RealPlayer flaw fixed; exploit on the loose

Security: Threat Alert This newsletter is sponsored by SonicWALL Risk Management Leads to a Secure Network Join our Webcast to learn how assessing your company's risk can lead to a more proactive sustainable security strategy. Hear respected security experts Andreas Antonopoulos from Nemertes Research and SonicWALL VP of Product Management, Patrick Sweeney, discuss this new risk management approach and its benefits. Click here to register now! Network World's Security: Threat Alert Newsletter, 10/22/07 RealPlayer flaw fixed; exploit on the loose By Jason Meserve Today's bug patches and security alerts: With attack code circulating, RealPlayer fix coming One day after Symantec researchers discovered software that attacked a critical unpatched vulnerability in RealNetworks's media player, Real says that a fix for the issue is imminent. IDG News Service, 10/20/07. Webcast: Get the latest on NAC Learn the latest on Network Access Control in Network World's Perspectives Editorial Webcast. Discover how IT professionals can leverage this hot security technology in their networks, while also learning about key management areas that have not yet been perfected. To learn more click here. A new version of RealPlayer 11 BETA is available to fix the flaw. Also: Exploit code found serving from popular advertising site Details of hijacked 24/7 ad server emerge ********** Firefox tries again for URI fix, adds Leopard support Mozilla has released a critical security update to Firefox, taking a third shot at patching bugs in the way the browser can be used to launch programs from Web links. IDG News Service, 10/19/07. Firefox should automatically download version 2.0.0.8 to fix the issue. All of my machines have downloaded the update. Firefox 2.0.0.8 release notes ********** Two new updates from rPath: ImageMagick (multiple flaws) libpng (denial of service) ********** Five new patches from Debian: xulrunner (multiple flaws) Icedove (multiple flaws) t1lib (buffer overflow, code execution) zoph (SQL injection) DHCP (code execution) ********** Three new fixes from Gentoo: PDFKit and ImageKits (integer overflow, code execution) The Sleuth Kit (integer overflow, code execution) util-linux (privilege escalation) ********** Today's malware news: Storm Worm now just a squall The Storm Worm's days may be numbered, according to a University of California researcher. Brandon Enright, a network security analyst at UC San Diego, has been tracking Storm since July and said that, despite the intense publicity that the network of infected computers has received, it's actually been shrinking steadily and is presently a shadow of its former self. On Saturday, he presented his findings at the Toorcon hacker conference in San Diego. IDG News Service, 10/21/07. ********** From the interesting reading department: 6 hot items on the hacker's holiday shopping list Malicious hackers and other assorted bad guys looking for new tools for plying their trade this upcoming holiday season will have plenty of toys and services to choose from. Computerworld, 10/17/07. Spammers' new MP3 trick may be short-lived A variation of spam is sliding past spam filters into inboxes, but it's not likely the new trick will be successful much longer, a security expert said Thursday. IDG News Service, 10/18/07. Firewall secures battlefield communications A security vendor that helps protect U.S. military communications has adapted its firewall for use in tanks, Humvees and helicopters to prevent enemies from intercepting IP transmissions on the battlefield. Network World, 10/19/07.   What do you think? Post a comment on this newsletter

MOST-READ STORIES: 1. 2007 network industry graveyard 2. Swearing at work is a good thing 3. 6 hot items on the hacker's holiday shopping list 4. Cisco offices raided, executives arrested in Brazil 5. Cafe Latte attack steals data from Wi-Fi PCs 6. Couple swarmed by SWAT team after 911 'hack' 7. Funniest Microsoft videos on YouTube 8. Gartner's top 10 strategic technologies for 2008 9. IBM spins OpenOffice 10. Noncertified IT pros earn more MOST-DOWNLOADED PODCAST: NW360: Cisco's offices raided; Trojan imitates Skype

Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by SonicWALL Risk Management Leads to a Secure Network Join our Webcast to learn how assessing your company's risk can lead to a more proactive sustainable security strategy. Hear respected security experts Andreas Antonopoulos from Nemertes Research and SonicWALL VP of Product Management, Patrick Sweeney, discuss this new risk management approach and its benefits. Click here to register now! ARCHIVE Archive of the Security: Threat Alert Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007