- 4chan hell raisers finding fame brings heat?
- The 10 dumbest mistakes network managers make
- NetApp quits bidding war in face of EMC opposition
- CompuServe closes after 30 years
- Google to launch open-source Chrome OS this year
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
Adobe fixes undisclosed vulnerabilities in Reader
Adobe released on Wednesday an update that fixes vulnerabilities in its widely used Reader document viewing program. Users
are urged to upgrade to Version 8.1.2, available for download on Adobe's Web site. IDG News Service, 02/06/08.
**********
Skype plugs critical cross-zone scripting hole
Skype Tuesday patched a critical vulnerability that forced it to dump several features from its VoIP and chat software to
prevent attackers from hijacking Windows PCs. Users can download the patched Skype -- Windows Version 3.6.0.248 -- from the
service's Web site.
**********
Attackers zero in on Yahoo Jukebox ActiveX flaw
Just one day after hackers showed how to exploit a number of flaws in the ActiveX software used by Internet Explorer, Symantec
has spotted online criminals using one of the attacks.
Symantec Security Response blog: That Didn’t Take Long! Unpatched Yahoo Vulnerability being Exploited in the Wild
**********
Apple patches QuickTime and iPhoto
Apple has fixed a heap overflow in QuickTime that could be exploited to run code when users visit a malicious Web site. QuickTime users should upgrade to Version 7.4.1.
The company also repaired a format string vulnerability in its popular iPhoto application. Attackers could exploit the flaw
to run malicious code on an affected machine. Users should upgrade to iPhoto 7.1.2.
iPhoto advisory
**********
Four new patches from rPath:
gd (buffer overflow, code execution)
icu (denial of service, code execution)
xorg-x11 (multiple flaws)
**********
Two new updates from Ubuntu:
PulseAudio (privilege escalation)
**********
Five new fixes from Debian:
Poppler (multiple flaws)
**********
Three new patches from Mandriva:
emacs (multiple flaws)
**********
Two new fixes from Gentoo:
SDL_image (buffer overflows, code execution)
**********
Today's malware news:
Spotted in the Wild: Rogue Microsoft Update Site
Watch out for this one. It's not the real Microsoft Update site. F-Secure blog, 02/06/08.
Storm worm dethroned by sex botnet
Romance is out and sex is in, according to security experts who said the Mega-Dik botnet has ousted the infamous Storm as
the most prolific sender of spam. The Mega-D botnet, which offers discounted sexual enhancement pills to users, delivers a
whopping 30% more spam than Storm, famous for delivering malicious Valentines cards. Computerworld, 02/04/08.
**********
From the interesting reading department:
Consumer group slams RealPlayer as 'badware'
A consumer advocacy group is blasting RealNetworks for installing adware and other software without properly notifying its
users. In a report published Thursday, StopBadware.org faults the latest version of RealPlayer for secretly installing its
Rhapsody Player Engine during the RealPlayer installation. IDG News Service, 02/04/08.
Adware recedes, but other online threats grow
If you've noticed fewer popup ads while Web surfing, it's probably more than just your anti-popup software doing its job.
So-called "nuisance adware," popups and home-page hijackers that annoy but don't usually harm your computer, has been vanquished,
though not totally eliminated. Consumer Reports Electronics Blog, 02/05/08.
Forgotten IT chores may have led to bank meltdown
The huge losses reported by French bank Société Générale, apparently caused by a rogue trader with inside knowledge of the
bank's procedures, don't necessarily point to an IT systems failure but rather to poor management of those systems, analysts
say. IDG News Service, 02/04/08.
MYOB forum over run by adult spam
A forum set up to assist users of MYOB accounting software has been so heavily crippled by spam that users have now been forced
to join other help forums, and its owner to offload the site to somebody who can better manage it. Computerworld, 02/05/08.
U.K. government denounces 'holocaust' e-mail as hoax
The U.K. government is taking unprecedented steps to combat an e-mail that has been widely distributed online. The "Holocaust
Ban" e-mail hoax claims that the Holocaust is no longer going to be studied in U.K. schools because of fears of offending
Muslims. Ed Balls, the U.K.'s secretary of state for children, schools and families, yesterday issued a statement to media
and embassies worldwide denouncing the e-mail as a hoax. Computerworld, 02/05/08.
Jason Meserve is multimedia editor at Network World.
The Leader in Network Knowledge
Comment