 Security: Threat Alert
Network World's Security: Threat Alert Newsletter, 11/12/07 Two patches coming from Microsoft By Jason Meserve Today's bug patches and security alerts: Microsoft: Just two security updates coming next week
Security administrators should have a pretty easy time of it next Tuesday as Microsoft says it will issue just two updates in its monthly security software release. Microsoft said Thursday that next week's updates will include a critical update for the Windows operating system as well as a less-serious "important" Windows update. IDG News Service, 11/08/07. Microsoft advanced advisory | Webcast: Get the latest on NAC Learn the latest on Network Access Control in Network World's Perspectives Editorial Webcast. Discover how IT professionals can leverage this hot security technology in their networks, while also learning about key management areas that have not yet been perfected. To learn more click here. | | Update: Buggy game DRM puts Windows users at risk
Flawed antipiracy software now being exploited by attackers has been bundled with Windows for the last six years to protect game publishers, Macrovision Corp. said today. The "secdrv.sys" driver has shipped with all versions of Windows XP, Windows Server 2003 and Windows Vista "to increase compatibility and playability" of games whose publishers license Santa Clara, Calif.-based Macrovision's SafeDisc copy-protection offering, Macrovision spokeswoman Linda Quach said in an e-mail. "Without the driver, games with SafeDisc protection would be unable to play on Windows," said Quach. Computerworld, 11/07/07.
********** Exploit code out for Oracle Database 10g vulnerability
With exploit code in circulation and no patch available for a buffer-overflow bug, Oracle Corp.'s flagship database software is open to attack, security researchers said today. The vulnerability was first disclosed yesterday by VeriSign Inc.'s iDefense Labs, which issued an advisory outlining the flaw in Oracle Database 10gR2. Earlier versions of the enterprise database software may also be at risk, iDefense cautioned. Computerworld, 11/08/07. iDefense advisory: Oracle 10g R2 PITRIG_DROPMETADATA Buffer Overflow Vulnerability
********** Asterisk shoots down false security flaw advisory
From the Asterisk development team: This advisory is a response to a false security vulnerability published in several places on the Internet. Had Asterisk's developers been notified prior to its publication, there would be no need for this. There is a potential for a buffer overflow in the sethdlc application; however, running this application requires root access to the server, which means that exploiting this vulnerability gains the attacker no more advantage than what he already has. As such, this is a bug, not a security vulnerability.
********** Four new patches from Debian: Horde3 (multiple flaws) zope-cmfplone (code execution) Gallery 2 (authentication bypass) phpMyAdmin (multiple flaws)
********** Three new fixes from Mandriva: OpenLDAP (denial of service) FLAC (denial of service, code execution) pcre (code execution)
********** Three new updates from Gentoo: 3proxy (denial of service) Tomboy (code execution) Nagios Plugins (multiple flaws)
********** Today's malware news: There's nothing to see here, please move along now
Today is 11th of 11th and there's supposed to be an "electronic jihad attack" today. Well, so far we haven't seen any activity. F-Secure Antivirus Research blog, 11/11/07. Trojan Writer Lusts for Money from Affiliate
Since the start of this past September, my daily tasks have included investigating Trojan.Farfli, which is updated frequently. On the dark side of things, the author of the Trojan has daily tasks that are closely related to mine: updating Trojan.Farfli. Symantec Security Response blog, 11/09/07.
********** From the interesting reading department: Hackers target Alicia Keys MySpace page
The MySpace page of pop singer Alicia Keys appears to have been hacked and is emitting exploit code that can trick visitors to the page, according to a security vendor. Network World, 11/09/07. Also: MySpace problems began days before Alicia Keys hack Antispam group targets transactions, not messages
A father-son team that has dedicated time and energy to fighting spam says that as of today, it has shut down more than 50,000 Web sites that use unwanted messages to lure traffic. The team, named KnujOn (pronounced "new john"; the word is 'no junk' spelled backwards), has spent the last two years relentlessly following the links embedded in spam messages to determine what Web sites they point to, and has shut those illicit sites down. Network World, 11/08/07. Major Russian crime hub suddenly dies
One of the Internet's most notorious malware and software exploit hubs, the Russian Business Network (RBN), has suddenly gone offline. IDG News Service, 11/087/07. Microsoft stands by its invite to arrested hacker
Microsoft's security team took a bit of a chance a few weeks ago, when it invited Roberto Preatoni to give a talk at its Redmond campus. Preatoni is the founder of Wabisabilabi, a Switzerland-based company that bills itself as an auction site for the software bugs that companies like Microsoft never want anybody to see. He spoke at Microsoft in late September as an invited guest at Microsoft's semi-annual Blue Hat security conference. IDG News Service, 11/09/07. Virus database tracks vendor performance
A new online malware database details the latest virus outbreaks from around the world, and shows which antivirus tools were able to block the threats and which ones failed. Network World, 11/09/07. Symantec: Data breaches, phishers, attack kits top threats of '07 (so far)
With a little over seven weeks to go in 2007, Symantec Corp. is already looking back at the year's top threats, highlighting what it considers to be the biggest security news of 2007 -- so far, at least -- and what it expects to dominate the security agenda for 2008. 11/08/07. 17 charged in massive ID theft bust
The operators of a New York business have been charged with running a massive identity-theft and money-laundering operation that raked in more than $35 million over a four-year period. Hacker pleads guilty to creating botnets
A hacker has pleaded guilty to infecting hundreds of thousands of computers with malware in order to steal money from Paypal accounts. He could spend 60 years in prison and face a $1.75 million fine. IDG News Service, 11/10/07. Editor's note: Starting the week of Nov. 19, subscribers to the HTML version of this newsletter will notice some enhancements to the layout that will provide you with easier and clearer access to a wider range of resources at Network World. We hope you enjoy the enhancements and we thank you for reading Network World newsletters.
| 
0 comments:
Post a Comment