Home    News Archive    Translate Traducen
News August 2007
31 August 2007

Guides, Papers, etc
www.f-secure.com:
Bank of India's website compromised. Read more

www.avertlabs.com:
Compromised Bank Of India Website! Read more

sunbeltblog.blogspot.com:
Update on the Bank of India situation. Read more

www.cisrt.org:
Warezov.qy, smile.exe. Read more

www.cisrt.org:
Zhelatin began using codec.exe. Read more

www.schneier.com:
Computer Forensics Case Study. Read more

www.eweek.com:
Who's In Charge of Code Signing? Read more

ddanchev.blogspot.com:
Bank of India Serving Malware. Read more

ddanchev.blogspot.com:
Massive Online Games Malware Attack. Read more

www.darkreading.com:
Korea Investigates Anti-Spyware Makers. Read more

ha.ckers.org:
Overwriting Attributes. Read more

aolradio.podcast.aol.com:
Audio: Security Now 107: PIP and More Perfect Passwords. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
Yahoo! Messenger Buffer Overflow in ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Absolute Poll Manager XE Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Apache mod_proxy Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
SSHKeychain Discloses Passwords to Local Users. Read more

securitytracker.com:
MySQL Authentication Protocol Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
SSHKeychain TunnelRunner Lets Local Users Gain Root Privileges. Read more

securitytracker.com:
Fetchmail Warning Message Forwarding Bug Lets Users Deny Service. Read more

securitytracker.com:
Red Hat Network Satellite Server XMLRPC Bug Lets Remote Authenticated Users Execute Arbitrary Code. Read more

 

News
www.theregister.co.uk:
MSN Messenger flaw creates web cam peril. Read more

news.zdnet.co.uk:
Sony pleads innocent in latest rootkit fiasco. Read more

www.techworld.com:
Hacker cracks embassy systems. Read more

news.softpedia.com:
Yahoo Messenger Gets CAPTCHA Security Feature. Read more

community.zdnet.co.uk:
Bill website hacked? Read more

www.vnunet.com:
Malware-laden spam promises pop videos. Read more

www.theregister.co.uk:
MS tweaks Vista with minor updates. Read more

www.smh.com.au:
Hackers stole 'millions' of users' IDs. Read more

30 August 2007

Guides, Papers, etc
www.f-secure.com:
Sony's USB Rootkit vs Sony's Music Rootkit. Read more

www.securityfocus.com:
Virtualized rootkits - Part 2. Read more

www.securityfocus.com:
You Can Detect Hypervisor Rootkits Even If You're Virtualized. Read more

www.benedelman.org:
Threats Against Spyware Detectors, Removers, and Critics. Read more

isc.sans.org:
Vista Patches? Read more

isc.sans.org:
Fedora public key issues. Read more

www.avertlabs.com:
More Nuwar Woes! Read more

sunbeltblog.blogspot.com:
Zango suffers major setback in its legal posture; ... Read more

ddanchev.blogspot.com:
Storm Worm's use of Dropped Domains. Read more

ddanchev.blogspot.com:
DIY Phishing Kits. Read more

www.darkreading.com:
On the Trail of 'Fast Flux' Botnets. Read more

www.darkreading.com:
How to Centralize Windows Event Logs. Read more

news.com.com:
Vista SP1: Small things come in big packages. Read more

resources.zdnet.co.uk:
Wi-Fi: The next generation. Read more

video.google.com:
Searching For Evil. Watch

 

Vulnerabilities & Exploits
securitytracker.com:
Cisco CallManager/Unified Communications Manager Input Validation Holes Permit Cross-Site Scripting and SQL Injection Attacks. Read more

securitytracker.com:
Novell Client NWSPOOL.DLL Stack Overflows Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
MSN Messenger Buffer Overflow in Processing Webcam Streams Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.securityfocus.com:
RIAA criticized over anti-piracy tactics. Read more

www.theregister.co.uk:
Sony bundles rootkit-like software on USB drive. Read more

www.computerworlduk.com:
Microsoft blames human error for Windows WGA problems. Read more

www.theregister.co.uk:
Zango abandons PC Tools adware lawsuit. Read more

www.reuters.com:
China counters German hackers and spying reports. Read more

www.itrportal.com:
Kaspersky reveals virus creators are suffering from ‘writer’s block’. Read more

www.theregister.co.uk:
VXers rain on YouTube's parade. Read more

www.techworld.com:
Monster outlines antifraud measures. Read more

www.theregister.co.uk:
Microsoft promises less-annoying Vista OS early next year. Read more

www.theregister.co.uk:
Storm Worm descends on Blogger.com. Read more

www.webuser.co.uk:
Beyonce, Rihanna video Trojan scam. Read more

29 August 2007

Guides, Papers, etc
www.benedelman.org:
A Closer Look at Coupons.com. Read more

blogs.securiteam.com:
Now fingerprint reader and rootkits - Sony did it again. Read more

isc.sans.org:
Potential MSN Messenger video conversation vulnerability. Read more

isc.sans.org:
BIND 8 is now End of Life. Read more

isc.sans.org:
Non-malicious compromise pointing to a benign VBScript! Read more

www.cisrt.org:
Setup.exe, Zhelatin new tactics. Read more

www.avertlabs.com:
Hide me Sony one more time! Read more

sunbeltblog.blogspot.com:
Storm worm hits Blogger. Read more

sunbeltblog.blogspot.com:
Storm worm: And now digital puppies! Read more

ddanchev.blogspot.com:
The Economics of Phishing. Read more

www.darkreading.com:
Enterprises Wrestle With Security Policies. Read more

www.darkreading.com:
'Dream Team' Takes on Black Hats. Read more

www.darkreading.com:
Black Hat's Video Review. Read more

www.eweek.com:
The End of the NDR. Read more

news.softpedia.com:
Hacker Attacks: Firefox and Opera Survive While IE Does Not! Read more

ha.ckers.org:
Paper on Hacking Intranets Using Websites (Not Web Browsers). Read more

www.darkreading.com:
Video: The Great Rootkit Debate. Watch

www.darkreading.com:
Video: Gadi Evron. Lessons In Cyberwar. Watch

 

Vulnerabilities & Exploits
securitytracker.com:
WebLogic SSL Server May Use Null Encryption. Read more

securitytracker.com:
WebLogic SSL Clients May Use Null Encryption. Read more

securitytracker.com:
Oracle JInitiator ActiveX Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Subversion Windows Client Input Validation Flaw in filename Parameter Lets Remote Authenticated Users Create/Overwrite Files. Read more

securitytracker.com:
Thomson ST 2030 SIP Phone Can Be Crashed By Remote Users Sending an Empty Packet. Read more

securitytracker.com:
BIND 8 Transaction ID Generation Algorithm Lets Remote Users Conduct DNS Cache Poisoning Attacks. Read more

securitytracker.com:
Motorola/Netopia Timbuktu Buffer Overflows Let Remote Users Execute Arbitrary Code and Directory Traversal Bug Lets Remote Users Create/Delete Arbitrary Messages. Read more

securitytracker.com:
PhpGedView Input Validation Hole in 'login.php' Permits Cross-Site Scripting Attacks. Read more

 

News
www.vnunet.com:
Security flaw hits MSN Messenger. Read more

www.theregister.co.uk:
Aussie gov anti-porn filter 'useless', says teen. Read more

www.computeractive.co.uk:
Zango withdraws PC Tools complaint. Read more

28 August 2007

Guides, Papers, etc
blogs.technet.com:
Vista Multimedia Playback and Network Throughput. Read more

www.avertlabs.com:
Signs of Smoke for .mobi. Read more

www.cisrt.org:
G038_jpg.zip, IRCBot.aex. Read more

chris.pirillo.com:
Zango is Hijacking Videos!? Read more

chris.pirillo.com:
Revver is Behind Zango Crapware Fiasco. Read more

www.darkreading.com:
China's Premier 'Gravely Concerned' by Hack on Germany. Read more

ha.ckers.org:
Paper on Hacking Intranets Using Websites (Not Web Browsers). Read more

 

Vulnerabilities & Exploits
securitytracker.com:
SIDVault Login Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Thomson ST 2030 SIP Phone TO URI Processing Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
Clam AntiVirus clamav-milter for sendmail Unsafe popen() Call Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
VMware Buffer Overflow in vmstor-60 Driver Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Sophos Anti-Virus UPX Processing Bug May Let Remote Users Execute Arbitrary Code and GZip Bug Lets Remote Users Deny Service. Read more

 

News
www.computerworld.com:
Deja vu all over again: Sony uses rootkits, charges F-Secure. Read more

www.securityfocus.com:
Report: Germans spot Chinese spy attacks. Read more

news.xinhuanet.com:
Premier Wen: China opposes hacker activity. Read more

www.theregister.co.uk:
Windows Genuine (dis)Advantage cries wolf (again). Read more

www.technewsworld.com:
Weekend WGA Failure Locked Out Legit Windows Vista Users. Read more

www.informationweek.com:
Microsoft Piracy Check Snafu Mislabels Authentic Windows Copies. Read more

www.betanews.com:
Microsoft Responds to Re-discovery of Vista Network Slowdowns Read more

www.infoworld.com:
Spam fighters hit criminals' weak spot. Read more

www.computerworld.com.au:
Site auctions software vulnerabilities to top bidder. Read more

www.betanews.com:
TorrentSpy Closes Doors to US Users. Read more

www.reghardware.co.uk:
Dell laptop explodes 'like fireworks'. Read more

27 August 2007

Guides, Papers, etc
www.f-secure.com:
Double Whammy! Another Sony Case (And it's Not BioShock). Read more

www.f-secure.com:
Targeted trojan attacks against German government. Read more

www.gnucitizen.org:
I don’t think that you understand! - Firefox3 Vulnerable by Design. Read more

forum.skype.com:
Skype 1.4.0.99 reads /etc/ passwd and firefox profile. Read more

www.hackerfactor.com:
Point-of-Sale Vulnerabilities. Read more

isc.sans.org:
How Secure Is That Point-of-sale Device? Read more

isc.sans.org:
Targets of the day. Read more

www.cisrt.org:
images.zip,MyGallery5156.zip,img4851.zip. Read more

www.avertlabs.com:
Latest Nuwar Spamming Uses YouTube Lure. Read more

sunbeltblog.blogspot.com:
Update on new IRS phishing scam. Read more

sunbeltblog.blogspot.com:
Beware new IRS phishing tactic. Read more

www.darkreading.com:
New Intel Processor Fights Rootkits, Virtualization Threats. Read more

ddanchev.blogspot.com:
Your Point of View - Requested! Read more

ddanchev.blogspot.com:
DIY Pharming Tools. Read more

newsroom.cisco.com:
Study Reveals Insight, Opportunity for IT to Protect Mobile Wireless Users. Read more

blogs.securiteam.com:
ISOI 3 is on, and Washington DC is hot. Read more

tech.blorge.com:
Storm Worm criminals behind confirmation email spam outbreak. Read more

adamheckler.wordpress.com:
How-To: Encrypt and hide a disk partition. Read more

reviews.zdnet.co.uk:
10 ways to increase Vista's performance. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
HP-UX Ignite-UX/DynRootDisk get_system_info Command Bug Lets Local Users Modify the Network Configuration. Read more

securitytracker.com:
Asterisk IMAP Voicemail Storage Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
Helix DNA Server RTSP Require Header Bug Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.reuters.com:
China counters German hackers and spying reports. Read more

www.pcworld.com:
German Government PCs Hacked. Read more

25 August 2007

Guides, Papers, etc
www.wired.com:
Hackers Take Down the Most Wired Country in Europe. Read more

isc.sans.org:
Humour, Politics and Kids online. Read more

isc.sans.org:
The value of Non-Delivery-Reports (NDR). Friday Editorial. Read more

www.cisrt.org:
Zhelatin begins using HTML. Read more

www.avertlabs.com:
Digital Reality Misunderstanding. Read more

www.symantec.com:
The new Peacomm infection techniques. Read more

www.symantec.com:
ATI’s penicillin to PurplePill and the PatchGuard patch that wasn’t. Read more

ddanchev.blogspot.com:
Distributed WiFi Scanning Through Malware. Read more

taosecurity.blogspot.com:
Experts: IDS is here to stay. Read more

anti-virus-rants.blogspot.com:
threat centric reality check. Read more

www.technewsworld.com:
The Anatomy of an iPhone Exploit. Read more

www.darkreading.com:
Phishers in Microsoft's Clothing. Read more

www.darkreading.com:
Red Curtain Reveals Malware. Read more

www.darkreading.com:
The Lost Companies. Read more

www.computerworld.com:
Are data breach lawsuits just tilting at windmills? Read more

news.bbc.co.uk:
Is stealing wireless wrong? Read more

www.youtube.com:
Video: Storm Site. Watch

erratasec.blogspot.com:
THE CYBERWAR IS COMING, THE CYBERWAR IS COMING. Read more

ha.ckers.org:
Protected Music Disclosure on MySpace. Read more

www.infectionvectors.com:
Viral Evolution. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Bugzilla Bugs Let Remote Users Inject Commands, Obtain Restricted Information, and Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
Thomson ST 2030 SIP Phone Lets Remote Users Deny Service. Read more

securitytracker.com:
Novell Identity Manager May Disclose Passwords to Local Users. Read more

securitytracker.com:
WebSVN Input Validation Hole in 'filedetails.php' Permits Cross-Site Scripting Attacks. Read more

 

Tools:
fileforum.betanews.com:
Sophos Anti-Rootkit 1.3.1. Read more

fileforum.betanews.com:
SUMo (Software Updates Monitoring) detects applications you are using and tracks updates. Read more

 

News
arstechnica.com:
WHOIS privacy reform reaches dead end. Read more

www.securityfocus.com:
Hacks let the iPhone roam. Read more

www.theregister.co.uk:
'Microsoft' to compensate 419 victims. Read more

www.esecurityplanet.com:
Storm Worm Gathers Strength On The Internet. Read more

www.computeractive.co.uk:
PlusNet error deletes users' email. Read more

www.stuff.co.nz:
Aussie teen cracks govt $A84m porn filter. Read more

www.informationweek.com:
Trojan Authors Recruit 'Money Mules' From List Of Stolen Identities. Read more

www.boingboing.net:
BioShock game bundled with DRMalware. Read more

www.smh.com.au:
Job site waited five days before revealing hack. Read more

www.theregister.com:
Google changes Street View privacy policy. Read more

24 August 2007

Guides, Papers, etc
news.com.com:
How MySpace brought down a spammer. Read more

blogs.iss.net:
Old Threats Never Die. Read more

blog.internetgovernance.org:
Whois Privacy Stalemate...Again. Read more

blog.wired.com:
'Cyberwar' and Estonia's Panic Attack. Read more

isc.sans.org:
Trend Micro ServerProtect Update. Read more

isc.sans.org:
Trend Micro management exploit payload perhaps? Read more

www.avertlabs.com:
Research Reveals Collision of Cell Networks With Internet. Read more

www.infoworld.com:
Honeypots as sticky as ever. Read more

www.cisrt.org:
p0017_jpg.zip, F0538_jpg.zip. Read more

sunbeltblog.blogspot.com:
The return of the disingenuous double v. Read more

sunbeltblog.blogspot.com:
Now THAT'S authentication... Read more

sunbeltblog.blogspot.com:
Latest virus testing results. Read more

www.sophos.com:
High volume phish campaign strikes Australian internet users. Read more

msmvps.com Winfixer hide 'n' seek: explaining why some people see the ads, and some people don't. Read more

www.darkreading.com:
Hacking for Charity. Read more

www.darkreading.com:
Slammer, Other Older Threats Making a Comeback. Read more

lifehacker.com:
The Virtual Machine Roundup. Read more

www.lightbluetouchpaper.org:
Phishing website removal — comparing banks. Read more

mcwresearch.com:
Girls, msg me. Read more

ha.ckers.org:
XSS and Possible Information Disclosure in Urchin. Read more

www.cyber-ta.org:
BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation. Read more

aolradio.podcast.aol.com:
Audio: Security Now 106: Steve’s Mailbag #2. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
GNU tar contains_dot_dot() Directory Traversal Bug Lets Remote Users Overwrite Files. Read more

securitytracker.com:
Gransdstream GXV3000 IP Video Phone Lets Remote Users Eavesdrop on Conversations on Deny Service. Read more

 

Tools:
fileforum.betanews.com:
RunScanner is a completely free windows system utility which scans your system for all configured running programs. Read more

 

News
www.computerworlduk.com:
Hackers 'target' enterpise servers running Trend anti-virus. Read more

www.securityfocus.com:
Monster.com shuts down data cache. Read more

www.theregister.co.uk:
Monster.com torpedoes rogue server as malware scam rolls on. Read more

www.theregister.co.uk:
Hotmail hack punts person in peril scam. Read more

www.pcadvisor.co.uk:
Fix available for Yahoo Messenger video exploit. Read more

www.theregister.co.uk:
A wardriving we will go! Read more

www.theregister.co.uk:
AOL ID thief faces 7 years. Read more

www.theregister.co.uk:
Hackers prowl for Trend Micro vuln. Read more

www.computerworld.com:
Seagate to offer solid-state drives in 2008. Read more

23 August 2007

Guides, Papers, etc
www.securityfocus.com:
Virtualized rootkits - Part 1. Read more

www.wired.com:
When Bots Attack. Read more

www.sophos.com:
High volume phish campaign strikes Australian internet users. Read more

isc.sans.org:
Trend Micro management exploit payload perhaps? Read more

isc.sans.org:
Trend Micro scanning on TCP 5168. Read more

www.avertlabs.com:
‘Fun World’? Not Really–Part 2. Read more

ddanchev.blogspot.com:
The Nuclear Malware Kit. Read more

www.cisrt.org:
MSN Worm Variants Keep active. Read more

sunbeltblog.blogspot.com:
Sunbelt Weekly TechTips #58. Read more

sunbeltblog.blogspot.com:
Second Life Seminars: How To Keep The Bad Guys Out Of Your PC. Read more

sunbeltblog.blogspot.com:
Should the Government be in the ISP Business? Read more

ha.ckers.org:
Articles on CAPTCHAs. Read more

www.darkreading.com:
UK Plans Big Spend on ID Management. Read more

www.darkreading.com:
Hacking Germany's New Computer Crime Law. Read more

www.darkreading.com:
Ukranian Suspect Could Help Break TJX Case. Read more

www.darkreading.com:
Finding the Leaks in Leak Prevention. Read more

www.esecurityplanet.com:
Secure Your Email with Encryption. Read more

apcmag.com:
Linus Torvalds talks future of Linux. Read more

taosecurity.blogspot.com:
What Hackers Learn that the Rest of Us Don't. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Solaris x86 ATA Disk Driver IOCTL Bugs Let Local Users Deny Service. Read more

securitytracker.com:
eCentrex Web Phone Buffer Overflow in 'uacomx.ocx' ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Asterisk SIP Dialog History Processing Error Lets Remote Users Deny Service. Read more

securitytracker.com:
Trend Micro ServerProtect Buffer Overflows in ServerProtect Modules Let Remote Users Execute Arbitrary Code. Read more

 

News
www.securityfocus.com:
Fraudsters focus on job sites. Read more

www.pcadvisor.co.uk:
Storm Trojan to target Mexican hurricane. Read more

itn.co.uk:
Man arrested for stealing broadband. Read more

22 August 2007

Guides, Papers, etc
blogs.securiteam.com:
MS Patch Tuesday and Skype outage - why things don’t matched. Read more

blogs.securiteam.com:
Cryptome updates its database: NSA surveillance works globally. Read more

blogs.securiteam.com:
Ciaaaaaaliiis Viaaaaaagraaa - Nooo thaaanks! Read more

www.avertlabs.com:
‘Fun World’? Not Really. Read more

www.symantec.com:
New Storm Front Moving In. Read more

blogs.pandasoftware.com:
Has your credit card been stolen? Read more

blog.spywareguide.com:
Bored Spammers. Read more

ddanchev.blogspot.com:
Offensive Storm Worm Obfuscation. Read more

msmvps.com:
CONFIRMED! whitepages.com is serving up ErrorProtector/ErrorSafe (aka Winfixer) banner ads. Read more

heartbeat.skype.com:
The Microsoft connection clarified. Read more

justinsomnia.org:
Search Engine Marketeers are the new script kiddies. Read more

www.darkreading.com:
Site Services Pay Damages for Bill-Doctoring. Read more

www.darkreading.com:
Cenzic Patent Case Worries Web Researchers, Vendors. Read more

www.darkreading.com:
Google's Flawed Search for Security. Read more

www.seroundtable.com:
Search Engines On Click Fraud. Read more

robnewby.blogspot.com:
Who's watching my data? Read more

ha.ckers.org:
Another Photobucket Locked and Private Directory Disclosure Issue. Read more

www.networkworld.com:
Vista prevents users from playing high-def content, researcher says. Read more

www.technewsworld.com:
iPhone: A Tempting Target to Malware Makers. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Trend Micro Anti-Spyware Buffer Overflow in vstlib32.dll Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Cisco 7940/7960 IP Phones Can Be Crashed By Remote Users. Read more

 

News
www.securityfocus.com:
Storm Worm pursues more "members". Read more

www.theregister.co.uk:
Storm Worm of a thousand faces. Read more

www.theregister.co.uk:
Researcher crosses swords with Google over XSS 'flaw'. Read more

www.computeractive.co.uk:
Italian police fry Phish & Chip gang. Read more

wkbt.com:
Bond of $2,000 set in computer hacking case. Read more

www.usatoday.com:
Most teen hackers more curious than criminal. Read more

21 August 2007

Guides, Papers, etc
www.f-secure.com:
Zhelatin/Storm changes yet again. Read more

isc.sans.org:
Storm of the Day (Welcome Member). Read more

www.avertlabs.com The Risks of HTML-Formatted E-mails. Read more

www.cisrt.org:
Zhelatin changes themes again. Read more

www.cisrt.org:
IMG024.JPG.zip, Rbot.csm. Read more

www.vitalsecurity.org:
Thanks, but no thanks. Read more

ddanchev.blogspot.com:
RATs or Malware? Read more

www.darkreading.com:
Whitedust Security Site Shuttered. Read more

www.darkreading.com:
Trojan on Monster.com Steals Personal Data. Read more

www.eweek.com:
Skype Holed by Patch Tuesday. Read more

www.computerworld.com:
Does Skype's Windows update story fly? Read more

www.geekzone.co.nz:
Skype Outage - Mountain, Meet Molehill. Read more

blogs.technet.com:
Questions about last Tuesday’s Release and Skype. Read more

www.beskerming.com:
The Difficulty of Validating Systems and Users. Read more

ha.ckers.org:
ha.ckers.org Challenge Logic Flaw. Read more

www.cl.cam.ac.uk:
Information Security Economics – and Beyond. Read more

www.365questions.org:
Windows errors : a best of? Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Yahoo Messenger Heap Overflow in Processing Webcam Streams Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
EMC Legato NetWorker 'subcmd' Stack Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
ZoneAlarm IOCTL Validation Flaw Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
ZoneAlarm Default File Permissions Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Mercury Mail Transport System AUTH CRAM-MD5 Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.securityfocus.com:
Skype: Outage prompted by Microsoft Update. Read more

www.theregister.co.uk:
Monster Trojan monsters job seekers' records. Read more

www.theregister.co.uk:
Storm worm authors switch tactics. Read more

www.pcadvisor.co.uk:
Exploit found for Patch Tueday fix. Read more

www.esecurityplanet.com:
Anti-Forensic Methods Used by Jihadist Web Sites. Read more

www.theglobeandmail.com:
Terror goes digital. With Canadian help. Read more

www.vnunet.com:
Italian police fry Phish & Chip gang. Read more

shanghaiist.com:
Vicious new Chinese computer virus found. Read more

news.com.com:
Joybubbles, 58, Peter Pan of phone hackers, dies. Read more

20 August 2007

Guides, Papers, etc
blogs.securiteam.com:
Windows’s VML implementation - is it so difficult to patch? Read more

www.f-secure.com:
International Hacking Competition 2007 at UiTM, Malaysia (iHack 2007). Read more

www.symantec.com:
Yo Momma! Read more

blogs.ittoolbox.com:
Don't Click On These B00bies. Read more

www.cisrt.org:
Zhelatin new tactics. Read more

www.zdnet.com.au:
Storm worm botnet threatens national security? Read more

lifehacker.com:
Get around browser-specific blocks. Read more

www.avertlabs.com:
Nuwar turns “sexy”. Read more

www.computerworld.com:
On the Mark: Bot Wolves Defend Flocks. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Adonis Command Line Interface Lets Local Administrative Users Gain Root Privileges. Read more

securitytracker.com:
Solaris RBAC Bugs May Let Certain Remote Users Access the System. Read more

taosecurity.blogspot.com:
Breach Pain. Read more

 

Tools:
adblockplus.org:
Adblock Plus: Save your time and traffic. Read more

 

News
www.vnunet.com:
US identity fraudster jailed for seven years. Read more

www.wired.com:
Coupon Hacker Faces DMCA Lawsuit. Read more

17 August 2007

Guides, Papers, etc
www.f-secure.com:
Run, run! Skype is falling...Read more

isc.sans.org:
Friday Infosec Grab Bag. Read more

isc.sans.org:
Yo, Skype! What's the Deal? Read more

www.avertlabs.com:
The Mobile Malware Kitchen Is Open for Business. Read more

sunbeltblog.blogspot.com:
Zingozango. Read more

sunbeltblog.blogspot.com:
This makes it all worth it... Read more

blog.spywareguide.com:
Trading Security For Advert Clicks. Read more

ha.ckers.org:
XSS Hole In Google Apps Is “Expected Behavior”. Read more

ddanchev.blogspot.com:
Analyses of Cyber Jihadist Forums and Blogs. Read more

www.darkreading.com:
Skype: We're Not Hacked. Read more

www.darkreading.com:
Sourcefire Buys Open-Source Antivirus Project. Read more

www.darkreading.com:
Researchers: Bugs Can Turn Security Tools Against Their Users. Read more

www.darkreading.com:
Virtualization's Hidden Risks. Read more

www.pauldotcom.com:
Escaping From The Virtualization Cave. Read more

www.foolmoon.net:
VMWare Escape Publicized at SANSfire 2007. Read more

taviso.decsystem.org:
An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments. Read more

www.darkreading.com:
A Cautionary Tale. Read more

www.infoworld.com:
Google Gadgets can be misused by phishers. Read more

www.technewsworld.com:
The Woes of WiFi, Part 2: Digital Defense. Read more

 

News
www.itnews.com.au:
Storm botnet puts up defenses and starts attacking back. Read more

www.itnews.com.au:
Highly critical flaw found in Microsoft Excel. Read more

www.securityfocus.com:
Sourcefire acquires ClamAV. Read more

www.theregister.co.uk:
Some Skypers get reconnected, but most still offline. Read more

www.vnunet.com:
Skype denies DoS attack on VoIP service. Read more

www.internetnews.com:
Google Opens Click-Fraud Resource Center. Read more

news.com.com:
CIA, FBI computers used for Wikipedia edits. Read more

news.independent.co.uk:
Wikipedia and the art of censorship. Read more

www.kommersant.com:
$1-Billion Govt. Internet Program Launched. Read more

www.betanews.com:
Dell Admits Fraud in Financial Reporting, Will Restate Earnings Since 2003. Read more

www.computerworld.com.au:
New Trojan shows return of script kiddies. Read more

valleywag.com:
Fark founder accuses Fox newsman of hacking. Read more

16 August 2007

Guides, Papers, etc
www.computerworlduk.com:
Why virtual honeypots are sweet. Read more

www.eweek.com:
Is It Time, Finally, for DNSSEC? Read more

www.avertlabs.com:
It’s a Hoax…Or Is It? Read more

www.infoworld.com:
Old apps, new vulnerabilities. Read more

www.cisrt.org:
British Airways spams. Read more

blog.gnist.org:
Holliday cracking. Read more

www.lightbluetouchpaper.org:
Phishing and the gaining of “clue”. Read more

www.geekzone.co.nz:
Operating System security is as good as the admins. Read more

www.infectionvectors.com:
Retest: Cutting Malware Losses. Read more

ddanchev.blogspot.com:
534 Biographies of Jihadist Fighters. Read more

ddanchev.blogspot.com:
PayPal's Security Key. Read more

www.darkreading.com:
Phish Buyer Gets Hooked. Read more

www.darkreading.com:
The New Crash-Test Dummy. Read more

www.vheadline.com:
NOT HACKERS! Explanation for what happened to venezuelanalysis' site! Read more

pi1.informatik.uni-mannheim.de:
Towards Reliable Rootkit Detection in Live Response. Read more

www.podtrac.com:
Audio: Security Now 105: Leak Test. Listen

news.zdnet.co.uk:
Video: Reinvestigating Vista's forced reboots. Watch

www.codejacked.com:
Restarting Windows Without Restarting Your PC (Vista or XP). Read more

 

Vulnerabilities & Exploits
seclists.org:
Skype Network Remote DoS Exploit. Read more

securitytracker.com:
IBM DB2 Multiple Bugs Let Local Users Gain Root Privileges. Read more

securitytracker.com:
KDE Konqueror Flaw Lets Remote Users Spoof the Address Bar. Read more

securitytracker.com:
Symantec Enterprise Firewall Discloses Username Validity to Remote Users. Read more

securitytracker.com:
Java Runtime Environment Font Parsing Bug Lets Remote Applets Gain Elevated Privileges. Read more

securitytracker.com:
Safari for Windows Lets Remote Users Upload Arbitrary File. Read more

securitytracker.com:
ArcSDE Buffer Overflow in giomgr Process Lets Remote Users Deny Service. Read more

 

News
www.theregister.co.uk:
Yahoo! Messenger! users! face! attack! by! video! Read more

www.techworld.com:
The Internet floods with bogus e-cards. Read more

www.scmagazine.com:
46,000 job hunters victimized by malicious recruitment ads. Read more

www.computerworlduk.com:
'Clpwn' hackers hunt for notoriety, not cash. Read more

www.computerworld.com:
Microsoft denies PatchGuard update connected to kernel hacks. Read more

english.pravda.ru:
Russian hacker uses Forbes 400 list to find targets for identity theft. Read more

business.guardian.co.uk:
Hacked hacks to sue HP. Read more

15 August 2007

Guides, Papers, etc
isc.sans.org:
Disaster Recovery and Severe Weather. Read more

sunbeltblog.blogspot.com:
New ransomware. Read more

sunbeltblog.blogspot.com:
Possible decryptor available for Trojan Ransom.AT. Read more

sunbeltblog.blogspot.com:
Do admins like Vista? Read more

isc.sans.org:
Making it easy for bad guys with money to do what it used to take a geek with brains to do. Read more

ddanchev.blogspot.com:
The Shark 2 DIY Malware. Read more

www.cisrt.org:
British Airways spams. Read more

isc.sans.org:
Malware hosted on 3322.org AGAIN! Read more

www.darkreading.com:
Medical IT Contractor Folds After Breaches. Read more

www.darkreading.com:
Back to School: Backpacks, Books & Bots. Read more

www.technewsworld.com:
Open Source Security, Part 1: Securing Credibility. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Cisco VPN Client Dialup Networking and cvpnd.exe Bugs Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Opera JavaScript Pointer Dereference Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Motive Service Activation Manager Buffer Overflow in 'ActiveUtils.dll' ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
AIX Buffer Overflow in at Command Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Rational ClearQuest Input Validation Flaw Lets Remote Users Inject SQL Commands to Bypass Authentication. Read more

 

News
www.securityfocus.com:
Universities warned of Storm Worm attacks. Read more

www.securityfocus.com:
Ubuntu recovers from server intrusion. Read more

www.techworld.com:
Browser holes worse than thought. Read more

www.theregister.co.uk:
Skype hangs up on users. Read more

www.theregister.co.uk:
ISP panicked by MS Patch Tuesday. Read more

www.theregister.co.uk:
Webmail-creating Trojan targets Gmail. Read more

www.theregister.com:
Shark 2 dumbs down Trojan creation. Read more

www.vnunet.com:
Yahoo Messenger web chat flaw emerges. Read more

www.itbusiness.ca:
New Trojan deadliest in history. Read more

www.techworld.com:
Microsoft responds to kernel hacks. Read more

news.zdnet.co.uk:
Adobe: No threat from PDF spam. Read more

www.vnunet.com:
US curriculum to include online safety. Read more

14 August 2007

Guides, Papers, etc
www.eweek.com:
Estonian Cyber-War Highlights Civilian Vulnerabilities. Read more

www.honeynet.org:
Know Your Enemy: Malicious Web Servers. Read more

www.microsoft.com:
Survey: Nearly One in Five Online U.S. Adults Have Fallen Victim to At Least One Internet Scam. Read more

isc.sans.org:
strong -two factor- authentication and still vulnerable ? Read more

isc.sans.org:
August 'Black Tuesday' overview. Read more

www.f-secure.com:
Zhelatin gang changing tactics. Read more

www.cisrt.org:
msdataaccess.exe, Zhelatin new names. Read more

blogs.pandasoftware.com:
Easy money: affiliate programs. Read more

taosecurity.blogspot.com:
Scanning with Flash. Read more

www.vitalsecurity.org:
The curious case of the Zango Trademark spat. Read more

www.avertlabs.com:
More on the Yahoo! Messenger Webcam 0day….Read more

www.sophos.com:
Latest Microsoft security holes underline need for Network Access Control, says Sophos. Read more

