Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Security a hot topic at Interop 2008

Patches from rPath, Debian, Mandriva New techniques hide PDF malware Video: Don't get Pinched by the latest malware
Security: Threat Alert By Jason Meserve , Network World , 05/01/2008
Sign up for this newsletter now!

Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.

  • Share/Email
  • Tweet This
  • Comment
  • Print

Researcher finds new flaw in QuickTime for Windows
A security think tank says it has found a vulnerability in Apple's QuickTime multimedia player that can be exploited remotely to compromise Windows Vista PCs upgraded to Service Pack 1, as well as XP SP2. From the scant details published on the GNUCitizen's blog, the exploit involves a maliciously crafted media file. When a user opens the file, which can be hosted on a Web site, the vulnerability in QuickTime allows the hacker to take complete control of the machine, according to Petko D. Petkov, known to the hacking community as "pdp."

GNU Citizen's blog: QuickTime 0day for Vista and XP
**********

Two new updates from rPath:

libpng (code execution)

python (multiple flaws)
**********

Four new patches from Debian:

asterisk (denial of service)

Iceape (code execution)

ldm (programming error, data disclosure)

kronolith2 (cross scripting attack)
**********

Two new fixes from Mandriva:

vorbis-tools (input validation, code execution)

gstreamer-plugins-good (input validation, code execution)
**********

Today's malware news:

New techniques hide PDF malware
Coverage of 'Race to Zero' has focussed attention, at least for a short while, on the very real problem that polymorphism poses for those who are trying to filter out all the different types of malware that can arrive on a user's system.

Researchers infiltrate Kracken botnet, could clean it out
A group of security researchers today said they have infiltrated one of the world's biggest botnets and can snatch control of compromised machines from the hackers. But while 3Com Corp.'s TippingPoint researchers said they have the ability to disinfect the systems by eradicating the malware installed on the hijacked PCs, the company has decided against the move, citing liability issues. Computerworld, 04/30/08.
**********

From the interesting reading department:

Video: Don't get Pinched by the latest malware threats
Kaspersky's Tom Bowers talks about the latest security threats, including the SQL injection attacks of the past week and a new Pinch worm that is stealing passwords.

Radio Free Europe DDoS
It seems that the latest target of the "DDoS as a political statement" movement may be Radio Free Europe/Radio Libery. News about the attacks has surfaced online, including this source: RFE/RL Websites Hit By Mass Cyberattack, via the Radio Free Europe/Radio Liberty website. Security to the Core blog, 04/29/08.

Jason Meserve is multimedia editor at Network World.

  • Share/Email
  • Tweet This
  • Comment
  • Print
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed