Google patches Android flaw

* Patches from Google, VMWare, rPath, Mandriva * 'Ruthless' Trojan horse steals 500k bank, credit card log-ons * Morris worm turns 20: Look what it's done, and other interesting reading

Google was quick to patch software flaw in its new G1 Android phone operating system. Users began seeing an update last week after security researchers disclosed the flaw earlier the same week. Fortunately, no known exploit was available (most likely because of the small target audience). Still, good to see Google getting on top of a potentially embarrassing bug quickly.

Android phone users get update for flaw

Users of the G1 Android phone today began to receive a software update that fixes a flaw that security researchers found earlier in the week. he update included the fix to the browser vulnerability as well as a few other minor changes, said Michael Kirkland, a Google Inc. spokesman. Every user of the G1 may not have received the update yet but should within a short time frame, he said.

Previously: Researcher warns of critical Google bug in G1 phone


VMWare releases updated ESX packages to fix numerous flaws

The latest ESX update from VMWware patches vulnerabilities in libxml2, ucd-snmp and libtiff. The flaws could be exploited in a denial-of-service attack or to potentially run malicious code on the affected machine.


Three new patches from rPath:

lighttpd (multiple flaws)

Samba (race condition, denial of service)

NFS (restriction bypass)


Five new fixes from Mandriva:

kernel for 2008.1 (multiple flaws)

Eterm (X11 connection hijacking)

aterm (X11 connection hijacking)

kernel for Corporate 4.0 (multiple flaws)

mplayer (multiple flaws)


Today's malware news:

'Ruthless' Trojan horse steals 500k bank, credit card log-ons

A sophisticated cybercrime group that has maintained an especially devious Trojan horse for nearly three years has stolen the log-ons to more than 300,000 online bank accounts and almost as many credit cards during that time, a security company said today. Computerworld, 10/31/2008.

Statements, reports, tracking numbers and tickets

Over the last 48 hours we've seen a huge increase in ZIP'd malicious email attachments being spammed. F-Secure, 10/30/2008.

Latest Microsoft vulnerability used to steal confidential data

PandaLabs, Panda Security's malware detection and analysis laboratory, has detected several malicious files that are exploiting the latest vulnerability announced by Microsoft (MS08-067) to infect users and steal confidential data including instant messaging passwords, login credentials used online, etc. Panda Security, 11/1/2008.


From the interesting reading department:

Morris worm turns 20: Look what it's done

The Internet will mark an infamous anniversary on Sunday, when the Morris worm turns 20. Considered the first major attack on the 'Net, the Morris worm served as a wake-up call to the Internet engineering community about the risk of software bugs, and it set the stage for network security to become a valid area of research and development. Network World, 10/30/2008.

Trick or Treat: A Halloween Peering Surprise

Yesterday, tens of thousands of Sprint and Cogent customers got an early Halloween surprise. At 4pm EDT, Sprint and Cogent terminated their direct peering relationship. Arbor Networks Security Blog, 10/31/2008.

Crooks can make $5M a year shilling fake security software

Criminals can make as much as $5 million a year by planting nearly worthless security software on PCs, then badgering users with so many bogus malware warnings that they fork over their credit card, a noted crimeware researcher said today. Computerworld, 10/31/2008.

Seeing tough times ahead, Symantec plans layoffsAnticipating a slowdown in IT spending, Symantec expects to begin laying off employees next month. Symantec isn't saying exactly how many jobs it will cut, but on Wednesday Chief Financial Officer James Beer said that the company is looking to trim about 4.5 percent of the cost of its workforce. IDG News Service, 10/31/2008.Tech industry group battles botnetsSeveral ISPs and Internet companies will meet in San Francisco early next year to adopt a common strategy for combating botnets, the remotely controlled networks that are used to carry out distributed denial-of-service attacks and massive spam campaigns. Network World, 10/30/2008.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

IT Salary Survey: The results are in