Home    News Archive    Translate Traducen

News April 2007

28 April 2007 Guides, Papers, etc blogs.securiteam.com: Worse luck. Read more blogs.securiteam.com: Malware went commerical. Read more isc.sans.org: Lessons Learned from MS07-017. Read more blog.siteadvisor.com: WinFixer Strikes Again. Read more www.viruslist.com: Malware Miscellany, march 2007. Read more www.avertlabs.com: Job Offers That Might Get You in a LOT of Trouble. Read more reviews.cnet.com: Antispy vs. Antispy. Read more blogs.zdnet.com: Microsoft mulling major changes to ward off .ANI-type flaws. Read more www.eweek.com: Let's Get Fuzzing. Read more www.infectionvectors.com: Chaser: A Year of JPMorgan Chase Phish. Read more www.infectionvectors.com: Final Dispatch: Postcard Scams 2007. Read more www.pcworld.com: Antivirus Software Side-by-Side Comparison. Read more ha.ckers.org: Solving CAPTCHAs for Cash. Read more news.zdnet.co.uk: Video: Why you should encrypt your data. Watch video.google.com: Video: Towards HardLANs: Building intrusion detection to 1 Gbps and beyond. Watch video.google.com: Video: How To Break Web Software - A look at security vulnerabilities in web software. Watch   Vulnerabilities & Exploits securitytracker.com: IBM WebSphere Unspecified Flaw Has Unspecified Impact. Read more securitytracker.com: PostgreSQL Lets Remote Authenticated Users Gain Elevated SQL Privileges. Read more securitytracker.com: Novell eDirectory NCP Fragment Processing Bug Lets Remote Users Deny Service. Read more securitytracker.com: Symantec BackupExec Discloses Passwords to Local Users and Lets Local Users Execute Arbitrary Code. Read more   Tools: www.f-secure.com: Rescue-CD 2.00. Read more research.pandasoftware.com: New Panda Anti-Rootkit - Version 1.07. Read more   News www.vnunet.com: Automation the key to tackling malware. Read more blogs.authentium.com: Is the Security Industry fighting a losing battle? Read more blog.washingtonpost.com: Citibank Phish Spoofs 2-Factor Authentication. Read more www.securityfocus.com: No pay off in extortion attacks? Read more www.newsfactor.com: Malware Writers Target Google AdWords. Read more news.zdnet.com: Google pulls malicious sponsored links. Read more www.vnunet.com: Hacking damages 'routinely' overstated. Read more www.computerworld.com: $10K hack challenge winner says Vista's code more secure than Mac's. Read more www.newsfactor.com: Billion-Dollar Lawsuit Targets Big Spammers. Read more www.internetnews.com: Spammers Find New Ways Around Filters. Read more www.internetnews.com: Spammers Are Due For A Surprise. Read more www.computerworld.com: Satellite navigation users at risk for false messages. Read more

27 April 2007 Guides, Papers, etc blog.washingtonpost.com: Virus Writers Taint Google Ad Links. Read more www.darkreading.com: Microsoft's Happy Bugfinder. Read more www.viruslist.com: Malware Miscellany, february 2007. Read more www.symantec.com: DoS extortion is no longer profitable. Read more www.avertlabs.com: Malware Authors Pay to Steal Your Bank Passwords. Read more blogs.msdn.com: Lessons learned from the Animated Cursor Security Bug. Read more news.zdnet.co.uk: Video: Why Vista is a safe bet for security. Watch www.darkreading.com: Rutkowska Launches Own Startup. Read more www.darkreading.com: That's How Rumors Start. Read more www.darkreading.com: Discount Security. Read more www.pcworld.com: Companies Can't Break Ties to Adware. Read more www.technewsworld.com: Are Data Leaks Bleeding Your Company Dry? Read more www.mcs.vuw.ac.nz: Cloning Suspended VMware Virtual Machines. Read more isc.sans.org: The National Weather Service has issued... Read more blog.support-intelligence.com: Company Profile: Affiliated Computer Services. Read more www.computerworld.com: Audio: Computerworld TechCast: Botnets. Listen aolradio.podcast.aol.com: Computerworld TechCast: The Turing Test. Listen aolradio.podcast.aol.com: Audio: Security Now 89: WEP Insecurity. Listen   Vulnerabilities & Exploits securitytracker.com: CleverPath Input Validation Flaw Lets Remote Users Inject SQL Commands. Read more securitytracker.com: Microsoft Internet Explorer Digest Authentication Bug Lets Remote Users Conduct HTTP Request Splitting Attacks. Read more securitytracker.com: Mozilla Firefox Digest Authentication Bug Lets Remote Users Conduct HTTP Request Splitting Attacks. Read more securitytracker.com: Apple QuickTime Integer Overflow in FlipFileTypeAtom_BtoN() Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: HP-UX Sendmail Lets Remote Users Deny Service. Read more securitytracker.com: Apple QuickTime Heap Overflow in JVTCompEncodeFrame() Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Corel Paint Shop Pro Buffer Overflow in Processing '.clp' Files Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Adobe Photoshop Buffer Overflow in Processing BMP/DIB/RLE Files Lets Remote Users Execute Arbitrary Code. Read more   Tools: blogs.msdn.com: Debugging Tools for Windows Updated. Read more www.cdc.informatik.tu-darmstadt.de: aircrack-ptw. Read more   News www.securityfocus.com: New England bankers sue TJX for breach. Read more www.theregister.co.uk: Pentagon 'hacker' questions US cost claims. Read more www.theregister.co.uk: Hackers debut spam and virus sandwich. Read more www.theregister.co.uk: Another 419 scam ring nicked. Read more computerworld.com: E-mail harvesters hit with $1B antispam lawsuit. Read more www.infoworld.com: NY teen hacks AOL, infects systems. Read more www.nypost.com: TEEN IN AOL 'HACK ATTACK'. Read more www.itnews.com.au: Experts warn of .doc attacks. Read more www.itnews.com.au: Hacking tools top malware threats. Read more

26 April 2007 Guides, Papers, etc www.securityfocus.com: 0wning Vista from the boot. Read more www.nvlabs.in: Video: Vbootkit on RC1 Sample video. Watch www.nvlabs.in: Video: Vbootkit on RC2 Sample video. Watch www.avertlabs.com: Breakdown: How Does AV Software Deal With Software Exploits? Read more msmvps.com: Winfixer and ValueClick – an oft appearing association. Read more www.symantec.com: Spam Attack: RARed Trojan. Read more blogs.technet.com: Three Microsoft Announcements. Read more ddanchev.blogspot.com: Shots from the Malicious Wild West - Sample Seven. Read more ddanchev.blogspot.com: Malware Infected Removable Media. Read more ddanchev.blogspot.com: Outsourcing The Spying on Your Wife. Read more www.darkreading.com: Microsoft's Happy Bugfinder. Read more www.darkreading.com: Microsoft's Buggin' Report. Read more honeyblog.org: CWSandbox vs. ALLAPLE. Read more www.cioupdate.com: The Trouble with Rootkits. Read more blogs.securiteam.com: Mozilla: Firefox 1.5 support ends in April …No, in May. Read more www.securiteam.com: Google Talk (gTalk) HTML Injection Technique. Read more www.itconversations.com: Audio: Technometria: The Virus Problem. Listen zdpub.vo.llnwd.net: Live From RSA: Core Puts Vista to Security Test. Listen zdpub.vo.llnwd.net: Live from RSA, Day 2: Security Trends and Changes. Listen zdpub.vo.llnwd.net: Audio: Live from RSA, Day 3: Network Security Showdown. Listen   Vulnerabilities & Exploits securitytracker.com: Cisco NetFlow Collection Engine Default Passwords Let Remote Users Access the System. Read more securitytracker.com: HP StorageWorks Command View XP May Let Local Users Gain Elevated Privileges. Read more securitytracker.com: Linksys SPA941 Phone Can Be Crashed By Remote Users. Read more securitytracker.com: Asterisk Manager Interface NULL Pointer Dereference Lets Remote Users Deny Service. Read more securitytracker.com: Asterisk SIP Error Response Handling Bugs Let Remote Users Deny Service. Read more securitytracker.com: Sun Cluster Remote USCSICMD IOCTL Processing Bug Lets Remote Authenticated Users Deny Service.Read more securitytracker.com: CA BrightStor ArcServe Media Server Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Asterisk Buffer Overflow in SIP/SDP T.38 Support Lets Remote Users Execute Arbitrary Code. Read more   Tools: enterprise.linux.com: Review: BackTrack 2 security live CD. Read more   News www.securityfocus.co: Storm Worm marries malware and spam. Read more www.vnunet.com: Total malware volumes grow 'dramatically'. Read more blog.washingtonpost.com: Virus Writers Taint Google Ad Links. Read more www.vnunet.com: Microsoft rules out bounties for security exploits. Read more securitywatch.eweek.com: MS' e-Threat Fight Goes Global. Read more blog.wired.com: White House Task Force Proposes Criminalizing Harmless Hacks. Read more www.washingtonpost.com: Major Anti-Spam Lawsuit to Be Filed in Virginia. Read more technology.guardian.co.uk: Net firms 'could do more' to fight viruses. Read more www.theregister.co.uk: Phishers add call forwarding to their arsenal. Read more www.theregister.co.uk: Hackers debut malware loaded USB ruse. Read more news.bbc.co.uk: Heir 'hired firm to spy on wife'. Read more

25 April 2007 Guides, Papers, etc www.matasano.com: BREAKING: MacBook Vuln In Quicktime, Affects Win32 Apple Code. Read more isc.sans.org: Apple QuickTime Java Handling Unspecified Code Execution. Read more isc.sans.org: Microsoft Office Exploit. Read more blogs.ittoolbox.com: Google sponsored links not safe? Read more sam.zoy.org: PWNtcha - captcha decoder. Read more www.f-secure.com: The mystery deepens. Read more www.darkreading.com: Vendors Crank Up Email Security. Read more www.darkreading.com: Startup on Search and Destroy Mission. Read more   Vulnerabilities & Exploits securitytracker.com: Apple QuickTime Java Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: OpenBSD IPv6 Type 0 Route Headers May Let Remote Users Deny Service. Read more   Tools: stunnel.mirt.net: stunnel - multiplatform SSL tunneling proxy. Read more   News www.theregister.co.uk: QuickTime, not Safari, to blame for MacBook vuln. Read more blog.e-computer-security.info: Sentencing continues to be Continued.....Julie Amero....Will it ever end? Read more www.informationweek.com: Malware Spikes In 1Q As Hackers Increasingly Infect Web Sites. Read more www.whitehatsec.com: Popular Web Sites Highly Vulnerable to Attack. Read more news.zdnet.co.uk: OpenOffice password crack is open to abuse. Read more www.networkworld.com: E-Mail Scammers to Victims: Pay Up or Die. Read more www.freenewmexican.com: Internet crime rises in New Mexico. Read more www.vnunet.com: Drug dealers move into online fraud. Read more news.zdnet.co.uk: Preview: Infosecurity Europe 2007. Read more

24 April 2007 Guides, Papers, etc www.f-secure.com: Question of the day. Read more isc.sans.org: New Challenge: Microsoft Office Space - A SQL With Flair. Read more isc.sans.org: Follow the Bouncing Malware: Day of the Jackal. Read more www.sophos.com: Sophos reveals rise of web-based malware in Q1 2007. Read more blogs.zdnet.com: Russinovich: Malware will thrive, even with Vista’s UAC. Read more ddanchev.blogspot.com: OSINT Through Botnets. Read more www.darkreading.com: Sweetening the Honeypot. Read more www.darkreading.com: Odds Are, You're at Risk. Read more www.darkreading.com: Vista Cruising. Read more blog.siteadvisor.com: NASCAR? No, it's the Spy Sherrif Exploit. Read more chris.pirillo.com: Google Calendar Security Notice. Read more www.eweek.com: SMTP Authentication Update. Read more myappsecurity.blogspot.com: Reflection on Nish Bhalla. Read more www.securitypark.co.uk: How to protect against botnets. Read more www.scansafe.com: ScanSafe Reports up to 80 Percent of Blogs Host ‘Offensive Content’. Read more www.informit.com: The Best and Worst Internet Laws. Read more   News www.securityfocus.com: Mac flaw may also affect Windows. Read more www.theregister.co.uk: Program Names govern admin rights in Vista. Read more www.theinquirer.net: Microsoft admits Vista failure. Read more www.reuters.com: China aims to tame Internet and spread party line. Read more www.itnews.com.au: Nortel warns users of critical vulnerabilities. Read more arstechnica.com: Child porn case shows that an open WiFi network is no defense. Read more www.securityfocus.com: Task force pushes for unified ID theft laws. Read more www.theregister.co.uk: Feds urge tougher ID theft laws. Read more www.securitypark.co.uk: Computer viruses and spyware are a growing threat with Social Networking and Web 2.0. Read more www.btplc.com: Online consumers not scared off by cyber criminals. Read more www.pcadvisor.co.uk: Blogs infested with porn, hatred and malware. Read more

23 April 2007 Guides, Papers, etc support.microsoft.com: How to disable remote administration of the DNS Server service in Windows Server 2003 and in Windows 2000 Server. Read more blogs.securiteam.com: Challenge to hack OS X Server. Read more isc.sans.org: Safari 0day? Looks like... Read more isc.sans.org: Trojan posing as Codecs. Read more www.computerworld.com: FAQ: Here's the deal on the Windows DNS bug. Read more ddanchev.blogspot.com: Shots from the Malicious Wild West - Sample Five. Read more ddanchev.blogspot.com: Shots from the Malicious Wild West - Sample Six. Read more www.chicagotribune.com: Public Wi-Fi may turn your life into an open notebook. Read more www.computerworld.com: Be Careful What You Ask For ...Read more www.computerworld.com: The four seasons of a virtual machine. Read more www.matousec.com: Windows Personal Firewall Analysis. Read more   Vulnerabilities & Exploits securitytracker.com: ZoneAlarm 'srescan.sys' Driver Lets Local Users Gain System Privileges. Read more   Tools: diit.sourceforge.net: Digital Invisible Ink Toolkit. Read more   News www.theregister.co.uk: Safari zero-day exploit nets $10,000 prize. Read more seclists.org: Apparently eEye's blog got p0wnd. Read more www.usatoday.com: Cyberspies exploit Microsoft Office. Read more www.azcentral.com: Officials vow security probe at Palo Verde. Read more www.heise.de: German government approves retention of data. Read more www.computeractive.co.uk: Bulldog gives details on break in. Read more www.latimes.com: Google's data-storing feature fuels privacy fears. Read more news.zdnet.co.uk: SMEs 'blind' to illegal software risks. Read more www.dailytech.com: Update: STEAM Subsystem Compromised, Hacker Posts Ransom Demands. Read more www.itnews.com.au: Philippine government seeks a few good hackers. Read more www.businessweek.com: Utah mulls requiring wireless passwords. Read more

21 April 2007 Guides, Papers, etc isc.sans.org: port 443 / https increase. Read more www.avertlabs.com: Don’t Touch My Wii! Read more theinvisiblethings.blogspot.com: Understanding Stealth Malware. Read more www.secureworks.com: SecureWorks Uncovers $2 Million Russian Hacker Scheme. Read more www.securityfocus.com: Online Impersonations: No Validation Required. Read more www.heise-security.co.uk: Another hotfix for Microsoft’s ANI patch. Read more www.infoworld.com: Five steps for reducing unnecessary use of Administrator accounts. Read more sunbeltblog.blogspot.com: How one spam can ruin your day. Read more honeyblog.org: Security of virtual machines. Read more blogs.ittoolbox.com: WebAttacker is dead, long live WebAttacker. Read more www.schneier.com: A Security Market for Lemons. Read more ddanchev.blogspot.com: A Compilation of Web Backdoors. Read more www.davidnaylor.co.uk: Stopping bad robots with honeytraps. Read more www.darkreading.com: USBs' Giant Sucking Sound. Read more www.darkreading.com: Want Turns to Need. Read more www.eweek.com: The Decline of Adware. Read more techdirt.com: Can We Please Have Politicians Understand The Internet Before They Regulate It? Read more taviso.decsystem.org: An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments. Read more www.securitydocs.com: NetCat Tutorial. Read more battellemedia.com: News Analysis: Microsoft General Counsel on DoubleClick and Antitrust. Read more   Vulnerabilities & Exploits blogs.securiteam.com: Vulnerabilities fixed in ZoneAlarm - again. Read more securitytracker.com: PHP mail() Function Lets Remote Users Inject E-mail Headers. Read more securitytracker.com: Apple Help Viewer Format String Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Apple File Protocol Client Environment Variable Bug Lets Local Users Gain System Privileges. Read more securitytracker.com: Nortel VPN Router Lets Remote Users Access VPNs and Administrative Functions. Read more securitytracker.com: Mac OS X Bugs Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges. Read more securitytracker.com: Mac OS X writeconfig Utility Environment Variable Sanitation Bug Lets Local Users Gain Root Privileges. Read more securitytracker.com: Apple Installer Format String Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Apple LoginWindow Lets Local Users Bypass Authentication and Gain System Privileges. Read more   News www.theregister.co.uk: Satnav hacking made simple. Read more www.viruslist.com: Hacker threatens Valve with releasing its customers financial data. Read more news.com.com: MacBook hacked in contest at security event. Read more www.theregister.co.uk: Russians crack OpenOffice security. Read more www.betanews.com: Google Wants Your Web History. Read more www.washingtonpost.com: Advocates Sue Yahoo In Chinese Torture Case. Read more

20 April 2007 Guides, Papers, etc www.f-secure.com: Military Targets. Read more www.viruslist.com: Anti-Spam Appliance spammed: the protectors need protecting too. Read more isc.sans.org: Malware Soup du Jour. Read more www.symantec.com: Tales of the \u-nexpected. Read more blog.vulnerableminds.com: And your mother's maiden name? Read more www.darkreading.com: Aliens, Protein, and Bots. Read more www.darkreading.com: Users Confess Security Fears. Read more www.net-security.org: Video: New Security Features in Internet Explorer 7. Watch   Vulnerabilities & Exploits securitytracker.com: Gracenote CDDBControl ActiveX Control Buffer Overflow in Processing Proxy Control Parameters Permits Remote Code Execution. Read more securitytracker.com: Phorum Input Validation Holes Permits Cross-Site Scripting and SQL Injection Attacks. Read more securitytracker.com: BMC Performance Manager Lets Remote Users Modify the 'masterAgentName' and 'masterAgentStartLine' Parameter to Execute Arbitrary Code. Read more securitytracker.com: BMC Patrol Memory Corruption Error in 'bgs_sdservice.exe' May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: IBM Tivoli Monitoring Express Heap Overflow in Universal Agent Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Novell GroupWise WebAccess Buffer Overflow in Processing HTTP Basic Authentication Lets Remote Users Execute Arbitrary Code. Read more   Tools: www.secustick.nl: The secustick is the latest ultimate device to protect your highly classified data. Due to it’s unique technology it has the ability to destroy itself once an incorrect password has been entered. Read more   News www.cnn.com: Yahoo sued for informing China on dissidents. Read more www.theregister.co.uk: Phishing attack evades bank's two-factor authentication. Read more www.securityfocus.com: MacBooks withstand mild attacks on patch day. Read more www.securityfocus.com: Firmware flaw threatens routers, phones. Read more news.zdnet.com: Bug hunter targets routers, other gadgets. Read more www.vnunet.com: Nationwide cracks down on phishing. Read more www.theregister.co.uk: Operation Ore: evidence of massive credit card fraud. Read more www.itnews.com.au: Uber-rootkits challenge security community. Read more www.theregister.co.uk: Scumbag malware authors exploit Virginia Tech tragedy. Read more www.itnews.com.au: Malware spam promises Virginia Tech video. Read more australianit.news.com.au: How hackers got Washington. Read more www.computerworld.com: When World of Warcraft spreads to your world. Read more news.zdnet.com: Cyberattacks at federal agencies draw House scrutiny. Read more www.dailytech.com: Update: STEAM Subsystem Compromised, Hacker Posts Ransom Demands. Read more newsroom.cisco.com: Security Professionals Taking New Threats in Their Stride. Read more techdirt.com: Saying You Have An Open WiFi AP May Not Help You Beat Child Porn Charges. Read more aolradio.podcast.aol.com: Security Now 88: Your Questions, Steve's Answers #18. Listen www.itnews.com.au: Barracuda snaps at spammers. Read more

19 April 2007 Guides, Papers, etc www.f-secure.com: Warezov Back in Action? Read more www.messagelabs.com: MessageLabs Intelligence Targeted Attack Report: Increase in One-on-One Targeted Attacks. Read more www.avertlabs.com: Good Intentions Gone Awry. Read more www.microsoft.com: The Sender ID Framework is an e-mail authentication technology protocol that helps address the problem of spoofing and phishing by verifying the domain name from which e-mail is sent. Read more www.eeye.com: Zero Days, Unknown Malware, and Hackers for Hire. Read more blogs.authentium.com: Antivirus Testing. Read more isc.sans.org: We need your help: VA Tech Domains. Read more www.sophos.com: Barclays chip-and-pin devices will reduce - but not eliminate - risk of fraud. Read more www.darkreading.com: Botnets Battle Over Turf. Read more www.darkreading.com: Targeted Attacks on the Rise. Read more www.darkreading.com: Control Phreak. Read more www.darkreading.com: Because That's Where the Money Is. Read more www.technewsworld.com: The Mushrooming Menace of Keyloggers. Read more omeganz.net: Capture - A Honeypot Client. Read more www.auto.tuwien.ac.at: The 5th ACM Workshop on Recurring Malcode (WORM 2007). Read more blog.wired.com: Web 2.0 Expo: Vidoop and 'The New Vault'. Read more www.mcafee.com: Rootkits Part 2: A Technical Primer. Read more   Vulnerabilities & Exploits securitytracker.com: ProFTPD Auth API State Error May Let Remote Users Access the System in Certain Cases. Read more securitytracker.com: Sun Java Web Console Format String Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: McAfee E-Business Server Administration Interface Can Be Crashed By Remote Users Sending Invalid Packet Length Header Values. Read more securitytracker.com: McAfee VirusScan Enterprise Buffer Overflow in Processing Multi-Byte Character Filenames May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Oracle Database and Other Products Have Unspecified Vulnerabilities With Unspecified Impact. Read more securitytracker.com: webMethods Glue 'resource' Parameter Lets Remote Users Traverse the Directory. Read more   Tools: www.secustick.nl: The secustick is the latest ultimate device to protect your highly classified data. Due to it’s unique technology it has the ability to destroy itself once an incorrect password has been entered. Read more   News www.securityfocus.com: Attackers improve on JavaScript trickery. Read more www.securityfocus.com: Rinbot adds attack on Microsoft DNS flaw. Read more www.theregister.co.uk: US Navy malware infection risked submarine prang. Read more news.com.com: Report: Rootkits becoming increasingly complex. Read more www.theregister.co.uk: Study: Users pay for Microsoft patent woes. Read more www.sophos.com: Malware attack poses as camera phone footage of Virginia Tech tragedy. Read more www.allheadlinenews.com: Hackers Invited To Break Into Philippine Internet Voting System. Read more news.bbc.co.uk: Two cautioned over wi-fi 'theft'. Read more news.bbc.co.uk: Windows XP to be retired in 2008. Read more www.reuters.com: China official blames Internet for youth crime. Read more

18 April 2007 Guides, Papers, etc www.usenix.org: The Ghost In The Browser Analysis of Web-based Malware. Read more www.symantec.com: The Evolution of Peacomm to "all-in-one" Trojan. Read more isc.sans.org: Phishers taking advantage of Virginia Tech tragedy. Read more www.sophos.com: Worm spreads via zero day Microsoft DNS vulnerability. Read more www.f-secure.com: Question of the day. Read more sunbeltblog.blogspot.com: The definition of audacity. Read more sunbeltblog.blogspot.com: A new slicker image spam. Read more blogs.securiteam.com: Follow up to my post about my ex-ISP’s backdoor. Read more blogs.ittoolbox.com: The world has changing. Read more www.avertlabs.com: Another passenger for your bus? Read more www.youtube.com: Video: Ctrl + Alt + Del: the history...Watch   Vulnerabilities & Exploits www.frsirt.com: McAfee VirusScan Enterprise On-Access Scan Remote Command Execution Vulnerability. Read more securitytracker.com: Akamai Download Manager ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Clam AntiVirus Buffer Overflow in cab_unstore() Lets Remote Users Execute Arbitrary Code. Read more   Tools: www.itsecurity.com: 103 Free Security Apps for Mac, Windows and Linux. Read more   News news.bbc.co.uk: Online banking fraud 'up 8,000%'. Read more blog.wired.com: GoDaddy Registers Dozens of Questionable Virginia Tech Names. Read more blog.wired.com: Profiteers Snap Up Virginia Tech Domains? Read more www.theregister.co.uk: ISP ejects whistle-blowing student. Read more www.vnunet.com: Experts call for public disclosure of information leaks. Read more news.bbc.co.uk: Wireless hijacking under scrutiny. Read more www.darkreading.com: Experts: DNS Attacks Could Go Deeper. Read more www.theregister.co.uk: University admins lend phishers a hand. Read more www.theregister.co.uk: Phishers spread their nets. Read more www.theregister.co.uk: Adware poses as ActiveX control. Read more www.infoworld.com: P2P worms get their turn. Read more www.vnunet.com: Stiletto model malware spreads via Skype. Read more

17 April 2007 Guides, Papers, etc www.symantec.com: Attacks on Virtual Machine Emulators. http://www.symantec.com/avcenter/reference/Virtual_Machine_Threats.pdf blog.spywareguide.com: Chinese VM Detection, With a Splash of Adware. Read more blog.spywareguide.com: China Internet Network Information Center: On Your PC Whether You Want Them or Not. Read more www.avertlabs.com: RPC DNS Worm Spotted In The Wild. Read more www.avertlabs.com: Validating the sender domain (Keeping spam out of the network #2). Read more www.sophos.com: New model malware spreads stiletto pics via Skype. Read more isc.sans.org: New Rinbot scanning for port 1025 DNS/RPC. Read more www.darkreading.com: SCADA State of Denial. Read more www.darkreading.com: WiFi Wevenge. Read more www.darkreading.com: Nada Day. Read more www.kbcafe.com: YouTube Spam. Read more myappsecurity.blogspot.com: Reflection on Ory Segal. Read more www.securityfocus.com: Notes On Vista Forensics, Part One. Read more www.securityfocus.com: Notes On Vista Forensics, Part Two. Read more www.rsf.org: Handbook for bloggers and cyber-dissidents. Read more www.sans.org: CyberLaw 101: A primer on US laws related to honeypot deployments. Read more www.eweek.com: Restarting the Internet ... Again. Read more podcasts.mcafee.com: Audio:AudioParasitics Episode 4, Listen   Vulnerabilities & Exploits securitytracker.com: SSH Tectia Server Insecure File Permissions May Let Local Users Gain Elevated Privileges. Read more www.nop-art.net: A buffer overflow vulnerability has been found in airodump-ng, part of the aircrack-ng package. Read more   News www.theregister.co.uk: Zombies infiltrate US military networks. Read more blogs.zdnet.com: Microsoft’s advisories giving clues to hackers. Read more www.securityfocus.com: Report: Lenders illicitly accessing student database. Read more www.computerworld.com: Feds get an overall 'C' on security; a third of agencies get 'F's. Read more www.securityfocus.com: Microsoft warns of DNS server attacks. Read more news.bbc.co.uk: Employers warned on email spying. Read more www.renesys.com: IPv6 is for Porn? Read more www.theregister.co.uk: Skype IM malware smut surfaces. Read more www.computerweekly.com: Malware outbreak 'largest in almost a year'. Read more www.kuwaittimes.net: Botnets a hidden menace. Read more news.zdnet.co.uk: Storm worm stirs up email virus chaos. Read more greenvilleonline.com: Student charged with hacking school computers. Read more today.reuters.co.uk: Four-fold increase in serious child abuse on Web. Read more www.prnewswire.com: Man Sentenced to Life in Prison for Producing Video of Toddler Being Sexually Abused. Read more

16 April 2007 Guides, Papers, etc isc.sans.org: Update on Microsoft DNS vulnerability. Read more www.f-secure.com: Another Skype Worm. Read more isc.sans.org: Gaming Malware. Read more www.internetnews.com: Cybersquatters Beware TypoSquasher. Read more blogs.securiteam.com: extractQuotedChar() function blamed for RPC vulnerability. Read more www.sans.org: Egress Filtering FAQ. Read more www.blackhat.com: Attack Patterns: Knowing Your Enemies in Order to Defeat Them. Read more www.irongeek.com: Video: Making Windows Trojans with EXE Binders (AKA:Joiners), Splice and IExpress. Read more   Vulnerabilities & Exploits securitytracker.com: LANDesk Management Suite Buffer Overflow in 'Aolnsrvr.exe' Lets Remote Users Execute Arbitrary Code. Read more   Tools: a2-blog.com: Play Games at Work, Surf the Net, Chat, etc. Undetected. Read more   News www.philly.com: 'Hacker Boot Camp' teaches security tactics. Read more www.msnbc.msn.com: The IRS warns of a late-breaking Internet tax scam, just before the April 17 deadline. Are you at risk? Read more tech.monstersandcritics.com: Long weekend for IT professionals due to DNS vulnerability. Read more australianit.news.com.au: Scrap the net and start again. Read more

14 April 2007 Guides, Papers, etc blogs.securiteam.com: Microsoft: Yes, the Windows Server DNS vuln exists. Read more isc.sans.org: More info on the Windows DNS RPC interface vulnerability. Read more blogs.technet.com: More information on Microsoft Security Advisory 935964. Read more blogs.securiteam.com: When is a security researcher (white hacker) a journalist? Read more secmaniac.blogspot.com: Microsoft DOC bugs and friends. Read more sunbeltblog.blogspot.com: Google buys DoubleClick. And is now the most powerful behavioral marketer on the planet. Read more sunbeltblog.blogspot.com: Omerta still dealing with fake Omerta malware. Read more blog.vulnerableminds.com: Sometimes its better to sleep on it. Read more www.darkreading.com: Zero-Day Fever. Read more www.darkreading.com: That Air of Danger. Read more www.darkreading.com: Strength in Numbers. Read more www.processor.com: One-Time Password Technology. Read more www.infoworld.com: Five steps for reducing unnecessary use of Administrator accounts. Read more www.washingtonpost.com: 'Delete' Doesn't Mean 'Disappear'. Read more www.eweek.com: Consumers Care About Security a Lot Less Than They Say They Do. Read more www.technewsworld.com: ID Theft Knows No Boundaries. Read more bindshell.net: Manipulating FTP Clients Using The PASV Command. Read more www.f-secure.com: Video - Rock Phish. Read more www.youtube.com: Video: Hacking Cisco NAC - NACATTACK. Read more   Vulnerabilities & Exploits www.microsoft.com: Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution. Read more securitytracker.com: Solaris IP Stack Fragment Processing Bug Lets Remote Users Degrade Performance. Read more securitytracker.com: Microsoft Windows DNS Service RPC Stack Overflow Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Opera IFRAME Character Encoding Inheritence Permits Cross-Site Scripting Attacks. Read more   News www.computerworld.com: Microsoft: Dangerous DNS server bug in Longhorn code, too. Read more blog.washingtonpost.com: Fortune 500s Unwittingly Become Spammers. Read more www.securityfocus.com: U.S. agencies get 'C-' for computer security. Read more www.usatoday.com: Researchers explore scrapping, rebuilding the Net. Read more www.securityfocus.com: Microsoft to wait and see on Vista activation hacks. Read more www.theregister.co.uk: Accused Pentagon hacker prosecution could backfire. Read more www.theregister.co.uk: Evil twins spread zombie plague. Read more www.computerworld.com: Massive spam shot of 'Storm Trojan' reaches record proportions. Read more www.theregister.co.uk: Killer virus hoax panics Pakistan. Read more www.vnunet.com: Bush under fire over '5 million' disappearing emails. Read more www.theregister.co.uk: China cracks down on net porn. Read more content.hamptonroads.com: Ex-contractor sentenced for sabotaging Navy subs. Read more

13 April 2007 Guides, Papers, etc www.f-secure.com: Zhelatin, Zipped, Zecurity? Read more www.avertlabs.com: You’re infected! Read more isc.sans.org: Microsoft Vulnerability in RPC on Windows DNS Server. Read more isc.sans.org: EXE/ZIP e-mail viruses (editorial). Read more www.symantec.com: Spam Attack: Zipped Trojan. Read more blogs.authentium.com: The Eye of the Storm. Read more blog.siteadvisor.com: Amusement Park Typosquatters Install Toolbar via Exploit. Read more www.sophos.com: Party girl Paris Hilton subject of Microsoft vulnerability spam attack. Read more ha.ckers.org: The Irony of Admin Passwords In Multi Admin Environments. Read more www.darkreading.com: X-Force Predicts Microsoft Exploit. Read more www.darkreading.com: 10 Hot Security Startups. Read more aolradio.podcast.aol.com: Audio: Security Now 87: SQL Injection. Listen   Vulnerabilities & Exploits securitytracker.com: Cisco Wireless LAN Controller Lets Remote Users Modify the Configuration and Deny Service. Read more securitytracker.com: Cisco Wireless Control System Lets Remote Users Read/Write Files and Remote Authenticated Users Gain Elevated Privileges. Read more securitytracker.com: CinePlayer Buffer Overflow in 'SonicDVDDashVRNav.dll' Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges. Read more securitytracker.com: Adobe Flash Player on Opera Has a Vulnerability with Unspecified Impact. Read more   News news.zdnet.co.uk: Vista DRM could hide malware. Read more news.zdnet.co.uk: Attackers target Windows DNS flaw. Read more www.vnunet.com: Microsoft investigates 4 new bugs. Read more www.theregister.co.uk: Cisco wireless products suffer multiple vulns. Read more www.vnu.co.uk: Evil Trojan twins control most of world's botnets. Read more www.theregister.co.uk: How much do security breaches cost anyway? Read more www.vnunet.com: Wikipedia 'broken beyond repair' says co-founder. Read more

12 April 2007 Guides, Papers, etc redtape.msnbc.com: WHO'S BEHIND CRIMINAL BOT NETWORKS? Read more blogs.securiteam.com: A Botted Fortune 500 a Day. Read more blogs.securiteam.com: Unusual smail (SPAM mail). Read more www.securecomputing.net.au: Hot or Not: Local privilege escalation vulnerabilities. Read more ha.ckers.org: Inter Protocol Exploitation. Read more sunbeltblog.blogspot.com: Spam with malware links. Read more blogs.authentium.com: Trojan.ADVQ. Read more www.zone-h.org: Microsoft leaves an open door to phishers! Read more www.gnucitizen.org: Application Layer Anti-virus/Firewall. Read more ddanchev.blogspot.com: Shots from the Malicious Wild West - Sample Three . Read more ddanchev.blogspot.com: Shots from the Malicious Wild West - Sample Two. Read more ddanchev.blogspot.com: Shots from the Malicious Wild West - Sample One. Read more www.darkreading.com: Mobile Phones: Hackers' Next Target. Read more blog.support-intelligence.com: Aflac Meet Mr. ED. Read more www.usenix.org: The Anatomy of Clickbot.A. read more isiom.wssrl.org: Optimising Malware. Read more isiom.wssrl.org: And you though you were safe after SLAMMER, not so, Swarms not Zombies present the greatest risk to our national internet infrastructure. Read more www.infectionvectors.com: Chaser: A Year of JPMorgan Chase Phish. Read more www.infectionvectors.com: Final Dispatch: Postcard Scams 2007. Read more www.greatwhitesnark.com: Why Bill Gates can’t get no respect. Read more   Vulnerabilities & Exploits securitytracker.com: Microsoft Word Lets Remote Users Cause Arbitrary Code to Be Executed. Read more securitytracker.com: Microsoft Windows Help File Heap Overflow Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Adobe Bridge Lets Local Users Gain Administrative Privileges. Read more securitytracker.com: Macromedia ColdFusion Unsafe Directory Permissions Lets Local Users Gain Root Privileges. Read more   News www.securityfocus.com: Consumers dump breached retailers, says study. Read more www.theregister.co.uk: Microsoft 'wait-and-see' on Vista BIOS hack. Read more www.theregister.co.uk: Five critical reasons to update Windows today. Read more news.zdnet.co.uk: McAfee journal offers 'Sage' security advice. Read more apcmag.com: Windows XP to be phased out by year's end despite customer demand. Read more www.expatica.com: German minister wants access to private computers. Read more

11 April 2007 Guides, Papers, etc www.sophos.com: Sophos research reveals dirty dozen spam-relaying nations. Read more www.pandasoftware.com: Sdbot and Gaobot make up most botnets. Read more www.f-secure.com: April's Security Update. Read more ddanchev.blogspot.com: Shots from the Malicious Wild West - Sample Four. Read more ddanchev.blogspot.com: Month of Malware Bugs Coming. Read more www.eweek.com: Harvesting Teenagers. Read more techdirt.com: FTC Wants Time In The Clink For Spyware Distributors. Read more www.darkreading.com: Your Own Users? Hacking? Read more www.darkreading.com: Critical WiFi Bug Found on Linux. Read more www.avertlabs.com: eThugs-R-US. Read more ha.ckers.org: Can I hide.to? Read more www.plagiarismtoday.com: Why Wordpress.com is Virtually Spam Free. Read more www.lightbluetouchpaper.org: There aren’t that many serious spammers any more. Read more www.securitycadets.com: 411-spyware.com - The new forum spammers? Read more blog.vulnerableminds.com: ShmooCon '07 Hack or Halo Virtual Machines Released. Read more www.financialexpress.com: Crime and punishment in cyberspace. Read more   Vulnerabilities & Exploits securitytracker.com: Windows Kernel Memory Mapping Permission Error Lets Local Users Gain System Privileges. Read more securitytracker.com: Windows Vista Client-Server Run-time Subsystem Lets Local Users Gain Elevated Privileges. Read more securitytracker.com: Microsoft Agent URL Parsing Bug Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Windows XP Universal Plug and Play Lets Remote Users on the Local Subnet Execute Arbitrary Code. Read more securitytracker.com: Microsoft Content Management Server Permits Cross-Site Scripting Attacks and Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: HP-UX Portable File System Lets Remote Users Gain Elevated Privileges. Read more securitytracker.com: HP-UX Running ARPA Transport Software Lets Local Users Deny Service. Read more securitytracker.com: ICQ File Transfer Traversal Flaw Lets Remote Users Modify the Storage Location During a File Transfer. Read more securitytracker.com: AIM File Transfer Traversal Flaw Lets Remote Users Modify the Storage Location During a File Transfer. Read more securitytracker.com: AirPort Extreme Base Station with 802.11n Discloses Filenames to Remote Users and Allows Incoming IPv6 Connections. Read more   Tools: www.grisoft.com: AVG Anti-Rootkit Free. Read more blog.wired.com: Geek Doormat for Those Who Don't Get Out Much. Read more   News www.securityfocus.com: Eastern European crime in on ANI attacks too. Read more www.theregister.co.uk: Trial in 419-related murder under way. Read more www.theregister.co.uk: Mozilla seeks security researchers to look at alpha code. Read more www.vnunet.com: Shoppers risk their information online. Read more news.com.com: FTC official: Let's imprison spyware distributors. Read more www.computing.co.uk: Cyber criminals to increasingly target mobile devices. Read more www.infoworld.com: McAfee: Cyber-crime will continue to pay. Read more www.technewsworld.com: Free Antivirus Download Roots Out Rootkits. Read more arstechnica.com: Spam to overtake human-issued e-mails in 2007. Read more

10 April 2007 Guides, Papers, etc www.alex-ionescu.com: Why Protected Processes Are A Bad Idea. Read more www.alex-ionescu.com: Introducting D-Pin Purr v1.0 - 32bit Edition. Read more blogs.technet.com: Microsoft Knowledge Base Article 925902 Updated. Read more blogs.technet.com: Botnets by Email. Read more www.avertlabs.com: Exploit-TaroDrop.b – Heuristics vs 0-day Gymnastics. Read more www.avertlabs.com: Obfuscating Image Files for Fun and Profit. Read more www.symantec.com: Trojan.Peacomm: Building a Peer-to-Peer Botnet. Read more www.symantec.com: Trojan.Peacomm Part 2 – The Botnet Evolves. Read more isc.sans.org: exe malware spammed under "Missile War" subjects. Read more sunbeltblog.blogspot.com: Protectwin (dot) com hijacks user desktops. Read more sunbeltblog.blogspot.com: Protectwin: The movie. Read more www.securitycadets.com: Ultimate Fixer, a Rogue to fix all your system woes. Not! Read more msmvps.com: An increase in attempts to exploit the Symantec Antivirus Remote Stack Buffer Overflow Vulnerability has been reported. Read more blogs.ittoolbox.com: ANI - Monday Apr 9th. Read more hexblog.com: Decompilation gets real. Read more www.darkreading.com: Researchers Put Nail in WEP's Coffin. Read more www.darkreading.com: WEP Wakeup Call. Read more www.darkreading.com: PCI Won't Save You. Read more rdist.root.org: JTAG attacks and PR submarines. Read more www.cybsec.com: Attacking the Giants: Exploiting SAP Internals. Read more www.computerworld.com.sg: Gartner: Virtualization security risks being overlooked. Read more www.networkworld.com: Has the end arrived for desktop antivirus? Read more blog.tmcnet.com: Microsoft Security as Humor, Salesforce.com's ContentExchange from Korel Buy, Customer Connect, Creston. Read more   Vulnerabilities & Exploits labs.idefense.com: AOL AIM and ICQ File Transfer Path-Traversal Vulnerability. Read more securitytracker.com: iPIX Image Well ActiveX Control Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Ichitaro Bug Lets Remote Users Execute Arbitrary Code. Read more   Tools: theartoffuzzing.com: ProxyFuzz is a man-in-the-middle non-deterministic network fuzzer written in Python. Read more   News www.informationweek.com: Microsoft Repatches Its .ANI Emergency Patch. Read more www.securityfocus.com: Storm Worm exploits Mideast tensions. Read more www.symantec.com: Middle East War, or just more junk email? Read more www.itnews.com.au: Experts: Install .ani patch immediately. Read more www.eweek.com: Microsoft ANI Patch Causes Problems with Third-Party Apps. Read more www.theregister.co.uk: ANI takers for Asus website virus? Read more australianit.news.com.au: Security must adapt to 'digital mafia'. Read more www.theregister.co.uk: Laptop thefts expose 40,000 Chicago teachers. Read more news.softpedia.com: Winamp Might Help an Attacker Exploit Your System. Read more www.vnu.co.uk: IT workers back 'Nasa hacker' McKinnon. Read more ha.ckers.org: Prosecute Victims - Worst Idea Ever? Read more news.com.com: No end in sight to hacking of 'WoW' accounts. Read more www.vnunet.com: Spam makes users turn away from email. Read more www.computerworld.com: Privacy Advocate Pushes to Protect Data in Public Records. Read more www.terra.net.lb: China moves to tackle Internet gaming addiction. Read more www.boston.com: Court: MySpace postings are free speech. Read more

07 April 2007 Guides, Papers, etc blogs.securiteam.com: It’s time to see iPodLinux PoC virus. Read more www.websense.com: Analysis of Malware Spread via SPAM and ANI vulnerability. Read more www.darkreading.com: Whirlpool Spins New Address Scheme. Read more www.darkreading.com: A 90-Proof Concept. Read more www.darkreading.com: Jack of All Security Trades. Read more www.informationweek.com: 10 Tip To Survive Online Tax Hacker & Phishing Attacks. Read more news.bbc.co.uk: 'Cheating' the search engines. Read more www.infoworld.com: When identity theft becomes standard operating procedure. Read more www.networkcomputing.com: He Said/He Said/He Said: Cracking on WEP. Read more www.esecurityplanet.com: The Critical XP Wi-Fi Patch You Need Today. Read more myappsecurity.blogspot.com: Reflection on Chris Shiflett. Read more support.microsoft.com: You may receive an "Access is denied" error message when you try to access a Web page that contains a script in Internet Explorer 6. Read more support.microsoft.com: Internet Explorer 6 may stop responding and does not display images in a Web page on a Windows XP Service Pack 2-based computer. Read more www.blackhat.com: Implementing and Detecting a PCI Rootkit. Read more www.blackhat.com: Software Virtualization Based Rootkits. Read more www.blackhat.com: Exploiting Similarity Between Variants to Defeat Malware. Read more geekz.co.uk: Bruce Schneier Facts. Read more   Vulnerabilities & Exploits securitytracker.com: Winamp MATLAB/ScreamTracker/Impulse Tracker File Memory Corruption Errors Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: Kaspersky Internet Security ActiveX Controls Let Remote Users View and Delete Files. Read more securitytracker.com: Kaspersky Anti-Virus ActiveX Controls Let Remote Users View and Delete Files. Read more securitytracker.com: Kaspersky Internet Security Buffer Overflow in Processing ARJ Archives Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Kaspersky Anti-Virus Buffer Overflow in Processing ARJ Archives Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Symantec Enterprise Security Manager Upgrade Interface Lets Remote Users Execute Arbitrary Code. Read more   News www.informationweek.com: Security Researchers Say Windows .ANI Problem Surfaced Two Years Ago. Read more www.computerworld.com: Researchers question Vista security after ANI exploit. Read more www.securityfocus.com: In Other News: Lame iPod virus, ASUS gets ANI'd. Read more www.technewsworld.com: iPod Proof-of-Concept Virus: No Teeth, No Legs. Read more www.vnunet.com: Microsoft gets back on the patch train for April. Read more news.bbc.co.uk: Cursor hackers target WoW players. Read more blog.wired.com: Court Okays Counter-Hack of eBay Hacker's Computer (Updated). Read more www.cnn.com: Turkey to block 'insulting' Web sites. Read more www.torontosun.com: Lottery scams rampant, says Competition Bureau. Read more www.thedenverchannel.com: Three Men Arrested In National Internet Sex Sting. Read more

06 April 2007 Guides, Papers, etc www.viruslist.com: iNfector for iPod. Read more www.viruslist.com: asus.com compromised: link to ANI exploit. Read more www.f-secure.com: iPod virus. Read more www.symantec.com: Farewell Graybird? Read more www.symantec.com: JIKTO Out and About. Read more www.avertlabs.com: One Spam Not To Open..Read more blogs.msdn.com: .avi exploit via e-mail: you'd think hackers would know how to spell 'Britney Spears'. Read more blogs.ittoolbox.com: ANI -Thursday evening ... late. Read more www.sophos.com: Less than half of IT professionals want McKinnon jailed for hacking crimes. Read more www.eweek.com: How Can We Take Domains Down Faster? Read more www.determina.com: Heap FengShuiin JavaScript. Read more www.cybsec.com: EXPLOITING SAP INTERNALS. A SECURITY ANALYSIS OF THE RFC INTERFACE IMPLEMENTATION. Read more www.determina.com: Exploiting Vista with ANI. Watch taosecurity.blogspot.com: Monitoring and Investigation Lessons. Read more taosecurity.blogspot.com: Taking the Fight to the Enemy Revisited. Read more www.darkreading.com: Solving IPTV's Security Problem. Read more www.darkreading.com: Hacking Bluetooth With a USB Stick. Read more www.darkreading.com: Laptop Lockdown. Read more www.cybercrime.gov: Prosecuting Computer Crimes. Read more www.blackhat.com: New Botnets Trends and Threats. Read more aolradio.podcast.aol.com: Audio: Security Now 86: Cross Site Scripting Part II. Listen rusiriusradio.com: Audio: Show #98: Everything The US Government is Doing About Security is Wrong. Listen news.zdnet.co.uk: Video: Windows cursor hack in action. Read more   Vulnerabilities & Exploits www.frsirt.com: VMware ESX Update Fixes Multiple Code Execution and Denial of Service Vulnerabilities. Read more securitytracker.com: Enterasys NetSight TFTPD and BOOTPD Servers Permit Remote Code Execution and Denial of Service Attacks. Read more securitytracker.com: ArcSDE Stack Overflow Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Kaspersky Anti-Virus for Workstations/File Server Heap Overflow in 'klif.sys' Lets Local Users Gain Elevated Privileges. Read more securitytracker.com: Kaspersky Internet Security Heap Overflow in 'klif.sys' Lets Local Users Gain Elevated Privileges. Read more securitytracker.com: Kaspersky Anti-Virus 'AxKLSysInfo.dll' ActiveX Control Lets Remote Users View Files. Read more   Tools: www.hamachi.cc: LogMeIn Hamachi is a zero-configuration virtual private networking (VPN) application. Read more   News www.irishdev.com: NASA hacker Gary McKinnon should NOT be sent to a US jail. Read more www.computerworld.com.au: Hackers offer subscription, support for their malware. Read more www.newsfactor.com: Microsoft Defends ANI Patch Delay. Read more www.theregister.co.uk: Linux malware for iPods poses little risk. Read more www.theregister.co.uk: Britney fears used as ANI exploit lure. Read more news.bbc.co.uk: Cursor hackers target WoW players. Read more www.computerworld.com: Researcher has new attack for embedded devices. Read more www.technewsworld.com: Retail Groups, FBI Launch Crime-Fighting Database. Read more www.infoworld.com: When identity theft becomes standard operating procedure. Read more www.microsoft-watch.com: Consumer Inertia Holds Back Vista. Read more

05 April 2007 Guides, Papers, etc blogs.technet.com: An inside look into building and releasing MS07-017. Read more www.net-security.org: Hackers convened in Amsterdam for Black Hat Europe. Read more www.zone-h.org: Crazy about ethical hacking. Read more www.it-observer.com: Image Spam: Getting the Picture? Read more blogs.msdn.com: Protected Mode for IE7 in Windows Vista - Is it On or Off? Read more isc.sans.org: telnetd deja vu, this time it is Kerberos 5 telnetd. Read more isc.sans.org: Is WEP dead yet? Should it be? Read more isc.sans.org: Various Vista Concerns. Read more www.guardian.co.uk: Story of a Credit Card Fraudster. A con as big as the Ritz, part 1. Read more www.guardian.co.uk: A con as big as the Ritz, part 2. Read more www.wired.com: Security Matters: Vigilantism Is a Poor Response to Cyber Attack. Read more www.usenix.org: First Workshop on Hot Topics in Understanding Botnets. Read more www.expresscomputeronline.com: Peeping into the hacker’s mind. Read more www.darkreading.com: Same as It Ever Was. Read more www.mnin.org: Analysis of ANI “anih” Header Stack Overflow Vulnerability, Microsoft Security Advisory 935423. Read more www.reghardware.co.uk: Why I won't buy a Dell next time. Read more podcasts.mcafee.com: Audio: AudioParasitics Episode 3. Listen   Vulnerabilities & Exploits www.gnucitizen.org: Firebug Goes Evil. Read more labs.idefense.com: Kaspersky AntiVirus SysInfo ActiveX Control Information Disclosure Vulnerability. Read more labs.idefense.com: Kaspersky Internet Security Suite klif.sys Heap Overflow Vulnerability. Read more www.zerodayinitiative.com: Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow Vulnerability. Read more securitytracker.com: IBM Lotus Domino Web Access Input Validation Hole in Processing Multipart MIME Messages Permits Cross-Site Scripting Attacks. Read more securitytracker.com: IBM Tivoli Business Service Manager Discloses Passwords to Local Users. Read more securitytracker.com: X11 libx11 Integer Overflow Lets Remote Users Deny Service. Read more   Tools: www.microsoft.com: Internet Connectivity Evaluation Tool. Read more theartoffuzzing.com: ProxyFuzz is a man-in-the-middle non-deterministic network fuzzer written in Python. Read more databasement.net: LocalRodeo - Client-side protection against JavaScript Malware. Read more   News www.securityfocus.com: Developers warned to secure AJAX design. Read more www.securityfocus.com: Briton charged with hacking loses extradition fight. Read more www.theregister.co.uk: Researchers unpick Vista kernel protection. Read more www.theregister.co.uk: MS releases emergency cursor bug fix. Read more www.informationweek.com: Hackers Promise 'Nude Britney Spears' Pix To Plant .ANI Exploit. Read more www.computerweekly.com: ABN pays out over hacked accounts. Read more www.viruslist.com: UAE gets new special anti-cybercrime body. Read more www.virusbtn.com: Spam costing US companies over $70 billion per year. Read more www.washingtonpost.com: Domain name application gives phishers a new foe. Read more www.thisishampshire.net: Identity theft nightmare. Read more www.theage.com.au: Bracing for attack Read more www.publictechnology.net: One third of UK firms don't report their security crime. Read more arstechnica.com: New attack cracks WEP in record time. Read more www.securitycadets.com: Chinese Adware Bundle with a Government Related Surprise. Read more

04 April 2007 Guides, Papers, etc www.f-secure.com: ANI Patch now Released! Read more support.microsoft.com: The Realtek HD Audio Control Panel may not start, and you receive an error message when you start the computer: "Illegal System DLL Relocation". Read more www.avertlabs.com: ANI Exploits Made Easy. Read more www.avertlabs.com: ANI Patch Released, Patch ASAP. Read more www.websense.com: Email Lures for ANI Zero-Day. Read more blogs.authentium.com: ANI Exploits, NX-bit, DEP, Protected Mode… jargon. Read more blogs.securiteam.com: Month of PHP Bugs: 31 days, 44 vulns. Read more www.darkreading.com: Malware & Attacker, Exposed. Read more www.mb.com.ph: How to spot fake Web sites. Read more www.cdc.informatik.tu-darmstadt.de: aircrack-ptw. Read more blogs.ittoolbox.com: Creative, Criminal, And Caught! Read more aolradio.podcast.aol.com: Audio: Security Now Special Edition: The Animated Cursor Vulnerability. Listen   Vulnerabilities & Exploits securitytracker.com: X11 Overflows Let Local Users Gain Root Privileges. Read more securitytracker.com: SolidWorks sldimdownload ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more securitytracker.com: Kerberos kadmin 'gss_buffer_t' May Be Freed Twice Allowing Remote Authenticated Users to Execute Arbitrary Code. Read more securitytracker.com: Kerberos kadmin/KDC Stack Overflow in krb5_klog_syslog() Lets Remote Authenticated Users Execute Arbitrary Code. Read more securitytracker.com: Kerberos telnetd Grants Access to Remote Users. Read more securitytracker.com: Windows Kernel GDI Color Parameter Bug Lets Local Users Gain System Privileges. Read more securitytracker.com: Windows Kernel GDI Input Validation Flaw in Processing Application Size Parameters Lets Local Users Gain System Privileges. Read more securitytracker.com: Windows TrueType Font Rasterizer Lets Local Users Gain System Privileges. Read more securitytracker.com: Windows Kernel EMF Image Processing Bug Lets Local Users Gain System Privileges. Read more securitytracker.com: Windows Kernel WMF Image Processing Lets Remote Users Deny Service. Read more securitytracker.com: HP Mercury Quality Center Lets Remote Authenticated Users Execute SQL Commands. Read more securitytracker.com: IBM AIX Buffer Overflow in drmgr Command May Let Local Users Gain Elevated Privileges. Read more securitytracker.com: IBM Tivoli Provisioning Manager Memory Corruption Error in Processing HTTP POST Requests May Let Remote Users Execute Arbitrary Code. Read more securitytracker.com: ImageMagick DCM and XCM Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more   News www.microsoft.com: Microsoft Security Bulletin Summary for April 2007. Read more isc.sans.org: Microsoft Patch Maybe Causing Some Problems. Read more www.reuters.com: British hacker loses U.S. extradition appeal. Read more www.heise-security.co.uk: From root kit to boot kit: Vista's code signing compromised. Read more www.theregister.co.uk: Windows Vista license change tackles virtualization. Read more www.networkworld.com: First-hand account: How free Web hosters profit from phishing sites. Read more www.register-herald.com: IRS warns of phony e-mails claiming to come from IRS. Read more www.channel4.com: 25% 'completely exposed' to hackers. Read more www.reuters.com: FBI checks gambling in Second Life virtual world. Read more www.channelregister.co.uk: Microsoft hits Middle East pirates. Read more

03 April 2007 Guides, Papers, etc blogs.securiteam.com: Put Security Alongside .XXX. Read more blogs.securiteam.com: eEye’s Patch - Bypassed. Read more blogs.securiteam.com: Bleeding edge Snort rule won’t catch all (ANI). Read more www.f-secure.com: Warezov Returns. Read more www.symantec.com: Day One for Zero-Days – ISTR XI Vulnerability Trends. Read more www.avertlabs.com: S-s-s-something From the Comments. Read more www.avertlabs.com: “MovieCommander! No it’s DnsChanger”. Read more isc.sans.org: Week of Vista bugs is a hoax. Read more erratasec.blogspot.com: ANI 0day vs. intrusion detection providers. Read more asert.arbornetworks.com: Nugache: TCP port 8 Bot. Read more reviews.cnet.com: Botnets for sale. Read more www.computerworld.com.au: Rootkits outfox old-school malware protection. Read more logicx.net: Jikto Source Code Situation. Read more portal.spidynamics.com: Jikto in the wild. Read more www.websense.com: Automated Defacement through Search Engines. Read more www.fortifysoftware.com: JavaScript Hijacking. Read more www.darkreading.com: A Hack With Teeth. Read more www.darkreading.com: Where's Security? Read more www.theregister.co.uk: Day dawns for Metasploit 3.0. Read more conf.vnsecurity.net: Call for Papers for VNSECON Security Conference 2007. Read more windowshelp.microsoft.com: Telnet: frequently asked questions. Read more www.ig.energy.gov: Internal Controls Over Computer Property at the Department’s Counterintelligence Directorate. Read more www.eweek.com: This eWeek. Read more www.securinfos.info: Attacking and Repairing the WinZip Encryption Scheme. Read more www.securinfos.info: Concepts for the Stealth Windows Rootkit. Read more www.facetime.com: Video: Botnet Live Presentation from this years RSA 2007. Watch media.medialink.com: Audio: Hackers Targeting Smart Phones and PDAs. Listen   Vulnerabilities & Exploits securitytracker.com: Norton Internet Security 'SPBBCDrv.sys' Driver Lets Local Users Deny Service and Potentially Gain Elevated Privileges. Read more securitytracker.com: Norton Personal Firewall 'SPBBCDrv.sys' Driver Lets Local Users Deny Service and Potentially Gain Elevated Privileges. Read more   Tools: vil.nai.com: McAfee Rootkit Detective Beta. Read more www.gfi.com: GFI LANguard Network Security Scanner (N.S.S.) 8. Read more   News www.microsoft.com: Microsoft Security Bulletin Advance Notification. Read more www.securityfocus.com: Microsoft readies emergency ANI patch. Read more news.xinhuanet.com: Why 3 months for MS to i