Sun patches Java bugs

Security: Threat Alert This newsletter is sponsored by Postini Invitation to exclusive webinar series on communications security Need help managing your electronic communications? Join experts from Postini for a 30 minute Safe & Sound webinar series. You will explore concepts as they apply to communications security. Register today! Network World's Security: Threat Alert Newsletter, 10/08/07 Sun patches Java bugs By Jason Meserve Today's bug patches and security alerts: Sun patches critical Java bugs Sun patched 11 vulnerabilities in the Windows, Linux and Solaris versions of its Java Runtime Environment and Java Web Start yesterday, including several rated critical by outside researchers. Computerworld, 10/04/07. Webcast: Get the latest on NAC Learn the latest on Network Access Control in Network World's Perspectives Editorial Webcast. Discover how IT professionals can leverage this hot security technology in their networks, while also learning about key management areas that have not yet been perfected. To learn more click here. Sun advisory ********** Microsoft schedules 7 patches for next week Microsoft Thursday slated seven security updates for release next Tuesday that target vulnerabilities in Windows, Internet Explorer, Outlook Express, Word and SharePoint. Of the seven bulletins expected Oct. 9, four will be rated "critical," Microsoft's highest ranking, while the remainder will be labeled "important," the next-lower rating. What details Microsoft was willing to share prior to the patches' debut were posted to the prepatch notification filed on the company's Web site this morning. Computerworld, 10/05/07. Microsoft advance bulletin ********** Two new updates from Gentoo: RPCSEC_GSS library (buffer overflow) Bugzilla (multiple flaws) ********** Two new patches from Debian: xen-utils (multiple flaws) GForge (cross scripting, code execution) ********** Four new fixes from Ubuntu: ImageMagick (multiple flaws) debian-goodies (buffer overflow, privilege escalation) libsndfile (buffer overflow, code execution) OpenOffice.org (integer overflow, code execution) ********** Today's malware news: "Hentai" Trojan spammed We've received multiple reports of hent.zip being spammed via e-mail in variable messages. F-Secure blog, 10/05/07. PDF spam on the comeback trail? Are spammers trying their hand at PDF spam again? Symantec has observed a small comeback of PDF spam in the early days of October. PDF spam volume was observed at about zero percent at the end of September and is currently at around two percent. Symantec Security Response Weblog, 10/05/07. ********** From the interesting reading department: Microsoft plays 'Detective' to determine phishing frequency Microsoft's research arm has been quietly collecting data through an add-on service to its Windows Live Toolbar to determine how often Web users actually fall prey to phishing attacks. IDG News Service, 10/05/07. U.S. government e-mail server turns into spam cannon Subscribers to a U.S. Department of Homeland Security daily e-mail bulletin were inundated with dozens of e-mails on Wednesday due to a glitch with the mailing list. IDG News Service, 10/04/07. Security vendors bring zombie fighters to life Data leakage prevention might currently be the hottest IT security submarket, but vendors are also tuning up their product offerings to help customers ward off the presence of botnet-infected zombie computers. InfoWorld, 10/05/07. Rock Phish may be using fast flux in phishing attacks The elusive "Rock Phish" group continues to be innovative. The group appears to have started using the so-called "fast flux" method to fool researchers and elude detection, according to new security research. Computerworld, 10/05/07. Bad things lurking on government sites The U.S. federal government took steps earlier this week to shut down Web sites in California in order to protect the public from hacked Web sites, but new incidents show that the problem is not going away any time soon. IDG News Service, 10/05/07. Social Security numbers of 450,000 Mass. licensees released The Massachusetts Division of Professional Licensure (DPL) last month mailed out 28 computer disks containing publicly available information such as names and addresses of state licensees to 23 individuals who requested the public records. Computerworld, 10/05/07. EBay: Phishers getting better organized, using Linux When it comes to launching online attacks, criminals are getting more organized and branching out from the Windows operating system, eBay's security chief said Tuesday. IDG News Service, 10/04/07.   What do you think? Post a comment on this newsletter

MOST-READ STORIES: 1. Two schools flunk Cisco switches 2. Top 10 reasons Web sites get hacked 3. Salary survey: IT pay falls short 4. Feds pull plug on ca.gov 5. Fed 'fix' knocks ca.gov for a loop 6. Science stumbles on with Ig Nobel awards 7. DHS e-mail server turns into spam cannon 8. Ig Nobel: Honoring weird science at Harvard 9. This year's 25 Geekiest 25th Anniversaries 10. NAC alternatives hit the mark MOST-DOWNLOADED PODCAST: Twisting in a Web 2.0 world

Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by Postini Invitation to exclusive webinar series on communications security Need help managing your electronic communications? Join experts from Postini for a 30 minute Safe & Sound webinar series. You will explore concepts as they apply to communications security. Register today! ARCHIVE Archive of the Security: Threat Alert Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007