Home    News Archive    Translate Traducen
News June 2006
30 June 2006

Guides, Papers, etc
technology.guardian.co.uk:
Will Microsoft corrupt the security sector? Read more

www.eecs.umich.edu:
SubVirt: Implementing malware with virtual machines. Read more

www.wired.com:
It's the Economy, Stupid. Read more

ddanchev.blogspot.com:
Real-Time PC Zombie Statistics. Read more

ddanchev.blogspot.com:
The WarDriving Police and Pringles Hacking. Read more

www.windowsecurity.com:
Writing Egress Filters for your IDS. Read more

www.informationweek.com:
Langa Letter: XP's No-Reformat, Nondestructive Total-Rebuild Option. Read more

www2.csoonline.com:
Interview: An Ethical Hacker Protects the World Cup Network. Read more

abcnews.go.com/Technology:
Spy Versus Antispy. Read more

searchwindowssecurity.techtarget.com:
Online scams: Top 5 best of the worst. Read more

www.pcworld.idg.com.au:
Making your Linux installation (more) malware-proof. Read more

www.darkreading.com:
Leap Fraud. Read more

www.wired.com:
Real Sex, Virtual Worlds. Read more

 

Tools:
www.betanews.com:
Microsoft Releases New Beta of IE7. Read more

fileforum.betanews.com:
Microsoft Network Diagnostic Tool 1.0. Read more

 

Vulnerabilities & Exploits
isc.sans.org:
Two new Internet Explorer vulnerabilities disclosed including PoC (NEW). Read more

securitytracker.com:
SmartSiteCMS 'root' Parameter Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
HP-UX mkdir Unspecified Bug Lets Local Users Gain Unauthorized Access. Read more

securitytracker.com:
BLOG:CMS Input Validation Flaw in 'id' Parameter Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
PHPClassifieds Permits Cross-Site Scripting Attacks and Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Opera May Display the SSL Certificate of a Trusted Site While Visiting an Untrusted Site. Read more

securitytracker.com:
PatchLink Update Bugs Let Remote Users Inject SQL Commands, Modify the Configuration, and Create or Overwrite Files. Read more

securitytracker.com:
Novell GroupWise API May Let Remote Authenticated Users Access Random User E-mails. Read more

securitytracker.com:
MKPortal Include File Bug in 'language' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
PHP iCalendar Input Validation Flaw in 'rss/index.php' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
F-Secure Anti-Virus May Not Scan Files With Modified Filenames. Read more

securitytracker.com:
F-Secure Internet Security May Not Scan Files With Modified Filenames. Read more

securitytracker.com:
Cisco Access Point Configuration Error May Let Remote Users Gain Administrative Access. Read more

securitytracker.com:
Cisco Wireless Control System Lets Remote Users Read/Write Files, View Sensitive Information, Access the Systems, and Conduct Cross-Site Scripting Attacks. Read more

 

News
www.securityfocus.com:
Laptop containing VA data recovered. Read more

www.theregister.co.uk:
IE blighted by flaw duo. Read more

www.techworld.com:
IE bug lets hackers read your mail. Read more

www.internetnews.com:
IE, Firefox Users at Risk From New Flaws. Read more

www2.csoonline.com:
Researcher Publishes Details of Amazon.com, MSN Holes. Read more

www.informationweek.com:
Defense Fails To Rattle Computer Forensics Expert In UBS Trial. Read more

www.sierratimes.com:
Large Scale Computer Attacks Predicted by Feds. Read more

blogs.securiteam.com:
Gaza Electronic Aftermath - Hacker Wars. Read more

blog.washingtonpost.com:
The Scoop on the m00p Group. Read more

www.ktiv.com:
Hacker Breaks In To Nebraska Child Support System. Read more

blogs.zdnet.com:
New malware poses as WGA validation and notification. Read more

www.betanews.com:
Want to Test Vista? Better Act Fast. Read more

www.cbronline.com:
Skype to sweeten bitter pill. Read more

www.internetnews.com:
MessageLabs Takes Malware Fight To The Clouds. Read more

. 29 June 2006

Guides, Papers, etc
www.viruslist.com:
Proactive Protection: a Panacea for Viruses? Read more

www.syscan.org:
SyScan'06. Read more

theinvisiblethings.blogspot.com:
Introducing Blue Pill. Read more

www.it-observer.com:
Stealth Malware: Interview with Joanna Rutkowska. Read more

www.itweb.co.za:
Transformed virus market requires a new level of protection. Read more

www.agnitum.com:
OneCare Firewall: a light-weight approach to a heavy-duty problem. Read more

support.microsoft.com:
How to disable or uninstall the pilot version of Microsoft Windows Genuine Advantage Notifications. Read more

ddanchev.blogspot.com:
Tracking Down Internet Terrorist Propaganda. Read more

www.pcworld.com:
Surf in Stealth Mode. Read more

www.darkreading.com:
Fearsome Decade. Read more

techrepublic.com.com:
IP subnetting made easy. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Microsoft Internet Explorer Lets Remote Users Access Information in Other Domains and Execute HTA Applications. Read more

securitytracker.com:
Apple Mac OS X Format String Bug in launchd Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
OpenLDAP on Mac OS X Lets Remote Users Cause Denial of Service Conditions. Read more

securitytracker.com:
Apple File Protocol Search Results May Disclose Restricted File and Folder Names. Read more

securitytracker.com:
Apple Mac OS X ImageIO Stack Overflow in Processing TIFF Images Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Clam AntiVirus Buffer Overflow in Freshclam Lets Remote Servers Execute Arbitrary Code. Read more

securitytracker.com:
CA eTrust Antivirus Format String Bug in Scan Job Description Field Lets Local Users Execute Arbitrary Code. Read more

securitytracker.com:
IBM Lotus Domino Bug in Processing vCal Meeting Requests Let Remote Users Deny Service. Read more

securitytracker.com:
Gracenote CDDBControl ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.theregister.co.uk:
MS fixes phone-home nagware. Read more

blogs.zdnet.com:
The WGA fiasco continues. Read more

www.securitypronews.com:
Microsoft Sued Over WGA Check. Read more

www.channelregister.co.uk:
Yahoo! settles click fraud. Read more

www.vnunet.com:
Spammers using images to evade detection. Read more

. 28 June 2006

Guides, Papers, etc
blogs.securiteam.com:
How to defeat China’s Great Firewall. Read more

www.smh.com.au:
Without privacy we have no liberty. Read more

www.viruslist.com:
Blackmailer: the story of Gpcode. Read more

www.eweek.com:
My Anti-Virus Revolving Door. Read more

weis2006.econinfosec.org:
Predictors of Home-Based Wireless Security. Read more

blogs.securiteam.com:
Leo Stoller Targets CastleCops (!). Read more

blogs.securiteam.com:
Microsoft’s Real Test with Vista is Vulnerabilities. Read more

metasploit.blogspot.com:
Microsoft is disappointed. Read more

 

Vulnerabilities & Exploits
isc.sans.org:
Two new Internet Explorer vulnerabilities disclosed including PoC (NEW). Read more

securitytracker.com:
Claroline Unspecified Input Validation Bugs Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
Zorum Input Validation Flaw in Several 'index.php' Parameters Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
planetNews Grants Administrative Access to Remote Users. Read more

securitytracker.com:
DeluxeBB Missing Input Validation in 'cp.php' Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
cPanel Input Validation Flaw in 'select.html' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
PrivateWire Online Registration Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.theregister.co.uk:
Police hold three in spam Trojan bust. Read more

software.silicon.com:
Virus writer suspects bagged by police. Read more

www.zdnet.com.au:
Top 10 network hackers named. Read more

www.computerworld.com.au:
Data loss creates drama at AFP. Read more

www.informationweek.com:
Rival Calls Microsoft's Security Pricing 'Predatory,' 'Ruthless'. Read more

news.com.com:
Microsoft: Here's how to halt WGA alerts. Read more

www.betanews.com:
Microsoft Launches Piracy Reminders. Read more

online.wsj.com:
Google Gets Ready to Test GBuy, A New Online-Payment Option. Read more

. 27 June 2006

Guides, Papers, etc
www.f-secure.com:
Video & Audio: F-Secure's Data Security Wrap-up for January to June 2006. Read more

www.viruslist.com:
Blackmailer: the story of Gpcode. Read more

www.networkworld.com:
One man's fight against rootkits. Read more

www.theregister.co.uk:
Microsoft's future file system dies, again. Read more

 

Tools:
oss.coresecurity.com:
The Universal Hooker is a tool to intercept execution of programs. It enables the user to intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory. Read more

news.com.com:
Border patrol for Internet Explorer. Read more

 

Vulnerabilities & Exploits
www.mobileav.org:
The Ten Most Critical Wireless and Mobile Security Vulnerabilities. Read more

securitytracker.com:
QaTraq Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
DeluxeBB Missing Input Validation in 'pm.php' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
vlbook Input Validation Hole in Message Field Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Sun ONE and Sun Java System Application Server Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
PHP error_log() Function Lets Users Bypass Safe Mode File Access Restrictions. Read more

securitytracker.com:
MailEnable HELO Command Lets Remote Users Deny Service. Read more

securitytracker.com:
Webmin for Windows Error in Parsing '\' Backslash Character Permits Directory Traversal Attacks. Read more

securitytracker.com:
Woltlab Burning Board Input Validation Flaws in 'boardid' and 'postid' Parameters Permits SQL Injection Attacks. Read more

securitytracker.com:
Windows Live Messenger Contact List Heap Overflow. Read more

 

News
www.theregister.co.u:
Junk mail scumbags in harvesting attack. Read more

www.theregister.co.u:
Anti-virus market hits $4bn. Read more

www.eweek.com:
Microsoft's New Security Hat. Read more

www.techworld.com:
Hacking toolkit targets Windows diallers. Read more

software.silicon.com:
Windows flaw attack code hits the net. Read more

www.internetnews.com:
Is Browsezilla a Malware Magnet? Read more

www.theregister.co.u:
Say Hello to voice phishing. Read more

www.cellular-news.com:
Cellphone Virus Warning for City of London. Read more

www.journalnow.com:
Blame game. Schools file injunction; Google denies fault. Read more

www.theregister.co.u:
Is that a PC in your pocket? Read more

www.nwfdailynews.com:
Internet providers to create database to combat child porn. Read more

news.bbc.co.uk:
Web paedophile given nine years. Read more

. 26 June 2006

Guides, Papers, etc
business.newsforge.com:
Tor: Freedom for whom? Read more

www.talk2action.org:
Who's Watching the Boys? (Part 6). Read more

ha.ckers.org:
XSS cheat sheet. Read more

www.harvardlawreview.org:
IMMUNIZING THE INTERNET, OR: HOW I LEARNED TO STOP WORRYING AND LOVE THE WORM. Read more

blogs.securiteam.com:
Taking Over Laptops by Fuzzing Wireless Drivers. Read more

www.securityfocus.com:
USB drives pose insider threat. Read more

www.internetnews.com:
Search Engines And Their Hacker Friends. Read more

blogs.zdnet.com:
Watching Windows Vista decay. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Trend Micro Control Manager Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Lanap BotDetect CAPTCHAs Can Be Bypassed By Remote Users. Read more

securitytracker.com:
Cisco Secure Access Control Server Session Authentication Weakness Lets Remote Users Hijack Management Sessions. Read more

securitytracker.com:
BNBT Input Validation Hole in 'filter' and 'sort' Parameters Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
SmartNet Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Namo DeepSearch Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

 

News
tgmandry.blogspot.com:
The world's largest FOSS IRC network, FreeNode, has been (for lack of a better word) hijacked. Read more

www.theregister.co.uk:
Google sheds China investment. Read more

www.newsfactor.com:
Web Services: New Hacker Target. Read more

www.pcworld.com:
Free Web Browser May Give You More Than You Asked For. Read more

www.theinquirer.net:
Google "hacked our website". Read more

techdirt.com:
Blaming Google For Your Own Failure To Protect Info. Read more

www.betanews.com:
Microsoft Helps Put Phisher in Prison. Read more

. 24 June 2006

Guides, Papers, etc
www.emailbattles.com:
Antivirus Makers Deserve What Microsoft's Serving. Read more

www.internetnews.com:
Search Engines And Their Hacker Friends. Read more

asert.arbornetworks.com:
Long Lived Malware Distribution Sites. Read more

blogs.securiteam.com:
Amazon, MSN vulns and.. Yes, we know! Most sites have vulnerabilities. Read more

blogs.securiteam.com:
Vishing: Santa Barbara Trust (Voice or Phone Phishing). Read more

dig.csail.mit.edu:
Net Neutrality: This is serious. Read more

isc.sans.org:
Sudo For Windows (NEW). Read more

msdn2.microsoft.com:
Code Security Changes in Outlook 2007. Read more

www.pcworld.com:
The 10 Biggest Security Risks You Don't Know About. Read more

blog.washingtonpost.com:
Flaws in Financial Sites Aid Scammers. Read more

blog.washingtonpost.com:
Lessons Learned from the 'Leaves' Worm? Read more

www.cio-today.com:
Look Out - It's an Invisible PC! Read more

taosecurity.blogspot.com:
A Real Logic Bomb. Read more

 

Tools:
sudowin.sourceforge.net:
Sudo for Windows. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Helix DNA Server Buffer Overflow in RTSP Service Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
PHP Event Calendar Missing Input Validation in 'id' Parameter Permits SQL Injection Attacks. Read more

securitytracker.com:
HP-UX Unspecified Kernel Bug Lets Local Users Deny Service. Read more

securitytracker.com:
Opera Integer Overflow in Processing JPEG Images Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Some Chess Missing Input Validation Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Opera Memory Error in Processing Long HREF Tags Lets Remote Users Deny Service. Read more

 

News
www.securityfocus.com:
Alleged MPAA hacker named in court filing. Read more

www.msnbc.msn.com:
Sailors’ personal data found on Internet. Read more

www.networkworld.com:
Security vendor warns of porn-clicking browser. Read more

blogs.zdnet.com:
The perpetual malware distribution site lives on. Read more

www.suburbanchicagonews.com:
Computer attackers targeting Internet. Read more

www.eweek.com:
Cyber-criminals Use P2P Tools for Identity Theft, Security Analyst Warns. Read more

news.zdnet.com/:
Zombie builders send out phone texts. Read more

news.zdnet.com/:
Poor Wi-Fi drivers can expose laptops. Read more

www.vnunet.com:
JPEG flaw uncovered in Opera browser. Read more

www.informationweek.com:
Forensics Expert Attempts To Link UBS Attack And Defendant. Read more

www.networkworld.com:
Hacker hit U.S. cows. Read more

arstechnica.com:
Movie critic caught selling titles to pirates. Read more

www.gartner.com:
Gartner Says Worldwide Antivirus Software Market Increased 13.6 Percent in 2005. Read more

www.technewsworld.com:
Laptop Thefts Accelerate Data Privacy Concerns. Read more

news.com.com:
Week in review: Microsoft metamorphosis. Read more

news.com.com:
U.S. unprepared for Net meltdown, blue chips warn. Read more

edition.cnn.com:
France unveils Google Earth rival. Read more

www.betanews.com:
Google Child Porn Suit Dropped. Read more

. 23 June 2006

Guides, Papers, etc
www.spam-blocker-resource.com:
Blog Spammer Caught. Now What? Read more

www.theregister.co.uk:
How to stop Microsoft's WGA phoning home. Read more

blogs.msdn.com:
Enforcement takes the fight to the phishers. Read more

neosmart.net:
What XSS isn’t. Read more

www.pcworld.com:
Store It on the Web. Read more

www.msnbc.msn.com:
How hard can it be to cancel an AOL account? Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Enterprise Groupware System Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Azureus Input Validation Flaw in 'index.tmpl' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
thinkWMS Input Validation Flaws in the 'id' and 'catid' Parameters Let Remote Users Inject SQL Commands. Read more

securitytracker.com:
Ultimate Auction Input Validation Flaws Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
phpTRADER Input Validation Flaw in Multiple Scripts Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Ultimate eShop 'index.cgi' Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Ultimate Estate Missing Input Validation in 'index.pl' Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
UltimateGoogle Missing Input Validation in 'REQ' Parameter Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
FineShop Input Validation Bugs in 'index.php' Permits Cross-Site Scripting Attacks and SQL Command Injection. Read more

securitytracker.com:
IMGallery Input Validation Flaws Let Remote Users Inject SQL Commands. Read more

 

News
www.gcn.com:
CIO council adds to IPv6 transition primer. Read more

ice.citizenlab.org:
Tom-Skype Filtering in China. Read more

www.internetnews.com:
Next-Gen Bank Trojans Are Upon Us. Read more

news.com.com:
Torrentspy names alleged MPAA hacker. Read more

www.vnunet.com:
Phisher catches 21-month jail term. Read more

www.internetnews.com:
More Problems Found in Microsoft Software. Read more

news.com.com:
Microsoft swims upstream on security. Read more

www.mercurynews.com:
Social networks a hacker's paradise. Read more

management.silicon.com:
Porn scandal shames DVLA. Read more

www.bath.ac.uk:
Magnetic field research could make computers 500 times more powerful. Read more

. 22 June 2006

Guides, Papers, etc
www.benedelman.org:
Spyware Showing Unrequested Sexually-Explicit Images. Read more

www.mcafee.com:
MALWARE IN POPULAR NETWORKS. Read more

searchwindowssecurity.techtarget.com:
Malware removal: Four simple steps. Read more

www.linuxworld.com.au:
Rootkit detectors protect your PC. Read more

www.eweek.com:
Bring On the Security Price Wars. Read more

www.matasano.com:
Matasano Interviews IE Lead PM Christopher Vaughan. Read more

www.pcmag.com:
The Golden Age of the Internet. Read more

www.networkmagazineindia.com:
The single biggest problem today is botnets. Read more

 

Tools:
sectools.org:
Top 100 Network Security Tools. Read more

www.f-secure.com:
F-Secure BlackLightTM. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
vBulletin Input Validation Hole in 'member.php' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Linux Kernel xt_sctp Endless Loop Lets Remote Users Deny Service. Read more

securitytracker.com:
RahnemaCo Include File Bug in 'page.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Toshiba Bluetooth Stack Lets Remote Users Deny Service. Read more

securitytracker.com:
Microsoft Excel 'Shockwave Flash Object' Lets Remote Users Execute Code Automatically. Read more

securitytracker.com:
chmlib 'extract_chmLib' Directory Traversal Bug Lets Remote Users Overwrie Files. Read more

securitytracker.com:
SaphpLesson Input Validation Flaw in the 'action' Parameter in 'misc.php' Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
WeBBoA Hosting Script Input Validation Flaw Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
V3 Chat - Instant Messenger Input Validation Bugs Let Remote Users Conduct Cross-Site Scripting Attacks and Determine the Installation Path. Read more

securitytracker.com:
Microsoft Windows 'hlink.dll' Buffer Overflow in Processing Hyperlinks Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.techworld.com:
Third security flaw hits Excel. Read more

www.arnnet.com.au:
Hacker discovers second Excel attack. Read more

www.theregister.co.uk:
Unauthorised apps bigger threat than malware. Read more

www.theregister.co.uk:
A third of EU citizens lack basic computer skills. Read more

www.theage.com.au:
Hacker breaks into U.S. Agriculture Department computer system. Read more

news.zdnet.co.uk:
Skype to address identification concerns. Read more

www.24-7pressrelease.com:
Microsoft France hacked - can you afford to be the next? Read more

www.websense.com:
Malicious Code Alert: SMS lures for Trojan bot. Read more

www.darkreading.com:
Sorry, No Naked World Cup. Read more

www.darkreading.com:
VA Snafu Gets Uglier. Read more

www.infoworld.com:
Researchers hack Wi-Fi driver to breach laptop. Read more

www.techworld.com:
Wi-Fi drivers open laptops to hackers. Read more

www.computerworld.com:
Bill Gates' piracy confession. Read more

www.theinquirer.net:
Microsoft workers prefer Google. Read more

news.com.com:
Too many chefs in Microsoft's kitchen? Read more

http://www.wired.com:
Laptops Give Hope to the Homeless. Read more

. 21 June 2006

Guides, Papers, etc
www.viruslist.com:
The validity of tests. Read more

www.windowsecurity.com:
Local Attacks. Read more

www.matasano.com:
Matasano Interviews IE Lead PM Christopher Vaughan. Read more

www.usatoday.com:
Want to outwit hackers? Hire an ethical one. Read more

www.smh.com.au:
Invisible soldiers fight the ongoing war on spam. Read more

 

Vulnerabilities & Exploits
Microsoft Security Advisory (921365)
Vulnerability in Excel Could Allow Remote Code Execution. Read more

www.fishnetsecurity.com:
Input Validation/Output Encoding Vulnerabilities in Cisco CallManager Allow Script Injection Attacks. Read more

securitytracker.com:
Groupmax Lets Remote Users Deny Service. Read more

securitytracker.com:
MailEnable Professional Discloses User Passwords to Remote Authenticated Administrators. Read more

securitytracker.com:
ASP Stats Generator 'pages.asp' Input Validation Flaw Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
easy-CMS Lets Remote Authenticated Users Upload and Execute Arbitrary Code. Read more

securitytracker.com:
Mambo Server Input Validation Hole in 'Weblinks' Module Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
QTOFileManager Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
DotNetNuke Unspecified Bug Grants Remote Users Access to the Target System. Read more

securitytracker.com:
Indexu Include File Bug in Administrative Scripts in 'theme_path' and 'base_path' Parameters Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Indexu Include File Bug in 'admin_template_path' Parameter Lets Administrators Execute Arbitrary Code. Read more

securitytracker.com:
Cisco CallManager 'Administration' and 'User Options' Input Validation Holes Permit Cross-Site Scripting Attacks. Read more

 

News
www.informationweek.com:
Security Vendors Spot Second Excel Bug. Read more

www.darkreading.com:
Microsoft Works Around Excel Bug. Read more

sunbeltblog.blogspot.com:
Microsoft practices predatory pricing. Read more

www.contractoruk.com:
Cyber crime 'costs UK plc £270,000 an hour'. Read more

australianit.news.com.au:
Bounty hunters track net scams. Read more

www.cio.in:
Hacker Discovers Second Excel Weakness. Read more

isc.sans.org:
New Bagle in Encrypted Zip File Attachments. Read more

www.wired.com:
'UFO Hacker' Tells What He Found. Read more

news.zdnet.com:
Fighting Microsoft's piracy check. Read more

www.redherring.com:
Two China Search Sites Shut. Read more

news.com.com:
MySpace to add teen protections. Read more

www.securitypark.co.uk:
Targeted criminal malware, rootkits and mobile malware are the new 2006 threats. Read more

www.usdoj.gov:
North Carolina Man Charged with Illegally Accessing American College of Physicians Database. Read more

edition.cnn.com:
Web browsers getting facelifts. Read more

www.prweb.com:
Are Your Kids Safe Online? Read more

today.reuters.com:
Microsoft sees future in robots. Read more

www.int.iol.co.za:
Yahoo introduces enhanced online IM. Read more

. 20 June 2006

Guides, Papers, etc
www.securityfocus.com:
Phishing with Rachna Dhamija. Read more

blogs.msdn.com:
Behind 'How to break Windows Notepad'. Read more

isc.sans.org:
The dangers of shared web hosts (NEW). Read more

www.securityfocus.com:
Ajax security basics. Read more

dotnetjunkies.com:
The PC Boot Process - Windows XP. Read more

www.eweek.com:
Raising Standards for Device Drivers. Read more

www.esecurityplanet.com:
Google Spreadsheets: Secure Enough to Trust? Read more

reddit.com:
can we do anything against spammers and downvoting bots? Read more

news.com.com:
Say what? A look back at Gates' pearls of wisdom. Read more

www.eweek.com:
Stiffer Fines, Safer Data. Read more

 

Tools:
www.firewallleaktester.com:
RemoveWGA: WGA (Windows Genuine Advantage) removal utility. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Best Top List 'banner-upload.php' Script Lets Remote Users Upload Arbitrary Files. Read more

securitytracker.com:
eBD Lets Remote Authenticated Users Modify Images. Read more

securitytracker.com:
Nucleus Include File Bugs in DIR_LIBS Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Calendarix Input Validation Flaws in 'cal_event.php' and 'cal_popup.php' Let Remote Users Inject SQL Commands. Read more

 

News
www.theregister.co.uk:
Gates becomes a higher power. Read more

www.techweb.com:
UPDATE: Microsoft Site Vandalized By Boo-Boo, Not Bug. Read more

news.netcraft.com:
PayPal Security Flaw allows Identity Theft. Read more

news.zdnet.co.uk:
PayPal fixes phishing hole. Read more

www.informationweek.com:
UBS Trial: Parts Of Attack Code Found At Defendant's Home. Read more

www.informationweek.com:
Spoofing Defense Dissed By Security Experts. Read more

sunbeltblog.blogspot.com:
World Cup Soccer Worm Spreads - Disables Security Software. Read more

www.theregister.co.uk:
Trojan forwards details of Oregon taxpayers. Read more

news.zdnet.co.uk:
Trojan targets Google hosting service. Read more

software.silicon.com:
Trojan lurks on Google Pages. Read more

blogs.zdnet.com:
Spyware fighter under DDoS attack by DollarRevenue trojan. Read more

www.statesman.com:
Teen, mom sue MySpace.com for $30 million. Read more

www.theregister.co.uk:
Hacking students will need background checks. Read more

www.theage.com.au:
Hackers have upper hand in fight against computer crime. Read more

www.terra.net.lb:
Ex-Google honcho 'comes home' to Lebanon. Read more

today.reuters.co.uk:
Microsoft releases new Windows Live IM service. Read more

. 19 June 2006

Guides, Papers, etc
blogs.securiteam.com:
Microsoft France Defaced. Read more

www.brainyquote.com:
Bill Gates Quotes. Read more

blogs.securiteam.com:
Microsoft Excel 0-day Vulnerability FAQ. Read more

www.computerworld.com:
AJAX can amplify security threats, analysts say. Read more

www.techreview.com:
Solving Laptop Larceny. Read more

isc.sans.org:
Empty emails? Read more

www.avertlabs.com:
Trojan Frog on the Loose. Read more

blog.washingtonpost.com:
Spam Spotted Using TinyURL. Read more

email.about.com:
Top 5 Most Effective Tips to Avoid Getting Spam Altogether. Read more

english.ohmynews.com:
Hunting Spyware in Your PC : Part 3. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
TWiki 'TWiki.TWikiRegistration' Access Control Error Lets Remote Authenticated Users Gain Elevated Privileges. Read more

securitytracker.com:
HotPlug CMS Missing Input Validation Permits SQL Injection Attacks. Read more

securitytracker.com:
HotPlug CMS Missing Input Validation in 'login1.php' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
aXentForum II Input Validation Hole in 'viewposts.cfm' Permits Cross-Site Scripting Attacks. Read more

 

News
www.therawfeed.com:
Microsoft France Site Hacked. Read more

www.pcworld.idg.com.au:
Phishing scam uses PayPal secure servers. Read more

www.informationweek.com:
Microsoft's Security Push Will Start Off Shaky, But Just Wait. Read more

www.pcmag.com:
Microsoft Halts Unauthorized Vista Downloads. Read more

www.newindpress.com:
Scottish University launches UK’s first ‘ethical’ computer hacking course. Read more

www.darkreading.com:
Bug Bounties Uncover 1 in 4 Microsoft Flaws. Read more

www.informationweek.com:
Yahoo Mail Worm May Be First Of Many As Ajax Proliferates. Read more

www.vnunet.com:
Police arrest two in Japan data theft case. Read more

www.redorbit.com:
Banks Increase Computer Controls: What's Going on With Data Security. Read more

news.zdnet.co.uk:
Cybercrime losses on the slide. Read more

www.sophos.com:
Coca Cola lottery notification email is not the real thing. Read more

. 17 June 2006

Guides, Papers, etc
www.theregister.co.uk:
A lesson in spyware. Read more

blogs.securiteam.com:
From Flaw to Exploit. Read more

dw.com.com:
Audio: Bill Gates has left the building. What's next for Microsoft with the upcoming departure of Mr. Bill? Listen

www.microsoft-watch.com:
Bill Gates' Legacy: Microsoft's Top 10 Flops. Read more

www.darkreading.com:
Social Engineering Gets Smarter. Read more

www.darkreading.com:
Vulnerability Two-Step. Read more

security.ithub.com:
Microsoft on Security: Pariah or Trendsetter? Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Cisco Secure ACS for UNIX Input Validation Flaw in 'LogonProxy.cgi' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Microsoft Excel Unspecified Flaw May Let Remote Users Cause Arbitrary Code to Be Executed. Read more

securitytracker.com:
wvWare wv2 Integer Overflow in Processing Word Documents Permits Code Execution. Read more

securitytracker.com:
Sun ONE/iPlanet Messaging Server 'msg.conf' Symlink Flaw Lets Local Users View Files. Read more

securitytracker.com:
Adobe Reader Has Unspecified Vulnerabilitie. Read more

securitytracker.com:
Chipmailer Input Validation Hole Permits Cross-Site Scripting Attacks and Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
CMS Mundo Input Validation Flaw Lets Remote Users Inject SQL Commands and Remote Authenticated Administrators Upload Arbitrary Code. Read more

securitytracker.com:
Horde Application Framework Multiple Input Validation Holes Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
DeluxeBB Input Validation Flaw Lets Remote Users Inject SQL Commands and Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
PicoZip 'zipinfo.dll' Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.zerodayinitiative.com:
Microsoft Internet Explorer UTF-8 Decoding Heap Overflow Vulnerability. Read more

 

News
www.securityfocus.com:
SCADA industry debates flaw disclosure. Read more

www.theregister.co.uk:
The Canonization of St.Bill. Read more

www.theregister.co.uk:
Yahoo! worst in China. Read more

europe.tiscali.co.uk:
Yahoo! Branded King of Censors. Read more

news.zdnet.com:
PayPal fixes phishing hole. Read more

software.silicon.com:
Yahoo! 'virus writer' claims he just wants a job. Read more

news.zdnet.com:
Data-thieving worm targets Orkut users. Read more

www.crn.com:
Microsoft Aims To Be At 'Forefront' Of Security. Read more

www.techworld.com:
Warning over effect of AJAX on security. Read more

www.siteadvisor.com:
The World Cup of Spyware. Read more

www.eweek.com:
IPv6 Still Gets No Respect in the United States. Read more

www.vnunet.com:
Hacker threat to web ad revenue. Read more

. 16 June 2006

Guides, Papers, etc
isc.sans.org:
Potential Patch Problem with MS06-025. Read more

blogs.securiteam.com:
New trojan exploits undocumented Excel flaw [UPDATED]. Read more

blogs.securiteam.com:
Phishing: Competing on Security. Read more

www.linuxjournal.com:
DNS: The Bind Leading the Bind. Read more

www.internetnews.com:
New Means To Root Out Malware. Read more

news.com.com:
Playing chess with hackers. Read more

news.com.com:
Why Microsoft won't miss Gates. Read more

money.cnn.com:
Why Ballmer should leave Microsoft. Read more

money.cnn.com:
How I Work: Bill Gates. Read more

blogs.zdnet.com:
How to jam your neighbor's Wi-Fi legally. Read more

www.newscientisttech.com:
The irresistible rise of cybersex. Read more

 

Tools:
www.insecure.org:
Nmap 4.10 Released. Read more

www.newsfactor.com:
Microsoft Launches New Webcams. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
HP Support Tools Manager Lets Local Users Deny Service. Read more

securitytracker.com:
PHP Input Validation Hole Permits Cross-Site Scripting Attacks and Other Bugs Have Unspecified Impact. Read more

securitytracker.com:
Artswrapper setuid() Failure Lets Local Users Gain Root Privileges. Read more

securitytracker.com:
KDE KDM Symlink Bug Lets Local Users View Files. Read more

securitytracker.com:
Symantec Security Information Manager Rule Transformation Function Grants Shell Access to Local Users. Read more

securitytracker.com:
Sendmail Excessive Recursion in Processing Malformed MIME Messages Lets Remote Users Deny Service. Read more

 

News
news.com.com:
Gates stepping down from full-time Microsoft role. Read more

www.theregister.com:
Attack code follows patch update. Read more

www.theregister.com:
Cybersquatters must be punished. Read more

software.silicon.com:
Kevin Mitnick has little sympathy for Nasa hacker. Read more

news.com.com:
Online threats outpacing law crackdowns. Read more

www.newsfactor.com:
Internet Phone Wiretaps Draw Fire. Read more

. 15 June 2006

Guides, Papers, etc
www.wired.com:
How to Foil Identity Thieves. Read more

catless.ncl.ac.uk:
How MS spyware could be used by hackers to disable systems. Read more

www.kaspersky.com:
Changes in the antivirus industry. Read more

www.eweek.com:
Huge Patch Day, Small Bombshell. Read more

www.itaa.org:
Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP. Read more

www.windowsecurity.com:
Group Policy Changes in Vista. Read more

www.sfgate.com:
Dispute charges at your peril. Read more

software.silicon.com:
Ill-gotten web gains falling further. Read more

news.com.com:
Kevin Mitnick, the great pretender. Read more

www.infoworld.com:
What users hate most about Web sites. Read more

 

Tools:
www.wilderssecurity.com:
WGA notification tool uninstaller (RemoveWGA.exe). Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Java Enterprise System (JES) Network Security Services (NSS) Memory Leak Lets Remote Users Deny Service. Read more

xforce.iss.net:
Vulnerability in Windows Media Player Could Allow Code Execution. Read more

 

News
Microsoft Security Bulletin MS06-011
Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798). Read more

www.theregister.co.uk:
MS June update fixes dangerous Word flaw. Read more

news.zdnet.com:
Attack code comes on heels of Microsoft patches. Read more

www.techworld.com:
VoIP wiretapping could lead to more problems. Read more

isc.sans.org:
E-mails with malicious links targeting Australia (NEW). Read more

www.it-observer.com:
The World Cup and Virus. Read more

katu.com:
Porn download at state office puts taxpayers at risk. Read more

news.zdnet.com:
Intel: Driver flaws no major threat, yet. Read more

online.wsj.com:
Seeking a Safer Internet. Read more

www.itwire.com.au:
Yahoo plugs email hole but web services issue highlighted. Read more

. 14 June 2006

Guides, Papers, etc
www.securityfocus.com:
Yahoo!, you've got worms. Read more

www.securityfocus.com:
Retain or restrain access logs? Read more

blogs.securiteam.com:
2005’s BlackHat books, got `em? Read more

blogs.securiteam.com:
Microsoft’s IE June Advisory Fixes 8 Vulnerabilities. Read more

www.regdeveloper.co.uk:
'Microsoft was caught stealing secrets from Borland'. Read more

www.kaspersky.com:
Changes in the antivirus industry. Read more

www.informationweek.com:
Software Bombs: Simply Tricky. Read more

no.spam.ee:
EXIF security problem. Read more

ddanchev.blogspot.com:
Web Application Email Harvesting Worm. Read more

www.informationweek.com:
Yahoo Mail Worm Harvesting Addresses. Read more

www.networkingpipeline.com:
The Inside Story of A Million-Dollar VoIP Scam. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Microsoft Windows Buffer Overflow in AOL ART Image Rendering Library Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Internet Explorer Multiple Memory and Access Control Errors Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Windows Buffer Overflow in TCP/IP Stack Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft RPC Mutual Authentication Bug Lets Remote Users Spoof Other Systems. Read more

securitytracker.com:
Windows Server Message Block Processing Bugs Let Local Users Gain Elevated Privileges or Deny Service. Read more

securitytracker.com:
Microsoft PowerPoint Buffer Overflow in Processing Malformed Records Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Windows 98 Graphics Rendering Engine Buffer Overflow in Processing WMF Images Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Windows Routing and Remote Access Service RPC Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Windows Media Player Buffer Overflow in Rendering PNG Images Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft JScript Memory Corruption Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
SixCMS Input Validation Holes Permit Cross-Site Scripting and Directory Traversal Attacks. Read more

securitytracker.com:
EvGenius Counter 'page' Parameter Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Microsoft Outlook Web Access Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
PictureDis Include File Flaw in 'lang' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
DoubleSpeak 'config[private]' Parameter Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
CreaFrameXe Missing Input Validation in 'search.cfm' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Cabacos Web CMS Input Validation Hole in Search Form Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
ZMS Search Feature Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
i.List Input Validation Holes in Search Function Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
HostAdmin 'path' Parameter Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
DreamAccount Include File Bug in 'auth.cookie.inc.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
PHP tempnam() Function Can Be Bypassed. Read more

securitytracker.com:
MyBB domecode() Input Validation Error Lets Remote Users Execute Arbitrary Code. Read more

 

News
Last night news came that former admin off SSGroup, Cool_Mofo_2 passed away.
He was involved in an accident at work in which he fell from some scaffolding and hit his head hard, he died last night.

news.zdnet.co.uk:
Microsoft plugs 21 security holes. Read more

www.theregister.co.uk:
PCs to developing world 'fuel malware'. Read more

www.theage.com.au:
Internet wiretaps pose risks, challenges: experts. Read more

www.telecomasia.net:
Virus plagues Internet users in Japan. Read more

www.newsfactor.com:
Vista Beta 2 Downloads Shaking the Internet. Read more

. 13 June 2006

Guides, Papers, etc
isc.sans.org:
Javascript/AJAX/Worm Like Behavior (NEW). Read more

blogs.zdnet.com:
Microsoft presses the Stupid button. Read more

www.sunbelt-software.com:
Sunbelt Software Announces Top Ten Spyware Threats for May. Read more

www.eweek.com:
Political Spam Comes with the Territory. Read more

searchsecurity.techtarget.com:
Security Blog Log: Confessions of a spam gangsta. Read more

blogs.msdn.com:
Reset Internet Explorer Settings. Read more

www.nashuatelegraph.com:
How to block those prying eyes online. Read more

english.ohmynews.com:
Hunting Spyware in Your PC: Part 2. Read more

www.informationweek.com:
IT Confidential: Adware Vs. Spyware: Who's Making The Money? Read more

www.infoworld.com:
Tackle malicious Web code without infecting yourself. Read more

 

Tools:
download.microsoft.com:
Windows Malicious Software Removal Tool, Progress Made, Trends Observed. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Joomla! 'includepath' Parameter Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
LogiSphere Web Service Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Snitz Forums Input Validation Flaw in 'inc_header.asp' Permits SQL Injection Attacks. Read more

securitytracker.com:
ImageVue 'admin/upload.php' Authentication Flaw Lets Remote Users Upload Arbitrary Files. Read more

 

News
news.bbc.co.uk:
Windows gets big security update. Read more

www.securityfocus.com:
Microsoft: Backdoors and bots most threatening. Read more

www.computerworld.com:
Microsoft finds malware on 5.7M tested PCs. Read more

www.theregister.co.uk:
Court says US gov can keep on snooping on VoIP calls. Read more

www.theregister.co.uk:
JavaScript worm targets Yahoo! Read more

www.theregister.co.uk:
Spyware dominates malware production efforts. Read more

www.linux-watch.com:
Big brother Microsoft is snooper than I thought. Read more

news.ft.com:
Microsoft limits online access to Vista. Read more

www.dailytech.com:
Hacker Steals Energy Department Employee Data. Read more

www.baselinemag.com:
Hackers: A Terrible Resource to Waste. Read more

www.communications-news.com:
MAJORITY OF BUSINESSES SUSCEPTIBLE TO DOS ATTACK OR HACKER INTRUSION. Read more

www.cio.in:
Security Industry Must "Grow Up," Says Research Firm. Read more

www.smh.com.au:
Japanese virus shares private info. Read more

www.theregister.co.uk:
Taiwan fingered as the hub of spam distribution. Read more

www.thechannelinsider.com:
Zero-Day Exploits Abound at Legitimate Web Sites. Read more

. 12 June 2006

Guides, Papers, etc
www.groklaw.ne:
Microsoft's Calling Home Problem: It's a Matter of Informed Consent. Read more

www.rootkit.com:
Kernel Object Hooking Rootkits (KOH Rootkits). Read more

www.benedelman.org:
Banner Farms in the Crosshairs. Read more

www.washingtonpost.com:
Video: Homeland Security Warns Against Anti-Piracy. Read more

blogs.securiteam.com:
MS06-015 Fiasco, Chapter Three. Read more

blogs.securiteam.com:
NTFS Streams: Rootkit In-the-WIld? Read more

fraudwar.blogspot.com:
Nigerian Scam Humor - At Least We Can Chuckle While They "Chop Our Dollars." Read more

 

Tools:
www.gmer.net:
GMER is an application that detects rootkits. Read more

 

Vulnerabilities & Exploits
www.securiteam.com:
Windows Restriction Local Policy Protection Bypass. Read more

www.securiteam.com:
Multiple Browsers File Upload Data Disclosure. Read more

securitytracker.com:
MailEnable Flaws Let Remote Users Write Files to Mailboxes and Remote Authenticated Users Gain Elevated Privileges. Read more

securitytracker.com:
Docebo Include File Flaw in GLOBALS['where_framework'] and GLOBALS['where_cms'] Parameters Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
EnterpriseTimeSheet and Payroll Include File Bug in 'absolutepath' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
AutoMate Buffer Overflow in 'unacev2.dll' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
SelectaPix Input Validation Flaws in 'albumID' and 'imageID' Parameters Permit Cross-Site Scripting and SQL Injection Attacks. Read more

securitytracker.com:
OfficeFlow Input Validation Holes Permit Cross-Site Scripting and SQL Injection Attacks. Read more

securitytracker.com:
VanillaSoft Helpdesk Missing Input Validation in 'default.asp' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
KAPhotoservice Missing Input Validation Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Cisco WebVPN Input Validation Hole in 'dnserror.html' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
NetBSD Input Validation Error in Parsing IPv6 Socket Options Lets Local Users Deny Service. Read more

securitytracker.com:
MiraksGalerie Include File Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Courier Mailing List Manager Lets Remote Users Deny Service. Read more

securitytracker.com:
Sun Grid Engine CSP Flaws Let Local Denial of Service or Access the Grid Service. Read more

securitytracker.com:
BloggIT 'admin.php' May Let Remote Users Gain Administrative Access. Read more

securitytracker.com:
Ingate SIParator Bugs Let Remote Users Deny Service and Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
Ingate Firewall Bugs Let Remote Users Deny Service and Conduct Cross-Site Scripting Attacks. Read more

 

News
www.theregister.co.uk:
Microsoft HPC set to take over the world, allegedly. Read more

blogs.technet.com:
Microsoft presenting at the Black Hat security conference in Las Vegas. Read more

www.newsfactor.com:
Hackers Aiming at Instant Messages. Read more

www.telegraph.co.uk:
Sophisticated surfers falling for criminals' fake websites. Read more

today.reuters.com:
Famed Microsoft blogger leaves for start-up. Read more

www.itwire.com.au:
Lure of the Chinese buck too much for Google. Read more

www.theregister.co.uk:
Researchers eye machines to tackle malware. Read more

www.vnunet.com:
Spoof Google email on the loose. Read more

. Guides, Papers, etc
www.insecuremagazine.com:
(IN)SECURE Magazine ISSUE 1.7 (June 2006).
Read more

www.darkreading.com:
The Case for Encryption. Read more

www.securitypronews.com:
Windows Genuine Spyware? Read more

security.ithub.com:
Big Microsoft Brother. Read more

msmvps.com:
Microsoft you are blowing the trust in patching.... Read more

www.mcpmag.com:
What’s the Real Impact of Windows Live OneCare? Read more

www.securitypronews.com:
Is Your Inbox Haunted By Ghosts? Read more

blogs.technet.com:
Windows 98, 98SE and ME: Information about Support Lifecycle and MS06-015. Read more

raldztech.blogspot.com:
Basic Things to Know When Switching to a Linux Desktop. Read more

english.ohmynews.com:
Hunting Spyware in Your PC. Read more

 

News
www.theregister.co.uk:
Microsoft's Patch Tuesday looks like a whopper. Read more

in.today.reuters.com:
Data on U.S. nuclear agency workers hacked - lawmaker. Read more

rdir.securitypronews.com:
Microsoft anti-piracy check accused of spying. Read more

security.ithub.com:
What's Genuine About Windows Genuine Advantage? Read more

www.techspot.com:
Microsoft will not fix security flaw in 98/ME. Read more

www.wired.com:
China Restores Google.com. Read more

news.tmcnet.com:
China walks out of meeting to resolve bitter feud over world wireless encryption standard. Read more

www.wired.com:
China Stands Firm on Censorship. Read more

security.ithub.com:
Zero-Day Exploits Abound at Legitimate Web Sites. Read more

www.iol.co.za:
Hackers vandalise 45 South African websites. Read more

www.wwltv.com:
Men arrested for soliciting minors over the Internet. Read more

weblog.johnlevine.com:
How much money do spammers make? Read more

www.redherring.com:
Google will roll out online payment system to compete with PayPal. Read more

. 09 June 2006

Guides, Papers, etc
www.newsforge.com:
Can the malware industry be trusted? Read more

www.securityfocus.com:
Researchers eye machines to analyze malware. Read more

www.darkreading.com:
Sophos Uses Same DNA Mapping as Trojan. Read more

www.uninformed.org:
Improving Automated Analysis of Windows x64 Binaries. Read more

www.uninformed.org:
What Were They Thinking? Read more

www.sabre-security.com:
Using SABRE BinDiff v1.6 for Malware analysis. Read more

www.amilabs.com:
Hack the MAC 802.11 Medium Access Control Protocol Exploit Analysis. Read more

www.computerworld.com:
The Top 5 Ways to Prevent IP Spoofing. Read more

www.csoonline.com:
Attack of the iPods! Read more

www.windowsecurity.com:
SPIKE and BURP for real world computer security usage (Part 2). Read more

www.eweek.com:
Bad Taste: Another Way ICANN Blew Domain Registration. Read more

www.computerworld.com:
VMWare eats Microsoft's lunch again, steals toys, cuts in line. Read more

www.evanwashere.com:
How Not to Steal a Sidekick. Read more

www.emailbattles.com:
How Tucows Helps A Spammer Cover His Tracks. Read more

 

Tools:
anchorfree.com:
AnchorFree Protects Wi-Fi Users by Releasing Hotspot Shield, a Free Wireless Internet Security Software Solution; Security VPN Addresses Concerns of Millions of Public Wi-Fi Users. Read more

 

News
www.theregister.co.uk:
Microsoft product phones home every day. Read more

seattlepi.nwsource.com:
Microsoft plans better disclosures for piracy monitoring tool. Read more

www.zdnet.com.au:
Legitimate 'rootkits' soften Vista security. Read more

www.theregister.co.uk:
Top of the sops. Read more

www.theregister.co.uk:
Firms still leaving door open to hackers. Read more

www.informationweek.com:
Nightmare On Wall Street: Prosecution Witness Describes 'Chaos' In UBS PaineWebber Attack. Read more

www.darkreading.com:
Vulnerability Crosses Browser Boundaries. Read more

www.wired.com:
Google Wrestles With Conscience. Read more

. 08 June 2006

Guides, Papers, etc
blogs.securiteam.com:
Noam’s equation. Read more

www.safehack.com:
A Security Bug ? (Or Feature) that affect PGP Virtual Disks & PGP SDA , PGP 8.x, 9.x and Truecrypt but for Truecrypt it is a documented FEATURE (Based on their answer). (Version 2). Read more

www.computerweekly.com:
Enforce your security plan. Read more

www.pcworld.com:
Keep It Secret, Keep It Safe. Read more

www.freesoftwaremagazine.com:
Secure your email communication with free software. Read more

www.eweek.com:
Lose My Data, Pay Me $1,000. Read more

www.darkreading.com:
Social Engineering, the USB Way. Read more

www.darkreading.com:
The Case for Encryption. Read more

www.ofzenandcomputing.com:
Get rid of Thumbs.db. Read more

 

Tools:
fileforum.betanews.com:
Microsoft Windows Vista (English 64-bit) Beta 2 beta. Read more

 

Vulnerabilities & Exploits
www.securiteam.com:
PGP Authentication and User Managment Bypass. Read more

lists.grok.org.uk:
file upload widgets in IE and Firefox have issues. Read more Charles

securitytracker.co:
ASP.NET Custom Error Mode Discloses Path to Remote Users. Read more

 

News
news.zdnet.co.uk:
Microsoft antipiracy tool 'acts like spyware'. Read more

lauren.vortex.com:
Windows XP Update May Be Classified As "Spyware". Read more

www.newsfactor.com:
New Flaw Hits Internet Explorer and Firefox. Read more

news.com.com:
Microsoft releases public download of Vista. Read more

www.techweb.com:
Microsoft Pulls PC-to-PC Sync From Vista. Read more

www.computerworld.com.au:
Microsoft to tweak key Vista security feature. Read more

edition.cnn.com:
Google co-founder: China censorship a compromise. Read more

www.internetnews.com:
Google Caught in China's Internet Blockade. Read more

news.com.com:
Adware makers 180solutions, Hotbar merge. Read more

news.com.com:
Hacker cracked Net phone networks for gain, feds say. Read more

www.infoworld.com:
Man charged with selling hacked VOIP services. Read more

www.vnunet.com:
Nigerian 419 scam moves to Scotland. Read more

www.theregister.co.uk:
ID fraudsters pose as online businesses. Read more

www.pcmag.com:
Security Watch: HP Driver Download Has Virus Bonus. Read more

www.vnunet.com:
Instant messaging attacks hit record levels. Read more

. 07 June 2006

Guides, Papers, etc
blogs.securiteam.com:
Disappearing Acts. Read more

isc.sans.org:
A malware jungle (NEW). Read more

www.rootkit.com:
Rootkits are not malware! Read more

www.darkreading.com:
The End of Security Appliances As We Know It? Read more

csrc.nist.gov:
Guide to IEEE 802.11i: Establishing Robust Security Networks. Read more

www.wired.com:
Google: Don't Not Be Evil. Read more

www.securitypronews.com:
Slaying The Beast... Defeating Spyware. Read more

blog.rwven.com:
Linux? Windows? Huh? Read more

www.informationweek.com:
Reliability Survey: Windows Servers Beat Linux Boxes. Read more

www.unixwiz.net:
SQL Injection Attacks by Example. Read more

blog.siteadvisor.com:
Summer Blockbusters: The Good, the Bad, the Dangerous. Read more

 

Tools:
freshmeat.net:
Zeppoo allows you to detect rootkits on the i386 architecture under Linux. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
SpamAssassin handle_user() Bug Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
D-Link DWL-2100ap Discloses Configuration File to Remote Users. Read more

securitytracker.com:
InternetDisk Lets Remote Users Execute Arbitrary PHP Code. Read more

securitytracker.com:
Syworks SafeNET Policy File Lets Local Users Deny Service. Read more

securitytracker.com:
myNewsletter Missing Input Validation in 'UserName' Parameter Permits SQL Injection Attacks. Read more

securitytracker.com:
SocketMail Include File Bug in 'site_path' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
LabWiki Input Validation Hole in 'search.php' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Kmita FAQ Permits Cross-Site Scripting and SQL Injection Attacks. Read more

securitytracker.com:
CyBoards PHP Lite Include File Bug in 'include/common.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Bookmark4U Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
TIBCO Hawk Monitoring Agent Buffer Overflow May Let Local Users Gain Elevated Privileges. Read more

 

News
today.reuters.com:
Personal data on 2.2 million troops stolen. Read more

today.reuters.com:
Google founder lobbies for net neutrality. Read more

www.freep.com:
EBay scam gets man 6 years. Read more

www.vnunet.com:
Ransomware variant on the prowl. Read more

www.vnunet.com:
Domain 'kiting' threat on the rise. Read more

australianit.news.com.au:
Hacker hunt continues. Read more

sunbeltblog.blogspot.com:
PornMagPass -- your pass to hell. Read more

. Guides, Papers, etc
www.microsoft.com:
Learn how the right user account can help your computer security.
Read more

www.pcworld.com:
The Safest Way to Run Suspicious Programs. Read more

www.securityfocus.com:
Browsers, phishing, and user interface design. Read more

www.myantispyware.com:
A popular way for push exploit to your PC. Read more

searchsecurity.techtarget.com:
Security without firewalls: Sensible or silly? Read more

www.linux-watch.com:
Face It: Linux Is Insecure. Read more

www.eweek.com:
OneCare Seals the End of a Security Era. Read more

www.washingtonpost.com:
Online and in Your Face. Read more

isc.sans.org:
Non-standard Incident Prediction. Read more

www.sans.org:
Alternate Data Streams: Out of the Shadows and into the Light. Read more

ddanchev.blogspot.com:
Skype as the Attack Vector. Read more

www.esecurityplanet.com:
Let's Practice What We Preach. Read more

www.f-secure.com:
OpenOffice Security. Read more

www-128.ibm.com:
Inside the Linux boot process. Read more

www.internetnews.com:
Security Software Gains Many Facets. Read more

smallworldpodcast.com:
Audio: Shadow Crew! Credit Card Crimes. Read more

 

Tools:
www.ethicalhacker.net:
Essential Wireless Hacking Tools. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
LocazoList Classifieds Input Validation Hole in 'viewmsg.asp' Permits SQL Injection Attacks. Read more

securitytracker.com:
DokuWiki Spellchecking Backend Lets Remote Users Code Execution. Read more

securitytracker.com:
dotWidget CMS Include File Flaw in 'file_path' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Quake 3 Buffer Overflow in CL_ParseDownload() Permits Remote Code Execution. Read more

securitytracker.com:
CoolForum Missing Input Validation in 'editpost.php' Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Pixelpost Input Validation Holes in 'category' and 'archivedate' Parameters Permit SQL Injection Attacks. Read more

securitytracker.com:
MySQL Error in Parsing Multibyte Encoded Data in mysql_real_escape() Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Sun StorADE Unsafe File Permissions Let Local Users Gain Root Privileges. Read more

securitytracker.com:
Mozilla Thunderbird Bugs Permit Arbitrary Code Execution, Cross-Site Scripting, and HTTP Response Smuggling. Read more

securitytracker.com:
REDAXO Include File Bug in 'REX[INCLUDE_PATH]' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
CodeAvalanche FreeForum Input Validation Hole Permits SQL Injection Attacks. Read more

securitytracker.com:
oaboard Include File Flaw in 'inc' Parameter Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.terra.net.lb:
Filesharers hit back as Swedish police probe web attacks. Read more

software.silicon.com:
'Ransomware' hackers to go unpunished? Read more

australianit.news.com.au:
Microsoft takes on net nasties. Read more

www.theregister.co.uk:
Ransomware Trojan cracked. Read more

www.it-observer.com:
Virus Tricks Users Into Buying Rogue AntiVirus. Read more

money.cnn.com:
Small businesses vs. cybercrooks. Read more

www.technewsworld.com:
Customer Data in Jeopardy After Hotels.com Security Breach. Read more

edition.cnn.com:
Study: Companies snooping on employee e-mail. Read more

www.vnunet.com:
Mozilla confident of security lead over Microsoft. Read more

www.technewsworld.com:
Mozilla Fixes 12 Flaws in Firefox Browser. Read more

business.newsforge.com:
A degree in hacking. Read more

www.adtmag.com:
Spam-spyware combo will spawn targeted attack tools. Read more

redtape.msnbc.com:
'I JUST BOUGHT YOUR HARD DRIVE'. Read more

. 04 June 2006

Check out the New Trojans of May here

 

Guides, Papers, etc
www.securityfocus.com:
Microsoft defends Vista by mixing up memory. Read more

tech.monstersandcritics.com:
Windows Vista - Much to learn, much to like. Read more

www.windowsecurity.com:
Calamitous Cryptography: The Extortoise and the Haregretful. Read more

www.scientificamerican.com:
Dependable Software by Design. Read more

www.esecurityplanet.com:
Post-Encryption Security Read more

 

Vulnerabilities & Exploits
Microsoft Security Advisory (919637)
Vulnerability in Word Could Allow Remote Code Execution. Read more

securitytracker.com:
SquirrelMail Include File Bug May Let Remote Users Access Files on the Target System. Read more

securitytracker.com:
ByteHoard Include File Bug in 'bhfilepath' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Quagga Bugs Let Remote Users Obtain or Modify Routing Information and Local Users Deny Service. Read more

securitytracker.com:
Dia Format String Bugs May Let Users Execute Arbitrary Code. Read more

securitytracker.com:
Mozilla Firefox Bugs Permit Arbitrary Code Execution, Cross-Site Scripting, and HTTP Response Smuggling. Read more

securitytracker.com:
phpMyDesktop|Arcade Missing Input Validation in 'index.php' in Several Parameters Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
VMware Server Stores Passwords in Memory. Read more

securitytracker.com:
pppBLOG Input Validation Flaw in 'randompic.php' Script in the 'files' Array Permits Directory Traversal Attacks. Read more

 

News
www.theregister.co.uk:
Piratebay operators hope to win compensation. Read more

www.thechannelshow.com:
Spam and Virus statistics: May 2006. Read more

www.informationweek.com:
Circuit City Fixes Forum Flaw That Infected IE Users. Read more

www.technewsworld.com:
Sophos Cracks Archiveus Ransomware Code. Read more

news.com.com:
Week in review: Keeping watch over Web surfing. Read more

www.technewsworld.com:
E-Commerce: Putting the Trust Back Online. Read more

news.com.com:
Dotster named in massive cybersquatting suit. Read more

www.baselinemag.com:
LexisNexis in the Security Hot Seat. Read more

www.informationweek.com:
PaineWebber Systems Admin Faces Trial For Computer Sabotage. Read more

today.reuters.co.uk:
Study finds companies snooping on employee e-mail. Read more

. 02 June 2006

Guides, Papers, etc
news.zdnet.co.uk:
Vista plays hide-and-seek with hackers. Read more

www.windowsitpro.com:
Windows Vista: Advancements On The Security Front. Read more

www.computerworld.com:
Visual Tour: 20 Things You Won't Like About Windows Vista. Read more

www.ecoustics.com:
Mobile Computing News, Reviews, & Tips. Read more

www.it-observer.com:
Can Easy To Use Software Also Be Secure. Read more

 

Vulnerabilities & Exploits
isc.sans.org:
Invision Board being exploited. Read more

securitytracker.com:
F-Secure Internet Gatekeeper Buffer Overflow in Web Console May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
F-Secure Anti-Virus for Microsoft Exchange Buffer Overflow in Web Console May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
QontentOne 'search.php' Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
FreeBSD smbfs '..\' Input Validation Hole Lets Users Traverse the Directory. Read more

securitytracker.com:
FreeBSD ypserv Does Not Properly Enforce 'securenets' Access Controls. Read more

securitytracker.com:
Snort Lets Remote Users Bypass 'uricontent' Rules. Read more

securitytracker.com:
HITSENSER3 Input Validation Flaws Let Remote Users Inject SQL Commands to Bypass Authentication. Read more

 

News
www.theregister.co.uk:
Ernst & Young laptop loss exposes 243,000 Hotels.com customers. Read more

www.theregister.co.uk:
Nominet warns on Whois data mining. Read more

blogs.zdnet.com:
300+ Bank homepages hacked and redirected! Read more

www.zone-h.org:
Music Companies under hackers’ fire. Read more

www.securityfocus.com:
Cybersecurity contests go national. Read more

news.bbc.co.uk:
Extortion virus code gets cracked. Read more

online.wsj.com:
Codes on Sites 'Captcha' Anger of Web Users. Read more

www.iht.com:
Mob rule on China's Internet: The keyboard as weapon. Read more

www.theregister.co.uk:
Spam deluge eclipses email virus threat. Read more

www.terra.net.lb:
Security software sales tipped at 1.7 billion dollars in 2010: IDC. Read more

www.itnews.com.au:
Gartner: Skype bugs bad news for enterprise. Read more

www.informationweek.com:
Flaw Discovered In Snort Intrusion Prevention Software. Read more

software.silicon.com:
Rising IM use poses corporate security risk. Read more

blogs.zdnet.com:
Hackers working hard to circumvent Microsoft's anti-piracy tech. Read more

blogs.zdnet.com:
Customer Support Issues Will Kill OneCare. Read more

news.yahoo.com:
Couple's Supposedly Destroyed Hard Drive Purchased In Chicago. Read more

. 01 June 2006

Guides, Papers, etc
www.wired.com:
Make Vendors Liable for Bugs. Read more

www.destinationcrm.com:
How Many Clicks Does a Click Fraud Make? Read more

www.esecurityplanet.com:
Armor Your Windows Host: Three Easy Registry Hacks. Read more

www.internetnews.com:
Security Software Gains Many Facets. Read more

www.technewsworld.com:
E-Commerce: Putting the Trust Back Online. Read more

ddanchev.blogspot.com:
Healthy Paranoia. Read more

www.darkreading.com:
When Your Vendor Is Your Problem. Read more

edition.cnn.com:
Caught up in the 'Net. Read more

www.zdnetasia.com:
Use virtual honeynets to stop intruders. Read more

www.worthplaying.com:
New Firewall & Virus Protection Specifically for Online Gamers. Read more

blogs.zdnet.com:
Spyware pushers tricks of the trade or how to trash a machine with one bundle of spyware. Read more

www.mybroadband.co.za:
The evolution of threats. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
gnopaste 'root_path' Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
aMule Discloses Images and HTML/PHP Files to Remote Users. Read more

securitytracker.com:
C5 Enterprise Vulnerability Management Bugs Let Remote Users Access the System, Execute Arbitrary Code, Monitor Communications, and Deny Service. Read more

securitytracker.com:
vCard 'toprated.php' and 'newcards.php' Input Validation Holes Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
Chipmunk CMS Missing Input Validation in 'forumID' Parameter Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
JIWA Financials Lets Authenticated Users Execute Arbitrary Reports and Obtain Passwords. Read more

securitytracker.com:
PhpMyDesktop|arcade Include File Bug in 'subsite' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
WebCalendar Include File Bug in 'includes/config.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Open Searchable Image Catalogue Input Validation Holes Permit Cross-Site Scripting and SQL Injection Attacks. Read more

 

News
www.securityfocus.co:
McAfee, Symantec target Microsoft's OneCare. Read more

www.theregister.co.uk:
Microsoft's OneCare virus eater goes live. Read more

news.zdnet.co.uk:
Gartner warns on Skype vulnerability. Read more

www.theregister.co.uk:
Police investigate angry eBayer's revenge site. Read more

www.theregister.co.uk:
Online attack holds files to ransom. Read more

www.rochdaleobserver.co.uk:
Code cracker foils Russian criminals. Read more

news.com.com:
Terrorism invoked in ISP snooping proposal. Read more

news.com.com:
Industry, others object to data retention. Read more

www.networkworld.com:
FBI special agent recounts outsourcing horror story. Read more

www.securitypark.co.uk:
Significant drop in viruses indicates a change in tactics for criminals. Read more

news.bbc.co.uk:
Woman targeted by web hackers. Read more

sunbeltblog.blogspot.com:
Will 180solutions buy Hotbar? Read more

www.pandasoftware.com:
PandaLabs detects DigiKeyGen, a new spyware program that blackmails users. Read more

www.itworld.com:
Even the Builders of Windows Find Tech Support a Challenge. Read more

www.vnunet.com:
Consumers blind to phishing and malware. Read more

www.informationweek.com:
VA Had Many Security Warnings Before Its 26.5 Million-Person Breach. Read more

www.informationweek.com:
Trojan ID Thieves Pose As Microsoft Patches. Read more

www.watchguard.com:
Hackers surreptitiously track MySpace users. Read more

www.pcadvisor.co.uk:
'Yapbrowser' reappears online. Read more

www.newsfactor.com:
Brits Break Records on Porn Downloads. Read more


Copyright© MegaSecurity.org