Interop security highlights caught on video; Mozilla Messaging patches Thunderbird; more

* Patches from Mozilla, Akamai, Debian * Google adwords fuel new URL attack * Microsoft hack pack spells trouble, and other interesting reading

The Network World staff had a busy schedule filming video at Interop 2008 in Las Vegas last week. Among the security-related highlights are: Casinos fail wireless security test, Getting value out of security log files, Q&A: McAfee's David DeWalt, Don't get Pinched by the latest malware threats and Adapting quickly to security threats. You can see all of our Interop videos at

Mozilla Messaging patches Thunderbird bugs

Mozilla Messaging, a subsidiary of the nonprofit Mozilla Foundation, yesterday patched five bugs in its Thunderbird e-mail client to fix flaws that were disclosed more than a month ago. Computerworld, 05/02/08.


iDefense warns of flaw in Akamai Download Managerreleased a patch for the the flaw.

A design error in Akamai's Java-based Download Manager tool could be exploited to run malicious code on an affected system. Akamai has


Three new updates from Debian:

cpio (denial of service, code execution)

linux-2.6 (multiple flaws)

wordpress (multiple flaws)


Today's malware news:

Google adwords fuel new URL attack

Google adwords account holders are being targeted by criminals out to trick them into handing over credit card information using a clever URL spoof that has gained popularity in recent weeks. TechWorld, 05/02/08.

Botnet attacks military systems

Security researchers have discovered a complex spamming scheme that hijacks users' PCs in order to attempt to send junk mail via university and military systems. TechWorld, 05/02/08.

Beware: New MSN Messenger Password Stealing Program In The Wild

A new hacking program is in circulation that lets hackers create executable files easily and with no fuss. When the victim is tricked into running the infection file, a connection is made to the attacker's PC and they can steal any MSN login details stored on the PC. The SpywareGuide Greynets Blog, The SpywareGuide Greynets Blog, 05/02/08.


From the interesting reading department:

Microsoft hack pack spells trouble

Security through obscurity has never worked, and Microsoft's COFEE will encourage hackers to find the holes. Network World, 05/01/08.

How one site dealt with SQL injection attack

The massive wave of SQL injection attacks that started striking Microsoft-based Web sites around the world more than a week ago claimed as one of its victims Autoweb, a U.K.-based advertising and marketing site. Network World, 05/01/08.

7 dirty secrets of the security industry

Corporate IT executives need to beware the seven dirty secrets of the security industry that can undermine the safety of business networks, a security expert told attendees at Interop Las Vegas. Network World, 05/01/08.

100 e-mail bouncebacks? You've been backscattered.

The bounceback e-mail messages come in at a trickle, maybe one or two every hour. The subject lines are disquieting: "Cyails, Vygara nad Levytar," "UNSOLICITED BULK EMAIL, apparently from you." IDG News Service, 05/02/08.

Instant messaging attacks spike in April

Instant messaging attacks leapt 162% in April according to security firm Akonix. The company tracked 21 new malicious code attacks over the month. The jump accompanies a boom in take-up of enterprise unified communications systems over the past few months, a fact that is unlikely to be a mere coincidence, Akonix said. TechWorld, 05/01/08.

Interpol: Olympics cyberattack not a major threat

With cybercrime now a global phenomenon, perhaps it will take a global police organization to keep it in check. IDG News Service, 04/30/08.

DDoS attacks knocked Radio Free Europe off the Web

Several Radio Free Europe Web sites were knocked off the Internet a week ago in a distributed denial-of-service (DDoS) attack that the news organization's spokesman compared to attempts decades ago by the Soviet Union to jam the U.S.-funded group's radio signals. Computerworld, 05/04/08.

U.S. Bank suffers Web 2.0 security headaches

It used to be easy for U.S. Bank to determine which users and systems could be trusted, and which should be viewed with suspicion. Then along came Web 2.0. Network World, 04/30/08.

The Spectre Of Rogue Facebook Applications, Back Once More

n January, everything went a little crazy because of a Facebook application that (if you believed the hype) force installed Zango, hijacked your PC, set fire to your house, killed your pets.....well, you get the idea. The SpywareGuide Greynets Blog, 05/01/08.

Copyright © 2008 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022