Mozilla patches Firefox

Security: Threat Alert This newsletter is sponsored by NetApp Whitepaper: Server virtualization for SMBs Server virtualization is not only meant for the largest enterprise organizations. In this whitepaper, Server Virtualization for Small and Medium-size Businesses, learn how this technology is ideal for smaller IT shops. This whitepaper explains how simplifying hardware and server applications with virtualization software allows for key operational improvements. Network World's Security: Threat Alert Newsletter, 09/20/07 Mozilla patches Firefox By Jason Meserve Today's bug patches and security alerts: Mozilla slaps temp patch on Firefox Mozilla on Tuesday took another swat at a pesky vulnerability that eluded their July 17 patch. The problem, which is related to a known QuickTime vulnerability that also remains unpatched, was first reported more than a year ago. Users should upgrade to Firefox 2.0.0.7 if they haven't been automatically updated already. Computerworld, 09/18/07. Network World Security Buyer's Guide Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyer's Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise. Click here to go to the Security Buyer's Guide now. Mozilla advisory ********** Yahoo Messenger hit with ninth zero-day exploit of the year Attack code that targets Yahoo Messenger has been published on the Internet, a security researcher warned today, marking the ninth exploit aimed at the popular instant messaging software so far this year. In a posting to the milw0rm.com Web site, someone identified as "shinnai" disclosed malicious Visual Basic code that allegedly lets attackers feed any file to users of the latest version of Messenger. The exploit code successfully executes on a fully-patched PC running Windows XP SP2, shinnai said, although the effect depends on the security settings of Internet Explorer (IE). ********** Hacker publishes notorious Apple Wi-Fi attack (finally) More than a year after claiming to have found a way to take over a Macintosh computer using a flaw in the system's wireless card, David Maynor has published details of his exploit. Computerworld, 09/18/07. Apple patch (from 2006) ********** Trustix releases new 'multi' update A new master patch from Trustix fixes flaws in apache, clamav, kerberos5, php, rsync, tar and vim. The most serious of the flaws could be exploited to run malicious code on an affected system. ********** Four new patches from rPath: gdm (denial of service) kdebase (data leak) OpenOffice.org (buffer overflow, code execution) PHP5 (multiple flaws) ********** Four new updates from Ubuntu: t1lib (buffer overflow, code execution) X.org (buffer overflow, code execution) Qt (buffer overflow, denial of service) Quagga (denial of service) ********** Two new fixes from Mandriva: Avahi (denial of service) Cacti (denial of service) ********** Four patches from Gentoo: Poppler (multiple buffer overflows) GDM (denial of service) PhpWiki (authentication bypass) GNU Tar (directory traversal) ********** Today's malware news: Virus comes back from dead on German laptops A virus thought to have died out years ago is believed to have infected up to 100,000 laptops during manufacture by German vendor Medion International. The exact number of systems affected by the Stoned.Angelina virus is not known, but the consignment of between 10,000 and 100,000 Medion laptops was destined for sale in Danish and German outlets of European retailing giant Aldi. Computerworld, 09/17/07. ********** From the interesting reading department: New Crimeware Stats Bots, Trojan Horses and Denial of Service (DOS) are the top three malicious attack types being picked up in the wild by security vendors, according their recent reports. Network World, 09/19/07. Hackers leak antipiracy vendor's e-mails to Net More than 6,000 e-mail messages detailing plans by MediaDefender to flood peer-to-peer networks with fake music and movie files -- and to create a fake site that could be used to snare pirates -- have leaked onto the Internet. Computerworld, 09/17/07. Trend Micro security gurus look for better ways to classify malware Two senior security veterans from Trend Micro are trying to get the industry to change how it classifies malicious software. They argue that today's classification system, which tends to focus on the technical way the software works, neglects a far more important metric that matters more to users: how it tries to steal your money. IDG News Service, 09/19/07. Fear of insider threats hits home The more money that companies spend on securing their IT operations from external attack, the more it seems they become aware that the potential threat posed by their own employees remains their most significant risk. InfoWorld, 09/19/07. Symantec: Bank account details fetch $400 online Stolen bank account numbers are commanding the highest price in an underground trade of personal details stolen by hackers, according to a survey released Monday by security vendor Symantec. IDG News Service, 09/17/07. Hackers milk massive increase in browser plug-in bugs Hackers loosed a record number of malicious code threats in the first six months of 2007, Symantec Corp. said today, with the most dangerous targeting vulnerabilities in browser plug-ins -- the weak link in Web 2.0. Malware becoming more sophisticated, warns IBM IBM has reported an increase in malware volume and sophistication as part of its security statistics report for the first half of the year. Computerworld, 09/17/07.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. IBM targets Office with free productivity apps 2. Sprint launches home cells to boost signals 3. One less reason to adopt IPv6? 4. The Hell of Gateway's tech support 5. Cisco to buy wireless-management firm Cognio 6. Researchers flash personal aircraft, future jetpack 7. DST issues resurface for IT 8. A Nortel-3Com-Polycom combo vs. Cisco 9. Does 802.11n spell the end of Ethernet? 10. 10 IT management software companies to watch MOST-READ REVIEW: VM management tools tested

Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by NetApp Whitepaper: Server virtualization for SMBs Server virtualization is not only meant for the largest enterprise organizations. In this whitepaper, Server Virtualization for Small and Medium-size Businesses, learn how this technology is ideal for smaller IT shops. This whitepaper explains how simplifying hardware and server applications with virtualization software allows for key operational improvements. ARCHIVE Archive of the Security: Threat Alert Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007