December
1995
Network Security
and 700/8OOs.The vulnerability allows users to exploit ftp, and can be eliminated from releases 9.x and 10.x of HP-UX by applying the correct patch. To treat only the commercial releases of HP-UX prior to 9.x, it is necessary to upgrade the systems to a currently supported release. The patches are as follows: For the commercial HP-UX releases: PHNE_6013 (series 700/800, HP-UX 9.x) PHNE_6014 (series 700/800, HP-UX 10.x) PHNE_6146 (series 300/400, HP-UX 9.x)
The viruses are getting more vicious
For the BLS HP-UX releases:
Virus writers and anti-virus software developers have been locked in an endless loop, and the viruses get more vicious and the solutions for eradicating them more clever with each round. Datamation reports that it seems the virus writers are on top if the recent virus ‘Dir.Byway’ is any indication. Dir.Byway, which attacks PCs, infects all of the executables in all directories in a search path and is capable of infecting programs even before they are launched. Any kind of access, such as simple directory listing, is enough for the virus to cause damage. It displays a message in Spanish which translates as, “We are all working for Venezuela!!! “. The virus is believed to have been developed in China.
PHNE_6169 (series 700, HP-UX 9.09+) PHNE_6170 (series 700, HP-UX 9.09) PHNE_6171 (series 800, HP-UX 9.08) PHNE_5965 (series 700, HP-UX 10.09) The three 9.0x B level security patches will be available after 2 January 1996. HPs patches are available via WVWV at: http://us.external. hp.com/; or by contacting the HP support line at:
[email protected]. The patch for HP-UX releases 9.x and 10.x provides a new version of /usr/bin/ftp and /etc/ftpd, which fixes the vulnerability. For further information contact: The US Department of fnergg Computer’lnciden f Advisory Capability; tel: + 1 5 70 422 8 193; fax: + 7 5 10 423 8002: E-mail: ciac@llnl. go\/:
01995 Elsevier Science Ltd
Javascript language becomes a competitor Sun Microsystems and Netscape are planning to undermine Microsoft’s lnternel strategy by linking up to provide a scripting language
which will compete with Visual Basic. The companies have revealed Javascript as a language for use by HTML page authors and corporate application developers, and released the names of a number of companies including Hewlett Packard, Oracle, Digital Equipment, Intuit, Apple and Novell which are supporting the “open, cross platform object scripting language”. Sun and Netscape said that the initial version of Javascript would be available immediately as part of the beta version of Netscape Navigator 2.0. The companies described Javascript as “analogous to Visual Basic in that it can be used by people with little to no programming experience to quickly construct complex applications.” Javascript was designed for creating network-centric applications, complementary to and integrated with Sun’s Java programming language and HTML. Both Netscape and Sun plan to approach the World Wide Web Consortium and Internet Engineering Task Force to adopt Javascript as a standard.