Home    News Archive    Translate Traducen
News June 2005
30 June 2005

Guides, Papers, etc
www.benedelman.org:
What Passes for "Consent" at 180solutions. Read more

www.gartner.com:
More Port 445 Activity Could Mean Security Trouble. Read more

www.microsoft.com:
Bring Spyware Out of the Shadows. Read more

lufgi4.informatik.rwth-aachen.de:
RWTH hosts international contest on IT-Security. Read more

www.niscc.gov.uk:
Current Advice. Mitigating the risk of Malicious Software. Read more

www.zone-h.org:
Zone-H comics - Network Conspiracy. Read more

www.astalavista.com:
Internet in China: Big Mama is Watching You. Read more

 

Vulnerabilities & Exploits
www.idefense.com:
Clam AntiVirus ClamAV MS-Expand File Handling DoS Vulnerability. Read more

www.cisco.com:
Cisco Security Advisory: RADIUS Authentication Bypass. Read more

securitytracker.com:
Microsoft Internet Explorer 'javaprxy.dll' COM Object Exception Handling Lets Remote Users Crash the Browser. Read more

securitytracker.com:
XML-RPC for PHP Lets Remote Users Execute Arbitrary PHP Code. Read more

securitytracker.com:
Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests. Read more

securitytracker.com:
Blue Coat ProxySG TCP Stack PAWS Timestamp Implementation Lets Remote Users Deny Service. Read more

securitytracker.com:
Pavsta Auto Site 'user_check.php' Include File Flaw Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
phpBB Flaw in 'viewtopic.php' Highlighting Code May Let Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Adobe Reader/Adobe Acrobat Updater May Let Local Users Gain Elevated Privileges. Read more

 

News
www.globetechnology.com:
Hacker cracks Google software. Read more

www.vnunet.com:
Co-operating with the internet police. Read more

www.securitypipeline.com:
Worm Claims Worm Writer Nabbed. Read more

www.vnunet.com:
Hackers unleash industrial spy Trojan. Read more

www.asahi.com/:
Government to restrict harmful Web sites. Read more

www.crn.com:
Computer Associates Discloses Weakness. Read more

www.infoworld.com:
CA restates results, identifies weak financial controls. Read more

www.infoworld.com:
As support fades, Microsoft offers Win2000 update. Read more

www.informationweek.com:
Survey Finds Up To 44 Million In U.S. May Be Victims Of ID Crime. Read more

www.techweb.com:
Microsoft Shrinks Updates. Read more

software.silicon.com:
Leader: Share your malware knowledge. Read more

ww.messagingpipeline.com:
FBI Probes Phishing of EBay in Norway. Read more

www.infoworld.com:
Trial for German Sasser writer begins next Tuesday. Read more

www.infoworld.com:
Yahoo intros 'social' search engine. Read more

www.infoworld.com:
Microsoft releases Windows XP Starter for Latin America. Read more

www.terra.net.lb:
Bill Gates warns Japanese, US children losing out in brain drain. Read more

www.iol.co.za:
MS unveils Gaelic support packs for WindowsXP. Read more

www.iol.co.za:
Court accepts music-downloading lawsuits. Read more

www.iol.co.za:
Data theft dents online sales. Read more

. 29 June 2005

Guides, Papers, etc
www.eweek.com:
Return of the Anti-Zombies. Read more

www.securityfocus.com:
Open-source projects get free checkup by automated tools. Read more

 

Tools:
www.microsoft.com:
Microsoft Shared Computer Toolkit for Windows XP (Beta). Read more

 

Vulnerabilities & Exploits
securitytracker.com
Adobe Reader/Acrobat Lets Remote Users Execute Arbitrary Applications. Read more

securitytracker.com
Sun Solaris 'ld.so' LD_AUDIT Validation Error Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com
Community Server Input Validation Hole in Search Permits Cross-Site Scripting Attacks. Read more

securitytracker.com
Crazy Browser Lets Remote Users Spoof Javascript Dialog Boxes. Read more

securitytracker.com
AMBrowser Lets Remote Users Spoof Javascript Dialog Boxes. Read more

securitytracker.com
GOSURF Lets Remote Users Spoof Javascript Dialog Boxes. Read more

securitytracker.com
NotJustBrowsing Lets Remote Users Spoof Javascript Dialog Boxes. Read more

securitytracker.com
Acoo Browser Lets Remote Users Spoof Javascript Dialog Boxes. Read more

securitytracker.com
ASP Nuke Input Validation Holes Permit SQL Injection, HTTP Response Splitting, and Cross-Site Scripting Attacks. Read more

securitytracker.com
ASPPlayground.NET Lets Remote Users Upload Arbitrary Files. Read more

securitytracker.com
Mensajeitor Input Validation Error in 'ip' Parameter Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com
PHP-Nuke Input Validation Hole in Offsite Avatar Image Parameter Permits Cross-Site Scripting Attacks. Read more

securitytracker.com
JCDex Lite Include File Bug Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com
Linux Kernel ptrace() Function Lets Local Users Modify Kernel Memory. Read more

securitytracker.com
Linux Kernel AMD64 Unspecified Flaw Lets Local Users Deny Service. Read more

securitytracker.com
Linux Kernel AMD64 syscall() Validation Flaw Lets Local Users Deny Service. Read more

securitytracker.com
Linux Kernel AMD64 ptrace() Non-canonical Address Error Lets Local Users Deny Service. Read more

securitytracker.com
IA eMailServer IMAP LIST Command Validation Flaw Lets Remote Users Deny Service. Read more

securitytracker.com
Mozilla Firefox Error in Processing Empty Javascript Functions Lets Remote Users Deny Service. Read more

 

News
www.globetechnology.com:
UConn finds hacking program on server. Read more

www.eweek.com:
UConn Finds Rootkit in Hacked Server. Read more

software.silicon.com:
Virus warning: Bite the Bagle and become a zombie. Read more

www.vnunet.com:
Pope worm turns nasty. Read more

www.theregister.co.uk:
NASA hacker jailed. Read more

news.bbc.co.uk:
Phishing pair jailed for ID fraud. Read more

www.theregister.co.uk:
Ł6.5m phishing duo jailed. Read more

www.pocket-lint.co.uk:
Email Virus pretends to be Breaking News. Read more

www.thestreet.com:
McAfee Hacks Into Success. Read more

www.capetimes.co.za:
'Super-virus could harness network's power'. Read more

techdirt.com:
Massive UK Child Porn Bust Based On Wrong Info From US Officials. Read more

news.bbc.co.uk:
100 million go online in China. Read more

news.bbc.co.uk:
Software piracy 'seen as normal'. Read more

. 28 June 2005

Guides, Papers, etc
www.microsoft.com:
Study Shows Windows Beats Linux on Security. Read more

www.securityfocus.com:
Where's the threat? Read more

nwc.networkingpipeline.com:
When Good Security Goes Bad. Read more

www.astalavista.com:
Attacking DDoS at the Source. Read more

Browser Identification for web applications by Shreeraj Shah. Read more

 

Tools:
NERO utilizes state-of-the-art academic artificial intelligence research in order to demonstrate its effectiveness in a game environment.
The game uses AI to allow simulated robotic agents to cope with changing environments and situations, and form adaptive tactical solutions.
The end result is a game that adapts itself to the strategies desired by the player, while still allowing the AI-controlled entities to operate as autonomous agents.
NERO introduces a new genre of video game that is only possible with machine learning technology:
The player takes the role of trainer and teaches a team of novice soldiers the skills for battle.
When sufficient skills have been acquired, players can take their teams to battle mode where their skills are tested against teams trained by other players. Read more

www.onlamp.com:
Knoppix 4.0 DVD - Like a Kid in a Candy Store. Read more

 

Vulnerabilities & Exploits
www.secnap.com:
Vulnerability in DELL Windows XP Professional - default hidden Administrator account allows local Administrator access. Read more

securitytracker.com:
Sukru Alatas's Guestbook Discloses Database to Remote Users. Read more

securitytracker.com:
CSV_DB Input Validation Hole Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Optimal Desktop Lets Remote Users Spoof Javascript Dialog Boxes. Read more

securitytracker.com:
Wichio Lets Remote Users Spoof Javascript Dialog Boxes. Read more

securitytracker.com:
Fast Browser Pro Lets Remote Users Spoof Javascript Dialog Boxes. Read more

securitytracker.com:
MyInternet Browser Lets Remote Users Spoof Javascript Dialog Boxes. Read more

www.securiteam.com:
ASPNuke SQL Injection Vulnerability (Exploit). Read more

www.securiteam.com:
Stream/raped DoS. Read more

www.securiteam.com:
TCP-IP Datalook DoS Vulnerability (Exploit). Read more

www.securiteam.com:
Cacti Remote Code Execution Vulnerability (Exploit). Read more

www.securiteam.com:
Veritas Backup Exec Agent Buffer Overflow (Exploit, CONNECT_CLIENT_AUTH). Read more

www.securiteam.com:
Microsoft Outlook Express NNTP Buffer Overflow (Exploit, MS05-030). Read more

www.securiteam.com:
Windows SMB Client Transaction Response Handling (Exploit, MS05-011). Read more

 

News
today.reuters.com:
Microsoft strengthens ties with Japan universities. Read more

www.tinysoftware.com:
CA Acquires Tiny Software. Read more

go.reuters.com:
Computer Assoc. considering name change for fresh start. Read more

www.computerworld.com:
Targeted attacks pose new security challenge. Read more

www.computerworld.com:
Supreme Court: File-trading networks can be held liable. Read more

www.theregister.co.uk:
Indian call centre security breach: man admits guilt. Read more

news.zdnet.com:
Adware maker tries image makeover. Read more

. 27 June 2005

Guides, Papers, etc
www.nthworld.org:
On the Virulence of Malware. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
TCP-IP Datalook Lets Local Users Deny Servic. Read more

www.milw0rm.com:
ASPNuke 0.80 and below (article.asp) SQL Injection Exploit. Read more

www.cyber-army.org:
Guestbook v3 Password Database Vulnerability. Read more

www.cyber-army.org:
PHP-Nuke Avatar HTML Injection. Read more

www.neowin.net:
Fresh Javascript Browser Exploit. Read more

 

News
software.silicon.com:
Hackers spread Microsoft attack flaw exploit. Read more

www.vnunet.com:
Security holes haunt Real Player. Read more

www.informationweek.com:
The Going Gets Hot. Read more

software.silicon.com:
Microsoft: No plans to patch IE spoof. Read more

nwc.securitypipeline.com:
The Two Sides Of Network-Security Devices. Read more

nwc.securitypipeline.com:
Symantec: Exploit Out For Outlook Express Vulnerability. Read more

www.infoworld.com:
Hotmail takes a tougher stance on spam. Read more

www.bizjournals.com:
Grand Bank taps technology to fight check fraud. Read more

www.informationweek.com:
University Of Connecticut Discovers Server Breach. Read more

news.com.com:
Sex sites win reprieve from new federal rules. Read more

. 26 June 2005

Guides, Papers, etc
www.dozleng.com:
Does your antispyware's real-time protection work? Read more

www.eweek.com:
Wireless Access: The Next Great Municipal Crisis. Read more

www.informationweek.com:
How To Ensure Remote-Control Security With XP. Read more

Active Honeypots. read more

 

Vulnerabilities & Exploits
www.frsirt.com:
Microsoft Server Message Block (SMB) Remote Exploit (MS05-011). Read more

 

News
www.cyber-army.org:
Indian cracks Microsoft's anti-piracy program Read more

informationweek.com:
Hacker Boot Camp Helps Good Guys Outsmart Internet Troublemakers. Read more

www.computerweekly.com:
Banks urged to check up on offshore security. Read more

www.eweek.com:
Drive-By Download Sites Chauffeur Spyware. Read more

www.islandpacket.com:
UConn finds hacking program in server. Read more

www.ftc.gov:
FTC Halts Operation’s Bogus “Anti-Spyware” Claims, Freezes Assets. Read more

www.eweek.com:
Spyware Danger Meets Rootkit Stealth. Read more

www.islandpacket.com:
Little agreement on spyware guidelines. Read more

www.eweek.com:
Symantec Begins Cutting Ties to 'Researchware'. Read more

www.eweek.com:
The Many Faces of Spyware. Read more

informationweek.com:
Microsoft Again Updates AntiSpyware Beta. Read more

informationweek.com:
Phishing Costs Nearly $1 Billion. Read more

www.islandpacket.com:
Library internet access better than ever. Read more

. 25 June 2005

Guides, Papers, etc
blogs.msdn.com:
Why you shouldn't run as admin...Read more

www.eweek.com:
'Least Privilege' Can Be the Best. Read more

www.eweek.com:
Users Overlook XP's Non-Admin Security. Read more

www.insecuremagazine.com:
IN)SECURE Magazine is a freely available digital security magazine. Isssue 2. Read more

Automated Worm Fingerprinting. Read more

 

Vulnerabilities & Exploits
secunia.com:
Multiple Browsers Dialog Origin Vulnerability Test. Read more

securitytracker.com:
Omni Lets Remote Users Spoof Javascript Dialog Boxes. Read more

securitytracker.com:
UBBThreads Multiple Input Validation Holes Permit Cross-Site Scripting, SQL Injection, and HTTP Response Splitting Attacks. Read more

securitytracker.com:
clamav-milter Lets Remote Users Deny Service. Read more

securitytracker.com:
RealPlayer Enterprise MP3, RAM, RealText and AVI Processing Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
SGI IRIX arrayd Authentication Flaw May Grant Remote Users Root Access. Read more

securitytracker.com:
Affinity Path Input Validation Error in 'support_page.cgi' Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Linux Kernel IA64 Architecture restore_sigcontext() Access Control Bug May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Linux Kernel Subthread Exec Signal Processing Bug Lets Local Users Deny Service. Read more

 

News
news.com.com:
An army of soulless 1s and 0s. Read more

www.cio-today.com:
Microsoft Raises Limits on Intellectual-Property Protection. Read more

www.reuters.com:
Man who hacked US gov't computers gets prison term. Read more

seattletimes.nwsource.com:
Updated Windows fixed "DSO exploit". Read more

news.zdnet.com:
Hackers probe Outlook Express flaw. Read more

software.silicon.com:
Worm outbreak feared after port scanning spike. Read more

news.com.com:
EarthLink puts up more spyware, phishing shields. Read more

www.vnunet.com:
Top websites shun Firefox users. Read more

www.vnunet.com:
Nuclear secrets go global on the web. Read more

www.techworld.com:
Microsoft forces Sender ID on Hotmail users. Read more

news.com.com:
States fiddle while defrauders steal. Read more

www.siliconvalley.com:
Iran tightens Net control, researchers say. Read more

www.servihoo.com:
US firm says Iran 'illegally' uses Internet filter software. Read more

hosted.ap.org:
Major Advertisers Caught in Spyware Net. Read more

hosted.ap.org:
Future Windows Will Include RSS Support. Read more

. 24 June 2005

Guides, Papers, etc
www.eweek.com:
Wireless Access: The Next Great Municipal Crisis. Read more

www.cs.rpi.edu:
A Reputation-based System for the Quarantine of Widespread Malicious Behavior. Read more

www.ifpi.org:
THE RECORDING INDUSTRY 2005 COMMERCIAL PIRACY REPORT. Read more

systm.org:
Building a War Spying Box. Read more

 

Vulnerabilities & Exploits
www.eeye.com:
RealPlayer vidplin.dll AVI Processing Heap Overflow. Read more

securitytracker.com:
Veritas Backup Exec Bugs Let Remote Users Execute Arbitrary Code, Crash the System, and Modify the Registry. Read more

securitytracker.com:
Whois.Cart Input Validation Holes Disclose Files to Remote Users and Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
Ipswitch WhatsUp Professional Input Validation Hole in 'login.asp' Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Advanced Browser Lets Remote Users Spoof Javascript Dialog Boxes. Read more

securitytracker.com:
Asterisk Buffer Overflow in Manager Interface Lets Remote Authenticated Users Execute Arbitrary Code. Read more

www.securiteam.com:
phpBB Multiple User Registeration DoS (Exploit). Read more

www.securiteam.com:
MercuryBoard SQL Injection (User-Agent). Read more

www.securiteam.com:
Simple Machine Forum SQL Injection (modify). Read more

www.securiteam.com:
FRB Remote Command Execution (Exploit). Read more

www.psphacker.com:
KXploit Released! (NO MORE SWAPPING!). Read more

 

News
www.theregister.co.uk:
Microsoft rolls out SP1 blocker for shy Windows 2003 servers. Read more

news.zdnet.com:
IE pop-up spoof won't get patch. Read more

www.pcworld.idg.com.au:
Browser alternatives are no security guarantee. Read more

news.bbc.co.uk:
Websites alienate Firefox users. Read more

www.zdnet.com.au:
Mass worm attack could be imminent. Read more

www.terra.net.lb:
Data breaches dent consumer confidence in Internet. Read more

www.theregister.co.uk:
World is safe from mobile viruses for a few more years. Read more

news.zdnet.co.uk:
Internet marketeer faces spam charges. Read more

www.vnunet.com:
Phishing threatens online confidence. Read more

www.vnunet.com:
Police need e-crime skills. Read more

. 23 June 2005

Guides, Papers, etc
www.microsoft.com:
The Security Monitoring and Attack Detection Planning Guide. Read more

www.microsoft.com:
The Administrator Accounts Security Planning Guide. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
HP Version Control Repository Manager May Disclose Proxy Password to Local Users. Read more

securitytracker.com:
Slim Browser Lets Remote Users Spoof Javascript Dialog Boxes. Read more

securitytracker.com:
NetCaptor Lets Remote Users Spoof Javascript Dialog Boxes. Read more

securitytracker.com:
Avant Browser Lets Remote Users Spoof Javascript Dialog Boxes. Read more

securitytracker.com:
MercuryBoard Input Validation Hole in HTTP User-Agent Permits SQL Injection. Read more

securitytracker.com:
i-Gallery Input Validation Hole in 'folderview.asp' Discloses Files to Remote Users and Permits Cross-Site Scripting Attacks. Read more

www.securiteam.com:
PeerCast Remote Format String (Exploit). Read more

 

News
www.securityfocus.com:
Targeted Trojan-horse attacks hitting U.S., worldwide. Read more

www.theregister.co.uk:
Internal security attacks affecting banks. Read more

www.vnunet.com:
Internal hackers pose the greatest threat. Read more

news.com.com:
Details emerge on credit card breach. Read more

www.theregister.co.uk:
Firefox users turned away from 10% of top UK sites. Read more

www.terra.net.lb:
Hacker plays havoc with Nicolas Cage's e-mail address. Read more

www.terra.net.lb:
Spain arrests web code-cracker "P. Power". Read more

www.terra.net.lb:
US firm says Iran 'illegally' uses Internet filter software. Read more

www.theregister.co.uk:
MS axes Unix anti-virus sales after bagging Sybari. Read more

www.computerworld.com.au:
Yankee Group warns of security software vulnerabilities. Read more

crn.com:
Linux Called 'Garbage' By Open-Source Rival. Read more

news.zdnet.co.uk:
Pop-up phishing flaw found in major browsers. Read more

www.theregister.co.uk:
Compensation for pyramid scheme victims. Read more

news.zdnet.co.uk:
Experts warn on opportunistic malware avalanche. Read more

. 22 June 2005

Guides, Papers, etc
www.secinf.net:
Instant Messenger Security: Securing Against the Threat of Instant Messengers. Read more

books.slashdot.org:
The Art of Computer Virus Research and Defense. Read more

 

Vulnerabilities & Exploits
wordpress path disclosure by rgod. Read more

securitytracker.com:
Microsoft Internet Explorer Lets Remote Users Spoof Javascript Dialog Boxes. Read more

securitytracker.com:
Opera Lets Remote Users Spoof Javascript Dialog Boxes. Read more

securitytracker.com:
Apple Safari Lets Remote Users Spoof Javascript Dialog Boxes. Read more

securitytracker.com:
iCab Lets Remote Users Spoof Javascript Dialog Boxes. Read more

securitytracker.com:
Mozilla Camino Lets Remote Users Spoof Javascript Dialog Boxes. Read more

securitytracker.com:
Mozilla Firefox Lets Remote Users Spoof Javascript Dialog Boxes. Read more

securitytracker.com:
Mozilla Browser Lets Remote Users Spoof Javascript Dialog Boxes. Read more

securitytracker.com:
Ruby XMLRPC Security Control Flaw May Let Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Cacti Input Validation Holes Let Remote Users Inject SQL Commands and Execute Arbitrary Commands. Read more

securitytracker.com:
Novell NetMail for Linux Access Permissions May Let Local Users Modify the Binaries. Read more

securitytracker.com:
Enterasys Vertical Horizon Common Default Password Grants Access to Remote Users. Read more

securitytracker.com:
paFAQ Flaws Let Remote Users Download the Database, Inject SQL Commands, Conduct Cross-Site Scripting Attacks, and Execute Arbitrary Code. Read more

securitytracker.com:
Novell GroupWise Client Discloses Password to Local Users. Read more

 

News
news.zdnet.co.uk:
Hacking scandal blamed on broken rules. Read more

www.computerweekly.com:
Patch and patch again to beat new wave of Trojans, says government. Read more

www.theregister.co.uk:
Unauthorised research opened door to MasterCard breach. Read more

www.detnews.com:
Theft from card processor indicates hackers' increasing power. Read more

www.smh.com.au:
NAB first to be aware of fraud: Costello. Read more

australianit.news.com.au:
Hackers thinking small. Read more

www.vnunet.com:
Adobe falls through XML flaw. Read more

www.theregister.co.uk:
Microsoft sues German spammer. Read more

www.theinquirer.net:
Mobile worms are sluggish to arrive. Read more

www.vnunet.com:
Users pose greatest security risk. Read more

www.star-techcentral.com:
Slamming door on porn opens others. Read more

techdirt.com:
It's Not Censorship As Long As We Don't Call It Censorship. Read more

www.theregister.co.uk:
Scientists see women's brains switch off during sex. Read more

news.zdnet.co.uk:
Chess grandmaster to battle supercomputer. Read more

. 21 June 2005

Guides, Papers, etc
program.whatthehack.org:
What The Hack is an outdoor hacker conference/event taking place on a large event-campground in the south of The Netherlands from 28 until 31 July 2005. Read more

www.pcworld.com:
Slaying Spam-Spewing Zombie PCs. Read more

www.uniras.gov.uk:
Targeted Trojan Email Attacks. Read more

www.astalavista.com:
Internet Worm and Virus Protection in Dynamically Reconfigurable Hardware. Read more

 

Tools:
www.nta-monitor.com:
Fingerprinting Tool Identifiies VPN Servers. Read more

 

Vulnerabilities & Exploits
www.exploitx.com:
Google Exploit Queries Thread. Read more

securitytracker.com
Cisco VPN 3000 Lets Remote Users Determine Valid Groupnames. Read more

securitytracker.com
Ublog Reload Input Validation Holes in 'index.asp' Permit SQL Injection and in 'trackback.asp' Permit Cross-Site Scripting Attacks. Read more

securitytracker.com
Heimdal telnetd Buffer Overflow in getterminaltype() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Trac Input Validation Hole Lets Remote Users Upload Arbitrary Files. Read more

securitytracker.com
Fortibus CMS Input Validation Flaws Let Remote Users Injection SQL Commands. Read more

securitytracker.com
Sudo Race Condition in Processing Command Pathnames Lets Local Users Execute Arbitrary Commands. Read more

securitytracker.com
Contelligent Preview Mechanism Lets Remote Authenticated Users Gain Elevated Privileges. Read more

securitytracker.com
Opera XMLHttpRequest Access Controls Can By Bypassed By Remote Users. Read more

securitytracker.com
Opera 'javascript:' URL Access Control Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks and Access Files on a Target User's System. Read more

securitytracker.com
RealVNC Null Sessions Disclose System Information to Remote Users. Read more

www.securiteam.com:
Claroline E-Learning Application Remote SQL Injection (Exploit 2). Read more

 

News
www.theregister.co.uk:
MasterCard hack spawns phishing attack. Read more

www.zdnet.com.au:
Credit card scam highlights need for security: Coonan. Read more

www.techworld.com:
Security software a bigger risk than products it protects. Read more

www.informationweek.com:
Hackers Finding Flaws In Security Software. Read more

www.vnunet.com:
Foreign spooks target UK techies. Read more

www.thepost.ie:
O2 warns Bluetooth users over virus risk. Read more

www.vnunet.com:
Smart software creates 'thinking' computers. Read more

. 20 June 2005

Guides, Papers, etc
www.eweek.com:
Botnet Hunters Search for 'Command and Control' Servers. Read more

www.exploitx.com:
Page Hijack: The 302 Exploit, Redirects and Google. Read more

 

Vulnerabilities & Exploits
www.securiteam.com:
Claroline E-Learning Application Remote SQL Injection. Read more

www.exploitx.com:
Page Hijack: The 302 Exploit, Redirects and Google. Read more

 

