Home    News Archive    Translate Traducen
News February 2006
28 February 2006

Guides, Papers, etc
www.nytimes.com:
Cyberthieves Silently Copy Your Passwords as You Type. Read more

www.sans.org:
SECURITY 617: Assessing and Securing Wireless Networks. Read more

www.securityfocus.com:
Keyloggers on the rise. Read more

www.securityfocus.com:
Spreading security awareness for OS X. Read more

www.digitalmunition.com:
InqTana Through the eyes of Dr. Frankenstein. read more

msdn.microsoft.com:
Finding Security Compatibility Issues in Internet Explorer 7. Read more

www.vmware.com:
VMware Ultimate Virtual Appliance Challenge. Read more

www.redmondmag.com:
Vista Security: Worth Paying For. Read more

computerworld.co.nz:
How secure is open source? Read more

www.infoworld.com:
Malware dissection 101. Read more

www.securitypipeline.com:
Reports: IE 7 Crashes While Accessing Windows Updates. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
DCI Designs Input Validation Holes in Taskeen Permit SQL Injection Attacks. Read more

securitytracker.com:
PwsPHP Input Validation Weakness in 'id' Parameter Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
eZ publish Input Validation Hole in 'ReferrerURL' Parameter Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Pentacle In-Out Board Input Validation Bugs in 'newsdetailsview.asp' and 'login.asp' Permit SQL Injection. Read more

securitytracker.com:
ArGoSoft FTP Server Buffer Overflow in DELE Command Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Sun Solaris Unspecified hsfs File System Bug Lets Local Users Deny Service and Gain Elevated Privileges. Read more

securitytracker.com:
Mambo Input Validation Holes in 'mambo.php' Permit SQL Injection and in _setTemplate() Function Let Remote Users Include Local Files. Read more

securitytracker.com:
Guestex Input Validation Hole in 'url' Parameter Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Cilem Haber Unspecified Input Validation Bug Permits SQL Injection. Read more

securitytracker.com:
SCO UnixWare ptrace Lets Local Users Inject Code into setuid Processes to Obtain Elevated Privileges. Read more

 

News
www.theregister.co.uk:
Yahoo! link confirmed in second Chinese dissident case. Read more

news.bbc.co.uk:
Viruses plague British businesses. Read more

www.redherring.com:
DOJ: Google Shouldn’t Worry. Read more

www.redherring.com:
ClickTracks Warns of Fraud. Read more

www.theregister.co.uk:
Politically motivated attacks soar in 2005. Read more

www.theregister.co.uk:
Dutch police target 23 Nigerian gangs. Read more

www.scmagazine.com:
Crimeware code sells trojans to hackers. Read more

www.newsfactor.com:
Web Attacks Disrupting Online Sales. Read more

times.hankooki.com:
Korea to Block Alien Hackers. Read more

www.vnunet.com:
New virus closes gap between PCs and Windows Mobile. Read more

www.mercurynews.com:
New Google service could compete with PayPal. Read more

news.com.com:
Distributed computing cracks Enigma code. Read more

27 February 2006

Guides, Papers, etc
www.pcworld.com:
The New Virus Fighters. Read more

www.jpost.com:
Legendary hacker Mitnick turns legit. Read more

blogs.securiteam.com:
OSX/Inqtana False Positive. Read more

reviews.cnet.com:
Small business. Read more

blog.washingtonpost.com:
The New Face of Phishing. Read more

www.msnbc.msn.com:
It’s ‘phishing’ season for tax scammers. Read more

msmvps.com:
Microsoft Update versus Windows Update...Read more

www.wired.com:
A MySpace Cheat Sheet for Parents. Read more

 

Tools:
www.securitypark.co.uk:
Elcomsoft Recovers Passwords Using the Power of Multiple Computers. Read more

 

News
www.pcpro.co.uk:
DoJ hits back at Google over search logs. Read more

www.mercurynews.com:
Censorship in China divides Americans. Read more

www.securityfocus.com:
McAfee employees at risk. Read more

www.dailytech.com:
Virus Writer Accidentally Leaks Identity During Washington Post Interview. Read more

www.pandasoftware.com:
PandaLabs uncovers a complex malware creation system designed to spy and steal personal data. Read more

www.marketwire.com:
Symantec and Hotbar Resolve Adware Dispute. Read more

today.reuters.com:
Microsoft to offer 6 versions of Windows Vista. Read more

news.com.com:
Is your cell phone due for an antivirus shot? Read more

www.redherring.com:
Symantec Imitates a Startup. Read more

www.wired.com:
Building the Internet Toll Road. Read more

www.redherring.com:
Googling the National Archives. Read more

25 February 2006

Guides, Papers, etc
www.informationweek.com:
Gaming, Celebrity URLs: Riskiest Web Sites. Read more

searchsecurity.techtarget.com:
Smile! You're about to be hacked. Read more

blogs.securiteam.com:
Bypassing SSL in Phishing. Read more

www.jpost.com:
Legendary hacker Mitnick turns legit. Read more

www.securitytechnique.com:
Wi-Fi Security Checklist. Read more

isc.sans.org:
Malware: When <!-- comments --> become commands (NEW). Read more

ddanchev.blogspot.com:
Chinese Internet Censorship efforts and the outbreak. Read more

ddanchev.blogspot.com:
One bite only, at least so far! Read more

 

Tools:
www.microsoft.com:
Microsoft Anti-Cross Site Scripting Library V1.0. Read more

www.keelog.com:
DIY hardware keylogger. Read more

 

Vulnerabilities & Exploits
secunia.com:
Macromedia ShockWave Player ActiveX Installer Buffer Overflow. Read more

securitytracker.com:
Winamp Buffer Overflow in Processing '.m3u' Program Titles May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Teca Diary Personal Edition Input Validation Holes in 'functions.php' Permit SQL Injection. Read more

 

News
seattletimes.nwsource.com:
Virus creators begin knocking at Apple's core. Read more

www.crn.com:
Panda Detects Complex For-Profit Malware Scam. Read more

news.com.com:
Winamp update fixes flaw. Read more

www.websensesecuritylabs.com:
Increased deployment of Phishing Kits. Read more

news.bbc.co.uk:
Piracy 'in almost every street'. Read more

www.zone-h.org:
FACING THE DEFACERS: ISLAMIC HACKER ARRESTED IN FRANCE. Read more

software.silicon.com:
Mare.D virus: Ignore the hype. Read more

www.spamdailynews.com:
Americans oppose storage of search queries. Read more

www.technewsworld.com:
Microsoft Goes 'Live' With New Parental Controls. Read more

googleblog.blogspot.com:
Google to Digitize National Archives Footage. Read more

24 February 2006

Guides, Papers, etc
articles.news.aol.com:
www.defcon.org:
DEF CON 14. Call for Papers. Read more

searchwindowssecurity.techtarget.com:
Vista's security features: What to expect. Read more

www.theregister.co.uk:
The real reason Skype isn't as good as it was. Read more

www.sunbelt-software.com:
BOTNETS. Read more

downloads.bbc.co.uk:
Internet censorship in China, the malicious code designed to attack Apple Macs and an energy-saving, pedal-powered Nintendo. Listen

 

Tools:
www.betanews.com:
Google Testing Web 'Page Creator' Beta. Read more

fileforum.betanews.com:
Process Explorer for Windows NT/2000/XP/2003 10.06. Read more

 

Vulnerabilities & Exploits
www.zerodayinitiative.com:
Adobe Macromedia ShockWave Code Execution. Read more

www.h4cky0u.org:
Oi! Email Marketing 3.0 SQL Injection. Read more

securitytracker.com:
Shockwave Player Buffer Overflow in ActiveX Installer Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
WinAce Buffer Overflow in ARJ Header Block Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
NOCC Has Multiple Bugs That Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
VisNetic AntiVirus Plug-in for Mail Server Lets Local Users Obtain Elevated Privileges. Read more

securitytracker.com:
InfoVista VistaPortal Discloses Files and Path to Remote Users. Read more

securitytracker.com:
zoo Buffer Overflow in fullpath() Lets Remote Users Cause Arbitrary Code to Be Executed. Read more

securitytracker.com:
Noah's Classifieds Has Multiple Bugs That Let Remote Users Include and Execute Arbitrary Code, Inject SQL Commands, and Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
PEAR Auth Input Validation Bugs Let Remote Users Falsify Authentication Credentials. Read more

securitytracker.com:
Mozilla Thunderbird Validation Error in IFRAME SRC Tag Lets Remote Users Execute Arbitrary Javascript. Read more

 

News
www.zone-h.org:
FACING THE DEFACERS: ISLAMIC HACKER ARRESTED IN FRANCE. Read more

news.com.com:
MPAA sues newsgroup, P2P search sites. Read more

www.techworld.com:
Smaller businesses can't keep up with patches. Read more

news.com.com:
China plans spam crackdown. Read more

www.vnunet.com:
Spammers change distribution tactics. Read more

www.eweek.com:
Malware Honeypot Projects Merge. Read more

www.informationweek.com:
Zero-Day Exploit Turns Up Heat On Mac OS X. Read more

www.charlotte.com:
In quantum physics breakthrough, strange computer is on and off. Read more

www.thestar.com:
Prof says there's no hacker he can't foil. Read more

23 February 2006

Guides, Papers, etc
articles.news.aol.com:
staff.science.uva.nl:
The Domain Name Service as an IDS. Read more

www.antiphishing.org:
Phishing Activity Trends Report. Read more

taosecurity.blogspot.com:
Brian Krebs Botmaster Interview. Read more

www.securityfocus.com:
Federico Biancuzzi interviews Solar Designer, creator of the popular John the Ripper password cracker. Read more

www.itmanagersjournal.com:
Interviewing hackers. Read more

spamkings.oreilly.com:
P2P spam scam. Read more

www.honeynet.org:
Know your Enemy: Phishing. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
IA eMailServer Buffer Overflow in MAP SEARCH Command Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
RUNCMS Input Validation Error in 'ratefile.php' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
SquirrelMail Input Validation Bugs Let Remote Users Inject IMAP Commands and Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
CPG Dragonfly CMS Input Validation Holes in Multiple Modules Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
Winamp Buffer Overflow in Processing '.m3u' File 'cda' References May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
PEAR LiveUser Input Validation Flaws in Processing Cookies Let Remote Users Determine File Existence and Delete Files. Read more

securitytracker.com:
ViRobot Authentication Error Lets Remote Users Obtain Authentication Data and Gain Access to the Target System. Read more

securitytracker.com:
IBM Lotus Domino/Notes Archive Processing Buffer Overflow and Directory Traversal Bugs Let Remote Users Execute Arbitrary Code and Delete Files. Read more

securitytracker.com:
Tar on Red Hat Enterprise Linux Lets Remote Users Write Files. Read more

securitytracker.com:
Metamail Buffer Overflow Lets Remote Users Deny Service. Read more

securitytracker.com:
IBM Tivoli Directory Server Zero-Byte Write Error Lets Remote Users Deny Service. Read more

securitytracker.com:
Apple Safari Lets Remote Users Cause Shell Code to Be Executed by the Target User. Read more

securitytracker.com:
PHP-Nuke Input Validation Hole in Search Module Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Magic Calendar Lite Input Validation Flaw in 'cms/index.php' Permits SQL Injection. Read more

securitytracker.com:
NJStar Chinese/Japanese Word Processor Buffer Overflow in Font Names Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Xerox WorkCentre Multiple Bugs in ESS/Network Controller and MicroServer Web Server Permit Remote Access, Denial of Service, and Cross-Site Scripting Attacks. Read more

 

News
www.securityfocus.com:
12 arrested in email scam investigation. Read more

www.theregister.co.uk:
Unpatched Mac OS X hole poses critical risk. Read more

blog.washingtonpost.com:
Alarming Phishing Trends. Read more

www.scmagazine.com:
CSIA: Fight against spyware is on. Read more

www.theregister.co.uk:
Microsoft faces another anti-trust suit. Read more

seattletimes.nwsource.com:
Businesses get to try out new version of Windows. Read more

www.theregister.co.uk:
Google Perfect 10 thumbnails 'breach copyright'. Read more

management.silicon.com:
Google in court for copying porno. Read more

news.zdnet.co.uk:
Security fears over London's blanket Wi-Fi. Read more

www.loosewireblog.com:
Phishing and the Peril of Fonts. Read more

news.com.com:
IBM issues subpoenas for tech giants' SCO dealings. Read more

www.betanews.com:
Vista 'Enterprise CTP' Feature Complete. Read more

news.com.com:
FBI widens probe of debit-card theft. Read more

www.esecurityplanet.com:
Please, No More Promises from Bill Gates. Read more

22 February 2006

Guides, Papers, etc
articles.news.aol.com:
www.windowsdevcenter.com:
Inside Look: Internet Explorer 7, Beta 2. Read more

www.wormblog.com:
Recent PHP Worm Activity. Read more

articles.news.aol.com:
Could Skype's Encrypted Calls Kill Wiretaps? Read more

www.vortex.com:
Video: Internet and Empires. Watch

blogs.msdn.com:
Internet Explorer Administration Kit and Group Policy in IE7. Read more

honeyblog.org:
Learning More About Attack Patterns With Honeypots. Read more

www.wired.com:
All Google's Roads Lead to Kansas. Read more

 

Vulnerabilities & Exploits
www.waraxe.us:
Bypassing CAPTCHA in phpNuke 6.x-7.9. Read more

 

News
news.bbc.co.uk:
Zombie PCs growing quickly online. Read more

today.reuters.com:
Microsoft blunder leaks information about Vista. Read more

news.bbc.co.uk:
Google defends China search site. Read more

www.washingtonpost.com:
Chinese Media Assail Google. Read more

www.techtree.com:
Google Search Violates Copyright. Read more

software.silicon.com:
Cyber bank robbers threaten ecommerce. Read more

today.reuters.com:
EU gets new complaint against Microsoft. Read more

www.theregister.co.uk:
The ugly face of crime. Read more

news.com.com:
Kaspersky update zaps Microsoft antivirus. Read more

www.theregister.co.uk:
Chinese hackers allegedly make a game of ID theft. Read more

www.hs.fi:
Two teenagers fined for spreading computer viruses. Read more

www.usdoj.gov:
Grand Jury Returns Indictment Charging Student with Accessing Protected Computer at University of Utah. Read more

www.usdoj.gov:
Utah Man Charged with Bringing down Wireless Internet Services in Vernal Region. Read more

www.vnunet.com:
Sophos sees OS X virus ghosts. Read more

www.vnunet.com:
Identity theft feeds $1bn gaming black market. Read more

www.informationweek.com:
With Gates Leading The Call, IT Vendors Eye Cooperation On IT Security. Read more

www.vnunet.com:
Gates poised for new IE as Firefox users gripe. Read more

www.theinquirer.net:
Washington Post fails to protect Deep Throat. Read more

www.dailytech.com:
Samsung Sued Over "Hacker-Friendly" DVD Player. Read more

www.wired.com:
Mac Attack a Load of Crap. Read more

21 February 2006

Guides, Papers, etc
blogs.securiteam.com:
PHP as a secure language? PHP worms? Read more

www.securityfocus.com:
Private identities become a corporate focus. Read more

www.microsoft.com:
Video Q&A between Bill Gates and Mike Nash, our Corporate Vice President of the Security Technology Unit. Watch

www.uninformed.org:
Bypassing Windows Hardware-enforced Data Execution Prevention. Read more

www.financialexpress.com:
It’s time to hone your hacking skills, legally. Read more

www.sunherald.com:
I've got 8 rules for fighting spyware. Read more

news.bbc.co.uk:
Who does the net think you are? Read more

blog.washingtonpost.com:
A Interview with 180Solutions' CEO. Read more

software.silicon.com:
Q&A: Cisco CSO John Stewart. Read more

www.eweek.com:
What Will Apple Do When the Malware Comes? Read more

www.timesonline.co.uk:
Computers make for chatty children. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Macallan Mail Solution IMAP Command Input Validation Error Lets Remote Authenticated Users View E-mail of Other Users. Read more

 

News
www.theregister.co.uk:
Political hacking scandal hits Hungary. Read more

www.kaspersky.com:
Bizanga partners with Kaspersky Lab. Rea more

www.int.iol.co.za:
China 'concerned' about Google's content. Read more

www.terra.net.lb:
Google operating without Internet license in China. Read more

today.reuters.co.uk:
Google denies acting unlawfully in China. Read more

software.silicon.com:
Cyber bank robbers threaten ecommerce. Read more

www.theregister.co.uk:
Active cookies aim to thwart cyber-crooks. Read more

www.theregister.co.uk:
Spammers adopt stealth tactics. Read more

news.com.com:
Google admits Desktop security risk. Read more

www.interfax.cn:
Chinese hackers accused of mass theft relating to online game Lineage in South Korea. Read more

www.theregister.co.uk:
Dell seeks damages from man called Dell. Read more

www.chron.com:
Next step comes in form of Windows Defender. Read more

www.silicon.com:
MP slams "out of control" DNA database. Read more

20 February 2006

Guides, Papers, etc
www.virus.gr:
Comparative tests of antivirus programs, 14-22 December 2005. Read more

www.benedelman.org:
Nonconsensual 180 Installations Continue, Despite 180's "S3" Screen. Read more

blog.washingtonpost.com:
Botnets: A Global Pandemic. Read more

www.washingtonpost.com:
Invasion of the Computer Snatchers. Read more

blogs.securiteam.com:
New Linux malware. Read more

blogs.securiteam.com:
More info on the new Linux worm. Read more

itpolicy.princeton.edu:
Lessons from the Sony CD DRM Episode. Read more

www.informationweek.com:
Yes, Trusted Computing is used for DRM. Read more

www.fbi.gov:
Remarks by Robert S. Mueller, III Director, Federal Bureau of Investigation 15 th Annual RSA Conference San Jose, California February 15, 2006. Read more

arstechnica.com:
Is Skype a haven for criminals? Read more

www.oreillynet.com:
Trojan or Worm? Read more

ezine.daemonnews.org:
Interview on Xen with Manuel Bouyer. Read more

searchopensource.techtarget.com:
The Dark Side of the Web. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Coppermine Photo Gallery Include File Bugs in 'include/init.inc.php' and 'docs/showdoc.php' Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Blue Coat ProxySG Policy Error May Let Remote Users Bypass Default CONNECT Policy Rules. Read more

 

News
news.bbc.co.uk:
Google throws out US data demand. Read more

news.ft.com:
China’s virtual cops pinpoint web dissent. Read more

observer.guardian.co.uk:
China crisis for Google bosses. Read more

www.theinquirer.net:
Microsoft fumes about security bounty. Read more

www.commtouch.com:
January Virus and Spam Statistics: 2006 Starts with a Bang. Read more

www.chinatechnews.com:
Beijing Mobile Suffers RMB3.7 Million Loss From Hacker's Attack. Read more

www.redherring.com:
Cell Phone Dead? Blame Virus. Read more

www.kotaku.com:
SPAM Alert: Fight Night 3 PSP Costs Privacy. Read more

edition.cnn.com:
Apple's ode to hackers. Read more

www.esecurityplanet.com:
IBM Takes Holistic Security Stance. Read more

cooltech.iafrica.com:
IBM makes chip breakthrough. Read more

18 February 2006

Guides, Papers, etc
blogs.securiteam.com:
Looking behind the smoke screen of the Internet: DNS recursive attacks, spamvertised domains, phishing, botnet C&C’s, International Infrastructure and you. Read more

www.us-cert.gov:
The Continuing Denial of Service Threat Posed by DNS Recursion. Read more

cc.uoregon.edu:
Non-UO Recursive Domain Name Server Access to be Curtailed February 1. Read more

www.bellua.com:
Bellua Cyber Security Asia 2006. Read more

student.missouristate.edu:
Microsoft's Blunder: The Windows Media Plug-in Exploit. Read more

securityreason.com:
Expanding Exposure: The Decreasing Time Between Web Application Vulnerability and Exploitation. Read more

blogs.securiteam.com:
Linux kernel remote DoS, 20 mailing lists to read, best security training and insecure appliances. Read more

blogs.securiteam.com:
Windows Media Exploit: Lesson Learned Yet? Read more

www.gartner.com:
Manage Google's Desktop Search Now or Lock It Out. Read more

www.betanews.com:
Interview: Microsoft Exec Talks IE7, RSS. Read more

ddanchev.blogspot.com:
How to win 10,000 bucks until the end of March? Read more

reviews.cnet.com:
Your smart phone has a dumb virus. Read more

techrepublic.com.com:
See why even a simple firewall is better than nothing. Read more

wiredblogs.tripod.com:
First Mac OS X Worm a Wake-Up Call. Read more

itpolicy.princeton.edu:
Lessons from the Sony CD DRM Episode. Read more

www.infectionvectors.com:
Frames and MetaFrames. Read more

vascan.org:
Botnets. Read more

www.eweek.com:
Time To Raise Prices—Internet Access is Too Cheap. Read more

www.enterpriseserver.techweb.com:
WMF: The Russians Are Coming! Read more

www.redherring.com:
Q&A: Congressman Tom Lantos. Human rights advocate denounces censorship, saying Internet companies ‘have to learn to show some guts.’ Read more

abcnews.go.com:
Study: Internet Users Go Online for Fun. Read more

 

Vulnerabilities & Exploits
retrogod.altervista.org:
DocMGR <= 0.54.2 arbitrary remote inclusion. Read more

retrogod.altervista.org:
Linpha <= 1.0 multiple arbitrary local inclusion. Read more

blogs.securiteam.com:
Exploit: Head-2-head - H D Moore and Matthew Murphy (MS06-006). Read more

securitytracker.co:
APC PowerChute May Install a Vulnerable Version of JRE. Read more

securitytracker.co:
Netcool/NeuSecure Discloses Passwords to Local Users. Read more

securitytracker.co:
Gallery 'util.php' Include File Bug Lets Remote Users Execute Code Stored on the Local System. Read more

securitytracker.co:
PHPKIT 'include.php' Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

 

News
news.com.com:
Google may have to fight second subpoena. Read more

news.bbc.co.uk:
UK holds Microsoft security talks. Read more

www.forbes.com:
Gates Poised For New IE As Firefox Users Gripe. Read more

www.washingtonpost.com:
Windows Flaw Makes Surfing Riskier. Read more

www.pcworld.com:
Vista's Encryption Could Vex Investigators. Read more

www.theregister.co.uk:
Panic spreads over Windows Vista 'back door' that never was. Read more

news.com.com:
Google to feds: Back off. Read more

news.zdnet.com:
New Trojans plunder bank accounts. Read more

www.computerworld.com:
Hackers follow Microsoft patches with malware. Read more

blogs.securiteam.com:
Cell phone operator sent 7000-large Government account information with unprotected e-mail. Read more

seattletimes.nwsource.com:
Microsoft finally adds security for Windows. Read more

www.techweb.com:
Gartner: Turn Off File Sharing In Google Desktop. Read more

www.techweb.com:
Firm Offers $10K Reward For Critical Windows Bug. Read more

news.bbc.co.uk:
New US plan to ban internet bets. Read more

www.techweb.com:
FBI Probes Auto-Surf Site, Ponzi Scam Alleged. Read more

news.bbc.co.uk:
Malicious worm aims to bite Apple. Read more

www.securityfocus.com:
Second OS X worm appears. Read more

www.theregister.co.uk:
Homeland security urges DRM rootkit ban. Read more

www.theregister.co.uk:
Techies in Microsoft licence reading bombshell. Read more

searchsecurity.techtarget.com:
Companies still not reporting attacks, FBI director says. Read more

www.terra.net.lb:
Court rejects release of Livedoor's Horie: reports. Read more

news.bbc.co.uk:
Man charged over Oscar 'piracy'. Read more

17 February 2006

Guides, Papers, etc
www.msnbc.msn.com:
Transcript of interview with Bill Gates. Read more

www.windowsecurity.com:
Securing the Network from Within (Part 2). Read more

www.microsoft.com:
It’s Me, and Here’s My Proof: Why Identity and Authentication Must Remain Distinct. Read more

www.btplc.com:
ONLINE IDENTITY THEFT. Read more

www.informationweek.com:
Microsoft Hones IE 7's Drive-by-Download Defenses. Read more

blogs.securiteam.com:
Comment spam and Xanga: create blogs to spam to? Read more

blogs.securiteam.com:
A few humble observations regarding the current state of InfoSEC. Read more

blogs.securiteam.com:
Australia: First WMF mass mailer ItW (phishing Trojan). Read more

www.networkingpipeline.com:
Google: Porn? Users Don't Want No Stinkin' Porn! Read more

www.networkingpipeline.com:
Google Desktop Privacy Dangers Are Overblown. Read more

www.cs.wisc.edu:
WYSINWYX: What You See Is Not What You eXecute. Read more

 

Tools:
www.dest-unreach.org:
socat - Multipurpose relay. Read more

 

Vulnerabilities & Exploits
www.cybsec.com:
Arbitrary File Read/Delete in SAP BC (Business Connector). Read more

www.cisco.com:
Cisco Security Advisory: TACACS+ Authentication Bypass in Cisco Anomaly Detection and Mitigation Products. Read more

www.digitalarmaments.com:
Gallery web-based photo gallery remote file execution. Read more

securitytracker.com:
SAP Business Connector Bugs Let Remote Users View or Delete Files and Conduct Phishing Attacks. Read more

securitytracker.com:
Cisco Traffic Anomaly Detector May Let Remote Users Bypass TACACS+ Authentication. Read more

securitytracker.com:
Cisco Guard May Let Remote Users Bypass TACACS+ Authentication. Read more

 

News
www.securityfocus.com:
OS X Trojan appears. Read more

www.whatpc.co.uk:
Mobile virus growth outpaces PC malware. Read more

news.com.com:
Homeland Security official suggests outlawing rootkits. Read more

www.m2.com:
Webroot reports new type of phishing trojans. Read more

www.computerworld.com:
DHS: Sony rootkit may lead to regulation. Read more

software.silicon.com:
New twist in Nasa hacker hearing. Read more

www.securityfocus.com:
Firms: Don't expect federated IDs soon. Read more

www.tmcnet.com:
Anti-virus companies slow to tackle Sony's spy software. Read more

www.securitypronews.com:
UK Wants Backdoor Into Windows. Read more

www.watchguard.com:
Movie Review: Firewall is all about the hack (in the writing sense). Read more

16 February 2006

Guides, Papers, etc
www.cs.columbia.edu:
Worm Propagation Strategies in an IPv6 Internet. Read more

www.theglobeandmail.com:
Scaling the firewall of digital censorship. Read more

blogs.securiteam.com:
Comment spam: drive-by sites, domains and spyware - analysis, samples and facts. Read more

www.securityfocus.com:
Privacy and anonymity. Read more

ddanchev.blogspot.com:
A timeframe on the purchased/sold WMF vulnerability. Read more

ddanchev.blogspot.com:
Detecting intruders and where to look for. Read more

www.uninformed.org:
Rootkit Technology: FUTo. Read more

www.emailbattles.com:
Rootkitted? Do NOT Re-Format That Hard Drive. Read more

www.emailbattles.com:
Rootkitters Lay in Wait for Vista 2006. Read more

www.emailbattles.com:
Rootkit Guru: Win 9x/ME Are Hopeless. Read more

invisiblethings.org:
Thoughts about Cross-View based Rootkit Detection. Read more

www.siliconvalleysleuth.com:
Things you don't want Google to find. Read more

ia.rediff.com:
The ultimate challenge for hackers. Read more

www.pcworld.com:
Avoid Viruses and Phishing Scams. Read more

www1.cs.columbia.edu:
A Self-Learning Worm Using Importance Scanning. Read more

www1.cs.columbia.edu:
On Instant Messaging Worms, Analysis and Countermeasures. Read more

news.com.com:
Video: Taking heat over censorship in China. Read more

news.com.com:
Video: Tech giants' 'nauseating collaboration' in China. Read more

www.eff.org:
A Code of Conduct for Internet Companies in Authoritarian Regimes. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
PostgreSQL SET ROLE Validation Error Lets Remote Authenticated Users Obtain Elevated Privileges. Read more

securitytracker.com:
Sun Solaris in.rexecd(1M) on Kerberos Systems Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Mac OS X Undocumented System Call Lets Local Users Deny Service. Read more

securitytracker.com:
Microsoft PowerPoint May Let Users Access Contents of the Temporary Internet Files Folder. Read more

securitytracker.com:
Microsoft Office Korean Input Method Editor Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Microsoft Windows Web Client Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Windows IGMP Processing Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
Windows Media Player Plug-in for 3rd Party Browsers Buffer Overflow in Processing EMBED Elements Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Windows Media Player Bitmap File Bug May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
RUNCMS Input Validation Flaw in 'pmlite.php' Permits SQL Injection Attacks. Read more

securitytracker.com:
Plume CMS Include File Error in 'prepend.php' Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
ImageMagick SetImageInfo() Format String Bug May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Winamp Buffer Overflow in Processing '.m3u' File Names May Let Remote Users Execute Arbitrary Code. Read more

 

News
www.washingtonpost.com:
Internet Firms Address China Practices. Read more

technology.guardian.co.uk:
Pirates and bloggers beat China's great wall of propaganda. Read more

news.com.com:
Congressman quizzes Net companies on shame. Read more

www.vnunet.com:
Worms turn on Google to hunt for victims. Read more

news.bbc.co.uk:
Profile: Hacker Gary McKinnon. Read more

news.com.com:
Judge: Firm not negligent in failure to encrypt data. Read more

www.theregister.co.uk:
'Pentagon hacker' wants to see Bush's John Hancock. Read more

www.pcworld.com:
FBI Director: Cyberthreats 'Fluid and Far-reaching'. Read more

www.smh.com.au:
'Spam man' wins gold. Read more

software.silicon.com:
Proof: Employees don't care about security. Read more

www.reghardware.co.uk:
Patch posted to run Mac OS X 10.4.4 on 'generic PC'. Read more

www.emailbattles.com:
How Go Daddy Lost A Longtime Customer To A Phisher. Read more

news.com.com:
Oracle tried to buy open-source MySQL. Read more

15 February 2006

Guides, Papers, etc
www.securescience.net:
Emerging Threat Center Malware Analysis Report 02-February 2006, v1.1. Read more

www.f-secure.com:
HIDE 'N SEEK REVISITED -FULL STEALTH IS BACK. Read more

www.blackhat.com:
Rootkit Hunting vs. Compromise Detection. Read more

blogs.msdn.com:
Security and Compatibility with IE7. Read more

ddanchev.blogspot.com:
Look who's gonna cash for evaluating the maliciousness of the Web? Read more

www.usenix.org:
Botz-4-Sale: Surviving Organized DDoS Attacks That Mimic Flash Crowds. Read more

www.viruslist.com:
Love is in the Internet. Or is it? Read more

belnet.dl.sourceforge.net:
Tutorial of SQL Power Injector 1.0. Read more

blogs.pcworld.com:
Spyware Can Make Your PC Lie To You--Report. Read more

www.wired.com:
Spyware: What You Need to Know. Read more

www.informationweek.com:
'Trusted Network Connect' Puts Hardware Security Agent In Every PC. Read more

news.com.com:
The man behind Cisco's security. Read more

 

Tools:
www.sqlpowerinjector.com:
SQL Power Injector is an application created in .Net 1.1 that helps the penetrating tester to inject SQL commands on a web page. Read more

 

News
www.microsoft.com:
Microsoft Security Bulletin MS06-004. Read more

blogs.technet.com:
Information about Today's Bulletin Release and MS06-007 on Microsoft Update/Windows Update. Read more

www.f-secure.com:
About the Hidden Smith Family. Read more

www.kentucky.com:
Tech firms feel the heat over China's firewall. Read more

news.bbc.co.uk:
Party elders attack China censors. Read more

news.bbc.co.uk:
Net firms face grilling on China. Read more

today.reuters.co.uk:
China shuts 76 Web sites in crackdown on piracy. Read more

bink.nu:
Gates Shares Microsoft’s Vision for a More Secure Future. Read more

www.neowin.net:
Bill Gates: RSA Keynote 2006. Read more

news.xinhuanet.com:
Microsoft unveils new security program for online transactions. Read more

news.bbc.co.uk:
UK holds Microsoft security talks. Read more

software.silicon.com:
Cyber security 'not keeping pace with threats'. Read more

www.theregister.co.uk:
Skype and Vonage: thank you, and goodnight. Read more

weblogs.mozillazine.org:
real world browser threats. Read more

www.theregister.co.uk:
OFT warns of online dating scams. Read more

australianit.news.com.au:
Hacker fights US extradition. Read more

www.msnbc.msn.com:
Man threatens to attack Olympic computers. Read more

14 February 2006

Guides, Papers, etc
www.eusecwest.com:
EUSecWest: Security Masters Dojo. Read more

blogs.securiteam.com:
Three exploits for HTML Help Workshop flaw released. Read more

www.virusbtn.com:
The trouble with rootkits. Read more

www.microsoft.com:
Windows Vista Step-by-Step Guides for IT Professionals. Read more

isc.sans.org:
Phollow the Phlopping Phish. Read more

blog.washingtonpost.com:
The New Face of Phishing. Read more

ddanchev.blogspot.com:
Recent Malware developments. Read more

www.comp.leeds.ac.uk:
Automatic Identification of Shipping Container Codes. Read more

www.it-observer.com:
AJAX Security. Read more

www.time.com:
Meet The Google Guys. Read more

www.tcmagazine.info:
Under Attack. Read more

news.com.com:
Video: Computer history on display. Watch

news.com.com:
ENIAC: The public's first glimpse of a computer. Watch

news.com.com:
Video: A computer pioneer flashes back to the '40s. Watch

news.com.com:
Video: Google's new desktop search. Watch

www.cis.upenn.edu:
Defending against Hitlist Worms using Network Address Space Randomization. Read more

www.sfgate.com:
How best to protect kids from online porn. Read more

 

Vulnerabilities & Exploits
www.securiteam.com:
Microsoft Internet Explorer Drag-and-Drop Redeux. Read more

blogs.technet.com:
Information on IE Drag and Drop Issue. Read more

www.securiteam.com:
Microsoft Internet Explorer Drag-and-Drop Redeux. Read more

www.frsirt.com:
Honeyd IP Reassembly Remote Virtual Hosts Detection Vulnerability. Read more

securitytracker.com:
phphg Multiple Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more

securitytracker.com:
SSH Tectia Server SFTP Logging Bug May Let Remote Authenticated Users Execute Arbitrary Commands. Read more

securitytracker.com:
libpng Buffer Overflow in png_set_strip_alpha() Lets Users Deny Service. Read more

 

News
news.com.com:
Google fixes China search bugs. Read more

news.com.com:
Web of intrigue widens in debit-card theft case. Read more

www.theregister.co.uk:
Dept of Homeland Security tests cyberterrorism response. Read more

seattlepi.nwsource.com:
Microsoft unveils mobile software to rival BlackBerry. Read more

seattlepi.nwsource.com:
Microsoft pushes InfoCard for secure online ID. Read more

www.usatoday.com:
Bill would keep servers out of China. Read more

edition.cnn.com:
Entwistle computer gives up sex secrets. Read more

news.com.com:
Spyware fight attracts a crowd. Read more

www.informationweek.com:
How To Avoid A St. Valentine's Day Malware Massacre. Read more

www.technewsworld.com:
2006: 'Year of the Exploit' for OS X? Read more

www.usdoj.gov:
Florida Man Indicted for Causing Damage and Transmitting Threat to Former Employer’s Computer System. Read more

www.local6.com:
Woman Victimized By 'Keylogger' Spyware. Read more

13 February 2006

Guides, Papers, etc
blog.washingtonpost.com:
Microsoft Anti-Spyware Deleting Norton Anti-Virus. Read more

www.acsa-admin.org:
Design and Implementation of an Extrusion-based Break-In Detector for Personal Computers. Read more

www.acsa-admin.org:
Detecting Intra-enterprise Scanning Worms based on Address Resolution. Read more

www.acsa-admin.org:
Stealth Breakpoints. Read more

www.pcworld.com:
The New Virus Fighters. Read more

blogs.securiteam.com:
Comment Spam: new trends, failing counter-measures and why it’s a big deal. Read more

www.microsoft.com:
Microsoft Announces Beta Availability of ISA Server 2006 and Acquisition of a Web-Filtering Product from FutureSoft. Read more

 

Vulnerabilities & Exploits
isc.sans.org:
New Exploit for HTML Help Workshop vulnerability. Read more

www.rs-labs.com:
Multiple flaws in VHCS 2.x. Read more

securitytracker.com:
GnuTLS libtasn1 DER Decoding Bugs Let Remote Users Deny Service. Read more

securitytracker.com:
IBM Lotus Domino/Notes 'nldap.exe' Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
IBM Domino Web Access Input Validation Flaws Permit Cross-Site Scripting Attacks. Read more

 

News
news.netcraft.com:
Payment Gateway StormPay Battling Sustained DDoS Attack. Read more

news.bbc.co.uk:
'Cyber Storm' tests US defences. Read more

blogs.siliconvalley.com:
New from Google Labs: Google Information Security Catastrophe. Read more

sltrib.com:
AT&T sues small nonprofit company for hacking fees that trace back to it. Read more

www.pcworld.idg.com.au:
Movie 'Firewall' dramatizes dangers of ID theft. Read more

seattletimes.nwsource.com:
3 accused of inducing ill effects on computers at local hospital. Read more

www.redorbit.com:
Tarari's Chip Catches Viruses Before They Hit. Read more

www.news24.com:
Website's name 'too rude'. Read more

11 February 2006

Guides, Papers, etc
www.computerworld.com:
Protecting your network against spoofed IP packets. Read more

www.wired.com:
The Rootkit of All Evil. Read more

www.techworld.com:
Dawn of the undead. Read more

blog.washingtonpost.com:
Letter From the Anti-Spyware Coalition Conference. Read more

www.acsa-admin.org:
ScriptGen: an automated script generation tool for honeyd. Read more

www.thomas-apel.de:
Generating Fingerprints of Network Servers and their Use in Honeypots. Read more

blogs.msdn.com:
Search in IE7. Read more

blogs.msdn.com:
Protected Mode in Vista IE7. Read more

www.informationweek.com:
Letter writers on Unix: 'Wake up, Guys!'. Read more

 

Tools:
www.microsoft.com:
Microsoft Office Visio 2003 Connector for the Microsoft Baseline Security Analyzer (MBSA) 2.0. Read more

searchwinsystems.techtarget.com:
Freeware helps admins monitor Windows log files in real time. Read more

www.caida.org:
Cuttlefish: Geographic Visualization Tool. Read more

fileforum.betanews.com:
3d Traceroute 2.2.16.31 Beta. Read more

news.com.com:
VMware to test new high-end product. Read more

 

Vulnerabilities & Exploits
www.idefense.com:
BM Lotus Domino Server LDAP DoS Vulnerability. Read more

securitytracker.com:
eyeOS Initialization Error in $_SESSION Array Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
CPAINT Input Validation Hole in 'cpaint2.inc.php' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Indexu Include File Flaw in 'application.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
HP Tru64 UNIX DNS BIND4/BIND8 Facilitates Cache Corruption Attacks. Read more

securitytracker.com:
HP Insight Manager Directory Traversal Bugs Let Remote Users Obtain Files on the Target System. Read more

securitytracker.com:
Sun Java System Directory Server LDAP Processing Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
PAM-MySQL pam_get_item() Double Free May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
SPIP Include File Bug in 'spip_rss.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
CPG Dragonfly Include File Bug in 'install.php' Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.sophos.com:
Bagle worm spreading widely as "February Price" email. Read more

itvibe.com:
Return of the Bagle worm, new variant spreading fast. Read more

www.vnunet.com:
Web giants slammed over China policy. Read more

www.theregister.co.uk:
Yahoo! in second Chinese dissident rumpus. Read more

www.theregister.co.uk:
EFF issues Google Desktop warning. Read more

www.extremetech.com:
One In Two PCs Won't Run Vista's 3D Interface. Read more

www.theregister.co.uk:
Google to get a handle on handwriting. Read more

arstechnica.com:
FTC considers going after companies that advertise with adware. Read more

www.infoworld.com:
Symantec moving ahead with database appliance. Read more

www.vnunet.com:
Japan leads the way in spam relay prevention. Read more

www.viruslist.com:
Official US cyber security survey launched. Read more

www.wlns.com:
Companies Hiring Hackers to Break into Their Computers. Read more

www.theinquirer.net:
Ericsson claims first antivirus for mobile operators. Read more

10 February 2006

Guides, Papers, etc
blogs.securiteam.com:
Google Copies Your Hard Drive - Government Smiles in Anticipation. Read more

money.cnn.com:
Privacy issues in Google desktop upgrade. Read more

www.businessweek.com:
Outrunning China's Web Cops. Read more

blogs.washingtonpost.com:
Virus Naming Still a Mess. Read more

www.caida.org:
The Nyxem Email Virus: Analysis and Inferences. Read more

research.sun.com:
Security, Wiretapping, and the Internet. Read more

www.informationweek.com:
Review: Microsoft Internet Explorer 7, Firefox, And Other Browsers In Four-Way Shootout. Read more

www.hotwired.com:
Webmonkey First Look: IE7 Beta2 Preview. Read more

blogs.msdn.com:
Protected Mode in Vista IE7. Read more

msdn.microsoft.com:
Understanding and Working in Protected Mode Internet Explorer. Read more

www.invisiblethings.org:
Thoughts about Cross-View based Rootkit Detection. Read more

www.scs.carleton.ca:
Addressing Malicious SMTP-based Mass-Mailing Activity Within an Enterprise Network. Read more

ddanchev.blogspot.com:
The War against botnets and DDoS attacks. Read more

www.ecs.soton.ac.uk:
Hunting the initial vector. Read more

www.cioupdate.com:
Decrypting Encryption Myths. Read more

www.securityfocus.com:
WiFi for dummies. Read more

www.webpronews.com:
How To Deal With Wireless Encryption Security Threats. Read more

www.emailbattles.com:
Black Hat Fingers Email As Easy Target. Read more

 

News
www.theregister.co.uk:
Islamist hackers attack Danish sites. Read more

www.vnunet.com:
Hackers take Mohammed cartoon jihad online. Read more

www.crn.com:
Spyware Barely Touches Firefox. Read more

www.tmcnet.com:
Computer anti-virus experts warn that Valentine's Day opens the way for spyware, spam and viruses. Read more

www.microsoft.com:
Microsoft Security Bulletin Advance Notification. Read more

news.zdnet.co.uk:
Microsoft widens legal protection. Read more

news.bbc.co.uk:
Spyware warriors call for action. Read more

news.com.com:
Advertisers may face public humiliation over adware. Read more

www.linuxdevices.com:
Hacker showcase this weekend in San Francisco. Read more

www.informationweek.com:
Homeland Security Readies International Cyber-Wargame. Read more

www.informationweek.com:
Microsoft Enters Consumer Security Battle With Symantec. Read more

09 February 2006

Guides, Papers, etc
techrepublic.com.com:
Securing an auto logon in Windows XP. Read more

www.windowsecurity.com:
Generating Resultant Set of Policy Queries. Read more

www.eweek.com:
By Larry Seltzer. Goodmail Is a Much Misunderstood Solution. Read more

csrc.nist.gov:
Guidelines for Media Sanitization. Read more

 

Vulnerabilities & Exploits
sunsolve.sun.com:
Security Vulnerabilities in the Java Runtime Environment may Allow an Untrusted Applet to Elevate its Privileges. Read more

securitytracker.com:
GA's Forum Input Validation Hole in 'archive.asp' Permits SQL Injection Attacks. Read more

securitytracker.com:
QNX Neutrino RTOS Multiple Bugs Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
QNX RTOS Unspecified Bug Lets Local Users Deny Service and 'rc.local' Configuration Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Java Web Start Bug Lets Remote Applets Gain Privileges on the Target User's System. Read more

securitytracker.com:
Sun Java Runtime Environment (JRE) Reflection API Multiple Bugs Let Applets Gain Elevated Privileges. Read more

securitytracker.com:
Microsoft Windows UPnP/NetBT/SCardSvr/SSDP Services May Be Incorrectly Configured By 3rd Party Applications, Allowing Local Users to Gain Elevated Privileges. Read more

securitytracker.com:
vwdev Input Validation Hole Permits SQL Injection Attacks. Read more

securitytracker.com:
Lexmark Printer Sharing Service Lets Remote Users Execute Arbitrary Code on the Target User's System. Read more

securitytracker.com:
IBM Lotus Domino/Notes LDAP Bug Lets Remote Users Deny Service. Read more

 

News
www.theregister.co.uk:
Russian keyloggers hit bank customers. Read more

news.bbc.co.uk:
Chinese man 'jailed due to Yahoo'. Read more

www.smh.com.au:
Man jailed for posting critical comment online. Read more

news.bbc.co.uk:
Microsoft tackles security rivals. Read more

www.techcrunch.com:
Google Desktop 3.0: Privacy is Dead(er). Read more

www.usatoday.com:
U.S. plans massive data sweep. Read more

www.betanews.com:
MS Discloses Limited WMF Vulnerability. Read more

www.computerworld.com.au:
Attack code published for Firefox flaw. Read more

www.timesonline.co.uk:
Suicide mystery in Greek spy scandal. Read more

www.theregister.co.uk:
Spanish hacker jailed for two years. Read more

www.computerworld.com:
McAfee launches bot-killing system. Read more

news.bbc.co.uk:
Anti-cartoon protests go online. Read more

08 February 2006

Guides, Papers, etc
www.securityfocus.com:
Apple's in the eye of flaw finders. Read more

www.securityfocus.com:
Blackmal down, but may not be out. Read more

www.wired.com:
Spinning Suspicious Searches. Read more

www.computerworld.com.au:
A new view of security in Vista. Read more

www.sysinternals.com:
Using Rootkits to Defeat Digital Rights Management. Read more

www.securityfocus.com:
Help! My box has been owned...Read more

blogs.securiteam.com:
Researchers and Wiki and Pederasts - Oh my! Read more

searchsecurity.techtarget.com:
Web application firewalls create breathing room. Read more

www.rootsecure.net:
Locate almost anyone in the UK without their permission. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Heimdal RSHD Credential Cache Bug Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Clever Copy Input Validation Hole in 'mailarticle.php' Permits SQL Injection Attacks. Read more

securitytracker.com:
cPanel 'mime/handle.html' Input Validation Bug Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Borland Delphi-BCB/Compiler Integer Overflow May Let Users Execute Arbitrary Code. Read more

