- Cool Yule Tools: 2008 Holiday Gift Guide
- 10 kitchen gadgets for the geek gourmet
- Google admits to violating iPhone development terms
- Smartphone smackdown: Storm vs. iPhone
- Google layoffs: 10,000 jobs being cut
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
Today's malware news:
Scammers using gloomy economic news to lure victims
Not surprisingly, scammers and spammers (or are they one in the same?) are jumping on the bleak economic news as a means of
delivering their wares. Network World, 10/02/2008.
419 Scammer Via Skype
Well that's typical, I go on holiday and the moment I switch a PC on to check something, this appears in Skype. The SpywareGuide
Greynets Blog, 09/29/2008.
Did You Catch Some Phish?
The evolution of a phishing attack is quite straightforward. At first, the fraudsters compromise a vulnerable server and deploy
a package called a "phishing kit," which contains a clone application of the targeted institution. Symantec Security Response,
09/29/2008.
419 Scammers Hack Email, Target Friends & Family With Request For Money
This is a particularly disturbing scam that's been passed my way, courtesy of reader MTGarden. The scammers in question hacked
a colleague's e-mail account, then sent out a request for money to the people on the hacked account's contact list, claiming
they were overseas and without cash. The SpywareGuide Greynets Blog, 10/01/2008.
**********
Today's bug patches and security alerts:
Two new patches from Mandriva:
pam_mount (authentication bypass)
OpenAFS (denial of service)
**********
Two new updates from Ubuntu:
nasm (one off vulnerability, code execution)
Thunderbird (multiple flaws)
**********
From the interesting-reading department:
Prominent Web sites found to have serious coding flaw
Two Princeton University academics have found a type of coding flaw on several prominent Web sites that could jeopardize personal
data and in one alarming case, drain a bank account. The type of flaw, called cross-site request forgery (CSRF), allows an
attacker to perform actions on a Web site on behalf of a victim who is already logged into the site. IDG News Service, 09/30/2008.
FAQ: Clickjacking - should you be worried?
Last week, a pair of security researchers spread the news that a new class of vulnerabilities, called "clickjacking," puts
users of every major browser at risk from possible attack. Computerworld, 09/29/2008.
Also: Clickjacking vulnerability to be revealed next month
Five mistakes security pros would make again
Ten years ago, Michael Riva was network administrator for a top-five American consultancy. Employees were downloading graphic
pictures and videos onto the network. Riva told his boss a proxy server with content filtering might be in order; his boss
laughed and suggested they put in a bigger file server instead. CSO, 09/29/2008.
Jason Meserve is multimedia editor at Network World.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (1)
Taking new whats?By Anonymous on October 2, 2008, 10:26 am"take new tacts" ? I think you meant to use the nautical term, "tack." I'm surprised that even passed a spellcheck.
Reply | Read entire comment
View all comments