Network World
Friday, May 16, 2008
DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools
NetworkWorld.com > Site Resources > Newsletters > Security: Threat Alert
Search this newsletter 

Security: Threat Alert

 

How secure is Vista?
05/12/08
It's interesting how we, the media, can put different spins on the same story. To wit, an Australian security company collected stats on the number of infections in the various flavors of Windows and released the results. Computerworld had this spin: "Windows Vista more secure than XP, says security company". While Techworld (also an IDG publication) went with: "Vista as insecure as Windows 2000". Either way, if you run Windows you need to keep up with the patches and this week is no different: Microsoft is planning to release four patches in May's edition of Patch Tuesday. Keep an eye on Windows Update for the latest.

Just when you though the Storm was over
05/08/08
There's been a lot of credit taking among security groups over who killed the Storm worm. Looks like no one did. The pesky worm reared its ugly head with another wave of attacks on unsuspecting users. It's like Jason from Friday the 13th or Mike Meyers from Halloween, it never really dies. We've also got word that a somewhat popular Firefox plugin shipped with malicious code onboard.

Interop security highlights caught on video; Mozilla Messaging patches Thunderbird; more
05/05/08
The Network World staff had a busy schedule filming video at Interop 2008 in Las Vegas last week. Among the security-related highlights are: Casinos fail wireless security test, Getting value out of security log files, Q&A: McAfee's David DeWalt, Don't get Pinched by the latest malware threats and Adapting quickly to security threats. You can see all of our Interop videos at networkworld.tv.

Security a hot topic at Interop 2008
05/01/08
We've completed two days (as of this writing) of interviews at Interop 2008 and many touched on the myriad of security threats facing users today as well as the many security systems available for protecting systems big and small. Check out all the interviews at www.networkworld.tv.

New Oracle database hack found
04/28/08
Stay tuned to networkworld.tv this week as we bring you wall-to-wall coverage of Interop Las Vegas 2008. We've got a number of security experts and vendors slated to appear, so check back all week. Before that though, noted security researcher David Litchfield has found a new way to hack Oracle databases and 500,000 pages have been compromised by a mass SQL injection attacks.

Microsoft re-issues two patches
04/24/08
Looks like Network World had its own bug to patch. A security researcher sent us a note detailing a cross-scripting exploit in the way our printer friendly system works - or should I say worked. We've fixed it, thankfully. Another "everyone needs to stay vigilant" lesson. Speaking of staying vigilant, Microsoft re-issued two patches this week to fix critical flaws found in recent updates.

Two new Microsoft bugs in the wild
04/21/08
A Chinese blog has detailed a flaw in Microsoft works that could be exploited through a malicious ActiveX control and Microsoft itself is warning of a flaw in the Windows Rights system that could result in a user gaining elevated privileges. Plus, patches from Gentoo, Ubuntu, Debian and Mandriva.

Mozilla patches JavaScript flaw in Firefox
04/17/08
Be on the lookout for the latest Firefox update (2.0.0.14) that fixes a JavaScript bug. Mozilla put out the critical patch late Wednesday and it should be showing up through Firefox's automatic updates over the next several days. Cisco is getting in on the patch parade this week too with an update to its Network Admission Control (NAC) system and Apple has finally patched the bug that helped with a $10,000 hacker prize.

Big week for Oracle admins
04/14/08
Oracle's quarterly update is coming this Tuesday and is slated to include some 41 total patches. Among the updates are two that fix "nasty" flaws in Oracle's core database that could be exploited with a username or password. In advance of the Oracle release, we've also got updates from Gentoo, Mandriva, Debian and Ubuntu.

Mobile Security a hot topic at CTIA
04/10/08
One of the big themes last week at CTIA in Las Vegas - besides all the new iPhone knockoffs - was mobile security. There's an increasing number of vendors beginning to tackle the issue of security on the mobile device, even if the threat is not as bad here in the U.S. as it is overseas. Vendors like Kaspersky and Bluefire are just two of the vendors we've talked to about the issue. Check out the interviews (a video and a podcast) below. Also this week, Microsoft's Patch Tuesday delivered 11 new updates (5 critical) and Adobe updated a lucky seven flaws in Flash Player.

On Patch Tuesday Eve, a number of patches from major vendors
04/07/08
April enters like a lion with patches from Symantec, Apple, Cisco, CA and Adobe. Plus Microsoft has Patch Tuesday coming this week with eight flaws. Also, Linux flavors Ubuntu, rPath, Debian and Gentoo have released multiple patches this week.

CA users targeted by attackers
04/03/08
Attackers, who are becoming increasingly more precise in with their attack targets, are now going after CA corporate customers by exploiting known vulnerabilities in the company's popular software applications. Also, general users should be aware of a new Office exploit that has hit the street and if you've skied Okemo Mountain in Vermont recently, you might want to watch your credit card statements for unusual activity.

iFrame attacks and Facebook spam
03/31/08
Malware leads the news today with hackers expanding their use of an iFrame attack to more popular sites such as USA Today, ABC News and Wal-Mart. Plus, security researchers are warning Facebook users to be wary of malicious "wall" postings. And, as we approach the tax deadline day, scammers are upping their efforts to dupe taxpayers.

Cisco kicks off IOS Patch Wednesday
03/27/08
Cisco kicked off its bi-annual IOS Patch Wednesday with five new fixes for its venerable router operating system. Most of the patched flaws were of the denial-of-service variety. Mozilla came out with 10 new fixes for Firefox as well. Users should already be getting Version 2.0.13 as part of Firefox's automated patch system. Also today, attackers are going after flaws in Excel, CA's BrightStor backup system and possibly D-Link routers.

Beware of new Word attack
03/24/08
Microsoft is warning users not to open unexpected Word files after a new zero-day exploit is making the rounds that could be used to run malicious code. The flaw being exploited is in Microsoft's Jet Database Engine. No word on when an update will be available. The folks at Asterisk are also out with a couple patches for the open source IP PBX and Apple's got a quick update for users of Aperture 2 or iPhoto.

Not a good week for Apple
03/20/08
Apple may want to rethink that ad campaign that pokes at Microsoft's numerous patches after this week's deluge of patches. In all, over 100 fixes were released across three updates: 90 for the Leopard OS, 13 for Safari and one for Apple's 802.11n base station. VMWare, Asterisks and MIT Kerberos also have multiple updates today.

Excel patch results in bad math
03/17/08
For those that rely on Excel to supplement their math skills, watch out. One of last week's security updates for the spreadsheet application caused a math bug. The flawed calculations should be obvious as all zeroes will be returned. Microsoft does have a workaround. And Cisco is out with a second patch in as many weeks, this time fixing a flaw in its CiscoWorks Internetwork Performance Monitor.

Microsoft's plethora of patches
03/13/08
Over the past few newsletters, I mentioned calm before the storm. Well, the storm arrived this week. Microsoft's Patch Tuesday delivered a series of updates for the Office Suite on Windows, plus the company released an update for Mac Office 2008 that includes some security enhancements. And, if that weren't enough, a prominent security researcher is warning of a new Internet Explorer FTP flaw and there's a bug in Microsoft Home Server that won't be patched until June. Also this week, Cisco released a patch for its Secure Access Control Server.

Four critical patches coming from Microsoft
03/10/08
Is it me or does it seem Patch Tuesday comes quicker every month? Maybe it's because February is a "short" month. In any case, this is the week Microsoft delivers its monthly patch update. Administrators will be looking at four new updates, all critical. And if you need something to keep yourself busy until Tuesday's release, we've got new patches from Ubuntu, Debian, Mandriva and Gentoo ready to roll.

Malware on the desktop and mobile device
03/06/08
A new virus making the rounds is designed to get users to download fake antivirus software, resulting in a further infestation. The MonaRonaDona virus uses social engineering techniques to spread. If that's not enough of a headache, the Storm worm - relatively dormant since Valentine's Day - is making a comeback, this time with an e-greeting card theme. And it's not just desktop users that need to worry, F-Secure this week detected a new Trojan targeting Windows Mobile users.

A calm before the storm?
03/03/08
The week is starting off slow for patches, but phishers are out in force with new eBay scams, an Orkut worm, and IRS scheme targeting people looking for tax refunds. Let's not get lulled into a false sense of security though over the lack of patches - could just be the calm before a big storm.

Windows stalked by rogue packets?
02/28/08
Microsoft's security team is looking into claims that a flaw in Windows XP and Vista could be exploited through the use of "rogue" packets and that any 'Net connected PC could be affected. Sounds scary, but I am sure it's just another day in the Redmond Patch Department. One thing that does scare me, given my "Out of office" message is on this week, is a story about how spammers are using such auto-reply messages as means to relay Spam. Hopefully, I am not inadvertently spamming people while on vacation!

VMWare patches critical bug
02/25/08
In the movie "Untraceable," the FBI cybercrime team uses virtual machines to protect its real systems from the malware they're investigating. But in real life, the virutal machine is not always foolproof, as witnessed by this week's patches from VMWare that fix a bug which could allow attackers to "zap" the Windows operating system the virtual machine is running on top of. Also, Opera has managed to patch a trio of bugs while at the same time bashing Mozilla. Sounds like presidential politics!

Apple patches a ... keyboard flaw?
02/21/08
After a busy week-plus on the security front, things have slowed a bit. Is it a calm before the storm or a normal lull? Of course, there is some security news: a Facebook ImageUploader exploit in the wild, and Apple has released a new patch for its laptop keyboard firmware. Plus, a keylogging Trojan is targeting users of the Habbo social networking site.

Flaws found in Firefox, Opera
02/18/08
Firefox and Opera are both under fire as security researchers at Vexillium have found a flaw that could allow attackers to capture a users' Web history. No word on updates yet, but be on the lookout. We've also got pairs of patches from rPath, FreeBSD, Ubuntu, Debian, Mandriva and Gentoo.

More articles  »
 


Jason Meserve is multimedia editor at Network World.


Browse Newsletter categories: Branch Office Best Practices Alert | Convergence & VoIP Alert | IT Careers and Training Alert | IT Leadership Alert | Network Architecture Alert | Network Optimization Alert | Network/Systems Management Alert | Security Strategies Alert | Security: Identity Management Alert | Security: Network Access Control Alert | Security: Threat Alert | Small Business Technology Alert | Storage Alert | Technology Executive Alert | Unified Communications Alert | Web Applications Alert | Wide Area Networking Alert | Wireless Alert |