 

News
software.silicon.com:
'New Windows security concerns in the wild', says Microsoft. Read more

www.eweek.com:
Microsoft Gives Workarounds for New IE, Windows Flaws. Read more

www.theregister.co.uk:
Microsoft details Windows antivirus pricing. Read more

www.theage.com.au:
Internet spins spy web for China. Read more

news.com.com:
Politicos divided on need for 'net neutrality' mandate. Read more

www.sophos.com:
Spanish hacker sentenced to two years in jail for DDoS attack. Read more

blogs.zdnet.com:
More on the University of Washington spyware study. Read more

www.zone-h.org:
Prophet Mohammed protest spreads on the digital ground. Hundreds of cyber attacks against Danish and western webservers spreading rage in the name of Allah. Read more

www.theregister.co.uk:
Drive-by downloads on the wane. Read more

www.msnbc.msn.com:
Yahoo, AOL plan fee for bypassing spam filters. Read more

www.msnbc.msn.com:
Google treads on Microsoft turf in Dell deal. Read more

www.vnunet.com:
Rule change aids China cyber-squatters. Read more

news.bbc.co.uk:
Global wi-fi plan gets $22m boost. Read more

news.bbc.co.uk:
Google takes aim at chat rivals. Read more

www.technewsworld.com:
Maker of CD Copying Software Relents on Security. Read more

07 February 2006

Guides, Papers, etc
www.websensesecuritylabs.com:
Technical Analysis of MS06-001. Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919). Read more

www.caida.org:
The Nyxem Email Virus: Analysis and Inferences. Read more

www.symantec.com:
When Malware Meets Rootkits. Read more

www.symantec.com:
The Evolution of Malicious IRC Bots. Read more

www.infosecwriters.com:
The Role of Modeling and Simulation in Information Security The Lost Ring. Read more

blogs.securiteam.com:
Memoirs of a (media hound) virus researcher. Read more

www.webappsec.org:
Domain Contamination. Read more

www.cs.washington.edu:
A Crawler-based Study of Spyware on the Web. Read more

www.contractoruk.com:
Is Windows really more secure than Linux? Read more

searchopensource.techtarget.com:
Fortifying Linux against common malware. Read more

ddanchev.blogspot.com:
The current state of IP spoofing. Read more

www.eweek.com:
Join the Spyware Fight. Read more

castlecops.com:
Identity Stolen... Now what? Read more

weblogs.mozillazine.org:
Where Did Firefox Come From? Read more

 

Tools:
www.betanews.com:
VMware Launches Free Server Beta. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Microsoft HTML Help Workshop Buffer Overflow in Processing .hhp Files Lets Remote User Execute Arbitrary Code. Read more

securitytracker.com:
CommuniGate Pro LDAP Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
PluggedOut Blog Input Validation Bugs Permit SQL Injection and Cross-Site Scripting Attacks. Read more

securitytracker.com:
Hosting Controller Input Validation Holes in 'AddGatewaySettings.asp' and 'IPManager.asp' Permit SQL Injection. Read more

 

News
www.securityfocus.com:
Spyware remains rampant as Winamp exploited. Read more

www.theregister.co.uk:
Kama Sutra a wet blanket. Read more

www.vnunet.com:
US prepares to hack the world. Read more

www.vnunet.com:
Google blacklists page rank cheats. Read more

news.zdnet.co.uk:
Spam campaigners reject email payment plan. Read more

www.silicon.com:
Spamhaus hits out at paid-for email delivery plan. Read more

software.silicon.com:
Microsoft antivirus product due before summer. Read more

www.washingtonpost.com:
Varied Rationales Muddle Issue of NSA Eavesdropping. Read more

blog.eweek.com:
NSA uses D-Shield, too! Read more

news.bbc.co.uk:
Global wi-fi plan gets $22m boost. Read more

news.bbc.co.uk:
BT sounds child web porn warning. Read more

06 February 2006

Guides, Papers, etc
astalavista.com:
Chinese Hackerism in Retrospect : The Legend of a New Revolutionary Army. Read more

blogs.securiteam.com:
Where are all the victims of CME-24/BlackWorm? Read more

www.rootkit.com:
The definition of a rootkit. Read more

news.zdnet.com:
FAQ: When Google is not your friend. Read more

reviews.cnet.com:
Whom do you trust? Read more

searchwindowssecurity.techtarget.com:
Keylogger basics. Read more

www.vnunet.com:
MyDoom and the art of misdirection. Read more

www.eweek.com:
A Slow Death for ActiveX? Read more

Patch Me Up by the geek band, Rootkit. Listen

 

Tools:
www.northern-monkee.co.uk:
BobCat is a tool to aid a security consultant in taking full advantage of SQL injection vulnerabilities. It is based on a tool named "Data Thief" that was published as PoC by appsecinc. BobCat can list the linked severs, database schema, and allow the retrieval of data from any table that the current application user has access to. Read more

www.betanews.com:
VMware to Give Away Server Software. Read more

 

Vulnerabilities & Exploits
securityreason.com:
phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin. Read more

securitytracker.com:
Loudblog Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
IBM Tivoli Access Manager Input Validation Hole in Web Server Plug-in 'pkmslogout' Script Lets Remote Authenticated Users Traverse the Directory. Read more

securitytracker.com:
NeoMail Input Validation Flaw in 'date' Parameter Permits Cross-Site Scripting Attacks. Read more

 

News
business.timesonline.co.uk:
Rumours mount over Google's internet plan. Read more

www.vnunet.com:
Hackers writing zero-day malware to order. Read more

www.technewsworld.com:
Kama Sutra Is All Tease and No Action. Read more

www.int.iol.co.za:
Google's good-guy image starting to wear thin. Read more

www.timesonline.co.uk:
Google blacklists BMW in Germany. Read more

www.vnunet.com:
Firms take control of IT security standards. Read more

news.bbc.co.uk:
E-mail charging plan to beat spam. Read more

www.livescience.com:
Study Notes Decline in Internet Spyware. Read more

www.tgdaily.com:
Chinese hackers going after game information. Read more

news.bbc.co.uk:
One in eight 'harassed by e-mail'. Read more

www.kbcafe.com:
Ringo is Malware. Read more

news.com.com:
Smoking out photo hoaxes with software. Read more

04 February 2006

Guides, Papers, etc
www.securityfocus.com:
Malicious Malware: attacking the attackers, part 2. Read more

www.securitypipeline.com:
How It Works: Polymorphs: Attack of the Mutant Virus. Read more

news.bbc.co.uk:
Sign software on the digital line. Read more

www.windowsecurity.com:
Caveat Lector: Authentication, the Forgotten, Should-be Predominant. Read more

news.com.com:
Verbatim: Search firms surveyed on privacy. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
eXchange POP3 Server Buffer Overflow in SMTP RCPT TO Command Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Adobe Illustrator File/Folder Access Control Error Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Adobe Photoshop File/Folder Access Control Error Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Adobe Creative Suite File/Folder Access Control Error Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
KDE kpdf Heap Overflow in Splash Rasterizer Engine Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
CA Unicenter TNG Message Queuing Bugs Let Remote Users Deny Service. Read more

securitytracker.com:
Mozilla Firefox Multiple Vulnerabilities May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
SZUserMgnt Input Validation Flaw in 'SZUserMgnt.class.php' Permits SQL Injection Attacks. Read more

 

