From; Panda Oxygen3: "Be brief, for no discourse can please when too long". Miguel de Cervantes (1547 - 1616); Spanish author & poet - Weekly summary - Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com) Madrid, March 26 2005 - Over the last week, Oxygen3 24h-365d has covered the following news stories -summarized below- which can be read in full at: http://www.pandasoftware.com/about/press/oxygen3/oxygen.asp - System downtime due to vulnerabilities will triple before 2008 (03/21/05). According to Gartner, system downtime caused by software vulnerabilities will triple before 2008, if companies don't take proactive security steps. Companies that don't include security as a criterion when buying or developing software will witness downtime caused by security vulnerabilities increase from the 5 percent observed in 2004 to 15 percent in 2008. - Security updates for Apple Mac OS X (03/22/05). Apple has released an update to resolve nine security problems affecting its MAC OS. The update includes the fix for problems in the server (AFP), in Bluetooth devices, in Core Foundation, in Cyrus IMAP, in Mailman and in the Safari browser. - Panda Software warns of a new, sophisticated and dangerous online fraud technique: pharming. (03/23/05). Pharming involves altering DNS (Domain Name System) addresses so that the web pages that a user visits are not the original ones, but others created specifically by cyber-crooks to collect confidential data, especially information related to online banking. - Vulnerability in Java Web Start. (03/24/05) Sun has reported a vulnerability in Java Web Start that could allow privilege elevation of a non-trusted application and indiscriminate permission to read, write and execute on the local system. Java Web Start is a platform that allows developers to deploy complete applications to final users accessible from any browser. - Drag and drop vulnerability in Thunderbird and Firefox. (03/25/05) A vulnerability has been reported which affects both the Firefox browser and the Thunderbird mail client and which can be exploited by remote attackers to insert malware on a user's system. The problem is that images dragged and dropped from a web page to the desktop retain their name and extension. If the file has an executable extension, it could run instead of being opened by the corresponding multimedia application.. NOTE: The address above may not show up on your screen as a single line. This would prevent you from using the link to access the web page. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL. ------------------------------------------------------------ To contact with Panda Software, please visit: http://www.pandasoftware.com/about/contact/ ------------------------------------------------------------ *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member