Monday, September 24, 2007

VMware squashes bugs

Network World

Security: Threat Alert




Network World's Security: Threat Alert Newsletter, 09/24/07

VMware squashes bugs

By Jason Meserve

Today's bug patches and security alerts:

VMware bugs shine spotlight on virtualization security

A set of newly discovered flaws in components of VMware's virtual machine software has called attention to some of the security risks associated with the practice of running virtual computers on a single system. VMware has updated its products to fix the security bugs, disclosed Wednesday, but users who have not updated their software could face serious security risks thanks to a trio of flaws in the DHCP server that ships with VMware. IDG News Service, 09/20/07.

Webcast: Get the latest on NAC

Learn the latest on Network Access Control in Network Worlds Perspectives Editorial Webcast. Discover how IT professionals can leverage this hot security technology in their networks, while also learning about key management areas that have not yet been perfected.

To learn more click here.

VMware advisory
**********

Flaws found in CA ARCserve

According to eEye Digital Security, "multiple vulnerabilities [have been found] within CA ARCserve for Laptops & Desktops (L&D), an enterprise-level backup software suite designed for workstations. The vulnerabilities can be utilized by an attacker to execute arbitrary code on a remote system anonymously over TCP/1900." CA has released an update.

CA advisory
**********

Trustix releases 'multi' update

The latest update from Trustix fixes flaws in fetchmail and quagga. Attackers could exploit these flaws in denial-of-service attacks.
**********

Three new updates from Debian:

OpenOffice.org (heap overflow, code execution)

kdebase (logins without a password)

fetchmail (denial of service)
**********

Two new updates from Mandriva:

OpenOffice.org (heap overflow, code execution)

PHP (multiple flaws)
**********

Two new patches from Gentoo:

ClamAV (multiple flaws)

rSync (buffer overflows)
**********

Today's malware news:

Patch bulletin e-mail?

If you've recently received an e-mail with an attachment or link, asking you to install a patch or an update from Microsoft, please beware as this is in all probability a hoax and could transfer control of your computer to some unknown entity anywhere in the world. Symantec Security Response Weblog, 09/21/07.
**********

From the interesting reading department:

From the "ooops"-department: Symantec issues bogus warning of full-scale Internet meltdown

Symantec's early warning system gave its enterprise customers a brief scare late Friday when it erroneously sent an alert that said an Internet-crippling attack was in progress. Computerworld, 09/22/07.

Botnets: Not just for spamming anymore

With a conservative botnet size of say, 10,000 computers, what else can an attacker use it for? One popular approach (understandably so) is to use the botnet to make easy money. Symantec Security Response Weblog, 09/20/07.

Hackers steal server log-ins from hosting vendor

Server hosting vendor Layered Technologies admitted this week that hackers broke into its support database and madeoff with as many as 6,000 client records, including log-in information that could give criminals access to clients' servers. Computerworld, 09/20/07.

Researcher sees potential iPhone security problems

Apple's iPhone is a tough target for hackers, but a security researcher warned Friday that there are ways the sleek device could potentially be compromised. IDG News Service, 09/21/07.

Your Money or Your E-mail

If someone broke into your free Web mail account, reset your password and issued a $100 ransom demand, would you pay up? The answer might depend on how careless you've been with your passwords, and how many e-commerce sites you have registered to that address. Security Fix blog, 09/20/07.


  What do you think?
Post a comment on this newsletter

TODAY'S MOST-READ STORIES:

1. Daylight saving time issue reappears on IT radar
2. Gartner: Open source impossible to avoid
3. How much does the store owe this PC buyer?
4. Nortel replaces Enterprise chief
5. The end of booth-babe culture?
6. One less reason to adopt IPv6?
7. New Nortel Enterprise boss talks game plan
8. Obsolete WEP Wi-Fi gets new security shield
9. Cisco's risky business of acquisitions
10. Ameritrade leak started earlier than reported

MOST-DOWNLOADED PODCAST:
NW Panorama: 5 Cool iPod Tips and Tricks


Contact the author:

Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog.

Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair"



ARCHIVE

Archive of the Security: Threat Alert Newsletter.


BONUS FEATURE

IT PRODUCT RESEARCH AT YOUR FINGERTIPS

Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details.


PRINT SUBSCRIPTIONS AVAILABLE
You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today.

International subscribers, click here.


SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here.

This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription.


Advertising information: Write to Associate Publisher Online Susan Cardoza

Network World, Inc., 118 Turnpike Road, Southborough, MA 01772

Copyright Network World, Inc., 2007

No comments:

Post a Comment