Home    News Archive    Translate Traducen
News August 2005
31 August 2005

Guides, Papers, etc
www.securityfocus.com:
The great firewall of China. Read more

www.techworld.com:
I was a teenage crybercriminal. Read more

www2.townonline.com:
Markham: Dealing with spyware. Read more

www.webpronews.com:
Beating Adware, The Sneakiest Software. Read more

www.informationweek.com:
Ten-Minute Guide To Network Security. Read more

www.auto.tuwien.ac.at:
Flow-Level Traffic Analysis of the Blaster and SobigWorm Outbreaks in an Internet Backbone. Read more

 

Tools:
www.gnucitizen.org:
Massive Enumeration Toolset (MET) is a collection of python based scripts designed to perform various Passive Information Gathering techniques which can be helpful when evaluating the security of public computer networks. Read more

www.frsirt.com:
Helpdesk software Hesk "admin_main.php" Authentication Bypass. Read more

www.frsirt.com:
Microsoft Internet Explorer Remote Code Execution Vulnerability. Read more

 

Vulnerabilities & Exploits
isc.sans.org:
Microsoft's Internet Explorer exposes clipboard data via a javascript object 'clipboardData'. Read more

rgod.altervista.org:
Flatnuke 2.5.6 Underlying system information disclosure / Administrative & users credentials disclosure / cross site scripting / path disclosure / resource consumption poc. Read more

securitytracker.com:
e107 'forum_post.php' Lets Users Create Topics in Non-Existing Forums. Read more

securitytracker.com:
phpLDAPadmin Include File Bug in 'welcome.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Simple PHP Blog 'comment_delete_cgi.php' Lets Remote Users Delete Arbitrary Files. Read more

securitytracker.com:
Hesk 'admin_main.php' Grants Administrative Access to Remote Users. Read more

securitytracker.com:
AutoLinks Pro Include File Bug in 'alpath' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
FUDforum Avatar Upload Feature Lets Remote Users Upload and Execute Arbitrary PHP Code. Read more

securitytracker.com:
Land Down Under Input Validation Hole in Signature Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securiteam.com:
IIS Information Disclosure. Read more

 

News
www.vnunet.com:
Zotob suspect linked to other viruses. Read more

news.zdnet.co.uk:
Zotob suspects linked to underground network. Read more

news.zdnet.co.uk:
Credit card fraud ring implicated in Zotob affair. Read more

www.computerworld.com:
Zotob arrests point to cybercrime nexus. Read more

news.zdnet.co.uk:
Windows' code seller pleads guilty. Read more

www.globes.co.il:
UK court approves extradition of Trojan Horse couple. Read more

news.zdnet.co.uk:
Company struck down by CommWarrior. Read more

www.theregister.co.uk:
Three spammers face obscenity and CAN-SPAM charges. Read more

www.vnunet.com:
Security experts stake out Windows spyware hiding place. Read more

news.zdnet.co.uk:
Latest IE6 vulnerability explored. Read more

www.techworld.com:
HP netman product trips over security hole. Read more

www.theregister.co.uk:
Windows Vista in your Christmas stocking? Read more

www.vnunet.com:
Microsoft France exposes Vista release date. Read more

www.theregister.co.uk:
Censorware software fails to cut it. Read more

www.which.net:
Software alone can't create a safe online playground. Read more

www.fcw.com:
GAO: Federal data mining not obeying privacy rules. Read more

news.zdnet.co.uk:
McAfee partners with Postini. Read more

www.electricnews.net:
Disposable credit card? That'll do nicely. Read more

management.silicon.com:
Secret MI6 agents have cover blown online. Read more

cryptome.org:
Names of MI6 Officers online. Read more

www.vnunet.com:
Patent threat looms over dynamic web pages. Read more

www.theregister.co.uk:
Chinese go mental for nude web chat. Read more

. 30 August 2005

Guides, Papers, etc
blogs.washingtonpost.com:
Conversation With a Worm Author (DiablO, arrested on suspicion of writing the Zotob and Mytob worms). Read more

sunbeltblog.blogspot.com:
A look into the mind of spyware criminals. Read more

sunbeltblog.blogspot.com:
Does Wireless Networking Have to Be Insecure? Read more

www.eweek.com:
By Larry Seltzer, For Safe Updates, Build a Better Firewall. Read more

blogs.msdn.com:
All your <base> are belong to us. Read more

 

Vulnerabilities & Exploits
rgod.altervista.org:
phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions) system disclosure, remote code execution, cross site scripting. Read more

www.debian.org:
DSA-789-1 php4 -- several vulnerabilities. Read more

www.debian.org:
DSA-788-1 kismet -- several vulnerabilities. Read more

securitytracker.com:
Land Down Under Input Validation Hole in 'c' Parameter Permits SQL Injection Attacks. Read more

securitytracker.com:
SqWebMail Bug in Filtering IMG Tags Lets Remote Users Inject Arbitrary Scripting Code. Read more

securitytracker.com:
Microsoft Internet Explorer Unspecified Bug May Permit Remote Code Execution. Read more

securitytracker.com:
Looking Glass Input Validation Holes Let Remote Users Execute Arbitrary Commands and Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
phpWebNotes Include File Error in 'php_api.php' Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
MyBB Input Validation Hole in 'member.php' Script in 'fid' Parameter Permits SQL Injection Attacks. Read more

securitytracker.com:
vBulletin 'backup.php' May Disclose Backup File to Remote Users. Read more

www.idefense.com:
Adobe Version Cue VCNative Arbitrary Library Loading Vulnerability. Read more

secway.org:
BNBT EasyTracker Remote Denial of Service Vulnerability. Read more

 

News
news.zdnet.com:
Microsoft investigates another IE flaw report. Read more

www.informationweek.com:
FBI Reveals 16 More Suspects In Zotob Worm. Read more

www.f-secure.com:
So who is Diabl0? Read more

www.newsday.com:
Illwill pleads guilty to selling Microsoft source code. Read more

www.informationweek.com:
A New Type Of Worm. Read more

www.informationweek.com:
Microsoft Begins To Test Delayed Windows File System. Read more

www.techweb.com:
Service Tracks Florida Sex Offenders, Issues E-mail Alerts. Read more

www.technewsworld.com:
Lawsuits Cause Shift in File-Swapping Traffic. Read more

. 29 August 2005

Guides, Papers, etc
msdn.microsoft.com:
Browsing the Web and Reading E-mail Safely as an Administrator. Read more

msdn.microsoft.com:
Browsing the Web and Reading E-mail Safely as an Administrator, Part 2. Read more

Malware Profiling and Rootkit Detection on Windows by Matt Conover. Read more

 

Tools:
enterprise.linux.com:
Detect weak network passwords with Hydra. Read more

 

News
www.informationweek.com:
Fighting Cyberattacks By Sharing Information. Read more

www.techweb.com:
Windows Flaw May Let Hackers Hide Code From AV Scanners. Read more

australianit.news.com.au:
Qld scans for work porn. Read more

www.smh.com.au:
Two held over Zotob worm probe. Read more

www.handelsblatt.com:
Google Wants to Be Your Best Friend On Your Computer. Read more

. 28 August 2005

Guides, Papers, etc
Michal Zalewski on the Wire. Read more

 

Tools:
www.ubcd4win.com:
BCD4Win is a bootable CD which contains software that allows you to repair/restore/diagnostic almost any computer problem. Read more

 

Vulnerabilities & Exploits
rgod.altervista.org:
Looking Glass v20040427 arbitrary commands execution / cross site scripting. Read more

www.rem0te.com:
Sophos Antivirus Library RemØte Heap Overflow. Read more

securitytracker.com:
PhotoPost PHP Pro Input Validation Bug in Processing EXIF Meta Data Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
YaPiG Input Validation Bug in Processing EXIF Meta Data Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
phpGraphy Input Validation Bug in Processing EXIF Meta Data Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Gallery Input Validation Bug in Processing EXIF Meta Data Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Coppermine Photo Gallery Input Validation Bug in Processing EXIF Meta Data Permits Cross-Site Scripting Attacks. Read more

 

News
www.itp.net:
Microsoft blamed for global worm attacks. Read more

nwc.systemsmanagementpipeline.com:
Sneaky Trojan Poses As Plug And Play Patch. Read more

www.sophos.com:
Sophos warns of countries sending out mixed message to criminal hackers. Read more

news.com.com:
Labor group: Microsoft offshoring work on Longhorn. Read more

www.nzherald.co.nz:
Sony's new PSP proves to be a hackers' paradise. Read more

www.macnewsworld.com:
Copyright Office Criticized for Browser Bungle. Read more

www.iht.com:
Google prompts Skype to hustle. Read more

www.wired.com:
Jealous Lovers: No Web Snooping. Read more

. 27 August 2005

Guides, Papers, etc
www.eweek.com:
Inside Microsoft's Zotob Situation Room. Read more

www.cs.virginia.edu:
Comparing Java and .NET Security: Lessons Learned and Missed. Read more

www.av-test.org:
Cross Reference List of Virus Names.
Each vendor of anti-virus software has a different naming convention and the same virus could have a completely different name in another company's product. To provide a candle in the dark and diminish the current confusion, we created a cross-reference list of all virus names (106 KB), based on the WildList 06/2005. Download

www.eweek.com:
By Larry Seltzer: Windows 95: Doomed by Its Own Success. Read more

www.eweek.com:
By Larry Seltzer: Continuing on About Backing Up. Read more

www.windowsecurity.com:
Product-based Security vs. Service-based Security. Read more

en.wikipedia.org:
Short history about IE. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Courier Mail Server Error in Processing SPF Responses May Let Remote Users Deny Service. Read more

securitytracker.com:
HP OpenView Network Node Manager Input Validation Hole in 'connectedNodes.ovpl' Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
VERITAS File System (VxFS) on HP-UX Grants File Access to Local Users. Read more

www.debian.org:
DSA-787-1 backup-manager -- insecure permissions and tempfile. Read more

 

News
www.securityfocus.com:
Zotob suspects arrested in Turkey and Morocco. Read more

blogs.washingtonpost.com:
Suspected Zotob Worm Authors Arrested. Read more

money.cnn.com:
Turk, Moroccan nabbed in huge worm case. Read more

www.vnunet.com:
Microsoft hit by virus. Read more

www.terra.net.lb:
Turk wanted by FBI arrested for worldwide computer piracy. Read more

today.reuters.com:
Brazilian police arrest 85 in crackdown on hackers. Read more

searchsecurity.techtarget.com:
Antivirus can introduce dangerous network security holes into any OS. Read more

www.it-observer.com:
Intel Unveils Auto-Worm Detector. Read more

www.it-observer.com:
Intel to Prevent Unauthorized Access to Wi-Fi. Read more

www.vnunet.com:
Global phishing outbreak hits four banks. Read more

www.eweek.com:
Microsoft Enhances Its Anti-Phishing Tools. Read more

news.zdnet.com:
Flaw may hide malicious software. Read more

news.zdnet.com:
New Web copyright tool to exclude non-IE users. Read more

news.zdnet.com:
Three indicted in major spam case. Read more

www.iol.co.za:
Three charged in first case on obscene spam. Read more

www.technewsworld.com:
'Kutztown 13' Hackers Quietly Offered Deal. Reda more

software.silicon.com:
Worry over MSN blogs aiding spam. Read more

www.pcworld.com:
IBM Software Continually Backs Up Laptop Files. Read more

www.technewsworld.com:
What Are Businesses Doing With Your Personal Data? Read more

news.zdnet.com:
Search specialist stakes its claim on names. Read more

www.theregister.co.uk:
Are women safer surfers than men? Read more

. 26 August 2005

Guides, Papers, etc
www.computerworld.com:
Viruses: The New Weapon of Choice for Workplace Violence Offenders. Read more

homepages.cwi.nl:
Analyzing Worms using Compression. Read more

www.lurhq.com:
Myfip Intellectual Property Theft Worm Analysis. Read more

www.sysinternals.com:
Hidden Registry Keys? Read more

 

Tools:
www.pandasoftware.com:
SpyXposer, The free anti-spyware tool from Panda Software. Read more

 

Vulnerabilities & Exploits
secunia.com:
Windows Registry Editor Utility String Concealment Weakness. Read more

www.redteam-pentesting.de:
New banking security system iTAN not as secure as claimed. Read more

securitytracker.com:
Foojan WMS 'gmain.php' Lets Remote Users Inject HTML Code. Read more

securitytracker.com:
pam_ldap Password Policy Control Error Lets Remote Users Bypass Authentication. Read more

securitytracker.com:
Symantec Client Security Help Function Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Symantec AntiVirus Corporate Edition Help Function Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
LeapFTP Buffer Overflow in Site Queue File Lets Local Users Execute Arbitrary Code. Read more

securitytracker.com:
Ventrilo Service Can Be Crashed By Remote Users. Read more

securitytracker.com:
HAURI ViRobot Buffer Overflow in Processing ACE Archives May Let Remote Users Execute Arbitrary Code. Read more

www.debian.org:
DSA-786-1 simpleproxy -- format string vulnerability. Read more

www.debian.org:
DSA-785-1 libpam-ldap -- authentication bypass. Read more

www.debian.org:
DSA-784-1 courier -- programming error. Read more

 

News
www.vnunet.com:
Bluetooth adverts spark virus fears. Read more

www.technewsworld.com:
Live on Television, a Worm Attacks. Read more

www.vnunet.com:
Spyware worm turns on gamers. Read more

www.theregister.co.uk:
Polyglot IM worm targets MSN. Read more

www.techworld.com:
Linux/Unix e-mail flaw leaves system wide open. Read more

isc.sans.org:
Nasty Games of Hide and Seek in the Registry. Read more

www.vnunet.com:
Flaws found in CA’s Message Queuing software. Read more

www.pcworld.com:
Fall IDF: Distance Detection May Help Secure Wi-Fi. Read more

www.newsday.com:
Suspected Hacker Enters Military Database. Read more

www.theregister.co.uk:
China slashes gamers' time online. Read more

www.zdnet.com.au:
Intel inside: Self-healing PCs. Read more

www.cbsnews.com:
Hackers Turn On Each Other. Read more

www.zdnet.com.au:
MSN blogs 'launch' spam, virus attacks. Read more

www.finextra.com:
Phishers move to counteract bank security programmes. Read more

www.computerworld.com:
Hackers Beating Efforts to Patch Software Flaws. Read more

www.vnunet.com:
Microsoft vows to play nice with security chip. Read more

www.theregister.co.uk:
Gartner plots hype cycle for emergent tech. Read more

www.vnunet.com:
Google Talk could break open IM market. Read more

www.wired.com/:
Drug Spammer Busted, Jailed. Read more

www.stuff.co.nz:
Microsoft find spam bill hard to swallow. Read more

www.computing.co.uk:
Chain attack Trojan nets 3m email addresses. Read more

www.techworld.com:
PHP hit by another critical flaw. Read more

www.techworld.com:
Microsoft to support Linux with next Virtual Server. Read more

. 25 August 2005

Guides, Papers, etc
www.pcworld.com:
Web of Crime: Zombie PC Armies Designed to Suck Your Wallet Dry. Read more

www.viruslist.com:
Rootkits and how to combat them. Read more

astalavista.com:
Thief or Freeloader? The Ethics Surrounding Unauthorized Wireless Network Access. Read more

The Pharming Guide, Understanding & Preventing DNS-related Attacks by Phishers. Read more

 

Tools:
epigrass.sourceforge.net:
EpiGrass is a simulator of epidemics over networks. Its is a scientific tool created for simulations and scenario analysis in Network epidemiology. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Solaris DHCP Client Reply Processing Bug Lets Remote Users Cause Arbitrary Code to Be Executed on the DHCP Client System. Read more

securitytracker.com:
Mercora IMRadio Discloses Passwords to Local Users. Read more

securitytracker.com:
MPlayer Buffer Overflow in Audio Header 'strf' Parameter May Let Remote Users Cause Arbitrary Code to Execute on a Target User's System. Read more

securitytracker.com:
PHPKIT Input Validation Holes in 'member.php' and 'imcenter.php' Permit SQL Injection Attacks. Read more

securitytracker.com:
Microsoft IIS ASP Error Page May Disclose System Information in Certain Cases. Read more

www.securiteam.com:
Buffer Overflow in Elm (Expires, Exploit). Read more

 

News
www.theregister.co.uk:
Worm snaffles online gamers' passwords. Read more

news.zdnet.co.uk:
Polyglot worm attacks MSN users. Read more

www.theregister.co.uk:
Phishers and security firms in malware 'arms race'. Read more

www.detnews.com:
Hackers launch attacks on U.S. sites from China. Read more

www.nytimes.com:
Relax, Bill Gates; It's Google's Turn as the Villain. Read more

www.washingtonpost.com:
Copyright Program To Require Explorer. Read more

www.cio-today.com:
F-Secure Adds Behavioral Analysis to Enterprise Antivirus Software. Read more

www.informationweek.com:
RSA Security Sees Hope in Online Fraud. Read more

news.zdnet.co.uk:
Tens of thousands hit by ID theft ring. Read more

www.arabnews.com:
Spammers Try to Exploit Shock Value. Read more

www.smh.com.au:
Spammer indicted for illegal drug sale. Read more

www.signonsandiego.com:
Scam targets people who lost eBay auctions. Read more

www.computerworld.com.au:
CA warns customers about security hole. Read more

techdirt.com:
Tracking Kids, Tracking Employees -- What's The Difference? Read more

www.usdoj.gov:
Justice Department Announces Conviction of Florida Man Accused of Massive Data Theft from Acxiom, Inc. Read more

. 24 August 2005

Guides, Papers, etc
www.microsoft.com:
Microsoft Security Advisory (906574)
Clarification of Simple File Sharing and ForceGuest. Read more

www.microsoft.com:
The Antivirus Defense-in-Depth Guide. Read more

www.sans.org:
A Spyware Survival Toolkit. Read more

www.securityfocus.com:
Storm brewing over SHA-1 as further breaks are found. Read more

www.securityfocus.com:
Legal disassembly. Read more

www.wired.com/:
Windows Got Ya Down? Try a Remix . Read more

www.internetnews.com:
IE Workarounds For Zero-Day Exploit. Read more

www.infectionvectors.com:
Just in Time: Microsoft Time to Exploit 2. Read more

www.infectionvectors.com:
Just in Time: Microsoft Vector Exploit Time January-April 2005. Read more

www.webroot.com:
SPYWARE PURVEYORS GET DOWN TO BUSINESS. Read more

msdn.microsoft.com:
The Local Intranet Zone and Proxies: The Surprising Connection. Read more

 

Tools:
www.google.com:
Google Talk. Read more

news.zdnet.com:
Skype releases IM developer tools. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Adobe Version Cue (Mac OS X) Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
CA Advantage Data Transport Buffer Overflow and Other Bugs in Message Queueing Software Let Remote Users Execute Arbitrary Code or Deny Service. Read more

securitytracker.com:
BrightStor Portal Buffer Overflow and Other Bugs in Message Queueing Software Let Remote Users Execute Arbitrary Code or Deny Service. Read more

securitytracker.com:
BrightStor SAN Manager Buffer Overflow and Other Bugs in Message Queueing Software Let Remote Users Execute Arbitrary Code or Deny Service. Read more

securitytracker.com:
Unicenter Data Transport Option Buffer Overflow and Other Bugs in Message Queueing Software Let Remote Users Execute Arbitrary Code or Deny Service. Read more

securitytracker.com:
CA eTrust Admin Buffer Overflow and Other Bugs in Message Queueing Software Let Remote Users Execute Arbitrary Code or Deny Service. Read more

securitytracker.com:
Unicenter Application Performance Monitor Buffer Overflow and Other Bugs in Message Queueing Software Let Remote Users Execute Arbitrary Code or Deny Service. Read more

securitytracker.com:
Unicenter Enterprise Job Manager Buffer Overflow and Other Bugs in Message Queueing Software Lets Remote Users Execute Arbitrary Code or Deny Service. Read more

securitytracker.com:
Unicenter Jasmine Buffer Overflow and Other Bugs in Message Queueing Software Lets Remote Users Execute Arbitrary Code or Deny Service. Read more

securitytracker.com:
Unicenter NSM Buffer Overflow and Other Bugs in Message Queueing Software Lets Remote Users Execute Arbitrary Code or Deny Service. Read more

securitytracker.com:
Unicenter Performance Management for OpenVMS Buffer Overflow and Other Bugs in Message Queueing Software Lets Remote Users Execute Arbitrary Code or Deny Service. Read more

securitytracker.com:
Unicenter Remote Control Buffer Overflow and Other Bugs in Message Queueing Software Lets Remote Users Execute Arbitrary Code or Deny Service. Read more

securitytracker.com:
Unicenter Service Level Management Buffer Overflow and Other Bugs in Message Queueing Software Lets Remote Users Execute Arbitrary Code or Deny Service. Read more

securitytracker.com:
Unicenter Software Delivery Buffer Overflow and Other Bugs in Message Queueing Software Lets Remote Users Execute Arbitrary Code or Deny Service. Read more

securitytracker.com:
ZipTorrent Discloses Proxy Password to Local Users. Read more

securitytracker.com:
CA CleverPath Buffer Overflow and Other Bugs in Message Queueing Software Lets Remote Users Execute Arbitrary Code or Deny Service. Read more

securitytracker.com:
Unicenter Asset Management Buffer Overflow and Other Bugs in Message Queueing Software Lets Remote Users Execute Arbitrary Code or Deny Service. Read more

securitytracker.com:
WebLogic Portal Access Control Flaw May Grant Remote Users Access to Entitled Pages. Read more

securitytracker.com:
CiscoWorks Management Center for IDS Sensors Certificate Validation Bug Lets Remote Users Spoof IDS Sensors. Read more

securitytracker.com:
Cisco Intrusion Prevention System Command Line Interface Bug Lets Authenticated Users Gain Elevated Privileges. Read more

securitytracker.com:
Unicenter TNG Buffer Overflow and Other Bugs in Message Queueing Software Lets Remote Users Execute Arbitrary Code or Deny Service. Read more

securitytracker.com:
netpbm 'pstopnm' Lack of Ghostscript -dSAFER Option May Let Remote Users Cause Arbitrary Commands to Be Executed. Read more

 

News
news.com.com:
Zotob worm hole also affects Windows XP. Read more

www.theregister.co.uk:
US tops poll of spyware purveyors. Read more

www.vnunet.com:
Crimeware epidemic spreading fast. Read more

news.netcraft.com:
Banks Shifting Logins to Non-SSL Pages. Read more

www.techworld.com:
When robbing bank, don't take your own laptop. Read more

news.bbc.co.uk:
ID theft spyware scam uncovered. Read more

icwales.icnetwork.co.uk:
'Ethical hackers' recruited. Read more

news.zdnet.co.uk:
Telewest responds to virus problems. Read more

news.xinhuanet.com:
Intel unveils new chip architecture. Read more

. 23 August 2005

Guides, Papers, etc
mywebpages.comcast.net:
XP Myths - Myths Regarding Windows XP. Read more

antiphishing.org:
Phishing Activity Trends Report July, 2005. Read more

www.computerworld.com:
Awaiting the PC Killers. Could viruses really attack the low-level microcode that makes disk drives run? Read more

www.imediaconnection.com:
Web Analytics Breakthrough! Read more

www.intelguardians.com:
Complex Signature IDS. Correlating System and Application Logs with Traffic Traces and IDS Alerts. Read more

www.intelguardians.com:
Snort GUIs: Acid, Snort Center, and Beyond. Read more

 

Tools:
www.red-database-security.com:
Checkpwd 1.0 is a free dictionary based password checker for Oracle databases. This is a useful tool for DBAs to identify Oracle accounts with weak or default passwords. Read more

illmob.org:
Zotob Worm Remover that removes the processes/files/registry entries from variants A through G. includes MASM source code by illwill . Download

 

Vulnerabilities & Exploits
securitytracker.com:
slocate Bug in Processing Long Paths Lets Local Users Deny Service. Read more

securitytracker.com:
Netquery Input Validation Hole in 'dig' Query Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
ACNews Discloses Database and Administrative Password to Remote Users. Read more

securitytracker.com:
SaveWebPortal Include File Bug Lets Remote Users Code Execute Arbitrary Code and Authentication Flaw Grants Administrative Access. Read more

www.debian.org:
DSA-780-1 kdegraphics -- wrong input sanitising. Read more

 

News
www.theregister.co.uk:
Google uses Sidebar to sideline rivals. Read more

www.theregister.co.uk:
Hotel hacking could pump smut into every room. Read more

www.computerweekly.com:
Veritas flaw lets hackers access files. Read more

www.computerweekly.com:
Zotob worm beats IT departments in race to patch vulnerable systems. Read more

www.stuff.co.nz:
Microsoft find spam bill hard to swallow. Read more

www.chron.com:
Air Force database breached. Read more

news.zdnet.co.uk:
Telewest responds to virus problems. Read more

www.greenwichtime.com:
FBI uses cyber lab to catch sexual predators. Read more

. 22 August 2005

Guides, Papers, etc
www.f-secure.com:
Eye-witness account of a global virus outbreak. Read more

 

Vulnerabilities & Exploits
www.rgod.altervista.org:
NETQUERY 3.11 remote commands execution. Read more

www.rgod.altervista.org:
SaveWebPortal 3.4 remote code execution / admin check bypass / remote file inclusion / cross site scripting. Read more

securitytracker.com:
Land Down Under Input Validation Bugs Permit SQL Injection and Cross-Site Scripting Attacks. Read more

securitytracker.com:
WoltLab Burning Board Input Validation Holes in 'modcp.php' Permit SQL Injection. Read more

securitytracker.com:
Elm Buffer Overflow in SMTP 'Expires' Header Lets Remote Users Execute Arbitrary Code. Read more

www.securiteam.com:
MyBB finduser Search SQL Injection (Exploits). Read more

 

News
www.it-observer.com:
Microsoft joins industry leaders in offering enhanced online identity assurance verification tools on its IE platform. Read more

news.zdnet.co.uk:
Google's new hire hits back. Read more

www.vnunet.com:
Hackers rob online gamers. Read more

www.technologyreview.com:
Wireless Wiretapping. Read more

news.zdnet.co.uk:
Microsoft plays down IE flaw. Read more

nwc.systemsmanagementpipeline.com:
Attacks Launched By Three Different Hackers. Read more

www.techworld.com:
Finnish Wi-Fi bank robber snaffled by own laptop. Read more

www.smh.com.au:
Google updates desktop search tool. Read more

www.theadvertiser.com:
Weapons gained in fight against online sexual predators. Read more

. 21 August 2005

Guides, Papers, etc
www.secinf.net:
Avoiding The Auto Dialer Virus. Read more

www.sophos.com:
Sophos comment: Why "good worms" are a bad idea. Read more

www.tomshardware.com:
Windows Spyware Survival Tools. Read more

www.gfi.com:
How to keep spam off your network. Read more

www.secinf.net:
Tricks of the Spammer's Trade. Read more

msdn.microsoft.com:
The Local Intranet Zone and Proxies: The Surprising Connection. Read more

www.informationweek.com:
Search Engines Find Stolen Identities. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Sysinternals Process Explorer Buffer Overflow in Processing CompanyName Values Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
PCRE Heap Overflow May Let Users Execute Arbitrary Code. Read more

securitytracker.com:
Cisco Clean Access Lets Users Bypass Host-based Security Checks. Read more

securitytracker.com:
HAURI ViRobot Input Validation Hole in Processing Compressed Archive Contents Lets Remote Users Write Arbitrary Files. Read more

www.debian.org:
DSA-779-1 mozilla-firefox -- several vulnerabilities. Read more

 

News
www.vnunet.com:
Criminal database goes online. Read more

news.com.com:
Vista feature exposes beta machines. Read more

www.thestandard.com.hk:
New forensic software to help fight crime. Read more

news.com.com:
Schooled in security. Read more

www.iol.co.za:
Scammers pose as execs to 'spear-phish'. Read more

news.com.com:
Racing to build the world's mightiest computer. Read more

www.usatoday.com:
Nanotech researchers report big breakthrough. Read more

. 20 August 2005

Guides, Papers, etc
www.cisco.com:
Cisco Security Notice: ZOTOB and WORM_RBOT.CBQ Mitigation Recommendations. Read more

blogs.pcworld.com:
Don't Just Renew your Antivirus Software, Upgrade It. Read more

news.bbc.co.uk:
Whose net is it anyway? Read more

Detecting worms through de-centralized monitoring. Read more

 

Vulnerabilities & Exploits
www.frsirt.co:
HAURI Antivirus Products Compressed Archive Directory Traversal. Read more

securitytracker.com:
Tor May Use Weak Diffie Hellman Keys. Read more

securitytracker.com:
Chris Moneymaker's World Poker Championship Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
W-Agora Input Validation Flaw in 'site' Parameter Discloses Files to Remote Users. Read more

securitytracker.com:
phpPgAds Multiple Bugs Permit SQL Injection and Local File Inclusion and XML-RPC Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
phpAdsNew Multiple Bugs Permit SQL Injection and Local File Inclusion and XML-RPC Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
ECW-Shop Bugs Permit SQL Injection, Cross-Site Scripting, and Price Modification. Read more

securitytracker.com:
BBCaffe Input Validation Hole in E-mail Field Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Nortel VPN Client Entrust Certificate Profile Implementation Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
ATutor Input Validation Bugs in 'login.php' and 'search.php' Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
Whisper 32 Discloses Password to Local Users. Read more

securitytracker.com:
Mutt Buffer Overflow in 'handler.c' May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Juniper NetScreen ScreenOS Lets Remote Users Determine Valid VPN Usernames. Read more

www.debian.org:
DSA-778-1 mantis -- missing input sanitising. Read more

 

News
www.theregister.co.uk:
Exploit for unpatched IE vuln fuels hacker fears. Read more

news.com.com:
Microsoft: New IE flaw limited in scope. Read more

www.redmondmag.com:
Zero-Day Exploit for IE Flaw Allows Remote Code Execution. Read more

news.com.com:
Zotob worm from Turkey? Read more

news.com.com:
Flawed code throttled spread of Zotob variants. Read more

www.ameinfo.com:
Security experts offer calm in the Windows Plug-and-Play storm. Read more

news.com.com:
This week in security. Read more

www.theregister.co.uk:
Finnish security exec arrested over bank hack. Read more

news.com.com:
In Finland: Stealing Wi-Fi to rob the bank. Read more

www.theregister.co.uk:
Apple patch fiasco invites trouble. Read more

www.eweek.com:
'E-Mail Wiretapping' Prosecutions Could Increase in the Future. Read more

www.newsfactor.com:
Core Security Helps Admins Hack Their Own Networks. Read more

www.hindustantimes.com:
Virus bugs immigration database at US airports. Read more

software.silicon.com:
Star Wars and spyware mixed up in users' minds. Read more

www.terra.net.lb:
US has until April 2006 to respect Internet gambling ruling: WTO. Read more

. 19 August 2005

Guides, Papers, etc
singe.rucus.net:
MS05-039 and the Zotob summary. Read more

www.science.org:
IIS Security and Programming Countermeasures. Read more

www.windowsecurity.com:
Implementing Principle of Least Privilege. Read more

www.eweek.com:
By Larry Seltzer: August Patch Winds Fade. Read more

 

Tools:
isc.sans.org:
Tom Liston from Intelguardians wrote a small utility to set the "killbit" for msdds.dll. This will prevent use of msdds.dll via ActiveX. Read more

 

Vulnerabilities & Exploits
rgod.altervista.org:
Visual C++: Protecting Against Buffer Overruns with the /GS Switch. Read more

rgod.altervista.org:
BBCaffe 2.0 cross site scripting poc. Read more

www.rgod.altervista.org:
DevC++ V.4.9.9.2 NULL BYTE INSERTION / OBFUSCATION FLAW. Read more

www.cisco.com:
Cisco Security Advisory: Cisco Clean Access Unauthenticated API Access. Read more

PHPFreeNews Input Validation Bugs in 'SearchResults.php' Permits SQL Injection and Cross-Site Scripting Attacks. Read more

securitytracker.com:
Zorum Input Validation Hole in 'gorum/prod.php' Lets Remote Users Include and Execute Arbitrary Code. Read more

securitytracker.com:
ezUpload 'path' Parameter Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Linux Kernel Memory Leak in syscall32_setup_pages() May Let Local Users Deny Service. Read more

securitytracker.com:
Linksys WRT54GS Lets Remote Users Bypass WPA Wireless Encryption. Read more

securitytracker.com:
Xerox Document Centre MicroServer Web Server Bugs Let Remote Users Bypass Authentication, View Files, and Deny Service. Read more

securitytracker.com:
Cisco Clean Access API Does Not Use Authentication. Read more

www.securiteam.com:
ZENworks Desktop/Server Management Stack Overflow. Read more

www.securiteam.com:
Novell EDirectory Server IMonitor Remote Buffer Overflow (Exploit). Read more

www.securiteam.com:
CA BrightStor ARCserve Backup Agent for SQL (Exploit). Read more

www.securiteam.com:
ShixxNote Buffer Overflow (Exploit). Read more

 

News
www.theregister.co.uk:
Worm War II. Read more

www.f-secure.com:
Major botwar increases in scale and force. Read more

www.pcworld.idg.com.au:
Worm wave highlights need for speedier defenses. Read more

www.eweek.com:
Zotob, PnP Worms Slam 13 DaimlerChrysler Plants. Read more

www.computerworld.com.au:
Sysadmins taking brunt of blame for Windows worm attack. Read more

software.silicon.com:
Microsoft told to take some virus blame. Read more

searchsecurity.techtarget.com:
How 'limited' malcode pulled off the year's biggest attack. Read more

www.techworld.com:
Gmail, MSN, Flikr... struck by security hole. Read more

news.com.com:
Microsoft investigates potential new IE flaw. Read more

Microsoft Security Advisory (906267)
A COM Object (Msdds.dll) Could Cause Internet Explorer to Unexpectedly Exit. Read more

www.neowin.net:
Microsoft AntiSpyware vs Messenger Plus! Read more

www.schneier.com:
New Cryptanalytic Results Against SHA-1. Read more

www.theregister.co.uk:
AOL techie jailed for selling email database to spammers. Read more

www.computerworld.com.au:
Development tool security hole threatens Internet apps. Read more

www.smh.com.au:
Singapore arrests three for music piracy. Read more

. 18 August 2005

Guides, Papers, etc
www.securityfocus.com:
Plug-and-play bots worming and warring among Windows systems. Read more

www.greenpeace.org:
RECYCLING OF ELECTRONIC WASTES IN CHINA & INDIA: WORKPLACE & ENVIRONMENTAL CONTAMINATION. Read more

www.businessweek.com:
For Worm Writers, Speed Thrills. Read more

 

Tools:
www.infogreg.com:
MSN Messenger Password Decrypter for Windows XP and 2003. Read more

 

Vulnerabilities & Exploits
www.frsirt.com:
Microsoft Internet Explorer "Msdds.dll" Remote Code Execution Exploit (0day). Read more

www.adobe.com:
Security Advisory: Acrobat and Adobe Reader plug-in buffer overflow. Read more

rgod.altervista.org:
Zorum 3.5 remote code execution poc exploit. Read more

www.debian.org:
DSA-777-1 mozilla -- frame injection spoofing. Read more

www.debian.org:
DSA-776-1 clamav -- integer overflows, infinite loop. Read more

moritz-naumann.com:
Internet Explorer 6 Meta Refresh Parsing Weakness. Read more

securitytracker.com:
Linux Kernel ptrace find_target() Lets Local Users Deny Service. Read more

securitytracker.com:
phpWebSite Input Validation Hole in 'Module' Parameter Permits SQL Injection. Read more

securitytracker.com:
MiniBB Include File Bug in 'includeFooter' Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Legato NetWorker AUTH_UNIX, Database, and Portmapper Authentication Can Be Bypassed By Remote Users. Read more

 

News
www.eweek.com:
Fast-Moving Worms Slam Media, Enterprise Networks. Read more

www.eweek.com:
Microsoft Ships Zotob Worm Zapper. Read more

www.eweek.com:
Zotob Proves Patch Management Isn't Enough. Read more

www.eweek.com:
Zotob Madness and the Real Cost of Windows vs. Linux. Read more

www.eweek.com:
By Larry Seltzer: New Worms Catch Big Business With Pants Down. Read more

today.reuters.com:
Computer virus writers at war, security firm says. Read more

software.silicon.com:
Is latest can of worms a cyber-crime turf war? Read more

www.eweek.com:
New Worm Variants Hit U.S. Media Outlets, Companies. Read more

www.pcw.co.uk:
W32/IRCbot worm beats Sasser record. Read more

www.theregister.co.uk:
Plug and Play pandemonium. Read more

www.zdnet.com.au:
Australia escapes Windows 2000 worms. Read more

news.zdnet.com:
Windows worms knocking out computers. Read more

apnews1.iwon.com:
Worm Infection Rates Appear to Be Low. Read more

www.theregister.co.uk:
Adobe warns over PDF peril. Read more

news.zdnet.com:
Microsoft investigates potential new IE flaw. Read more

software.silicon.com:
Hacking fears spark power-plant security clampdown. Read more

software.silicon.com:
Teen gets five years for botnet attacks. Read more

www.channelregister.co.uk:
Man logs into dabs.com customer account shocker. Read more

www.theregister.co.uk:
:
Symantec snaps up compliance specialist Sygate. Read more

www.theregister.co.uk:
:
Customers slap Dell for lousy support. Read more

www.cbronline.com:
Yahoo readies new VoIP service. Read more

. 17 August 2005

Guides, Papers, etc
packetstormsecurity.org:
Bypassing Windows heap protections. Read more

www.windowsecurity.com:
Ideal-to-Realized Security Assurance In Cryptographic Keys (Part 1). Read more

blogs.msdn.com:
URLs in Internet Explorer 7. Read more

www.microsoft.com:
What You Should Know About Zotob. Read more

 

Tools:
www.secdev.org:
Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. Read more

 

Vulnerabilities & Exploits
www.frsirt.com:
Adobe Acrobat and Reader Plug-in Buffer Overflow Vulnerability. Read more

securitytracker.com:
Apple Mac OS X Bug in servermgr_ipfilter May Prevent Certain Firewall Rules From Being Enforced. Read more

securitytracker.com:
Apple Mac OS X SecurityInterface May Disclose Passwords to Authenticated Administrators. Read more

securitytracker.com:
Apple Safari RTF Link Bug May Let Remote Users Execute Arbitrary Code and XSL Form Bug May Disclose Data to the Wrong Site. Read more

securitytracker.com:
Apple QuartzComposerScreenSaver Lets Physically Local Users Bypass the Password Mechanism. Read more

securitytracker.com:
Apple Mail Does Not Fully Enforce Remote Image Access Blocking. Read more

securitytracker.com:
Apple Mac OS X Buffer Overflow in Traceroute Yields Elevated Privileges to Local Users. Read more

securitytracker.com:
Apple Mac OS X loginwindow Fast User Switching Lets Certain Local Users Access Accounts on the System. Read more

securitytracker.com:
Apple Mac OS X Buffer Overflow in Ping Yields Elevated Privileges to Local Users. Read more

securitytracker.com:
Apple Directory Services Lets Remote or Local Users Execute Arbitrary Code and Local Users Create Accounts. Read more

securitytracker.com:
HItoolbox May Disclose Secure Information via the VoiceOver Interface. Read more

securitytracker.com:
CUPS on Mac OS X Lets Remote Users Deny Service By Submitting Multipe Print Jobs or Partial IPP Requests. Read more

securitytracker.com:
Apple Mac OS X CoreFoundation Command Line Buffer Overflow and Date Parsing Error Lets Local Users Execute Arbitrary Code and Deny Service. Read more

securitytracker.com:
Apple AppKit Login Window Lets Local Users Create Additional Accounts. Read more

securitytracker.com:
Apple AppKit Buffer Overflow in Processing RTF and Word Documents Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Apple Weblog Server Input Validation Hole Permit Cross-Site Scripting Attacks. Read more

www.securiteam.com:
Iwconfig Buffer Overflow. Read more

www.securiteam.com:
Ifenslave Buffer Overflow. Read more

www.securiteam.com:
Mdaemon Buffer Overflow (AUTHENTICATE CRAM-MD5, Exploit). Read more

www.securiteam.com:
Vulnerability in Plug and Play Allows Remote Code Execution and Elevation of Privilege (MS05-039, Exploit_). Read more

 

News
www.vnunet.com:
Windows worm knocks down corporations. Read more

searchsecurity.techtarget.com:
UPDATED: More malcode targets Windows Plug and Play flaw. Read more

www.vnunet.com:
Windows Vista puts testers' security at risk. Read more

www.eweek.com:
By Larry Seltzer: August Patch Winds Fade. Read more

www.vnunet.com:
US cyber security 'almost out of control'. Read more

www.vnunet.com:
Microsoft under fire for RSS hijacking. Read more

www.theregister.co.uk:
IRC bot latches onto Plug-and-Play vuln. Read more

software.silicon.com:
Virus alert: Windows 2000 worms begin to bite. Read more

www.theregister.co.uk:
180Solutions sues former affiliates over illegal tactics. Read more

www.theregister.co.uk:
My spam-filled search index is bigger than yours! Read more

www.theregister.co.uk:
DoS for hire scam teen jailed for five years. Read more

. 16 August 2005

Vulnerabilities & Exploits
www.frsirt.com:
Kaspersky AntiVirus Log Directory Insecure Permissions Vulnerability. Read more

www.frsirt.com:
Debian Security Update Fixes Mozilla Firefox Frame Injection. Read more

www.debian.org:
DSA-775-1 mozilla-firefox -- frame injection spoofing. Read more

securitytracker.com:
XML-RPC for PHP Nested Tag Parsing Flaw Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
PEAR XML_RPC Nested Tag Parsing Flaw Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
KDE langen2kvtml Temporary File Flaw May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Drupal XML-RPC Library Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Discuz! Board Input Validation Flaw Lets Remote Users Upload Scripting Code. Read more

securitytracker.com:
Evolution Format String Bugs in Processing vCards Allow Remote Users to Execute Arbitrary Code. Read more

securitytracker.com:
Linksys WLAN Monitor Allows Local Users to Gain Elevated Privileges. Read more

 

News
news.zdnet.co.uk:
Zotob worm makes little progress. Read more

today.reuters.com:
New Internet worm affects Windows users - Trend Micro. Read more

news.bbc.co.uk:
Tools drive point-and-click crime. Read more

mdn.mainichi-msn.co.jp:
'One-click' malicious software fraud spreading in Japan. Read more

www.networkworld.com:
Mobile viruses could score big at soccer World Cup. Read more

www.pandasoftware.com:
Panda Software reports one of the most complex organized attacks ever. Read more

www.pcworld.idg.com.au:
McAfee readies home Wi-Fi security tool. Read more

www.technewsworld.com:
Hackers Set OS X Free From Apple. Read more

www.technewsworld.com:
Huge Computer-Theft Case Gets Conviction. Read more

news.com.com:
Bush administration objects to .xxx domains. Read more

news.com.com:
The FCC's invite to Big Brother. Read more

www.theregister.co.uk:
Bulk mailer convicted of data theft scam. Read more

www.schneier.com:
Websites, Passwords, and Consumers. Read more

www.business2.com:
Free Wi-Fi? Get Ready for GoogleNet. Read more

portal.telegraph.co.uk:
Drawing a picture of the online fraudster. Read more

. 15 August 2005

Guides, Papers, etc
www.dhs.gov:
VULNERABILITY DISCLOSURE FRAMEWORK. Read more

 

Vulnerabilities & Exploits
www.securiteam.com:
Internet Explorer Code Execution Through MIME Manipulation. Read more

wheresthebeef.co.uk:
Cross Site Scripting Vulnerability at CitiBank. Read more

www.securiteam.com:
Veritas Backup Exec Windows Agent Remote File Access (Exploit). Read more

www.securiteam.com:
Windows 2000 Plug and Play Universal Exploit (MS05-039). Read more

www.securiteam.com:
ezUpload path Parameter Command Execution (Exploit). Read more

www.securiteam.com:
Ares FileShare Buffer Overflow. Read more

 

News
online.securityfocus.com:
Worm spreading through Microsoft Plug-and-Play flaw. Read more

news.zdnet.co.uk:
Zotob worm targets Windows 2000. Read more

www.aladdin.com:
Hotword Trojan Horse. Read more

english.donga.com:
Chinese Hackers Could Use Korea in Attacks against Japan. Read more

www.benedelman.org:
Debunking ShopAtHomeSelect. Read more

www.sophos.com:
Phishers use wheelchair-bound old lady to target eBay Good Samaritans, Sophos reports. Read more

software.silicon.com:
£200,000 card fraud gang jailed for four years. Read more

. 14 August 2005

Guides, Papers, etc
Fileprint Analysis for Malware Detection. Read more

Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Grandstream BudgeTone 101/102 Can Be Crashed By Remote Users. Read more

www.securityfocus.com:
SQL in PHPTB Topic Boards 2.0. Read more

www.securityfocus.com:
JaguarControl Activex Buffer Overflow. Read more

 

News
www.webpronews.com:
Hackers Unveil OEM PC Version Of Mac OS X. Read more

www.tomshardware.com:
Black Hat/Defcon: Hackers Go Back to Vegas. Read more

www.sunherald.com:
27 new cyber-warriors unleashed. Read more

www.technewsworld.com:
Two Phishing Scams Target PayPal, eBay Users. Read more

news.zdnet.co.uk:
UK failing to fight spam. Read more

www.informationweek.com:
Windows 2000 Users Dealing With Wave of Bugs. Read more

www.informationweek.com:
FBI: Businesses (Still) Reluctant To Report Cyber Attacks. Read more

today.reuters.co.uk:
US officials go to hackers' convention to recruit. Read more

www.informationweek.com:
Opera Offers Web Browsing For Low-End Mobile Phones. Read more

. 13 August 2005

Guides, Papers, etc
www.digitalmunition.com:
Theft of Bluetooth Link Keys for Fun and Profit? Read more

www.arbornetworks.com:
Sink Holes, A Swiss Army Knife ISP Security Tool. Read more

www.blackalchemy.to:
fakeAP - Generates thousands of counterfeit 802.11b access points for use as part of a honeypot or to confuse Wardrivers, NetStumblers, Script Kiddies, and other undesirables. Read more

 

Tools:
basted.sourceforge.net:
BASTED is a free tool/solution, that acts as a honeypot for spammers, who use spambots to harvest email addresses from websites. BASTED has been designed to become a powerfull tool for system administrators willing to gather information about the data-flow in the spam process. Read more

www.eeye.com:
The Retina UMPNP Scanner is a single audit scanning tool offered free of charge by eEye Digital Security. This tool will scan up to 16 IP addresses at once to determine if any are vulnerable to the Plug and Play Service vulnerability (MS05-039) released by Microsoft in August, 2005. Read more

 

Vulnerabilities & Exploits
ftp.aerasec.de:
Insecure directory permissions of default installation of Kaspersky Anti-Virus for Unix/Linux File Servers will lead to local root exploit. Read more

www.debian.org:
DSA-774-1 fetchmail -- buffer overflow. Read more

xforce.iss.net:
Veritas Backup Exec Remote Agent File Download Vulnerability. Read more

www.frsirt.com:
McAfee ePolicy Orchestrator Local Privilege Escalation Vulnerability. Read more

securitytracker.com:
Novell eDirectory Server 'imonitor' Buffer Overflow Allows Remote Users to Execute Arbitrary Code. Read more

securitytracker.com:
MidiCart Input Validation Holes in 'item_show.asp' and 'search_list.asp' Permit SQL Injection. Read more

securitytracker.com:
Wyse Winterm 1125SE Can Be Crashed By Remote Users. Read more

indian-hackers.net:
Yahoo! : Yahoo! Messenger may be storing all session data 'Unencoded' on the local machine. Read more

 

News
www.vnunet.com:
Microsoft exploit code hits the web. Read more

www.techspot.com:
Major Microsoft security hole could cause disaster. Read more

www.techworld.com:
Two new spyware threats emerge. Read more

www.theregister.co.uk:
Cabir mobile worm gives track fans the run around. Read more

nwc.personaltechpipeline.com:
Phone Virus Spreading At Athletic Event, Vendor Claims. Read more

arstechnica.com:
Court reverses dreadful decision on wiretapping. Read more

www.eweek.com:
Is VOIP Wiretapping a Privacy Threat? Read more

news.bbc.co.uk:
Cracking the code. Read more

news.bbc.co.uk:
It's the system, stupid. Read more

www.lavasoftresearch.com:
Den of thieves. Read more

news.zdnet.co.uk:
UK failing to fight spam. Read more

news.bbc.co.uk:
Google pauses online books plan. Read more

news.com.com:
Why more women aren't "geeks". Read more

www.pcworld.com:
Pirated Version of Mac OS for PCs Available. Read more

. 12 August 2005

Guides, Papers, etc
www.windowsecurity.com:
Product Review: Acunetix Web Vulnerability Scanner. Read more

www.computerworld.com:
Microsoft's 'HoneyMonkey' effort could presage URL filtering bid. Read more

astalavista.com:
Tracing Multiple Attackers with Deterministic Packet Marking (DPM). Read more

astalavista.com:
A Technique for Counting NATted Hosts. Read more

astalavista.com:
Examining The Cyber Capabilities of Islamic Terrorist Groups. Read more

money.cnn.com:
Google needs to be more evil. Read more

 

Vulnerabilities & Exploits
www.frsirt.com:
McAfee ePolicy Orchestrator Local Privilege Escalation Vulnerability. Read more

www.debian.org:
DSA-773-1 amd64 -- several vulnerabilities. Read more

dkcs.void.ru:
Windows (LegitCheckControl.dll) Genuine Advantage Validation Patch. Read more

www.nuclearelephant.com:
East-Region Verizon Wireless Customer Data at Risk. Read more

www.frsirt.com:
Microsoft Windows 2000 Plug and Play Universal Remote Exploit (MS05-039). Read more

securitytracker.com:
HP Integrated Lights Out May Let Remote Users Access the System When Powered Down. Read more

securitytracker.com:
Open Bulletin Board Input Validation Holes in board.php, read.php, and member.php Permit SQL Injection. Read more

securitytracker.com:
SysCP Input Validation Holes Allow Remote Users to Include and Execute Arbitrary Code. Read more

 

News
www.cnn.com:
Feds recruiting hackers at Defcon. Read more

news.bbc.co.uk:
Yahoo in $1bn Chinese online deal. Read more

www.wired.com:
Yahoo Buys Stake in Alibaba. Read more

www.theregister.co.uk:
Alpha geeks wanted for beta testing. Read more

www.vnunet.com:
Latest phishing scam goes low tech. Read more

www.channelregister.co.uk:
Fax-back phishing scam targets PayPal. Read more

wcbstv.com:
Man Uses Online Dating Service For Scam. Read more

www.wired.com:
Critics Slam Net Wiretapping Rule. Read more

www.globetechnology.com:
U.S. law could stifle VoIP development, group warns. Read more

www.wired.com:
Google's Boycott Misses the Mark. Read more

news.com.com:
Google 'intelligence' fills in the blanks. Read more

portland.bizjournals.com:
BofA offers free online banking protection. Read more

today.reuters.com:
Intel to unveil shift in design of its PC chips. Read more

. 11 August 2005

Guides, Papers, etc
www.windowsecurity.com:
Bluetooth: Is it a Security Threat? Read more

blogs.msdn.com:
The Microsoft Internet Explorer Weblog. Search in Beta 1. Read more

www.securityfocus.com:
Identifying P2P users using traffic analysis. Read more

The Blaster Worm: Then and Now. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Red Hat Sysreport Temporary File Race Condition May Disclose System Information to Local Users. Read more

securitytracker.com:
Gaim Filename Processing Error Lets Remote Users Deny Service. Read more

securitytracker.com:
Gaim Buffer Overflow in Processing Away Messages May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Xpdf Large Temporary Files May Let Remote Users Cause Denial of Service Conditions. Read more

securitytracker.com:
Linux Kernel Keyring Destruction Error Lets Local Users Deny Service. Read more

securitytracker.com:
Microsoft Internet Explorer COM Object Instantiation Bug May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Windows Kerberos and PKINIT Vulnerabilities Allow Denial of Service, Information Disclosure, and Spoofing. Read more

securitytracker.com:
Microsoft Internet Explorer Web Folder URL Validation Bug Lets Remote Users Execute Scripting Code in an Arbitrary Security Domain. Read more

www.securiteam.com:
Vulnerability in Remote Desktop Protocol Allows DoS (MS05-041, Exploit). Read more

www.securiteam.com:
Microsoft Internet Explorer COM Objects Instantiation (Exploit, MS05-038). Read more

www.securiteam.com:
nbSMTP Format String (Exploit). Read more

 

News
www.theregister.co.uk:
Six patches - three critical - in MS August patch batch. Read more

www.eweek.com:
MS Corrects IE Patch Download Glitch. Read more

www.eweek.com:
MS Patch Day Includes Monster IE Update. Read more

news.zdnet.co.uk:
Virus with SOCKS appeal targets corporate PCs. Read more

software.silicon.com:
Spammers exploit Iran nuclear crisis. Read more

www.theregister.co.uk:
Nuke news ruse used to spread Trojan. Read more

news.com.com:
Microsoft says PC 'recycle bin' yielded Google clue. Read more

www.informationweek.com:
Hackers Break Into Two Universities, 100,000 Identities At Risk. Read more

www.theregister.co.uk:
US schookids run amok on internet. Read more

www.theregister.co.uk:
Humble VMware offers to make itself an industry standard. Read more

www.technewsworld.com:
Anti-Phishing Firm Hires Infamous Hacker. Read more

www.informationweek.com:
Spammers Scare To Sell. Read more

www.eweek.com:
Who'll Fill the Gap in the Gateway Security Market? Read more

www.cbronline.com:
Unhappiness drives open source adoption. Read more

www.theregister.co.uk:
Man dies playing computer games. Read more

. 10 August 2005

Guides, Papers, etc
www.microsoft.com:
Improve the safety of your browsing and e-mail activities. Read more

Fraud through pharming: redirecting your browser to fake Web sites. Read more

www.microsoft.com:
What you should know about downloading. Read more

astalavista.com:
The Official Cisco & ISS's complaint against Michael Lynn and BlackHat. Read more

astalavista.com:
Effectiveness of Internet Filtering Software Products. Read more

 

Vulnerabilities & Exploits
www.frsirt.com:
Microsoft Internet Explorer COM Objects Instantiation Exploit (MS05-038). Read more

xforce.iss.net:
Windows Plug and Play Remote Compromise. Read more

xforce.iss.net:
Multiple Microsoft Vulnerabilities - August 2005. Read more

www.idefense.com:
AWStats ShowInfoURL Remote Command Execution Vulnerability. Read more

www.securityfocus.com:
Design Flaw at Microsoft's AntiSpyware. Read more

www.securityfocus.com:
SSRT5940 rev.1 - HP-UX Mozilla remote, unauthorized user may execute privileged code. Read more

securitytracker.com:
Microsoft Windows Plug and Play Stack Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Windows Telephony Service Remote Code Execution or Local Privilege Escalation. Read more

securitytracker.com:
Microsoft Windows Print Spooler Service Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
KDE kpdf Large Temporary Files May Let Remote Users Cause Denial of Service Conditions. Read more

securitytracker.com:
AWStats Input Validation Flaw in 'Referer' Field Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Sun Solaris printd Lets Remote Users Delete Arbitrary Files. Read more

securitytracker.com:
PHPOpenChat Input Validation Holes Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
cPanel Domain Access Control Flaw May Let Remote Users Access Other Domains in Certain Cases. Read more

securitytracker.com:
Dvbbs Input Validation Flaws Permit Cross-Site Scripting Attacks. Read more

www.securiteam.com:
Ethereal AFP Protocol Dissector Remote Format String (Exploit). Read more

 

News
www.microsoft.com:
Microsoft Security Bulletin Summary for August, 2005. Read more

www.theregister.co.uk:
ID theft automated using keylogger Trojan. Read more

news.com.com:
IE flaw opens door to infection on sight. Read more

www.theregister.co.uk:
Fortinet loses anti-virus patent ruling. Read more

www.theregister.co.uk:
Former 'Spam King' pays MS $7m to settle lawsuit. Read more

www.bakutoday.net:
Hacker steals data on 61,000 students from US university. Read more

wcbstv.com:
Kutztown 13: Harmless Hackers Or Criminals? Read more

www.technewsworld.com:
International Identity Theft Ring Discovered. Read more

news.com.com:
Feds fund VoIP tapping research. Read more

www.newscientist.com:
Net worms could wriggle around warning systems. Read more

. 09 August 2005

Guides, Papers, etc
research.microsoft.com:
Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities. Read more

