From; Oxygen3 24h-365d: "Examine what is said, not him who speaks." Arab proverb. - Weekly summary - Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com) Madrid, May 22 2004 - Over the last week, Oxygen3 24h-365d has covered the following issues, summarized below and which can be read at: http://www.pandasoftware.com/about/press/oxygen3/oxygen.asp - Denial of service in wireless devices (05/17/04). A vulnerability in the WLAN 802.11 protocol could allow network traffic to be disrupted using a low powered Wi-Fi device. This security flaw, which exists in all hardware implementations of the wireless network protocol IEEE802.11, allows an attack against the availability of wireless local area network devices. - Buffer overflow in Microsoft Visual Basic (05/18/04). A buffer overflow vulnerability exists in Microsoft Visual Basic, which may allow an attacker to create applications that could elevate privileges. One of the normal consequences of the buffer overflow is a denial of service, which although it hasn't been confirmed, could also be used to run arbitrary code. - Authentication flaw affecting Sun Java Secure Socket Extension (JSSE) (05/19/04). There is an authentication vulnerability which affects Sun JSSE extensions and can cause the programs that use it to incorrectly validate digital SSL server certificates. The versions affected are JSSE 1.0.3, 1.0.3_01 and 1.0.3_02 for Windows, Solaris and Linux. To avoid the problem, the company has released version JSSE 1.0.3_03 in which the security hole has been fixed. - Critical security patch for CVS (05/20/04). A critical vulnerability has been discovered in CVS (Concurrent Versions Systems), the widely used software for developing and controlling open source projects. The vulnerability detected stems from a buffer overrun which could -potentially- allow an attacker to run arbitrary code on the affected CVS servers. - Intrusions in financial companies (05/21/04). According to the "Global Security Survey" carried out by Deloitte, many of the intrusions on financial institutions caused financial losses. However, although attacks are on the increase, one in four companies said that their IT security budgets were frozen. Eighty-three percent of respondents admitted that their systems had been compromised during the last year, a much higher figure than that of the previous year(39%). NOTE: The address above may not show up on your screen as a single line. This would prevent you from using the link to access the web page. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL. ------------------------------------------------------------ To contact with Panda Software, please visit: http://www.pandasoftware.com/about/contact/ ------------------------------------------------------------ *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member