DMA[2005-0502a].txt iDEFENSE: http://www.idefense.com/application/poi/display?id=3D239&type=3Dvulnerabilit= ies OTHER REFERENCES: SA12549: http://secunia.com/advisories/12549/ SA13199: http://secunia.com/advisories/13199/ SA13607: http://secunia.com/advisories/13607/ SA14188: http://secunia.com/advisories/14188/ ---------------------------------------------------------------------- ________________________________________________________________________ ________________________________________________________________________ Message: 15 Date: Wed, 11 May 2005 23:26:57 -0700 (PDT) From: K-lang <cade00000@xxxxxxxxx> Subject: Secunia - Medium Risk Virus Alert: Sober.p Secunia - Virus Alert =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Secunia Virus Alert: Sober.p Risk Rating: MEDIUM RISK Confirmed By: 6 Vendors =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Secunia Virus Information has issued a MEDIUM RISK alert for: Sober.p Learn More About Sober.p Online At Secunia: http://secunia.com/virus_information/17692/ Virus Information Available At Secunia: - Virus aliases - Vendor severity ratings - Vendor changelogs - Short descriptions - File sizes - Grouped virus profiles with information from multiple antivirus vendors - Links to removal tools/instructions - Links to extensive vendor reports - Searchable index of all virus information Secunia Website: http://secunia.com/ More Information About Secunia Virus Alerts: http://secunia.com/secunia_virus_alerts/ =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --------------------------------- Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. Learn more. [Non-text portions of this message have been removed] see the Yahoo home page http://groups.yahoo.com/group/mycomputerheadaches/ See the self help page here //www.freelists.org/cgi-bin/webpage?webpage_id=mch