Patches from Gentoo, Debian, FreeBSD and Mandriva

Virus and Bug Patch Alert This newsletter is sponsored by Fluke Networks Proven Techniques and Best Practices for Managing Infrastructure Changes When businesses expand facilities, add locations, or upgrade existing infrastructure it's vital to ensure network readiness. This white paper describes a methodology to manage network changes that meet the needs for speed of implementation without sacrificing accuracy. Click here to download this whitepaper now! Network World's Virus and Bug Patch Alert Newsletter, 08/06/07 Patches from Gentoo, Debian, FreeBSD and Mandriva By Jason Meserve Today's bug patches and security alerts: Three new fixes from Gentoo: tcpdump (buffer overflow, code execution) Network World Security Buyers Guide Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyers Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise. Click here to go to the Security Buyers Guide now. Firefox (multiple flaws) Gimp (integer overflow, code execution) ********** Two new updates from Debian: xfs (race condition, code execution) file (integer overflow, code execution) ********** Three new patches from FreeBSD: Jail (privilege escalation) tcpdump (buffer overflow, code execution) BIND 9 (cache poisoning) ********** Three new fixes from Mandriva: ClamAV (denial of service) Qt3 (multiple flaws) Firefox (multiple flaws) ********** Today's malware news: Russian malware storm brewing? A Russian server hosting more than 400 different bits of malware could be about to launch a large-scale attack through sites hosted in Italy, according to Trend Micro security researchers. Computerworld, 08/02/07. Malware hunts down and deletes MP3 files A worm making the rounds has a diet that's the happiest dream of certain music-industry types: It feeds exclusively on MP3s. Computerworld, 08/02/07. Diebold voting machines vulnerable to virus attack Diebold Election Systems voting machines are not secure enough to guarantee a trustworthy election, and an attacker with access to a single machine could disrupt or change the outcome of an election using viruses, according to a review of Diebold's source code. IDG News Service, 08/03/07. ********** From the interesting reading department: Researchers flag VoIP exploits at Black Hat Security consultancy iSec Partners yesterday detailed half a dozen ways to compromise VoIP-based phone systems based on the H.323 and Inter Asterisk eXchange protocols. Network World, 08/02/07. Zero-day exploits: Consider the OS Attackers wielding zero-day exploits are one of the most significant threats facing enterprise networks today. While plenty of vendors promote zero-day protection mechanisms, if they don’t address the entire operating system, they leave the door open for attack. Network World, 08/01/07. Zero-day attacks top list of IT concerns Threats posed by zero-day vulnerabilities were ranked by global IT decision-makers as their topmost security concern, according to a recent survey by security firm PatchLink Corp. Computerworld, 07/31/07. Management Information Systems: Tools for the Malware Trade In the (legitimate!) business world, Management Information Systems (MIS) are typically used by managers and key decision makers of a business to see at a glance how well a business is doing in its various key performance areas. They typically summarize masses of transactional data through tables and reports; and also allow for more advanced analysis and drill-down to detailed data. The advantage of such systems in business is considerable, because having such information available on hand allows these individuals to make key decisions that affect the future of a business. Symantec Security Response Weblog. Researchers: Premature rush to AJAX a security threat The rush to add AJAX functionality leaves a great many Web sites vulnerable to a variety of security threats, according to two researchers who demonstrated a few of them at this week's Black Hat USA gathering. Computerworld, 08/02/07. An antidote for the Blue Pill? Is Joanna Rutkowska's legendary Blue Pill unbeatable? A number of security researchers presented their cases for the possibility of trumping virtual-machine rootkits, and even Rutkowska herself acknowledged that one researcher has come closer than any other to devising a detection method. Computerworld, 08/03/07. Microsoft seeks Black Hat tips on virtualization security Microsoft picks Black Hat conference to address security researchers, solicit evaluation of its virtualization add-on to Windows Server 2008. Network World, 08/02/07. Researchers warn that rootkits aren't the only threat Rootkits are bad enough, but let's not forget the assortment of other network threats out there, admonished a speaker Thursday at Black Hat 2007. Computerworld, 08/03/07. MPack crimeware hits 500,000 victims Poor detection of the MPack data-theft toolkit by antivirus software has allowed it to run riot on the Internet, a new analysis from Finjan has claimed. TechWorld, 08/01/07. Security expert takes aim at leaky C software programs University of Illinois at Chicago researchers are taking aim at leaky software programs -- from Web browsers to e-mail applications --written in C. Network World, 08/02/07. Undercover TV producer booted from DefCon It's a story of betrayal worthy of an episode of Dateline NBC. Dateline NBC Producer Michelle Madigan was publicly outed at the DefCon security conference in Las Vegas Friday after show organizers were tipped off that she was trying to film show attendees with a hidden camera. IDG News Service, 08/03/07. Editor's Note: Starting Aug. 13, this newsletter will be renamed "Security: Threat Alert" to better reflect the focus of the newsletter. We thank you for reading Network World newsletters!   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Do Not Call Registry gets wake-up call 2. IBM saves $250M with Linux-run mainframes 3. NAC alternatives hit the mark 4. Cisco muffles Linksys death knell 5. Nortel lands huge $300M VoIP win 6. Hogwarts IT director quits 7. Online gamers' dirty little secrets exposed 8. Massachusetts adopts Open XML 9. Wireless LAN best practices 10. Forget your PIN? Use your face MOST DOWNLOADED PODCAST: Twisted Pair: One year later, we're still wasting time

Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by Fluke Networks Proven Techniques and Best Practices for Managing Infrastructure Changes When businesses expand facilities, add locations, or upgrade existing infrastructure it's vital to ensure network readiness. This white paper describes a methodology to manage network changes that meet the needs for speed of implementation without sacrificing accuracy. Click here to download this whitepaper now! ARCHIVE Archive of the Virus and Bug Patch Alert Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007