Apple patches Darwin Streaming Server

Virus and Bug Patch Alert This newsletter is sponsored by Symantec Security Information Management Solutions: Beyond Threat Management Learn the latest Security Information Management best practices from IT research firm Forrester Research and Symantec. Watch now and also discover how solutions are evolving, as well as how to get more out of SIM - much more than incident response and threat management. Network World's Virus and Bug Patch Alert Newsletter, 05/21/07 Apple patches Darwin Streaming Server By Jason Meserve Today's bug patches and security alerts; Apple patches Darwin Streaming Server A couple of flaws have been found in earlier versions of Apple's Darwin Streaming Server. Attackers could send specially-crafted RTSP packets to an affected machine, causing a buffer overflow. This could be exploited to run malicious code. Users should upgrade to Version 5.5.5. Network World Security Buyer's Guide Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyer's Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise. Click here to go to the Security Buyer's Guide now. ********** New 'multi' update from Trustix The latest security update from Trustix fixes flaws in elinks, MySQL, PHP, PHP4, pptpd, quagga, Samba and VIM. The most serious of these flaws could be exploited to run malicious code. ********** Two new updates from rPath: Python (data leak) libpng (denial of service) ********** Two new fixes from Ubuntu: Quagga (denial of service) KTorrent (directory traversal) ********** Two new patches from Debian: Quagga (denial of service) PHP5 (multiple flaws) ********** Four new fixes from OpenPKG: ratbox (denial of service) Quagga (denial of service) png (denial of service) Samba (multiple flaws) ********** Two new patches from Mandriva: SquirrelMail (multiple flaws) fetchmail (man-in-the-middle attack) ********** Two new updates from Gentoo: Apache mod_security (rule bypass) PhpWiki (remote code execution) ********** Today's malware news: New and 'improved' Gozi Trojan version on the loose A new, stealthier version of a previously known Russian Trojan horse program called Gozi has been circulating on the Net since April 17 and has already stolen personal data from more than 2000 home users worldwide. Computerworld, 05/19/07. New For-Profit Symbian Trojans Yesterday we received a couple interesting cases from our partner. Three new for-profit SMS Trojans that affect Symbian S60 2nd Edition and older devices. The Viver family of Trojans claim to be utility programs for Symbian phones. They have been uploaded to at least one popular file sharing site in the hopes that people will download and install them. F-Secure Blog, 05/18/07. Mespam meets Zunker In the last few months we’ve seen many recompiled variants of this Mespam coming out, and I’m reporting here some of the malicious URLs that users should absolutely never click, even if they seem to be posted by trusted friends. We have noticed that each outbreak of Mespam has a main "theme" in the spammed messages, such as postcards, jokes, screensavers, and photos, which is configured by a remote C&C center. Symantec Security Response Blog, 05/19/07. ********** From the interesting reading department: People click on the darndest things Proof that users will click on virtually anything -- behavior that hackers depend on -- has been laid out by a researcher, whose Google ad touted instant infection. More than 400 clicked through. Computerworld 05/18/07. Security to headline Interop Las Vegas Security will dominate Interop Las Vegas next week as event organizers say more than a quarter of the vendors in attendance will hawk security-related products, and the - security zone - on the show floor is filled to bursting. Network World, 05/17/07. Gone in 120 seconds: cracking Wi-Fi security WEP is dead - and here's the proof. Cracking the Wi-Fi security protocol WEP is a probability game. The number of packets required to successfully decrypt the key depends on various factors, luck included. The Register, 05/15/07. Secunia: Firefox more likely to be fully patched Firefox users have something new to brag about. Security vendor Secunia ApS reports that users of the open-source browser are more likely to have installed the latest security updates than Web surfers running Internet Explorer or Opera. IDG News Service, 05/16/07. Estonia recovers from massive denial-of-service attack A spree of denial-of-service (DOS) attacks against Web sites in Estonia appears to be subsiding, as the government calls for greater response mechanisms to cyber attacks within the European Union. IDG News Service, 05/17/07. VeriSign plugin brings green address bars to Firefox VeriSign has brought a new technology, used to identify trusted Web sites, to the Firefox browser. The Internet services vendor has released a Firefox plugin that will show the same type of green address bar that is displayed by Internet Explorer 7 when it lands on certain highly trusted Web sites that use Extended Validation Secure Sockets Layer (EV SSL) certificates. IDG News Service, 05/18/07. Symantec: Chinese hackers grow in number, skills China's hacking scene appears poised for growth, as the number of Internet users rise with a commensurate interest in criminal hacking and government spying, according to a new Symantec study. IDG News Service, 05/18/07.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. IT jargon you just love to hate 2. Microsoft won't sue over Linux - yet 3. FCC approves iPhone 4. Top 15 controversial Microsoft quotes 5. Cisco routers cause major outage in Japan: report 6. New LEDs will dazzle handhelds, PC screens and more 7. Robots attack business! A slideshow 8. A day with the 'Can you hear me now?' guy 9. Sweaty e-mails in your future? 10. Alcatel-Lucent reports employee data lost MOST-READ REVIEW: Midtier management tools register high marks

Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by Symantec Security Information Management Solutions: Beyond Threat Management Learn the latest Security Information Management best practices from IT research firm Forrester Research and Symantec. Watch now and also discover how solutions are evolving, as well as how to get more out of SIM - much more than incident response and threat management. ARCHIVE Archive of the Virus and Bug Patch Alert Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007