Samba patches critical bug

Virus and Bug Patch Alert This newsletter is sponsored by Arsenal Digital Solutions Automated Off-Site Data Protection for SMBs Would you bet your company on the data saved during your last backup? Statistics show that only 6% of companies suffering a catastrophic data loss will survive beyond two years. And yet many organizations struggle to maintain a regular backup schedule, especially as more and more employees work from remote locations: branch offices, home offices, and while traveling. Join us for a timely, interactive presentation to find out how automated, off-site data protection can help SMBs to meet and overcome their backup, recovery and business continuity challenges. Click here to register today and learn how to protect your mission-critical data! Network World's Virus and Bug Patch Alert Newsletter, 05/17/07 Samba patches critical bug By Jason Meserve We've got a cool feature in the works here at Network World and need YOUR help: Network relics: What's in your closet? Even in the network industry, old doesn't necessarily mean obsolete. Network World has become aware that it's not uncommon for enterprise IT shops to keep older systems or outdated gear in house to support homegrown or legacy applications still relevant and even critical to today's business. Do you have any relics? If yes, please send a picture and explanation as to why you keep the old-timer in place after XX years and how it serves your company still. Network World Security Buyers Guide Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyers Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise. Click here to go to the Security Buyers Guide now. If you want to participate, drop me a line. Today's bug patches and security alerts: Samba developers quash serious bug Users of the open-source Samba software are being urged to patch their code following the discovery of a critical bug in the file-and-print software. The bug is one of three vulnerabilities that were patched Monday by the Samba team in the Samba 3.0.25 release. The flaw is considered to be particularly worrisome for two reasons: It could be remotely exploited by an attacker to run unauthorized code on the Samba server and there is no known work-around for the flaw. IDG News Service, 05/14/07. Samba 3.0.25 release notes and download Related updates: Debian Gentoo Mandriva rPath Ubuntu ********** Ubuntu patches pptpd A denial-of-service vulnerability has been found and patched in Ubuntu's implementation of pptpd. An attacker could use a specially-crafted packet to crash a PPTP tunnel. ********** rPath releases update for shadow According to the rPath advisory, "Previous versions of the shadow package have a weakness in the useradd program; it may in some cases create new mail spool files with a mode that may be vulnerable to reading and/or writing by attackers with local system access." ********** Gentoo patches XScreenSaver A flaw in Gentoo's implementation of XScreenSaver could be exploited to bypass authentication on some system. An update is available. ********** Three new updates from Debian: squirrelmail (missing input validation) Linux kernel 2.6 (multiple flaws) qt4-x11 (missing input validation) ********** Malware news of the day: Botnet management app exposed A new and unusually sophisticated application for controlling and monitoring botnet PCs has been discovered by security company Panda Software. Called "Zunker", it turns out to be a PC management application like no other. The company reports that the program is capable of giving botnet criminals user-friendly graphs of individual botnet performance, including the number of available compromised 'zombies' on each at any one time, and their levels of activity on a daily or monthly basis. TechWorld, 05/14/07. ********** From the interesting reading department: Whirlpool takes Cisco NAC for a spin Test of Cisco wares proves network access control works, but you have to make the business case. Network World, 05/14/07. Also: Video interview with Whirlpool's Alex Petrov. Data breaches plague U.S. companies Survey reveals 85% of respondents experience data breach events, mostly due to lost or stolen equipment and negligent employees. Network World, 05/15/07. IBM contractor loses employee data An unnamed IBM vendor has lost tapes containing sensitive information on IBM employees, the computer maker confirmed Tuesday. IDG News Service, 05/15/07. Microsoft tweaks Patch Tuesday advance notification Starting next month, the software giant will add a few more details to its Advanced Notification Alerts in order to give customers a better idea of whether they'll be rushing out software patches to their users. IDG News Service, 05/16/07 Father of telecommuting Jack Nilles says security, managing remote workers remain big hurdles Nilles talks about rocket science, the growth of telecommuting and major challenges facing that community. Network World, 05/15/07. Password policy management feature slipped into Longhorn Microsoft has quietly added a password management feature to Longhorn Server that will let administrators assign password policies based on users and groups regardless of what domain they reside in. NetworkWorld.com, 05/15/07. Verizon Business acquires Cybertrust Verizon Business today announced a definitive agreement to acquire Cybertrust, a privately held provider of global information security services. Financial terms were not disclosed. Network World, 05/14/07.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Sweaty e-mails in your future? 2. Top 15 controversial Microsoft quotes 3. Top 10 things Microsoft loves/hates about open source 4. Caption contest: Fence, other side of 5. Sprint Nextel getting ready to pull plug on legacy nets 6. IBM opens sales center in Second Life 7. Force10 says it has Cisco Catalyst killer 8. Gates christens Longhorn Windows Server 2008 9. Analysts squash IBM layoff rumors 10. Father of telecommuting Jack Nilles says security MOST-READ REVIEW: Midtier management tools register high marks

Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by Arsenal Digital Solutions Automated Off-Site Data Protection for SMBs Would you bet your company on the data saved during your last backup? Statistics show that only 6% of companies suffering a catastrophic data loss will survive beyond two years. And yet many organizations struggle to maintain a regular backup schedule, especially as more and more employees work from remote locations: branch offices, home offices, and while traveling. Join us for a timely, interactive presentation to find out how automated, off-site data protection can help SMBs to meet and overcome their backup, recovery and business continuity challenges. Click here to register today and learn how to protect your mission-critical data! ARCHIVE Archive of the Virus and Bug Patch Alert Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007