March 2009 Advanced Notification
Posted Thursday, March 05, 2009 9:57 AM by MSRCTEAM
Hello, Bill here.
I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release, scheduled for Tuesday, March 10, 2009 around 10 a.m. Pacific Standard Time.
As part of this month’s security bulletin release process, we will issue three security bulletins – one rated ‘Critical’ and two rated ‘Important’ – to address vulnerabilities in Microsoft Windows. Depending on the bulletin, a restart may be required.
----------
Microsoft: No patch for Excel zero-day flaw next week
----------
Twitter spoofing fix fails in UK and Germany
Twitter's claim to have fixed the spoofing vulnerability is found to be untrue in the UK and Germany more…
----------
Risky MIME sniffing in Internet Explorer
Uploading images is a standard requirement for any Web 2.0 application, but some features of Internet Explorer need to be carefully handled, otherwise a hole can open up and facilitate cross-site scripting attacks on site visitors more…
----------
Firefox: most vulnerabilities, but quickly patched
Secunia has published its security report for 2008, saying that 115 vulnerabilities were eliminated from Firefox in 2008: more than those found in Internet Explorer, Safari and Opera put together more…
----------
Microsoft has confirmed that users will be able to remove its IE8 browser, as well as several other integrated applications, from Windows 7. Jack Mayo, a group program manager on the Windows team, listed in a blog post the applications that can be switched off. They include Internet Explorer 8, Fax and Scan, handwriting recognition, Windows DVD Maker, Windows Gadget Platform, Windows Media Player, Windows Media Center, Windows Search, and XPS Viewer and Services. He explained that the files associated with those applications and features are not actually deleted from the hard drive. The public beta of Windows 7 does not include the ability to 'kill' said apps. But a pirated copy of Windows 7 Build 7048 includes the new removal options, and has been leaked on the Internet.
----------
'Napping' datacenters cut energy use by 75%
Christopher Jablonski: Researchers at the University of Michigan announced a plan to save up to 75 percent of the energy that power-hungry datacenters consume by putting idle servers to sleep when they're not in use.
----------
Illinois Sheriff Says Craigslist Is 'Largest Source of Prostitution'
CHICAGO (CN) - Craigslist openly and unabashedly facilitates prostitution, Cook County Sheriff Thomas Dart claims in state court. He filed a lawsuit to shut down the online classified site's "erotic services" section, calling it a "convenient clearinghouse for pimps, prostitutes and patrons that enables sellers to advertise and buyers to peruse discreetly."
----------
Unpatched PDF bug poses growing threat, say researchers An unpatched bug in popular PDF viewing and editing applications is more dangerous than first thought, according to security researchers who created exploits that sidestep Adobe Systems' defensive advice. Read more...
----------
Botnet ringleader gets four years in prison for stealing data from PCs
March 5, 2009 (Computerworld) The first person to be charged under federal wiretap statutes for using a botnet to steal data and commit fraud was sentenced to four years in prison this week.
John Schiefer, a 27-year-old Los Angeles resident, was also ordered to pay $2,500 in fines. The sentence was handed down Wednesday by U.S. District Judge Howard Matz in federal court in Los Angeles.
Schiefer, a former security researcher, agreed to plead guilty in November 2007 to stealing usernames, passwords and financial data from more than 250,000 compromised systems, then installing adware on the massive botnet that he and several accomplices set up.
----------
Mahalo CEO defends IT staffer who ran botnet before being hired
Search engine exec says he hopes to offer John Schiefer a new job after sentence is up
----------
NYPD faces ID theft risk after data stolen from pension fund
----------
Catbird tightens security of virtual machines
Catbird is upgrading its virtual security software platform to better track virtual machines as they replicate themselves and to make sure the proper security policies follow them wherever they go.
The product, VMShield 2.0, includes V-Tracker, technology that uses more attributes to define virtual machines, making it more likely that VMs will be tracked accurately when they create other versions of themselves.
VMShield then makes sure that the proper policies are applied to all instances of the virtual machine. The policy checks not only pertain to attributes of the virtual machine but also to the physical machine it migrates to.
skip to main |
skip to sidebar
Rather than an introspective blog, I will use this location to gather all the news stories that apply to security professionals.
No comments:
Post a Comment