Yahoo fixes IM flaw

Virus and Bug Patch Alert This newsletter is sponsored by INS Learn best practices for top-flight IP address management Learn specific, actionable steps you can take today to ensure effective IP management, a smooth-running network and happy users. Network World's Virus and Bug Patch Alert Newsletter, 06/11/07 Yahoo fixes IM flaw By Jason Meserve Today's bug patches and security alerts: With attack code out, Yahoo fixes IM flaw Yahoo Inc. has fixed a serious vulnerability in its Messenger instant messaging client. The patch, posted Thursday fixes a critical flaw in the ActiveX control used by Messenger's Webcam feature. According to security experts, this flaw could be exploited by hackers to install unauthorized software on a victim's PC. IDG News Service, 06/08/07. Network World Security Buyer's Guide Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyer's Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise. Click here to go to the Security Buyer's Guide now. Yahoo advisory/FAQ Symantec's take on the Yahoo flaw F-Secure's take on the Yahoo flaw ********** Four critical Windows fixes coming next week Microsoft will release six sets of security patches next Tuesday, four of which will fix critical flaws in the Windows operating system. The software will be released as part of Microsoft's regular monthly security release, known informally as "Patch Tuesday." Microsoft is also planning less-critical updates for Visio and Windows Vista, the company said in a note, published Thursday. IDG News Service, 06/07/07. Microsoft advisory ********** Trustix patches ClamAV A denial-of-service vulnerability has been found in Trustix's implementation of the ClamAV antivirus application. An attacker could place a large OLE2 file on an affected system to exploit the flaw. ********** rPath releases fix for gd and php According to rPath, "Previous versions of the gd and php packages are vulnerable to a denial-of-service attack in which an attacker can use a truncated PNG image to cause unbounded CPU consumption." ********** Three new patches from Debian: Gimp (buffer overflow, code execution) Iceape (multiple flaws) ipsec-tools (denial of service) ********** Today's malware news: Beware of fake Microsoft security alerts With Microsoft's monthly patch release expected on Tuesday, scammers are sending out fake security bulletins that attempt to install malicious software on victim's computers. IDG News Service, 06/08/07. Top 10 malware registry launchpoints Most Trojans, worms, backdoors, and such make sure they will be run after a reboot by introducing autorun keys and values into Windows registry. Some of these registry locations are better documented than others and some are more commonly used than others. One of the first steps to take when doing forensic analysis is to check the most obvious places in the registry for modifications. F-Secure blog, 06/08/07. ********** From the interesting reading department: Antivirus fix in works by security researchers Antivirus technologies might not be on their last legs, but they could use a second wind, security researchers say. Network World, 06/07/07. Northwestern Univ. hit by third data breach since '05 For the third time in just over two years, Northwestern University in Evanston, Ill., has reported a security breach involving sensitive data. The latest warning follows the discovery of a security breach on June 1 involving a computer in the university's Integrated Graduate Program in Life Sciences. Personal information, including Social Security numbers belonging to about 4,000 people who had applied to or attended the program from 1991 to 2007, was potentially exposed in the breach, according to a brief statement posted on the university's Web site. Computerworld, 06/07/07. The security world according to vendor surveys One survey describes USB devices as the leading security threat facing IT managers these days. Another one talks about zero-day attacks emerging as the biggest driver of security budgets. A third survey says a majority of 1,600 consumers polled want their banks to implement risk-based authentication mechanisms. Computerworld, 06/08/07.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Word author banned for being lucky 2. Vista not playing well with IPv6 3. 4 critical Windows fixes coming next week 4. Top 15 USB geek gadgets 5. Cisco finally releases Linksys One 6. Marriott's converged network 'horror story' 7. IP address depletion looms, ARIN warns 8. Adult filmmakers taking their lumps on ‘Net? 9. 5 new ways to authenticate users 10. Bill Gates' Harvard commencement speech MOST DOWNLOADED PODCAST: Twisted Pair: Too much e-mail? Just give up!

Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by INS Learn best practices for top-flight IP address management Learn specific, actionable steps you can take today to ensure effective IP management, a smooth-running network and happy users. ARCHIVE Archive of the Virus and Bug Patch Alert Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007