Security: Threat AlertNetwork World's Security: Threat Alert Newsletter, 09/24/07VMware squashes bugsBy Jason MeserveToday's bug patches and security alerts: VMware bugs shine spotlight on virtualization security A set of newly discovered flaws in components of VMware's virtual machine software has called attention to some of the security risks associated with the practice of running virtual computers on a single system. VMware has updated its products to fix the security bugs, disclosed Wednesday, but users who have not updated their software could face serious security risks thanks to a trio of flaws in the DHCP server that ships with VMware. IDG News Service, 09/20/07.
VMware advisory According to eEye Digital Security, "multiple vulnerabilities [have been found] within CA ARCserve for Laptops & Desktops (L&D), an enterprise-level backup software suite designed for workstations. The vulnerabilities can be utilized by an attacker to execute arbitrary code on a remote system anonymously over TCP/1900." CA has released an update. CA advisory Trustix releases 'multi' update The latest update from Trustix fixes flaws in fetchmail and quagga. Attackers could exploit these flaws in denial-of-service attacks. Three new updates from Debian: OpenOffice.org (heap overflow, code execution) kdebase (logins without a password) fetchmail (denial of service) Two new updates from Mandriva: OpenOffice.org (heap overflow, code execution) PHP (multiple flaws) Two new patches from Gentoo: rSync (buffer overflows) Today's malware news: If you've recently received an e-mail with an attachment or link, asking you to install a patch or an update from Microsoft, please beware as this is in all probability a hoax and could transfer control of your computer to some unknown entity anywhere in the world. Symantec Security Response Weblog, 09/21/07. From the interesting reading department: From the "ooops"-department: Symantec issues bogus warning of full-scale Internet meltdown Symantec's early warning system gave its enterprise customers a brief scare late Friday when it erroneously sent an alert that said an Internet-crippling attack was in progress. Computerworld, 09/22/07. Botnets: Not just for spamming anymore With a conservative botnet size of say, 10,000 computers, what else can an attacker use it for? One popular approach (understandably so) is to use the botnet to make easy money. Symantec Security Response Weblog, 09/20/07. Hackers steal server log-ins from hosting vendor Server hosting vendor Layered Technologies admitted this week that hackers broke into its support database and madeoff with as many as 6,000 client records, including log-in information that could give criminals access to clients' servers. Computerworld, 09/20/07. Researcher sees potential iPhone security problems Apple's iPhone is a tough target for hackers, but a security researcher warned Friday that there are ways the sleek device could potentially be compromised. IDG News Service, 09/21/07. If someone broke into your free Web mail account, reset your password and issued a $100 ransom demand, would you pay up? The answer might depend on how careless you've been with your passwords, and how many e-commerce sites you have registered to that address. Security Fix blog, 09/20/07.
|
Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" ARCHIVEArchive of the Security: Threat Alert Newsletter. BONUS FEATUREIT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE International subscribers, click here. SUBSCRIPTION SERVICESTo subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007 |
No comments:
Post a Comment