Home    News Archive    Translate Traducen
News April 2005
30 April 2005

Guides, Papers, etc
www.infectionvectors.com:
Beagle Alert. Read more

www.viruslist.com:
The Bagle botnet. Read more

www.internetnews.com:
Paul Kocher, President, Cryptography Research. Read more

www.securityfocus.com:
Backups tapes a backdoor for identity thieves. Read more

www.eeproductcenter.com:
Hacking a SQL Server. Read more

www.eeproductcenter.com:
Cryptography and Competition Policy Issues with "Trusted Computing". Read more

www.pcworld.com:
New Ad Attacks. Read more

www.computerworld.com:
Log-on type codes revealed. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
Symantec AntiVirus RAR Decomposition Error Lets Certain RAR Archives Bypass Anti-virus Detection. Read more

www.securitytracker.com:
enVivo!CMS Input Validation Flaw Lets Remote Users Inject SQL Commands and Gain Administrative Privileges. Read more

www.securitytracker.com:
Lotus Domino Format String Flaw in Processing NRPC Protocol Lets Remote Users Deny Service. Read more

www.securitytracker.com:
Lotus Notes Can Be Crashed By Local Users Via the 'notes.ini' File. Read more

www.securitytracker.com:
Lotus Domino @SetHTTPHeader Permits HTTP Response Splitting Attacks. Read more

www.securitytracker.com:
WWWguestbook 'login.asp' Lets Remote Users Inject SQL Commands. Read more

www.securitytracker.com:
JustWilliam's Amazon Webstore Input Validation Holes Permit Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Safari Can Be Crashed With Long HTTPS URL. Read more

www.securitytracker.com:
phpCOIN Input Validation Holes in 'login.php' and 'mod.php' Let Remote Users Inject SQL Commands. Read more

www.securitytracker.com:
Ocean12 Mailing List Manager Lets Remote Users Inject SQL Commands. Read more

 

News
www.newscientist.com:
Google searches for quality not quantity. Read more

www.theregister.co.uk:
Google redraws world according to George Bush. Read more

www.theregister.co.uk:
Trojan attack exploits Google typos. Read more

www.pcworld.com:
Spyware Doctor Fails to Beat Favorites in Latest Tests. Read more

www.pcworld.com:
Adware/Spyware Vendor Sued Over 'Invasive' Software. Read more

news.zdnet.co.uk:
Have email viruses had their day? Read more

news.zdnet.co.uk:
No electronic 9/11 here, says Home Office. Read more

www.computerworld.com:
Trust in Online Banking: Hard to Earn, Easy to Lose. Read more

www.pcworld.com:
First Look: Symantec's So-So Spyware Protection. Read more

29 April 2005

Guides, Papers, etc
The stupidest hacker on earth.
This is the story of "bitchchecker" (the hacker) a user who lost it because he thought he had been kicked of a RC channel by "Elch".
The hacker comes back on the channel threatening to hack and ruin Elch machine, and dares Elch to give his IP address.
The address given was 127.0.0.1 (which is anyone's local IP address - you own IP, if you want), but bitchchecker was not knowledgeable enough to know that and tried to use a software to destroy what he thought was Elch hard drives... Read more

www.claymania.com:
Safe Hex - Safe Computing Tips. Read more

internet-insecurity.com:
Rootkit discovery tools. Read more

www.mobilepipeline.com:
Safe Hotspotting With For-Hire VPNs. Read more

 

Tools:
druid.caughq.org:
hcraft is a HTTP systems penetration testing tool designed to make exploitation of known vulnerabilities in HTTP systems a dynamic, simple process. hcraft is intended to help take the details out of executing HTTP based attacks that require you to specially craft an HTTP request. Read more

druid.caughq.org:
The Fake Open SMTP Relay. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
Uapplication Products Disclose the Database to Remote Users and Let Remote Authenticate Administrators Upload Arbitrary Files. Read more

www.securitytracker.com:
HP OpenView Radia Management Portal Lets Remote Users Gain Access and Also Deny Service. Read more

www.securitytracker.com:
ICUII Discloses Passwords to Local Users. Read more

www.securitytracker.com:
phpBB Notes Mod Input Validation Hole in 'posting_notes.php' Permits SQL Injection. Read more

www.securitytracker.com:
NotJustBrowsing Discloses Application Password to Local Users. Read more

www.debian.org:
DSA-719-1 prozilla -- format string problems. Read more

www.debian.org:
DSA-718-2 ethereal -- buffer overflow. Read more

 

News
www.theregister.co.uk:
Firefox doubles market share as IE slips. Read more

www.computerworld.com.au:
Security product outbreak hits InfoSec. Read more

www.theregister.co.uk:
VXer targets Romanian gypsy music. Read more

www.t2.fi:
F-Secure pros issue hacker challenge. Read more

www.itsecurity.com:
Online Banking Requires Stronger Authentication Methods...Read more

www.11alive.com:
Hack Attack on GSU Student Info. Read more

www.vnunet.com:
Most computer hacking an 'inside job'. Read more

www.vnunet.com:
Online crime spirals out of control. Read more

www.vnunet.com:
64-bit Windows wide open to viruses. Read more

www.eweek.com:
Gates: 64-Bit Transition Will Happen 'Rapidly'. Read more

www.theregister.co.uk:
New York sues Intermix over spyware. Read more

spamkings.oreilly.com:
AOL lands on spam blacklist. Read more

news.com.com:
Senate bill proposes to close e-mail wiretapping "loophole". Read more

news.zdnet.co.uk:
Google used in phishing attack. Read more

28 April 2005

Guides, Papers, etc
www.hoti.org:
Design of a System for Real-TimeWorm Detection. Read more

www.viruslist.com:
The Bagle botnet. Read more

www.microscope.co.uk:
Encryption: the key to secure data? Read more

www.securityfocus.com:
Cleanliness next to Rootliness. Read more

www.securityfocus.com:
Security for the Paranoid. Read more

cne.gmu.edu:
An Evening with Berferd In Which a Cracker is Lured, Endured, and Studied. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
MaxDB Buffer Overflow in getIfHeader() WebDAV Function Lets Remote Users Execute Arbitrary Code. Read more

www.securiteam.com:
Internet Exporer Content Advisor Memory Corruption (Exploit, MS05-020). Read more

www.securiteam.com:
MySQL MaxDB Webtool Buffer Overflow Exploit (%). Read more

www.securiteam.com:
Multiple DoS Vulnerabilities in TCPDUMP (RSVP Packet, LDP Packet, BGP Packet and GRE Packet). Read more

www.securiteam.com:
NetTerm's NetFTPd Buffer Overflow (USER, Exploit). Read more

www.debian.org:
DSA-717-1 lsh-utils -- buffer overflow, typo. Read more

 

News
www.asahi.com:
Trend Micro antivirus fix wasn't tested before release. Read more

www.theregister.co.uk:
Web attacks soar. Read more

www.krqe.com:
Former LANL employee sentenced for hacking. Read more

news.zdnet.com:
Scheme preys on people who mistype 'Google.com'. Read more

news.zdnet.com:
Bush signs law targeting P2P pirates. Read more

news.zdnet.co.uk:
Highly critical Netscape flaw revealed. Read more

news.zdnet.com:
Group wants encryption bans overturned. Read more

news.zdnet.com:
Gates offers Longhorn appetizer. Read more

news.zdnet.com:
Microsoft XML guru sees power for the people. Read more

news.zdnet.com:
Gates wants to scrap H-1B visa restrictions. Read more

27 April 2005

Guides, Papers, etc
www.securityfocus.com:
Microsoft's reveals hardware security plans, concerns remain. Read more

www.ngssoftware.com:
Stopping Automated Attack Tools. Read more

 

Vulnerabilities & Exploits
www.gentoo.org:
Rootkit Hunter: Insecure temporary file creation. Read more

www.securitytracker.com:
yappa-ng Input Validation Holes Let Remote Users Execute Arbitrary Commands and Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
BEA WebLogic Administration Console Input Validation Hole in 'JndiFramesetAction' Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Citrix Program Neighborhood Agent Stack Overflow Lets Remote Users Execute Arbitrary Code and Another Bug Lets Remote Users Create Arbitrary Shortcuts. Read more

www.securitytracker.com:
Citrix WinCE MetaFrame Presentation Server Client Stack Overflow Lets Remote Users Execute Arbitrary Code and Another Bug Lets Remote Users Create Arbitrary Shortcuts. Read more

www.securitytracker.com:
nProtect Netizen Lets Remote Users Download Arbitrary Files to the Target System. Read more

www.securitytracker.com:
bBlog Input Validation Hole in 'postid' Permits SQL Injection and in Message Body Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
NetIQ PSSecure May Let Remote Users Bypass AS/400 FTP Access Controls. Read more

www.securitytracker.com:
SafeStone AxcessIT May Let Remote Users Bypass AS/400 FTP Access Controls. Read more

www.securitytracker.com:
NASI BSafe May Let Remote Users Bypass AS/400 FTP Access Controls. Read more

www.securitytracker.com:
Castlehill Secure/Net May Let Remote Users Bypass AS/400 FTP Access Controls. Read more

www.securitytracker.com:
PowerLock NetworkSecurity May Let Remote Users Bypass AS/400 FTP Access Controls. Read more

www.securitytracker.com:
Raz-Lee Firewall+++ May Let Remote Users Bypass AS/400 FTP Access Controls. Read more

www.securitytracker.com:
phpMyVisites Input Validation Errors Let Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Fastream NETFile Server Lets Remote Users Create or Delete Files and Directories in Arbitrary Locations. Read more

www.securitytracker.com:
SqWebMail Input Validation Hole in 'redirect' Parameter Permits HTTP Response Splitting Attacks. Read more

www.securiteam.com:
E-Cart index.cgi Command Execution (Exploit). Read more

www.securiteam.com:
Yager Buffer Overflow (Exploit). Read more

www.debian.org:
DSA-715-1 cvs -- serveral. Read more

 

News
asia.cnet.com:
Microsoft to add 'black box' to Windows. Read more

www.theinquirer.net:
Microsoft’s Longhorn has spyware plan. Read more

news.zdnet.co.uk:
Unpatched machines 'Net's biggest threat'. Read more

www.computerworld.com.au:
Infosecurity showgoers place law above tech. Read more

www.itbusiness.ca:
Security preparedness is TASK one. "Hackers are professionals. They get paid," warns user group. Read more

asia.cnet.com:
Spamhaus hits out at ISPs, praises Microsoft. Read more

news.zdnet.co.uk:
Schneier slates misuse of 'cyberterrorism'. Read more

www.theregister.co.uk:
Are you storing up email trouble? Read more

news.zdnet.co.uk:
Trend Micro customers suffer weekend mayhem. Read more

26 April 2005

Guides, Papers, etc
www.eweek.com:
The Sad State of Spyware. Read more

www.eweek.com:
Worm Early Warning System Late to the Game. Read more

www.boersenreport.de:
Microsoft demos `more secure` Longhorn Windows. Read more

www.eweek.com:
Automatic Protection Systems Are Too Dumb and Too Fast. Read more

 

Tools:
cse.msstate.edu:
GoogleSweep is a pen-test tool for information-gathering that uses Google to find information on IP addresses and hostnames on a target network. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
MaxDB HTTP Request '%' Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
MaxDB Buffer Overflow in getLockTokenHeader() WebDAV Function Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
MailEnable Unspecified IMAP and SMTP Bugs May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
HP/UX ICMP PMTU Attacks Let Remote Users Deny Service. Read more

www.securitytracker.com:
Store Portal Input Validation Errors Let Remote Users Inject SQL Commands. Read more

www.securitytracker.com:
OneWorldStore Discloses Order Information to Remote Users. Read more

www.securitytracker.com:
ACS Blog Authentication Flaw in 'inc_login_check.asp' Lets Remote User Gain Administrative Access. Read more

www.securitytracker.com:
Snmppd Format String Flaw May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
BK Forum Input Validation Holes Let Remote Users Inject SQL Commands. Read more

www.securitytracker.com:
CartWIZ Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more

www.gulftech.org:
Multiple eGroupware Vulnerabilities. Read more

www.idefense.com:
MySQL MaxDB Webtool Remote Stack Overflow Vulnerability. Read more

 

News
www.techworld.com:
Trend Micro bug down to over-quick testing. Read more

www.securitypronews.com:
Web Server Cracks And Defacements Increase. Read more

www.computerworld.com:
Many Web site hackers are schoolboys, watchdog group says. Read more

www.computerworld.com:
Hackers plot more phishing, mobile viruses. Read more

www.webpronews.com:
Computer Hacking An Inside Job. Read more

www.bitdefender.com:
New Romanian Virus Speculates On Iraqi Crisis. Read more

searchsecurity.techtarget.com:
Viruses 'a thing of the past'. Read more

www.broadbandreports.com:
Evil Twin Wi-Fi Attacks. Read more

www.eweek.com:
Group Aims to Develop Guidelines to Define Spyware. Read more

www.techworld.com:
Internet Explorer improvements come to light. Read more

www.techworld.com:
Longhorn security technology scrapped. Read more

comment.zdnet.co.uk:
Don't leave alternative browsers all at sea. Read more

25 April 2005

Guides, Papers, etc
www.benedelman.org:
Misleading Installations of the Week: PacerD, and Claria's Dope Wars. Read more

www.preferredcomputers.com:
Understanding and Preventing Spyware in the Enterprise. Read more

www.eecis.udel.edu:
Distributed Worm Simulation with a Realistic Internet Model. Read more

 

News
www.usatoday.com:
Microsoft expected to ignite 64-bit computing. Read more

mdn.mainichi.co.jp:
Suspected antivirus glitch disrupts newspaper LAN systems. Read more

www.yomiuri.co.jp:
Virus Buster LAN failures caused by human error. Read more

news.zdnet.co.uk:
Yahoo opens up dead Marine's email. Read more

www.ecommercetimes.com:
E-Commerce Sites Forced To Adopt Security Standards. Read more

www.usatoday.com:
'Pharmers' hit online bank users with fraud scam. Read more

www.securitynewsportal.com:
Alleged World of Hell hacker RaFa arrested in Miami by FBI. Read more

uk.builder.com:
Stroustrup: C++ is growing. Read more

24 April 2005

Guides, Papers, etc
www.rootkit.com:
Hide user mode debuggers from executables with debbuger detection. Read more

www.vulndev.org:
SInAR. A Cross architecture Solaris rootkit the development of which is aimed to both increase understanding of the Solaris OS and to show that it's not just the external threats that a Solaris Admin should worry about. Read more

www.acm.uiuc.edu:
Introduction to Reverse Engineering Software. Read more

 

Vulnerabilities & Exploits
www.frsirt.com:
KDE Kommander Arbitrary Code Execution Vulnerability. Read more

www.frsirt.com:
OneWorldStore "chksettings.asp" Denial of Service Vulnerability. Read more

www.frsirt.com:
PixySoft E-Cart Remote Command Execution Vulnerability. Read more

www.frsirt.com:
ASPNuke Cross Site Scripting and SQL Injection Vulnerabilities. Read more

www.frsirt.com:
FlexPHPNews "news.php" Remote SQL Injection Vulnerability. Read more

www.securitytracker.com:
Novell Nsure Audit 'webadmin.exe' Lets Remote Users Cause the System to Stop Responding. Read more

www.securitytracker.com:
WoltLab Burning Board Input Validation Hole in 'thread.php' in 'hilight' Parameter Permits Cross-Site Scripting Attacks. Read more

 

News
www.zone-h.org:
Hushmail.com defaced by means of DNS redirection UPDATED. Read more

www.pcworld.com:
PC Zombies Invade China. Read more

www.securitypronews.com:
Adware Adds Up To Cash. Read more

www.syracuse.com:
Guard against Internet 'phishing'. Read more

infotech.indiatimes.com:
Viruses play unfair games on cell phones. Read more

23 April 2005

Guides, Papers, etc
www.cs.berkeley.edu:
The Threat of Internet Worms. Read more

www.viruslist.com:
Malware Evolution: January - March 2005. Read more

www.securitypipeline.com:
Hotspot Hacking And How To Fight It. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
ASP Nuke Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
MailEnable HTTPMail Vulnerability Has Unspecified Impact. Read more

www.securitytracker.com:
KDE kimgio PCX Processing Error Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
KDE Kommander May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Xine MMST and RTSP Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
OneWorldStore 'chksettings.asp' Lets Remote Users Deny Service. Read more

www.securitytracker.com:
Yawcam Directory Traversal Flaw Lets Remote Users View Arbitrary Files. Read more

www.securitytracker.com:
E-Cart Mod Input Validation Hole in 'art' Parameter Lets Remote Users Execute Arbitrary Commands. Read more

 

News
www.theregister.co.uk:
MP3 zapping malware worms onto P2P network. Read more

news.zdnet.com:
Virus pits itself against music pirates. Read more

www.channelregister.co.uk:
Credit card firms push cybersecurity. Read more

www.theregister.co.uk:
Privacy watchdog warns job seekers to beware. Read more

news.zdnet.com:
Security guru wants access to bug databases. Read more

news.zdnet.com:
C++ creator upbeat on its future. Read more

www.eweek.com:
Torvalds Gives Inside Skinny on Git. Read more

www.thewhir.com:
AOL, Cyota Team to Fight Phishing. Read more

news.zdnet.com:
Firewall to zap XML viruses. Read more

www.techweb.com:
Worm Lull, Windows XP SP2 Keeping Outbreaks At Bay. Read more

news.com.com:
This week in security. Read more

22 April 2005

Guides, Papers, etc
recon.cx:
REcon 2005. Read more

www.eecs.umich.edu:
Worm Hotspots: Explaining Non-Uniformity in Worm Targeting Behavior. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
phpBB Auction Mod Lets Remote Users Inject SQL Commands and Determine the Installation Path. Read more

www.securitytracker.com:
LG Electronics U8120 Phone MIDI File Processing Error Lets Remote Users Deny Service. Read more

www.securitytracker.com:
Acrobat Reader Invalid-ID-Handle-Error Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more

www.securiteam.com:
Multiple Exploit Codes for Oracle (interMedia, DBMS_CDC_SUBSCRIBE, DBMS_CDC_ISUBSCRIBE and DBMS_METADATA). Read more

www.securiteam.com:
PMSoftware Simple Web Server Remote Buffer Overflow (Exploit). Read more

www.securiteam.com:
ICMP Attacks Against TCP Vulnerability Exploit. Read more

www.securiteam.com:
BitchX Buffer Overflow. Read more

www.debian.org:
DSA-713-1 junkbuster -- several vulnerabilities. Read more

www.debian.org:
DSA-701-2 samba -- integer overflows. Read more

 

News
www.securityfocus.com:
Privacy watchdog warns job seekers to beware. Read more

www.cyprus-mail.com:
Taking over a webcam: a standard part of the virus writer’s arsenal. Read more

www.theregister.co.uk:
Peeping Tom Trojan suspect cuffed in Cyprus. Read more

www.newsfactor.com:
Smartphone Viruses: 52 and Counting. Read more

www.theregister.co.uk:
Longhorn is big - no, this time we mean it. Read more

www.securityfocus.com:
Watching the Watchers. Misuse of database information by insiders happens everyday, and there's little we can do about it. Read more

www.vnunet.com:
Apple slapped for sloppy security response. Read more

www.vnunet.com:
Google travels back in search time. Read more

21 April 2005

Updated: Trojan News March

Guides, Papers, etc
www.eweek.com:
Worm Early Warning System Late to the Game. Read more

www.pakcon.org:
PAKCON II, Pakistan's Underground Hacking Convention. Call for Papers. Read more

informit.com:
Strategies of Computer Worms. Read more

www.bluesecurity.com:
P2P Exploited to Spam Millions of Users. Read more

www.securityfocus.com:
Apple's Big Virus. Read more

www.eweek.com:
Automatic Protection Systems Are Too Dumb and Too Fast. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
MPlayer MMST and RTSP Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
RealPlayer Enterprise Buffer Overflow in 'pnen3260.dll' Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
LogWatch Regular Expression Error May Let Users Deny Service to Avoid Detection. Read more

www.securitytracker.com:
Ocean12 Calendar Manager Input Validation Errors Permit SQL Injection Attacks. Read more

www.securitytracker.com:
Microsoft Windows Explorer 'webvw.dll' Input Validation Error Lets Remote Users Execute Arbitrary Scripting Code. Read more

www.securiteam.com:
Sumus Remote Buffer Overflow Exploit. Read more

 

News
www.vnunet.com:
Bank attack used key-loggers costing just £20. Read more

www.eweek.com:
Researchers Propose Early Warning System for Worms. Read more

www.theregister.co.uk:
WiPhishing hack risk warning. Read more

www.newsfactor.com:
Sober Worm Given New Life. Read more

itvibe.com:
New Sober worm variant causing trouble. Read more

www.eweek.com:
High-Risk RealPlayer Hole Patched. Read more

www.eweek.com:
NY Attorney General Spitzer Targets Identity Theft. Read more

www.eweek.com:
AOL Begins Blocking Phishing Sites. Read more

www.theregister.co.uk:
Microsoft patents 911. Read more

www.theregister.co.uk:
UK court orders ISPs to unmask 33 filesharers. Read more

www.cellular-news.com:
Mobile phone viruses on the rise. Read more

www.eweek.com:
Open-Source CVS Project Plugs Security Leaks. Read more

20 April 2005

Updated: Trojan News March

Guides, Papers, etc
www.viruslist.com:
Malware Evolution: January - March 2005. Read more

www.astalavista.com:
Tracking the Attacker. Read more

www.exploitx.com:
Troubleshooting Linux® Firewalls. Read more

www.professionalsecurity.co.uk:
Cybercrime wars. Read more

www.securitypark.co.uk:
The Spyware Plague: No Cure for the Enterprise. Read more

 

Tools:
ophcrack.sourceforge.net:
Ophcrack version 2.0 is a windows password cracker based on the faster time-memory trade-off using rainbow tables. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
Sun Solaris May Let Local Users Hijack Non-Privileged Port Services. Read more

www.securitytracker.com:
CVS Buffer Overflows and Memory Leaks May Let Remote Users Execute Arbitrary Code or Deny Service. Read more

www.securitytracker.com:
WheresJames Webcam Publisher Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
proFile Input Validation Bugs Let Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
PortalApp Input Validation Holes in 'ContentId', 'CatId', 'ContentTypeId', and 'ForumId' Parameters Permit Cross-Site Scripting Attacks. Read more

www.securiteam.com:
PostgreSQL Remote DoS (plpgsql). Read more

www.securiteam.com:
Microsoft Exchange X-LINK2STATE Heap Overflow PoC (MS05-021). Read more

www.securiteam.com:
Openssl-Too-Open: Apache / OpenSSL Remote Exploit. Read more

www.securiteam.com:
Webcam Publisher Buffer Overflow (Exploit). Read more

www.greymagic.com:
File Selection May Lead to Command Execution. Read more

www.debian.org:
DSA-712-1 geneweb -- insecure file operations. Read more

www.debian.org:
DSA-711-1 info2www -- missing input sanitising. Read more

 

News
www.theregister.co.uk:
Sober worm shakes Windows security. Read more

news.zdnet.co.uk:
IM security: The worst is yet to come. Read more

www.wired.com:
U.S. Military's Elite Hacker Crew. Read more

news.com.com:
Worms whack half of businesses. Read more

www.vnunet.com:
Consumers make it easy for e-commerce hackers. Read more

www.theregister.co.uk:
Unholy trio menace Firefox. Read more

www.theregister.co.uk:
Teenagers want computer security lessons. Read more

www.theinquirer.net:
Top ten Firefox browser annoyances. Read more

australianit.news.com.au:
ISPs team to fight DNS attack. Read more

news.com.com:
Finns tout new anti-P2P tool. Read more

news.com.com:
Prison terms on tap for 'prerelease' pirates. Read more

www.pcworld.com:
Four Arrested in Game Piracy Sting. Read more

19 April 2005

Updated: Trojan News March

Guides, Papers, etc
www.securityfocus.com:
Teenagers struggle with privacy, security issues. Read more

www.astalavista.com:
Identity Theft. Read more

www.astalavista.com:
802.11 Security. Read more

arxiv.org:
Analyzing Worms and Network Traffic using Compression. Read more

www.oracle.com:
Oracle, Critical Patch Update - April 2005. Read more

nzeka-labs.com:
KSpyware's code cource (in Perl). Read more

 

Vulnerabilities & Exploits
www.idefense.com:
McAfee Internet Security Suite 2005 Insecure File Permission Vulnerability. Read more

www.debian.org:
DSA-710-1 gtkhtml -- null pointer dereference. Read more

www.mikx.de:
Firelinking - Proof-of-Concept. Read more

 

News
www.theregister.co.uk:
Save us from spam. Read more

www.techtree.com:
Symantec Takes on Spyware. Read more

news.com.com:
Microsoft to license test software for real-world use. Read more

news.com.com:
IRS flaws open door to identity theft. Read more

www.computerworld.com:
IRS security flaws expose taxpayer data to snooping, GAO finds. Read more

www.computerworld.com:
Sidebar: Security Tools Not Enough, Say Execs. Read more

18 April 2005

Updated: Trojan News March

Guides, Papers, etc
www.benedelman.org:
Misleading Installations of the Week: Claria and 180 at Kids Sites. Read more

www.simson.net:
AVOIDING THE CYBER PANDEMIC: A Public Health Approach to Preventing Malware Propagation. Read more

 

Vulnerabilities & Exploits
www.securiteam.com:
Vulnerabilities in TCP/IP Allow Remote Code Execution and DoS (MS05-019, Exploit). Read more

www.securiteam.com:
Serendipity exit.php SQL Injection (Exploit). Read more

www.securiteam.com:
Explorer.exe WMF Parsing DoS (Exploit). Read more

remahl.se:
AppleWebKit XMLHttpRequest arbitrary file disclosure vulnerability. Read more

 

News
www.usatoday.com:
Hacker invades Anchorage airport Web site. Read more

news.zdnet.com:
Microsoft plans massive Windows ad campaign. Read more

news.zdnet.com:
FAQ: Getting a handle on Longhorn. Read more

www.vnunet.com:
Fortinet in court for hiding Linux in its code. Read more

www.earthtimes.org:
Reuters quells Kelvir challenge, IM service back on. Read more

17 April 2005

Updated: Trojan News March

Guides, Papers, etc
www.ebcvg.com:
Zombie Computers. Read more

www.astalavista.com:
DoS Defense in Structured Peer-to-Peer Networks. Read more

www.astalavista.com:
MorphMix: Peer-to-Peer based Anonymous Internet Usage with Collusion Detection. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
Firefox Sidebar '_search' Processing Error Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Firefox Search Plug-in Lets Remote Users Execute Scripting Code in Active Tabs. Read more

www.securitytracker.com:
Mozilla Search Plug-in Lets Remote Users Execute Scripting Code in Active Tabs. Read more

www.securitytracker.com:
Firefox Browser XPInstall Engine May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Mozilla Browser XPInstall Engine May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Apple OS X Integer Overflow in searchfs() Lets Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
Apple OS X setuid/setgid Support May Let Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
Apple OS X semop() Buffer Overflow Lets Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
Apple OS X Syscall Emulation Buffer Overflow Lets Local Users Deny Service. Read more

www.securitytracker.com:
Apple Safari Javascript Flaw Lets Remote Users Execute Arbitrary Javascript in the Context of the Local Domain. Read more

www.securitytracker.com:
WinHex Can Be Crashed With Maformed Filename. Read more

www.securitytracker.com:
PHP-Nuke Input Validation Hole in Surveys Module Permits HTTP Response Splitting Attacks. Read more

www.securitytracker.com:
DameWare Discloses Passwords to Local Users. Read more

www.frsirt.com:
Mozilla Firefox Sidebar Code Execution Proof of Concept Exploit. Read more

www.frsirt.com:
Mozilla Suite and Firefox "favicons" LINK Code Execution Exploit. Read more

www.debian.org:
DSA-709-1 libexif -- buffer overflow. Read more

 

News
www.webpronews.com:
Mozilla Updates For Security. Read more

www.keralanext.com:
Asia ; Nearly 7,600 new malware detected in first three months. Read more

www.infoworld.com:
Polo Ralph Lauren confirms HSBC data security problem. Read more

publications.mediapost.com:
Adware Firms Up The Ante On Anti-Spyware. Read more

www.zwire.com:
The need for homepage security. Read more

16 April 2005

Guides, Papers, etc
www.securityfocus.com:
Introduction to Spyware Keyloggers. Read more

www.macnewsworld.com:
New Era of Deadly Spyware Approaches. Read more

www.pcworld.com:
The (Uphill) Battle Against Spyware. Read more

www.securityfocus.com:
Privacy groups assail future passport technology. Read more

informationweek.com:
Q&A: Allchin Talks Turkey About Longhorn. Read more

 

Vulnerabilities & Exploits
xforce.iss.net:
CA BrightStor ARCServe Backup Remote Compromise. Read more

www.securitytracker.com:
RSA Authentication Agent for Web for IIS Input Validation Bug Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Webmin May Let Users Change the Permissions and Ownership of Configuration Files. Read more

www.securitytracker.com:
Usermin May Let Users Change the Permissions and Ownership of Configuration Files. Read more

www.securitytracker.com:
Ariadne Include File Flaw Lets Remote Users Execute Arbitrary Commands. Read more

www.securitytracker.com:
OneWorldStore Input Validation Flaws Permit SQL Injection and Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
FreeBSD Kernel ifconf() Discloses Kernel Memory Contents to Local Users. Read more

www.securitytracker.com:
Musicmatch Jukebox Lets Local Users Gain Elevated Privileges and Remote Users Conduct Cross-Site Scripting Attacks. Read more

 

News
news.zdnet.co.uk:
Microsoft silent over IP vulnerability claims. Read more

www.eweek.com:
Where's That Windows Media Player Update? Read more

informationweek.com:
Reuters IM Worm Attack Seen As 'Wake-Up. Read more

www.theregister.co.uk:
Virus writers have girlfriends - official. Read more

www.theregister.co.uk:
George Bush fears email privacy breach. Read more

www.theregister.co.uk:
IM worm hits Reuters. Read more

www.pcworld.com:
Microsoft Details More Longhorn Features. Read more

software.silicon.com:
Microsoft shuts down anti-SP2 tool. Read more

www.vnunet.com:
Arrests highlight offshore risks. Read more

www.vnunet.com:
Record industry sues 400 campus downloaders. Read more

thebosh.com:
Internet2 hot.
The Recording Industry Association of America (RIAA), acting on behalf of major record companies has filed legal action against the students at 18 colleges across the US, alleging they illegally downloaded and swapped music files using a lightening-fas. Read more

15 April 2005

Guides, Papers, etc
www.securityfocus.com:
Privacy From the Trenches. Read more

www.ics.forth.gr:
Efficient Content-Based Detection of Zero-DayWorms. Read more

www.vnunet.com:
Kevin Mitnick and the art of intrusion - Part 2. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
Axel Buffer Overflow in Processing HTTP Location Values Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Kerio MailServer WebMail Viewing Flaw Lets Remote Users Deny Service. Read more

www.securitytracker.com:
Pavuk Buffer Overflows Have Unspecified Impact. Read more

www.securitytracker.com:
Sun Solaris ICMP Processing Error Lets Remote Users Deny Service. Read more

www.securitytracker.com:
CalendarScript Discloses Installation Path and Debug Information to Remote Users and Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
EasyPHPCalendar Discloses Installation Path to Remote Users and Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
VHCS Input Validation Errors Permit SQL Injection Attacks. Read more

www.securitytracker.com:
IlohaMail Input Validation Bugs in 'read_message.php' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Serendipity Input Validation Error in 'exit.php' Permits SQL Injection Attacks. Read more

www.securitytracker.com:
WatchGuard Firebox ICMP Processing Errors Let Remote Users Deny Service. Read more

www.frsirt.com
IBM WebSphere Application Server JSP Source Code Disclosure Issue. Read more

www.frsirt.com
Sun ONE and Sun Java System Directory Servers LDAP Buffer Overflow. Read more

www.frsirt.com
Sun Java System Web Server Denial of Service Vulnerability. Read more

www.securiteam.com:
Internet Explorer DHTML Arbitrary Code Execution (MS05-020). Read more

www.securiteam.com:
Microsoft JET Reverse Shell Buffer Overflow Exploit. Read more

www.hyperdose.com:
Arbitrary file overwrite in Musicmatch. Read more

www.debian.org:
DSA-708-1 php3 -- missing input sanitising. Read more

www.security.nnov.ru:
Internet Explorer wininet.dll URL parsing memory corruption details. Read more

 

News
www.reuters.com:
Worm Prompts Temporary Shutdown of Reuters Messaging. Read more

news.zdnet.co.uk:
OpenOffice confirms hack attack risk. Read more

news.zdnet.co.uk:
Office flaw exploit code published. Read more

news.bbc.co.uk:
Home workers 'pose security risk'. Read more

www.theregister.co.uk:
Beware of toxic blogs. Read more

news.com.com:
Blog censorship gains support. Read more

news.zdnet.co.uk:
Banks nearing agreement on Web security. Read more

itvibe.com:
Premium rate dialer virus writer sentenced. Read more

14 April 2005

Guides, Papers, etc
www.antiphishing.org:
Vulnerability of First-Generation Digital Certificates and Potential for Phishing Attacks and Consumer Fraud. Read more

www.astalavista.com:
Role Comparison Report – Web Server Role. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
IBM Domino Server Buffer Overflow in Date/Time Field Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Veritas i3 FocalPoint Server Has Vulnerability With Unspecified Impact. Read more

www.securitytracker.com:
Oracle Database Has Unspecified Vulnerabilities in Multiple Components. Read more

www.securitytracker.com:
Microsoft Internet Explorer Buffer Overflows in DHTML, URL Parsing, and Content Advisor Let Remote Users Execute Arbitrary Code. Read more

www.geotrust.com:
VULNERABILITY OF FIRST-GENERATION DIGITAL CERTIFICATES Rev 1.1 AND POTENTIAL FOR PHISHING ATTACKS AND CONSUMER FRAUD. Read more

www.securitytracker.com:
Microsoft Message Queuing Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
MSN Messenger GIF File Image Parameter Processing Lets Remote Users Execute Arbitrary Code. Read more

www.debian.org:
DSA-707-1 mysql -- several vulnerabilities. Read more

www.debian.org:
DSA-706-1 axel -- buffer overflow. Read more

 

News
www.theregister.co.uk:
Eight patches - five critical - in MS April patch batch. Read more

australianit.news.com.au:
New MS security holes found. Read more

www.theregister.co.uk:
Anti-spyware group collapses. Read more

www.theregister.co.uk:
Mobile botnet threat downplayed. Read more

news.zdnet.com:
Security breach laws become state's rights issue. Read more

www.zdnet.com.au:
'Human firewall' a crucial defence: Mitnick. Read more

www.theregister.co.uk:
It's official: ChoicePoint, LexisNexis rooted many times. Read more

www.vnunet.com:
Virus writer steals £70,000 in three days. Read more

www.zdnet.com.au:
Bigger phishes ready to spawn. Read more

www.pcauthority.com.au:
Hackers spread worms through blogs. Read more

www.zdnet.com.au:
IBM on the hunt for Firefox programmers. Read more

australianit.news.com.au:
Stronger security for banks. Read more

13 April 2005

Guides, Papers, etc
A Methodology for Detecting New Binary Rootkit Exploits. Read more

www.arl.wustl.edu:
Application of Hardware Accelerated Extensible Network Nodes for Internet Worm and Virus Protection. Read more

www.windowsitpro.com:
Understanding the Windows XP SP2 Blocking Mechanism. Read more

www.astalavista.com:
BLUETOOTH TOOLS. Read more

www.geotrust.com:
Vulnerability of First-Generation Digital Certificates and Potential for Phishing Attacks and Consumer Fraud. Read more

 

Tools:
www.eeye.com:
eEye Launches Free Retina WiFi Scanner to Address the Growing Business Concern of Wireless Network Security. Read more

 

Vulnerabilities & Exploits
www.frsirt.com:
Microsoft Word Remote Code Execution Vulnerabilities (MS05-023). Read more

www.frsirt.com:
MSN Messenger GIF Handling Remote Code Execution (MS05-022). Read more

www.frsirt.com:
Microsoft Exchange Server Remote Code Execution (MS05-021). Read more

www.frsirt.com:
Microsoft Internet Explorer Code Execution Vulnerabilities (MS05-020). Read more

www.frsirt.com:
Microsoft Windows TCP/IP Remote Code Execution and DoS (MS05-019). Read more

www.frsirt.com:
Microsoft Windows Kernel Local Privilege Escalation and DoS (MS05-018). Read more

www.frsirt.com:
Microsoft Message Queuing Remote Buffer Overflow (MS05-017). Read more

www.frsirt.com:
Microsoft Windows Shell Code Execution Vulnerability (MS05-016). Read more

www.securitytracker.com:
Cisco IOS ICMP PMTUD Attackes Let Remote Users Deny Service. Read more

www.securitytracker.com:
ACNews Input Validation Hole in 'login.asp' Yields Administrative Access to Remote Users. Read more

www.securitytracker.com:
OpenOffice StgCompObjStream::Load() Heap Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
zOOm Media Gallery Lets Remote Users Inject SQL Commands. Read more

www.securitytracker.com:
Gld Format String Flaws and Buffer Overflows Let Remote Users Execute Arbitrary Code With Root Privileges. Read more

www.securiteam.com:
PunBB change_email SQL Injection. Read more

 

News
Microsoft Security Bulletin MS05-002
Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711). Read more

www.zdnet.com.au:
Microsoft plugs up critical holes in Windows. Read more

www.zdnet.com.au:
Unpatched flaw found in Microsoft software. Read more

www.zdnet.com.au:
BigPond disconnecting Trojan-infected customers. Read more

www.zdnet.com.au:
Microsoft offers no choice on Windows XP SP2. Read more

www.isp-planet.com:
An Extreme Phight Against Phishing. Read more

12 April 2005

Guides, Papers, etc
Computer Security Mexico 2005
Palacio de Mineria, May 26th - May 27th, 2005. Read more

www.cise.ufl.edu:
Defending Against Internet Worms: A Signature-Based Approach. Read more

www.security-assessment.com:
Bugger The Debugger- Pre Interaction Debugger Code Execution. Read more

www.security-assessment.com:
A Day in the Life of a Hacker. Read more

www.security-assessment.com:
A Step into the Computer Underworld. Read more

www.security-assessment.com:
Shoot the Messenger - Shatter Attacks. Read more

www.security-assessment.com:
Advances in Web Application Hacking. Read more

www.security-assessment.com:
GoogleHack and PTP Hacking. Read more

www.security-assessment.com:
VOIP Hacking. Read more

www.theregister.co.uk:
Cyber Alert: crime hits the net. Read more

 

Vulnerabilities & Exploits
www.frsirt.com:
CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability. Read more

www.frsirt.com:
OpenOffice Document Handling Heap Overflow Vulnerability. Read more

www.frsirt.com:
Invision Power Board "memberlist.php" SQL Injection Vulnerability. Read more

www.frsirt.com:
KDE Desktop PCX Image Handling Buffer Overflow Vulnerability. Read more

www.frsirt.com:
Zoom Media Gallery "index.php" Remote SQL Injection Vulnerability. Read more

www.frsirt.com:
ModernBill PHP File Inclusion and Cross Site Scripting Vulnerabilites. Read more

www.securitytracker.com:
TowerBlog! Discloses Hashed Administrative Password to Remote Users. Read more

www.securitytracker.com:
rsnapshot copy_symlink() May Let Local Users Gain Elevated Privileges in Certain Situations. Read more

www.securitytracker.com:
P2P Share Spy Discloses Password to Local Users. Read more

www.securitytracker.com:
ModernBill Include File Error in Sample 'news.php' Script Lets Remote Users Execute Commands and Input Validation Holes in 'orderwiz.php' Permit Cross-Site Scripting Attacks. Read more

www.securiteam.com:
Linux Kernel Bluetooth Local Root (Exploit). Read more

secunia.com:
Sun Java JDK/SDK Jar Directory Traversal Vulnerability. Read more

 

News
www.securityfocus.com:
Campaign seeks to defang Rafa's hacker image. Read more

www.securityfocus.com:
Cleaning Up Disclosure. Read more

www.infoworld.com:
Brazilian arrested for '01 Airforce hacks. Read more

security.itworld.com:
Rootkit Web sites fall to DDOS attack. Read more

www.nwfusion.com:
Be secure: Think like bad guys. Read more

www.silicon.com:
Indian call centre staff in $350,000 Citibank theft. Read more

www.pcworld.com:
Microsoft Files Eight Counterfeiting Lawsuits. Read more

www.microsoft.com:
Microsoft and Gateway Lay Foundation for Future Cooperation, Resolve Antitrust Claims. Read more

www.theregister.co.uk:
Microsoft goes after Blackberry with Magneto. Read more

www.theregister.co.uk:
Linus Torvalds in bizarre attack on open source. Read more

11 April 2005

Guides, Papers, etc
www.eweek.com:
Tales of a Professional Social Engineer. Read more

www.eweek.com:
Shutting Down the Highway to Internet Hell. Read more

www.exploitx.com:
Click Fraud FAQ. Read more

www.net-security.org:
Malware comes of age: The arrival of the true computer parasite. Read more

www.av-comparatives.org:
Anti-Virus Comparative No. 5. Read more

www.cise.ufl.edu:
An Internet-Worm Early Warning System. Read more

www.securitydocs.com:
Malicious Codes in Depth. Read more

www.zone-h.org:
2004 WEB SERVER INTRUSION STATISTICS. Read more

 

Vulnerabilities & Exploits
www.securiteam.com:
Microsoft Multiple E-Mail Client Address Spoofing Vulnerability. Read more

www.securiteam.com:
SGI IRIX gr_osview Multiple Vulnerabilities. Read more

www.securiteam.com:
IBM Lotus Domino Server Web Service DoS (Exploit). Read more

 

News
www.zdnet.com.au:
Virus blocks access to antivirus Web sites. Read more

www.crime-research.org:
Big phishers can be hard to hook. Read more

www.zdnet.com.au:
Are firewalls pointless? Read more

www.eweek.com:
Will Click-Fraud Suits Hobble Search? Read more

10 April 2005

Guides, Papers, etc
www.hackerhighschool.org:
Hacker Highschool. LESSON 1 BEING A HACKER. Read more
Hacker Highschool. LESSON 2. BASIC COMMANDS IN LINUX AND WINDOWS. Read more
Hacker Highschool. LESSON 3 PORTS AND PROTOCOLS. Read more
Hacker Highschool. LESSON 4 SERVICES AND CONNECTIONS. Read more
Hacker Highschool. LESSON 5 SYSTEM IDENTIFICATION. Read more
Hacker Highschool. LESSON 6 MALWARE. Read more
Hacker Highschool. LESSON 7 ATTACK ANALYSIS. Read more
Hacker Highschool. LESSON 8 DIGITAL FORENSICS. Read more
Hacker Highschool. LESSON 9 E-MAIL SECURITY. Read more
Hacker Highschool. LESSON 11 PASSWORDS. Read more

www.securityfocus.com:
Absolute Security is a Myth. Read more

security.ucdavis.edu:
Development of Computer Vulnerability Scanning Scanning Workgroup. Read more

www.zone-h.org:
2004 WEB SERVER INTRUSION STATISTICS. Read more

en.wikipedia.org:
Steganography (hidden writing). Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
File Upload Script 'up.php' for phpBB Lets Remote Users Upload Arbitrary Files. Read more

www.securitytracker.com:
PostNuke Input Validation Holes in News Module Permits SQL Injection and in 'admin.php' and 'user.php' Permit Cross-Site Scripting Attacks.

www.securitytracker.com:
Microsoft Outlook Web Access 'From' Address Display Lets Remote Users Spoof Origination Addresses. Read more

www.securitytracker.com:
Microsoft Outlook 'From' Address Display Lets Remote Users Spoof Origination Addresses. Read more

www.securitytracker.com:
Ocean12 Membership Manager Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more

zone-h.org:
Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3. Read more

zone-h.org:
Directory transversal, sql injection and xss vulnerabilities in RadBids Gold v2. Read more

zone-h.org:
GnomeVFS, libcdaudio: CDDB response overflow. Read more

 

News
news.com.com:
Google adds satellite images to maps. Read more

news.com.com:
Google queues up video. Read more

www.washingtonpost.com:
Can the Internet Have Borders? Read more

www.jpost.com:
Hacker cracks bank's computer code. Read more

www.denverpost.com:
Arrest made in breach of military website. Read more

www.nationmultimedia.com:
Secrets of the great hackers. Read more

www.thewhir.com:
Top Layer Defends DNS Cache Poisoning. Read more

09 April 2005

Guides, Papers, etc
www.peterszor.com:
EPOC EPOCalypse alypse NOW!
“The volume of malicious code seems to be growing quicker than ever.” Read more

www.astalavista.com:
OUTSMARTING PERSONAL FIREWALLS. Read more

www.astalavista.com:
Computer viruses: The threat today and the expected future. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
AN HTTP Server 'cmdIS.DLL' Buffer Overflow Lets Local Users Execute Arbitrary Code and Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
FirstClass Bookmark Input Validation Flaw Lets Users Execute Existing Local Files. Read more

www.securitytracker.com:
SurgeFTP LEAK Command Lets Remote Users Deny Service. Read more

www.securitytracker.com:
Macromedia ColdFusion MX Updater Discloses '.class' Files to Remote Users. Read more

www.securitytracker.com:
SGI IRIX gr_osview Lets Local Users Obtain Sensitive Information and Overwrite Arbitrary Files. Read more

 

News
www.theregister.co.uk:
Trojan leaps from bogus Windows Update site. Read more

news.zdnet.co.uk:
Hackers send flood of bogus Microsoft updates. Read more

www.theregister.co.uk:
Nine years in slammer for US spammer. Read more

www.theregister.co.uk:
DNS attacks attempt to mislead consumers. Read more

www.smh.com.au:
Software helps track child pornographers. Read more

news.zdnet.co.uk:
Microsoft issues DNS poisoning advisory. Read more

08 April 2005

SilentDoor is a connectionless, PCAP-based backdoor for linux that uses packet sniffing to bypass netfilter.
It sniffs for UDP packets on port 53, runs each packet against a decryption scheme, if the packet validates than it runs a command.
Can be masked to look like any other process. Remote command utility included. Read more

 

Guides, Papers, etc
tracking-hackers.evilcoder.org:
The Use of Honeynets to Detect Exploited Systems Across Large Enterprise Networks. Read more

www.networkcomputing.com:
Market Analysis: Storage Security. Read more

searchsecurity.techtarget.com:
Five steps for beating back the bots. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
PopUp Plus Miranda IM Plugin Buffer Overflow Lets Remote Users Execute Arbitrary Code. read more

www.securitytracker.com:
CubeCart Discloses Installation Path to Remote Users. Read more

www.securitytracker.com:
sCssBoard Has a Cross-Site Scripting Flaw and Other Unspecified Vulnerabilities With Unspecified Impact. Read more

www.securitytracker.com:
Litecommerce Input Validation Bugs in 'cart.php' Let Remote Users Inject SQL Commands. Read more

www.securitytracker.com:
FTP Now Discloses Passwords to Local Users. Read more

 

News
www.securityfocus.com:
DNS attacks attempt to mislead consumers. Read more

www.theregister.co.uk:
Dating site hack suspect arrested. Read more

news.zdnet.co.uk:
Security guru warns of cyberpolice shortage. Read more

news.zdnet.co.uk:
Russian hackers 'the best in the world'. Read more

www.theregister.co.uk:
US tops junk mail list of shame - again. Read more

www.theregister.co.uk:
Police hard drive sold on eBay. Read more

www.vnunet.com:
Firms ignore USB threat. Read more

news.zdnet.co.uk:
CA flaws opens users up to DoS attacks. Read more

www.eeproductcenter.com:
Security In The Palm of Your Hand. Read more

07 April 2005

Guides, Papers, etc
www.securityfocus.com:
Defeating Honeypots: System Issues, Part 2. Read more

www.csoonline.com:
Spy Versus Spy: Is Somebody Spying on You? Read more

www.cs.purdue.edu:
Worm Meets Beehive. Read more

www.eweek.com:
IT Admins Must 'Think Like Hackers'. Read more

www.pulltheplug.org:
Wargames. Vortex: By touring through the most common exploitable bugs, users of this wargame are expected to have gained mastery in the basic fundamentals of system exploitation. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
Cisco IOS IKE Authentication Bugs Let Remote Users Bypass Xauth Authentication to Gain Access to Hosts and Resources. Read more

www.securitytracker.com:
DameWare Mini Remote Control Lets Remote Authenticated Users Gain Elevated Privileges. Read more

www.securitytracker.com:
HP OpenView Network Node Manager Has Unspecified Flaw That Lets Remote Users Deny Service. Read more

www.securitytracker.com:
FreeBSD AMD64 Hardware Access Bitmap Error Lets Local Users Obtain Elevated Privileges. Read more

www.securitytracker.com:
Active Auction House Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
eTrust Intrusion Detection CPImportKey() Buffer Overflow Lets Remote Users Deny Service. Read more

www.securiteam.com:
Cyrus IMAP Server Preauthentification Overflow. Read more

 

News
news.zdnet.com:
Trojan horse takes down smart phones. Read more

www.vnunet.com:
New mobile malware wipes phones. Read more

www.theregister.co.uk:
Linus Torvalds defers closed source crunch. Read more

www.pcworld.com:
Web Postcards Hide Trojan Horse Programs. Read more

www.theregister.co.uk:
Hacker law change gets ‘elevator pitch’ in parliament. Read more

www.theregister.co.uk:
Browser bugs sprout eternal. Read more

www.theregister.co.uk:
Ericsson hacker jailed for three years. Read more

www.iht.com:
Opening eyes to hackers. Read more

australianit.news.com.au:
Improved security for Messenger 7. Read more

www.theregister.co.uk:
Desktop Linux vs. Windows - don't get emotional. Read more

news.zdnet.com:
IT pros consider desktop Linux. Read more

www.vnunet.com:
IT managers ignore mobile security. Read more

searchsecurity.techtarget.com:
How 20% effort can get you 80% security. Read more

software.silicon.com:
SP2: Businesses slowly accepting Windows update. Read more

www.cbronline.com:
Microsoft confident on Windows XP SP2 despite user caution. Read more

06 April 2005

Guides, Papers, etc
www.microsoft.com:
Technical Overview of Windows Server 2003 Service Pack 1 (SP1). Read more

www.securityfocus.com:
Windows 2003 SP1. Read more

www.microsoft.com:
The Day After: Your First Response To A Security Breach. Read more

isc.sans.org:
March 2005 DNS Poisoning Summary. Read more

www.nhtcu.org:
HI-TECH CRIME
THE IMPACT ON UK BUSINESS 2005. (pdf) Read more

www.security.org.sg:
JSP Backdoor Reverse Shell Analysis. Read more

www.security.org.sg
HTML files in Local Computer Zone.
Users are normally aware of the risk associated with opening unknown EXE, COM, SCR or PIF files that might contain Trojan horses.
However, users usually assume that HTML files will not cause any harm to their systems and are safe to open. In this report, we analyse a HTML file containing malicious VB script that extracts and executes a malicious EXE when opened in Local Computer Zone. Read more

www.whatthehack.org
What The Hack is an outdoor hacker conference/event taking place on a large event-campground in the south of The Netherlands from 28 until 31 July 2005.
Read more

Datenbank Rootkits (English Language)

 

Tools:
www.security.org.sg:
Win2K/XP SDT Restore 0.2 (Proof-Of-Concept)
Win32 Kernel Rootkits modify the behaviour of the system by Kernel Native API hooking.
This technique is typically implemented by modifying the ServiceTable entries in the Service Descriptor Table (SDT).
This allows kernel rootkits to hide files, processes, and to prevent process termination. This proof-of-concept tool demonstrates the possibility of defeating such rootkits by removing Kernel Native APIs hooks and restoring the SDT back to its original state. Read more

www.security.org.sg:
Win2K Kernel Hidden Process/Module Checker 0.1 (Proof-Of-Concept).
Win32 Kernel Rootkits hide running processes from users using techniques like Kernel Native API Hooking, or by directly unlinking the process's EPROCESS entry from ActiveProcessLinks. Such techniques are very effective in hiding processes, and are very difficult to detect with user-mode tools. This proof-of-concept tool demonstrates how hidden processes can be detected by directly traversing both the Kernel's ActiveProcessList and the Kernel scheduler's ETHREAD lists.
This tool can also traverse the Kernel's PsLoadedModuleList to detect kernel modules/drivers that are hidden by hooking the ZwQuerySystemInformation native API. Read more

www.security.org.sg:
AntiHookExec Version 1.0 (Anti API Hooking Proof-Of-Concept).
API hooking is a useful technique that can be used to monitor API calls used by Win32 programs. This allows understanding of the programs' functionalities based on the APIs that are called and their input parameters. However, API hooking is also used by rootkits and other malicious code to modify the behaviour of certain APIs to hide files, network ports, processes or services. his proof-of-concept code demonstrates how to overcome some of the user space API hooking techniques to execute a specified EXE that is free from API hooks. This program has been tested to work against HackDefender Version 1.0 rootkit for Windows. Read more

www.security.org.sg:
Windows Key Logging and Counter-Measures. Read more

 

Vulnerabilities & Exploits
www.ngssoftware.com:
Sybase ASE Multiple Security Issues. Read more

www.securitytracker.com:
Remstats Lets Local Users Gain Elevated Privileges and Remote Users Execute Arbitrary Commands. Read more

www.securitytracker.com:
Gaim Can Be Crashed By Remote Users Sending Invalid Jabber File Transfer Requests. Read more

www.securitytracker.com:
GetDataBack for NTFS Discloses License Key to Local Users. Read more

www.securitytracker.com:
Netscape Browser Javascript Regex Parsing Error Discloses Memory to Remote Users. Read more

www.securitytracker.com:
phpMyAdmin Input Validation Bug in 'convcharset' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
FreeBSD sendfile(2) Discloses Kernel Memory. Read more

www.securitytracker.com:
PayProCart Authentication Bug Grants Remote Users Administrative Access and Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
PHP-Nuke Input Validation Flaws in Search, FAQ, and Banners Modules Permit Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
SonicWALL SOHO/10 Firewall Input Validation Holes Let Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securiteam.com
ArGoSoft FTP Server Buffer Overflow Exploit (DELE). Read more

www.securiteam.com
phpBB Calendar Pro catergory Parameter SQL Injection. Read more

www.securiteam.com
Vulnerability in WINS Allow Remote Code Execution (Exploit, MS04-045). Read more

 

News
www.theregister.co.uk:
Google and Yahoo! accused of click fraud collusion. Read more

home.businesswire.com:
IMlogic Threat Center Reports Steady Rise in Targeted Attacks on Instant Messaging Networks in Q1 2005. Read more

www.theregister.co.uk:
In praise of Windows 2003 SP1. Read more

www.theregister.co.uk:
eCrime cost UK.biz £2.4bn in 2004. Read more

news.zdnet.co.uk:
HSBC deluged by viruses. Read more

www.detnews.com:
Experts fear wireless computer viruses. Read more

www.smh.com.au:
Virus attacks up 50% in 2004: study. Read more

www.newsfactor.com:
Mabir.A Phone Virus Uses Social Networking. Read more

www.theregister.co.uk:
Sybase invokes licence gag in flaw disclosure row. Read more

05 April 2005

Guides, Papers, etc
Datenbank Rootkits (German Language)

www.exploitx.com:
How to write remote exploits ( V. 1.1). Read more

www.exploitx.com:
The Arti of Rootkits. Read more

 

Tools:
red-database-security.com:
Repscan is a repository integrity scanner for Oracle databases.
You can use repscan to find database rootkits. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
MailEnable Unspecified Bugs in IMAP and SMTP Services Let Remote Users Deny Service. Read more

www.securitytracker.com:
Mozilla Browser Javascript Regex Parsing Error Discloses Memory to Remote Users. Read more

www.securitytracker.com:
Mozilla Firefox Javascript Regex Parsing Error Discloses Memory to Remote Users. Read more

www.securitytracker.com:
Comersus Input Validation Hole in 'username' Field Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Turnkey Websites Shopping Cart Input Validation Bugs Let Remote Users Inject SQL Commands. Read more

www.securitytracker.com:
'Yet Another Forum.net' Input Validation Holes Permits Cross-Site Scripting Attacks. Read more

aluigi.altervista.org:
An introduction to the Fake players bug and DoS 0.1.1. Read more

class101.org:
BakBone NetVault Local Stack Buffer Overflow. (pdf) Read more

 

News
www.theregister.co.uk:
Join Microsoft. Save the world. Read more

news.com.com:
Mabir virus comes a-calling. Read more

www.cio-today.com:
Virus Writers Target Mobile Phones. Read more

www.pcauthority.com.au:
Hackers want cash, not fame. Read more

www.theregister.co.uk:
Text me and I'll reply with a virus. Read more

www.smh.com.au:
Phishing suspect nabbed in Estonia. Read more

www.theregister.co.uk:
Trojan phishing suspect hauled in. Read more

www.theregister.co.uk:
Hacking Google for fun and profit. Read more

www.exploitx.com:
Fraud over the net. Read more

news.zdnet.co.uk:
UK citizens confused by security terminology. Read more

04 April 2005

Guides, Papers, etc
www.detnews.com:
Hot spots for hackers: Wireless networks. Read more

nwc.securitypipeline.com:
7 Myths About Network Security. Read more

 

News
www.zdnet.com.au:
MSN Messenger spreads worm, not love. Read more

www.bizjournals.com:
Toward more secure ATMs. Read more

www.vnunet.com:
Financial spam booms as tax year ends. Read more

www.pcmag.com:
WordPress Under Fire for Search-Engine Spamming. Read more

www.zdnet.com.au:
PHP flaw threatens photo uploads. Read more

www.arnnet.com.au:
New bugs found in Outlook, Internet Explorer. Read more

www.bsudailynews.com:
Company helps military fight against hackers. Read more

03 April 2005

Guides, Papers, etc
www.computerworld.com:
Log-on type codes revealed. Read more

www.computerworld.com:
Tips on testifying in a computer crimes case. Read more

 

Tools:
AFX Rootkit 2005 by Aphex
This program patches Windows API to hide certain objects from being listed.
Current Version Hides:
a) Processes
b) Handles
c) Modules
d) Files & Folders
e) Registry Keys & Values
f) Services
g) TCP/UDP Sockets
h) Systray Icons

 

Vulnerabilities & Exploits
www.securitytracker.com:
SiteEnable Lets Remote Users Inject SQL Commands and Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Linux ext2_make_empty() Discloses Information to Remote and Local Users. Read more

www.securitytracker.com:
bzip2 Race Condition Lets Local Users Modify Permissions of Certain Files. Read more

www.securitytracker.com:
AlstraSoft EPay Pro Include File and Input Validation Holes Let Remote Users Execute Commands and Conduct Cross-Site Scripting Attacks. Read more

 

News
nwc.systemsmanagementpipeline.com:
March's Bug Story: Old Worms and Phishing in the Office. Read more

www.computerworld.com:
DNS 'pharming' attacks target .com domain. Read more

news.zdnet.co.uk:
Police: New laws won't tackle cybercrime. Read more

news.zdnet.co.uk:
Official: Cybercrime is growing. Read more

02 April 2005

Guides, Papers, etc
www.theregister.co.uk:
Hardware is secure (false). Read more

Honeycomb. Creating Intrusion Detection Signatures Using Honeypots. Read more

www.honeyd.org:
Disabling Worms With Honeypots and Active Immunization. Read more

survey.mailfrontier.com:
MailFrontier Phishing IQ Test – UK Edition. Read more

hackaholic.org:
Hacking Unix Second Edition. Read more

 

Vulnerabilities & Exploits
www.hexview.com:
Microsoft Jet DB engine vulnerabilities. Read more

www.securitytracker.com:
NetVault Buffer Overflows Let Local and Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
IRC Services LISTLINKS Discloses Link Lists to Remote Users. Read more

www.securitytracker.com:
paBugs Lets Remote Authenticated Users Execute Arbitrary Commands. Read more

www.securitytracker.com:
BlueSoleil Object Push Directory Traversal Flaw Lets Remote Users Send Files to Arbitrary Locations. Read more

www.securitytracker.com:
MX Kart Input Validation Holes in 'category', 'manufacturer', and 'pages' Modules Permit SQL Injection. Read more

www.securitytracker.com:
paBugs Lets Remote Authenticated Users Execute Arbitrary Commands. Read more

www.securitytracker.com:
BlueSoleil Object Push Directory Traversal Flaw Lets Remote Users Send Files to Arbitrary Locations. Read more

www.securitytracker.com:
IRC Services LISTLINKS Discloses Link Lists to Remote Users. Read more

www.securitytracker.com:
MX Kart Input Validation Holes in 'category', 'manufacturer', and 'pages' Modules Permit SQL Injection. Read more

www.securitytracker.com:
MX Shop 'id_ctg' Input Validation Hole Lets Remote Users Inject SQL Commands. Read more

www.securitytracker.com:
PHP Infinite Loops in getimagesize() Lets Users Deny Service. Read more

www.securitytracker.com:
MaxWebPortal Input Validation Holes in 'events_functions' and 'links_add_form' Permit SQL Injection and Cross-Site Scripting Attacks. Read more

www.frsirt.com:
PHP 4.x/5.x Denial of Service and Security Bypass Vulnerabilities. Read more

www.frsirt.com:
Linux Kernel Futex Functions Local Denial Of Service Vulnerability. Read more

www.debian.org:
DSA-703-1 krb5 -- buffer overflows. Read more

www.debian.org:
DSA-702-1 imagemagick -- several vulnerabilities. Read more

www.caughq.org:
Chat Service Users - "Oops! Wrong Window" Information Disclosure. Read more

 

News
www.securitypipeline.com:
CoolWebSearch, Dubbed Adware's "Ebola," Tops Spyware Threat List. Read more

www.pcworld.com:
New Bugs Found in Outlook, Internet Explorer. Read more

news.zdnet.co.uk:
Microsoft admits to flaw in Windows patch. Read more

www.securitypipeline.com:
Marketers Get Technology To Block User Attempts To Delete Cookies. Read more

www.theregister.co.uk:
MS takes rod to phishers. Read more

www.theregister.co.uk:
Lawsuits drive 'Spam King' Richter to bankruptcy. Read more

01 April 2005

Guides, Papers, etc
www.benedelman.org:
Threats Against Spyware Detectors, Removers, and Critics
Threats and demands that certain software providers have made to those who detect, remove, and otherwise write about their products. Read more

www.computerworld.com:
Five mistakes of log analysis. Read more

 

Tools:
hxdef.czweb.org:
Hacker defender seems to have released a new version of his rootkit (available for 'only' 390 euros).
Not (yet) detected by any of the popular rootkit detectors ... Read more

www.cr0.net:
CacheDump recovers cached domain logon credentials (usernames & password hashes). Read more

www.fiddlertool.com:
Fiddler is a HTTP Debugging Proxy which logs all HTTP traffic between your computer and the Internet. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
Linux Kernel Deadlock Error in futex Functions Let Local Users Deny Service. Read more

www.securitytracker.com:
Samsung ADSL Router Discloses Files to Remote Users and May Grant Root Access Via Common Default Passwords. Read more

www.securitytracker.com:
ASP-DEv XM Forum Input Validation Errors in 'posts.asp' Permit Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
OpenBSD tcp(4) Bugs in Processing SACK Options Let Remote Users Deny Service. Read more

www.securitytracker.com:
Mailreader enriched/richtext MIME Type Filtering Bug Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Cisco VPN 3000 SSL Processing Bug Lets Remote Users Deny Service. Read more

www.securitytracker.com:
Kerio Personal Firewall Access Controls Can Be Bypassed Via Application Masquerading. Read more

www.securiteam.com:
mtFTPd Server Format String (Exploit). Read more

www.securiteam.com:
Cyrus IMAP IMAPMAGICPLUS Buffer Overflow (Exploit). Read more

 

News
news.com.com:
Bug hunter gets bounty from Mozilla. Read more

news.com.com:
Microsoft launches 117 anti-phishing suits. Read more

www.infoworld.com:
Microsoft expands Windows piracy check on downloads. Read more

www.zdnet.com.au:
Microsoft develops cybercrime-fighting tools. Read more

www.zdnet.com.au:
Brad Pitt virus targets Microsoft. Read more

www.securitypark.co.uk:
The demise of traditional perimeter defences. Read more

www.securitypark.co.uk:
Stranger Danger: The Threat from Social Engineering. Read more

www.vnunet.com:
'Old timers' fill March virus chart. Read more

www.vnunet.com:
Identity checks combat malware. Read more

www.vnunet.com:
CA to root out stray users. Read more

news.com.com:
Google enhances search for Firefox users. Read more


Copyright© MegaSecurity.org