- Cool Yule Tools: 2008 Holiday Gift Guide
- 10 kitchen gadgets for the geek gourmet
- Google admits to violating iPhone development terms
- Smartphone smackdown: Storm vs. iPhone
- Google layoffs: 10,000 jobs being cut
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
FreeBSD catches up with BIND update
After last week's disclosure of a major DNS vulnerability, many vendors began rolling out patches for their various implementations.
FreeBSD has finally loosed a patch for its version of BIND, which closes up the hole that would allow an attacker to poison
a DNS cache.
**********
Four new patches from Debian:
gaim (integer overflow, code execution)
mysql-dfsg-5.0 (authorization bypass)
**********
Three new updates from Mandriva:
pcre (buffer overflow, code execution)
bluez (input validation, denial of service)
**********
Two new fixes from Gentoo:
Mercurial (directory traversal)
OpenOffice.org (integer overflow, code execution)
**********
Two new patches from rPath:
Ruby (cross scripting)
**********
Today's malware news:
Hunt for the elusive rootkit 'Rustock.C' revealed
Rootkits are software code designed to hide from detection. So Kaspersky Lab's hunt for the elusive Rustock.C rootkit, rumored
to exist for almost two years, reads like a detective plot. Network World, 07/15/2008.
Symantec: Microsoft Access ActiveX attacks will intensify
An easy-to-use toolkit used to hack computers has now been updated to take advantage of an unpatched security vulnerability
in Microsoft's software, which could mean attacks will intensify, according to vendor Symantec. IDG News Service, 07/14/2008.
**********
From the interesting reading department:
Insider threat looms large as San Francisco's network crisis plays out
The unfolding cliffhanger in San Francisco this week -- in which a city network administrator has been arrested for allegedly
holding the network hostage -- represents an extreme example of the insider threat that IT security vendors and others have
been sounding the alarm about for years. Network World, 07/16/2008.
Also: Report: IT admin locks up San Francisco's network
Data can leak from partially encrypted disks
If you're using encryption software to keep part of your computer's hard drive private, you may have a problem, according
to researchers at the University of Washington and British Telecommunications. They've discovered that popular programs like
Word and Google Desktop store data on unencrypted sections of a computer's hard drive -- even when the programs are working
with encrypted files. IDG News Service, 07/16/2008.
Jason Meserve is multimedia editor at Network World.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment