- Chinese Internet censorship: An inside look
- Desktops of the future here today
- What network CEOs really make
- DoD sold counterfeit network gear
- Sci-Fi's goofiest gadgets and technology
Rss FeedRss Feed
Crackin' the Kraken bot. Listen now!
Wireless dangers at airports. Listen now!
Discover Juniper's continued commitment to the enterprise with its new line of LAN switches and a series of partnerships with several IT vendors, including IBM, Microsoft and Oracle. Customers can expect a tighter integration between Juniper and its vendor partner's products. Get all of the details in this informative report from respected consulting firm IDC.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
HP's Network Lifestyle Management can help you automate network processes and improve NOC efficiency. This webinar is part three of a four part series on Business Services Management (BSM) evolution to help you better align IT with business objectives. Register for this on-demand webcast now.
what
is wrong
with you
dont you
like to
read two
inch text
articles?- Anon3233
Apple issues mega-monster security update
Apple Tuesday issued a record-breaking security update that patched nearly 90 vulnerabilities in both its own code and the
third-party applications it bundles with its Tiger and Leopard operating systems. Computerworld, 03/19/08.
Apple's Security Update 2008-002
Apple updates Safari browser, busts 13 bugs
Apple Inc. today patched 13 vulnerabilities in Safari with an update that takes the browser to Version 3.1. Only one of the
patched bugs carried Apple's most dire warning -- that the flaw could result in "arbitrary code execution." Computerworld,
03/18/08.
Apple updates AirPort Extreme Base Station
A new firmware update is out for Apple's 802.11n AirPort Extreme Base Station. Firmware version 7.3.1 fixes an input validation
flaw that could be exploited in a denial-of-service attack agaist the unit.
**********
VMware fixes security bugs
VMware has identified and fixed seven security bugs in the free version of its hypervisor, which could let hackers launch
denial-of-service, change user privileges and forge RSA key signatures. Network World, 03/17/08.
Secunia: VMware Server Multiple Vulnerabilities
**********
Malicious subtitle file could trip up VLC media player
A flaw in the widely-used open-source VLC media player could allow an attacker to execute harmful code on a PC. The problem
stems from a buffer overflow that can occur when the player processes subtitle files used for movies, according to a security
advisory. IDG News Service, 03/18/08.
SecurityVulns advisory
**********
Two flaws found in Kerberos 5
MIT is advising users of two flaws found in its Kerberos 5 network authentication protocol. Both flaws could be used in a
denial-of-service attack against an affected system and there's a slight chance malicious code could be run as well. Patches
are available.
MIT advisories:
MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc
MITKRB5-SA-2008-002: array overrun in RPC library used by kadmin
Two Linux vendors are already out with related patches:
Ubuntu: Kerberos vulnerabilities
Debian: krb5
**********
Multiple flaws in Asterisk patched
According to a Secunia advisory, "Some vulnerabilities have been reported in Asterisk, which can be exploited by malicious
people to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system."
Patches are available.
Asterisk advisories:
AST-2008-005: HTTP Manager ID is predictable
AST-2008-004: Format String Vulnerability in Logger and Manager
AST-2008-003: Unauthenticated calls allowed from SIP channel driver
AST-2008-002: Two buffer overflows in RTP Codec Payload Handling
**********
Nine new updates from Debian:
ikiwiki (cross-scripting flaw)
backup-manager (password disclosure)
ldapscripts (password disclosure)
Dovecot (privilege escalation)
icedove (multiple flaws)
**********
Two new fixes from Mandriva:
unzip (invalid pointer, code execution)
Nagios (multiple flaws)
**********
Six new patches from Gentoo:
Adobe Acrobat Reader (non-secure temp files)
PCRE (buffer overflow, code execution)
Website META Language (non-secure temp files)
LIVE555 Media Server (denial of service)
**********
From the interesting reading department:
Hannaford supermarket chain discloses data breach involving credit, debit cards
Portland, Maine-based supermarket chain Hannaford Brothers Monday disclosed it has suffered a data intrusion into its computer
network that has resulted in the theft of customer credit and debit card numbers. (EEK! I've shopped at Hannaford stores from
time to time!) Network World, 03/17/08.
Pennsylvania pulls plug on voter site after data leak
With voting in Pennsylvania's presidential primary just a month away, the state was forced to pull the plug on a voter registration
Web site Tuesday after it was found to be exposing sensitive data about voters in the state. IDG News Service, 03/19/08.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Are we reading the same newsletter?By Adam Gaffin on March 20, 2008, 12:07 pmThe very top of the newsletter is about Apple security issues. All the way at the bottom are some headlines that are clearly not about Apple but about security...
Reply | Read entire comment
Unfortunate headlineBy disintegral on March 20, 2008, 11:41 amIt's unfortunate that the headline "Not a Good Week for Apple" is followed by Patches from Debian, Mandriva, Gentoo, others Hannaford supermarket chain discloses...
Reply | Read entire comment
View all comments