A commonly used method of coupling the Exim and Dovecot mail server programs results in a serious security issue. The cause is an officially recommended, but problematic configuration

In the week ending 4 May – Linux 3.9 arrives, better font display for Linux, compromised Apache binaries and huge Java holes, Mozilla gets legalistic for a good reason and there's fresh BSD and Linux distributions released into the world

Microsoft late Friday confirmed that a "zero-day," or unpatched, vulnerability exists in Internet Explorer 8, the company's most popular browser.
A Qualcomm executive Friday defended Windows RT tablets despite poor initial sales, saying the mobile device chip maker is 'very optimistic with the future of Win RT.'
Digital nomad Mike Elgan returns to the U.S. after 10 months of travel and shares these tips for working and living abroad.

Thanks to some readers Ken and Paul, we've been supplied with some Zero-Day reading.   The best I can skim in short notice on these stories that developed yesterday is that Microsoft is looking into claims of an IE 8 vulnerability. [1]    IE 6,7,9,10 are claimed to be unaffected.

I suggest the pendulum analogy because one article cites a US Government website was hacked [2] by way of a 'watering hole' attack to exploit [3] with what is now believed to be 'zero-day' but was originally thought to be exploited by a slightly modifed version of a well known trojan named 'Poison-Ivy'.[4]

Too many links, too little time.  There is a lot of good reading out there right now, leaving much to review as this issue develops.   So please share your comments and knowledge on this issue with us and our community as it develops.

[1] http://technet.microsoft.com/en-us/security/advisory/2847140
2] http://labs.alienvault.com/labs/index.php/2013/u-s-department-of-labor-website-hacked-and-redirecting-to-malicious-code/
3] http://arstechnica.com/security/2013/05/internet-explorer-zero-day-exploit-targets-nuclear-weapons-researchers/
4] http://www.invincea.com/2013/05/part-2-us-dept-labor-watering-hole-pushing-poison-ivy-via-ie8-zero-day/

ISC Handler on Duty


(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Internet Storm Center Infocon Status