Happy Friday everyone!

There were a number of interesting security related issues this week, mostly covered in published bulletins. However there was also a slightly off beat story that caught my interest.

John McAfee, founder of the antivirus company, currently resides on an island off the coast of Belize and went missing recently after a neighbour was found dead over the weekend. McAfee claims the death is related to various issues he has had with local authorities. The death, combined with raids on his house, and his dogs being poisoned, are the reasons McAfee cites for going into hiding. Even going as far to say that his neighbour might have been shot by accident instead of him. According to the local police, McAfee is only wanted for questioning however McAfee fears for his life. Certainly one to keep an eye on.

Now for this week's top 5:

1) ASB-2012.0158 - ALERT [Appliance] BigPond Network Gateway 3G21WB Execute arbitrary code/commands - Remote with user interaction

This one received a fair bit of attention in the media and rightly so. This BigPond router had hard coded credentials that could not be changed, allowing anyone to access it, in addition to a code execution bug. Telstra has released an update however we are not entirely sure if both bugs are fixed or just the one that received the most attention in the media.

2) ASB-2012.0159 - ALERT [Win][UNIX/Linux] Skype Access privileged data - Remote/unauthenticated

Another popular story in the media this week. There was a bug in the Skype website with the password reset function that made it child's play for someone to hijack an account, requiring only to know an email address. In addition, the exact steps needed had been disclosed to all and sundry about 3 months earlier.

3) ESB-2012.1081 - [Win] Windows: Multiple vulnerabilities

Vulnerabilities in kernel-mode drivers are never fun. These are no exception. One is an admiministrator compromise however does require an existing account to exploit.

4) ESB-2012.1088 - [Win][Linux][HP-UX][Solaris][AIX] IBM Products Multiple vulnerabilities

This bulletin covers four IBM Java Runtime Environment vulnerabilities that had been fixed in numerous IBM products. A number of IBM products are affected and the vulnerabilities ecah have a CVSS rating of 9.3.

5) ESB-2012.1090 - [RedHat] java-1.5.0-ibm, java-1.6.0-ibm, & java-1.7.0-ibm Multiple vulnerabilities

The day after the IBM bulletin mentioned above, Red Hat released fixes for the same vulnerabilites plus many more. Nearly every type of vulnerability you can think of is covered.

That ends the week in review for today, safe browsing,
Olivia