Firefox 3 vulnerability found
Five hours after Mozilla officially released Firefox 3.0, researchers at TippingPoint found a vulnerability in the new browser. Since Mozilla is still working on a fix, the researchers won't share details about the problem. Tipping Point ranked the severity of the vulnerability as high, but said that users would have to click on a link in an e-mail or visit a malicious Web page before being affected.

TippingPoint advisory
**********

Cisco IPS vulnerability patched
Cisco Security released a patch today that fixes a vulnerability in its Intrusion Prevention System. securityCisco says that its IPSs "that have gigabit network interfaces installed and are deployed in inline mode contain a denial of service vulnerability in the handling of jumbo Ethernet frames. This vulnerability may lead to a kernel panic that requires a power cycle to recover platform operation." If the IPS is deployed in "promiscuous mode" only or if it is not using a gigabit NIC aren't vulnerable. Network World's Cisco Subnet, 06/18/2008.

Cisco advisory
**********

Microsoft fixes patch-blocking bug
Microsoft Corp. today fixed a flaw in an enterprise patch distribution tool that had blocked administrators from rolling out last week's bug patches. Computerworld, 06/17/2008.

Get the fix from Microsoft
**********

CA patches CA ARCserve Backup Discovery Service flaw
A vulnerability in CA's CA ARCserve Backup Discovery Service could be exploited by a remote attacker in a denial-of-service attack against an affected system. CA, which rates the flaw as "medium" risk, has released a fix for the problem.
**********

Two new updates from Gentoo:

Evolution (user-assisted code execution)

cbrPager (user-assisted code execution)
**********

Two new patches from Mandriva:

x11-server (multiple flaws)

XFree86 (multiple flaws)
**********

Today's malware news:

Facebook Phish
A message posted to random Facebook walls contains a really long link that redirects to domain hosted in China. Facetime says if you see the "e77c98037" domain, "turn and run." The SpywareGuide Greynets Blog, 06/18/2008.

How to salvage data lost to Gpcode.ak encryptor virus
The Gpcode.ak virus, which encrypts files on the victim's desktop and demands a ransom to decrypt them, uses encryption that so far has proven too strong to crack. But Kaspersky Lab, which first identified Gpcode.ak earlier this month, says there is a way for most victims to at least recover their files. Network World, 06/16/2008.
**********

From the interesting reading department:

A misconfigured laptop, a wrecked life
When the Commonwealth of Massachusetts issued Michael Fiola a Dell Latitude in November 2006, it set off a chain of events that would cost him his job, his friends and about a year of his life, as he fought criminal charges that he had downloaded child pornography onto the laptop. Last week, prosecutors dropped their year-old case after a state investigation of his computer determined there was insufficient evidence to prove he had downloaded the files. IDG News Service, 06/18/2008.

Security firm finds server with healthcare data
Security researchers with Finjan Software are seeing a growing thirst from cybercriminals for data other than credit-card numbers, with the latest findings including servers containing passwords leading to heathcare records and airline systems data. IDG News Service, 06/18/2008.

Unpredictable IT means unreliable business, survey says
Unexpected changes and increased system complexity within IT put business performance and security at risk, according to the results of a survey. Network World, 06/17/2008.

Tiger Woods: U.S. Open Champ and DDoS launcher
Monday, a number of U.S.-based ISPs thought they were under a distributed denial-of-service (DDoS) attack between noon and 1:30p EST as 'net traffic spiked 15% to 25% during that period. Another China-based attack? Nope, it was Tiger Woods and his march toward a 14th major championship at the U.S. Open. Network World's SecurityBlog, 06/17/2008.

Digital rights groups hit ISP ad firm for spying on users
A targeted advertising vendor being used by several U.S. broadband providers hijacks browsers, spies on users and employs man-in-the-middle attacks, according to a report released today by two advocacy groups. Computerworld, 06/18/2008.

Photobucket And NeTDevilz
We're getting reports that a few hours ago, Photobucket was "hacked" (I hesitate to use the term until we know the exact method used to have you see this when visiting Photobucket). The SpywareGuide Greynets Blog, 06/18/2008.

Holes found, fixed in Cisco's SNMP Version 3 authentication
Cisco Security sent out an advisory today warning that multiple Cisco products contain one of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature.

Have you been using your iPhone for business and now want to upgrade to 3G?
If so, Larry Chaffin says watch his video and prepare to be hacked.

Jason Meserve is multimedia editor at Network World.