Corporate AIM: Come for the Whiteboard, Stay for ID Management

Network News Break: The gee-whiz factor of AOL's latest IM announcements overshadows some useful security functionality. Also: Cisco patches a DoS vulnerability in CatOS, Microsoft mulls an out-of-cycle bug fix, CVS mends a few fences, and modern-day Pinkertons roam the 'net frontier dressed up like girls.

By Michael Hall | Posted Jun 10, 2004
Page of   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Main     Elsewhere     The Week in CrossNodes     The Week in Network News

A report from internetnews.com shows some useful improvements coming to AOL's instant messaging services. For net admins who feel a measure of concern about user security, the report's real good news is a bit of a footnote: The company also announced AIM Identity Services, a package of functionality that provides the obvious appeal of "user@domain" screen names and, perhaps more importantly, one-click digital certificate enrollment, which provides both cryptographically secure communications and a means of identity verification.

As we noted in yesterday's News Break reports indicate that the click-through rate on instant messaging spam (so-called "spim") is high because of the implicit trust users place in their buddy lists. But while instant messaging services have all jockeyed for mass-market user bases, and some attention has been paid to securing the data stream between a pair of chat users, the sort of identity guarantees needed for users to communicate with an assurance of the distant end's identity have been slower.

AOL's offering should do a lot to relax the concerns of net admins who have probably had to stand aside in the face of the risk/benefit tradeoff instant messaging offers.

Elsewhere:

» Cisco has released an advisory regarding a DoS vulnerability in Cisco CatOS-driven devices:

Cisco CatOS is susceptible to a TCP-ACK Denial of Service (DoS) attack on the Telnet, HTTP and SSH service. If exploited, the vulnerability causes the Cisco CatOS running device to stop functioning and reload.

Workarounds and patch information are available at the link.

» If you have a CVS server on your net, this roundup of recent security issues, including potential privilege escalations and denial of service attacks, might be of interest. It makes the case for some user education on securing traffic with OpenSSH if nothing else.

» This rundown of future-minded projects presented by Microsoft at a tech Road Show it held at its Silicon Valley campus had one item of potential interest to networkers:

Shields, deployed in the network stack, are vulnerability-specific, exploit-generic network filters installed in end systems that are the first line of defense against worm attacks. Researcher Helen Wang and her team designed a restrictive language that describes vulnerabilities as partial state machines of the vulnerable application. Testing suggests that Shield could be used to prevent a substantial portion of the most dangerous worms from doing damage.

» You'll want to be on the lookout for an out-of-cycle patch from Microsoft that addresses two "extremely critical" vulnerabilities in Internet Explorer. From the report: "According to research firm Secunia, the holes can be exploited to open files on the local computer or to bypass IE security zones and execute malicious software in an Internet Zone with less restrictions."

» If the world of the Internet is pretty much the Wild West, then perhaps private firms acting as "cybersleuths" are the Pinkertons. The New York Times has a brief profile on one such company. (Free registration required.)

The Week in Network News

» Wednesday: The State of 'Net Security: Nasty, Brutish, and Whiny

It feels good to threaten spammers with Gitmo time, but without security-minded admins, what's the point? Also: AOL tells e-mail hosts it's time to deploy SPF... or else, spim menaces instant messaging users, broadband use is on the rise, spam costs are going up, Korgo is getting meaner, and PhatNet provides a handheld network monitor.

» Tuesday: Netgear's Non-Fix: Another Black Eye for Off-the-Shelf WAPs

Netgear has thoughtfully patched a back door in one of its products with... another back door. Also: Cisco and Trend Micro team up to secure Cisco gear against viruses, domain registrations are on the rise, Gartner's not so convinced about host authentication, and Apple rolls out a wireless toy you might soon see dangling from outlets around your cube farm.

» Monday: Microsoft to Make XP SP2 Free for All

Microsoft says it's going to release XP ServicePack 2 for everybody... even the pirates. Also: Wi-Max standards in more depth, software to help with messaging archive compliance, a wardriver is faced with prison time, and why server authentication isn't the be-all, end-all of anti-spam measures.

The Week in CrossNodes

» Squid Puts the Squeeze on Net Wrongdoers (Part 2)

Between online deathmatches, hearts tournaments, and sports bookies, your network might be looking more like a playground than a place to get work done. Here's how to use Squid to button down the traffic and make sure your more slippery users don't slide out of its grasp.

» Three LDAP Browsers for the Asking

Getting your information in a directory is just half the battle: The other half is finding it. Here are three LDAP browsers, free of charge and up to the task of digging through your data.

» FaceTime Makes IM as Safe as Talking Face-to-Face

With IM use at critical mass and growing, security and privacy challenges abound. FaceTime's enterprise-grade server suite monitors, archives, and analyzes IM traffic for thousands of users without requiring thousands of admin hours.

» Scripting Clinic: Dissecting a Live Python... Script

By examining a working script line by line, this edition of the Scripting Clinic shows you how to put your own scripts together and exposes a few Python quirks along the way.

Network News Break is CrossNodes' daily summary of networking news and opinion, served up fresh daily. Please send your comments and suggestions to the editor.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter