- +
How to Save the Internet 12/05/2005 10:59:59
Imagine labels on software like those on cigarettes - Infosecurity General's Warning: The use of software and hardware that is not certified secure can harm your system and other people's systems, and you may be held liable for those damages.Computing on the Net is heading for a fall because security is a joke. So we summoned the best minds to see if we could put Humpty back together again. - +
Consumer Appeal 06/11/2006 14:04:24
Your end users are downloading Skype and sharing links to company Web pages on Del.icio.us. But don't panic. Although emerging consumer applications can pose security risks, here are five that offer business benefits if you manage them well.When Paul Tang first downloaded Google's desktop search application, he was impressed by its speed and power. Instead of painstakingly looking for data and files on his hard drive, he could find them with the ease of a Web search. However, Tang, chief medical information officer at the Palo Alto Medical Foundation (PAMF), quickly realized that the slick application could also be dangerous. - +
Your World. . . Hacked 02/10/2007 10:51:23
As your business becomes more collaborative and global, the risks to your company’s trade secrets rise proportionally. Fortunately, there are new strategies to protect the data that allows you to competeThe call to Bob Bailey, an IT executive with a major US government contractor, came on an otherwise ordinary day in October 2003. "Why are you attacking us?" demanded the caller, an IT leader with a Silicon Valley manufacturer. He wanted to know why Bailey's company had launched a denial-of-service attack against his network - +
A Few Good Metrics 08/09/2005 11:15:21
Mention metrics to a CIO or infosecurity executive and immediately their thoughts may well turn to sigmas, standard deviations and, probably, probability. To many, metrics equals statistics.Information security metrics don't have to rely on heavy-duty maths to be effective, but they also don't have to be dumbed down to red, yellow, green. Here are six smart measurements - and effective ways to present them.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Microsoft 2008 Mission Critical IT
Choices in Storage Architecture for Oracle Environments
A Report Card On Ubiquitous Mobility
A Guide to Next-Generation Backup, Recovery and Archive
The value of Project Portfolio Management
Agile in the Enterprise
The Case for an Untethered Enterprise
From Business Needs to Business Mashups in 3 simple steps
Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
Adobe Systems has patched two bugs in its ubiquitous Acrobat Reader application that could allow an attacker to take over a user's system via a malicious pdf file attached to an e-mail message. The bugs affect Windows, Mac OS X and Unix.
Separately, developers warned of bugs in Ethereal, a popular network protocol analyzer, that could allow an attacker to take over a system.
Security research company iDefense warned of the bug affecting Windows and Mac in an advisory published on the Bugtraq mailing list late on Tuesday. The problem is a format string vulnerability in version 6.0.2 of Adobe Reader, allowing users to craft a special .etd file that could cause an invalid memory access and allow for the execution of malicious code with the privileges of the user. Reader uses .etd files in handling eBooks.
The bug could be exploited by an e-mail containing either a malicious pdf file or a link to such a file, according to iDefense. The company said earlier versions of Reader 6 could be vulnerable, and said the bug is likely to also affect Adobe Acrobat, the application used to create pdf files.
Adobe released a fix in version 6.0.3 of both Acrobat and Acrobat Reader for Windows and Mac OS X. All the updates are available from Adobe's Web site.
IDefense said users could also work around the problem by deleting the file "C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\eBook.api", which makes Reader and Acrobat unable to handle eBooks.
A similar bug affects Unix. A boundary error in the "mailListIsPdf()" function, which checks to see whether a document in an email is a PDF file, unsafely copies user supplied data into a fixed sized buffer, according to iDefense.
This could allow an attacker to cause a buffer overflow and execute malicious code, the company said. Adobe has fixed the bug in Acrobat Reader version 5.0.9 for Unix, available on its site. iDefense said previous versions of Reader 5 are likely to also be affected. In its advisory, iDefense included a shell script patch users can apply for additional protection.
Ethereal bug
Several bugs were also reported in Ethereal, which claims to be one of the most popular tools for network software and protocol development, troubleshooting and analysis. The bugs can make the application hang, crash or otherwise disrupt a system, and may also allow for malicious code execution, Ethereal's developers said.
"It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file," the project said in a Wednesday advisory.
The bugs affect versions 0.9.0 up to and including 0.10.7, and are fixed in version 0.10.8. Secunia, which publishes an independent security database, said the problems were "highly critical."
Computerworld Member Login
Beyond Virtualisation - The Roadmap to 2012
CIO Breakfast Briefing
8:30am - 10:30am
Brisbane | 22 July | Sofitel Brisbane
Sydney | 23 July | Four Seasons Hotel
Canberra | 24 July | The Hyatt
Attend and discover:
- What happens after virtualisation
- The benefits automation drives
- When automated infrastructures will emerge
- What the roadmap to 2012 looks like
- How to deliver an automated architecture
- How to maximise your investment in virtualisation
- +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future. - +
Data Management Edition #9: Data centre makeover 24/04/2008 07:43:06
This week CW Live looks at the death of the old style data centre which is undergoing its first makeover in more than 30 years.
Satyam’s Q1 revenue up by 43% and Net Profit by 45% YoY; revises revenue and EPS guidance upwards for FY09 2008-07-18 16:58:00+10
Informatica Reports Record Second Quarter Results 2008-07-18 13:01:00+10
Tumbleweed Releases MailGate 3.6 2008-07-18 10:01:00+10
Convergys to Acquire Intervoice, Enhancing Leadership in Relationship Management 2008-07-17 14:41:00+10
Borland Management Solutions Put the "M" in Application Lifecycle Management 2008-07-17 13:43:00+10
Realizing the Value of Unified Communications
Discover how the integration of disparate technologies in your company can lead to greater user productivity, improved management, lower costs, higher efficiency, and easier risk mitigation.
