- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
Mozilla: Firefox plugin shipped with malicious code
Mozilla warned Wednesday that a malicious program inserted adware code into a Firefox plugin that has been downloaded thousands
of times over the past three months. Because of a virus infection, the Vietnamese language pack for Firefox 2 was polluted
with adware, Mozilla security chief Window Snyder said.
Mozilla Security Blog: Compromised file in Vietnamese Language Pack for Firefox 2
**********
Adobe breaks silence on February's PDF bugs
Three months after acknowledging multiple vulnerabilities in its popular Reader software and then patching the program, Adobe
Systems Inc. yesterday finally provided some details about the bugs.
Read Adobe's advisory
**********
Half dozen new patches from Ubuntu:
OpenOffice.org (multiple flaws)
KDE (denial of service, code execution)
CUPS (denial of service, code execution)
Thunderbird (multiple flaws)
**********
Four new updates from Debian:
b2evolution (input checking, cross-scripting attack)
blender (buffer overflow, code execution)
**********
Four new fixes from Mandriva:
kdelibs (denial of service, code execution)
emacs (non-secure temp files, file overwrite)
OpenOffice.org (multiple flaws)
**********
Four new patches from Gentoo:
X11 terminals (privilege escalation)
phpMyAdmin (information disclosure)
Horde Application Framework (multiple flaws)
kdelibs (denial of service, code execution)
**********
Today's malware news:
Storm Worm - Still Evolving
No sooner had various agencies commented on the reduction of the size of the Storm network than we started seeing signs of
another wave of malware in the offing. Symantec Security Response blog, 05/05/08.
Trojan adware hiding in MP3s, McAfee says
Adware pushers have found a new way to trick you into downloading their annoying products: fake MP3 files. On Tuesday, security
vendor McAfee reported that it's seen a huge spike in fake MP3 files spreading on peer-to-peer networks. IDG News Service,
05/06/2008.
Web attack worm on a rampage
The Internet Storm Center, which tracks online threats, warned Wednesday that a worm is infecting vulnerable Web sites with
a database attack. Though relatively small by Web attack standards with about 4,000 reported infected sites, the assault adds
invisible code to a site that can force. Computerworld, 05/07/2008.
Jason Meserve is multimedia editor at Network World.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment