- Cool Yule Tools: 2008 Holiday Gift Guide
- 10 kitchen gadgets for the geek gourmet
- Google admits to violating iPhone development terms
- Smartphone smackdown: Storm vs. iPhone
- Google layoffs: 10,000 jobs being cut
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
VMWare releases critical fix for ESXi and ESX 3.5
The Openwsman system management platform inside VMWare's ESXi and ESX 3.5 applications is vulnerable to two buffer overflows
that could be exploited by remote attackers. A patch is available.
**********
Hacker posts QuickTime zero-day attack code
A hacker has released attack code that exploits an unpatched vulnerability in Apple's QuickTime, just a week after the company
updated the media player to plug nine other serious vulnerabilities, a security researcher said last week. Computerworld,
09/18/2008.
**********
Four new updates from Debian:
Python Django (cross site request forgery)
twiki (information leak, code execution)
**********
Today's malware news:
Fake Paypal Bruteforcer
I see a lot of programs designed to hack the wannabe hacker. It's been a trend for some time now for professional Phishers
to offer up Trojaned Phishing kits to newbies (so they can watch the newcomer do all the hard work then snatch the booty at
the last second), and the practice of hackers placing bait for wannabes such as this has probably been going on for a lot
longer. The SpywareGuide Greynets Blog, 09/21/2008.
Hacked Texas National Guard site serves up malware
Attackers have hacked the Web site of the Texas National Guard and are using it to serve up offers of fake security software
and plant rootkits on unpatched PCs, a security researcher said Thursday. Computerworld, 09/19/2008.
**********
From the interesting reading department:
Legislator's son at center of Palin hack talk
A Tennessee state legislator has confirmed that his son, a 20-year-old student at the University of Tennessee-Knoxville, is
the person being named on blogs and message boards in connection with the hacking of Gov. Sarah Palin's e-mail account, a
Nashville paper reported late Thursday. Computerworld, 09/21/2008.
Also: FBI searches Tenn. student's apartment in Palin hacking case
Also: Anon Delivers?
Protecting your Webmail
Is there was any way to tell if someone had broken into your Webmail account? IBM's Frequency X blog, 09/19/2008.
Yahoo, Hotmail, Gmail all vulnerable to password reset hack
Yahoo Mail isn't the only Web-based mail service that could be duped into giving up someone else's account password, the tactic
that some have argued was used to break into Gov. Sarah Palin's e-mail earlier this week. Computerworld, 09/20/2008.
Jason Meserve is multimedia editor at Network World.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment