ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > News > Security

Security management Toolkit

Weekly security round-up

John McCormick Tech Republic

Published: 31 May 2005 15:50 BST

No single major security threat has emerged recently, so I've decided this week to concentrate on a hodgepodge of various important threats. While all of these threats are equally significant, there's no real underlying thread to unify them all. Nevertheless, these vulnerabilities are important to someone, so I'm using a different format this week to address all of the threats equally.

Apple update
Apple has released the Mac OS X 10.4.1 Update, part of which confirms the existence of a file disclosure vulnerability in the Bluetooth implementation of Mac OS X 10.4. A pair of file access vulnerabilities has also surfaced, but they're less critical because they only expose files locally. In addition, the update addresses a Dashboard widget vulnerability in Mac OS X 10.4, which can allow a malicious site to download Dashboard widgets without warning.

Browser woes
Netscape has apparently found the perfect way to combat Internet Explorer. According to reports, the recently released version 8 of the browser appears to break XML rendering if you try to run IE. Some people say this is unimportant; however, they apparently don't know about RSS.

In addition, a report on Angelfire points out that Netscape 8 relies on some IE code to render trusted pages — now that's taking an independent stand!

The same report includes a note that the author tried to run Netscape 8 on an old Windows version without IE installed, and Netscape won't work. So, that apparently means that Netscape is dependent on IE and therefore is likely vulnerable to Internet Explorer bugs, as well as Firefox and Mozilla bugs it hasn't yet patched (it's always a generation behind Mozilla and Firefox)! Can you say the worst of both worlds?

Also, users who rushed to download Netscape 8 (someone out there must have) need to download version 8.0.1 — released one day later — to fix the already known holes in Firefox 1.0.3, which served as the basis for Netscape 8. The moral here is that if you want to have the latest patches, you should probably stick to Firefox. And all of this comes out after AOL/Netscape bombarded users with ads about how secure the new Netscape version was going to be.

1 2

Did you find this article useful?
137 out of 308 people found this useful

Post a comment

Full Talkback thread

0 comments

More In Security management

Company/Topic Alerts

Create a new alert from the list below:

Featured Talkback

It seems to me this is a burden being placed on the wrong shoulders. There is not an It system in the world that can stop an individual taking information in their heads and spewing out at the nearest undesirable third party.