Crypto-gram for December 15, 2000. In this issue: Voting and Technology, Crypto-Gram Reprints, IBM's New Crypto Mode of Operation, Solution in Search of a Problem: Digital Safe-Deposit Boxes, and New Bank Privacy Regulations.
ff3f1cc0bac61ff3d6e20ab4e727a56aa83079c0f8ff7ab9d5432dd099ba8ad9
Microsoft Security Bulletin (MS00-097) - Microsoft has released a patch that eliminates a security vulnerability in Microsoft Windows Media Server which allows malicious users to degrade the performance of a Windows Media server to the point where it could no longer provide useful service. When a connection to a Windows Media server is made, then severed, using a particular sequence of TCP/IP packets, the Windows Media Unicast Service does not release all of the resources allocated to the connection. When repeatedly making and then severing connections in this manner, malicious users can exhaust the resources of the server. Microsoft FAQ on this issue available here.
613f0a1ea210493f1edac7eb5a50da9377cf301c0cd903f10d888953a7de0f9e
Linux Xsoldier local root buffer overflow exploit. Overflows the -display command line option.
b399b42f07b8641525a5352aaf822e9698210c090495c285cd9fc11af3fdf062
Advanced Office 2000 Password Recovery (professional edition) - Recovers lost passwords for Microsoft Word, Excel, Access, PowerPoint 97, Project, Money, Outlook, Backup, Schedule+, Mail, IE 3, 4, and 5, Visio 4 and 5, and others. All passwords are decrypted instantly except Word/Excel 97/2000 which has strong crypto and is only vulnerable to brute force attack. 30 day trial, although it does not actually expire.
36a029d56d699a3688c129dac53346e12e550312cc228e997b4d90d9939a70cc
IDS/A is an experimental interface between applications and a daemon which functions as system logger, reference monitor, and soon intrusion detection system. IDS/A is not yet complete, but can already be used as system log replacement with extra neat features such as automatic log rotation. It also ships with two example applications which demonstrate how the system can be used to block basic banner grabbing port or CGI scanners.
fa8dbeafaa0e09aaf18815c3c8f399c990d76fe3c94d68b2e9a889a7c19ff34a