Tivoli data hole fixed

Security: Threat Alert This newsletter is sponsored by NetApp Whitepaper: Server virtualization for SMBs Server virtualization is not only meant for the largest enterprise organizations. In this whitepaper, Server Virtualization for Small and Medium-size Businesses, learn how this technology is ideal for smaller IT shops. This whitepaper explains how simplifying hardware and server applications with virtualization software allows for key operational improvements. Network World's Security: Threat Alert Newsletter, 09/27/07 Tivoli data hole fixed By Jason Meserve Today's bug patches and security alerts: Security holes expose data stored in Tivoli system IBM has issued a warning to customers that security fixes should be installed for two vulnerabilities in the IBM Tivoli Storage Manager (TSM) backup software client. The security holes could allow a buffer overrun attack or enable unauthorized access to stored data, IBM said. Computerworld, 09/24/07. Webcast: Get the latest on NAC Learn the latest on Network Access Control in Network World's Perspectives Editorial Webcast. Discover how IT professionals can leverage this hot security technology in their networks, while also learning about key management areas that have not yet been perfected. To learn more click here. IBM advisory ********** AIM is vulnerable to attacks AOL's Instant Messenger is vulnerable to remotely executable code and it won't be officially fixed until the company issues AIM 6.5.3.12 in a few weeks. The company says that in the meantime, a beta version of AIM 6.5.3.12 is available on its beta.aol.com Web site, and it addresses the problem. Download the beta ********** Gmail zero-day flaw allows attackers to steal messages Accounts on Google's Gmail can be easily hacked, allowing any past -- and future e-mail messages -- to be forwarded to the attacker's own inbox, a vulnerability researcher said Tuesday. Dubbed a "cross-site request forgery" (CSRF), the Gmail bug was disclosed Tuesday by Petko Petkov, a U.K.-based Web vulnerability penetration tester who has made a name for himself of late. Computerworld, 09/26/07. ********** Critical vulnerability found in Ask.com toolbar A vulnerability in Ask.com's toolbar for Internet Explorer could allow an attacker to take control of a person's computer, according to security advisories. 09/25/07. Secunia advisory ********** Service Pack 3 Available for Office 2003 Users Microsoft has released its third service pack for Office 2003 users. The company says the 117-megabyte bundle of security updates and program tweaks "represents a major evolution in security for Office 2003" and that it "further hardens the Office suite against potential attacks and other security threats." Security Fix blog, 09/26/07. ********** Today's malware news: New Prime Minister, New Trojan Today, a new Prime Minister took over office in Japan. As usual, malware authors are taking full advantage of this big occasion, launching targeted attacks that play upon the event. Symantec Security Response has received an archive file today with the file name mofa.zip, which contains an executable called mofa.exe. This file is detected as Backdoor.Darkmoon.E. Symantec Security Response blog, 09/25/07. Cards, Cards, Cards, Baked Beans, Cards, Cards... There are a high number of reports for Trojan-Downloader.Win32.Banload.DRS today. It's very similar to August 16th's run of Agent.BRK. This time the bad guys have once again returned to the attachment name of card.exe. F-Secure blog, 09/24/07. ********** From the interesting reading department: Can you spot a phish? Play Carnegie Mellon’s game and see Scientists at Carnegie Mellon University have developed an online game designed to teach Internet users about the dangers of phishing. Network World, 09/25/07. eBay denies security breach led to posting of user data EBay rejects notion that yesterday’s posting of eBay user information and credit card data is link to a system break-in. Network World, 09/26/07. Security experts pitch 'culture of data' The companies that are having the most success in advancing their data security efforts today are those that are finding a way to protect sensitive information without getting in the way of business users, industry experts maintain. InfoWorld, 09/26/07. After criticism, Sun changes Java updates Sun is taking a page from Microsoft's security group and changing the way it updates Java for the desktop. Computerworld, 09/26/07.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. 2007 Salary survey: IT pay falls short 2. A defense against Photoshop fakery 3. Phil the Fish teaches users to spot phish 4. 'Panda virus' victim offers perp plum IT job 5. 7 cool consumer technologies at DEMOfall07 6. AT&T wins $1B Treasury Department deal 7. Cisco broadens Carrier Ethernet line 8. Gartner touts Web 2.0, scoffs at sequel 9. VMware bugs shed light on virtualization security 10. HP's wireless network traffic monitoring MOST-READ REVIEW: The best VM management tools to tame the virtual beast

Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by NetApp Whitepaper: Server virtualization for SMBs Server virtualization is not only meant for the largest enterprise organizations. In this whitepaper, Server Virtualization for Small and Medium-size Businesses, learn how this technology is ideal for smaller IT shops. This whitepaper explains how simplifying hardware and server applications with virtualization software allows for key operational improvements. ARCHIVE Archive of the Security: Threat Alert Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007