- Mythbuster busts his own tale
- 10 open source companies to watch
- Sony recalls 73,000 Vaio laptops
- Tool to evade China's Web censorship
- Chrome and Firefox and add-ons
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
Ruby creators warn of serious flaws
The Ruby programming language, which has become popular as the basis for Web 2.0 sites such as Twitter, contains serious security
flaws that could allow attackers to take over an organization's Web server, according to the Ruby development team. TechWorld,
06/24/2008.
Ruby advisory
**********
Avaya, Cisco and Nortel face VoIP vulnerabilities
VoIP customers of Avaya, Cisco and Nortel should look Wednesday for patches that correct newly found vulnerabilities that,
if exploited, can result in remote code execution; unauthorized access; denial of service; and information harvesting. Network
World, 06/24/2008.
Cisco advisory
**********
Security Update for Adobe Reader, Acrobat
Adobe has issued a security update for its Adobe Acrobat and free Adobe Reader applications. The patch plugs a critical flaw
that Adobe said attackers could leverage to take control of a vulnerable system. Washington Post Security Fix blog, 06/25/2008.
Adobe bulletin
**********
Yahoo Mail vulnerability discovered, fixed, company says
Yahoo says it has fixed a vulnerability in Yahoo Mail that might have allowed savvy hackers to steal a victim's Yahoo identity
and gain access to private information. Discovered by security vendor Cenzic last month, the underlying problem was a cross-site
scripting (XSS) vulnerability that affected its current version of Yahoo Messenger and its new Yahoo Mail client Version 9,
still in beta. Network World, 06/25/2008.
**********
Five new patches from Gentoo:
FreeType (integer overflow, code execution)
OpenSSL (denial of service flaws)
X.Org X server (multiple flaws)
**********
Four new fixes from Mandriva:
imlib2 (buffer overflows, code execution)
nasm (denial of service, code execution)
**********
Today's malware news:
Two New Mac OSX Trojans
F-Secure reported two new Mac Trojans this week: Backdoor.Mac.Hovdy.a and Trojan-PSW:OSX/PokerStealer.A. The first one installs
a program that takes advantage of a root access-flaw in the Mac ARDAgent module. The second is an application that tricks
users into entering user credentials.
**********
From the interesting reading department:
Video: Dealing with security in an open network environment
What can corporate IT shops, which are faced with increasing pressure to allow mobile devices and more open access, learn
from a university environment? Boston College's David Escalante, director of computer policy and security, explains. Network
World.
Jason Meserve is multimedia editor at Network World.
Rss FeedRss Feed
Gartner summarizes its view on Application Delivery Controllers, evaluates strengths and weaknesses...
Vulnerability Management For DummiesDownload this concise book "Vulnerability Management for Dummies," to learn about the simple steps...
The ROI and TCO Benefits of Data Deduplication for Data Protection in the EnterpriseThis paper examines and quantifies the costs and benefits of backup with deduplication storage as...
Life on the edge of your WAN has changed dramatically. With the need to deliver advanced services,...
PoE Plus: Impact on the PoE MarketThe standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
We have so many holes punched in our firewalls today that many industry insiders question the value...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment