Security a hot topic at Interop 2008

Patches from rPath, Debian, Mandriva New techniques hide PDF malware Video: Don't get Pinched by the latest malware

Researcher finds new flaw in QuickTime for Windows
A security think tank says it has found a vulnerability in Apple's QuickTime multimedia player that can be exploited remotely to compromise Windows Vista PCs upgraded to Service Pack 1, as well as XP SP2. From the scant details published on the GNUCitizen's blog, the exploit involves a maliciously crafted media file. When a user opens the file, which can be hosted on a Web site, the vulnerability in QuickTime allows the hacker to take complete control of the machine, according to Petko D. Petkov, known to the hacking community as "pdp."

GNU Citizen's blog: QuickTime 0day for Vista and XP
**********

Two new updates from rPath:

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Researcher finds new flaw in QuickTime for Windows
A security think tank says it has found a vulnerability in Apple's QuickTime multimedia player that can be exploited remotely to compromise Windows Vista PCs upgraded to Service Pack 1, as well as XP SP2. From the scant details published on the GNUCitizen's blog, the exploit involves a maliciously crafted media file. When a user opens the file, which can be hosted on a Web site, the vulnerability in QuickTime allows the hacker to take complete control of the machine, according to Petko D. Petkov, known to the hacking community as "pdp."

GNU Citizen's blog: QuickTime 0day for Vista and XP
**********

Two new updates from rPath:

libpng (code execution)

python (multiple flaws)
**********

Four new patches from Debian:

asterisk (denial of service)

Iceape (code execution)

ldm (programming error, data disclosure)

kronolith2 (cross scripting attack)
**********

Two new fixes from Mandriva:

vorbis-tools (input validation, code execution)

gstreamer-plugins-good (input validation, code execution)
**********

Today's malware news:

New techniques hide PDF malware
Coverage of 'Race to Zero' has focussed attention, at least for a short while, on the very real problem that polymorphism poses for those who are trying to filter out all the different types of malware that can arrive on a user's system.

Researchers infiltrate Kracken botnet, could clean it out
A group of security researchers today said they have infiltrated one of the world's biggest botnets and can snatch control of compromised machines from the hackers. But while 3Com Corp.'s TippingPoint researchers said they have the ability to disinfect the systems by eradicating the malware installed on the hijacked PCs, the company has decided against the move, citing liability issues. Computerworld, 04/30/08.
**********

From the interesting reading department:

Video: Don't get Pinched by the latest malware threats
Kaspersky's Tom Bowers talks about the latest security threats, including the SQL injection attacks of the past week and a new Pinch worm that is stealing passwords.

Radio Free Europe DDoS
It seems that the latest target of the "DDoS as a political statement" movement may be Radio Free Europe/Radio Libery. News about the attacks has surfaced online, including this source: RFE/RL Websites Hit By Mass Cyberattack, via the Radio Free Europe/Radio Liberty website. Security to the Core blog, 04/29/08.

Locking Down Facebook Chat
FaceTime products allow you to control exactly what Facebook applications are allowed for use in the workplace - which I think is pretty nifty, personally - so I was curious as to whether or not we had measures in place to lock down this chat feature too. Well, one quick check fired from the UK to the States and back again (via a quick stop-off in Bangalore) and the answer is that yes, we do provide lockdown for this application if so desired. The SpywareGuide Greynets Blog, 04/29/08.

Hackers focus efforts on Firefox, Safari
Many people are switching from Internet Explorer to alternative browsers such as Firefox and Safari. Though that might make them feel more secure, the shift has also opened new doors for bad guys. Case in point: We have no IE bugs to report this month, but both Firefox and Safari have been hit hard. PC World, 04/28/08.