 

Vulnerabilities & Exploits
www.appsecinc.com:
MySQL: Improper Filtering of Directory Traversal Characters in User Defined Functions. Read more

www.appsecinc.com:
MySQL: Multiple Issues with User Defined Functions. Read more

www.rgod.altervista.org:
Synedit 2.0.1 (possibly prior versions) null byte insertion / code obfuscation. Read more

www.rgod.altervista.org:
FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/password disclosure & board takeover, possible remote code execution. Read more

securitytracker.com:
Gravity Board X Input Validation Hole Permits SQL Injection and Authentication Flaw Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Chipmunk CMS Input Validation Bug in 'fontcolor' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

 

News
www.securityfocus.com:
Microsoft's "monkeys" find first zero-day exploit. Read more

www.theregister.co.uk:
OS exploits are 'old hat'. Read more

www.theregister.co.uk:
Microsoft quells Vista virus concerns. Read more

www.chron.com:
Hackers' attacks bewilder VeriSign. Read more

www.computerweekly.com:
Hackers launch fresh assault on Windows anti-piracy system. Read more

www.computerweekly.com:
Sunbelt researchers uncover data collected by ID theft ring. Read more

software.silicon.com:
Huge ID theft ring affects at least 50 banks. Read more

www.techworld.com:
Windows 2000 update problems force re-release. Read more

. 08 August 2005

Guides, Papers, etc
www.techworld.com:
Start planning for the nano revolution. Read more

 

Tools:
tor.eff.org:
Tor: An anonymous Internet communication system. 2005-08-04: Tor 0.1.0.13. Read more

logalert.sourceforge.net:
logalert is a logfile monitoring tool which executes a specific action whenever it matches a string (pattern) occurrence. Read more

www.zdnet.com.au:
The best firewall is .... Read more

www.certcities.com:
My Top 10 Tips For Preparing and Passing the CISSP Exam. Read more

 

Vulnerabilities & Exploits
www.securiteam.com:
Quick'n Easy FTP Server DoS (Exploit). Read more

 

News
www.washingtonpost.com:
Terrorists Turn to the Web as Base of Operations. Read more

microsoft.weblogsinc.com:
Genuine Windows Validation fixed. Read more

www.theregister.co.uk:
Security download must clearly disclose adware. Read more

software.silicon.com:
Windows piracy check: Foiled again. Read more

www.itnews.com.au:
Worms could slip through detection nets. Read more

www.chron.com:
Hackers' attacks bewilder VeriSign. Read more

www.ciol.com:
Wireless networks -- easy pickings for hackers. Read more

www.techworld.com:
Are we feeling safer yet? Read more

www.techworld.com:
Internet domain system wide open to fraudulent attack. Read more

www.wired.com:
Nigerian Net Grifters Doing Fine. Read more

. 07 August 2005

Guides, Papers, etc
Routing Worm: A Fast, Selective Attack Worm based on IP Address Information. Read more

 

Vulnerabilities & Exploits
www.rgod.altervista.org:
Gravity Board X v1.1 (possibly prior versions) Remote code execution, SQL Injection / Login Bypass, cross site scripting, pathdisclosure poc. Read more

securitytracker.com:
EMC Navisphere Manager Input Validation Bug Discloses Files to Remote Users. Read more

securitytracker.com:
Acunetix Web Vulnerability Scanner Web Sniffer Can Be Crashed By Remote Users. Read more

securitytracker.com:
NetworkActiv Web Server Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Linux Kernel Can Be Crashed By Local Users. Read more

 

News
news.com.com:
Will viruses hitch a ride on car computers? Read more

news.com.com:
Microsoft: Virus target won't be in Vista. Read more

www.windowsitpro.com:
Microsoft: Sorry, There's No Windows Vista Virus. Read more

insight.zdnet.co.uk:
The whys, whats and whens of Vista. Read more

lnx.hackerscenter.com:
Exploits are backdoored! BEWARE. Read more

www.scmagazine.com:
Virus authors take a vacation, phishers keep working. Read more

apnews1.iwon.com:
Internet Scammers Keep Working in Nigeria. Read more

www.heraldnet.com:
Somewhere from Nigeria a scam comes calling. Read more

nwitimes.com:
Nigerian police crack down on e-scams. Read more

www.techweb.com:
Silent, Deadly Forms Of Phishing Double. Read more

www.pcworld.com:
'Car Whisperer' Puts Hackers in the Driver's Seat. Read more

www.pcworld.com:
Microsoft to Host Hacker Meetings. Read more

www.eff.org:
FCC Issues Rule Allowing FBI to Dictate Wiretap-Friendly Design for Internet Services. Read more

www.computerworld.com:
Antispyware firm warns of massive ID theft ring. Read more

. 06 August 2005

Guides, Papers, etc
Photos of Michael Lynn's presentation at Black Hat have been posted to the net. Read more

searchwindowssecurity.techtarget.com:
Rootkit battle: Rootkit Revealer vs. Hacker Defender. Read more

msdn.microsoft.com:
Microsoft Professional Developers Conference (PDC). Read more

Collaborative Internet Worm Containment. Read more

 

Tools:
www.binarypool.com:
SpiderFoot is a free, open-source, domain footprinting tool. Read more

 

Vulnerabilities & Exploits
www.xfocus.net:
Cisco IOS. Read more

www.hackingspirits.com:
Defeating Citi-Bank Virtual Keyboard Protection. Read more

www.securityfocus.com:
Exploit for the remote command execution vulnerability in Silvernews 2.0.3. Read more

www.idefense.com:
EMC Navisphere Manager Directory Traversal Vulnerability. Read more

securitytracker.com:
SilverNews Input Validation Holes Let Remote Users Inject SQL Commands and Remote Authenticated Users Execute System Commands. Read more

securitytracker.com:
Dump Lets Local Users Deny Service By Locking a Certain File. Read more

 

News
www.securityfocus.com:
Annual hacking game teaches security lessons. Read more

news.zdnet.co.uk:
Worms dodge Internet sensors. Read more

www.vnunet.com:
Trojan poses as war death notice. Read more

www.zdnet.com.au:
Security researchers problematic bunch? Read more

www.zdnet.com.au:
Learn from Microsoft's mistakes: Cisco told. Read more

www.theregister.co.uk:
Too many ATMs are exposed to fraudsters, warns Gartner. Read more

www.theregister.co.uk:
Is the web's love affair with PHP over? Read more

www.nbcsandiego.com:
Man Hacks Into Army Computers To Drum Up Business. Read more

www.builderau.com.au:
JPEG-based virus attack gets closer. Read more

www.denverpost.com:
CU seeking help to evaluate hacked system. Read more

www.zdnet.com.au:
Torvalds in renewed Aust Linux trademark push. Read more

www.vnunet.com:
Spammers go droopy on porn. Read more

. 05 August 2005

Guides, Papers, etc
www.red-database-security.com:
Circumvent Oracle’s Database Encryption and Reverse Engineering of Oracle Key Management Algorithms. Read more

www.globetechnology.com:
It's full throttle in the battle against viruses. Read more

www.usenix.org:
Computer Security in the Real World by Butler W. Lampson, Microsoft and MIT. Read more

crispincowan.com:
Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade. Read more

crispincowan.com:
StackGuard: Automatic Adaptive Detection and Prevention of Buffer Overflow. Read more

Mapping Internet SensorsWith Probe Response Attacks. Read more

www.linuxexposed.com:
Logging and Monitoring Apache (Part 1). Read more

www.windowsecurity.com:
Auditing user accounts. Read more

www.eweek.com:
Home Users Need to Plan for the Worst By Larry Seltzer. Read more

 

Vulnerabilities & Exploits
www.red-database-security.com:
CREATE OR REPLACE PACKAGE BODY DBMS_CRYPTO AS. Read more

www.rgod.altervista.org:
FlatNuke 2.5.5 (possibly prior versions) remote commands execution / cross site scripting / path disclosure (by rgod). Read more

neworder.box.sk:
Hidden Users on Windows. Read more

securitytracker.com:
ChurchInfo Input Validation Holes Permit SQL Injection. Read more

 

News
news.com.com:
Patches on the way for Windows flaws. Read more

searchcio.techtarget.com:
Should Michael Lynn have kept his mouth shut? Read more

news.com.com:
First potential virus risk for Windows Vista found. Read more

www.theregister.co.uk:
Hasta la Vista, baby. Read more

www.securityfocus.com:
Annual hacking game teaches security lessons. Read more

www.vnunet.com:
IP flaw leaves Windows 2000 wide open. Read more

news.com.com:
Worms could dodge Net traps. Read more

www.theregister.co.uk:
Microsoft develops new 'Super' language. Read more

news.com.com:
Antiphishing group casts line at new threats. Read more

www.theregister.co.uk:
CAN SPAM case upholds email filtering rights. Read more

news.com.com:
It's a bull market for stock spam. Read more

www.internetnews.com:
Yahoo Debuts Audio Search. Read more

. 04 August 2005

Guides, Papers, etc
news.com.com:
DNS servers--an Internet Achilles' heel. Read more

www.securityfocus.com:
Rooting the Fortune 100. Read more

www.zdnet.com.au:
Crushing the Web's dark forces. Read more

www.tik.ee.ethz.ch:
Past and Future Internet Disasters: DDoS attacks. Read more

makezine.com:
DefCon Coverage from MakeZine.com. Read more

wiki.whatthehack.org:
Video Coverage from the WhatTheHack. Read more

astalavista.com:
Spyware discussion paper. Read more

 

