Phishers getting smarter

Patches from Microsoft, Nokia, Mandriva, others Phish Page Steals Your Details, Then Logs You In Red Hat says its servers, Fedora Project's systems, breached, and other interesting reading

Today's malware news:

Phish Page Steals Your Details, Then Logs You In
A Phish for the popular Habbo Hotel caught my eye today because it does just that - seamlessly logging you into Habbo Hotel once your details have been stolen. The SpywareGuide Greynets Blog, 08/22/2008.
**********

Today's bug patches and security alerts:

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Today's malware news:

Phish Page Steals Your Details, Then Logs You In
A Phish for the popular Habbo Hotel caught my eye today because it does just that - seamlessly logging you into Habbo Hotel once your details have been stolen. The SpywareGuide Greynets Blog, 08/22/2008.
**********

Today's bug patches and security alerts:

Microsoft admits posting flawed update
Microsoft re-released one of its Aug. 11 security updates yesterday, explaining that it had posted an incomplete version to its own download center last week. The admission was the third time in the last two months that Microsoft has had to re-issue a security-related update. Users who manually downloaded MS08-051 since Aug. 12 to patch Office 2003 should obtain the second version as soon as possible, Microsoft said. People who obtained the update via Windows Update or through their company's Windows Server Update Services (WSUS) server, or who updated other versions of Office, do not need to reinstall MS08-051. Computerworld, 08/22/2008.
**********

Nokia admits security flaws in Series 40 OS
Nokia confirmed Thursday its widely used Series 40 operating system has security vulnerabilities that could allow stealth installation and activation of applications. IDG News Service, 08/21/2008.
**********

Six new patches from Mandriva:

libxml2 (denial of service)

metisse (integer overflow, code execution)

xine-lib for Mandriva 2008.0 (multiple flaws)

xine-lib for Mandriva 2008.1 (mulitple flaws)

mtr (stack overflow, code execution)

yelp (format string, code execution)
**********

Two new updates from rPath:

postfix (privilege escalation)

freetype (multiple flaws)
**********

Two new fixes from Ubuntu:

Postfix (root file access)

xine-lib (multiple flaws)
**********

Two new patches from Debian:

libxml2 (denial of service)

linux-2.6 (denial of service, information leak)
**********

From the interesting reading department:

Red Hat says its servers, Fedora Project's systems, breached
Red Hat confirmed Friday that hackers compromised infrastructure servers belonging to the company and the Fedora Project, including systems used to sign Fedora packages. In the Fedora breach, company officials said they had "high confidence" the hackers did not get the "passphrase used to secure the Fedora package signing key." Regardless, the company has converted to new Fedora signing keys. Network World, 08/22/2008.

Firefox SSL-certificate debate gets gnarly
Debate is reaching a fever pitch over a new security feature in Firefox 3.0 that throws out a warning page to users when a Web site's SSL certificate is expired or has not been issued by a trusted third party. Network World, 08/21/2008.

Scammers using Verizon's name to bilk consumers
If the thought of Verizon offering to pay you $750,000 sounds too good to be true, that's because it is. Verizon today released a statement warning consumers to be on the lookout for shady letters telling them that they have won a special sweepstakes and that a firm named "Verizon Financial" has authorized a payment to them of $750,000. Network World, 08/22/2008.