Just four patches from Microsoft

Security: Threat Alert This newsletter is sponsored by Secure Computing Webinar: Securing up network access Learn how token-based, one-time password authentication systems can help enterprises reduce business risk, better comply with regulations, are easy to manage and most importantly keep networks secure. Tune in to this webinar. Network World's Security: Threat Alert Newsletter, 09/13/07 Just four patches from Microsoft By Jason Meserve Today's bug patches and security alerts: Microsoft releases fixes for just four flaws Microsoft Tuesday issued four security bulletins that patched just four vulnerabilities in Windows, Visual Studio and the MSN and Windows Live Messenger software, setting a 2007 record for the fewest flaws fixed in a month's scheduled updates. Only one of the four flaws was pegged critical, Microsoft's highest threat warning, while the other three were all labeled important, a notch lower. Computerworld, 09/11/07. Network World Buyer's Guides Find the right products for your enterprise - fast. With seven categories - security, storage, convergence and VoIP, network infrastructure, network applications, wireless and LAN/WAN management - you can quickly pinpoint the hardware or software you need. With the side-by-side comparison tool you can evaluate product features and make the best purchase decisions for your enterprise. Click here to go to the Buyer's Guides now. Also: Exploit code appears for Microsoft Agent bug Microsoft advisories: Vulnerability in MSN Messenger and Windows Live Messenger Could Allow Remote Code Execution Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution Vulnerability in Microsoft Agent Could Allow Remote Code Execution ********** Four new updates from Debian: jffnms (multiple flaws) ktorrent (directory traversal, file overwrite) phpwiki (multiple flaws) phpmyadmin (multiple flaws) ********** Two new patches from fetchmail fetchmail (denial of service) x11-server (buffer overflow, privilege escalation) ********** Today's malware news: Skype warns users of Windows worm Skype users are under attack from a new worm that spreads through the peer-to-peer Internet phone application's chat feature. The attack begins when a user receives an instant message containing a link from someone in their contact list or an unknown Skype user, said Villu Arak, a Skype spokesman based in Tallinn, Estonia. IDG News Service, 09/10/07. More info on the Skype worm: Symantec Security Response: Skype Worm on the Loose Again F-Secure blog: Seeing bubbles? Might be the Skype worm... Banner Ad Trojan Served on MySpace, Photobucket Several banner ads containing Trojan horse programs that can compromise a user's computer have been running on some high-traffic Web sites for the past several weeks, including MySpace.com and Photobucket.com, Security Fix has learned. Web security company ScanSafe said it first spotted the tainted banner ads on Aug. 8, and estimates that the hostile ads ran several million times for the next three weeks. Security Fix blog, 09/09/07. Hackers update malware tool kit with zero-day attack code A new version of the IcePack hacker exploit tool kit has been released, security researchers warned Tuesday, and for the first time it includes attack code designed to exploit an unpatched, or zero-day, Microsoft vulnerability. Computerworld, 09/11/07. ********** From the interesting reading department: Real Life: How I broke into a hospital computer Recently I was able to break into a hospital computer system. I couldn't change settings, alter clinical records, hack into the Pentagon or launch nuclear missiles, but I could and did send and receive e-mail from an unauthorized terminal, surf the Web, and view official hospital documents unchallenged. My story offers some simple, low-tech, common-sense precautions you can take to prevent a similar occurrence at your site. Computerworld, 09/12/07. Video: Security Buzz: What concerns attendees Attendees at The Security Standard conference in Chicago share their thoughts on the biggest security threats facing enterprises today. Network World, 09/11/07. 9/11 security lessons lost on businesses? In the six years since 9/11 people in charge of key infrastructure have lost their sense of urgency to improve security, according to a panel at the Security Standard conference today. Network World, 09/11/07. How Boston College recovered from a big data breach In 2005, Boston College recovered from a data breach by putting its customers’ needs first. On Monday, at The Security Standard conference held here, the college’s head of security explained how. Network World, 09/10/07. Data-leakage prevention tools catch errors, not theft Platforms that detect when sensitive corporate data is leaked are more effective against people making honest errors than they are against criminals trying to steal the data, says one analyst. Network World, 09/11/07. Microsoft changes Windows files on user PCs without permission, researchers say Microsoft Corp. has started updating files on computers running Windows XP and Vista, even when users have explicitly disabled the operating systems' automatic update feature, researchers said today. Computerworld, 09/12/07. Man impersonates lawyer to take over domain names A Las Vegas man has agreed to plead guilty to wire fraud for impersonating an intellectual property lawyer and threatening to sue owners of certain Internet domain names. Computerworld, 09/11/07. Hacker / security expert charged with massive credit card theft A California man who served jail time for hacking hundreds of military and government computers nine years ago was charged yesterday with new computer crimes: stealing tens of thousands of credit card accounts by breaking into bank and card processing networks. Computerworld, 09/12/07. The 8 most dangerous consumer technologies High-tech consumer products and services of all kinds are making their way into the workplace. They include everything from smart phones, VoIP systems and flash memory sticks to virtual online worlds. And as people grow more accustomed to having their own personal technology at their beck and call -- and in fact can't imagine functioning without it -- the line between what they use for work and what they use for recreation is blurring. Computerworld, 09/10/07. Criminals operating malware supermarkets The global market for criminal malware now operates like a supermarket, complete with special offers and volume discounts, a security company has discovered. TechWorld, 09/10/07.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Does 802.11n spell the end of Ethernet? 2. NASA silicon chips handle intense heat 3. Cell phones at school: To ban or not to ban? 4. IBM uses Microsoft code in open-source effort 5. Internet domain name outlaw faces 20 years 6. AT&T going orange? Color me puzzled 7. Analysts: Apple network doesn't make sense 8. IBM backs OpenOffice.org 9. Is free nationwide wireless broadband dead? 10. Boston College's big data breach recovery MOST E-MAILED STORY: Cisco unveils 802.11n wireless LAN access point for enterprises

Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by Secure Computing Webinar: Securing up network access Learn how token-based, one-time password authentication systems can help enterprises reduce business risk, better comply with regulations, are easy to manage and most importantly keep networks secure. Tune in to this webinar. ARCHIVE Archive of the Security: Threat Alert Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007