12 total posts
Bug Detected In Unix and Linux Admin Console
According to an advisory released by Gentoo, a bug in Usermin, a widely used Unix and Linux administration console, can allow malicious code to be executed by specially crafted e-mail. In addition, a bug in the installation script of Webmin and Usermin can allow local users to execute a symlink attack at installation. Security experts say the Usermin functionality, including the vulnerability, is included in the Webmin software, which is shipped with Linux distributions such as SuSE, Mandrake, and Gentoo. Users are advised to upgrade to the latest versions of Usermin and Webmin.
Webcast: All anti-virus software is not created equal
Learn which features rank most critical in selecting an anti-virus solution, and find out if your current software puts you out in front -- where you want to be.
This free web seminar covers:
- Virus fighting on complex networks - solutions with extensive platform support for heterogeneous networks
- Virus protection outside the walls - why mobile and remote workers can be the weakest link
- Measuring success in the virus battle - is your organization meeting its goals and objectives?
AOL Rejects Microsoft Antispam Tech
Add America Online Inc. to the growing list of companies and organizations shunning a spam-fighting proposal from Microsoft Corp.
AOL cited "tepid support" for Microsoft's so-called Sender ID technology, which seeks to cut down on junk e-mail by making it difficult for spammers to forge e-mail headers and addresses, a common technique for hiding their origins.
Thursday's announcement came on the heels of a recent decision by Internet engineers to reject a preliminary proposal from Microsoft because of its patent claims.
Microsoft Offering Heads-Up on Security
Microsoft Corp. has quietly begun giving some of its largest customers early warning of what types of security patches it will be releasing, so the companies can plan better.
Under the free program, some customers are receiving three business days' notice of how many security fixes Microsoft plans to release in its regularly monthly bulletins, and what Microsoft products are affected. Customers also can learn how severe a threat the flaws pose several days before the general public gets that information.
Redmond-based Microsoft began testing the program last fall, and expanded it in April. It has not been widely publicized, and Microsoft has been offering the service to some customers individually through sales representatives.
About 3,500 customers are taking part.
Complete article at http://www.eweek.com/article2/0,1759,1646845,00.asp
Hackers jump on Windows vulnerability
Less than 24 hours after Microsoft released details of the latest vulnerability in Windows, hackers were sharing details and eager to get their hands on exploit code, said Ken Dunham, the director of malicious code research for Reston, Va.-based security intelligence provider iDefense.
"Hackers are already actively discussing the new JPEG vulnerability and how to exploit it," said Dunham in an e-mail to TechWeb.
Symantec to offer Web-based Norton AntiVirus console
Symantec Corp. yesterday announced plans to release a Web-based console to help system managers and network administrators centrally administer Mac clients using Norton AntiVirus for Macintosh 9.0.
The Web console, to be made available specifically to corporate and enterprise licensees of Norton AntiVirus software, will allow administrators to distribute virus definitions and product updates on demand, install the Norton AntiVirus software itself, lock-down settings, push configuration changes and maintain client data in a MySQL database.
Cisco, Microsoft in security showdown
Cisco Systems and Microsoft are headed for a collision over network security, with customers caught in the middle.
The two companies have each proposed competing "end to end" security architectures, marking the latest evolution in network defense--an approach concerned not only with scanning for viruses but also with policing networks to deny connections to machines that don't conform with security policies.
But for now at least the twin offerings are not interoperable. That means customers might be forced to choose between using technology from one company or the other, unless the two tech giants can strike a deal to guarantee compatibility.
German teen who made Sasser worm hired by computer security
German teenager accused of creating the Sasser worm that infected millions of computers around the world is being taught to become a security software programmer, the company that hired him said.
Eighteen-year-old Sven Jaschan has been taken on by the Securepoint computer firm based in Lueneburg, northern Germany and is being trained to make firewalls, which stop suspect files from entering computer systems.
"He has a certain know-how in this field," a company spokesman said.
Re: German teen who made Sasser worm hired by computer secur
Thanks for that ... I'll do my best to avoid Securepoint products.
Microsoft: Can we check your software license?
The software maker has launched a pilot program in which some visitors to the main Windows download page are being asked to let the software maker check to see whether their copy of the operating system is licensed.
Visitors do not have to partipate in the program to get their downloads. They'll also get their downloads if they do participate and their copy of Windows turns out to be unlicensed. But Microsoft said the program is a first step in trying to provide a better experience for customers using legitimate copies of Windows. Since the program is optional at this stage, Microsoft expects that most of those who know their software is bogus will not take part.
"I would expect that people who know they are running pirated Windows are going to be very interested to know what we are doing, but they could easily choose to not opt in," said David Lazar, a director in the Windows client unit.