Tools circulate that crack Debian, Ubuntu keys
A recently disclosed vulnerability in widely used Linux distributions can be exploited by attackers to guess cryptographic keys, possibly leading to the forgery of digital signatures and theft of confidential information, a noted security researcher said Thursday. Computerworld, 05/16/2008.

US-CERT advisory

F-Secure: Debian OpenSSL Vulnerability

Debian re-updates OpenSSH patch
**********

Two new updates from Mandriva:

libvorbis (multiple flaws)

rdesktop (multiple flaws)
**********

Today's malware news:

SQL injection attack in 'third wave,' says IBM
A SQL injection attack that has affected at least a half-million Web sites has entered a "third wave" that's more resistant than previous versions to traditional security measures, according to IBM security researchers. Network World, 05/15/2008.

After 'treasure hunt,' hacker releases IE attack code
One week after hiding Internet Explorer attack code on his Web site, security researcher Aviv Raff has posted details on how to launch the attack. The bug lies in the "Print Table of Links" feature, which lets IE users print out a Web page along with a list of all the links on the page tacked onto the end. Raff discovered that if an attacker added special scripting code to a Web page, he could then run unauthorized software on the PCs of IE users who printed using this feature. IDG News Service, 05/15/2008.

Aviv Raff: Happy Birthday Israel!

OKOK.exe is not okay - okay?
Recently I came across a worm that has the potential to send the internal infrastructure of a network to the attacker by using a service related to Backdoor.CVM. The infection begins like it usually does. Someone clicks something they shouldn't. Regardless of how it happens, the results are the same. The SpywareGuide Greynets Blog, 05/13/2008.

More Fake Instant Messaging Scams
Here's another fake Instant Messaging application from the creator of the fake Google Talk program currently in circulation. This time round, the victim is MSN Messenger. The SpywareGuide Greynets Blog, 05/09/2008.
Non-tech criminals can now rent-a-botnet
**********

From the interesting reading department:

Apple dismisses Safari download issue
A security researcher has published a demonstration exploit that takes advantage of the download mechanism in Apple's Safari browser to automatically download files onto a user's system. Nevertheless, Apple said it does not consider the issue a security vulnerability, according to Nitesh Dhanjani, a researcher who currently leads application security efforts at professional services company Ernst & Young. TechWorld, 05/16/2008.

Whitepapers

• Gene Kim's Practical Steps to Mitigate Virtualization Security Risks
• Selecting Effective Virtual Directories
• A Modern Approach to On-Demand Email and Data Security
• Best Practices for HP Servers and HP Enterprise Virtual Array in a Microsoft Exchange
• Compliance, Protection, Recovery: A Layered Approach to Laptop Security
• Endpoint Security: Data Protection for IT, Freedom for Laptop Users

View more SECURITY whitepapers

Webcasts

• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies
• Technical Overview of Exchange Server 2007 with HP Servers and Storage
• Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management On-Demand

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• Learn how to Keep your Mobile Workforce Connected
• The self-managed network

View more SECURITY special reports