Home    News Archive    Translate Traducen
News July 2007
31 July 2007

Guides, Papers, etc
www.benedelman.org:
Zango Practices Violating Zango's Recent Settlement with the FTC. Read more

www.f-secure.com:
Testing a Bluetooth worm against the E90 Communicator. Read more

isc.sans.org:
An inside look at a targeted attack. Read more

sunbeltblog.blogspot.com:
More fake "double-V" domains popping up... Read more

fergdawg.blogspot.com:
Let's Be Careful Out There: Bogus Windows Domains. Read more

developer.mozilla.org:
Firefox 2.0.0.4 and Firefox 1.5.0.12 Security and Stability Update. Read more

www.darkreading.com:
Black Hat: How to Hack IPS Signatures. Read more

www.darkreading.com:
Fighting Forensics. Read more

www.darkreading.com:
BreakingPoint Offers Same-Day 0-Days. Read more

www.blackhat.com:
Black Hat USA 2007 Topic descriptions are listed alphabetically by speaker. Read more

www.eweek.com:
Malware in Ads Is an Old Story. Read more

www.insecuremag.com:
(IN)SECURE Magazine issue 12 has been released. Read more

www.symantec.com:
300-Day Attacks. Read more

Senior News Writer Bill Brenner interviews Billy Hoffman,
a researcher with SPI Dynamics about Ajax application threats and previews Hoffmans Black Hat presentation. Listen

www.youtube.com:
The Story of DEFCON. Watch

 

Vulnerabilities & Exploits
ha.ckers.org:
Achievo XSS And Other Stuff. Read more

securitytracker.com:
KDE kpdf/xpdf Integer Overflow in StreamPredictor() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Asterisk IAX2 Channel Driver Resource Consumption Bug Lets Remote Users Deny Service. Read more

 

News
www.securityfocus.com:
Bug finders start awards of their own. Read more

www.theregister.co.uk:
Mario worm targets retro gamers. Read more

www.techworld.com:
Symantec's 'Dark Vision' trawls Internet for stolen data. Read more

www.theregister.co.uk:
VXers publish blog poisoning tool. Read more

www.computerworld.com:
Botnets identified and blocked with new hosted service. Read more

www.techworld.com:
Researchers blow open Vista's kernel security. Read more

blogs.zdnet.com:
Google hires browser hacking guru. Read more

en.rian.ru:
Russian hackers steal over $500,000 from Turkish banks. Read more

www.guardian.co.uk:
Lords to hear 'hacker' appeal. Read more

www.vnunet.com:
Hacker McKinnon wins final appeal. Read more

30 July 2007

Guides, Papers, etc
www.f-secure.com:
Another Messenger worm spreading. Read more

isc.sans.org:
Blacklists - make the right choice. Read more

sunbeltblog.blogspot.com:
Exclusive podcast: "This may well be the biggest telemarketing fraud I've ever seen". Read more

ddanchev.blogspot.com:
World of Warcraft Domain Scam. Read more

ddanchev.blogspot.com:
The IcePack Malware Kit in Action. Read more

ddanchev.blogspot.com:
Shark2 - RAT or Malware? Read more

www.cisrt.org:
IRCbot.acd variant outbreak. Read more

www.computerworld.com:
FAQ: What we know (now) about the FBI's CIPAV spyware. Read more

www.computerworld.com.au:
The booming hacking business. A dramatic increase in hacking. Read more

www.washingtonpost.com:
Set a Hacker Alarm on Your Web Mail Box. Read more

blogs.securiteam.com:
www-microsoft.com… www.microspft.com… old-fashioned - the newest trend is vvindowsupdate.com. Read more

addxorrol.blogspot.com:
I've been denied entry to the US essentially for carrying my trainings material. Wow. Read more

dvlabs.tippingpoint.com:
Zero Day Initiative (ZDI). Read more

 

Tools:
www.irnis.net:
Advanced CheckSum Verifier (ACSV) v1.5.0. Read more

www.gmer.net:
GMER is an application that detects and removes rootkits. Read more

www.opendns.com:
OpenDNS is a safer, faster, smarter and more reliable way to navigate the Internet. Read more

 

News
www.securityfocus.com:
German security pro barred from U.S. Read more

www.techworld.com:
IM attacks on the rise. Read more

blogs.zdnet.com:
Realtek network driver silently corrupts data. Read more

28 July 2007

Guides, Papers, etc
www.f-secure.com:
Spam with XLS attachments. Read more

isc.sans.org:
Con-fu revisited. Read more

isc.sans.org:
Malware e-mail with Angelina Jolie temptation. Read more

www.symantec.com:
Driver Signing on Vista 64-bit – Using the Process against Itself. Read more

www.cisrt.org:
Crazy spams, Crazy fungame.zip. Read more

www.darkreading.com:
Open Source Bots. Read more

www.darkreading.com:
Virtualization's New Benchmark. Read more

www.darkreading.com:
Aflac Loses Data on 152,000. Read more

www.darkreading.com:
Attack of the Black Hats. Read more

www.darkreading.com:
Hey, Hacker, Get Offa My Cloud! Read more

dvlabs.tippingpoint.com:
Delving into the Gyring World of Botnets. Read more

msmvps.com:
The dangers of experimenting with online advertising... Read more

erratasec.blogspot.com:
Inverse Steganography. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Yahoo! Widgets Buffer Overflow in 'YDPCTL.dll' ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Novell Client 'NWSPOOL.DLL' Buffer Overflow Has Unspecified Impact. Read more

securitytracker.com:
Nessus ActiveX Control Lets Remote Users Delete Files. Read more

securitytracker.com:
IBM AIX pioinit Lets Local Users Replace a File to Execute Arbitrary Code with Root Privileges. Read more

securitytracker.com:
IBM AIX Buffer Overflow in lpd Command Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
IBM AIX pioout Command Lets Local Users Load and Execute Arbitrary Code. Read more

securitytracker.com:
IBM AIX Buffer Overflow in ftp Command Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
IBM AIX Buffer Overflow in capture Command Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
IBM AIX Buffer Overflow in arp Command Lets Local Users Gain Elevated Privileges. Read more

 

News
blog.wired.com:
CA Releases Results of Red-Team Investigation of Voting Machines: All Three Systems Could Be Compromised. Read more

news.com.com:
Study: Internet censorship spreading. Read more

www.securityfocus.com:
Freelance flaw finders: 20-something and ethical. Read more

www.computerworld.com:
Well-wrought e-mail scams target deep-pocketed victims. Read more

www.techspot.com:
Largest ransomware trojans stem from the same source. Read more

resources.zdnet.co.uk:
Locating the real threats to corporate security. Read more

seattletimes.nwsource.com:
Trial of "spam king" postponed until January. Read more

27 July 2007

Guides, Papers, etc
blogs.pandasoftware.com:
Ice(Pack) for the summer. Read more

ip.securescience.net:
The Evolution of GPCode/Glamour RansomWare. A file-encrypting information stealer. Read more

ddanchev.blogspot.com:
More Malware Crypters for Sale. Read more

ddanchev.blogspot.com:
Cyber Jihadists' and TOR. Read more

sunbeltblog.blogspot.com:
Seen in the wild: Zango advertising on Yahoo. Read more

sunbeltblog.blogspot.com:
Well this is suspicious. Read more

sunbeltblog.blogspot.com:
DollarRevenue's back. Read more

www.symantec.com:
SPAM to Exploit? Read more

www.sophos.com:
Life isn't beautiful - spammed out screensaver installs rootkits and Trojan horse. Read more

ha.ckers.org:
Ha.ckers.org Blackhat Challenge. Read more

blogs.msdn.com:
Iron Chef BlackHat: Fast food but fully baked? Read more

www.robertlemos.com:
MPack interview chat sessions posted. Read more

www.darkreading.com:
Third Parties Fumble Data Handoffs. Read more

www.darkreading.com:
Startup to Take on PayPal. Read more

www.darkreading.com:
It's More Than JavaScript. Read more

www.hardwarezone.com:
Record Number of Web-Borne Attacks in 2007. Read more

www.infoworld.com:
Recovering from identity theft. Read more

www.tssci-security.com:
Interview with Richard Bejtlich — GE Director of Incident Response. Read more

aolradio.podcast.aol.com:
Audio: Security Now 102: Mail Bag #1. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
Solaris lbxproxy Lets Local Users View Portions of Certain Files. Read more

securitytracker.com:
BakBone NetVault Report Manager Buffer Overflow. Read more

securitytracker.com:
RSHD Stack Overflow Lets Remote Users Execute Arbitrary Code. Read more

 

Tools:
securescience.net:
Decoder for RansomWare. Read more

www.microsoft.com:
Microsoft Debugging Tools for Windows NT/2000/XP/2003/Vista 6.7.5.1. Read more

 

News
www.theregister.co.uk:
Microsoft challenges Google with uber search center. Read more

www.computerworld.com:
With Black Hat approaching, a rush to patch iPhone. Read more

www.signonsandiego.com:
Online scam artists increasingly using fake government e-mails to commit fraud. Read more

www.technewsworld.com:
Cybercrime Costs US Economy at Least $117B Each Year. Read more

www.usatoday.com:
Beware fake e-mails from FTC, IRS. Read more

www.startribune.com:
Some allege Geek Squad agents copy your files. Read more

26 July 2007

Guides, Papers, etc
www.securityfocus.com:
Firm finds new danger in dangling pointers. Read more

isc.sans.org:
E-cards don’t like virtual environments. Read more

ddanchev.blogspot.com:
Confirm Your Gullibility. Read more

www.f-secure.com:
Coming Soon: Reverse Engineering Khallenge. Read more

www.f-secure.com:
Funny.zip. Read more

blog.trendmicro.com:
Updating VVindows. Read more

www.darkreading.com:
Hacking Without Exploits. Read more

www.darkreading.com:
What DNS Pinning Means to You. Read more

www.darkreading.com:
New Tool Automates Spam. Read more

www.darkreading.com:
P2P: Unpatriotic? Read more

www.darkreading.com:
Putting Security in the Trash. Read more

www.eweek.com:
Why Is Uncle Sam Dictating .Us Policy? Read more

www.wired.com:
July 26, 1989: First Indictment Under Computer Fraud Act. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Aruba Mobility Controller Input Validation Hole in Login Page Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Novell GroupWise Mobile Server Bugs Permit Denial of Service and Cross-Site Scripting Attacks. Read more

securitytracker.com:
Kerio MailServer Unspecified Bug in Attachment Filter Has Unspecified Impact. Read more

securitytracker.com:
Sun Java System Application Server Discloses JSP Source Code to Remote Users. Read more

securitytracker.com:
Borland InterBase Buffer Overflow in Processing 'Create' Requests Let Remote Users Execute Arbitrary Code.

securitytracker.com:
eTrust Antivirus Bugs in Arclib Library Let Remote Users Deny Service. Read more

securitytracker.com:
eTrust Admin Buffer Overflow in Message Queuing Component Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
IBM WebSphere Input Validation Hole in Sample Application Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
eTrust Intrusion Detection Buffer Overflow in 'caller.dll' ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Panda AdminSecure Integer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Cisco Wireless LAN Controller ARP Processing Lets Remote Users Deny Service. Read more

 

Tools:
databasement.net:
LocalRodeo - Client-side protection against JavaScript Malware. Read more

thinkabdul.com:
Ten Free Services To Send Self-Destructing Emails Which Expire/Disappear Automatically After Specified Time Interval. Read more

 

News
www.computerworld.com:
Black Hat: Researchers say forensics software can be hacked. Read more

25 July 2007

Guides, Papers, etc
www.theage.com.au:
From Russia with malice: criminals trawl the world. Read more

www.trusteer.com:
BIND 9 DNS Cache Poisoning. Read more

dvlabs.tippingpoint.com:,br> Step by Step of How TPTI-07-013 was Discovered. Read more

isc.sans.org:
A Word to the Wise - SPIM Flood. Read more

isc.sans.org:
Port 57886 Activity. Read more

isc.sans.org:
BIND cache poisoning vulnerability details released. Read more

www.cisrt.org:
Another variant, IM-Worm.Win32.Agent.g. Read more

www.gnucitizen.org:
Attack of the URL Vulnerabilities. Read more

www.avertlabs.com:
PDF spammers already moving on to other filetypes, currently .XLS. Read more

sunbeltblog.blogspot.com:
Realtor.com promoting malware? Read more

sunbeltblog.blogspot.com:
Looking for another senior antimalware rockstar. Read more

www.darkreading.com:
Banks Lag in Strong Authentication. Read more

www.darkreading.com:
Help Wanted: ID Theft Victims. Read more

www.darkreading.com:
Saving Face. Read more

apcmag.com:
Why I quit: kernel developer Con Kolivas. Read more

blogs.securiteam.com:
“so who’s your favorite?” Read more

blogs.securiteam.com:
Video: iPhone vulnerability video on YouTube. Read more

www.computerworld.com:
What it took to hack the iPhone. Read more

www.youtube.com:
Video: RSR (Really Simple Reversing). Watch

podcasts.sophos.com:
Audio: Graham Cluley interviewed about the Sophos Security Threat Report July 2007. Listen

lifehacker.com:
Hide data in files with easy steganography tools. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Secure Computing SecurityReporter Directory Traversal Bug in 'file.cgi' Discloses Files to Remote Users. Read more

securitytracker.com:
BIND Generates Predictable Query IDs That May Facilitate Cache Poisoning Attacks. Read more

securitytracker.com:
BIND Weak Default Access Control Lists Let Remote Users Make Recursive Queries or Query the Cache. Read more

securitytracker.com:
Ipswitch Instant Messaging Lets Remote Users Deny Service. Read more

 

Tools:
psi.secunia.com:
Personal Software Inspector (PSI) - Secunia. Read more

 

News
www.vnunet.com:
Researchers blast TRUSTe on user privacy. Read more

news.com.com:
Congress: P2P networks harm national security. Read more

www.theregister.co.uk:
Mozilla confirms own URL handling bug. Read more

www.esecurityplanet.com:
Mozilla Firefox Still At Risk. Read more

www.computerworlduk.com:
Researchers: forensic software can be hacked. Read more

www.vnunet.com:
Infected web sites up six-fold. Read more

www.computeractive.co.uk:
Websites preferred means of attack for cyber-criminals. Read more

www.zdnet.com.au:
Consumer advocates to fight NZ Banking code. Read more

www.theregister.co.uk:
Microsoft, Feds, and Chinese authorities seize $2bn in pirated software. Read more

ID thief in the doghouse after puppy scam. Read more

www.theregister.co.uk:
MySpace erases 29,000 sex offenders. Read more

www.vnunet.com:
Survey highlights new child porn danger. Read more

24 July 2007

Guides, Papers, etc
www.securityevaluators.com:
Security Evaluation of Apple’s iPhone. Read more

www.heise-security.co.uk:
Firefox Browsercheck Password stealing. Read more

www.f-secure.com:
Bulletproof Hosting Read more

www.eweek.com/:
Java Exploits on the Rise. Read more

blog.wired.com:
ISP Seen Breaking Internet Protocol to Fight Zombie Computers -- Updated. Read more

blogs.securiteam.com:
DOC spam. Read more

blogs.securiteam.com:
Foxnews to become wikinews? Read more

isc.sans.org:
Mailbag (iPhone/Firefox/Citrix CAG vulnerabilities). Read more

www.cisrt.org:
summer2008.zip, IRC-Worm.Win32.Agent.a. Read more

www.darkreading.com:
Picture Your Password. Read more

www.darkreading.com:
Pointing to Danger. Read more

www.darkreading.com:
The Morning After. Read more

arstechnica.com:
New Trojans: give us $300, or the data gets it! Read more

www.chron.com:
Phishing researchers play bad guy. Read more

 

Vulnerabilities & Exploits
www.frsirt.com:
Norman Virus Control Multiple Code Execution and Denial of Service Vulnerabilities. Read more

www.frsirt.com:
NOD32 Multiple File Handling Code Execution and Denial of Service Vulnerabilities. Read more

www.frsirt.com:
Panda Antivirus Products EXE File Handling Remote Buffer Overflow Vulnerability. Read more

www.frsirt.com:
Symantec Discovery Insecure File Permissions Local Privilege Escalation Issue. Read more

blog.mozilla.com:
Related Security Issue in URL Protocol Handling on Windows. Read more

securitytracker.com:
Safari and iPhone MobileSafari Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.freep.com:
Hacker accesses personal information from U-M databases. Read more

www.securityfocus.com:
Browser flaw opens iPhone to attack. Read more

searchsecurity.techtarget.com:
New hacking technique exploits common programming error. Read more

www.networkworld.com:
Cybercrime is overpowering the system. Read more

news.bbc.co.uk:
Search sites tackle privacy fears. Read more

www.technewsworld.com:
Microsoft Joins Privacy Parade. Read more

www.wftv.com:
Man Watches Burglary In His Home On Webcam. Read more

23 July 2007

Guides, Papers, etc
isc.sans.org:
Antivirus: The emperor is naked. Read more

isc.sans.org:
Recent change in Stock-Spam Tactics (PDF and excel). Read more

www.websense.com:
NTOS.EXE : Analysis of the "Ransom Encryption". Read more

blog.trendmicro.com:
Simpson Spam Comes to an Inbox Near You. Read more

www.cs.indiana.edu:
Phishing with Consumer Electronics: Malicious Home Routers. Read more

www.ravenwhite.com:
Invasive Browser Sniffing and Countermeasures. Read more

www.forbes.com:
Are Your Strokes Safe? Read more

www.24-7pressrelease.com:
Identity Theft Expert and Speaker on Personal Security Says Laptop Computers Need Security Technology Similar to What Is Already Available on Handhelds. Read more

www.publictechnology.net:
Second-hand computers still an ID fraudster's tool. Read more

computerworld.co.nz:
Student ‘war driver’ finds business lags on wireless network security. Read more

www.computerworld.com:
Your boss is spying on you right now. What can you do about it? Read more

www.viruslist.com:
Who Writes Malicious Programs and Why? Read more

reviews.cnet.co.uk:
Firefox Lite: Old PCs can crush IE. Read more

www.gnucitizen.org:
Snoop onto Them as they Snoop onto us. Read more

www.newsfactor.com:
You Have Mail... Way Too Much! Read more

www.geekwithlaptop.com:
Crack Windows Passwords. Read more

news.com.com:
Digital kidsKids say e-mail is, like, soooo dead. Read more

 

Tools:
www.computerworld.com:
15 free security programs that work. Read more

 

News
news.com.com:
Search engines race to update privacy policies. Read more

www.nytimes.com:
IPhone Flaw Lets Hackers Take Over, Security Firm Says . Read more

www.whitedust.net:
United States Government Online Watchdogs? Part of the war on terror? Read more

www.vnunet.com:
Malware piggy-backs on job ads. Read more

www.smh.com.au:
3 hackers who hit Thai ministry's Web site sought. Read more

www.eweek.com:
Potter Publisher Sues Book-Leaking Plot Spoilers. Read more

21 July 2007

Guides, Papers, etc
www.securityfocus.com:
Newsmaker: DCT, MPack developer. Read more

blogs.pandasoftware.com:
More about Mpack. Read more

blogs.pandasoftware.com:
More about Mpack (II). Read more

www.heise-security.co.uk:
Holes in Firefox password manager [Update]. Read more

sunbeltblog.blogspot.com:
comScore gets a spanking. Read more

blog.truste.org:
RelevantKnowledge Removed from TDP White List for Three Months. Read more

www.avertlabs.com:
Security Cost of Social Computing. Read more

www.net-security.org:
Information on Pinch tool for creating custom Trojans. Read more

blogs.ittoolbox.com:
Catching up. Read more

blog.trendmicro.com:
June Malware Roundup. Read more

blog.spywareguide.com:
Security Attacks On The Rise in IM and P2P Channels. Read more

blog.spywareguide.com:
Fresh From The Mailbox. Read more

www.technewsworld.com:
Meet the New Bad Guys: Hired Guns, Zero-Minutes and Malware 2.0. Read more

www.darkreading.com:
Research Run. Read more

www.darkreading.com:
New Tool Eases CSRF Bug Discovery. Read more

www.darkreading.com:
Keepers Finders. Read more

blogs.technet.com:
Coming Soon: MSRC and Microsoft at BlackHat Las Vegas 2007. Read more

www.techworld.com:
What search engines store about you. Read more

www.insecuremag.com:
(IN)SECURE Magazine. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Citrix Access Gateway Unspecified Bugs Let Remote Users Execute Arbitrary Code, Access Active Sessions, Make Configuration Changes, and Redirect Web Users. Read more

securitytracker.com:
Tcpdump Buffer Overflow in 'print-bgp.c' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
IBM Lotus Notes Debug Function Discloses Passwords to Administrative Users. Read more

securitytracker.com:
JWIG Template Fetching Loops Can Be Exploited By Remote Users to Deny Service. Read more

 

News
www.upi.com:
Many jihadist Web sites hosted in U.S. Read more

www.itpro.co.uk:
Simpsons spam and Potter worms flood web. Read more

www.theregister.co.uk:
Hackers saw through iPhone AT&T shackles. Read more

cnews.canoe.ca:
Ontario SIU's web site 'hacked'. Read more

gizmodo.com:
Gang Kidnaps Gamer to Get Password Using Fake Orkut Date. Read more

www.reuters.com:
Pupils browse porn on donated laptops. Read more

www.newsfactor.com:
Unbeatable Checkers App 'Chinook' Solves the Game. Read more

20 July 2007

Guides, Papers, etc
reviews.cnet.com:
Here's looking at you, gangsta. Read more

www.vitalsecurity.org:
The Hunt for YoGangsta50. Read more

www.vitalsecurity.org:
YoGangsta50 Leaves the Internet. Read more

www.vitalsecurity.org:
War at 33 1/3 - A GTA Hoodlife Email. Read more

www.eweek.com:
Author Claims Mac OS X Worm 'Ready to Go'. Read more

www.avertlabs.com:
The Nduja Job: Into The World Of XSS Worms. Read more

blog.wired.com:
'Thank You For Your Interest in the FBI'. Read more

blog.wired.com:
The FBI search warrant: "Teen Who Made Bomb Threats". Read more

isc.sans.org:
Web is the way to go? Read more

isc.sans.org:
Old Vulnerabilities Can Still Haunt You. Read more

www.symantec.com:
A PoC Epoch. Read more

sunbeltblog.blogspot.com:
Eternal damnation. Read more

honeyblog.org:
Sunshine on a stormy day. Read more

ha.ckers.org:
Firefox Implements httpOnly And is Vulnerable to XMLHTTPRequest. Read more

ddanchev.blogspot.com:
SQL Injection Through Search Engines Reconnaissance. Read more

www.computerworld.com:
The stalker in your pocket. A new generation of 'snoopware' listens, watches and spies through cell phones. Read more

www.darkreading.com:
Spam Changes Direction. Read more

www.darkreading.com:
Trade Ya'. Read more

www.techworld.com:
DNS is a hacker's playground. Read more

www.infoworld.com:
Identity theft? What identity theft? Read more

blogs.authentium.com:
PGP 2.6 is the Official AV Industry Standard for Encryption. Read more

www.informationweek.com:
China's Security Syndrome. Read more

www.infectionvectors.com:
Retest: Cutting Malware Losses. Read more

www.heise-security.co.uk:
Trojan creation for dummies. Read more

blogs.msdn.com:
Reset Internet Explorer Settings. Read more

www.podtrac.com:
Audio: Security Now 101: Are You Human? Listen

 

Vulnerabilities & Exploits
www.securityfocus.com:
Adobe Flash Player SWF File Handling Remote Code Execution Vulnerability. Read more

securitytracker.com:
Opera BitTorrent Processing Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Java Runtime Environment Applet Class Loader Bug Lets Remote Users Connect to Localhost Sockets. Read more

securitytracker.com:
IMail Server Heap Overflow in 'Imailsec.dll' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft DirectX Heap Overflow in Processing RLE-Compressed Targa Images Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
IMail Server Buffer Overflows in IMAP 'search' and 'search charset' Commands Let Remote Authenticated Users Execute Arbitrary Code. Read more

 

News
news.com.com:
FBI ducks questions about its remotely installed spyware. Read more

www.theregister.co.uk:
Governments' systems used to power phishing push. Read more

www.theregister.co.uk:
The return of the ransom-ware Trojan. Read more

www.theregister.co.uk:
'Mac worm' hacker in death threat farce. Read more

vsiphone.blogspot.com:
iPhone has a built-in spyware module? Read more

www.prisonplanet.com:
iPhone a Trojan Horse For Government Surveillance? Read more

www.technewsworld.com:
Feds Play Hacker, Nab Bomb Threat Suspect. Read more

www.technewsworld.com:
Mozilla Relieves Firefox, Explorer Security Headache. Read more

www.mercurynews.com:
Hackers trip up Virgin America's first day of ticketing. Read more

www.smh.com.au:
Turkish hackers bring down insurer's site. Read more

www.sophos.com:
Cop loses job for using peer-to-peer file-sharing software. Read more

www.usatoday.com/:
Study: 4% of kids online solicited for sexual photos. Read more

entertainment.timesonline.co.uk:
Digital DNA could finger Harry Potter leaker. Read more

pressesc.com:
Multi-gigabit wireless "within three years". Read more

19 July 2007

Guides, Papers, etc
wabisabilabi.blogspot.com:
Hypocrisy in the Exploit Market. Read more

anti-virus-rants.blogspot.com:
Microsoft's anti-malware ethical conflict. Read more

blogs.pandasoftware.com:
PINCH, THE TROJAN CREATOR. Read more

isc.sans.org:
Oracle Qarterly Critical Patch Update. Read more

isc.sans.org:
New Version of FireFox. Read more

www.sophos.com:
Sophos reveals "dirty dozen" spam-relaying countries. Read more

www.wired.com:
Courts Should Shield Web and E-Mail Data From Nosy Cops. Read more

www.darkreading.com:
Attackers Hide in Fast Flux. Read more

www.darkreading.com:
Hackers Tap Western Union. Read more

www.darkreading.com:
Spam's Many New Flavors. Read more

www.microsoft-watch.com:
Google is All About Information. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Mac OS X Unspecified mDNSResponder Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Yahoo Messenger Buffer Overflow in Address Book May Let Users Execute Arbitrary Code. Read more

securitytracker.com:
Opera 'data:' URL Display Bug Lets Remote Users Spoof the Address Bar. Read more

securitytracker.com:
KDE Konqueror 'data:' URL Display Bug Lets Remote Users Spoof the Address Bar. Read more

 

News
www.theregister.co.uk:
Microsoft Windows patent will spy for advertisers. Read more

news.zdnet.com:
Will security firms detect police spyware? Read more

news.zdnet.com:
Security firms on police spyware, in their own words. Read more

www.wired.com/:
FBI's Secret Spyware Tracks Down Teen Who Made Bomb Threats. Read more

www.computerweekly.com:
Zero-day auction site complicates security efforts, IT pros say. Read more

www.reuters.com:
Hackers steal U.S. government, corporate data from PCs. Read more

www.computerworld.com:
Pfizer waited six weeks to disclose breach that exposed data on thousands. Read more

www.technewsworld.com:
Google Puts 2-Year Expiration Date on Cookies. Read more

www.theregister.co.uk:
iPhone becomes phisherman's friend. Read more

news.xinhuanet.com:
Thailand enacts new tough cyber-crime law. Read more

www.dailytech.com:
Xbox Ringleader Peter Moore Bolts From Microsoft, Lands at EA Sports. Read more

17 July 2007

Guides, Papers, etc
www.eweek.com:
Beware Fake Domain Renewal Notices. Read more

www.viruslist.com:
Blackmailer – the return of Gpcode. Read more

blogs.pandasoftware.com:
A new case of RansomWare !!! Read more

isc.sans.org:
Symantec False-Positive on Filezilla, NASA World Wind. Read more

googleonlinesecurity.blogspot.com:
Automating web application security testing. Read more

www.darkreading.com:
Black Hat: DLP Hack. Read more

www.darkreading.com:
Cross-Site, Cross-Service. Read more

www.darkreading.com:
Hacking, Iron Chef Style. Read more

www.darkreading.com:
DNS Adventures. Read more

www.avertlabs.com:
Phish or Fair? Take Our Phishing Quiz and Test Your Phish IQ. Read more

www.law.com:
Do-It-Yourself Forensics. Read more

podcasts.sophos.com:
Audio: Sophos podcast: Improve security through control. Listen

 

Vulnerabilities & Exploits
www.xdisclose.com:
Yahoo Messenger 8.1 Address Book Buffer Overflow. Read more

 

News
www.reuters.com:
Hackers steal govt, corporate data from PCs. Read more

www.rediff.com:
Nigeria Calling: Indians beware! Read more

domainnamewire.com:
New Domain Name Renewal Scam Hits Inboxes. Read more

www.theregister.co.uk:
Italian police net 26 in phishing takedown. Read more

www.computerworld.com:
Anonymous researcher boasts of building Mac worm. Read more

economictimes.indiatimes.com:
Microsoft's new program hacked again. Read more

blog.wired.com:
Google Changes Cookie Policy But Privacy Effect is Small. Read more

www.dailytech.com:
Florida Counterfeit Credit Card Ring Busted. Read more

16 July 2007

Guides, Papers, etc
www.honeynet.org:
Know Your Enemy: Fast-Flux Service Networks. Read more

www.beskerming.com:
Destroying Sandboxes. Read more

isc.sans.org:
Microsoft Patch support not Free? Read more

blogs.securiteam.com:
How to sleep with any woman you want - on the first date! Read more

www.pcadvisor.co.uk:
Security exposed: Is Google the new Microsoft? Read more

blogs.technet.com:
The bad guys will use BitLocker, too. Read more

www.securityfocus.com:
C++: A Cautionary Tale, or, 1 Hour Of Your Black Hat Trip is Spoken For. Read more

www.securityfocus.com:
Cheating Process Scheduler Algorithms. Read more

www.builderau.com.au:
5 reasons restricting hacking is not like gun control. Read more

sunbeltblog.blogspot.com:
Poste Italiane phishers arrested. Read more

msmvps.com:
oh dear, michael will not be happy. Read more

www.itnews.com.au:
IT Security: The data theft time bomb. Read more

www.itnews.com.au:
It's no secret: Facebook's allure is its privacy. Read more

www.itnews.com.au:
China's evolutionary leap. Read more

www.itnews.com.au:
Spam is gateway to malware economy. Read more

podcasts.sophos.com:
Audio: Sophos podcast: Improve security through control. Listen

 

News
www.terra.net.lb:
Internet making it tougher for China to block bad news. Read more

news.zdnet.co.uk:
Sun says Java flaw has been patched. Read more

www.castlecops.com:
26 ARRESTS IN ITALY FOR ASSOCIATION TO COMMIT OFFENCES OF PHISHING. Read more

www.computeractive.co.uk:
Study points to crimeware explosion. Read more

www.techworld.com:
Botnet targets iPhone buyers. Read more

www.theage.com.au:
'Italian job' hackers use Russian tool kit. Read more

www.thelocal.se:
Web spider to hunt tax dodgers. Read more

14 July 2007

Guides, Papers, etc
www.f-secure.com:
Patch your Flash Player and Java Runtime Environment *NOW*. Read more

www.securityfocus.com:
Flaw auction site highlights disclosure issues. Read more

www.informationweek.co:
Bots Helped To Boost Microsoft Live Search Gains. Read more

www.microsoft.com:
Improve Security with Windows Mobile 6. Read more

blogs.securiteam.com:
Patching an IPS - 16 months ! Read more

isc.sans.org:
Symantec Backup Exec for Windows Server. Read more

isc.sans.org:
Java Run Time Advisory Issued. Read more

isc.sans.org:
Strange Round of EMails. Read more

sunbeltblog.blogspot.com:
Beware fake Italian IE 7, Google pages. Read more

sunbeltblog.blogspot.com:
Sunbelt developers work at speed of light, create a patch for the patch. Read more

sunbeltblog.blogspot.com:
Why "I've got nothing to hide" is a ludicrous argument. Read more

www.avertlabs.com:
New trend on PDF spam. Read more

www.newsfactor.com:
Little Annoyances Still Big Vista Issue. Read more

www.infoworld.com:
Anti-phishing techniques for the real world. Read more

resources.zdnet.co.uk:
Mitigating the effects of a DDoS attack. Read more

www.darkreading.com:
Cigna Goes on a Role. Read more

www.darkreading.com:
FBI Busts Payment Service Founders. Read more

www.darkreading.com:
An ISO Security Self-Check. Read more

www.microsoft.com:
Antivirus Defense-in-Depth Guide. Read more

www.microsoft.com:
Malware Removal Starter Kit. Read more

msdn2.microsoft.com:
Windows Vista Integrity Mechanism Technical Reference. Read more

www.technewsworld.com:
Web of Terror, Part 2: Chasing a Moving Target. Read more

www.eweek.com:
The 'Zero-Day' Solution. Read more

sunbeltblog.blogspot.com:
Video: For your weekend viewing pleasure. Read more

 

Vulnerabilities & Exploits
ha.ckers.org:
Photobucket Allows Public Access To Private Photos. Read more

securitytracker.com:
HP Serviceguard for Linux Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Progress Database Heap Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
TippingPoint Intrusion Prevention System Fragmented Packet Processing Lets Remote Users Evade Detection. Read more

securitytracker.com:
QuarkXPress Stack Overflow in Word Import Filter Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.securityfocus.com:
Sony BMG sues copy-protection maker. Read more

www.theregister.co.uk:
Cloak and dagger Chinese firm tells Google to change its name. Read more

news.zdnet.co.uk:
Java flaw poses widespread security threat. Read more

news.zdnet.com:
Sun says Java flaw has been patched. Read more

www.economist.com:
A world wide web of terror. Read more

news.bbc.co.uk:
The fight against net crime. Read more

www.southwalesargus.co.uk:
Internet fraudster continued eBay racket. Read more

13 July 2007

Guides, Papers, etc
isc.sans.org:
MS07-036 Revised. Read more

isc.sans.org:
MS07-040: .NET update trouble. Read more

www.f-secure.com:
QuickTime Update Equals Update QuickTime. Read more

blogs.pcworld.com:
Grappling With Microsoft's OneCare Beta. Read more

www.eweek.com:
Will Google Mine Your Postini E-Mail? Read more

www.infoworld.com:
Anti-phishing techniques for the real world. Read more

arstechnica.com:
Computer viruses turn 25; computer scientists expect many unhappy returns. Read more

ws.hackaholic.org:
Anti Forensics: making computer forensics hard. Read more

www.securityfocus.com:
C++: A Cautionary Tale, or, 1 Hour Of Your Black Hat Trip is Spoken For. Read more

apnews.myway.com:
Research Downplays Personal Info Threat. Read more

www.darkreading.com:
Online Gaming's Seamy Underside. Read more

www.darkreading.com:
Old Flaw Threatens Web 2.0. Read more

aolradio.podcast.aol.com:
Audio: Security Now 100: Your Questions, Steve's Answers. Listen

chkpt.zdnet.com:
Audio: How the feds used key logging software to make a drug bust,
Microsoft's do-or-die message for partners, and a high-tech remake of the soldier of the future. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
Symantec Anti Virus Products RAR and CAB Decomposition Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
libarchive Tar/Pax Processing Bugs Let Remote Users Deny Service or Execute Arbitrary Code. Read more

securitytracker.com:
Perl Net::DNS Perdicatable Sequence IDs Let Remote Users Spoof DNS Responses. Read more

securitytracker.com:
Perl Net::DNS Lets Remote Users Deny Service With Malformed DNS Packets. Read more

securitytracker.com:
X Font Server Temporary File Race Conditions Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
QuickTime Memory Corruption Bugs Let Remote Users Execute Arbitrary Code. Read more

 

News
www.securityfocus.com:
Sensitive U.S. military files accessible on the Net. Read more

news.zdnet.co.uk:
Java flaw poses widespread security threat. Read more

www.computerworld.com:
Bootable disc eliminates viruses for safer banking. Read more

www.newsfactor.com:
The Truth Behind the IE-Firefox Exploit. Read more

www.vnunet.com:
Apple patches critical QuickTime flaws. Read more

cincinnati.fbi.gov:
DAYTON MAN SENTENCED TO 300 MONTHS IN PRISON FOR “HACKING” INTO WEBCAMS OF MINORS. Read more

12 July 2007

Guides, Papers, etc
isc.sans.org:
A patchy kind of day. Read more

isc.sans.org:
Adobe patches. Read more

sunbeltblog.blogspot.com:
Spam story on Forbes. Read more

sunbeltblog.blogspot.com:
Bizarre: Zlob guy posts on public forum. Read more

www.avertlabs.com:
Crime dramas in Internet-land. Read more

www.darkreading.com:
Startup Launches Free Malware Blocker. Read more

www.darkreading.com:
Microsoft Launches Threat Portal. Read more

www.darkreading.com:
One More for the Road. Read more

ddanchev.blogspot.com:
Insecure Bureaucracy in Germany. Read more

ddanchev.blogspot.com:
E-commerce and Privacy. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Norton Anti-Virus SYMTDI.SYS Driver Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Symantec Client Security Buffer Overflow in Realtime E-mail Scanning Lets Local Users Deny Service. Read more

securitytracker.com:
Sun Java System Access Manager Discloses Passwords to Local Users. Read more

securitytracker.com:
Cisco Unified Communications Manager Heap Overflows Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Cisco Unified Communications Manager Lets Remote Users Deny Service and Obtain Sensitive Information. Read more

securitytracker.com:
Symantec Client Security Buffer Overflow in Realtime E-mail Scanning Lets Local Users Deny Service. Read more

securitytracker.com:
Symantec Backup Exec for Windows RPC Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
Java Runtime Environment XSLT Stylesheet Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
McAfee ePolicy Orchestrator Common Management Agent Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
AVG Anti-Virus avg7core.sys Driver Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
TippingPoint Intrusion Prevention System Alternate Unicode Character Encodings Lets Remote Users Evade Detection. Read more

securitytracker.com:
Mozilla Firefox Bug in Firefox URL Protocol Handler Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code or Conduct Cross-Site Request Forgery Attacks. Read more

securitytracker.com:
Java Secure Socket Extension (JSSE) SSL/TLS Handshake Bug Lets Remote Users Deny Service. Read more

 

Tools:
fileforum.betanews.com:
Wireshark for Windows 0.99.6a. Read more

 

News
www.itnews.com.au:
Microsoft fixes 11 bugs, 8 critical. Read more

www.securityfocus.com:
Office flaws continue to haunt Microsoft. Read more

www.itpro.co.uk:
Hackers focusing on web 2.0 sites. Read more

www.technewsworld.com:
Internet Explorer Linked to Firefox Security Hole. Read more

www.itnews.com.au:
When you mix Firefox and IE, you risk a critical zero-day flaw Read more

www.regdeveloper.co.uk:
Microsoft promises VMware beater despite reversals. Read more

11 July 2007

Guides, Papers, etc
www.f-secure.com:
Patch Tuesday, July Edition. Read more

blogs.technet.com:
The Case of the Unexpected PsList Error. Read more

isc.sans.org:
IE vs. FF. Read more

isc.sans.org:
July 'Black Tuesday' overview. Read more

sunbeltblog.blogspot.com:
Simple Google searches lead to more hacking. Read more

news.com.com:
Is an antivirus gap looming? Read more

www.esecurityplanet.com:
Firefox At Risk Because of Internet Explorer? Read more

www.zdnet.com.au:
The perfect attack against your security? Read more

www.securityfocus.com:
Achtung! New German Laws on Cybercrime. Read more

blog.trendmicro.com:
Postcards or patches? Read more

blogs.securiteam.com:
Ecards and email filtering. Read more

www.ft.com:
Security matters: Diverting dangerous traffic. Read more

www.portcullis-security.com:
XSS Tunnelling. Read more

www.darkreading.com:
Hackers Clean Up With Ajax. Read more

www.darkreading.com:
'Critical' Java Flaw Bugs Researchers. Read more

www.darkreading.com:
Japanese Bank Loses 1M Records. Read more

blogoscoped.com:
Putting Google On Your Phone. Read more

www.avertlabs.com:
Fake advertising attempting to discredit Spamhaus. Read more

www.avertlabs.com:
Did you get your Paypal E-TAN? Read more

www.youtube.com:
Video: F-Secure Re:Solution. Watch

 

Vulnerabilities & Exploits
larholm.com:
Internet Explorer 0day Exploit. Read more

securitytracker.com:
.NET Buffer Overflows in PE Loader and JIT Compiler Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Windows Active Directory Bug in Processing LDAP Convertible Attributes Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Windows Vista Firewall Teredo Interface Discloses Network Information to Remote Users and May Let Remote Users Bypass Firewall Rules. Read more

securitytracker.com:
Microsoft Office Publisher Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Excel Caculation Error and Memory Corruption Error Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Internet Explorer Bug in Firefox URL Protocol Handler Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
WinPcap Input Validation Flaw in NPF.SYS Driver Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
GIMP Integer Overflows in Processing DICOM, PNM, PSD, PSP, Sun RAS, XBM, and XWD Files Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Linux Kernel Signal Handling Error on PowerPC Systems Lets Local Users Deny Service. Read more

securitytracker.com:
Java Web Start JNLP Stack Overflow Lets Remote Usres. Read more

securitytracker.com:
AIX Buffer Overflow in libodm May Let Local Users Gain Elevated Privileges. Read more

 

Tools:
fileforum.betanews.com:
Autoruns 8.70. Read more

 

News
www.theregister.co.uk:
serious browser vulnerability, but whose? Read more

www.theregister.co.uk:
Crooks debut 'plug and play' phishing kit. Read more

news.com.com:
Feds use key logger to thwart PGP, Hushmail. Read more

www.theregister.co.uk:
Tiscali: breaking DNS for fun and profit. Read more

www.theregister.co.uk:
Spam suspects charged over $4.6m share con. Read more

www.vnunet.com:
Cyber-crime commercialisation spawning malware epidemic. Read more

www.itnews.com.au:
Storm worm masquerades as phony virus warning. Read more

www.itnews.com.au:
Texans charged with Botnet pump-and-dump scheme. Read more

www.itnews.com.au:
Spammers automatically creating Hotmail and Yahoo accounts. Read more

10 July 2007

Guides, Papers, etc
www.securityfocus.com:
Fast flux foils bot-net takedown. Read more

rosario.valotta.googlepages.com:
A proof of concept of a XWW - cross webmail worm. Read more

blog.washingtonpost.com:
Cell Phone Spying Service Leaking Data? Read more

christ1an.blogspot.com:
DNS Pinning Explained. Read more

isc.sans.org:
The ever morphing Storm. Read more

www.cisrt.org:
Ecard.exe changes into Patch.exe. Read more

ha.ckers.org:
Nduja Cross Domain/Webmail XSS Worm. Read more

blogs.securiteam.com:
Neo1973 breaks the last boundery to GSM fuzzing. Read more

winnow.oitc.com:
Antivirus Performance. Read more

ddanchev.blogspot.com:
Terrorist Groups' Brand Identities. Read more

news.softpedia.com:
Security Verification for Google Search. Read more

www.eweek.com:
Look Out Microsoft! Here Comes Google and Postini. Read more

www.darkreading.com:
Eight Sure-Fire Ways to Beat a Security Audit. Read more

www.darkreading.com:
Sourcefire Goes Gigabit. Read more

www.darkreading.com:
A Theft by Any Other Name. Read more

www.esecurityplanet.com:
Those "Helpful" Emails that Big Tech Firms Send. Read more

 

Vulnerabilities & Exploits
larholm.com:
Internet Explorer 0day Exploit. Read more

securitytracker.com:
EZFactory Input Validation Flaw in 'Download CGI' Lets Remote Users Traverse the Directory. Read more

securitytracker.com:
Citrix Presentation Server Client Lets Remote Users Deny Service. Read more

securitytracker.com:
MDaemon DomainPOP Service Can Be Crashed By Remote Users. Read more

 

News
www.securityfocus.com:
Google to buy e-mail security firm Postini. Read more

www.theregister.co.uk:
Sun's handling of Java security update prompts concerns. Read more

www.theregister.co.uk:
Google pressed to reveal AdWords secrets. Read more

news.zdnet.co.uk:
Google adds improvements to Code Search. Read more

www.regdeveloper.co.uk:
Microsoft points robots toward point upgrade. Read more

www.computerworlduk.com:
Major online scam gang caught red-handed. Read more

www.sophos.com:
Texan two accused of zombie computer stock scam. Read more

news.com.com:
Child porn allegations: New tactic in fighting file sharing? Read more

www.theregister.co.uk:
Dodgy anti-virus update bunfight goes to court. Read more

www.fas.org:
New Chinese Ballistic Missile Submarine Spotted with Google Earth. Read more

www.technewsworld.com:
Google Earth Spills Secret Chinese Submarine Beans. Read more

09 July 2007

Guides, Papers, etc
www.beyondsecurity.com:
Alternative Botnet C&Cs. Read more

www.beskerming.com:
Time to Blacklist Blacklists. Read more

www.techworld.com:
Average zero-day bug lasts a year. Read more

isc.sans.org:
The ever morphing Storm. Read more

isc.sans.org:
Evil Google Ads. Read more

isc.sans.org:
Yahoo Follow-up. Read more

isc.sans.org:
Fun with Darknets. Read more

isc.sans.org:
Defensive Googling. Read more

www.f-secure.com:
Fake alert emails. Read more

www.cisrt.org:
Trojan.BotVoice, a talking trojan. Read more

www.net-security.org:
(IN)SECURE Magazine ISSUE 11. Read more

 

News
www.microsoft.com:
Microsoft Security Bulletin Advance Notification for July 2007. Read more

www.beskerming.com:
Antivirus Vendors Head to Court. Read more

tech.blorge.com:
Spammers overcome Hotmail and Yahoo CAPTCHA systems. Read more

www.sfgate.com:
Judges OK warrantless monitoring of Web use Privacy rules don't apply to Internet messages, court says. Read more

www.arnnet.com.au:
E-mail worms rarer in 2007, says vendor. Read more

www.mercurynews.com:
Busting Internet fraud that sends four to San Quentin. Read more

www.itnews.com.au:
Link between data breaches and ID theft inclear, GAO reports. Read more

www.itnews.com.au:
Google slams EU data protection bodies. Read more

www.heise-security.co.uk:
Trojan "copyright police" strike movie thieves. Read more

www.terra.net.lb:
Al-Mustaqbal among Web sites blocked by Syria. Read more

07 July 2007

Guides, Papers, etc
www.eweek.com:
Inside the Mind of a Hacker. Read more

www.technewsworld.com:
Web of Terror, Part 1: Extremists Take to the Net. Read more

www.technewsworld.com:
IM at Work, Part 2: Tools for Locking Down. Read more

www.technewsworld.com:
Beware of Data Dumpster Divers. Read more

ddanchev.blogspot.com:
Zero Day Vulnerabilities Auction. Read more

www.eweek.com:
Printer Security Advances. Read more

www.eweek.com:
Security Is 'Kid' Stuff. Read more

www.computerworld.com:
Mpack installs ultra-invisible Trojan. Read more

sunbeltblog.blogspot.com:
Spyware served from University of Maryland? Read more

isc.sans.org:
Putting the ED in .EDU. Read more

isc.sans.org:
Do you want to play a game...? Read more

isc.sans.org:
Incoming!!! Read more

isc.sans.org:
Yahoo down. Read more

blogs.technet.com:
Detecting ARP Spoofing Attacks. Read more

blogs.technet.com:
ARP Cache Poisoning Incident. Read more

www.darkreading.com:
'Hacking Capitalism'. Read more

www.darkreading.com:
Spyware Spreaders Settle Suit. Read more

www.darkreading.com:
Adding On to IE. Read more

www.darkreading.com:
They Told You So. Read more

www.infoworld.com:
Secure applications in a secure ecosystem: the next challenge. Read more

www.alex-ionescu.com:
Introducing Haute Secure. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
SAP DB Web Server Stack Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
SAP Message Server Heap Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
SAP Internet Graphics Server Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Maia Mailguard Directory Traversal Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Asterisk Stack Overflows in 'chan_sip.c' Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
SAP Internet Communication Manager Lets Remote Users Deny Service. Read more

securitytracker.com:
gfax Unsafe Temporary File Lets Local Users Gain Root Privileges. Read more

 

News
www.theregister.co.uk:
Google goes back to court over Vista search tools. Read more

www.theregister.co.uk:
Security flaw marketplace lays out its wares. Read more

www.theregister.co.uk:
Turing test challenges spam filters. Read more

www.interfax.cn:
Kaspersky sues Rising over unfair competitive practices. Read more

star-techcentral.com:
Hackers help raise funds for cancer research. Read more

www.theregister.co.uk:
Trojan creates bogus webmail accounts to punt drugs. Read more

www.yankton.net:
Pets For Sale? Look Out For Scams. Read more

www.zeropaid.com:
Swedish Police to Shut Down the Pirate Bay? Read more

www.trainingpressreleases.com:
Police and 7Safe Launch New Computer Forensics Guide at ACPO e-crime Conference. Read more

www.informationweek.com:
Fraudsters Use Charities To Prep Stolen Credit Cards For Sale. Read more

06 July 2007

www.washingtonpost.com:
Terrorism's Hook Into Your Inbox. Read more

blogs.securiteam.com:
Botnets != Terrorism, or is it? :) Read more

www.zdnet.com.au:
Have rootkits defeated the security industry? Read more

www.zdnet.com.au:
Video: Have rootkits defeated the security industry? Watch

www.f-secure.com:
FSCSI and Visualization Tools. Read more

www.zdnet.com.au:
Video: F-Secure gets graphical to fight next-gen malware. Watch

sunbeltblog.blogspot.com:
Free copy of CounterSpy for the first person who can get me a screengrab of this dialog box. Read more

sunbeltblog.blogspot.com:
Player Codec: Fake codec on the loose. Read more

isc.sans.org:
Java SE 6.0 Update 2 Released. Read more

isc.sans.org:
Odd DNS Traffic. Read more

www.avertlabs.com:
WFP hack redefined!!! Read more

www.darkreading.com:
Meet the Next-Gen Web Worm. Read more

www.darkreading.com:
An Auction Site for Vulnerabilities. Read more

www.darkreading.com:
Firefox's Security Add-Ins. Read more

www.darkreading.com:
To Crypt or Not to Crypt. Read more

msmvps.com:
haute secure... they improve and they grow. Read more

aolradio.podcast.aol.com:
Security Now 99: TPM. Listen

consumerist.com:
VIDEO: Consumerist Catches Geek Squad Stealing Porn From Customer's Computer. Read more

consumerist.com:
How To Make Your Computer Catch People Stealing Your Porn. Read more

www.nytimes.com:
IPhone-Free Cellphone News. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Glibc LD_HWCAP_MASK Integer Overflow Lets Local Users Execute Arbitrary Code. Read more

securitytracker.com:
Moodle Input Validation Hole in 'index.php' Style Parameter Permits Cross-Site Scripting Attacks. Read more

 

Tools:
www-307.ibm.com:
Secure Data Disposal. Read more

blogs.zdnet.com:
Firefox improved on Vista, but still no protected mode. Read more

 

News
www.theregister.co.uk:
MS Patch Tuesday to include trio of 'critical' fixes. Read more

www.networkworld.com:
Beijing scores number one spot for malware. Read more

www.smh.com.au:
Russian hackers fake major oil CEO's arrest. Read more

www.theregister.com:
Trojan creates bogus webmail accounts to punt drugs. Read more

news.techwhack.com:
New Trojan Makes Computers Talk While Wiping out the Hard Drive. Read more

www.theregister.com:
Google: Our data retention is not data protection watchdogs' business. Read more

www.technewsworld.com:
DVD Jon Wins Bragging Rights for iPhone Activation Hack. Read more

05 July 2007

Guides, Papers, etc
research.pandasoftware.com:
Banking Targeted Attack Techniques. Read more

www.symantec.com:
MPack Clearance Sale! Read more

www.networkworld.com:
Is securing your network worth the money? Read more

www.gnucitizen.org:
The Top 5 most Popular Web2.0 Services Hackers Cannot live Without. Read more

fraudwar.blogspot.com:
FlexiSpy - software that spies on people via their smart phone. Read more

www.darknet.org.uk:
Trojan Mimicks Windows Activation Interface - KardPhisher. Read more

msmvps.com:
Bloody spammers - first PDFs and now Word documents. Read more

www.sophos.com:
Criminal investigation secrets leak onto internet by peer-to-peer file-sharing networks. Read more

blogs.msdn.com:
Lessons Learned from MS07-029: The DNS RPC Interface Buffer Overrun. Read more

podcasts.mcafee.com:
Audio: AudioParasitics Episode 9. 2nd part of our two-part discussion on malware-authoring courses being offered in higher education. Listen

podcasts.mcafee.com:
Audio: AudioParasitics Episode 10. McAfee Avert Labs recently revisited their predictions for the top 10 security threats in 2007. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
imlib _LoadBMP() Function Endless Loop Lets Remote Users Deny Service. Read more

securitytracker.com:
HP Instant Support Buffer Overflow in ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.theregister.co.uk:
Storm Trojan feeds on Independence Day. Read more

tech.blorge.com:
MPAA's Media Defender sets up 'fake' site to catch pirates. Read more

www.itnews.com.au:
NSW selects MessageLabs to secure free Internet services. Read more

www.itnews.com.au:
Fidelity admits theft of data on 2.3m customers. Read more

software.silicon.com:
Facebook to fuel spear-phishing boom? Read more

www.scmagazine.com:
PandaLabs: Beware of talking virus. Read more

www.computerworld.com:
'DVD Jon' beats iPhone activation. Read more

04 July 2007

Guides, Papers, etc
www.net-security.org:
The Evolution of Self-Defense Technologies in Malware. Read more

isc.sans.org:
Port 1433 scanning. Read more

isc.sans.org:
Port 5901 scanning. Read more

isc.sans.org:
Storm worm with 4th of July subject lines. Read more

isc.sans.org:
New mutation of PDF spam. Read more

www.f-secure.com:
4th of July and Greeting Cards. Read more

www.avertlabs.com:
Updates on Malware Fields. Read more

www.darkreading.com:
DLP in Flux. Read more

www.darkreading.com:
FlexiSPY: Product or Trojan? Read more

www.darkreading.com:
Admin Accused of Stealing 2.3M Names. Read more

www.darkreading.com:
Swallow This. Read more

sunbeltblog.blogspot.com:
Are Computer "Glitches" Ruining your Life? Read more

sunbeltblog.blogspot.com:
Sunbelt Weekly TechTips #51: Configuration and Troubleshooting. Read more

sunbeltblog.blogspot.com:
How iPhone activation works. Read more

www.24dash.com:
Future of the Internet revealed. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Oracle E-Business Suite Input Validation Hole in Rapid Install Permits Cross-Site Scripting Attacks. Read more

 

Tools:
www.networkworld.com:
15 great, free security programs. Read more

 

News
www.vnunet.com:
Eastern European websites under renewed attack. Read more

www.theregister.co.uk:
Security consultant's blog found pushing crudware. Read more

news.com.com:
Details on defacement of Microsoft's U.K. Web site. Read more

www.securityfocus.com:
BSA to pay up to $1 million for piracy tips. Read more

www.securityfocus.com:
SAP responds to Oracle hacking claims. Read more

www.computerworld.com:
Beijing scores No. 1 spot for malware. Read more

www.theregister.co.uk:
MPack malware exposes cheapskate web hosts. Read more

www.australianit.news.com.au:
MySpace predators exposed. Read more

www.bloomberg.com:
SAP Admits to `Inappropriate' Oracle Code Downloads (Update10). Read more

www.itnews.com.au:
Home PCs still wide open. Read more

www.itnews.com.au:
Corporate PC users are the weakest link. Read more

www.itnews.com.au:
Independence Day spam arrives. Read more

www.itnews.com.au:
Kremlin critics say Russian Cyberspace alive with DoS attacks. Read more

03 July 2007

Guides, Papers, etc
news.softpedia.com:
Windows Vista Features and Services Harvest User Data for Microsoft. Read more

sunbeltblog.blogspot.com:
Security expert's blog compromised? Read more

www.avertlabs.com:
Zero Day Threats: Part 4 - What’s New and Where Are They Headed? Read more

isc.sans.org:
Incident response for the mobile enterprise. Read more

isc.sans.org:
iPhone scams. Read more

blogs.securiteam.com:
Happy birthday securiteam blogs. Read more

blogs.securiteam.com:
Flashback - Virtual Sex with Commwarrior. Read more

www.f-secure.com:
Apache Configurations and MPack. Read more

blogs.ittoolbox.com:
Dangerous searches - July 1st, 2007. Read more

blog.spywareguide.com:
GTA: Hoodlife - Virus Attack is a Public Enemy. Read more

www.cisrt.org:
IRCBot.acd spreads via MSN. Read more

www.computerdefense.org:
Beware Greeting Card Emails. Read more

ha.ckers.org:
IE6.0 Protocol Guessing. Read more

www.smh.com.au:
Online fraud targeted. Read more

www.eweek.com:
The Story of Sex.com. Read more

www.darkreading.com:
Bucking Law Enforcement's Borders. Read more

www.darkreading.com:
i Caramba! iPhone Hacked Already. Read more

www.darkreading.com:
Mobile Phones Generate Passwords. Read more

www.darkreading.com:
PC's Revenge. Read more

www.darkreading.com:
Sanity Checklist. Read more

www.tlcafrica.com:
Video: 419. I Go Chop Your Dollar. Watch

 

Vulnerabilities & Exploits
seclists.org:
Yoggie Pico Pro Remote Code Execution. Read more

www.rootkit.com:
Exploiting Kaspersky Antivirus 6.0-7.0. Read more

 

Tools:
www.technewsworld.com:
New Trend Micro App Sounds Alarm on Shady Web Sites. Read more

 

News
www.itnews.com.au:
Nearly 30,000 malicious Web sites appear each day. Read more

www.securityfocus.com:
Bug hunters focus on iPhone. Read more

www.theregister.co.uk:
iPhone hackers disclose vulns and hunt for clues. Read more

www.arnnet.com.au:
Nokia: Our mobile phones can be hacked, but it isn't easy. Read more

www.theregister.co.uk:
'I Go Chop Your Dollar' star arrested. Read more

news.zdnet.co.uk:
EU targets cybersecurity after Estonia attacks. Read more

www.zdnet.com.au:
Mobile phone trojan 'bugs' user conversations. Read more

www.cio.in:
Hackers Target C-level Execs and Their Families. Read more

www.theregister.co.uk:
Saudi hackers scalp MS UK. Read more

www.theregister.co.uk:
Harry Potter worm claims death of teen wizard. Read more

techdirt.com:
Botnet vs. Botnet: Scammers Fighting Each Other. Read more

02 July 2007

Trojans of June. Read more

Guides, Papers, etc
isc.sans.org:
Mass website hosting = mass defacements. Read more

isc.sans.org:
Tick tock - where has the time gone (Found again). Read more

isc.sans.org:
The wave continues - Subject line variation. Read more

www.sophos.com:
Attacks via web and email strip businesses of cash. Read more

www.symantec.com:
Spam from the Kernel: Full-Kernel Malware Installed by MPack. Read more

sunbeltblog.blogspot.com:
iPhone madness: This hot phone now sold through malware. Read more

kuza55.blogspot.com:
Universal Phishing Filter Bypass. Read more

sunbeltblog.blogspot.com:
Adventures in Cambridge. Read more

www.kaspersky.com:
Virus Top Twenty for June 2007.Read more

projects.cerias.purdue.edu:
ReAssure Project. Read more

techdirt.com:
Is Google Breaking The Law In Providing Ads On Typosquatting Domains? Read more

www.technewsworld.com:
IM at Work, Part 1: Idle Chatter, Serious Risk. Read more

www.esecurityplanet.com:
Spammers Are Playing Your Boss For A Sucker. Read more

www.zone-h.org:
Cyber crime on Second Life. Read more

 

Vulnerabilities & Exploits
websecurity.com.ua:
Month of Search Engines Bugs: totals. Read more

 

News
www.timesfreepress.com:
Internet crime center gets millionth complaint. Read more

www.itnews.com.au:
Beware of new "piggyback spam" campaign. Read more

www.theregister.com:
Senior execs targeted in 'precision' malware attacks. Read more

www.itnews.com.au:
E-Mail attacks target business executives. Read more

www.itnews.com.au:
Get ready for a hacker smackdown. Read more

blog.washingtonpost.com:
Spammers Duke It Out In Online Turf War. Read more


Copyright© MegaSecurity.org