Security Flurry

On any given week, there's a tug-of-war among the new threats and vulnerabilities spilling out, and the programmers and cops trying to contain them. Last week's struggle had some particularly engaging efforts. On the downside, two big vulnerabilities were found in the Firefox browser, and the Sober.p worm was found to be evading many antivirus scanners. On the upside, Novell took steps to tighten up its Linux operating system, Microsoft unveiled a service for ad hoc security guidance, and Swedis
Worm Evades Scans
One of the reasons the Sober.p worm continues to spread is because of the way it hides from some antivirus scanners, a Russian security firm says.

Sober.p--also called Sober.s, Sober.o, and Sober.v by various antivirus companies--includes a mechanism that prevents other programs from accessing its files, Kaspersky Lab said last week. That presents problems for some antivirus software.

The tactic has been seen in previous Sobers, but it has been refined so that no applications can access them, according to the firm. If the malicious code can't be accessed, it can't be detected when antivirus software runs scans. Instead, the software must have the means to detect Sober running in memory, then kill those processes.

Several antivirus vendors have posted free detection and deletion tools that can see through Sober's cloak of invisibility, including Panda Software's QuickRemover. Microsoft's Windows Malicious Software Removal Tool, which was updated last week as part of the monthly security bulletin release, also sniffs out Sober.p.

-- TechWeb News

Firefox Holes Outfoxed
The Mozilla Foundation last week posted a release candidate of a security update to its Firefox Web browser that patches a pair of vulnerabilities rated "extremely critical" that were leaked earlier this month.

The Windows, Mac, and Linux versions of Firefox 1.0.4 security update can be downloaded from the Firefox File Transfer Protocol server. Like the three previous updates released this year, 1.0.4 is a bug fix, in this case one that plugs a cross-scripting vulnerability that could let an attacker gain control of a Firefox-equipped computer if its user simply surfs to a malicious site.

Because proof-of-concept code was leaked--as were the vulnerabilities--before a patch was ready, Mozilla recommended that Firefox users either disable JavaScript or lock down the browser so it doesn't install additional software, such as extensions or themes, from Web sites.

The vulnerabilities were discovered by a pair of security researchers who had notified Mozilla earlier in the month but were keeping mum until a patch was written. However, details of the vulnerabilities were leaked by someone close to one of the researchers.

According to security vendor Secunia, which tagged the bugs with its highest "extremely critical" warning--the first time it has used that to describe a Firefox flaw--a hacker can trick the browser into thinking a download is coming from one of the default sites permitted to install software automatically: or

Firefox 1.0.4 is the fourth security update to the browser since the beginning of the year. In that time, Microsoft has released two patches for its Internet Explorer browser.

-- Gregg Keizer, TechWeb News

Telco Act Needs VoIP Security
The Cyber Security Industry Alliance has called on Congress to include recommendations related to securing voice-over-IP technologies as it reviews the 1996 Telecommunications Act.

Paul Kurtz

Paul Kurtz
The pervasiveness of IP-based communication and networking technologies, particularly VoIP, has made the security and integrity of the Internet a national priority, according to the alliance. Voice applications over the Internet are vulnerable to many of the same threats as data traffic, including denial-of-service attacks, worms, and viruses, and these threats could cripple the IT-dependent critical infrastructure, disable VoIP-based emergency systems, and weaken the national response capability in the event of attack, the group says.

"As Congress considers revisiting the Telecommunications Act of 1996, the cybersecurity alliance strongly recommends that the serious implications of VoIP cyberattacks be addressed since they can affect critical government services such as 911 and other emergency first-responder services," executive director Paul Kurtz said in a statement.

The alliance has made a number of recommendations for securing VoIP and has asked Congress to provide support for research into and development of security technologies.

-- Matthew Friedman, Networking Pipeline