Product Guides- Microsoft research projects to improve our lives
- Outlook '09
- IBM employees buzzing about layoff rumors
- AT&T builds $23M IPv6 network for U.S. military
- Is VoIP dead?
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
Authentication bypass flaw in Cisco Unity
A flaw in Cisco's Unity unified messaging platform could allow unauthorized users to view and change configuration settings
on a Unity server. A free update is available.
Also: From Cisco Subnet: Cisco warns of Unity bug
**********
VMWare out with multiple patches
According to the company's advisory, "VMware addresses a in-guest privilege escalation on 64-bit guest operating systems in
ESX, ESXi, and previously released versions of our hosted product line. Updated VMware VirtualCenter Update 3 addresses potential
information disclosure and updates Java JRE packages." Updates are available.
**********
Seven new updates from Debian:
mplayer (integer overflow, code execution)
Feta (symlink, denial of service)
**********
Two new patches from Mandriva:
pam_krb5 (privilege escalation)
**********
Today's malware news:
The Art of the Hidden File
The art of hiding codes via XOR is simple, easy and extremely ancient. Despite its antiquity though, it is still in use today.
F-Secure, 10/08/2008.
Clickjackers could hijack Webcams, microphones, Adobe warns
Adobe Systems warned users Tuesday that hackers could use recently-reported "clickjacking" attack tactics to secretly turn
on a computer's microphone and Web camera. Computerworld, 10/08/2008.
Adobe: Clickjacking Security Advisory
Trojan.Silentbanker Adds Rootkit Functionality
Trojan.Silentbanker has been in the wild since late last year; however, the most recent release of this Trojan has had some
interesting features added to it. Namely, the most recent version has added rootkit functionality to make the Trojan even
stealthier. If you are unfamiliar with Trojan.Silentbanker, have a look at this blog first. Symantec Security Response blog,
10/06/2008.
Asus reports virus loaded into Eee Box PCs
Asustek Computer's Japanese arm has alerted owners of its new Eee Box low-cost desktop PC that the machine shipped with a
virus. IDG News Service, 10/07/2008.
**********
From the interesting reading department:
Firefox extension blocks dangerous Web attack
A popular free security tool for the Firefox browser has been upgraded to block one of the most dangerous and troubling security
problems facing the Web today: clickjacking. IDG News Service, 10/08/2008.
Jason Meserve is multimedia editor at Network World.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2009 Network World, Inc. All rights reserved. |
Comment