Vendors fixing bug that could crash Internet systems
Internet infrastructure vendors are working on patches for a set of security flaws that could help hackers knock servers offline with very little effort. IDG News Service, 10/03/2008.

Robert Hanson: New DOS Attack Is a Killer
**********

Security researcher reveals iPhone design flaws
Apple's iPhone has two design flaws that could pose potential security problems, according to a researcher. The first one concerns the iPhone's e-mail application, which automatically downloads images within an e-mail. The second design flaw is how the iPhone's e-mail application displays URLs. IDG News Service, 10/02/2008.

Aviv Raff on the iPhone flaws
**********

Apple releases Apple TV 2.2 update
A new software update for Apple TV (version 2.2) fixes numerous flaws in previous versions that could be exploited to run malicious code on the device. Most of the vulnerabilities are related to how certain files are handled by the OS. Apple TV users should see the new update downloaded automatically.
**********

Two new updates from Ubuntu:

cpio (buffer overflow, code execution)

OpenSSH (denial of service, authentication bypass)
**********

Today's malware news:

Encrypted image backups open to new attack
Bitmaps stored inside encrypted backup files could be vulnerable to a sophisticated 'comparison' attack, a German security researcher has discovered. TechWorld, 10/03/2008.

Researcher finds evidence of massive site compromise
Several criminal gangs have acquired administrative log-in credentials for more than 200,000 Web sites -- including the one used by the U.S. Postal Service -- and have used the compromised domains to attack unsuspecting users' PCs with a notorious hacker exploit kit, a researcher said today. Computerworld, 10/03/2008.

Read the Verizon report (PDF)
**********

From the interesting reading department:

CAN-SPAM: What went wrong?
Five years ago, the U.S. tech industry, politicians and Internet users were wringing their hands over the escalating problem of spam. Network World, 10/06/2008.

Prevalence of Exploited PDFs
While the threat landscape has changed dramatically over the past years, attackers are becoming increasingly aggressive in exploring ways to get into users’ system. A spammed email with an EXE attachment no longer penetrates the wider network or users, now that most home users and enterprise networks have a certain level of awareness on information security. But, how about spamming an exploited file like a PDF? CA Security Advisor Research Blog, 10/05/2008.

Jason Meserve is multimedia editor at Network World.