Thursday, December 13, 2007

Skype forgets to tell users about patch

Security: Threat Alert

Network World logo
NetworkWorld.com | Security Research Center | Update Your Profile
Skype forgets to tell users about patch

Jason Meserve By Jason Meserve
Is it a good thing when a vendor doesn't tell you about a vulnerability and doesn't tell you about the patch it released for said flaw? Skype users get to answer that question this week. Also, Microsoft Patch Tuesday brings three critical flaws and Debian, rPath, Mandriva and Gentoo released fixes. Read full story

Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog.

Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair"

MORE STORIESARROW


SPONSORED BY QUANTUM SSG
rule

Learn the Benefits of Data Deduplication
If "capacity bloat" has you down read this report from Enterprise Strategy Group today. Learn how data deduplication reduces backup capacity requirements, lowers costs, lets users save data longer, requires little media management and much more. Discover how this technology can give your data backup system the boost it needs. Download this report now.

rule
RELATED NEWS:

Scary tech stories: How dangerous user behavior puts networks at riskAs CIO at Bunker Hill Community College, Bret Moeller embraces students experimenting with technology as part of their education, but he'd prefer if their independent studies didn't involve hacking into the college's network. Network World, 12/10/07.

IT managers fight to keep up with ESX patches
An increasingly large number of patches are being issued for VMware's ESX Server, and system administrators could be struggling to keep up, so says a virtualization blog site Virtualization.info. TechWorld, 12/10/07.

Attackers poised to exploit Olympics, presidential elections in 2008
It was the year of the data breach in 2007, with the TJX fiasco topping a long list of data heists. So what afflictions are in store for 2008? Network World, 12/11/07.

Spam flood hit '07 high in November, says SymantecSpam surged to 72% of overall e-mail traffic monitored by Symantec in November, the highest percentage for any month this year, according to Symantec's monthly "State of Spam Report." Network World, 12/11/07.

Symantec Security Response blog: December State of Spam Report

Trusted users pose significant security threats, survey finds
It probably doesn't give security managers much comfort to hear that the majority of internal employees that pose a significant threat to network security are well-meaning, innocent offenders -- as opposed to those with malice on the mind. Network World, 12/10/07.

Duke Law School applicants warned of possible ID theft
About 1,400 Duke Law School applicants and two current students are being warned about identity theft concerns after hackers broke into the law school's Web site, where their Social Security numbers were stored in a connected database. Computerworld, 12/10/07.

The 2007 Security Hall of Shame
How bad was 2007 for breaches, vulnerabilities and similar mayhem? On the bright side, it was better than 2008 is forecast to be. With more of every sort of meltdown predicted -- more criminalization of the hacker community, more Web-application attacks, more phishing, more spamming, more zero-day attacks and more virtualization-related threats -- we're happy to tell you that you are likely to look back on 2007 as the peaceful old days. Computerworld, 12/11/07.

Wabisabilabi selling remote exploit for SAP
A vulnerability that affects SAP's MaxDB hasn't garnered any bids yet on a controversial auction site for computer vulnerabilities. If exploited, the problem would let an attacker access the entire contents of the database, according to Wabisabilabi, which is offering proof-of-concept code and details on its vulnerability auction site. Bidding starts at $4,407. IDG News Service, 12/11/07.

Cookie forgery tools pose danger, says researcher
A pair of open-source tools that sniff network traffic for cookies, then use the data to feed those purloined files back to Web sites, will let hackers easily impersonate users, a security expert said yesterday. Computerworld, 12/11/07.

iPhone to be target of hackers in 2008
The iPhone has been the target of many users who wanted to customize the way it looks and hackers who wanted to use the device on other wireless networks since it was released in June. However, Arbor Networks predicts the seriousness of attacks on the iPhone will increase in 2008. MacWorld, 12/12/07.


THE FASTEST FIREWALLS
Clear Choice Test  Crossbeam, IBM win raw performance test; Juniper scores on price.

HOLIDAY GIFT GUIDE
2007 Cool Yule Tools - Holiday Gift Guide Find the very best tech holiday gift ideas.

SPONSORED BY QUANTUM SSG
rule

Learn the Benefits of Data Deduplication
If "capacity bloat" has you down read this report from Enterprise Strategy Group today. Learn how data deduplication reduces backup capacity requirements, lowers costs, lets users save data longer, requires little media management and much more. Discover how this technology can give your data backup system the boost it needs. Download this report now.

rule

Holiday Tech Toys
Stumped on what gadgets and gizmos to give this holiday? Have no fear, Cool Tools' Keith Shaw is here. We do all of the heavy lifting of wading through hundreds of submitted technology products to find the very best holiday gift ideas. Click here to view our holiday gift guide: http://www.nww.com/PSA2_1210

Featured reader resource

90% of IT Managers are leaving their company at risk for a DNS ATTACK. Get the tools and resources you need to keep your DNS healthy and secure. Run a DNSreport on your domain today - 56 critical tests run in 8 seconds.

Visit www.dnsreport.com to learn more. (apply coupon NWW2007NLA for a 25% membership discount)

 

12/13/07

TODAY'S MOST-READ STORIES:

  1. Payment processor accused of taking millions
  2. AT&T employees sound off on telework cuts
  3. Microsoft pulls plug on potty-mouth Santa
  4. Scary tech stories
  5. Top six Cisco acquisitions of 2007
  6. The nine worst Microsoft products
  7. 2007 Cool Yule Tools gift guide
  8. Review: Who's got the fastest firewall?
  9. AT&T expands reach of 40G backbone
  10. Wireless hits crossroads, Part 2


TOP 100 OF 2007


Executive Guide The Security Treadmill

This Executive Guide offers interviews with leading, real-world security experts who tell you how to get inside users' heads, fight for a bigger security budget, and whether VoIP security issues are overstated or underrated, and much more. Review this informative guide today.

Click Here for More Information



IT Buyers guide

IT Buyer's Guides
Compare products, get advice, and check out tests and reviews from the experts at Network World. Over 70 categories. Visit now.

 


To continue receiving NetworkWorld's Security: Threat Alert newsletter, please add @nwfnews.com to your white list.

COMPLIMENTARY SUBSCRIPTIONS AVAILABLE
As a NW newsletter subscriber you are eligible to receive 50 issues of Network World Magazine, in print or electronic format, free of charge.

Sign up for your subscription today: Apply here. International subscribers,click here.

 

SUBSCRIPTION SERVICES
To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here.

Terms of Service/Privacy

Network World, Inc., 118 Turnpike Road, Southborough, MA 01772
Copyright Network World, Inc., 2007

 

 



No comments:

Post a Comment