- New attack fells Internet Explorer
- Steve Jobs is a man of a few words
- Oddball gifts for uber geeks
- Global warming research exposed after hack
- Google adding IPv6 to YouTube
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
Oops! Looks like that IE flaw is bigger than expected
A day after its massive Patch Tuesday release, Microsoft last week warned of a new Internet Explorer vulnerability that could
be used to steal user information. At the time, it was thought that only IE7 that was affected. Turns out all versions of
IE are vulnerable and hackers are taking action, according to the SANS Internet Storm Center. Microsoft has not yet released
a patch for the flaw, which affects everything from IE5 to IE8 beta. The company is recommending a number of risk-mitigating
steps, but it might be best to use a different browser until patches are available.
SANS ISC diary entry
**********
Asterisk patches major remotely exploitable flaw
According to the Asterisk advisory, "There is a possibility to remotely crash an Asterisk server if the server is configured
to use realtime IAX2 users. The issue occurs if either an unknown user attempts to authenticate or if a user that uses hostname
matching attempts to authenticate. The problem was due to a broken function call to Asterisk's realtime configuration API."
Updates are available to fix the flaw.
**********
Two new patches from rPath:
tshark/wireshark (denial of service)
**********
Two new updates from Gentoo:
Honeyd (non-secure temp files, symlink attack)
Jason Meserve is multimedia editor at Network World.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment