- Cool Yule Tools: 2008 Holiday Gift Guide
- 10 kitchen gadgets for the geek gourmet
- Google admits to violating iPhone development terms
- Smartphone smackdown: Storm vs. iPhone
- Google layoffs: 10,000 jobs being cut
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
After password glitch, another Firefox patch out
Mozilla developers have rushed out a new release of their Firefox browser to fix a bug that has been preventing some Web surfers
from using saved passwords this week. Firefox update 3.0.3 should be hitting browsers today, once of my systems was updated
this morning when I got into the office. IDG News Service, 09/26/2008.
**********
CA patches Service Desk
According to a CA advisory, "CA Service Desk contains multiple vulnerabilities that can allow a remote attacker to conduct
cross-site scripting attacks. The vulnerabilities are due to insecure handling of passed variables in multiple web forms.
An attacker, who can convince a user to click on a specially crafted link, can potentially conduct cross-site scripting attacks."
**********
Three new updates from Gentoo:
Git (buffer overflows, code execution)
**********
Two new patches from Mandriva:
Firefox (multiple flaws)
**********
Today's malware news:
Hackers resurrect notorious attack toolkit
Neosploit, the notorious hacker exploit kit that some thought had been retired months ago, has not only returned from the
dead, but is responsible for a dramatic increase in attacks, a security researcher claimed Thursday. Computerworld, 09/26/2008.
Security researchers warn of new 'clickjacking' browser bugs
Security researchers warned Friday that a new class of vulnerabilities dubbed "clickjacking" puts users of every major browser
at risk from attack. Computerworld, 09/28/2008.
Trojan can grab extra personal banking data
A Trojan horse program now available to a growing number of fraudsters can add data entry fields to legitimate online banking
sites and entice consumers to give up sensitive information such as bank card numbers and PINs (personal identification numbers).
IDG News Service, 09/26/2008.
Imageshack Security Issue Reported, Fixed
Earlier today, we noticed it was possible for malicious users to abuse Imageshack by obtaining the IP Address of anyone who
had uploaded an image to the site (considering they have 2+ million uploads a day, that's an awful lot of people to choose
from). Imageshack has fixed the issue. The SpywareGuide Greynets Blog, 09/26/2008.
Jason Meserve is multimedia editor at Network World.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment