Home    News Archive    Translate Traducen
News August 2006
31 August 2006

Guides, Papers, etc
www.isaac.cs.berkeley.edu:
Intercepting Mobile Communications: The Insecurity of 802.11. Read more

online.wsj.com:
This Email Will Self-Destruct. Read more

www.technologyreview.com:
Googling Your TV. Prototype software from Google Research could listen to your TV and send back useful information -- and ads of course.. Read more

blog.washingtonpost.com:
Sun Acknowledges Security Hole in Patch Process. Read more

www.eweek.com:
The End of the Worm Era. Read more

www.symantec.com:
Polymorphism comes to the AMD64. Read more

www.symantec.com:
Virus Q&A – W32/W64.Bounds. Read more

www.securityfocus.com:
Latest polymorphism hides viruses better. Read more

www.2-spyware.com:
Animated spam. Read more

www.avertlabs.com:
Security begins at home. Read more

www.viruslist.com:
Cybermoney, cyber crime. Read more

www.securitypronews.com:
Malware That Alters Search Results. Read more

blogs.msdn.com:
IE7, IE6 and The Windows Lifecycle. Read more

isc.sans.org:
Tip of the Day: Audit (NEW). Read more

www.mcs.vuw.ac.nz:
Amazon EC2 - Legitimate Bot Net for the Masses? Read more

www.mcs.vuw.ac.nz:
Distributing Malicious ActiveX controls using Authenticode (code signing). Read more

www.darkreading.com:
Wireless Piggybackers Put on Notice. Read more

www.informationweek.com:
Windows Vista: The last Of Microsoft's Supersized Operating Systems? Read more

www.it-observer.com:
Protect Your Windows Systems. Read more

www.sda-india.com:
How Google is Encroaching Microsoft's Domain. Read more

 

Tools:
www.vnunet.com:
Browzar promises private surfing. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
MiniBill Include File Hole in 'config[plugin_dir]' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
phpECard Include File Flaw in 'functions.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
LinksCaffe 'admin1953.php' Grants Remote Users Administrative Access. Read more

securitytracker.com:
MaxDB Buffer Overflow in WebDBM Service Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.theregister.co.uk:
Thousands hit by AT&T website hack. Read more

www.vnunet.com:
Rootkit malware has double sting in its tail. Read more

ipcommunications.tmcnet.com:
Hackers Exploit MS Patches. Read more

www.p2pnet.net:
BT encrypted traffic throttler. Read more

www.networkworld.com:
Putting wireless networks to the terrorism test. Read more

news.com.com:
Microsoft tests parental-control software. Read more

times.hankooki.com:
Mobile Internet to Become Faster Than Fixed Line. Read more

www.webuser.co.uk:
Skype flasher sparks privacy alert. Read more

. 30 August 2006

Guides, Papers, etc
www.asiamedia.ucla.edu:
Researchers expose Vietnamese Internet filtering system. Read more

blogs.securiteam.com:
Thousands of NT4 machines within the Finnish government still. Read more

www.viruslist.com:
Java update. Read more

www.windowsecurity.com:
Top 5 Security Settings to Audit. Read more

isc.sans.org:
Tip of the Day - Protecting HP JetDirect-based Printers (NEW). Read more

www.darkreading.com:
Top 10 Reasons Security Products Don't Work. Read more

www.darkreading.com:
When to Disclose. Read more

pcexposure.com:
Windows Vista Pre-RC1 Screenshots. Read more

www.esecurityplanet.com:
Guarding Against “the Inside Job”. Read more

lifehacker.com:
Protect your web searches. Read more

www.internetnews.com:
Open Source Windows Clone Coming Soon? Read more

 

Vulnerabilities & Exploits
securitytracker.com:
[Not a Vulnerability] Jetbox CMS Include File Bug in 'includes/phpdig/libs/search_function.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Internet Explorer (IE) Buffer Overflow in 'daxctle.ocx' ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
BIGACE 'GLOBALS' Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Cybozu Office Discloses Files to Remote Users. Read more

 

News
www.securityfocus.com:
Data thieves breach AT&T online store. Read more

www.microsoft-watch.com:
Microsoft Working to Fix Hacked Windows Media DRM. Read more

news.com.com:
More security bang for fewer bucks. Read more

www.vnunet.com:
Bogus Apple iPod spam hides Trojan. Read more

government.zdnet.com:
'Foreign adversaries' attacking Army networks. Read more

www.vnunet.com:
Greenpeace names and shames tech firms. Read more

. 29 August 2006

Guides, Papers, etc
www.networkworld.com:
Military research aims to develop self-configuring, secure wireless nets. Read more

www.itnews.com.au:
Most damaging attacks rely on stolen log-ins. Read more

www.securityfocus.com:
Anonymous No More. Read more

www.apcstart.com:
Symantec plays down CPU virus hyperbole. Read more

www.f-secure.com:
Are you a phisher? Looking for free hosting? Read more

isc.sans.org:
Tip of the Day: Don't be a victim (well try to not be a victim) - security toolbars (NEW). Read more

stopbadware.org:
AOL 9.0 (free version) Status: Open Inquiry. Read more

www.cl.cam.ac.uk:
Security Engineering - The Book. Read more

blogs.msdn.com:
IE + JavaScript Performance Recommendations - Part 1. Read more

www.emailbattles.com:
Is Everyone Running Naked With Wireless? Read more

 

Tools:
www.darkreading.com:
Metasploit Issues New Beta. Read more

 

Vulnerabilities & Exploits
www.whitedust.net:
New Security Flaw In Hotmail. Read more

 

News
www.smh.com.au:
T-Mobile Hacker Gets Home Detention. Read more

efytimes.com:
Symantec Reports New Concept Viruses. Read more

arstechnica.com:
Windows Media DRM cracked. Read more

www.itnews.com.au:
TippingPoint posts list of upcoming bugs. Read more

www.theage.com.au:
Centrelink staff sacked over breaches. Read more

www.betanews.com:
High-End Vista Comes at a High Price. Read more

www.linuxpipeline.com:
P2P Steps Into The Darknet. Read more

www.informationweek.com:
Bot Herder Sentenced To Three-Year Prison Term. Read more

. 28 August 2006

Guides, Papers, etc
www.eweek.com:
Typo-Squatting, DNS Wildcards and the Sucky State of Domain Affairs. Read more

194.177.97.44:85:
GROMOZON.COM The strange case of Dr.Rootkit and Mr.Adware. Read more

www.itnews.com.au:
Security vendors mad about 'consumer reports' test methods. Read more

honeyblog.org:
Analysis of RedHat 8.0 Honeypot Compromise. Read more

taosecurity.blogspot.com:
Why 0wn When You Can XSS. Read more

www.heise-security.co.uk:
SHA-1 hash function under pressure. Read more

sunbeltblog.blogspot.com:
The Consumer Reports testing scandal: It's far, far worse than we initially thought. Read more

www.thechannelinsider.com:
How S-L-O-W Will Vista Go? Read more

www.wi-fi.org:
Wi-Fi Alliance® Announces Wi-Fi Protected Setup™. Read more

english.ohmynews.com:
Keeping Cyber Intruders Out. Read more

www.pcworld.idg.com.au:
Microsoft strong on security. Read more

www.viruslist.com:
Watershed in malicious code evolution. Read more

 

Tools:
capture-hpc.sourceforge.net:
Capture is a high interaction honeypot client that uses programs on a client to open up resources on the internet. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
OpenBSD isakmpd Error Lets Remote Users Bypass the Replay Protection. Read more

securitytracker.com:
OpenBSD Kernel Semaphore Allocation Bug Lets Local Users Deny Service. Read more

securitytracker.com:
ISC DHCP Can Be Crashed By Remote Users with a Specially Crafted DHCPOFFER Packet Read more

securitytracker.com:
Sendmail May Crash When Processing Mail with a Long Header. Read more

 

News
today.reuters.com:
Cable firm UPC loses court case over file swapping. Read more

seattlepi.nwsource.com:
Hacker faces prison for PC attacks; Northwest Hospital among targets. Read more

www.dslreports.com:
Hacker Sentenced to 37 Months. Read more

grownupgeek.blogspot.com:
Myspace closes GIANT SECURITY hole. Read more

observer.guardian.co.uk:
Crackdown on encrypted child porn. Read more

www.betanews.com:
Firefox Extension Promises Private P2P. Read more

arstechnica.com:
Two legal lessons from the RIAA: don't disobey the judge and don't sue innocent people. Read more

today.reuters.co.uk:
CD piracy weighs on music industry. Read more

. 26 August 2006

Guides, Papers, etc
www.darkreading.com:
Holes Remain in SSL VPNs. Read more

www.computerworld.com:
Five reasons you need a new approach to antivirus security. Read more

searchsecurity.techtarget.com:
Mitigate botnets in five steps. Read more

blogs.securiteam.com:
90 Mexico government citizen portal sites defaced. Read more

blogs.securiteam.com:
Vulenrability etc. in Google’s index. Read more

www.f-secure.com:
We Knew It Would Happen. Read more

blogs.zdnet.com:
Windows without viruses and spyware? Yes, it's possible. Read more

blog.siteadvisor.com:
Kids, Cartoons and Adware. Read more

www.pcadvisor.co.uk:
Real life: my battle with spyware. Read more

www.rfc1149.net:
Wiping unused space in a file system. Read more

www.infoworld.com:
How malicious hackers attack. Read more

ha.ckers.org:
Stealing User Information Via Automatic Form Filling. Read more

 

Tools:
www.theregister.co.uk:
Crypto browser plug-in aims for simplicity. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
pSlash Include File Bug in 'config.inc.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Sun Java System Content Delivery Server Discloses File Contents to Remote Users. Read more

 

News
www.boston.com:
Bank warns customers personal data may have been breached. Read more

www.breitbart.com:
IRS Warns Against Phony Debt Collectors. Read more

www.securityfocus.com:
The danger of "free". Read more

www.theregister.co.uk:
MS finally patches IE patch. Read more

www.vnunet.com:
New virus attacks AMD processors. Read more

www.vnunet.com:
Nine in 10 PCs infected with spyware. Read more

www.boston.com:
Man gets 3 years for 'botnet' attack. Read more

www.terra.net.lb:
Apple Computer recalls around 1.8 million laptop batteries. Read more

www.vnunet.com:
Ransomware data kidnapping on the rise. Read more

. 25 August 2006

Guides, Papers, etc
blogs.securiteam.com:
Smoodge: Micorosft & eEye. Read more

ise.gmu.edu:
Tracking Anonymous PeertoPeer VoIP Calls on the Internet. Read more

www.networkworld.com:
Experts divided over rootkit detection and removal. Read more

isc.sans.org:
Tip of the day: using host based firewall on Windows XP SP2 (NEW). Read more

blogs.msdn.com:
A Quick Reference Sheet for Internet Explorer 7. Read more

www.darkreading.com:
Fighting Spam With Spamalot. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
ImageMagick Integer/Buffer Overflows in Processing XCF and Sun Bitmap Images Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
BSD UNIX PPP LCP Options Length Buffer Overflow Lets Remote Users Deny Service. Read more

securitytracker.com:
SSH Tectia Manager Process Restart Flaw May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
SSH Tectia Client/Server/Connector/Manager Pathname Parsing Flaw Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Asterisk Stack Overflow in MGCP Implementation Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Novell Identity Manager Input Validation Flaw May Let Remote Users Inject Shell Code. Read more

 

News
www.securityfocus.com:
Microsoft re-releases Internet Explorer patch. Read more

www.eweek.com:
Microsoft Zaps eEye from IE Flaw Credits. Read more

www.theregister.co.uk:
Pentagon hacker says charges have been manufactured. Read more

arstechnica.com:
Fugitive exec nabbed after Skype call. Read more

seattlepi.nwsource.com:
Hacker faces prison for PC attacks. Read more

www.securityfocus.com:
Linux update becomes terminal pain. Read more

www.abc.net.au:
Centrelink staff sacked for privacy breaches. Read more

www.sophos.com:
Phishing attack focuses on adult webcam users. Read more

seattlepi.nwsource.com:
Hacker faces prison for PC attacks. Read more

www.computerweekly.com:
Two charged over online “holiday” fraud. Read more

. 24 August 2006

Guides, Papers, etc
www.smallworks.com:
Ellch and Maynor: the continuing debate. Read more

www.podtrac.com:
Security Now! 54: Blue Pill - sponsored by Astaro Corp. Listen

money.cnn.com:
How Google can make - or break - your company. Read more

www.nytimes.com:
Web Surfing in Public Places Is a Way to Court Trouble. Read more

isc.sans.org:
Problems with Intel wireless drivers (NEW). Read more

www.windowsecurity.com:
Understanding User Account Control in Vista. Read more

weblog.infoworld.com:
Is Windows inherently more vulnerable to malware attacks than OS X? Read more

www.passivemode.net:
AT&T Confidential Documents. Read more

www.infoworld.com:
Microsoft delivers stronger security and simpler patching. Read more

www.schneier.com:
TrackMeNot. Read more

www.darkreading.com:
Click Goes Your Ad Budget. Read more

 

Tools:
mrl.nyu.edu:
TrackMeNot is a lightweight browser extension that protects web-searchers against surveillance and data-profiling. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Microsoft Internet Explorer URL Buffer Overflow in Processing HTTP 1.1 Protocol with Compression Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Cisco ASA May Change Certain Passwords. Read more

securitytracker.com:
Cisco PIX Firewall May Change Certain Passwords. Read more

securitytracker.com:
Cisco Firewall Services Module May Change Certain Passwords. Read more

securitytracker.com:
Cisco VPN 3000 Concentrator Lets Remote Users Access Certain FTP Commands. Read more

securitytracker.com:
Wireshark (Ethereal) Bugs in SCSI, DHCP, and Q.2931 Dissectors Let Remote Users Execute Arbitrary Code or Deny Service. Read more

securitytracker.com:
Blackboard Input Validation Hole in Filtering Javascript Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
MMSd Error in Processing RFC 1006 Packets Lets Remote Users Deny Service. Read more

securitytracker.com:
Java Web Start May Let Remote Users Exploit Old Vulnerabilities. Read more

securitytracker.com:
Java Plug-in May Let Remote Users Exploit Old Vulnerabilities. Read more

 

News
www.vnunet.com:
China cracks down on spammers. Read more

news.zdnet.co.uk:
Email bomber to be electronically tagged. Read more

www.int.iol.co.za:
Hackers target ruling party website in Brazil. Read more

www.vnunet.com:
Child porn spam hides Trojan. Read more

www.newsfactor.com:
Viruses and Spyware Cost Users $7.8 Billion. Read more

. 23 August 2006

Guides, Papers, etc
www.wired.com:
Privacy Debacle Hall of Fame. Read more

www.opennet.net:
Internet Filtering in Vietnam in 2005-2006: A Country Study. Read more

uninformed.org:
Exploiting the Otherwise Non-exploitable on Windows. Read more

uninformed.org:
Improving Automated Analysis of Windows x64 Binaries. Read more

www.oii.ox.ac.uk:
TERRORIST ‘USE’ OF THE INTERNET AND FIGHTING BACK. Read more

www.lurhq.com:
The Security Hookup is a 5-minute video broadcast which you can view on your video iPod or in any Quicktime or MPEG-compatible video player. Each episode gives you news, information, and techniques you can use to secure your network against the latest threats. The show is hosted by Joe Stewart, Senior Security Researcher with LURHQ, and is geared for a technical audience. Read more

isc.sans.org:
Decoding malware (NEW). Read more

www.domain-b.com:
Filtering the virus. Read more

www.viruslist.com:
Development kits for gaming consoles. Read more

ddanchev.blogspot.com:
Virus Outbreak Response Time. Read more

sunbeltblog.blogspot.com:
Does Vista Give You Too Many Choices? Read more

polishlinux.com:
SSH Tunnels: Bypass (Almost) Any Firewall. Read more

www.zdnet.com.au:
ActiveSync: Still rubbish after all these years. Read more

 

Tools:
www.sophos.com:
Sophos Anti-Rootkit. Read more

www.qfxsoftware.com:
KeyScrambler, a web browser plugin, encrypts your keystrokes to protect your important personal information from keyloggers. Read more

www.betanews.com:
Microsoft Tests Wi-Fi Connection Tool. Read more

www.ajaxpath.com:
Javascript debuggers overview. Read more

 

Vulnerabilities & Exploits
www.microsoft.com:
Microsoft Security Advisory (923762): Long URLs to sites using HTTP 1.1 and compression Could Cause Internet Explorer 6 Service Pack 1 to Unexpectedly Exit. Read more

research.eeye.com:
MS06-042 Related Internet Explorer 'Crash' is Exploitable. Read more

securitytracker.com:
MDaemon Buffer Overflow in USER and APOP Commands Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Symantec Enterprise Security Manager Race Condition Lets Remote Users Deny Service. Read more

securitytracker.com:
Solaris Buffer Overflow in 'format' Command Lets Local Users Obtain Elevated Privileges. Read more

securitytracker.com:
Sun Solaris Default RBAC Configuration May Let Local Users Gain Elevated Privileges. Read more

 

News
www.securityfocus.com:
Microsoft patch opens users to attack. Read more

www.securityfocus.com:
AOL's top tech exec leaves after privacy leak. Read more

www.zdnet.com.au:
Security firms develop anti-rootkit tools. Read more

www.newscientisttech.com:
Vietnam censors use porn as a smokescreen. Read more

www.mcpmag.com:
Microsoft Makes Security Blunder with Vista Beta Patching. Read more

www.zdnet.com.au:
Microsoft puts cybersquatters on notice. Read more

ha.ckers.org:
Google Redirection Hole Used For Phishing. Read more

australianit.news.com.au:
Villains are going vishing via VoIP. Read more

news.com.com:
Worm sparks rise in zombie PCs. Read more

news.com.com:
Yahoo adds phishing shield. Read more

www.privacyinternational.org:
PI announces the 2006 Stupid Security Competition. Read more

www.passivemode.net:
Paris Hilton Caught in Lindsay Lohan Hack. Read more

. 22 August 2006

Guides, Papers, etc
www.newswireless.net:
Dear Sir Bill Gates; invoice enclosed. Prompt payment is expected...Read more

news.softpedia.com:
The Wi-Fi Exploit, Who Is Lying? Read more

www.f-secure.com:
Working with the Intel Wi-Fi Drivers Again. Read more

www.ecoustics.com:
How Bad Guys Exploit Legitimate Sites. Read more

isc.sans.org:
Tip of the Day - Like a Kid in a WMIC Candy Store (NEW). Read more

www.securityfocus.com:
Microsoft Office security, part one. Read more

www.onesurebet.com:
E-mail Security Doesn’t Need to be a Gamble. Read more

www.eweek.com:
Search Privacy: Damned if You Do. Read more

www.aolstalker.com:
AOLStalker.com. Who searched for what. Read more

www.apcstart.com:
Vista disk encryption: very damn fast. Read more

www.fanpop.com:
Video: Banned Microsoft Office XP Commercial. Watch

 

Vulnerabilities & Exploits
securitytracker.com:
WFTPD Buffer Overflow in SIZE Command Lets Remote Authenticated Users Execute Arbitrary Code. Read more

securitytracker.com:
OpenSEF Include File Hole in 'sef.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
LBlog Input Validation Flaw in 'comments.php' Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Microsoft PowerPoint Unknown Bug May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
osCommerce Input Validation Flaw in 'shopping_cart.php' Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
PHlyMail Include File Bug in '_PM_['path']['handler']' Parameter Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.theregister.co.uk:
Google mislays Tibet. Read more

www.eweek.com:
FBI Investigating Theft of 10 Hospital Computers. Read more

blogs.securiteam.com:
RFID company: New e-Passport can trigger a bomb. Read more

www.itnews.com.au:
Hackers clear Apple over MacBook attack. Read more

www.zone-h.org:
Kevin Mitnick creampied by Pakistani rage. Read more

security.ithub.com:
Microsoft Dismisses PowerPoint Zero-Day Warning. Read more

www.itnews.com.au:
Symantec beefs up eDiscovery search tools. Read more

www.newsfactor.com:
Windows Vista Beta 2 Plagued by Bugs. Read more

www.itnews.com.au:
US regulator nabs pump-and-dump share spammers. Read more

. 21 August 2006

Guides, Papers, etc
blogs.securiteam.com:
Consumer Reports writes viruses. Read more

www.eweek.com:
Ethics and Virus Testing. Read more

wired.com:
Death to Caps Lock. Read more

computerworld.co.nz:
Virtual PCs are the key to secure computing. Read more

spyware-free.us:
HackerDefender. Read more

www.winsupersite.co:
Internet Explorer 7: Flawed or Misunderstood? Read more

www.crime-research.org:
Phishing in Cyberspace: Issues and Solutions. Read more

news.com.com:
Net's new porn trend: Nearly nude kids. Read more

 

Vulnerabilities & Exploits
blogs.securiteam.com:
Microsoft PowerPoint 0-day Vulnerability FAQ - August 2006, CVE-2006-nnnn. Read more

 

News
www.wired.com:
Privacy Debacle Hall of Fame. Read more

computerworld.co.nz:
Malware’s commercialisation drives security. Read more

www.itp.net:
Summertime, and the hackers are busy...Read more

news.softpedia.com:
Berlusconi BBC News Report Spreads Trojan. Read more

www.theinquirer.net:
Romanians crack Internet crime rings. Read more

www.siliconvalleywatcher.com:
Hackers take down national black newspaper of the year. Read more

. 19 August 2006

Guides, Papers, etc
hydrogen.oshean.org:
PaulDotCom Security Weekly - Episode 38 - August 3, 2006. Listen

www.baselinemag.com:
Eavesdropping on Bots Preparing to Attack. Read more

pauldotcom.com:
Wireless Network Security? Read more

www.securityfocus.com:
Novell aims to make Linux security easy. Read more

isc.sans.org:
MS06-042 and CA Unicenter Service Desk - Hotfix available. Read more

www.microsoft.com:
Introduction to Windows Firewall with Advanced Security. Read more

www.networkworld.com:
Military research aims to develop self-configuring, secure wireless nets. Read more

news.com.com:
Spying an intelligent search engine. Read more

www.orlandosentinel.com:
Are kids 'sharing' or stealing? Read more

www.darkreading.com:
The Real Threat to the Security Industry. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
AOL Client Insecure Default Permissions Lets Local Users Modify Files. Read more

securitytracker.com:
a6MamboCredits Include File Bug in 'mosConfig_live_site' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
POWERGAP Include File Flaw in 'shopid' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Discloser Include File Bug in 'fileloc' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Horde Application Framework Input Validation Holes in 'index.php' and IMP's 'search.php' Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
IBM AIX setlocale() May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Apple Xsan Filesystem Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code. Read more

securitytracker.com:
MySQL Case-Sensitive Database Names May Let Users Access Restricted Databases. Read more

securitytracker.com:
MySQL Error in Checking suid Routine Arguments May Let Users Gain Elevated Privileges. Read more

securitytracker.com:
CubeCart Input Validation Holes Permit Cross-Site Scripting and SQL Injection Attacks. Read more

securitytracker.com:
Zen Cart Input Validation Flaws Let Remote Users Inject SQL Commands and Execute Arbitrary Code. Read more

 

News
www.tuaw.com:
SecureWorks admits to falsifying MacBook wireless hack. Read more

www.theregister.co.uk:
What the heck was on that stolen laptop? Read more

news.bbc.co.uk:
UK bank details sold in Nigeria. Read more

www.theregister.co.uk:
Vista joins MS patch treadmill. Read more

seattletimes.nwsource.com:
Computer plus student a recipe for icky virus, spyware trouble. Read more

www.networkworld.com:
Microsoft fixes memory bug in security patch. Read more

googlewatch.eweek.com:
Google AdSense Tries to Auto-Install Software. Read more

today.reuters.co.uk:
Woman arrested over Internet scams. Read more

www.infoworld.com:
Man charged in Hurricane Katrina phishing scams. Read more

techdirt.com:
Where's The Checkbox For 'New FBI Computer System Is So Bad I Plan To Go On A Crime Spree'? Read more

. 18 August 2006

Guides, Papers, etc
media.libsyn.com:
Interview with Bruce Schneier. Network Security Podcast, Episode 39. Listen

www.nominum.com:
Audio: Veritest DNS Performance Survey. Listen

aolradio.podcast.aol.com:
Audio: Security Now! 53: Virtualization Part 2. Listen

blog.washingtonpost.com:
When Online Crooks Advertise. Read more

www.securityfocus.com:
LinuxWorld, virtually speaking. Read more

blogs.zdnet.com:
Blue Pill: The first effective Hypervisor Rootkit. Read more

blogs.zdnet.com:
Detecting the Blue Pill Hypervisor rootkit is possible but not trivial. Read more

www.businessweek.com:
How Google's Neven Vision could track our lives. Read more

blogs.securiteam.com:
New Trojan exploits MS06-047 with Word file. Read more

isc.sans.org:
Microsoft August 2006 Patches: STATUS (NEW). Read more

www.f-secure.com:
More on Haxdoor.KI. Read more

www.windowsecurity.com:
Network design and defense. Read more

www.securityfocus.com:
Dynamic linking in Linux and Windows, part one. Read more

www.securityfocus.com:
Dynamic Linking in Linux and Windows, part two. Read more

www.slyck.com:
Anonymous Options. Read more

www.eweek.com:
Checking Your Laptop as Luggage. Read more

www.awprofessional.com:
Virtual Private Networks. Read more

 

Tools:
www.txdns.net:
TXNDS is a Win32 aggressive multithreaded DNS digger. Capable of placing, on the wire, thousands of DNS queries per minute. TXDNS main goal is to expose a domain namespace trough a number of techniques. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Solaris libnsl or TLI/XTI API Race Condition Lets Local Users Deny Service. Read more

securitytracker.com:
IBM eGatherer Buffer Overflow in RunEgatherer() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Symantec NetBackup PureDisk Lets Remote Users Access the System in Certain Cases. Read more

 

News
www.betanews.com:
U.S. Gov't Maintains Control of Net. Read more

www.redorbit.com:
University of Maryland University College to Train Computer Security Cops. Read more

www.redorbit.com:
Microsoft CEO Says Hackers Rampant. Read more

www.redherring.com:
China Malware War Gets Personal. Read more

www.channelregister.co.uk:
Disk drive researchers turn up IDs, child porn. Read more

news.com.com:
DNS could slow broadband service. Read more

www.darkreading.com:
'Analog Hackers' Overlooked, Undetected. Read more

. 17 August 2006

Guides, Papers, etc
blogs.securiteam.com:
Copyright in a packet. Read more

www.businessweek.com:
Spyware's Growing Arsenal. Read more

software.newsforge.com:
An interview with two 'granny hackers'. Read more

blogs.securiteam.com:
Security by obstruction. Read more

blogs.securiteam.com:
Researcher: Orphan Objects bug in MSIE silently fixed. Read more

www.consumerreports.org:
Our unique antivirus testing: How we did it. Read more

www.viruslist.com:
Good guys doing bad things. Read more

www.freenet.org.nz:
Protect Your Privacy from Google. Read more

technology.guardian.co.uk:
Has the time finally come to stop using Google? Read more

www.eweek.com:
Don't Believe That Lying Telephone. Read more

 

Vulnerabilities & Exploits
www.securitylab.ru:
XSS Vulnerable. Read more

securitytracker.com:
Fotopholder Input Validation Holes Permit Directory Traversal and Cross-Site Scripting Attacks and Let Remote Users Execute Local Files. Read more

securitytracker.com:
Fusion News Include File Bug in 'fpath' Parameter Lets Remote Users Execute Arbitrary Code. Read more

 

News
news.com.com:
Flaw finders to software makers: It's payback time. Read more

www.itnews.com.au:
More consumers' PCs infected with spyware. Read more

www.securityfocus.com:
Groups file FTC complaints against AOL. Read more

news.zdnet.co.uk:
Police want power to seize encryption keys. Read more

news.zdnet.com:
Microsoft hires McAfee antivirus veteran. Read more

www.ynetnews.com:
Yahoo! Mail service vulnerable to hacking. Read more

www.theregister.co.uk:
BoI customers fall victim to phishing scam. Read more

www.theregister.co.uk:
Movie download service faces spyware lawsuit. Read more

www.consumerreports.org:
Cyber insecurity. You're more vulnerable than you think. Read more

www.itnews.com.au:
FTC, AG blame 'extortionware' for pop-up hell. Read more

management.silicon.com:
Will RIPA lead to an infestation of Vamp-ires? Read more

. 16 August 2006

Guides, Papers, etc
www.lurhq.com:
Mocbot Spam Analysis. Read more

isc.sans.org:
Thoughts about Informix (NEW). Read more

isc.sans.org:
Tip of the Day: Secure Surfing at the Coffee Shop (or Hacker Conferences) (NEW). Read more

www.blackberry.com:
Protecting the BlackBerry device platform against malware. Read more

www.informationweek.com:
Analysis: Cisco, Microsoft Face Scrutiny Following Barrage Of Security Alerts. Read more

www.passivemode.net:
128 Bit Wifi Cracking in 60 Secs? Read more

www.darkreading.com:
Security, the Perfect Birthday Gift. Read more

www.esecurityplanet.com:
Beyond Fuzzing. Read more

www.realtechnews.com:
All I Want To Do Is Activate Windows! Read more

www.f-secure.com:
Root Kit video available on googleidol.com. Read more

 

Tools:
www.securescience.net:
InterScout 1.0 is a free web log analytics tool that acts as a web log file analyzer as well as a real-time web-based IDS specific to online fraud monitoring on web servers. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
osDate Input Validation Hole Permits Cross-Site Scripting Attacks and Ratings Inflation. Read more

securitytracker.com:
ImageMagick ReadSGIImage() Heap Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
HP-UX LP Subsystem Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
HP-UX Trusted Mode Lets Local Users Deny Service. Read more

securitytracker.com:
Panda ActiveScan Input Validation Hole in 'email' Parameter Permits Cross-Site Scripting Attacks. Read more

 

News
news.zdnet.com:
Microsoft patch can cause IE trouble. Read more

www.virusbtn.com:
MS06-040 fears spread. Read more

www.computerworld.com:
Cisco can't reproduce Black Hat flaw. Read more

news.xinhuanet.com:
75% of China's computers attacked by virus: survey. Read more

www.securityfocus.com:
Lessig: Content security squashing culture Read more

www.darkreading.com:
Phishers Flick Switch, Dupe Yahoo Users With Flickr. Read more

www.theregister.co.uk:
Hey, spammer, leave those kids alone. Read more

www.theregister.co.uk:
Iran president's weblog spews malware - false. Read more

www.it-observer.com:
Phil Zimmermann Joins BorderWare to Secure VoIP. Read more

www.it-observer.com:
Fixing Security Flaws Won't Save Online Banking Customers. Read more

www.ehomeupgrade.com:
Relakks - The World's First Commercial Darknet Read more

online.wsj.com:
What Are Web Surfers Seeking? Well, It's Just What You'd Think. Read more

. 15 August 2006

Guides, Papers, etc
applesoup.googlepages.com:
Bypassing script filters with variable-width encodings. Read more

msmobiles.com:
Airscanner Vulnerability Summary: Windows Mobile Security Software Fails the Test. Read more

isc.sans.org:
winsnort defaced - use caution (NEW). Read more

www.eweek.com:
UTM (D)Evolves. Read more

www.emailbattles.com:
Defending Against New Rootkits That Beat BSD, Linux, Mac, Vista, AMD and Intel. Read more

www.emailbattles.com:
A Network That Runs Better Since The Administrator Quit. Read more

www.podtrac.com:
TWiT 66: A Little Dab'll Do Ya. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
Novell eDirectory Writes User Passwords to a Log File. Read more

securitytracker.com:
[Incorrect Report] Calendarix 'calpath' Parameter Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
myEvent Include File Flaw in 'myevent_path' and 'language' Parameters Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Dolphin Include File Bug in 'dir[inc]' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
libmusicbrainz Buffer Overflows Let Remote Servers Execute Arbitrary Code. Read more

 

News
www.securityfocus.com:
Bot spreads using latest Windows flaw. Read more

news.zdnet.co.uk:
HSBC accused of 'scandalous' security glitch. Read more

today.reuters.com:
Microsoft warns game developers of security risk. Read more

www.vnunet.com:
US signs cybercrime convention. Read more

software.silicon.com:
Video nasty, adware nastier say experts of Guardian.co.uk ad. Read more

www.internetnews.com:
Microsoft OneCare Jumps Out To A Big Start. Read more

. 14 August 2006

Guides, Papers, etc
www.virtualization.info:
Debunking Blue Pill myth. Read more

blogs.securiteam.com:
What can be done with botnet C&C’s? Read more

blogs.securiteam.com:
Partial Disclosure is baaaaaaad. Read more

www.lurhq.com:
Mocbot/MS06-040 IRC Bot Analysis. Read more

www.f-secure.com:
IRC bot exploits the 5-day old MS-06040 vulnerability. Read more

isc.sans.org:
MS06-040: BOLO -- Be On the LookOut (NEW). Read more

www.javareport.com:
Apocalypse How? Next-gen Viruses, Worms. Read more

www.tcb.net:
Infrastructure Security Survey – 2H 2005. Read more

www.vmware.com:
A Comparison of Software and Hardware Techniques for x86 Virtualization. Read more

video.google.com:
How To Break Web Software - A look at security vulnerabilities in web software. Watch

www.informit.com:
XSS, Cookies, and Session ID Authentication – Three Ingredients for a Successful Hack. Read more

blogs.ittoolbox.com:
Good Grief! Department of Transportation Loses a Laptop! Read more

 

Tools:
today.reuters.com:
Microsofts offers tools to all types of game makers. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Solaris netstat/ifconfig Race Condition May Let Local Users Deny Service. Read more

securitytracker.com:
SquirrelMail 'compose.php' Lets Remote Authenticated Users Overwrite Variables. Read more

 

News
www.time.com:
How Hizballah Hijacks the Internet. Read more

www.computerworld.com:
U.S. DOT laptop with personal data on 133,000 Floridians stolen. Read more

www.digital-lifestyles.info:
Microsoft OneCare Hits US Anti-Virus Second Spot. Read more

www.gcn.com:
VA to analyze breached data. Read more

www.eweek.com:
Botnet Herders Attack MS06-040 Worm Hole. Read more

. 12 August 2006

Guides, Papers, etc
www.hrw.org:
“Race to the Bottom” Corporate Complicity in Chinese Internet Censorship. Read more

www.securityfocus.com:
Covert channel tool hides data in IPv6. Read more

www.it-observer.com:
Evolved IM Worms To Spread Across All Networks. Read more

www.it-observer.com:
Hybrid Application Security Analysis. Read more

www.informit.com:
XSS, Cookies, and Session ID Authentication – Three Ingredients for a Successful Hack. Read more

blog.tenablesecurity.com:
Helping to stop DDOS - Detecting DNS Recursion Configuration Issues. Read more

www.windowsnetworking.com:
Networking Basics: Part 1 - Networking Hardware. Read more

isc.sans.org:
Snort rulez management. Read more

www.youtube.com:
Video: RFID E-Passport Vulnerability. Watch

www.avertlabs.com:
When Samy meets Wiki. Read more

www.commoncause.org:
Wolves in Sheep's Clothing, Part 2: More Telecom Industry Front Groups and Astroturf. Read more

tech.cybernetnews.com:
So You Wanna Change Your Default Browser In Vista? Read more

 

Vulnerabilities & Exploits
securitytracker.com:
HP OpenView Storage Data Protector Input Validation Flaw in Backup Agents Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Xchat PRIVMSG Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
PHPMyRing Input Validation Flaw in 'view_com.php' Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
YaBB Input Validation Hole in 'categories' Parameter Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Symantec Backup Exec RPC Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code. Read more

securitytracker.com:
TinyWebGallery Include File Bug in 'image' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
xntpd '-u' Switch May Cause the Daemon to Run With Incorrect Group Privileges. Read more

securitytracker.com:
IPCheck Server Monitor Lets Remote Users Traverse the Directory. Read more

securitytracker.com:
SAP Internet Graphics Server Buffer Overflow Lets Remote Users Execute Arbitrary Code and Deny Service. Read more

 

News
www.securityfocus.com:
Stolen Florida laptop nets 133,000 identities. Read more

www.securityfocus.com:
DHS urges all Windows user to patch. Read more

technology.guardian.co.uk:
HSBC knew about security loophole in online banking. Read more

news.com.com:
Microsoft's antivirus package makes a splash. Read more

www.informationweek.com:
Researcher: Hacker Sophistication Outpacing Forensics. Read more

www.zone-h.org:
The Lieberman campaign site hacking incident. A political opponent's job? Zone-H's truth. Read more

www.vnunet.com:
Old hard drives yield dark secrets. Read more

techdirt.com:
Introducing Backdoors To VoIP Networks Makes Them More Secure? Read more

www.terra.net.lb:
Google to put one of the world's largest libraries online. Read more

. 11 August 2006

Guides, Papers, etc
blogs.zdnet.com:
Busted! What happens when WGA attacks. Read more

www.javareport.com:
Apocalypse How? Next-gen Viruses, Worms. Read more

www.emailbattles.com:
Confessions of a Real-World Linux Admin: “I Always Login As Root.” Read more

www.dailymail.co.uk:
How to protect your voicemail from hackers. Read more

www.usatoday.com:
Ten measures that students can take to protect themselves. Read more

www.infoworld.com:
Roam the Net naked. Read more

blogs.securiteam.com:
Very critical something or another in Ruby 1.1.5. Read more

blogs.msdn.com:
Call to Action: Help us clean up Manage Add-ons. Read more

news.com.com:
Parents shaky about kids' safety online. Read more

aolradio.podcast.aol.com:
Audio: Security Now! 52: Security Bulletins. Listen

 

Tools:
blog.tenablesecurity.com:
Nessus 3 Agent-less Compliance checks. Read more

www.darkreading.com:
A Portable Hacker Helper. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Solaris TCP/IP drain_squeue() Bug May Let Remote Users Panic the System. Read more

securitytracker.com:
Rails Unspecified Remote Vulnerability Has Unspecified Impact. Read more

securitytracker.com:
OpenSSH on Mac OS X Lets Remote Users Deny Service. Read more

 

News
www.usatoday.com:
Western Internet firms "act as censors" in China. Read more

www.varbusiness.com:
Google: Government Biggest Threat To Online Privacy. Read more

edition.cnn.com:
Report: Security flaw at HSBC. Read more

money.cnn.com:
Computer viruses seek out your cell phone. Read more

news.com.com:
Windows defense handcuffs good guys. Read more

www.theregister.co.uk:
Social sites a breeding ground for malware: report. Read more

www.theregister.co.uk:
Skype malware scam targets Turkey. Read more

www.techweb.com:
Windows Worm Warnings No Joke. Read more

www.internetnews.com:
To Patch Or Not To Patch? Read more

www.technewsworld.com:
Online Predator Studies Offer Good News, Bad News. Read more

www2.csoonline.com:
Man Faces 15 Years for Intercepting E-mail. Read more

. 10 August 2006

Guides, Papers, etc
www.emailbattles.com:
Defending Against New Rootkits That Beat BSD, Linux, Mac, Vista, AMD and Intel. Read more

www.offensivecomputing.net:
Further Down the VM Spiral. Detection of full and partial emulation for IA-32 virtual machines. Read more

www.nytimes.co:
A Face Is Exposed for AOL Searcher No. 4417749. Read more

blogs.securiteam.com:
Defacement to Commander, Naval Air Forces site. Read more

www.viruslist.com:
Myspace redux. Read more

ddanchev.blogspot.com:
Malware Statistics on Social Networking Sites. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Archangel Weblog Input Validation Holes in 'Name' and 'Comment' Parameters Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
docpile:we Include File Bug in 'INIT_PATH' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
phNNTP Include File Flaw in 'file_newsportal' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Windows Server Service Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.securityfocus.com:
AOL search data identified individuals. Read more

www.crn.com:
Researcher: Hacker Sophistication Outpacing Forensics. Read more

www.computerworld.com:
New Microsoft patch prompts DHS warning. Read more

news.com.com:
Homeland Security: Fix your Windows. Read more

technology.guardian.co.uk:
Security flaw leaves 3m HSBC online accounts open to fraud. Read more

today.reuters.com:
Google sees privacy threats. Read more

www.securityfocus.com:
E-Passport ally responds to cloning claims. Read more

www.theregister.co.uk:
Windows Live suffering from 'paralysis,' says Microsoft Ex. Read more

www.internetnews.com:
Bugs in Your BlackBerry. Read more

www.internetnews.com:
A Coverity Eye on Firefox Code. Read more

. 09 August 2006

Guides, Papers, etc
software.newsforge.com:
The Black Hat Wi-Fi exploit coverup. Read more

www.google.com:
How Fictitious Clicks Occur in Third-Party Click Fraud Audit Reports. Read more

eyeball-series.org:
A Brief Hacker History. Read more

www.esecurityplanet.com:
Getting to the Root of Rootkits. Read more

www.internetnews.com:
Hacking The Dead Cow. Read more

www.mcs.vuw.ac.nz:
Google Blocks Malware Searches? Read more

news.com.com:
FAQ: Protecting yourself from search engines. Read more

isc.sans.org:
Tip of the Day: mount options (NEW). Read more

www.networkworld.com:
Could your keyboard spy on you? Read more

db.usenix.org:
Keyboards and Covert Channels. Read more

news.com.com:
Dell reflects on 25 years of PCs. Read more

ddanchev.blogspot.com:
Big Momma Knows Best. Read more

silverstr.ufies.org:
Work around for "Threat Analysis & Modeling v2" tool least privilege install bug. Read more

 

Tools:
blogs.ittoolbox.com:
Cool Security Tools: UserAssist. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Microsoft Internet Explorer Bugs Let Remote Users Obtain Information or Execute Arbitrary Code. Read more

securitytracker.com:
Windows Kernel Incorrect Exception Handling Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Windows Hyperlink Object Library Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Windows 2000 Kernel Winlogon Alternate Path Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Windows 2000 Kernel Buffer Overflow Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Microsoft Office Buffer Overflow in Processing PowerPoint Records Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Visual Basic for Applications Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Management Console Input Validation Hole Permits Remote Code Execution. Read more

securitytracker.com:
Microsoft Outlook Express MHTML Parsing Error Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Windows Winsock and DNS Client Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Kerberos Application Flaws in Evaluating setuid/seteuid Calls May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Adobe ColdFusion Grants Users Access to AdminAPI. Read more

securitytracker.com:
phpPrintAnalyzer Include File Flaw in 'rep_par_rapport_racine' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Simplog Input Validation Hole in Search Function Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
SAPID Include File Bugs in 'root_path' and 'GLOBALS["root_path"]' Parameters Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
PHP zend_hash_del_key_or_index() May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
GroupWise Input Validation Holes in the Login Page and Other Pages Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
Sun Ray utxconfig Utility Lets Local Users Create or Modify Arbitrary Files. Read more

securitytracker.com:
Visual Events Calendar Include File Bug in 'cfg_dir' Parameter Lets Remote Users Execute Arbitrary Code. Read more

browserfun.blogspot.com:
MS06-044 - Internet Explorer 5.x. Read more

 

News
www.microsoft.com:
Microsoft Security Bulletin Summary for August, 2006. Read more

www.securityfocus.com:
Microsoft fixes 23 flaws. Read more

www.msnbc.msn.com:
FBI consultant spared jail time in hacking case. Read more

www.reghardware.co.uk Microsoft pulls plug on Virtual PC development. Read more

www.reghardware.co.uk VMware to open Windows-on-Mac tool to public testers. Read more

www.theregister.co.uk:
Phishing Trojan plays ping-pong with captured data. Read more

www.computerworld.com:
Trojan malware takes a bite out of BlackBerry. Read more

www.time.com:
How Hizballah Hijacks the Internet. Read more

www.whitedust.net:
Interview With Rob Malda aka CmdrTaco of Slashdot.org. Read more

www.theregister.co.uk:
AOL releases free anti-virus tool. Read more

www.techweb.com:
One In Three Users Are Victims of Viruses, Spyware, or Phishers. Read more

www.redorbit.com:
Hackers Compete at Conference: ; Event Lets Computer Experts Show How Vulnerable Networks Are. Read more

www.infoworld.com:
Researcher creates net neutrality test. Read more

news.zdnet.com:
Blog feeds may carry security risk. Read more

www.istartedsomething.com:
Vista speech recognition screencast: It works! Read more

www.extremetech.com:
Windows Vista and the Future of Hardware. Read more

. 08 August 2006

Guides, Papers, etc
blogs.ittoolbox.com:
DefCon: Friday Insanity! Read more

news.com.com:
Photos: Hacking at Defcon. Read more

www.eweek.com:
The Next Research Frontier: Game Cheating. Read more

www.tmcnet.com:
Beware the wireless hackers. Read more

www.darkreading.com:
Google Is Evil. Read more

www.podtrac.com:
Audio: Security Now! 51: Vista's Virgin Stack. Listen

 

Tools:
www.darkreading.com:
Free Fuzzing Tool Launched. Read more

www.activevirusshield.com:
Free Anti Virus software powered by Kaspersky. Read more

 

Vulnerabilities & Exploits
www.avertlabs.com:
SMIL Exploit - Silently Install Malware on Your Mobile Phone. Read more

securitytracker.com:
Clam AntiVirus Heap Overflow in pefromupx() in Processing UPX Files Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
PHP Simple Shop Include File Error in 'abs_path' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
XennoBB Missing Input Validation in the 'bday_day', 'bday_month', and 'bday_year' Parameters Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
FTD Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
DConnect Daemon Format String and Buffer Overflow Flaws Let Remote Users Deny Service or Execute Arbitrary Code. Read more

 

News
www.theregister.co.uk:
419ers no longer safe on their home turf. Read more

www.theregister.co.uk:
Stealth attack undermines Vista defences. Read more

www.vnunet.com/:
Hacker publicly cracks Windows Vista. Read more

www.darkreading.com:
New WMF Bug on the Loose. Read more

www.physorg.com:
JitterBugs could turn your keyboard against you. Read more

www.technewsworld.com:
Wireless Vulnerability Not Limited to MacBooks. Read more

www.theregister.co.uk:
Google offers malware warnings. Read more

www.techworld.com:
Cybercriminals taking cues from Mafia. Read more

www.techcrunch.com:
AOL Proudly Releases Massive Amounts of Private Data. Read more

news.com.com:
AOL offers glimpse into users' lives. Read more

www.macrumors.com:
Microsoft Officially Kills Virtual PC. Read more

www.theregister.co.uk:
Thai police crack credit card wiretap scam. Read more

www.kaspersky.com:
Kaspersky Engine integrates with Tall Emu security solution. Read more

www.publictechnology.net:
ID Cards: They can be hacked… and it's demonstrated at DEFCON. Read more

www.marketwatch.com:
Many consumers pay for ignoring online threats. Read more

www.techworld.com:
Aggressive mobile worm detected. Read more

www.redorbit.com:
Lawyer is an Unlikely Anti-Spyware Crusader. Read more

. 07 August 2006

Guides, Papers, etc
blogs.pcworld.com:
How to Keep a Phish Alive. Read more

www.eweek.com:
The Dilemma of Reporting Spyware Attacks. Read more

www.f-secure.com:
Khallenge Results. Read more

isc.sans.org:
Tip of the Day: Be unpredictable and diverse. Read more

blogs.msdn.com:
Revised IE7 Naming in Windows Vista. Read more

ddanchev.blogspot.com:
Malware Bot Families, Technology and Trends. Read more

www.passivemode.net:
Macbook Wireless Exploit Revealed. Read more

blogs.pcworld.com:
Internet Explorer 7: The Name Game. Read more

 

Tools:
prdownloads.sourceforge.net:
HoneyC 1.0.0 released. This version concentrates on searching for malicious web servers based on Snort signatures. It does not contain any malware signatures yet, but it is planned that those will appear shortly in the next version. Download

www.ultimatebootcd.com:
Ultimate boot CD. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Eremove Buffer Overflow in preview_create() May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
PHP Live Helper Include File Flaw in 'global.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Linksys WRT54g Router Lets Remote Users Modify the Configuration. Read more

 

News
news.zdnet.co.uk:
Google launches malware warnings. Read more

news.zdnet.co.uk:
Black Hat researcher hacks Vista. Read more

www.chron.com:
Hackers gather at confab to penetrate computers, pick locks, spray pellets. Read more

www.networkworld.com:
Microsoft looks for ways to combat Blue Pill, code signing bypass. Read more

www.betanews.com:
12 Patches Coming for Patch Tuesday. Read more

www.wired.com:
Blackberry a Juicy Hacker Target. Read more

www.smh.com.au:
Teen chatrooms get a virtual bouncer. Read more

. 05 August 2006

Guides, Papers, etc
blogs.securiteam.com:
BlackHat USA 2006 Scandal with Michael Lynn? Not Quite. Read more

www.reviewjournal.com:
Hacker convention a hot ticket. Read more

www.securityfocus.com:
Attackers pass on OS, aim for drivers and apps. Read more

www.itwire.com.au:
Vista gets thumbs up from Black Hat hackers. Read more

www.informationweek.com:
Black Hat: Vista Vulnerable To Stealthy Malware Despite Body Cavity Search. Read more

www.internetnews.com:
Browser Cache: Goodies For Hackers. Read more

arstechnica.com:
Hacker warns of hardware vulnerabilities. Read more

www.theregister.co.uk:
VoIP hacking exposed. Read more

www.f-secure.com:
Updated Commwarrior.Q Description and Disinfection Method. Read more

isc.sans.org:
Packet Analysis Challenge: The Solution. Read more

www.networkworld.com:
Testers question stability of latest Vista beta. Read more

www.computerworld.com:
So how do you code an AJAX Web page? Read more

 

Vulnerabilities & Exploits
securitytracker.com:
CA eTrust Antivirus WebScan Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
toendaCMS Input Validation Hole in 's' Parameter Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Sendcard Grants Administrative Access to Remote Users and Permits Remote Code Execution. Read more

securitytracker.com:
PC Tools AntiVirus Insecure Directory Permissions Let Local Users Gain Elevated Privileges. Read more

 

News
www.washingtonpost.com:
Senate Ratifies Cybercrime Treaty. Read more

www.securityfocus.com:
Researchers warn over Web worms. Read more

news.zdnet.co.uk:
Symantec fixes its chuch spyware mistake. Read more

www.securityfocus.com:
War driving by rocket at 6,800 feet. Read more

www.gulf-daily-news.com:
Interpol to track down hacker. Read more

www.sltrib.com:
Drivers get sticker shock at car wash. Read more

. 04 August 2006

Guides, Papers, etc
blogs.ittoolbox.com:
Blackhat Day #2. Read more

www.viruslist.com:
BlackHat USA 2006. Read more

www.pcw.co.uk:
Feature: Improve your XP security. Read more

www.eweek.com:
Security and the Home Enterprise. Read more

isc.sans.org:
XP local privilege escalation demonstrated. Read more

blogs.securiteam.com:
Trojans found Word, Excel, PowerPoint - and Access. Read more

www.f-secure.com:
Assembly Reverse Engineering Khallenge - and the Return of Otto. Read more

www.computing.co.uk:
Hacking is anything but child's play. Read more

www.winsupersite.com:
Is Windows Vista Ready? Read more

www.passivemode.net:
Metasploit Framework V3.0. Read more

www.linux.com:
How to launch Windows binaries on Linux directly. Read more

www.internetnews.com:
Vista Security Mostly Invisible But Thorough. Read more

www.rietta.com:
Firefox Extension Development Tutorial :: Overview. Read more

today.reuters.co.uk:
Couple-surfing to enhance cyber-love. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
WoWRoster Include File Flaw in 'hsList.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
LibTIFF Multiple Bugs Let Remote Users Execute Arbitrary Code. Read more

 

News
www.securityfocus.com:
Attackers pass on OS, aim for drivers and apps. Read more

www.usatoday.com:
Microsoft to hackers: try to break Vista. Read more

edition.cnn.com:
Microsoft to hackers: Take your best shot. Read more

www.eweek.co:
Microsoft Sways Black Hatters with Vista Security Pledge. Read more

www.theregister.co.uk:
You're 0wn3d! Wi-Fi driver hack attack demoed. Read more

www.theregister.co.uk:
Attackers pass on operating systems. Read more

www.theregister.co.uk:
VoIP hacking exposed. Read more

www.pcworld.com:
Researcher Discloses Serious Xerox Printer Flaw. Read more

www.theregister.co.uk:
What are we going to do about click fraud? Form a committee! Read more

www.gulf-daily-news.com:
Interpol to track down hacker. Read more

blog.washingtonpost.com:
'Spamford' Spins Disks at Black Hat. Read more

news.com.com:
Google's copyright tussles. Read more

. 03 August 2006

Guides, Papers, etc
blogs.ittoolbox.com:
BlackHat Day #1. Read more

www.f-secure.com:
Wi-Fi Hacking on Stage in Las Vegas. Read more

news.com.com:
A Cisco zero-day at Black Hat? Read more

news.com.com:
Don't call it in. Read more

news.com.com:
Keyboard profiling at Black Hat. Read more

news.com.com:
FBI calls for hacker help. Read more

news.com.com:
Black Hat with a Vista twist. Read more

chkpt.zdnet.com:
Audio: Podcast: Love, hate and your DVR. Read more

cut-thecrap.blogspot.com:
Is the AV industry failing? Read more

blogs.securiteam.com:
Mass defacement to Federal Executive Board sites. Read more

isc.sans.org:
Security Tip of the day: Handling brute-force login attempts (NEW). Read more

www.newscientisttech.com:
Invention: VoIP mangling. Read more

www.symantec.com:
Windows Vista Network Attack Surface Analysis: A Broad Overview. Read more

www.csclub.uwaterloo.ca:
Spam Filters: Do they work and Can you prove it. Read more

www.symantec.com:
Criss-Cross. Read more

www.symantec.com:
Windows Rootkit Overview. Read more

www.scotsnewsletter.com:
Looking for the Right Antivirus Program, Part II. Read more

www.scotsnewsletter.com:
Looking for the Right Antivirus, Part III. Read more

www.scotsnewsletter.com:
Looking for the Right Antivirus, Part IV. Read more

www.theregister.co.uk/:
Net neutrality - the great debacle. Read more

www.securityfocus.com:
Apple makes Trusted Computing cool. Read more

blog.washingtonpost.com:
Hijacking a Macbook in 60 Seconds or Less. Read more

www.passivemode.net:
Cracking Windows Passwords. Read more

 

Vulnerabilities & Exploits
www.hardwarezone.com:
Centrino Wireless Flaw Leaves Laptops Open to Hacker Exploitation. Read more

securitytracker.com:
Cisco CallManager Express Lets Remote Users Determine SIP User Names. Read more

securitytracker.com:
TSEP Include File Bug in '/include/copyright.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Sun Fire T2000 Does Not Properly Detect Invalid DSA Signatures. Read more

securitytracker.com:
ProCurve Switch Memory Leak Lets Remote Users Deny Service. Read more

securitytracker.com:
GnuPG Integer Overflow Lets Local Users Deny Service. Read more

securitytracker.com:
Intel PRO/Centrino Wireless Drivers Let Local and Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Apple AFP Server Discloses Files to Local Users and Lets Users Deny Service or Execute Arbitrary Code. Read more

securitytracker.com:
Symantec On-Demand Agent Lets Local Users Decrypt Files. Read more

securitytracker.com:
BlackICE Insufficient Access Controls on 'pamversion.dll' Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
MySQL MERGE Access Control Error May Let Users Access a Restricted Table. Read more

 

News
www.theregister.co.uk:
Symantec highlights Windows Vista user vulnerabilities. Read more

www.theregister.co.uk:
McAfee security bug bites deep. Read more

www.wired.com:
Hackers Clone E-Passports. Read more

www.vnunet.com:
two factor cracked. Read more

news.zdnet.co.uk:
FBI: Help us fight hackers. Read more

www.thanhniennews.com:
Virtual attacker arrested in Hanoi. Read more

www.theregister.co.uk:
ActiveX security faces storm before calm. Read more

www.techworld.com:
'Brute force' attacks on SMBs increase. Read more

. 02 August 2006

Guides, Papers, etc
blogs.securiteam.com:
Lycos intranet site hacked. Read more

www.f-secure.com:
Why Not MySpace? Read more

www.sysinternals.com:
The First Week. Read more

www.zdnet.com.au:
Why popular antivirus apps 'do not work'. Read more

www.emailbattles.com:
How Microsoft Stacks The Deck When Comparing Windows and Linux Vulnerabilities. Read more

www.spidynamics.com:
Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript. Read more

blogs.securiteam.com:
“Software vulnerabilities don’t follow timetables”. Read more

www.it-observer.com:
Top Four Reasons for Email Archiving. Read more

www.symantec.com:
Analysis of the Windows Vista Security Model. Read more

www.crn.com:
Ballmer Analyzes Microsoft's 'One Big' Vista Mistake. Read more

www.newsfactor.com:
Internet Privacy: A License for Libel? Read more

www.computer.org:
A Process for Performing Security Code Reviews. Read more

shuzak.com:
Napoleonic Lessons for Google & Microsoft. Read more

 

Vulnerabilities & Exploits
isc.sans.org:
*Intel Centrino Vulnerabilities (NEW). Read more

securitytracker.com:
McAfee VirusScan Unspecified Bug Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
myEvent Include File Error in 'initialize.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Lhaplus Buffer Overflow in Extracting LZH Archives Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
MyNewsGroups Include File Flaw in 'myng_root' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
VMware ESX Server URL-Based Password Change Function May Let Remote Users Change a Target User's Password in Certain Cases. Read more

securitytracker.com:
Open Cubic Player Buffer Overflows May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
PHP Error in ip2long() May Let Remote Users Inject SQL Commands Via Applications That Use the Function for Validation. Read more

 

News
www.theregister.co.uk:
Worm targets Windows PowerShell script. Read more

www.technewsworld.com:
McAfee Readies Patch for Security Vulnerability. Read more

www.msnbc.msn.com:
Hackers and G-men to descend on Las Vegas. Read more

entmag.com:
BlackHat, DefCon Pranks Underlie Larger Security Message. Read more

www.theage.com.au:
Israel hacks into Hezbollah TV, radio. Read more

www.securitypark.co.uk:
Majority of worms, viruses, spams and Trojans originate in the Far East. Read more

today.reuters.co.uk:
China intellectuals decry closure of Web site. Read more

www.securityfocus.com:
SCADA flaw checks coming to Nessus. Read more

security.ithub.com:
eEye Warns of Worm Hole in McAfee Anti-virus Products. Read more

www.theregister.com:
US chat sites ban could hit all kinds of sites. Read more

www.theregister.com:
US social networking ban could unfairly block some sites. Read more

www.vnunet.com:
Hackers ramp up 'insidious' targeted attacks. Read more

www.internetnews.com:
SkyBox Offers Risk Management For Network Security. Read more

times.hankooki.com:
Google to Delete 95,219 Korean IDs. Read more

service.spiegel.de:
How Google Earth Is Changing Science. Read more

. 01 August 2006

The Trojan Information Archive has been updated!

 

Guides, Papers, etc
www.securityfocus.com:
ActiveX security faces storm before calm. Read more

www.it-observer.com:
Today's malware technology. Read more

www.eweek.com:
Will Black Hat Take the Green and Go Yellow? Read more

www.f-secure.com:
Viva Las Vegas. Read more

www.megabit.nl:
Megabit 2006. Read more

isc.sans.org:
Bleeding Snort Domain. Read more

www.securityfocus.com:
E-mail privacy in the workplace. Read more

www.totaltele.com:
Are hackers eyeing your network? Read more

www.professionalsecurity.co.uk:
Report on malware, 01/08/2006. Read more

www.eweek.com:
Web Heroics Wanted. Read more

www.eweek.com:
Agility Must Not Compromise Stability. Read more

blogs.msdn.com:
Changes to IDN in IE7 to now allow mixing of scripts. Read more

techdirt.com:
Bot-On-Bot eBay Scamming. Read more

www.cigital.com:
Audio: Show 004 - An Interview with Dana Epp. Listen

www.twit.tv:
Audio: TWiT 64: Chaos Theory. Read more

 

Vulnerabilities & Exploits
browserfun.blogspot.com:
AxMan ActiveX Fuzzer. Read more

www.informit.com:
Wireless Gadget Vulnerabilities: The Nikon Coolpix P1. Read more

ha.ckers.org:
Cross Site Scripting Vulnerability in Google. Read more

 

News
www.securityfocus.com:
Windows Vista limits security add-ons. Read more

www.techworld.com:
Hackers smoke out Firefox. Read more

www.computerweekly.com:
Virtualisation software could enable malicious hackers to compromise machines that have virtualisation hardware support at the chip level, a security expert has warned. Read more

www.newsnow.co.uk:
Security Bytes: ISS warns of new Microsoft Windows flaw. Read more

www.vnunet.com:
Virus writers target Windows Powershell scripting language. Read more

www.theregister.co.uk:
419ers debut Interpol mirror site. Read more

www.securityfocus.com:
Firm classifies flaws to help developers. Read more

www.terra.net.lb:
China shuts blog by Tibetan author that wished Dalai Lama happy birthday. Read more


Copyright© MegaSecurity.org