Ending with a roar

Patches from Microsoft, Apple, Firefox, others Malware writers targeting McDonald's fans 5 ways to secure your BlackBerry, and other interesting reading

Microsoft Issues Emergency Security Patch For IE
Microsoft issued an emergency security patch Wednesday for all versions of Internet Explorer. The patch is considered a critical fix for the security flaw currently plaguing the IE browser. So far, more than 2 million computers are believed to have been infected.

Microsoft advisory

US-CERT: Microsoft Internet Explorer Data Binding Vulnerability
**********

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Microsoft Issues Emergency Security Patch For IE
Microsoft issued an emergency security patch Wednesday for all versions of Internet Explorer. The patch is considered a critical fix for the security flaw currently plaguing the IE browser. So far, more than 2 million computers are believed to have been infected.

Microsoft advisory

US-CERT: Microsoft Internet Explorer Data Binding Vulnerability
**********

Firefox issues eight patches for Web browser
Mozilla has issued eight patches for its Firefox Web browser, three of which fix problems classified as critical. The patches come after security experts have recommended using a browser other than Microsoft's Internet Explorer 7 and older versions of IE due to a dangerous vulnerability. Microsoft is due to release an emergency patch for that problem Wednesday.

Note this is the last update for Firefox 2. Users should upgrade to Firefox 3.

Mozilla advisory

Also:
Oops! Mozilla forgets Firefox 2 patch, must re-issue update
**********

Apple pushes out critical Mac OS X security patches
Apple has released a major set of security patches for its Mac OS X operating system, fixing a number of critical flaws in the software. The Mac OS X v10.5.6 update includes a critical update for Adobe Systems' Flash Player, fixing bugs that were disclosed last month. It also includes patches for several Mac OS libraries, the operating system kernel, and system utilities such as the BOM archiving software. In total, 21 bugs are patched in the update. IDG News Service, 12/15/2008.

Apple advisory
**********

Seven new updates from Gentoo:

JasPer (memory management, code execution)

Ruby (multiple flaws)

Dovecot (multiple flaws)

POV-Ray (code execution)

aview (temp files, symlink attack)

OpenOffice.org (multiple flaws)

Honeyd (temp files, symlink attack)
**********

Three new patches from Mandriva:

Firefox (multiple flaws)

enscript (buffer overflows, code execution)

wireshark (multiple flaws)
**********

Three new fixes from Debian:

Linux 2.6.18 (multiple flaws)

no-ip packages (buffer overflow, code execution)

uw-imap (multiple flaws)
**********

One new patch from Ubuntu:

Ruby (multiple flaws)
**********

Today's malware news:

Malware writers targeting McDonald's fans
PPandaLabs, Panda Security's laboratory for detecting and analyzing malware, has detected an email message claiming to be a special Christmas offer from McDonald's, but which really spreads the P2PShared.U worm. Panda Security, 12/13/2008.

Fake Friendster and Facebook Sites with One IP Address
We spotted this fake Friendster website at http://friend[...]ter.com. The website steals the e-mail address and password information entered by an unsuspecting visitor who arrives at this page thinking it's the actual Friendster site. F-Secure, 12/15/2008.

We're Going To Shut You Down! (Honest)
It's yet another fake warning from a rogue security product, this time claiming...well, take a look for yourself. The SpywareGuide Greynets Blog, 12/18/2008.

The "Microsoft Award Team" Are Back....
Throughout this year, there's been random outbreaks of mails claiming you've won a fortune, courtesy of Microsoft. Naturally, it's a scam - and it looks like it's back yet again. The SpywareGuide Greynets Blog, 12/16/2008.
**********

From the interesting reading department:

5 ways to secure your BlackBerry
It seems we can't go a day lately without a new story about some security screw-up involving a lost or misplaced BlackBerry. This week, officials with John McCain's campaign mistakenly sold a BlackBerry to a Fox television reporter for $20 in a fire sale. The device contained confidential campaign information. And many Hollywood gossip publications were abuzz earlier this month with news that Tom Cruise had lost his Blackberry while promoting a movie in Toronto. CSO, 12/17/2008.

Social networking malware: Protect yourself
As social networking tools change the way we communicate, spammers have begun turning their attention to services such as Facebook and MySpace, tricking users into installing viruses, launching fraudulent websites and deploying malware throughout their computers and networks, accoring to a a new report by MessageLabs. CIO, 12/16/2008.

Kaspersky: Interview with a virus-hunter
We recently got the opportunity to interview Eugene Kaspersky, the man behind Kaspersky Anti Virus. Here's what he had to say about the evolution of malware, the future of cybersecurity, the problems with the internet, and more. PC World, 12/15/2008.

Read more about security in Network World's Security section.