Network World’s Security Alerts (02/17/06)

Network World’s Security News Alert, 02/17/06

Attack code targets Media Player flaw, 02/17/06
Exploit code has been released targeting a flaw in Microsoft’s Windows Media Player, the French Security Incident Response Team (FrSIRT) warned Friday.

Microsoft patch fails to install for some users, 02/15/06
Microsoft has reported a problem with one of its security patches released Tuesday that requires some users to take additional steps to ensure it installs properly.

MacOS X worm wiggles its way into wild, 02/17/06
A worm that affects computers running Apple’s MacOS X is circulating on the Internet, according to anti-virus software makers.

Microsoft launches U.K. anti-piracy campaign, 02/16/06
When Microsoft’s U.K. head of anti-piracy visited several computer stores in Glasgow earlier this week inquiring about piracy issues, some weren’t especially glad to see her.

Weblog: Big problems in small packages, 02/16/06
In the search for security, it’s dawning on IT professionals that it’s the small things that matter now. Those handheld smartphones with huge amounts of data storage, USB flash drives, millions of powerful computer widgets spreading insect-like across …

Weblog: Guest blogger at RSA hears Counterpane CTO, 02/16/06
Bruce Schneier’s mother doesn’t give a hoot that her home PC is overrun with spyware excepting for the few days immediately following his biannual visits during which he rids her machine of malware. Nevertheless, the CTO of Counterpane Internet …

NetIQ launches VoIP security tool, upgrades security management software, 02/16/06
At the RSA Conference in San Jose this week, NetIQ unveiled a VoIP security product and an upgrade to its security management software that features faster updates and simplified agent management.

RSA:
Metrics are key to measuring security effectiveness, 02/16/06

Gathering metrics to measure the effectiveness of an enterprise security strategy can be a difficult and somewhat imprecise task, but that’s no excuse for not trying, said IT managers at RSA Conference 2006 in San Jose, Calif., this week.

Bill would bar U.S. firms from putting servers in China, 02/16/06
A U.S. lawmaker on Thursday introduced legislation that would bar U.S. Internet companies from locating Web servers inside “Internet-restricting” countries such as China and Vietnam, with prison sentences for those who don’t comply.

DHS: Sony rootkit may lead to regulation, 02/16/06
A Department of Homeland Security (DHS) official warned Thursday that if software distributors continue to sell products with dangerous rootkit software, as Sony BMG Music Entertainment recently did, legislation or regulation could follow.

Secure
software is up to businesses, 02/15/06

Most businesses aren’t doing enough to build and buy securely written software, according to speakers at panel of corporate security executives, academics and professional
software developers speaking at the RSA Security Conference 2006 on Tuesday.

OASIS approves WS-Security 1.1 standard, 02/15/06
OASIS approved WS-Security 1.1 as an official standard, establishing a foundation for securing distributed applications and Web services.

Extreme founder: Beware of closed network-access control schemes, 02/15/06
Corporate security executives should be wary of network-access control schemes that don’t embrace open standards that encourage multi-vendor security, says one of the founders of Extreme Networks.

Nortel unveils its network access control box, 02/15/06
Nortel put on display for the first time at RSA Conference 2006 its answer to network access control, an appliance that directs switches to enforce security policies.

RSA: FBI director says cyber threats are ‘fluid and far-reaching’, 02/15/06
Hacker hunters need to develop new techniques to take on the latest generation of sophisticated and better-organized cyber criminals. That’s what FBI Director Robert Mueller told attendees of the RSA Conference 2006 in San Jose, Calif., Wednesday.

Network security is the key to keeping VoIP secure, 02/15/06
Despite warnings that VoIP is vulnerable to a new breed of attacks, the biggest threat to VoIP remains weaknesses in general network security, according to a vendor presentation at the RSA Security Conference 2006.