- Cool Yule Tools: 2008 Holiday Gift Guide
- 10 kitchen gadgets for the geek gourmet
- Google admits to violating iPhone development terms
- Smartphone smackdown: Storm vs. iPhone
- Google layoffs: 10,000 jobs being cut
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
Researcher warns of unpatched iPhone bugs
Security vulnerabilities in the iPhone's e-mail application and Safari Web browser can be used by phishers to dupe users into
visiting malicious sites or by spammers to flood the phone's in-box with junk mail, a researcher warned today. Computerworld,
07/23/2008.
Aviv Raff: iPhone is Phishable and SPAMable
**********
Asterisks patches DoS vulnerability
A description of the flaw from Asterisk: "By flooding an Asterisk server with IAX2 'POKE' requests, an attacker may eat up
all call numbers associated with the IAX2 protocol on an Asterisk server and prevent other IAX2 calls from getting through."
A fix is available.
Patch for Asterisk's traffic provisioning system
A flaw in a Asterisk's traffic provisioning system could be exploited to flood a server with data, resulting in a denial of
service. A fix is available.
**********
Four new patches from Debian:
Ruby 1.8 (multiple flaws)
**********
Five new updates from Mandriva:
libxslt (buffer overflow, code execution)
Firefox (multiple flaws)
**********
Three new fixes from Gentoo:
PeerCast (buffer overflow, code execution)
Bacula (information disclosure)
**********
Two new patches from Ubuntu:
Dnsmasq (cache poisoning)
**********
Today's malware news:
Attack code released for new DNS attack
Hackers have released software that exploits a recently disclosed flaw in the Domain Name System (DNS) software used to route
messages between computers on the Internet. The attack code was released Wednesday by developers of the Metasploit hacking
toolkit. IDG News Service, 07/24/2008.
Also: Details of major Internet flaw posted by accident
**********
From the interesting reading department:
Podcast: Open source tools help secure city network
How does a fiscally constrained city department help get its network into compliance with PCI? Best of breed open source tools
are a big help, explains Alan Boulanger, former director of Information Security for the City of Springfield, Mass. (7:52)
Open source software a security risk, study claims
Open source software is a significant security risk for corporations that use it because in many cases, the open source community
fails to adhere to minimal security best practices, according a study released Monday. Network World, 07/21/2008.
Jason Meserve is multimedia editor at Network World.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment