Mozilla patches Firefox regression flaw

Security: Threat Alert This newsletter is sponsored by NetApp Whitepaper: Server virtualization for SMBs Server virtualization is not only meant for the largest enterprise organizations. In this whitepaper, Server Virtualization for Small and Medium-size Businesses, learn how this technology is ideal for smaller IT shops. This whitepaper explains how simplifying hardware and server applications with virtualization software allows for key operational improvements. Network World's Security: Threat Alert Newsletter, 11/05/07 Mozilla patches Firefox regression flaw By Jason Meserve Today's bug patches and security alerts: Mozilla offer stability update to Firefox It doesn't include planned Leopard enhancements, but Firefox developers have released an update to their open-source software, fixing bugs that had been causing the browser to crash at startup, render Web pages improperly or disable add-ons for some users. IDG News Service, 11/02/07. Webcast: Get the latest on NAC Learn the latest on Network Access Control in Network World's Perspectives Editorial Webcast. Discover how IT professionals can leverage this hot security technology in their networks, while also learning about key management areas that have not yet been perfected. To learn more click here. Bug notes ********** Apple update melts iMac screen freeze fault Apple has released a software patch that addresses a widely reported flaw in which iMac screens would freeze. Early last month Apple conceded that a software update it had issued caused some iMacs to freeze during use. Apple's own website notes on the update say only: "This update provides important bug fixes and is recommended for 20-inch and 24-inch iMac models with 2.0, 2.4, or 2.8GHz processors." ********** Four new patches from Mandriva: Opal (denial of service) CUPS (code execution) xen (code execution) pwlib (denial of service) ********** Three new fixes from Gentoo: Gallery (multiple flaws) OpenSSH (authentication bypass) gFTP (multiple flaws) ********** Today's malware news: Don't Update With That Update.exe Some malware authors are still fond of using the good old techniques to spread their wares. One of these techniques is to send e-mail messages with "Security Updates", released by a well-known software vendor. F-Secure, 11/01/07. The Double Attack: Windows Attack and now also Mac Attack Many Internet surfers learned a lesson when their computers were infected by visiting questionable Web sites. These surfers began using Macs as most malware target the Windows operating system. Well, soon enough, it may not matter which OS you are using. Symantec Security Response blog, 11/01/07. Trojan.Bayrob strikes again! Recent reports have shown that Trojan.Bayrob is scamming people again. The latest victim lost over -- 5,000 to the scam but luckily was able to track down where the money had been sent. Unfortunately the final destination for the money was a Western Union outlet in Greece, after having been first sent through a money mule in the US. Symantec Security Response blog, 11/01/07. Hackers sneak tricks into MySpace band pages Several band profiles on MySpace have been hacked to serve up some nasty tricks, according to security vendor FaceTime Communications. The bands' MySpace pages have a transparent overlay that, when clicked, either links to a Web site that tries to start downloading malware disguised as a media codec or attempts to exploit a browser security flaw, said Chris Boyd, security research manager with FaceTime. IDG News Service, 10/31/07. Taxable Phish A few days ago our good friends at SANS posted an entry in their diary about a possible IRS scam about to happen. Well, it happened. We were able to acquire a copy of the spammed e-mail and analyze the malicious behavior -- we believed that the e-mail itself had to be included in our analysis. Symantec Security Response blog, 11/01/07. ********** From the interesting reading department: Security pros: Leopard needs to be fixed The security features introduced in Apple's Leopard operating system need work. That's according to security experts who have been putting the new version of Mac OS X through its paces since the upgrade was introduced Oct. 26. IDG News Service, 11/02/07. One in six PCs could be infected with malware As many as one in six PCs may have active spyware or malware infections. A recent study performed by U.K. security vendor Prevx of 300,000 PCs showed that 15.6 % of those machines had at least one active spyware or malware program installed. These programs, which include keyboard loggers that record keystrokes, information stealers and fake antispyware, are emerging at rates of 5,000 to 10,000 per day, company officials say. Network World, 11/02/07. Cyber jihad set for Nov. 11 Security experts are saying that a reported al-Qaeda cyber jihad attack planned against Western institutions should be treated with skepticism. IDG News Service, 10/31/07. Two charged with hacking PeopleSoft to fix grades Two California men are facing 20 years in prison on charges they hacked into a California state university's PeopleSoft system to change their grades. IDG News Service, 11/02/07. Editor's note: Starting the week of Nov. 12, subscribers to the HTML version of this newsletter will notice some enhancements to the layout that will provide you with easier and clearer access to a wider range of resources at Network World. We hope you enjoy the enhancements and we thank you for reading Network World newsletters.   What do you think? Post a comment on this newsletter

MOST-READ STORIES: 1. Networking's 50 greatest arguments 2. PDF spam back with a vengeance 3. Storm worm FAQ 4. DARPA looks to adaptive battlefield wireless nets 5. Cyber jihad set for Nov. 11 6. Bot-herders for Ron Paul? 7. Humans will love, marry robots by 2050 8. Gitmo gets high-bandwidth makeover 9. Top 10 real life Star Trek inventions 10. Cisco Certs are dead MOST POPULAR VIDEO: Video: Fine art from hackers?

Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by NetApp Whitepaper: Server virtualization for SMBs Server virtualization is not only meant for the largest enterprise organizations. In this whitepaper, Server Virtualization for Small and Medium-size Businesses, learn how this technology is ideal for smaller IT shops. This whitepaper explains how simplifying hardware and server applications with virtualization software allows for key operational improvements. ARCHIVE Archive of the Security: Threat Alert Newsletter. BONUS FEATURE 90% of IT Managers are leaving their company at risk for a DNS ATTACK. Get the tools and resources you need to keep your DNS healthy and secure. Run a DNSreport on your domain today - 56 critical tests run in 8 seconds. Visit www.dnsreport.com to learn more. (apply coupon NWW2007NLA for a 25% membership discount) PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007