With the New Year upon us, we have two podcasts that look at the year ahead:
Major Looming Threats for 2007
YouTube将成为2007年计算机病毒的主要来源吗?会有重要的ATM(自动柜员机)攻击跛行银行机构吗?主要操作系统将如何“及时退回”才能向前迈进吗?诚信保护首席执行官Ken Steinberg(图)与高级编辑Keith Shaw关于这些预测以及2007年地平线上的其他与其他安全相关的威胁聊天。(15:47)
是过去几年的主要安全威胁要继续,或者是网络经理需要了解的地平线的新安全威胁吗?Keith Shaw与顶层网络中的首席战略官员谈论迈克Paquett(图为首席战略官员,关于2007年的迫在眉睫的威胁,以及网络管理人员需要准备好。(11:14)
你同意专家吗?即将到来的年度在哪些安全威胁最让您最担心?用jmeserve@nww.com删除我的想法,我将在即将推出的时事通讯中发布它们。
祝所有读者新年快乐,2007年安全计算!
今天的错误修补程序和安全警报:
Multiple flaws in Cisco Clean Access
Cisco is warning of a flaw in its Clean Access product, which is used to detect, isolate and clean infected systems on a corporate network. One flaw could allow snapshot files to be read. Another results in an unchangeable shared secret, according to a Cisco advisory. Updates are available.
**********
安全研究人员对一个供应商称为“令人叹为观止”的Web浏览器插件在Adobe Systems Inc.的Acrobat Reader程序中的弱点进行了困扰,用于打开流行的“.pdf”文件格式。IDG新闻服务,01/03/07。
**********
根据一个安全供应商,根据一个安全供应商,影响包括Vista的四个操作系统中的四个的漏洞,包括Vista,似乎没有造成巨大风险。IDG新闻服务,12/22/06。
**********
安全厂商Imperva已经确定了地下水脆弱性lity in AJAX, which it says an attacker could use to compromise an application based on the Web scripting components known collectively as AJAX (Asynchronous JavaScript + XML). The vulnerability in the Direct Web Reporting component of the AJAX development framework is probably the first server-side-based vulnerability to be identified, according to Imperva, which has issued guidance on a workaround that would let application programmers close the hole. Network World, 01/03/07.
**********
Google closes Gmail cross-site scripting vulnerability
Google has fixed a flaw that would have allowed Web sites to harvest information from Gmail contact lists, a problem that could have let spammers collect reams of new e-mail addresses. IDG News Service, 01/02/07.
**********
迄今为止“Apple Bug的月份”(1/1至1/3):
1。Apple QuickTime RTSP URL处理程序堆栈的缓冲区溢出
2。VLC Media Player UDP://格式化字符串漏洞
3。Apple Quicktime HREFTrack Cross-Zone Scripting vulnerability
**********
Trustix releases "multi" update
rustix修补程序在内核和proftpd中的最新更新。可以利用最严重的缺陷来绕过安全限制。
**********
Two updates from rPath:
Mozilla Thunderbird (multiple flaws)
**********
来自Ubuntu的两个新补丁:
w3m (format string, code execution)
**********
Debian的五个更新:
Links2(输入Sanitization不足,shell命令执行不足)
squirrelmail (cross-scripting attack)
**********
OpenPKG的六个补丁:
OpenSER (buffer overflow, code execution)
links (insufficient input sanitization, shell command execution)
w3m (format string, code execution)
**********
来自Mandriva的三个新修复:
**********
本周的大病毒新闻:
VeriSign是一个新的电子邮件蠕虫,到达inboxes与主题“新年快乐!”。目前从160个电子邮件域传播的消息要求用户单击附加的“PostCard.exe”文件以造成损坏。该文件将安装多个不同的恶意代码变体,包括计算机上的TIB,NWAR,BANWARUM和GLOWA。然后它从受感染的计算机执行大规模邮件。IDG新闻服务,12/29/06。
**********
来自有趣的阅读部门:
If there's one thing that Aaron Kornblum would like to quash, it's the botnet armies. These are the remote-controlled PCs that have been taken over without their user's knowledge. Symantec Corp. counted more than 4.5 million of them during the first six months of the year, and according to Kornblum, they are the backbone of today's cybercrime. IDG News Service, 12/27/06.
Antispam Blacklist Service,开放式继电器数据库(ORDB),由于垃圾邮件发送了复杂的垃圾邮件,已经在五年半后拉了插头。TechWorld,12/21/06。
与圣诞快速接近,圣诞老人本周从Stopbadware.org伸出一点帮助。消费者宣传小组表示,它是由倾斜村,内华达州的村庄接近,他在法律上将他的名字更名为圣诞老人,他要求他们帮助弄清楚他的网站被谷歌公司的网站过滤器标记了他的网站。IDG新闻服务,12/21/06。