Security News

Govt's warning to man with TB confirmed by e-mail archives 10 Jul 2007 13:00 GMT
E-mail archiving software helped recover e-mails from health care workers tracking TB patient Andrew Speaker.

Source: Computerworld

Cisco, Microsoft, EMC form government-data alliance 10 Jul 2007 12:17 GMT
Aim is to develop government-wide architecture to protect and share sensitive government information.
Source: ZDNet

MS07-041 - Important: Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373) 10 Jul 2007 08:00 GMT
Bulletin Severity Rating:Important - This important security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if an attacker sent specially crafted URL requests to a Web page hosted by Internet Information Services (IIS) 5.1 on Windows XP Professional Service Pack 2. IIS 5.1 is not part of a default install of Windows XP Professional Service Pack 2. An attacker who successfully exploited this vulnerability could take complete control of the affected system.
Source: TechNet

MS07-040 - Critical: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212) 10 Jul 2007 08:00 GMT
Bulletin Severity Rating:Critical - This update resolves three privately reported vulnerabilities. Two of these vulnerabilities could allow remote code execution on client systems with .NET Framework installed, and one could allow information disclosure on Web servers running ASP.NET.
Source: TechNet

MS07-039 - Critical: Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122) 10 Jul 2007 08:00 GMT
Bulletin Severity Rating:Critical - This critical security update resolves a privately reported vulnerability in implementations of Active Directory on Windows 2000 Server and Windows Server 2003 that could allow remote code execution or a denial of service condition. Attacks attempting to exploit this vulnerability would most likely result in a denial of service condition. However remote code execution could be possible. On Windows Server 2003 an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts. This is a critical security update for supported editions of Windows 2000 and an important security update for supported editions of Windows Server 2003. For more information, see the subsection, Affected and Non-Affected Software, in this section. This security update addresses the vulnerability by validating the number of convertible attributes in the client LDAP request.
Source: TechNet

MS07-036 - Critical: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542) 10 Jul 2007 08:00 GMT
Bulletin Severity Rating:Critical - This critical update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in addition to other security issues identified during the course of the investigation. These vulnerabilities could allow remote code execution i
Source: TechNet

Opinion: Who are your riskiest vendors? 10 Jul 2007 04:31 GMT
Jay Cline has three simple steps to get companies off the dime when it comes to assessing the risks their vendors and partners pose to its sensitive information.

Source: Computerworld

Google to buy e-mail security company for $625 million 09 Jul 2007 12:28 GMT
The Internet giant gobbles up Postini, which supplies on-demand communications security and compliance products to more than 35,000 businesses.
Source: ZDNet

Rogue DBA Steals, Sells Personal Info 09 Jul 2007 04:59 GMT
Fidelity National Information Services says a database administrator responsible for enforcing data access rights at one of its subsidiaries sold the personal information of about 2.3 million consumers to a data broker.

Source: Computerworld

VA Report Spreads Blame for Data Loss 09 Jul 2007 04:59 GMT
A report by the inspector general at the U.S. Department of Veterans Affairs criticized an IT specialist and the directors of one of the agency's medical centers in connection with the loss or theft of a hard drive containing data about more than 1.5 million people.