Search This Blog

Monday, June 04, 2007

Google Desktop vulnerable to attack

Network World

Virus and Bug Patch Alert




Network World's Virus and Bug Patch Alert Newsletter, 06/04/07

Google Desktop vulnerable to attack

By Jason Meserve

Your help needed: Collaboration tools survey

Wainhouse Research is conducting its annual survey on unified communications, collaboration, and videoconferencing. If you're a user of such services and want to share your thoughts, you could win a $50 Amazon gift certificate.

Today's bug patches and security alerts:

Network World Security Buyer's Guide

Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyer's Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise.

Click here to go to the Security Buyer's Guide now.

Google Desktop vulnerable to new attack

Just one day after a security researcher showed how Google's Firefox toolbar could be exploited in an online attack, a similar flaw has been discovered in the Google Desktop. IDG News Service, 05/31/07.

Proof of concept: Google Desktop 0day

**********

Apple updates Xserve Lights-Out Management Firmware

According to an advisory from Apple: "A security vulnerability in Apple's implementation of IPMI may allow an unprivileged user to gain administrative privileges on an Xserve system. This update addresses the issue by requiring a password for remote usage of IPMI". Users should download Firmware Update 1.0 to fix the problem.

**********

Four updates from Ubuntu:

PulseAudio (multiple flaws)

Freetype (code execution)

Firefox (multiple flaws)

Gimp (file handling, code execution)

**********

Three updates from Gentoo:

File (integer overflow, code execution)

libpng (denial of service)

Sun JDK/JRE (multiple flaws)

**********

Today's malware news:

MSN Worm Speaking in Tongues

Last week saw the release of the Spanish Instant Messaging Worm W32.Posse. This week we have seen a similar Instant Messaging worm but this time it can use messages in Spanish, German, Dutch, Italian, French and English. Security Response Weblog, 06/01/07.

Calculating the Risk of Infection

A new virus has appeared for a new platform. Nothing really new about that, except that this time, the platform is a ... calculator. Yes, the Texas Instruments TI89 is now the target of infection. The TI calculators are very powerful, and allow modules to be installed in the RAM. There are thousands of applications already, lots of games, hacks to display grayscale instead of just black and white, and of course lots of mathematics routines. Security Response Weblog, 05/31/07.

E-mail scammers hiding malware in fake IRS notices

If you get an e-mail telling you that you're under investigation by the U.S. Internal Revenue Service, take a breath before calling your lawyer. It's a scam. IDG News Service, 05/31/07.

**********

From the interesting reading department:

Security flap: 'Responsible disclosure' debate flares anew

When a recent hacking contest won security researcher Dino Dai Zovi a $10,000 award for breaking into a MacBook Pro computer by exploiting a flaw he'd discovered, the contest reignited a long-simmering debate over "responsible disclosure" of vulnerabilities. Network World, 05/31/07.

AV, how cam'st thou in this pickle

Dan McPherson is pleased with some of his colleagues at Arbor, with some co-collaborators at the University of Michigan, published the paper: Automated Classification and Analysis of Internet Malware (pdf). "The authors go on to demonstrate how what something does is more important then what you call it (i.e., behaviors are better than labels)."

iTunes DRM-free music still has Big Brother aspect

Apple finally began selling DRM-free music this week as part of its iTunes Plus service. For $1.29, you can get a track free of DRM restrictions and encoded at a higher bitrate. But there does seem to be a catch... Network World, 05/31/07.


  What do you think?
Post a comment on this newsletter

TODAY'S MOST-READ STORIES:

1. Did Google's Street View spook even Eric Schmidt?
2. The IT department as corporate snoop
3. MLB doesn't get it
4. Avaya buyout rumors reveal VoIP market churn
5. Google Desktop vulnerable to new attack
6. Michigan man fined for using free Wi-Fi
7. Dell + Linux + Wal-Mart
8. Researcher: Don't trust Google Toolbar
9. E-mail scammers hide malware in fake IRS notices
10. Google makes Web applications work offline

MOST DOWNLOADED PODCAST:
Twisted Pair: No lonely cowboys at Interop 2007


Contact the author:

Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog.

Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair"



ARCHIVE

Archive of the Virus and Bug Patch Alert Newsletter.


BONUS FEATURE

IT PRODUCT RESEARCH AT YOUR FINGERTIPS

Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details.


PRINT SUBSCRIPTIONS AVAILABLE
You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today.

International subscribers, click here.


SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here.

This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription.


Advertising information: Write to Associate Publisher Online Susan Cardoza

Network World, Inc., 118 Turnpike Road, Southborough, MA 01772

Copyright Network World, Inc., 2007

No comments: