Google Desktop vulnerable to attack

Virus and Bug Patch Alert This newsletter is sponsored by Network General Ease Application Performance Headaches Four real-world case studies show you how network IT executives are improving performance in Network World's latest Executive Guide, "Perfecting App Performance Management." Also, discover tips, trends and expert advice on how you can take advantage of new technologies to stay ahead of performance problems. Click here to download. Network World's Virus and Bug Patch Alert Newsletter, 06/04/07 Google Desktop vulnerable to attack By Jason Meserve Your help needed: Collaboration tools survey Wainhouse Research is conducting its annual survey on unified communications, collaboration, and videoconferencing. If you're a user of such services and want to share your thoughts, you could win a $50 Amazon gift certificate. Today's bug patches and security alerts: Network World Security Buyer's Guide Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyer's Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise. Click here to go to the Security Buyer's Guide now. Google Desktop vulnerable to new attack Just one day after a security researcher showed how Google's Firefox toolbar could be exploited in an online attack, a similar flaw has been discovered in the Google Desktop. IDG News Service, 05/31/07. Proof of concept: Google Desktop 0day ********** Apple updates Xserve Lights-Out Management Firmware According to an advisory from Apple: "A security vulnerability in Apple's implementation of IPMI may allow an unprivileged user to gain administrative privileges on an Xserve system. This update addresses the issue by requiring a password for remote usage of IPMI". Users should download Firmware Update 1.0 to fix the problem. ********** Four updates from Ubuntu: PulseAudio (multiple flaws) Freetype (code execution) Firefox (multiple flaws) Gimp (file handling, code execution) ********** Three updates from Gentoo: File (integer overflow, code execution) libpng (denial of service) Sun JDK/JRE (multiple flaws) ********** Today's malware news: MSN Worm Speaking in Tongues Last week saw the release of the Spanish Instant Messaging Worm W32.Posse. This week we have seen a similar Instant Messaging worm but this time it can use messages in Spanish, German, Dutch, Italian, French and English. Security Response Weblog, 06/01/07. Calculating the Risk of Infection A new virus has appeared for a new platform. Nothing really new about that, except that this time, the platform is a ... calculator. Yes, the Texas Instruments TI89 is now the target of infection. The TI calculators are very powerful, and allow modules to be installed in the RAM. There are thousands of applications already, lots of games, hacks to display grayscale instead of just black and white, and of course lots of mathematics routines. Security Response Weblog, 05/31/07. E-mail scammers hiding malware in fake IRS notices If you get an e-mail telling you that you're under investigation by the U.S. Internal Revenue Service, take a breath before calling your lawyer. It's a scam. IDG News Service, 05/31/07. ********** From the interesting reading department: Security flap: 'Responsible disclosure' debate flares anew When a recent hacking contest won security researcher Dino Dai Zovi a $10,000 award for breaking into a MacBook Pro computer by exploiting a flaw he'd discovered, the contest reignited a long-simmering debate over "responsible disclosure" of vulnerabilities. Network World, 05/31/07. AV, how cam'st thou in this pickle Dan McPherson is pleased with some of his colleagues at Arbor, with some co-collaborators at the University of Michigan, published the paper: Automated Classification and Analysis of Internet Malware (pdf). "The authors go on to demonstrate how what something does is more important then what you call it (i.e., behaviors are better than labels)." iTunes DRM-free music still has Big Brother aspect Apple finally began selling DRM-free music this week as part of its iTunes Plus service. For $1.29, you can get a track free of DRM restrictions and encoded at a higher bitrate. But there does seem to be a catch... Network World, 05/31/07.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Did Google's Street View spook even Eric Schmidt? 2. The IT department as corporate snoop 3. MLB doesn't get it 4. Avaya buyout rumors reveal VoIP market churn 5. Google Desktop vulnerable to new attack 6. Michigan man fined for using free Wi-Fi 7. Dell + Linux + Wal-Mart 8. Researcher: Don't trust Google Toolbar 9. E-mail scammers hide malware in fake IRS notices 10. Google makes Web applications work offline MOST DOWNLOADED PODCAST: Twisted Pair: No lonely cowboys at Interop 2007

Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by Network General Ease Application Performance Headaches Four real-world case studies show you how network IT executives are improving performance in Network World's latest Executive Guide, "Perfecting App Performance Management." Also, discover tips, trends and expert advice on how you can take advantage of new technologies to stay ahead of performance problems. Click here to download. ARCHIVE Archive of the Virus and Bug Patch Alert Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007