Skip Links

DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools

Security

Most Read

View more Most Read

Videos

rssRss Feed

Latest News

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library. Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.
See "20 big-screen summer blockbusters coming soon to a theater near you " Slideshow!
Audio

Crackin' the Kraken bot. Listen now!

Network World's Newsmaker of the Week

Wireless dangers at airports. Listen now!

Network World Panorama

Additional Resources

RSS

FEATURED WHITEPAPERS

Endpoint Security: Data Protection for IT, Freedom for Laptop Users Absolute Software

The movement towards laptop computers has fueled an unprecedented number of data breaches. For IT and Information Security, encryption and training has proven ineffective against careless users and insider threats. This paper discusses these limitations and explains how endpoint security allows remote deletion of sensitive data, tracking of computers outside the network and the physical recovery of missing computers. Learn how you can ensure mobile data protection regardless of end-user interference.

MOST READ

JUST POSTED

RSS

FEATURED REPORTS

Executive Guide: Storage Heats Up HP

Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.

MOST READ

JUST POSTED

RSS

FEATURED WEBCASTS

Learn how to Create a More Efficient Virtualized Data Center Novell

Find out how you can consolidate Windows workloads and create a more efficient virtualized data center in this informative webcast, "Reduce Complexity and Cost - Windows Server Consolidation with Virtualization." Six concise webcast modules are available for your viewing. Watch them all consecutively or only the topics that interest you. The modules cover performance, user case studies, enterprise-level support, managing windows workloads, setup and configuration and the future of virtualization. Learn more today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.

MOST READ

JUST POSTED

IT Buyer's Guides

View All Buyer's Guides

Free Newsletters

Sign up and receive the latest news, reviews and trends on your favorite technology topics

Save The Date!
What They Are Saying

So the line of defence remains is "PIN NUMBER" Wowww what a strong security ? HSBC , invest some money...- Anonymous

Join the Discussion

Mozilla patches JavaScript flaw in Firefox

Patches from Apple, Oracle, Gentoo, others Podcast: Better security for your applications Malicious microprocessor opens new doors for attack, and other interesting reading
Security: Threat Alert By Jason Meserve , Network World , 04/17/2008
  • Social Web 
  • Email 
  • Feedback 
  • Close

Mozilla patches Firefox JavaScript bug
Mozilla on Wednesday patched a single critical security vulnerability in the JavaScript engine of Firefox, updating the open-source browser to Version 2.0.0.14. Computerworld, 04/16/08.

Note: As of this writing, none of the three machines I run with Firefox have received the new update.

Read the latest WhitePaper - Fill the Gaps in Your Disaster Recovery Plan with Single Object Recovery for Active Directory

Mozilla advisory
**********

Cisco warns of NAC shared secret vulnerability
According to a Cisco advisory, "A vulnerability exists in the Cisco Network Admission Control (NAC) Appliance that can allow an attacker to obtain the shared secret that is used between the Cisco Clean Access Server (CAS) and the Cisco Clean Access Manager (CAM)." A free update is available.
**********

Want to compare security products? Visit the IT Buyer's Guides now.

Apple patches $10,000 prize-winning bug
Apple has issued a security patch for its Safari Web browser, fixing the flaw that earned one security researcher US$10,000 at the CanSecWest security conference. The flaw was exploited by Independent Security Evaluators Researcher Charlie Miller to gain access to a MacBook Air computer three weeks ago. It lies in the WebKit open-source HTML rendering engine used by Safari and several other Mac OS X programs. IDG News Service, 04/16/08.

Apple advisory
**********

Oracle patches 41 security flaws in database and other products
Oracle released 41 security fixes for its flagship database and several other products Tuesday, including 15 patches for vulnerabilities that can be exploited remotely without a username or password. Oracle database products account for 17 security patches, two of which could be exploited remotely over a network without authentication. The rest of the fixes are spread across Oracle's Application Server, Collaboration Suite and E-Business Suite products, as well as Oracle’s PeopleSoft and Siebel software. Network World, 04/15/08.

Oracel advisory
**********

VMWare updates packages
VMWare has patched flaws in its pcre, net-snmp, and OpenPegasus modules, all of which could impact its ESX server system. Attackers could exploit the vulnerabilities to launch denial-of-service attacks or potentially run malicious code.
**********

FreeBSD releases OpenSSH patch
A flaw in the way OpenSSH passes information between IPv4 and IPv6 connections could be exploited to steal infomration passing through the flawed connection. FreeBSD has released an update for this issue.
**********

Two new fixes from Mandriva:

Kernel for Corporate 4.0 (multiple flaws)

python (buffer overflow, code execution)
**********

Three new patches from Gentoo:

libpng (code execution)

Opera (multiple flaws)

Asterisk (multiple flaws)
**********

From the interesting reading department:

Podcast: Better security for your applications
Application security is more than erecting a firewall around your corporate applications. Sanjay Mehta, vice president of sales and marketing at Breach Security, talks about how application security is different from your typical hacker countermeasures. Network World.

Malicious microprocessor opens new doors for attack
For years, hackers have focused on finding bugs in computer software that give them unauthorized access to computer systems, but now there's another way to break in: Hack the microprocessor. IDG News Service, 04/15/08.

Hackers open new front in payment card data thefts
Security managers often describe their efforts to protect corporate data from being compromised as a full-fledged battle of wits against cybercrooks who are continually arming themselves with innovative tools and methods of attack. Computerworld, 04/17/08.

CEO subpoena scam fires up anew
After tricking several thousand executives into downloading malicious software earlier this week, online scammers started up their subpoena phishing scam again Wednesday, but on a much smaller scale. IDG News Service, 04/17/08.

Malware threat lists slammed as 'useless'
Security vendor PC Tools has questioned the usefulness of the threat lists used by many security companies to warn of current malware attacks. TechWorld, 04/16/08.

Myspace: Who Is Watching The Detectives Part 2
A few weeks ago, I wrote about a technique that could be used to track the people hunting bad guys on Myspace. Well, I was curious how long this had been in circulation for. Thankfully, some of the people using this are pretty stupid so of course, wandering through their photo galleries proved particularly useful. The SpywareGuide Greynets Blog, 04/16/08.

1 | 2 |  Next >
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.
First Name
Last Name
E-mail
Zip Code