* Patches from Microsoft, Conectiva, Mandrake Linux, others * Beware virus arriving disguised as a DivX video trailer of the movie "Kill Bill" * Network Associates outlines security product strategy, and other interesting reading Today’s bug patches and security alerts:AOL Instant Messenger flaw patchedA buffer overflow can be exploited in the way the popular AOL Instant Messenger client handles long “aim://” URLs. An attacker could use this to cause the client to crash or potentially take control of the affected machine. AIM 5.5.3415 Beta is said to fix the problem:https://www.aim.com/get_aim/win/win_beta.adp **********Microsoft releases über patch for XP Making good on a promise made last week from CEO Steve Ballmer to simplify security-patch deployment for companies, Microsoft this week released a consolidated Windows XP update that brings together 22 critical updates into one downloadable package. IDG News Service, 10/17/03.https://www.nwfusion.com/news/2003/1017mspatch.html**********SCO updates XscoTwo unrelated security vulnerabilities were found in SCO’s Xsco X11 server module. It is possible for one buffer overflow to be exploited to run arbitrary code on the affected machine. The second flaw could be used to gain root privileges. For more, go to:ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.26 **********Conectiva, Mandrake Linux patch gdmAccording to an alert from Mandrake Linux, “Two vulnerabilities were discovered in gdm by Jarno Gassenbauer that would allow a local attacker to cause gdm to crash or freeze.” For more, go to:Conectiva: https://www.nwfusion.com/go2/1020bug1a.htmlMandrake Linux:https://www.nwfusion.com/go2/1020bug1b.html**********Conectiva patches ircdA buffer overflow in ircd, an IRC chat daemon for Conectiva, could be exploited to crash the affected machine. For more, go to:https://www.nwfusion.com/go2/1020bug1c.html**********Mandrake Linux releases fetchmail updateA buffer overflow flaw in the popular fetchmail program could be exploited to cause the application to crash. A fix is available. For more, go to:https://www.nwfusion.com/go2/1020bug1d.html**********Today’s roundup of virus alerts:Win32.Manda.A – This virus comes disguised as a DivX video trailer of the movie “Kill Bill”. It spreads via its own SMTP engine and also attempts to steal password information off the infected machine. (BitDefender)W32/Donk-E – A Trojan horse designed to let an attacker carry out a variety of tasks on the infected machine via an IRC connection. (Sophos)W32/Randex-Q – Another Trojan horse that uses an IRC connection to allow an attacker to take control of the infected machine. (Sophos)**********From the interesting reading department:Security auditProfessional auditor Shawn Bernard of Networks Unlimited exposes risks overlooked by IT staff of a New England medical center. Network World, 10/20/03.https://www.nwfusion.com/research/2003/1020audit.htmlNetwork Associates outlines security product strategyNetwork Associates next week plans to outline a broad strategy to meld the anti-virus scanning and desktop firewall it currently sells with the application-based intrusion-prevention technology it acquired when it purchased Entercept into a single desktop software product. The company projects that this product will be developed within the next 12 to 18 months. Network World Fusion, 10/17/03.https://www.nwfusion.com/news/2003/1017naistrategy.htmlMSN Premium to add McAfee anti-virus, firewall toolsSaying that online safety is now its customers’ primary concern, Microsoft will offer McAfee virus scan and firewall products to U.S. customers of its upcoming MSN Premium broadband Internet subscription service. IDG News Service, 10/17/03.https://www.nwfusion.com/news/2003/1017msnmcafee.htmlVerizon offers security serviceVerizon this week unveiled a security service for small and midsized businesses. Verizon Business Internet Security Services monitors customers’ networks seven days a week, 24 hours a day. Customer support and automatic updates on security threats are also provided. The Edge, 10/16/03.https://www.nwfusion.com/edge/news/2003/1016vzsec.htmlOdd mishaps cause computer griefA man so angry with his laptop that he shot it has topped an annual league table of the oddest computer mishaps. BBC News, 10/16/03.https://news.bbc.co.uk/1/hi/technology/3193366.stm Related content news Cisco CCNA and AWS cloud networking rank among highest paying IT certifications Cloud expertise and security know-how remain critical in building today’s networks, and these skills pay top dollar, according to Skillsoft’s annual ranking of the most valuable IT certifications. Demand for talent continues to outweigh s By Denise Dubie Nov 30, 2023 7 mins Certifications Certifications Certifications news Mainframe modernization gets a boost from Kyndryl, AWS collaboration Kyndryl and AWS have expanded their partnership to help enterprise customers simplify and accelerate their mainframe modernization initiatives. By Michael Cooney Nov 30, 2023 4 mins Mainframes Cloud Computing Data Center news AWS and Nvidia partner on Project Ceiba, a GPU-powered AI supercomputer The companies are extending their AI partnership, and one key initiative is a supercomputer that will be integrated with AWS services and used by Nvidia’s own R&D teams. By Andy Patrizio Nov 30, 2023 3 mins CPUs and Processors Generative AI Supercomputers news VMware stung by defections and layoffs after Broadcom close Layoffs and executive departures are expected after an acquisition, but there's also concern about VMware customer retention. By Andy Patrizio Nov 30, 2023 3 mins Virtualization Data Center Industry Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe