General discussion

News - July 1, 2004

Another big Apache hole found

Linux and Unix vendors are releasing fixes for a critical bug in the popular Web server Apache that could allow attackers to crash the system or execute malicious code.

The bug affects Apache 1.3.x installations configured to act as proxy servers, which relay requests between a Web browser and the Internet. When a vulnerable server connects to a malicious site, a specially crafted packet can be used to exploit the vulnerability, according to security researcher Georgi Guninski, who has publicly released exploit code.,10801,94191,00.html

Discussion is locked
Reply to: News - July 1, 2004
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: News - July 1, 2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
Pop-Up Program Snatches Banking Passwords

Customers who use a number of the top online banking sites are at risk of falling prey to a new Web-based attack that snatches user IDs and passwords for these sites.

Among the sites targeted by the attack are some owned by Citibank, Deutsche Bank and Barclays Bank.

The attack is rather complex and appears to use a known flaw in Internet Explorer (IE) to drop a Trojan horse program on vulnerable machines. The Trojan is delivered through a malicious pop-up ad that loads a file called "img1big.gif" onto the machine. The file is in fact a compressed Win32 executable that contains the Trojan and a DLL.

The DLL is installed on the PC as a BHO (Browser Helper Object), a type of DLL that normally is used to let developers control IE in certain circumstances.,1759,1618453,00.asp?kc=EWRSS03129TX1K0000614

- Collapse -
Infosys' network brought down by virus attack

Infosys Technologies Ltd., a leading Bangalore-based software and business process outsourcing (BPO) company, had to bring down its network Tuesday morning, following detection of a virus attack on some machines on the network.

"We don't have the details of the virus yet, though we think it came through as an e-mail attachment," said a spokeswoman for the company who added that this is not the first time that Infosys has been attacked by a virus, and the network shut down.

"We proactively shut off a part of our network for a couple of hours as part of our business continuity plan," said the spokeswoman. While the network-dependent work was affected, other software development and services work continued as usual, she added.

- Collapse -
Cyber-loafing boss sacks office spyware detective

The Alabama Department of Transportation has fired Vernon Blake for installing WinSpy, a freely available spyware, on his boss's computer. Mr. Blake was apparently frustrated over the 'cyber-loafing' of his boss, George Dobbs, and used the spyware to prove that Mr. Dobbs spent 70% of his time playing solitaire. Symantec warns that WinSpy can not only monitor computer use, but also log keystrokes, possibly giving Mr. Blake access to sensitive material in violation of the law. Installing spyware on a boss's computer may also violate company policy, and may result in loss of job. Mr. Dobbs has been given a written warning, reminding him that managers must not "compromise their ability to manage subordinates.",39024663,39121768,00.htm

- Collapse -
NIST aims to ease XP security setup

The National Institute of Standards and Technology (NIST) has released Special Publication 800-68, offering recommendations and checklists for configuring security on Windows XP Professional in accordance with the Federal Information Security Management Act (FISMA) of 2002. The document should help systems administrators avoid mistakes that can cost time and money. NIST worked with the Defense Information Systems Agency, the National Security Agency, Microsoft, and the Center for Internet Security to develop the standards for productivity applications, e-mail, web browsers, personal firewalls, and antivirus. July 2004, NIST will publish details on its Security Configuration Checklists Program, a web portal that will let federal officials research softwares when making purchasing decisions. According to Center for Internet Security chief executive Clint Kreitner, software makers, businesses, and government agencies are reaching a consensus on security controls; Dell and Microsoft have begun shipping products already configured for security.

- Collapse -
Comcast reports 35 percent decline in spam

Cable giant Comcast on Thursday said the volume of spam originating from its network has dropped 35 percent since it blocked an e-mail loophole weeks ago.

The new data comes after Comcast, the nation's largest broadband service, earlier this month began blocking a gateway that spammers commonly use to send mass volumes of unsolicited e-mail. Called "port 25," the gateway lets PCs send and receive e-mail based on SMTP (Simple Mail Transfer Protocol), the most common technology for exchanging messages.

While a Comcast representative declined to offer an estimate of the service's daily e-mail volume, independent measuring firm SenderBase confirmed the decline.

- Collapse -
Panda Software Launches Beta Test for TruPrevent

Panda Software launches beta test for TruPrevent: the most intelligent technologies to combat unknown viruses and intruders

06/29/2004. - TruPrevent Technologies give a reliable response to the need for higher levels of protection for home users, professionals and large corporations to face the constant appearance of faster-spreading and more sophisticated viruses and threats

- TruPrevent Technologies take a preventive approach, not a reactive approach, automatically pre-empting the problem, without human intervention and without generating false positives

- TruPrevent Technologies are designed to stop worm attacks like those caused by Sasser or Mydoom by analyzing their behavior and are the perfect complement to traditional antivirus protection. For this reason, these technologies are even compatible with products that have not been developed by Panda Software

- TruPrevent Technologies do not have a significant impact on system performance

- The new TruPrevent Technologies are part of Panda’s new range of products, whose beta versions can be downloaded from

- Collapse -
Beta version of the new Panda WebAdmin Antivirus

Beta version of the new Panda WebAdmin Antivirus: protection via the Internet for the entire organization

06/30/2004. - Panda Software's new solution is deployed and administered via a web page accessible securely from any computer with an Internet connection

- The protection against all types of virus offered by Panda WebAdmin Antivirus even includes computers with no connection to the Internet or those outside the local network

Panda Software is launching the new beta version of Panda WebAdmin Antivirus. This solution - administered remotely over the Internet- armor plates the IT infrastructure of small and medium-sized companies against attacks from all types of viruses, worms and Trojans. The beta version of Panda WebAdmin Antivirus is available for free trials from Panda Software’s website at:

- Collapse -
Norton AV 2005 Beta

Symantec published:

Norton AntiVirus 2005 Beta Version for Windows 98/2000/Millennium/XP Now Available.

We are very pleased to make the beta version of Norton AntiVirus 2005 for Windows 98/2000/Millennium/XP available for download. Symantec's Norton AntiVirus 2005 is the world's most trusted antivirus solution. It removes viruses automatically, blocks certain Internet worm attacks, and protects email and instant messages.

We've added new improvements and new features to Norton AntiVirus 2005. Download the product now! Surf the Net. Play your favorite games. We are very interested in your feedback on this product. We will give away 50 FREE copies of Norton AntiVirus 2005 to the first 50 beta users that submit undocumented bugs. Winners will be notified via e-mail.

Symantec does not provide Technical Support on beta version software products. However, we would appreciate your feedback, which can be sent via e-mail to In order to qualify for one of the free versions of Norton AntiVirus 2005, please be sure to include your complete mailing information in your e-mail message. An electronic bug report form is also available.

All information submitted is routed through a secure server and is in compliance with Symantec's Privacy Policy.

Please note that this Beta Release expires 30 days after product was installed.

System Requirements

--Pentium level CPU
--IE 5.5
--Windows 98, 98SE
--Windows ME
--Windows 2000 Professional
--Windows XP Home and Professional Edition

Important: Install only to non-production system. Install at your own risk, it is BETA.

CNET Forums