The Evil Packet Sniffer
A "Packet Sniffer" is a utility that sniffs without modifying the network's packets in any way. By comparison, a firewall sees all of a computer's packet traffic as well, but it has the ability to block and drop any packets that its programming dictates. Packet sniffers merely watch...
Losing Data Over VPN
Sometimes change is good, sometimes it's bad, and sometimes it's a mixed bag. Such was the case recently when a customer switched a remote office from a 56K line to using a Kerio VPN over Internet connections. The 56K line was slow and expensive, so the switch had...
ColdFusion And Server Monitoring
Unlocking the CF Server Black Box. How to answer questions about your server. How is it doing? What templates/queries are slow? New tool: CF Server Monitor. Monitors requests via all paths (template, CFC, web service, gateway, Flash Remoting) Has minimal...
ISIS Router Types
To pass the BSCI exam and earn your CCNP, youŽve got to know ISIS inside and out. There are many similarities between ISIS and OSPF, but one major difference is that ISIS has three different types of routers - Level 1 (L1), Level 2 (L2), and L1/L2. L1 routers are...
Configuring An Access Server
As your CCNA / CCNP home lab expands, an access server such as the Cisco 2509 or 2511 is one of the best investments you can make. In this article, weŽll look at the basic configuration for an access server and discuss how to connect to the other routers and switches...
Big Yellow Big Problem For Symantec
By David Utter
A worm discovered by security firm eEye exploits a vulnerability in Symantec's software that unwary administrators may have left unpatched.
The potential for exploitation of the problem in the remote management interface for Symantec's AntiVirus and Client Security products could go as far as permitting remote code execution with system privileges.
eEye caught a sample of the worm on December 14th.
The firm dubbed the worm Big Yellow, a play on the dominant color in Symantec's corporate color scheme and a fixture in its advertising efforts. Big Yellow's impact may have been mitigated before its emergence, though.
Researchers at eEye provided a technical analysis of the worm, which is being driven by a botnet.
They noted how it is connecting back to a bot controller, and cited the need for administrators to ensure their version of Symantec is up to date.
They also specified port tcp/2967 as the one the worm attempts to use to contact Symantec's Rtvscan.exe. "The exploit request is contained within the worm's SVCHOST.EXE," said eEye.
Back in May 2006, eEye worked with Symantec to build a patch for the vulnerability affected by Big Yellow.
There is some concern that an enterprise that has not applied this patch, for whatever reason, could be at risk.
The creation of the worm by parties unknown six months after the release of the patch highlights the continuing shift of attacks from the operating system to the applications running on that system.
"Given the rapid discovery of critical security vulnerabilities within desktop applications other than Microsoft, the release of malware of this magnitude targeting non-Microsoft software was only a matter of time," said Marc Maiffret, eEye's founder and CTO.
"IT urgently needs to understand that the new vector for attack will not come from Microsoft, but from the myriad applications that are scattered throughout its network."
About the Author:
David Utter is a business and technology writer for SecurityProNews, WebProNews, and InternetFinancialNews.