- 10 Microsoft research projects
- 10 kitchen gadgets for the geek gourmet
- Verizon trounces competition
- Smartphone smackdown: Storm vs. iPhone
- FBI warns of holiday cyber scams
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
Today's malware news:
Phish Page Steals Your Details, Then Logs You In
A Phish for the popular Habbo Hotel caught my eye today because it does just that - seamlessly logging you into Habbo Hotel
once your details have been stolen. The SpywareGuide Greynets Blog, 08/22/2008.
**********
Today's bug patches and security alerts:
Microsoft admits posting flawed update
Microsoft re-released one of its Aug. 11 security updates yesterday, explaining that it had posted an incomplete version to
its own download center last week. The admission was the third time in the last two months that Microsoft has had to re-issue
a security-related update. Users who manually downloaded MS08-051 since Aug. 12 to patch Office 2003 should obtain the second
version as soon as possible, Microsoft said. People who obtained the update via Windows Update or through their company's
Windows Server Update Services (WSUS) server, or who updated other versions of Office, do not need to reinstall MS08-051.
Computerworld, 08/22/2008.
**********
Nokia admits security flaws in Series 40 OS
Nokia confirmed Thursday its widely used Series 40 operating system has security vulnerabilities that could allow stealth
installation and activation of applications. IDG News Service, 08/21/2008.
**********
Six new patches from Mandriva:
metisse (integer overflow, code execution)
xine-lib for Mandriva 2008.0 (multiple flaws)
xine-lib for Mandriva 2008.1 (mulitple flaws)
mtr (stack overflow, code execution)
yelp (format string, code execution)
**********
Two new updates from rPath:
postfix (privilege escalation)
freetype (multiple flaws)
**********
Two new fixes from Ubuntu:
xine-lib (multiple flaws)
**********
Two new patches from Debian:
linux-2.6 (denial of service, information leak)
**********
From the interesting reading department:
Red Hat says its servers, Fedora Project's systems, breached
Red Hat confirmed Friday that hackers compromised infrastructure servers belonging to the company and the Fedora Project,
including systems used to sign Fedora packages. In the Fedora breach, company officials said they had "high confidence" the
hackers did not get the "passphrase used to secure the Fedora package signing key." Regardless, the company has converted
to new Fedora signing keys. Network World, 08/22/2008.
Jason Meserve is multimedia editor at Network World.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment