- 10 Microsoft research projects
- 10 kitchen gadgets for the geek gourmet
- Verizon trounces competition
- Smartphone smackdown: Storm vs. iPhone
- FBI warns of holiday cyber scams
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
Microsoft to release four critical patches
Microsoft will release four critical updates to several software packages on Tuesday, the company said. The patches to be
released on so-called Patch Tuesday include fixes for a vulnerability that allows remote code execution in Windows Media Player
11 on various Microsoft operating systems and for a vulnerability that allows remote code execution in various versions of
the Windows OS and related products, including 2003 Server, Vista, XP, Office, .Net Framework, Works, Visual Studio, Visual
FoxPro and other software.
Microsoft advance advisory
**********
Five new patches from Gentoo:
Courier Authentication Library (SQL injection, code execution)
RealPlayer (buffer overflow, code execution)
dnsmasq (denial of service, DNS spoofing)
yelp (code execution)
**********
Two new updates from Mandriva:
python (integer overflow, code execution)
**********
Two new fixes from rPath:
libtiff (buffer overflows, code execution)
ruby (multiple flaws)
**********
Today's malware news:
Researchers build malicious Facebook application
A team of researchers have built a malicious Facebook program an experiment to demonstrate the possible dangers of social
networking applications. The experiment shows the ease with which attackers could dupe large number of users into downloading
a seemingly harmless application that actually performs a clandestine attack that can cripple a Web site. IDG News Service,
09/05/2008.
Is Rock Phish cybergang set for a comeback?
Do cybergangs work on evil "product upgrades" to improve their crimeware and attack methods? That's what RSA, the security
division of EMC, claims is happening with the Rock Phish gang, described as an East European cybercrime group responsible
for creating botnets used in phishing attacks to steal personal information. Network World, 09/05/2008.
**********
From the interesting reading department:
Data security now 10% of IT operating budgets, Forrester says
IT security budgets are on the rise, reflecting growing concern over data breaches and increasing CEO involvement in the task
of protecting sensitive data, Forrester Research analysts say. Network World, 09/04/2008.
AT&T security guru talks DoS attacks, tomorrow's hackers
Edward Amoroso is the chief security officer at AT&T in Florham Park, N.J., as well as a professor who has written several
textbooks on information security. Amoroso spoke with Network World's Jon Brodkin this week in Boston, where he delivered
a keynote about network security during Forrester’s Security Forum. Network World, 09/05/2008.
Jason Meserve is multimedia editor at Network World.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment