- Cool Yule Tools: 2008 Holiday Gift Guide
- 10 kitchen gadgets for the geek gourmet
- Google admits to violating iPhone development terms
- Smartphone smackdown: Storm vs. iPhone
- Google layoffs: 10,000 jobs being cut
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
VMware releases slew of updates
Updates are available for a range of VMWare products including VMware Workstation, VMware Player, VMware ACE, VMware Server
and VMware ESX. With these releases, VMWare is addressing an issue with the way its ActiveX controls run inside Internet Explorer
as well as fixing flaws that could be used for privilege escalation, denial-of-service attacks and to run malicious code.
**********
Flaw found in MSN messaging protocol
The Zero Day Initiative is reporting a new flaw in the way the MSN instant messaging protocol is handled by certain multi-protocol
clients could be exploited to run malicious code on an affected system. Pidgin is one system that is impacted, but has already
released an update.
Pidgin update
**********
Apple promises September fix for iPhone security flaw
A recently discovered security flaw that would allow access to a locked iPhone will be fixed next month, Apple said on Thursday.
The security flaw allows access to a locked iPhone by pressing the emergency call button at the unlock screen, followed by
two taps on the home button. Macworld, 08/28/2008.
**********
Two new updates from Mandriva:
ipsec-tools (denial of service)
libxml2 (denial of service)
**********
Today's malware news:
Do You Know Where Your Baby Is?
Notice! The virus-spreading spammer doesn't have your baby but is claiming to. In recent emails observed by Symantec, malicious
code is being spread by hoax emails claiming to have pictures of your hijacked [sic] baby. The Subject line makes the claim
that someone has "hijacked" your baby and the attachment on the message is not a photo, but rather a zip file containing a
downloader. Symantec Security Response, 08/29/2008.
Leave Your Webcam On 24/7? Might Want To Reconsider...
It's nothing new that many hackers use programs that allow them to "spy" on their victims once they've compromised the PC
(as long as they have a webcam switched on, of course). Similarly, hacking culture has always had a fascination for memes,
incorporating them into part of the design of their latest DDoS tools. The SpywareGuide Greynets Blog, 09/01/2008.
Don't Panic
Sometimes it's easy to believe that every last thing online is going to eat into your PC, burn your house down, kill your
cat and so on. The last few days I'd been hearing rumblings about some "Youtube rap video" and a file that would start hijacking
your PC - well, thanks to a tipoff from a forum-goer at Spywarewarrior, I can hopefully put this one to rest. The SpywareGuide
Greynets Blog, 08/29/2008.
Jason Meserve is multimedia editor at Network World.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment