Skip Links

DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools

Security

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library.  Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.
Audio

Crackin' the Kraken bot. Listen now!

Network World's Newsmaker of the Week

Wireless dangers at airports. Listen now!

Network World Panorama

Additional Resources

RSS

FEATURED REPORTS

Executive Guide: Storage Heats Up HP

Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.

RSS

FEATURED WEBCASTS

HP Live Webcast: Create a more efficient NOC HP

HP's Network Lifestyle Management can help you automate network processes and improve NOC efficiency. This webinar is part three of a four part series on Business Services Management (BSM) evolution to help you better align IT with business objectives. Register for this event scheduled for Wednesday, January 30, 2008 at 11:00 a.m. PDT/2:00 p.m. EDT to learn more. Register for this live webcast now.

IT Buyer's Guides

View All Buyer's Guides

Free Newsletters

Sign up and receive the latest news, reviews and trends on your favorite technology topics

Save The Date!
What They Are Saying

Where did it go? Was it fed to fishes- Anonymous

Join the Discussion

iFrame attacks and Facebook spam

Hackers expand massive IFRAME attack to prime sites Patches from VMWare, CA, Ubuntu, others With Vista breached, Linux unbeaten in hacking contest, and other interesting reading
Security: Threat Alert By Jason Meserve , Network World , 03/31/2008
  • Social Web 
  • Email 
  • Feedback 
  • Close

Today's malware news:

Hackers expand massive IFRAME attack to prime sites
The massive attacks against hundreds of thousands of Web pages that started earlier this month has spread to some of the Internet's most prominent sites, including those for USA Today, ABC News, Target and Wal-Mart, researchers said Friday. Computerworld, 03/29/08.

Also: Major Web sites hit with growing Web attack

Spam 2.0 Moves to Facebook
Fortinet Global Security Research Team warns about hijacked Facebook accounts posting deceptive messages on Wall. Fortinet, 03/28/08.

Also: Worm Blog: Facebook Worm?

IRS warns of new online tax scams; protect yourself
Scam artists exploiting tax season have devised a range of new online cons: fake tax documents that contain malicious surprises; mass distribution of keyloggers aimed at snatching the identity of PC-based tax filers; and e-mail messages containing links to Web sites that promise new tax code information but instead push malware onto your PC. PC World, 03/29/08.
**********

Today's bug patches and security alerts:

VMWare releases patch for ESX
A flaw in the libxml2 that could be exploited in a denial-of-service attack against VMWare's ESX server has been patched. VMware ESX 2.5.5 before Upgrade Patch 6 or VMware ESX 2.5.4 before Upgrade Patch 17 are vulnerable and should download the latest update.
**********

CA patches multiple products
According to an advisory, "CA products that implement the DSM ListCtrl ActiveX control are vulnerable to a buffer overflow condition that can allow a remote attacker to cause a denial of service or execute arbitrary code with the privileges of the user running the web browser."
**********

Four new patches from Ubuntu:

Ruby (multiple flaws)

SDL_image (multiple flaws)

libnet-dns-perl (denial of service)

Dovecot (authenticaion bypass)
**********

Five new fixes from Debian:

iceape (multiple flaws)

exiftags (multiple flaws)

xulrunner (multiple flaws)

policyd-weight (non-secure temp files)

firebird2 (multiple flaws)
**********

Four new updates from Mandriva:

Firefox (multiple flaws)

sarg (multiple flaws)

openssh (session hijack)

perl-Tk (denial of service)
**********

From the interesting reading department:

Audit Your Web Server Lately?
Web servers being hacked is nothing new and Web administrators continue to maintain their servers in the attempt to prevent this from happening. Well, it might a good time for everyone to audit their servers again because we have confirmed yet again another campaign of IFRAME injection attacks today. Symantec Security Response blog, 03/28/08.

With Vista breached, Linux unbeaten in hacking contest
The MacBook Air went first; a tiny Fujitsu laptop running Vista was hacked on the last day of the contest; but it was Linux, running on a Sony Vaio, that remained undefeated as conference organizers ended a three-way computer hacking challenge Friday at the CanSecWest conference. IDG News Service, 03/29/08.

Video: Gone in 2 minutes

Art and science: Bruce Schneier shares security ideas at museum
Bruce Schneier shared his ideas about the psychology of security, and the need for thinking sensibly about security, in his hometown Wednesday night when he gave a lecture at the Weisman Art Museum on the campus of the University of Minnesota. Network World, 03/28/08.

Computers plus people equals risk, tech expert says
Companies are relying too much on technology to run their businesses, a trend that doesn't account for unpredictable situations that humans still deal with better than machines, a technology expert said Thursday. IDG News Service, 03/27/08.

Google: Web sites slow to fix serious Flash flaws
Two months after Adobe Systems patched a serious flaw in its Flash development software, there are still hundreds of thousands of Web pages serving up buggy Shockwave Flash (.swf) files that could be exploited by hackers, according to a Google researcher. IDG News Service, 03/27/08.

Google search behind most phishing sites
Three-quarters of phishing sites are built on hacked servers that have been tracked down using pre-programmed Google search terms, according to research from brand-protection firm MarkMonitor. TechWorld, 03/28/08.

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.
First Name
Last Name
E-mail
Zip Code