Updates

A compilation of the latest information about viruses and worms, security issues and patches to rectify the same

Half a million database servers are at risk

According to some security researchers, nearly half a million Oracle and Microsoft SQL Server database servers could be vulnerable to attacks since they are not protected by a firewall and the majority of them do not have the most recent patches installed.

The estimate is based on a survey of 11,60,000 Internet addresses that extrapolated the results to the Internet at large. The survey found that 157 Microsoft SQL Server and 53 Oracle servers were not protected by firewalls and used estimates of the Internet’s size to calculate that some 368,000 machines running Microsoft SQL Server and 124,000 running Oracle are open to remote attack.

The study also found that at least 82% of computers running Microsoft SQL Server were running an older version of the database, while 13% of the Oracle machines ran versions no longer supported by the software maker.

Microsoft and Oracle, both have been targeted by flaw finders. The Slammer worm which attacked Microsoft SQL Server in 2003 compromised hundreds of thousands of systems, which included computers at the Davis-Besse nuclear plant in Ohio. Researchers have criticized Oracle for its perceived slow pace of patching. In 2006, plans for a month dedicated to disclosing Oracle bugs was scuttled.

Researchers warn of AV software risks

According to a couple of researchers, vulnerabilities in anti-virus software make programs as much of a threat as they are useful to corporate network security.

The researchers, Sergio Alvarez and Thierry Zoller, have taken anti-virus companies to task for a large number of vulnerabilities that the two discovered in how virus scanners parse potentially malicious files. While anti-virus software is a typical piece of a company’s defense-in-depth strategy, security holes in the software could allow an attacker to bypass other defenses.

According to experts, current AV DiD (anti-virus defense-in-depth) implementations define the worst possible way in which an anti-virus product may fail as ‘Fails to detect a threat’ or ‘Fails to detect a virus,’ but in reality the worst possible way is a lot worse, which is the possibility of underlying OS being compromised through the anti-virus software’s engine.

XP’s also prone to the random number bug

Microsoft has conceded that the pseudo-random number generator used by Windows XP suffer the same security shortcomings as the one in Windows 2000.

Israeli researchers recently discovered it was possible to predict the output of the random-number generator built into Windows 2000, after first determining the internal state of the generator. Random numbers are a critical sub-component of cryptographic functions, such as the generation of keys used for SSL exchange.

Microsoft admits that Windows XP—but not Windows Vista—is subject to the same problem. However the software giant has no plans to release a fix until Windows XP Service Pack 3 in the first half of 2008 since in order to pull off an attack, the attacker would need to gain ownership of a machine, after which worries about random numbers would be the least of a user’s worries.