|Ken Novak's Weblog
Purpose of this blog: to retain annotated bookmarks for my future reference, and to offer others my filter technology and other news. Note that this blog is categorized. Use the category links to find items that match your interests.
Subscribe to get this blog by e-mail.
New: Read what I'm reading on Bloglines.
Tuesday, November 08, 2005
New Worm Plupii Targets Linux Web Service Holes: "The three vulnerabilities it attacks through are the XML-RPC for PHP Remote Code Injection vulnerability; the AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability; and the Darryl Burgdorf Webhints Remote Command Execution Vulnerability.
When Plupii is successful in infecting a server, it then sends a notification message to an attacker at a remote IP address via UDP port 7222 or 7111. .. Next, it opens a back door through one or the other of these ports. This enables an attacker to gain unauthorized access to the compromised system. Once in place, Plupii generates a variety of URLs .. in an attempt to find and infect other vulnerable systems.
The worm itself is easy to destroy. One need only delete the file: /tmp/lupii. The more significant problem is what the attacker may have downloaded to the server while it was active. Indeed, Symantec's Deepsight Alert Services recommends that, "Due to the ability of the remote user to perform so many different actions on the server computer, including installation of applications, it is highly recommended that compromised computers be completely reinstalled." " 8:11:15 PM
Mobile Comms Satellite Launches Into Orbit: Inmarsat bGAN broadband network nearly complete. "The second step in a $1.5 billion program to create a mobile broadband communications network spanning the globe for users at sea, in the air and on land roared into space today. .. When [The Inmarsat 4-F2 satellite] enters service from geostationary orbit 22,300 miles (35,888 kilometers) above Earth next year, the craft will join the Inmarsat 4-F1 satellite that was successfully launched on Lockheed Martin's Atlas 5 rocket in March from Cape Canaveral, Florida. Together, the two craft will deliver broadband communications to 85 percent of the world." Connections are expected at around 400 kbps in each direction.
Also interesting is how it got there. It was launched SeaLaunch, a private company using a floating platform and Ukranian and Russian rockets. 8:07:35 PM
The Federal Government Isn't Ready for Avian Flu. Are you? An trade magazine for CIOs asks if corporations should have their own avian flu plans. Actions to consider:
- "Work remotely. In a flu pandemic, the fewer people who are physically together, the better. Create a virtual private network or add new employees to it.
- Demand a plan. Once public health officials have established a plan, communicate it throughout your company.
- Automate. Online transaction functionality for customers and vendors keeps people isolated.
- Assess demand for raw materials and supplies in advance. If a supplier is hobbled and transportation networks are down, just-in-time inventory arrangements will falter. "
One BellSouth facility is "planning a mock emergency drill based on a flu pandemic scenario. Lathram's 19-person hazardous-materials team completed a mock emergency event for an anthrax outbreak shortly after the Sept. 11 terrorist attacks in New York and Washington, D.C. He says that team would be ideal to respond to a pandemic flu outbreak. "We would have them don their protective gear and enter a contaminated area or a quarantined area to do maintenance on our computers and other critical infrastructure," he says. "In that way it would be similar, but that would also be dependent on a healthy hazmat team." " 10:00:38 AM