News
www.securityfocus.com:
Blackmal deletion day appears a dud. Read more

www.theregister.co.uk:
Virus floors Russian stock exchange. Read more

seattlepi.nwsource.com:
Researchers fear confusion on worm name. Read more

www.dailytech.com:
Great Google Firewall of China Relaxed for Six Hours. Read more

www.webuser.co.uk:
F-Secure falls victim to spoofers. Read more

www.spamdailynews.com:
Google.cn blocked by China's government. Read more

blogs.zdnet.com:
Decrease in spyware on the net? Read more

03 February 2006

Guides, Papers, etc
www.blackhat.com:
Black Hat Europe 2006. Read more

www.caida.org:
Botnet Detection and Response: The Network is the Infection. Read more

www.reverse.net:
Operation Cyberslam. Read more

www.cs.washington.edu:
A Crawler-based Study of Spyware on the Web. Read more

209.59.135.198:
The Great Anti-Virus Conspiracy. Read more

 

Tools:
fileforum.betanews.com:
RootkitRevealer 1.7. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Sun Java System Access Manager May Let Local Users Obtain Elevated Privileges. Read more

securitytracker.com:
FreeBSD TCP SACK Processing May Let Remote Users Deny Service. Read more

securitytracker.com:
Winamp Error in Processing m3u/pls Files With '.wma' File Extension Lets Remote Users Deny Service. Read more

securitytracker.com:
Netscape '-moz-binding' Property Validation Flaw Lets Remote Users Conduct Cross-Domain Scripting Attacks. Read more

securitytracker.com:
Symantec Sygate Management Server Input Validation Error Lets Remote Users Inject SQL Commands to Gain Administrative Access. Read more

securitytracker.com:
Calendarix Input Validation Bugs in cal_functions.inc.php and cal_login.php Permit SQL Injection Attacks. Read more

securitytracker.com:
Microsoft Internet Explorer Shockwave Flash Scripting Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
MailEnable Professional IMAP EXAMINE Command May Let Remote Authenticated Users Deny Service. Read more

securitytracker.com:
Solaris 10 x64 Kernel setcontext() Bug Lets Local Users Deny Service. Read more

securitytracker.com:
SPIP Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more

securitytracker.com:
IronMail "Denial of Service Protection" Lets Remote Users Deny Service. Read more

securitytracker.com:
FarsiNews Include File Bug in 'logout.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mozilla Firefox '-moz-binding' Property Validation Flaw Lets Remote Users Conduct Cross-Domain Scripting Attacks. Read more

securitytracker.com:
Winamp Buffer Overflow in Processing Playlist Files Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.theregister.co.uk:
Google cops more flak over China. Read more

news.zdnet.co.uk:
Russian hackers 'sold WMF exploit'. Read more

news.bbc.co.uk:
Computer threat from Nyxem virus. Read more

sunbeltblog.blogspot.com:
Winamp exploit found in the wild. Read more

www.internetnews.com:
A Sobering Report on Viruses. Read more

www.vnunet.com:
Mozilla plugs eight Firefox security holes. Read more

www.informationweek.com:
Feds Charge 19 In Piracy Ring. Read more

www.internetnews.com:
IBM: Users Are The Weak Link in Security. Read more

www.emailbattles.com:
CME-24 Porn Virus: First Unplug Your Network! Read more

itvibe.com:
Spammed trojan horse poses as CCTV picture of campus rapist. Read more

www.technewsworld.com:
January Busy Month for Malware Authors. Read more

news.com.com:
Judge postpones Google subpoena hearing. Read more

news.zdnet.co.uk:
Microsoft security chief attacks government. Read more

02 February 2006

New Trojans January 2006. Read more

 

Guides, Papers, etc
blogs.securiteam.com:
CME-24 (Blackworm) - First Results Of Damage Already Seen. Read more

www.securitypipeline.com:
How It Works: Polymorphs: Attack of the Mutant Virus. Read more

se.securitypipeline.com:
Five Ways To Keep Your Google Searches Private. Read more

www.computerworld.com:
Sidebar: A Simple Rootkit Example. Read more

www.ebankingsecurity.com:
Why eBanking is Bad for your Bank Balance. Read more

www.esecurityplanet.com:
New HIPS Technology Takes on Zero-Day Attacks. Read more

blogs.washingtonpost.com:
Research: Buggy, Flawed 'ActiveX' Controls Pervasive. Read more

www.securitypipeline.com:
Anatomy Of A Break-In. Read more

 

News
www.microsoft.com:
Microsoft Outlines Policy Framework for Dealing with Government Restrictions on Blog Content. Read more

news.com.com:
Gates: Web site censorship doesn't work. Read more

www.theregister.co.uk:
Microsoft changes China policy. Read more

www.securityfocus.com:
Blackmal virus set to delete files. Read more

www.theregister.co.uk:
Kama Sutra worm crashes malware chart. Read more

www.theregister.co.uk:
Old media wants new deal with search engines. Read more

www.vnunet.com:
Microsoft flooded with IE7 bug reports. Read more

today.reuters.com:
US accuses cyber-piracy group of 'massive' theft. Read more

www.newsfactor.com:
Security Heavyweights Join To Fight Spyware. Read more

www.informationweek.com:
CERT Stats Under Fire. Read more

news.com.com:
British ISPs must turn in customer details. Read more

www.vnunet.com:
Small firms face IT security risk. Read more

www.securitypipeline.com:
All the Rage: Worms Turn Against IM. Read more

news.bbc.co.uk:
ID theft 'contained' says study. Read more

www.informationweek.com:
Microsoft Won't Issue Advance Kama Sutra Fix. Read more

news.com.com:
How to evade Google search. Read more

www.redherring.com:
Analysts Rush to Google’s Side. Read more

www.redherring.com:
Gates Funds Community Tech. Read more

www.redherring.com:
Banks Press for Data Safety. Read more

01 February 2006

Guides, Papers, etc
www.securityfocus.com:
Malicious Malware: attacking the attackers, part 1. Read more

www.securityfocus.com:
Nmap 4.00 with Fyodor. Read more

nwc.networkingpipeline.com:
Russian Security Guru: Here Are Your Biggest Network Holes. Read more

searchsecurity.techtarget.com:
Security Bytes: Firefox flaw could expose sensitive data. Read more

ddanchev.blogspot.com:
Was the WMF vulnerability purchased for $4000?! Read more

ddanchev.blogspot.com:
Security Interviews 2004/2005 - Part 3. Read more

www.tectonic.co.za:
OSS is an easier hack: Mitnick. Read more

www.cs.princeton.edu:
Windows Access Control Demystified. Read more

www.computerworld.com.au:
Why seven-layer security is crucial for networks. Read more

www.theregister.co.uk:
VMware's Chief promises to play nice with Microsoft and Xen. Read more

www.glop.org:
Boycott Starforce. Read more

 

Tools:
www.piotrbania.com:
OPEN SOURCE DISASSEMBLER ENGINE. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
HP Tru64 UNIX BIND Flaw May Let Remote Users Gain Privileged Access. Read more

securitytracker.com:
PmWiki Include File Bug Lets Remote Users Execute Arbitrary Code and Input Validation Bugs Permit Cross-Site Scripting, and Path Disclosure Attacks. Read more

 

News
www.microsoft.com:
Microsoft Security Advisory (904420). Read more

www.securityfocus.com:
Data leaks already inundating 2006. Read more

www.theregister.co.uk:
Winamp exploit poses hacker risk. Read more

www.boingboing.net:
Anti-copying malware installs itself with dozens of games. Read more

www.boingboing.net:
StarForce threatens to sue me for criticizing its products. Read more

www.theregister.co.uk:
Spyware probe couple deported to Israel. Read more

spamkings.oreilly.com:
Author of MySpace bot denies wrongdoing. Read more

www.upi.com:
British millionaire faces hacking charges. Read more

www.betanews.com:
Microsoft Releases Public IE7 Preview. Read more

www.betanews.com:
AT&T Sued for Opening Network to NSA. Read more


Copyright© MegaSecurity.org