Tools:
portswigger.net:
Burp proxy v1.3beta is now available for download. Read more

 

Vulnerabilities & Exploits
www.rgod.altervista.org:
Silvernews 2.0.3 (possibly previous versions ) SQL Injection / Login Bypass / Remote commands execution / cross site scripting. Read more

www.idefense.com:
CA BrightStor ARCserve Backup Agent for MS SQL Server Buffer Overflow. Read more

securitytracker.com:
'web content management' Lets Remote Users Add Administrative Accounts or Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
Quick 'n Easy FTP Server Input Validation Bug in USER Command Lets Remote Users Deny Service. Read more

securitytracker.com:
VBZooM Input Validation Holes in 'profile.php' and 'login.php' Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
Naxtor Shopping Cart 'lost_passowrd.php' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Symantec Norton GoBack Lets Local Users Bypass Authentication. Read more

securitytracker.com:
CA BrightStor ARCserve/Enterprise Backup Agents Buffer Overflow Lets Remote Users Gain System Privileges. Read more

 

News
www.techweb.com:
Cisco Web Site Breached, All Passwords Reset. Read more

www.betanews.com:
Cisco Web Site Breached by Hackers. Read more

www.theregister.co.uk:
Cisco security flap leaves millions scrambling for help. Read more

www.zdnet.com.au:
ISS: Flaw researcher fairly treated. Read more

www.zdnet.com.au:
Worm hole found in Windows 2000. Read more

www.vnunet.com:
Hackers cash in on 802.1x confusion. Read more

money.cnn.com:
ATM fraud blamed on lax security. Read more

money.cnn.com:
Report: Lax security enables ATM fraud. Read more

www.technewsworld.com:
Hackers Demonstrate Their Skills in Las Vegas. Read more

www.theregister.co.uk:
Chinese cyber-dissident jailed. Read more

www.macworld.com:
Phishers hack eBay. Read more

www.windowsitpro.com:
IE 7.0 Technical Changes Leave Web Developers, Users in the Lurch. Read more

www.vnunet.com:
Hacker criticises cyber crime laws. Read more

www.vnunet.com:
Big Brother is watching out for hackers. Read more

. 03 August 2005

Guides, Papers, etc
cryptome.org:
Comments on the Lynn Cisco Presentation. Read more

www.boingboing.net:
Mike Lynn presentation mirrors and legal fund. Read more

downloads.oreilly.com:
Video of Lynn's BH Presentation Being Trashed. Download

www.cerias.purdue.edu:
IMPACT OF NETWORK DESIGN ON WORM PROPAGATION. Read more

 

Tools:
ghh.sourceforge.net:
The Google Hack Honeypot project has released version 1.1. Read more

 

Vulnerabilities & Exploits
www.debian.org:
DSA-772-1 apt-cacher -- missing input sanitising. Read more

www.security.nnov.ru:
Microsoft ActiveSync multiple vulnerabilities. Read more

www3.ca.com:
Computer Associates BrightStor ARCserve Backup Agents buffer overflow vulnerability. Read more

securitytracker.com:
Apple Font Book Can Be Crashed By Specially Crafted Font Collections. Read more

securitytracker.com:
PHPList Input Validation Flaw in 'id' Parameter Lets Remote Authenticated Users Inject SQL Commands. Read more

securitytracker.com:
OpenBook Input Validation Holes in auth_user() Let Remote Users Inject SQL Commands. Read more

securitytracker.com:
BusinessObjects Enterprise Unspecified Flaw in Web Interface Lets Remote Users Deny Service. Read more

securitytracker.com:
Crystal Reports Server Unspecified Flaw in Web Interface Lets Remote Users Deny Service. Read more

 

News
blogs.washingtonpost.com:
Leaving Las Vegas: So Long DefCon and Blackhat. Read more

www.iht.com:
Hackers and foes exchange ideas. Read more

news.zdnet.co.uk:
Cisco flaw presentation spreads across the Web. Read more

www.techweb.com:
Terrorists Copying Hacker Tactics. Read more

www.smh.com.au:
ATM systems 'highly vulnerable' to fraud. Read more

www.pcworld.idg.com.au:
Gartner: Bank card fraud too easy for phishers. Read more

news.zdnet.co.uk:
Phishing attacks highlight banks' weaknesses. Read more

news.zdnet.co.uk:
Cybercriminals up ante with phishing and darkmail. Read more

software.silicon.com:
Darkmail: Cyber nasties just got nastier. Read more

www.techweb.com:
Greynets Cost IT $130,000 Monthly. Read more

www.theregister.co.uk:
Linux Bluetooth hackers hijack car audio. Read more

www.theregister.co.uk:
Infrared exploits open the door to hotel hacking. Read more

www.theregister.co.uk:
Spear phishers launch targeted attacks. Read more

english.people.com.cn:
Ex-Microsoft executive barred from Google job. Read more

www.builderau.com.au:
Wanted: Windows Hackers. Read more

www.it-observer.com:
Is Google Exposing You to Hack Attacks? Read more

strategiy.com:
Google click fraud a serious problem: Survey. Read more

www.schneier.com:
Cisco Harasses Security Researcher. Read more

. 02 August 2005

New Trojans July

 

Guides, Papers, etc
www.phrack.org:
Final Phrack Released. Read more

www.securityfocus.com:
The CardSystems blame game. Read more

www.securityfocus.com:
CardSystems made its choices clear. Read more

networks.silicon.com:
Peter Cochrane's Blog: Borrowing Wi-Fi is not a crime. Read more

www.eweek.com:
Larry Seltzer: Where Does Truth Lie in Lynn/Cisco Case? Read more

 

Tools:
astalavista.com:
Internet Filter Bypass Script. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
MySQL Eventum Input Validation Hole in 'class.auth.php' Permits SQL Injection and Other Input Validation Bugs Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
BusinessMail Server SMTP Command Validation Error Lets Remote Users Crash the Server. Read more

securitytracker.com:
PHPFreeNews Input Validation Holes Permit Cross-Site Scripting and SQL Injection Attacks. Read more

www.debian.org:
DSA-771-1 pdns -- several vulnerabilities. Read more

 

News
www.theregister.co.uk:
Cisco details Black Hat vuln fix. Read more

www.wired.com:
Router Flaw Is a Ticking Bomb. Read more

techdirt.com:
Claria Can't Change Its Spots That Easily. Read more

www.informationweek.com:
Claria Software Seeks Legitimacy. Read more

www.informationweek.com:
Review: Claria Software--Unsafe At Any Speed. Read more

www.infoworld.com:
64-bit Windows anti-virus not yet mainstream. Read more

www.mtv.com:
'Darknets' Could Make File-Sharers Invisible To Authorities. Read more

www.theregister.co.uk:
Worm mocks convicted Sasser author. Read more

www.informationweek.com:
Hackers Demonstrate Their Skills in Vegas. Read more

australianit.news.com.au:
Worms do China's spying. Read more

news.bbc.co.uk:
Software pirates tap into technology. Read more

www.microscope.co.uk:
Pirated software floods UK. Read more

www.informationweek.com:
New Bill Proposes Tougher Punishments for Identity Theft. Read more

www.informationweek.com:
Popular Open-Source Data Compression Technology Reveals Ugly Flaw Aug. Read more

www.informationweek.com:
Revealing E-Mail's Secrets. Read more

www.technewsworld.com:
Microsoft's 'Advantage' Has Its Drawbacks. Read more

www.theregister.co.uk:
Microsoft blogger: 'My toolbar vanished too!'. Read more

software.silicon.com:
Devil's Advocate: Death to spammers? Read more

www.cbsnews.com:
Counter-Espionage For Your PC. Read more

www.computerweekly.com:
Cyber blackmailers and adware threaten. Read more

blog.ziffdavis.com:
Do I get current? Read more

www.washingtonpost.com:
Internet Ad Pioneer Now Shunning Pop-Ups. Read more

www.vnunet.com:
Phishing emails go formal. Read more

www.vnunet.com:
Phishers try to catch eBay users. Read more

www.vnunet.com:
PC fingerprint scanners 'come of age'. Read more

www.technewsworld.com:
Pirates Sail Right by Microsoft Defenses. Read more

. 01 August 2005

New Trojans July

 

Guides, Papers, etc
www.milw0rm.com:
The Holy Grail: Cisco IOS Shellcode And Exploitation Techniques. Read more

rehash.whatthehack.org:
Bluetooth Security - News From The Front. Video

 

Tools:
prdownloads.sourceforge.net:
Xprobe2 is a remote active operating system fingerprinting tool which uses advanced techniques. Download

trifinite.org:
The carwhisperer project intends to sensibilise manufacturers of carkits and other Bluetooth appliances without display and keyboard for the possible security threat evolving from the use of standard passkeys. Read more

 

Vulnerabilities & Exploits
www.rgod.altervista.org:
NETQUERY 3.1 remote commands execution. Read more

securitytracker.com:
Gopher Client Unsafe Temporary Files May Let Local Users Gain Elevated Privileges. Read more

 

News
www.securityfocus.com:
Exploit writers team up to target Cisco routers. Read more

www.securityfocus.com:
Reading, rooting, 'rithmetic: Preschoolers learn programming. Read more

news.com.com:
Defcon: Poking holes in hacking tools. Read more

news.zdnet.co.uk:
Hackers go for Cisco. Read more

news.com.com:
Hackers race to expose Cisco router flaw. Read more

www.theinquirer.net:
ISS attacks news sites. Read more

news.com.com:
Hacking the hotel through the TV. Read more

news.com.com:
Why Bill Gates wants 3,000 new patents. Read more


Copyright© MegaSecurity.org