News
www.theregister.co.uk:
MasterCard fingers partner in 40m card security breach. Read more

www.computerworld.com.au:
Microsoft: Online security needs global cooperation. Read more

www.informationweek.com:
Big, Bad Threats. RSS and Firefox will be next victims of adware deluge, Webroot's threat-research director says. Read more

ww.computerworld.com.au:
Trojan e-mails suggest trend toward targeted attacks. Read more

www.hardwarezone.com:
Hackers Run Unauthorized Programs on PSP. Read more

www.vnunet.com:
Viruses don cunning disguises. Read more

. 19 June 2005

Vulnerabilities & Exploits
securitytracker.com:
Sun ONE Messaging Server Lets Remote Users Execute Arbitrary Code on a Target Webmail User's System. Read more

securitytracker.com:
JBoss Input Validation Hole May Disclose Installation Path and Configuration File to Remote Users. Read more

securitytracker.com:
Yaws Web Server Discloses Script Source Code to Remote Users. Read more

 

News
www.newsfactor.com:
Fresh Warning over Rise in Mobile Viruses. Read more

www.technewsworld.com:
British Security Officials Warn of Targeted Cyber-Attacks. Read more

www.wftv.com:
Investigation Shows Big Business Funding Sex Chat Rooms. Read more

news.bbc.co.uk:
How Skype and Kazaa changed the net. Read more

. 18 June 2005

Guides, Papers, etc
www.sharp-ideas.net:
Pod slurping. Security Risks of iPods. Read more

www.spectrum.ieee.org:
How to Hook Worms. Read more

www.infosecwriters.com:
Stealing passwords via browser refresh. Read more

An Evening with Berferd In Which a Cracker is Lured, Endured, and Studied by Bill Cheswick. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Midnight Commander Buffer Overflow in insert_text() May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Mambo 'com_contents' Input Validation Hole in 'user_rating' Parameter Permits SQL Injection. Read more

securitytracker.com:
CoolCafe 'login.asp' Input Validation Hole Permits SQL Injection. Read more

securitytracker.com:
Ultimate PHP Board Input Validatioh Holes in Multiple Scripts Allow Cross-Site Scripting Attacks. Read more

securitytracker.com:
SpamAssassin Bug in Processing Long Message Headers Lets Remote Users Deny Service. Read more

 

News
www.securityfocus.com:
MasterCard warns of massive credit-card breach. Read more

www.chron.com:
Millions of credit cards at risk of fraud. Read more

www.washingtonpost.com:
Security Breach Could Expose 40M to Fraud. Read more

www.theregister.co.uk:
UK trojan siege has been running over a year. Read more

cyber.law.harvard.edu:
Screenshots of Censorship in China. Read more

news.zdnet.com:
Microsoft asks for help from hackers. Read more

www.theregister.co.uk:
Adware makers exploit BitTorrent. Read more

news.zdnet.com:
Netscape sends out another patch. Read more

www.computerworld.com:
GAO says U.S. agencies unprepared to fight cyberthreats. Read more

www.emarketer.com:
The High Cost of Security. Read more

17 June 2005

Guides, Papers, etc
www.eweek.com:
Are Biometrics the Answer to the Password Problem? Read more

Computer Viruses: The Threat Today and The Expected Future by Xin Li, 2003-09-29. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Sun Solaris lpadmin Lets Local Users Overwrite Arbitrary Files. Read more

securitytracker.com:
SquirrelMail Input Validation Holes in Multiple Scripts Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
ATutor Input Validation Bugs in Several Scripts Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
mcGallery Input Validation Holes Let Remote Users View Files and Determine the Installation Path. Read more

securitytracker.com:
socialMPN Input Validation Holes Permit SQL Injection Attacks. Read more

securitytracker.com:
Adobe Acrobat XML External Entity Error Lets Remote Users Determine File Existence. Read more

securitytracker.com:
Perl File::Path.pm rmtree() Race Condition May Let Local Users Create Privileged Binaries. Read more

securitytracker.com:
OpenBSD IPSec getsockopt() Bug Lets Local Users Deny Service. Read more

 

News
news.zdnet.com:
Your ISP as Net watchdog. Read more

news.com.com:
Microsoft meets the hackers. Read more

www.securityfocus.com:
Phishers look to net small fry. Read more

www.msnbc.msn.com/:
British government hit by e-mail attack. Read more

www.theregister.co.uk:
UK under cyber blitz. Read more

news.com.com:
Asian Trojans attacking U.K., agency warns. Read more

www.detnews.com:
British agency warns of Asian e-mail hacker attacks on vital networks. Read more

www.globetechnology.com:
Hackers hit Canadian credit bureau. Read more

www.theregister.com:
Enter Avalanche: P2P filesharing from Microsoft. Read more

news.zdnet.com:
Spyware and adware hide in BitTorrent downloads. Read more

www.antisource.com:
Private Message From Ebay Accounts Management !!! Read more

www.haaretz.com:
Yokne'am attorney indicted for hacking into computer, reading e-mails of former lover. Read more

www.vnunet.com:
Memory sticks threaten security defences. Read more

news.mywebpal.com:
Lawyers in Walker County child porn case hope to redefine law. Read more

16 June 2005

Guides, Papers, etc
www.astalavista.com:
Design, Implementation and Test of an Email Virus Throttle. Read more

www.bleedingsnort.com:
Malware Prevention through black-hole DNS. Read more

www.irongeek.com:
The Basics of Arpspoofing/Arppoisoning. Read more

www.irongeek.com:
Fun with Ettercap Filters. Read more

 

Tools:
www.networksecuritytoolkit.org:
Network Security Toolkit (NST). Read more

 

Vulnerabilities & Exploits
www.eeye.com:
eEye Digital Security Announces Discovery of New Security Flaw in Microsoft Windows. Read more

securitytracker.com:
paFileDB Multiple Bugs Permit SQL Injection and Cross-Site Scripting Attacks and Let Remote Users View or Execute Local Files. Read more

www.securiteam.com:
ViRobot Remote Code Inclusion (Exploit). Read more

www.idefense.com:
Microsoft Outlook Express NNTP Response Parsing Buffer Overflow Vulnerability. Read more

 

News
news.bbc.co.uk:
Asian hackers 'target UK firms'. Read more

software.silicon.com:
Worm takes AIM at your buddies. Read more

news.com.com:
New worm hits AIM network. Read more

news.com.com:
Zombie army camped out on AOL, report says. Read more

www.vnunet.com:
AOL branded most infected network. Read more

www.scmagazine.com:
Big ISP = Big zombie army. Read more

www.adbumb.com:
Microsoft: Soft On Censorship. Read more

www.infoworld.com:
Adware company Intermix settles lawsuit with Spitzer. Read more

www.techworld.com:
Put tight authentication on your WLAN. Read more

www.vnunet.com:
Online banking will lose edge if security fails. Read more

www.theregister.co.uk:
Users remain married to Windows 2000. Read more

www.620ktar.com:
Hackers Run Unauthorized Programs on PSP. Read more

www.windowsecurity.com:
Hiring Hackers As Security Consultants. Read more

news.bbc.co.uk:
The 'spider's web' of hacking. Read more

www.reuters.com:
New Yahoo service searches subscription sites. Read more

news.com.com:
Web shopping thrives amid phishing fears. Read more

Guides, Papers, etc
www.astalavista.com:
Warez Trading and Criminal Copyright Infringement.
Read more

 

Vulnerabilities & Exploits
xforce.iss.net:
Multiple Microsoft Vulnerabilities - June 2005. Read more

www.securityfocus.com:
Anti-Virus Malformed ZIP Archives flaws [UPDATE]. Read more

securitytracker.com:
Telnet Client NEW-ENVIRON Command Discloses Information to Remote Users. Read more

securitytracker.com:
Microsoft Internet Explorer Buffer Overflow in Rendering PNG Images Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Outlook Express Buffer Overflow in NNTP Response Parser Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Outlook Web Access Input Validation Hole in IMG Tags Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Microsoft Windows Buffer Overflow in Processing Server Message Block Packets Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Agent Lets Remote Users Spoof Security Dialog Box Contents. Read more

securitytracker.com:
Microsoft Windows Buffer Overflow in Web Client Service Lets Remote Authenticated Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft HTML Help Input Validation Flaw Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Step-by-Step Interactive Training Bookmark Link File Validation Flaw Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Internet Security and Acceleration Server Bugs Let Remote Users Poison the Cache and Establish NetBIOS Connections. Read more

securitytracker.com:
Java Runtime Environment Internal Classes Lets Remote Users Access and Execute Files on the Target User's System. Read more

securitytracker.com:
Java Web Start java-vm-args Lets Remote Users Access and Execute Files on the Target User's System. Read more

securitytracker.com:
MikMod Buffer Overflow in 'marchive.c' May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Annuaire 1Two Input Validation Holes Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
Singapore Discloses Path to Remote Users and Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
FusionBB Input Validation Holes Let Remote Users Inject SQL Commands, View Files, and Execute Files. Read more

 

News
Microsoft Security Bulletin MS05-026
Vulnerability in HTML Help Could Allow Remote Code Execution (896358). Read more

Microsoft Security Bulletin MS02-035
SQL Server Installation Process May Leave Passwords on System (Q263968)Read more

Microsoft Security Bulletin MS05-004
ASP.NET Path Validation Vulnerability (887219) Read more

Microsoft Security Bulletin MS05-019
Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066). Read more

www.newscientist.com:
Hashing exploit threatens digital security. Read more

www.cio-today.com:
MSN China Criticized over Censorship. Read more

news.zdnet.com:
Java flaws open door to hackers. Read more

www.eweek.com:
Adware-for-Hire Vector Underscores IE Holes. Read more

www.newsfactor.com:
Experts: Security Demands Multiple Strategies. Read more

news.zdnet.com:
Browser-based attacks increase as viruses decrease. Read more

www.theregister.co.uk:
VXers love Britney Spears - official. Read more

www.techweb.com:
Celebrities Spread (Computer) Diseases. Read more

www.techweb.com:
Report Finds Most 'Canadian' Drug Sites Are Frauds. Read more

www.techweb.com:
Windows 2000 Still Dominates Enterprises. Read more

news.zdnet.com:
Feds vulnerable to lots of Net threats. Read more

Guides, Papers, etc
www.securityfocus.com:
Software Firewalls: Made of Straw?
Read more

www.schneier.com:
Attack Trends: 2004 and 2005. Read more

Towards a Third Generation Data Capture Architecture for Honeynets by Edward Balas and Camilo Viecco. Read more

 

Tools:
www.securiteam.com:
Anonycat - Anonymous Surfing. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Sysreport May Disclose the up2date Proxy Password Via the System Report. Read more

securitytracker.com:
gedit Format String Flaw May Let Remote Users Cause Arbitrary Code to Be Executed. Read more

securitytracker.com:
Symantec pcAnywhere 'Launch With Windows' Properties Let Local Users Gain Elevated Privileges. Read more

www.cirt.dk:
Novell eDirectory 8.7.3 DOS Device name Denial of Service. Read more

www.cirt.dk:
Novell iManager 2.0.2 ASN.1 Parsing vulnerability in Apache module. Read more

 

News
www.securityfocus.com:
Stealthy Trojan horses, modular bot software dodging defenses. Read more

software.silicon.com:
Microsoft gets smart about online security. Read more

www.computerworld.com.au:
Invisible encryption. Read more

www.vnunet.com:
Latest trojan cashes in on mobile malware hype. Read more

www.infoworld.com:
Britney Spears ranked top virus celebrity. Read more

news.com.com:
IE7 being developed to resist spyware. Read more

www.vnunet.com:
Consumers clueless about IT security. Read more

13 June 2005

Guides, Papers, etc
www.isaserver.org:
Understanding the Web Proxy and Firewall Client Automatic Configuration. Read more

www.windowsecurity.com:
Code Signing: Is it a Security Feature? Read more

www.computerworld.com:
The Security Risks of Desktop Searches. Read more

www.computerworld.com:
What to ask when evaluating intrusion-prevention systems. Read more

www.computerworld.com:
Preserving Digital Evidence to Bring Hackers and Attackers to Justice. Read more

www.opennetinitiative.net:
Internet Filtering in China in 2004-2005: A Country Study. Read more

www.opennetinitiative.net:
Google Search & Cache Filtering Behind China's Great Firewall. Read more

www.opennetinitiative.net:
Probing Chinese search engine filtering. Read more

Forensic examination of log files by Joan Petur Petersen. Read more

 

Tools:
www.neowin.net:
Kaspersky Anti-Virus 2006 (Beta) 6.0.12.167. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
JamMail Input Validation Hole in 'mail' Parameter Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Microsoft Internet Explorer Lets Remote Users Obfuscate Scripting Code. Read more

securitytracker.com:
WebHints Input Validation Bug Lets Remote Users Execute Arbitrary Commands. Read more

www.securiteam.com:
GNU Mailutils Remote Format String Exploit (IMAP4d). Read more

www.securiteam.com:
WebHints Remote Command Execution (Exploit, hints.pl). Read more

 

News
www.newscientist.com:
Computer viruses become hacker informants. Read more

www.zdnet.com.au:
Spying worms likely to proliferate. Read more

www.asahi.com:
Creator of `Yafoo!' site becomes first suspect in phishing scam. Read more

news.bbc.co.uk:
Virus flood threatens home users. Read more

www.zdnet.com.au:
Anti gypsy-music virus welcomed by victims. Read more

www.chron.com:
UT hacker faces up to 6 years in prison. Read more

australianit.news.com.au:
Brit hacker looked for X-Files. Read more

www.smh.com.au:
Hong Kong plans to enact anti-spam law. Read more

www.bizjournals.com:
Secret rhythms: Firm finds security in keystrokes. Read more

informationweek.com:
Firefox Entering The Mainstream. Read more

12 June 2005

Guides, Papers, etc
cc.uoregon.edu:
Web Browser Hijacking: What Is It and How Can You Protect Yourself? Read more

Checking Microsoft Windows® Systems for Signs of Compromise. Read more

 

News
news.moneycentral.msn.com:
Microsoft bans 'democracy' for China web users. Read more

news.bbc.co.uk:
A little less censorship? Read more

news.bbc.co.uk:
Microsoft warns on security fixes. Read more

www.msnbc.msn.com:
‘Nigerian scams’ keep evolving. Read more

www.informationweek.com:
Research Shows Bluetooth Can Be Hacked In Milliseconds. Read more

catless.ncl.ac.uk:
Search engines making sensitive information easy to locate. Read more

www.sfgate.com:
Internet founders to be honored with computing's 'Nobel'. Read more

news.bbc.co.uk:
Chinese gamer sentenced to life. Read more

arstechnica.com:
Microsoft reveals its "Blackberry killer". Read more

www.informationweek.com:
From Russia With Malware. Read more

news.bbc.co.uk:
Rise in public sector PC misuse. Read more

www.informationweek.com:
Making Secure Sockets Layer More Secure. Read more

news.bbc.co.uk:
Military 'hacker' freed on bail. Read more

www.informationweek.com:
Tech Vs. Terrorism. Read more

www.informationweek.com:
Tools Help Keep Bugs Out From The Beginning. Read more

www.informationweek.com:
Even Taxi Cabs Are Worried About Consumer Data Security. Read more

11 June 2005

Guides, Papers, etc
www.eweek.com:
Microsoft's Security Response Center: How Little Patches Are Made. Read more

www.eweek.com:
What Else Do Google Ads Finance? By Larry Seltzer Read more

Black Hat USA 2005 Briefings and Training
Caesars Palace, Las Vegas • July 23-28, 2005. Read more

www.astalavista.com:
Who Owns Your Network? A Discussion of Bot Networks. Read more

www.eweek.com:
Seagate Introduces Hardware-Encrypted Notebook Hard Drive. Read more

Concepts for the Stealth Windows Rootkit (The Chameleon Project) Joanna Rutkowska. Read more

 

Tools:
enterprisesecurity.symantec.com:
The Symantec Worm Simulator visually demonstrates how worms spread through the Internet, and how they fare against a custom network and security policy. Read more

modGREPER is a hidden module detector for Windows 2000/XP/2003.
It searches through whole kernel memory (0x80000000 – 0xffffffff) in order to find structures which looks like a valid module description objects.

 

Vulnerabilities & Exploits
securitytracker.com:
xMySQLadmin Lets Local Users Delete Files. Read more

securitytracker.com:
Gaim Flaws in Processing Yahoo! and MSN Packets Let Remote Users Deny Service. Read more

securitytracker.com:
Adobe Photoshop License Management Service Flaw Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Adobe Premiere Pro License Management Service Flaw Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Adobe Creative Suite License Management Service Flaw Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Macromedia FreeHand eLicensing Function Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Macromedia Captivate eLicensing Function Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Macromedia Contribute eLicensing Function Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Macromedia Director eLicensing Function Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Macromedia Studio eLicensing Function Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Macromedia Dreamweaver eLicensing Function Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Macromedia Fireworks eLicensing Function Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Macromedia Flash eLicensing Function Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Macromedia Contribute eLicensing Function Lets Local Users Gain Elevated Privileges. Read more

 

News
www.vnunet.com:
Jacko suicide Trojan spreading fast. Read more

news.com.com:
Hackers create Jackson rumor. Read more

www.theregister.co.uk:
Bogus Jackson suicide bid claim used to spread malware. Read more

news.zdnet.com:
Skulls Trojan puts on antivirus mask. Read more

www.techweb.com:
RSS To Carry Spyware Before Year's Out. Read more

news.zdnet.com:
Recon worms on the way, experts say. Read more

www.vnunet.com:
Apple patches 11 security holes. Read more

news.com.com:
Faulty update crashes ZoneAlarm firewall. Read more

www.theregister.co.uk:
Dutch hacker love-in will get permit. Read more

comment.zdnet.co.uk:
NASA hacker is no Neo. Read more

www.cio-today.com:
Ballmer Warns of Internet Security Dangers. Read more

news.zdnet.com:
Forum host grapples with cyberattack. Read more

asia.internet.com:
Hackers Monkey With Korean Mozilla Site. Read more

news.zdnet.com:
Opera, Firefox squabble over best-browser claim. Read more

www.eweek.com:
Analysts: Windows Mobile 5.0 Security Falls Short. Read more

www.vnunet.com:
Public sector porn downloading soars. Read more

www.cio-today.com:
HP Breaks Into Nano Circuits. Read more

software.silicon.com:
Microsoft to turn cracked Windows legal for $1? Read more

10 June 2005

Guides, Papers, etc
www.securityfocus.com:
Meanwhile, on the other side of the web server" - a new write-up by Amit Klein. Read more

csrc.nist.gov:
Security Considerations for Voice Over IP Systems. Read more

www.eweek.com:
IE 7.0's Future Is in 2003. Read more

www.biosmagazine.co.uk:
Using A Network Analyser As A Security Tool. Read more

www.techweb.com:
Gartner IDs 'Over-Hyped' Security Threats. Read more

Building a GenII Honeynet Gateway by Diego González Gómez. Read more

www.astalavista.com:
An Interview with Destruction. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
WinZip Unspecified Buffer Overflows May Let Remote or Local Users Execute Arbitrary Code. Read more

www.securiteam.com:
WinZip Local Buffer Overflow (Exploit). Read more

rgod.altervista.org:
602 Lan Suite _ resources consumption and remote program execution. Read more

securitytracker.com:
SilverCity File Permissions Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Linux Kernel mmap() Lets Local Users Create Invalid Memory Maps to Deny Service or Execute Arbitrary Code. Read more

securitytracker.com:
Linux Kernel AMD64 Address Validation Flaw in ptrace() Lets Local Users Deny Service. Read more

securitytracker.com:
Ovidentia Include File Bug in 'index.php' Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Apple's Managed Client for OS X (MCX) Discloses Portable Home Directory Credentials to Local Users. Read more

securitytracker.com:
Loki Download Manager Input Validation Holes Permit SQL Injection Attacks. Read more

securitytracker.com:
Mac OS X Folder Permission Flaw May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
AOL AIM 'ateimg32.dll' Lets Remote Users Crash AIM With a Malicious Buddy Icon. Read more

securitytracker.com:
Apple OS X CoreGraphics Local Console Root Access. Read more

securitytracker.com:
Mac OS X NFS Export Restrictions Are Not Properly Enforced. Read more

securitytracker.com:
Apple LaunchServices Lets Remote Users Bypass the File Dowload Dialog. Read more

securitytracker.com:
Apple Mac OS X launchd Unsafe Temporary File Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Apple CoreGraphics PDF File Null Pointer Dereference Lets Remote Users Deny Service. Read more

securitytracker.com:
Apple File Protocol (AFP) Server Buffer Overflow in Legacy Client Support Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Apple File Protocol (AFP) Server May Prevent Users From Accessing Certain Files. Read more

securitytracker.com:
Cisco 802.1x Voice-Enabled Interfaces Grant Anonymous Voice VLAN Access. Read more

www.securiteam.com:
Tcpdump Remote Denial of Service Exploit (bgp_update_print). Read more

www.zataz.net:
xmysqladmin insecure temporary file creation. Read more

 

News
www.vnunet.com:
Mytob variant hides sting in the tail. Read more

www.vnunet.com:
Symantec sues for right to delete spyware. Read more

www.theregister.co.uk:
Symantec ask court to rule Hotbar.com as adware. Read more

www.vnunet.com:
Microsoft fixes Hotmail hack. Read more

www.techweb.com:
Microsoft Plans 10 Patches Next Tuesday. Read more

www.vnunet.com:
British hacker out on bail. Read more

news.xinhuanet.com:
New software to kill unknown viruses. Read more

www.theregister.co.uk:
Spyware probe PI in hospital after fall. Read more

www.infonetics.com:
Network Security Market Up 5% in 1Q05. Read more

www.vnunet.com:
GNER prints passwords in customer magazine. Read more

news.com.com:
Companies ramping up e-mail monitoring. Read more

09 June 2005

Guides, Papers, etc
www.computerworld.com:
Insecurity through obscurity. Read more

www.securityfocus.com:
Latest Bluetooth attack makes short work of weak passwords. Read more

www.securityfocus.com:
A Role Model for Security. Almost. Read more

www.computerworld.com:
What to ask when evaluating intrusion-prevention systems. Read more

blog.ziffdavis.com:
Security & MacOS on Intel. Read more

Application of a Methodology to Characterize Rootkits Retrieved from Honeynets. Read more

 

Vulnerabilities & Exploits
research.seniorennet.be:
NEW security hole / exploit in IE6 with SP2 and all the latest security patches. Read more

securitytracker.com:
Tcpdump Infinite Loop Error in bgp_update_print() Lets Remote Users Deny Service. Read more

securitytracker.com:
IBM AIX Buffer Overflows in invscout, paginit, diagTasksWebSM, getlvname, and swcons Commands and Multiple p Commands Let Local Users Execute Arbitrary Code. Read more

securitytracker.com:
SMTP Server for Windows NT/2000/XP/2003 Lets Remote Users Crash the SMTP Service. Read more

securitytracker.com:
Kaspersky AntiVirus 'klif.sys' Driver Access Flaw Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
ProductCart Input Validation Flaws in 'viewPrd.asp' and Various 'pcadmin' Scripts Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Cerberus Helpdesk Input Validation Holes Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
Pragma TelnetServer Lets Remote Authenticated Users Obfuscate Log Entries During Display. Read more

securitytracker.com:
FortiGate Antivirus Firewall Uses a Common Maintenance Account Password That Yields Root Access to Physically Local Users. Read more

securitytracker.com:
FortiLog Server Uses a Common Maintenance Account Password That Yields Root Access to Physically Local Users. Read more

securitytracker.com:
IBM WebSphere Application Server Buffer Overflow in Administrative Console Lets Remote Users Execute Arbitrary Commands. Read more

 

News
www.theregister.co.uk:
Bluetooth hack shakes mobile security. Read more

www.theregister.co.uk:
VXers go phishing with latest MyTob worms. Read more

www.theregister.co.uk:
Hotmail users exposed to cookie snaffling exploit. Read more

www.theregister.co.uk:
MS patches XP for HD video acceleration. Read more

www.theinquirer.net:
Trojan suspect throws himself down Israeli cops’ stairs. Read more

www.it-director.com:
Banking on security. Read more

www.vnunet.com:
Users claim victory over spyware. Read more

www.informationweek.com:
U.K. Court Grants Bail To Suspected Hacker of U.S. Military Computers. Read more

www.vnunet.com:
British hacker up for extradition. Read more

www.informationweek.com:
Microsoft Centralizes Patch Management. Read more

www.informationweek.com:
IM Worm Blitz Continues. Read more

www.informationweek.com:
Microsoft Adds Sender ID Anti-Spoofing Protocol To Exchange 2003 SP2. Read more

www.informationweek.com:
Symantec Turns Tables On Adware Vendor, Files Suit. Read more

www.infoworld.com:
ISPs found innocent of aiding zombie attacks in 'trial'. Read more

08 June 2005

Guides, Papers, etc
www.eeye.com:
Vice Newsletter - June 8, 2005. Read more

 

Tools:
www.sans.org:
Tools for Defense In-Depth. Read more

 

Vulnerabilities & Exploits
www.frsirt.com:
Kaspersky AntiVirus "klif.sys" Privilege Escalation Vulnerability. Read more

www.rgod.altervista.org:
Pragma Telnetserver 6.0 - html log obfuscation. Read more

securitytracker.com:
Sun ONE Application Server Discloses Files to Remote Users. Read more

securitytracker.com:
GNU Mailutils Input Validation Error in sql_escape_string() Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Mortiforo Access Control Flaw Lets Remote Users Access Private Forums. Read more

securitytracker.com:
desknet's Input Validation Error in Displaying HTML Mail Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
Clustered JDBC May Disclose a Target Users' Cached Results to Remote Users. Read more

securitytracker.com:
phpBB BBCode URL Tag Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Popper Include File Bug in 'childwindow.inc.php' Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Linux Kernel Radionet Open Source Environment (ROSE) ndigis Input Validation Flaw Has Unspecified Impact. Read more

securitytracker.com:
FlatNuke Referer Input Validation Hole Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Microsoft ISA Server in SecureNAT Configuration Can Be Crashed By Remote Users. Read more

securitytracker.com:
LutelWall Unsafe Temporary File Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
RakNet Lets Remote Users Freeze the System With a Zero Byte UDP Packet. Read more

securitytracker.com:
Everybuddy Unsafe Temporary File Lets Local Users Gain Elevated Privileges. Read more

www.frsirt.com:
Sun ONE Application Server Information Disclosure Vulnerability. Read more

www.frsirt.com:
Sun Solaris Unspecified C Library Privilege Escalation Issue. Read more

www.appsecinc.com:
Buffer overflow in WebSphere Application Server Administrative Console. Read more

 

News
constitutionalcode.blogspot.com:
Security Researcher Guillermito Fined in Civil Case. Read more

australianit.news.com.au:
Police nab star military hacker. Read more

www.newscientist.com:
New hack cracks 'secure' Bluetooth devices. Read more

www.benedelman.org:
More on Google's Role: Syndicated Ads Shown Through Ill-Gotten Third-Party Toolbars. Read more

blog.ziffdavis.com:
Security & MacOS on Intel. Read more

www.zdnet.com.au:
MSN flaw put Hotmail accounts at risk. Read more

www.webuser.co.uk:
Trojan horse disguised as lion. Read more

news.zdnet.com:
Microsoft delivers new patching tools. Read more

www.theregister.co.uk:
Firefox spoof bug returns from the dead. Read more

www.zdnet.com.au:
Debian ships sans security updates. Read more

www.theregister.co.uk:
Study: Flaw disclosure hurts software makers' stock. Read more

www.theregister.co.uk:
Citibank admits: we've lost the backup tape. Read more

www.it-director.com:
Banking on security. Read more

www.zdnet.com.au:
Three-year wait ends for Debian fans. Read more

www.businessweek.com:
Is the Penguin Losing a Step? Read more

07 June 2005

Guides, Papers, etc
www.syn-ack.org:
Analysis: Postbank.nl Phishing Scam. Read more

www.theregister.co.uk:
Security Barometer Survey
The Psychology of Security. Read more

www.theregister.co.uk:
Barometer Survey: IT Security. Read more

www.wired.com:
A Tale of Two Hackers. Read more

www.securityfocus.com:
Microsoft's Most Successful Failure. Read more

www.securityfocus.com:
Study: Flaw disclosure hurts software maker's stock. Read more

HTTP REQUEST SMUGGLING
A new attack technique that has recently emerged. This attack technique, and the derived attacks, are relevant to most web environments and are the result of an HTTP server or device’s failure to properly handle malformed inbound HTTP requests. Read more

 

Tools:
www.securityfocus.com:
tattle` -- automatic reporting of SSH brute-force attacks. Read more

Spam Trap is a CGI gizmo that generates potentially infinite numbers of bogus email addresses to clog up spammers' databases when their email-collecting bots come visiting. Read more

 

Vulnerabilities & Exploits
secunia.com:
Camino vulnerability re-discovered again
Multiple Browsers Frame Injection Vulnerability Test. Read more

securitytracker.com:
GIPTables Firewall Unsafe Temporary File Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Sun Solaris libc __init_suid_priv() Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Filesystem in Userspace (FUSE) May Disclose Information to Local Users. Read more

securitytracker.com:
Sawmill Lets Remote Authenticated Users Gain Elevated Privileges and Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
602LAN SUITE HTML Log File Processing Flaw Lets Remote Users Obfuscate Log Entries. Read more

securitytracker.com:
WWWeb Concepts Events System 'login.asp' Input Validation Hole Permits SQL Injection. Read more

securitytracker.com:
YaPiG Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Create/Delete Directories and Let Remote Users Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
KDbg Unsafe Session Files May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
ImageMagick Heap Overflow in ReadPNMImage() May Let Remote Users Execute Arbitrary Code. Read more

www.securiteam.com:
CrobFTP Remote Stack Overflow (Long Directories, Exploit). Read more

www.securiteam.com:
ePSXe Local Stack Overflow (Exploit). Read more

www.sven-tantau.de:
FUSE: Filesystem in Userspace - Information Disclosure. Read more

www.zataz.net:
LutelWall insecure temporary file creation. Read more

security.lss.hr:
Popper webmail remote code execution vulnerability. Read more

security.lss.hr:
Crob FTP Server remote buffer overflows. Read more

 

News
software.silicon.com:
Firefox flaw reopens old wounds. Read more

www.eweek.com:
Spoofing Risk Returns to Mozilla Browsers. Read more

news.softpedia.com:
MyTob based super-worm to cause mayhem on the Internet. Read more

www.theregister.co.uk:
Online gamers targeted in Korean MSN hack attack. Read more

www.computerweekly.com:
Firms warned they may be targets of Trojan spies. Read more

www.eweek.com:
Microsoft Planning 'Lower Rights' IE 7.0. Read more

www.eweek.com:
Triple-Barreled Trojan Attack Builds Botnets. Read more

www.theregister.co.uk:
The Escapist - cybercrime, hackery and sex. Read more

www.theregister.co.uk:
VMware starts virtual machine club for developers and ISVs. Read more

06 June 2005

Guides, Papers, etc
The Evolution of Viruses and Worms. Read more

 

Vulnerabilities & Exploits
rgod.altervista.org:
602 Lan Suite 2004 _ mailicious tags in GET request lead to malfunction of the HTML server message list in the built-in web server control panel. Read more

securitytracker.com:
LiteWeb Lets Remote Users Access Restricted Pages. Read more

 

News
nwc.securitypipeline.com:
Tools Help Keep Bugs Out From The Beginning. Read more

www.earthtimes.org:
Security firms issue warnings of Trojan attacks. Read more

www.detnews.com:
Days passed before Microsoft learned its popular Web site in South Korea had been hacked. Read more

hosted.ap.org:
MSN Site Hacking Went Undetected for Days. Read more

www.javareport.com:
Unencrypted Backups Can Be Worse than Worthless. Read more

nwc.securitypipeline.com:
"Osama Captured" E-mail Trojan Infected. Read more

nwc.securitypipeline.com:
Spy Software Code Had Design Flaw. Read more

05 June 2005

145 new files have been added to the archive. Read more

 

Guides, Papers, etc
informationweek.com:
Langa Letter: XP Professional's "Remote Control" Option. Read more

www.eeproductcenter.com:
Langa Letter: How To Ensure Remote-Control Security With XP. Read more

INTERNET WORMS AS INTERNET-WIDE THREAT by Nikolai Joukov and Tzi-cker Chiueh. Read more

 

Tools:
www.0x90.org:
Mezcal is an HTTP/HTTPS bruteforcing tool allowing the crafting of requests and insertion of dynamic variables on-the-fly. Read more

www.ri0tnet.net:
DISE Spawns multiple instances of itself to simulate simultaneous random attack using zombie servers. DISE gets a list to be used as zombies for the idle scans, and launches an Nmap idle scan on the target host(s). Read more

 

Vulnerabilities & Exploits
www.net-force.nl:
Hacking hotmail, by Alex de Vries - 04 june 2005. Read more

www.frsirt.com:
Bluetooth Protocol Device Pairing Process Remote Vulnerability. Read more

www.frsirt.com:
IBM WebSphere Application Server Buffer Overflow Vulnerability. Read more

www.frsirt.com:
MWChat "start_lobby.php" Remote File Inclusion Vulnerability. Read more

www.frsirt.com:
Popper "childwindow.inc.php" Remote File Inclusion Vulnerability. Read more

www.frsirt.com:
Redhat Security Update Fixes Kdbg Insecure Permissions Issue. Read more

 

News
www.webuser.co.uk:
Mytob worms stop anti-virus protection. Read more

www.pcworld.com:
Top-level Domain Name Suggested for Porn. Reda more

www.rsicopyright.com:
Beware The Trojan Horse. Read more

www.pcworld.com:
Details on How a Sophisticated Web Attack Works. Read more

04 June 2005

145 new files have been added to the archive. Read more

 

Guides, Papers, etc
www.astalavista.com:
Hacking in a Foreign Language: A Network Security Guide to Russia. Read more

www.annenbergpublicpolicycenter.org:
Annenberg Study Shows Americans Vulnerable To Exploitation in the Online and Offline Marketplace. Read more

on the Advantages of Deploying a Large Scale Distributed Honeypot Platform. Read more

 

Tools:
www.rgod.altervista.org:
NmapGUI v0.9 for Win32 by rgod. Read more

 

Vulnerabilities & Exploits
www.rgod.altervista.org:
Mirc 6.16 & "generic Edit component" win32 trick by rgod.
Here it is how a Trojan can take advantage of mirc and other messaging software in order to send to the attacker passwords and other stuff, bypassing firewall rules. Read more

www.debian.org:
DSA-732-1 mailutils -- several vulnerabilities. Read more

 

News
times.hankooki.com:
N. Korea’s Hacking Capability Could Disrupt US Military: Expert. Read more

www.theregister.co.uk:
Hackers plot to create massive botnet. Read more

www.theregister.co.uk:
Trojan poses as Osama capture pics. Read more

www.startribune.com:
Hackers hit Microsoft website in South Korea, steal passwords for days. Read more

www.pcworld.com:
Are Virus Writers Creating a Super Worm? Read more

www.theregister.co.uk:
Hack can upgrade XP Home to XP Pro Lite. Read more

news.zdnet.co.uk:
Anti-Spyware Coalition to define terms. Read more

news.zdnet.co.uk:
Malware variant trend reflects police action. Read more

news.zdnet.co.uk:
Three-stage Bagle variants alarm experts. Read more

www.vnunet.com:
Hilton customers targeted by phishers. Read more

www.vnunet.com:
New bill proposes 10-year sentence for online fraud. Read more

03 June 2005

145 new files have been added to the archive. Read more

 

Guides, Papers, etc
www.securityfocus.com:
The True Computer Parasite. Read more

www.vnunet.com:
Deterrence must be the key to avoiding DDoS attacks. Read more

code.google.com:
The Summer of Code is Google's program designed to introduce students to the world of Open Source Software Development. Read more

TROJANS, WORMS, AND SPYWARE, A Computer Security Professional’s Guide to Malicious Code by Michael Erbschloe. Read more

 

 

Vulnerabilities & Exploits
securitytracker.com:
SPA-PRO Mail @Solomon Input Validation Hole Discloses Files to Remote Users and Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
MWChat Include File Flaw Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
HP OpenView Radia Buffer Overflow in RADEXECD Lets Remote Users Execute Arbitrary Code. Read more

www.securiteam.com:
e-Post SPA-PRO Mail Service Buffer Overflow. Read more

www.securiteam.com:
myBloggie SQL Injection (Exploit). Read more

www.securiteam.com:
MyBulletinBoard(MyBB) SQL Injection (Exploit). Read more

www.debian.org:
DSA-731-1 krb4 -- buffer overflows. Read more

 

News
www.cnn.com:
Microsoft: MSN site hacked in South Korea. Read more

www.theregister.co.uk:
Window of exposure lets viruses run rampant. Read more

www.theinquirer.net:
Hackers booby trapped MSN. Read more

www.vnunet.com:
Hacking fear drives up network security market. Read more

www.informationweek.com:
Hackers, Spammers Partner Up To Wreak Havoc. Read more

comment.zdnet.co.uk:
Viruses bring a sting in the tail. Read more

software.silicon.com:
Virus warning: Bagle variant has alarming attack strategy. Read more

www.heraldsun.news.com.au:
Ransom virus strikes. Read more

02 June 2005

145 new files have been added to the archive. Read more

 

Guides, Papers, etc
Beagle.BG-BJ/Mitglieder (Tooso) Propagation by infectionvectors.com. Read more

 

Tools:
www.mozilla.org:
Deer Park Alpha 1 is an alpha release of our next generation Firefox browser and it is being made available for testing purposes only. Read more

www.earthtimes.org:
Yahoo! comes out with intelligent search tool. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Symantec Brightmail AntiSpam Uses Common Default Database Password. Read more

securitytracker.com:
livingmailing Input Validation Hole Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
JiRo's Upload System Input Validation Hole in Admin Panel Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
(i)Site Discloses Database and Passwords to Remote Users and Permits SQL Injection. Read more

securitytracker.com:
Ettercap Format String Flaw in curses_msg() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Calendarix Advanced Include File Flaw Lets Remote Users Execute Commands and Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more

securitytracker.com:
MyBB Input Validation Holes in Multiple Scripts Permit SQL Injection and Cross-Site Scripting Attacks. Read more

securitytracker.com:
MyBB Input Validation Hole in 'usercp.php' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
FutureSoft TFTP Server 2000 Buffer Overflow Lets Remote Users Execute Arbitrary Code and Input Validation Hole Discloses Files to Remote Users. Read more

 

News
www.internetweek.com:
Sober Worm Causes Surge In Virus-Infected E-Mail. Read more

www.theregister.co.uk:
Sober worm tops May viral charts. Read more

news.zdnet.co.uk:
Bagle and Mytob evolve again. Read more

www.zdnet.com.au:
Trojan horse could recruit 'Fagin's gang'. Read more

news.zdnet.co.uk:
Malware variant trend reflects police action. Read more

www.asahi.com:
Hacker attacked weak point on Kakaku.com's Web site. Read more

news.zdnet.co.uk:
'Serious vulnerability' found in Nortel VPNs. Read more

www.pcworld.com:
How Savvy Are You About Your Online Security? Read more

www.stuff.co.nz:
Police left phishing for details of scam website. Read more

news.zdnet.com:
Group pools data to trap phishers. Read more

01 June 2005

145 new files have been added to the archive. Read more

 

Guides, Papers, etc
www.oxid.it:
Remote Desktop Protocol, the Good the Bad and the Ugly. Read more

www.microscope.co.uk:
Encryption: the key to secure data? Read more

www.prolexic.com:
The Prolexic Zombie Report. Read more

Hiding an Intrusion Detection System (IDS) by Bob Radvanovsky. Read more

 

Vulnerabilities & Exploits
www.securityfocus.com:
Microsoft Internet Explorer Valid File Drag and Drop Embedded Code Vulnerability. Read more

www.securityfocus.com:
Microsoft Internet Explorer Implicit Drag and Drop File Installation Vulnerability. Read more

www.securityfocus.com:
Multiple Browser URI Obfuscation Weakness. Read more

www.securityfocus.com:
Microsoft Internet Explorer Method Caching Mouse Click Event Hijacking Vulnerability. Read more

www.securityfocus.com:
Microsoft Windows DHTML Edit Control Script Injection Vulnerability. Read more

www.guninski.com:
64 bit qmail fun. Read more

securitytracker.com:
PowerDownload Include File Bug Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
X-Cart Multiple Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more

securitytracker.com:
Quick Cart Input Validation Flaw in 'search' Field Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
ServersCheck Lets Remote Authenticated Users Traverse the Directory. Read more

securitytracker.com:
India Software Solution Shopping Cart Input Validation Hole in 'signin.asp' Permits SQL Injection. Read more

securitytracker.com:
NPDS Input Validation Holes in 'glossaire' Module and Links Search Script Permit SQL Injection. Read more

securitytracker.com:
Online Solutions for Educators Input Validation Hole Permits SQL Injection. Read more

www.securiteam.com:
IBM AIX invscout Local Exploit. Read more

www.securiteam.com:
Vulnerability in OLE and COM Allows Remote Code Execution (Exploit, MS05-012). Read more

www.securiteam.com:
phpStat Authentication Bypass Vulnerability (Exploit, Setup.PHP). Read more

www.securiteam.com:
ZeroBoard Remote Command Execution (Exploit, preg_replace). Read more

 

News
www.eweek.com:
Assume Malware Espionage Is Common. Read more

www.computerworld.com:
Israeli police uncover Trojan industrial spy ring. Read more

www.theregister.co.uk:
Blank virus blanks email. Read more

www.computerworld.com:
New Bagle variants spreading. Read more

software.silicon.com:
Virus warnings: Watch out for latest Bagle and Mytob. Read more

www.vnunet.com:
IM worm lures users to the dark side. Read more

www.telecomasia.net:
BT warns customers of 'Trojan dialer'. Read more

www.securityfocus.com/:
July trial for Sasser suspect. Read more

www.microscope.co.uk:
Bank of America to use two-factor system to beat phishers. Read more

www.microscope.co.uk:
Payment processing firms look to protect against denial of service. Read more

www.eweek.com:
Security Tool Can 'Frisk' PCs. Read more

www.zone-h.org:
US Hackers at the Service of the Nation! But Who is the Enemy? Read more

www.internetweek.com:
Developing Countries Hit Hardest By Spam. Read more


Copyright© MegaSecurity.org