Here are some of the most significant bugs from the past week in the BugBlog.
A new worm is circulating on both peer-to-peer networks and instant messaging (IM) networks, disguised as Grand Theft Auto: San Andreas. Instead of the game, you will get the worm called Hagbard.A, which will install itself on your computer, and maybe even install a web server on the computer. This would give the bad guys even more ways to control your computer. The workaround, of course, is to avoid pirated software.
After a dispute that was as much legal as technical, Cisco announced that their Internetwork Operating System (IOS) software, if it is enabled for IPv6, may be vulnerable to a denial of service attack as well as the possibility of running code sent by attackers. This type of attack can only be done from a local network segment, so the threat is somewhat tempered. Cisco has fix information at http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml. This bug was discovered by Michael Lynn, who used to work for Internet Security System, and was discussed at the Black Hat Event in Las Vegas. Read about the legal dispute behind this at http://news.com.com/2100-1002_3-5809390.html.
The Netscape 8 browser is based on Mozilla Firefox. That means when there’s an update to Firefox, a new version of Netscape will be here soon. In this case, it is Netscape 18.104.22.168, which fixes a number of security problems, as well as a bug in the way that the browser history was being synced between the rendering engines in Netscape. Get the update at http://browser.netscape.com/ns8/download/default.jsp.
Microsoft says that Windows 2000 SP4 Update Rollup 1 causes incompatibility problems with some products from Internet Security Systems (ISS). This includes RealSecure Desktop 3.6 and 7.0, BlackICE Agent for Server 3.6, and BlackICE PC Protection 3.6. The problem is with some of the older ISS X-Press Updates (XPUs) signature and driver updates. Before installing the Windows 2000 rollup, make sure you have updated your ISS products. See http://support.microsoft.com/?kbid=901159 for Microsoft’s side of the story. ISS downloads are at http://www.iss.net/download/.
See the BugBlog for continuing coverage of bugs and other things that go wrong with your computer.