sunbeltblog.blogspot.com:
Sunbelt Weekly TechTips #57. Read more

sunbeltblog.blogspot.com:
Flash vulnerability reveals open ports. Read more

sunbeltblog.blogspot.com:
Online File Storage: the Good, the Bad and the Ugly. Read more

www.technewsworld.com:
Webroot CTO Gerhard Eschelbeck: The New Malware Generation. Read more

www.technewsworld.com:
Zero-Day Browser Exploits, Part 1: Is Open Source Safer Than IE? Read more

www.technewsworld.com:
Loose-Lipped Facebookers Tell All to ID Thieves. Read more

www.matasano.com:
Don’t Tell Joanna The Virtualized Rootkit Is Dead. Read more

www.darkreading.com:
Report: Web 'Mean Streets' Pervasive. Read more

www.darkreading.com:
A Visit to the Drive Doctor. Read more

www.darkreading.com:
The Ultimate Insider. Read more

www.siliconvalleysleuth.com:
Is Infoworld after my privacy? Read more

www.cio.in:
How You Can Fight Cyber-crime. Read more

arstechnica.com:
Phishing for clicks in social cliques: shockingly easy. Read more

www.indiana.edu:
Social Phishing. Read more.

www.computerworld.com.au:
Oh, don't tell me: 10 claims that scare security pros. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Microsoft Vector Markup Language Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Virtual PC/Server Heap Overflow Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Windows Bugs in the Contacts, Feed Headlines, and Weather Gadgets Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Windows Media Player Skin File Header Processing Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft GDI Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Internet Explorer CSS and ActiveX Control Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Excel Workspace Index Validation Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft OLE Automation Memory Corruption Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Core XML Services Memory Corruption Error Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Tomcat Host Manager Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Tomcat Backslash Quote Cookie Processing Bug Lets Remote Users Obtain Session Information. Read more

securitytracker.com:
Tomcat Single Quote Cookie Processing Bug Lets Remote Users Obtain Session Information. Read more

securitytracker.com:
Stinger Lets Remote Users Bypass Validation Filters with Multipart Encoded Requests. Read more

securitytracker.com:
cgis.biz WebCart Input Validation Hole in Management Interface Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Streamripper Buffer Overflows in httplib_parse_sc_header() Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Symantec Altiris Deployment Solution Log File Viewer Lets Local Users Gain System Privileges. Read more

 

News
www.securityfocus.com:
Microsoft patches flaws in VML, XML. Read more

www.computerworld.com:
Microsoft reacts to kernel hacks, updates Vista's defenses. Read more

www.securityfocus.com:
TJX estimates breach costs at $118 million. Read more

www.securityfocus.com:
German sites close, as anti-hacking law arrives. Read more

www.theregister.co.uk:
Malware miscreants target parked domains. Read more

13 August 2007

Guides, Papers, etc
www.wired.com:
See Who's Editing Wikipedia - Diebold, the CIA, a Campaign. Read more

ha.ckers.org:
Content Restrictions - A Call For Input. Read more

ddanchev.blogspot.com:
Pharming Attacks Through DNS Cache Poisoning. Read more

ddanchev.blogspot.com:
DIY Phishing Kits. Read more

www.avertlabs.com:
Zero-day attacks on the iPhone via outdated applications. Read more

www.symantec.com:
s That a Hole in Your Kernel or Are You Just Pleased to See Me? Read more

blog.wired.com:
The Click Fraud Network. Read more

www.eweek.com:
Hotfixes By E-Mail. Read more

blogs.securiteam.com:
Month of PHP Bugs exploits are gone - or are they? Read more

www.darkreading.com:
Browsing the Intranet Problem. Read more

metasploit.com:
Tactical Exploitation OR ”The Other Way to Pen-Test” OR ”Random Pwning Fun Bag”. Read more

www.viruslist.com:
Malware Evolution: April - June 2007. Read more

blog.spywareguide.com:
I Love Random Chinese Applications. Read more

www.grc.com:
ARP Cache Poisoning.
How one bad machine on your Ethernet Local Area Network (LAN) can ruin your whole day. Read more

ha.ckers.org:
Stanford’s DNS Rebinding Paper. Read more

blogs.cnet.com:
Every Windows XP user should drop their rights. Read more

blogs.cnet.com:
DropMyRights Part 2 - Installing and Configuring. Read more

podcasts.sophos.com:
Audio: Sophos podcast explores identity theft on Facebook. Listen

 

Vulnerabilities & Exploits
www.0x000000.com:
Firefox Remote Variable Leakage. Read more

securitytracker.com:
Microsoft DirectX Buffer Overflow in FlashPix ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

 

Tools:
www.honeynet.org.pt:
HoneyMole 2.0 RC6. Secure Ethernet Bridge over TCP/IP. Read more

 

News
www.theregister.co.uk:
Firefox leak could divulge sensitive info. Read more

www.theregister.co.uk:
Germany enacts 'anti-hacker' law. Read more

www.zdnet.com.au:
German anti-hacking law: hijacking security? Read more

www.wfaa.com:
All eyes on Internet at conference. Read more

www.computeractive.co.uk:
Workers stressed by email overload. Read more

12 August 2007

Guides, Papers, etc
hackademix.net:
United Nations VS SQL Injections. Read more

www.readwriteweb.com:
Interview with Google's Sep Kamvar, Lead Software Engineer for Personalization. Read more

www.lightbluetouchpaper.org:
Poor advice from SiteAdvisor. Read more

blogs.securiteam.com:
6 In The Morning. Read more

blogs.securiteam.com:
Buy stuff from spam mail. Read more

www.avertlabs.com:
What a “Tangled” Web…Read more

anti-virus-rants.blogspot.com:
what is server-side polymorphism? Read more

anti-virus-rants.blogspot.com:
what is metamorphism? Read more

anti-virus-rants.blogspot.com:
what is polymorphism? Read more

anti-virus-rants.blogspot.com:
the first rule of anti-virus fight club is don't l... Read more

erratasec.blogspot.com:
SQL injection is surpisingly easy. Read more

www.vitalsecurity.org:
"Mcafee 2008": On a forum spam rampage. Read more

blogs.pandasoftware.com:
JavaScript de-obfuscation with Rhino. Read more

resources.zdnet.co.uk:
Creating a secure and reliable VoIP solution. Read more

blog.wired.com:
Looking back at Sweden's super-code-cracker. Read more

www.beyondsecurity.com:
Automatic Vulnerability Assessment in the Year 2013. Myth or Reality. Read more

www.linuxworld.com:
Q&A: Torvalds on Linux, Microsoft, software's future. Read more

 

News
www.smh.com.au:
Hackers protest US, Israeli actions on UN website. Read more

www.computerworld.com:
Editorial: ICANN's WHOIS Policy Shift Would Be Criminal Negligence. Read more

www.computerworld.com:
Security Manager's Journal: From Russia, With Concern. Read more

www.computerworld.com.au:
'Vista Capable' suit against Microsoft allowed to proceed. Read more

www.computeractive.co.uk:
Cookie monster eats into email accounts. Read more

news.com.com:
In China, a high-tech plan to track people. Read more

www.smh.com.au:
Australian farmer kidnapped by Mali gang in Internet love scam. Read more

11 August 2007

Guides, Papers, etc
www.modsecurity.org:
Secure Browsing Mode. Read more

www.computerworld.com:
FAQ: What you need to know about IPv6. Read more

www.f-secure.com:
FDF spam. Read more

www.f-secure.com:
Domains by the Plenty. Read more

isc.sans.org:
Upcoming MS Patch Tuesday (Aug). Read more

www.avertlabs.com:
Chaos Communication Camp 2007 - The Open Air Defcon. Read more

sunbeltblog.blogspot.com:
Sunbelt Weekly TechTips #56. Read more

blogs.ittoolbox.com:
Some Things I've Learned Attending BlackHat & DefCon. Read more

www.infoworld.com:
Thoughts from Black Hat. Read more

www.baselinemag.com:
Q&A: A Common-Sense Approach To Computer Security. Read more

www.darkreading.com:
Malware Goes Mainstream. Read more

www.darkreading.com:
Crypto Makes the Grade at Baylor. Read more

www.darkreading.com:
Computer Crime's Unwitting Accomplices. Read more

ha.ckers.org:
RSnake Puts Up. Read more

www.smh.com.au:
We're in the grip of a spam epidemic. Read more

www.technewsworld.com:
The Woes of WiFi, Part 1: Insecure by Default. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
IBM AIX Buffer Overflow in fileplace Command Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
IBM AIX Buffer Overflows in chpath, rmpath, and devinstall Commands Let Local Users Gain Root Privileges. Read more

 

News
www.terra.net.lb:
Internet hackers steal confidential data on 60,000 Norwegians. Read more

www.theregister.com:
Web designer-turned-hacker avoids jail. Read more

www.theregister.co.uk:
'Wild West' internet needs a sheriff. Read more

www.theregister.co.uk:
Australia declares war on net porn. Read more

www.theregister.com:
Investigator ridicules UK visa site. Read more

10 August 2007

Guides, Papers, etc
www.it-analysis.com:
Is AV product testing corrupt? Read more

www.darkreading.com:
Antivirus Tools Underperform When Tested in LinuxWorld 'Fight Club'. Read more

blogs.zdnet.com:
ATI driver flaw exposes Vista kernel to attackers. Read more

isc.sans.org:
name-services.com DoS. Read more

isc.sans.org:
Interesting new tool. Read more

ddanchev.blogspot.com:
The Storm Worm Malware Back in the Game. Read more

www.darkreading.com:
RSA Takes Tablus. Read more

www.darkreading.com:
Security's School of Hard Knocks. Read more

www.darkreading.com:
XeroBank Launches Anonymizing Tool Suite. Read more

www.darkreading.com:
ISPs Eyed in ID Theft. Read more

www.computerworld.com:
'Virtual sandboxing' provides safe security testing. Read more

blog.wired.com:
A look inside a Russian hackers' dojo. Read more

blog.wired.com:
Exclusive: DARPA's New Tools for Net Defenders, Cyber-Snoops. Read more

blogs.securiteam.com:
Privacy, The Illusion Of. Read more

www.dailytech.com:
Privacy Report Details Search Engine’s Policies. Read more

www.securityfocus.com:
Study: Online scene boosts creativity, not danger. Read more

www.extremetech.com:
Three Minutes with the Kid Who Hacked NASA. Read more

www.podtrac.com:
Audio: Security Now 104: Steve’s Questions, Your Answers. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
HP OpenView Stack Overflows in Shared Trace Service Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Norton Anti-Virus Input Validation Flaw in NAVCOMUI.DLL ActiveX Controls Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Norton System Works Input Validation Flaw in NAVCOMUI.DLL ActiveX Controls Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Norton Internet Security Input Validation Flaw in NAVCOMUI.DLL ActiveX Controls Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
OpenOffice.org Office Suite Handling of Multiple File Extensions Lets Remote Users Deny Service. Read more

securitytracker.com:
Astaro Security Gateway Lets Remote Users Deny Service and Potentially Bypass Security Scanning. Read more

securitytracker.com:
Cisco IOS May Disclose Potentially Sensitive Information in IPv6 Routing Headers. Read more

securitytracker.com:
Linux Kernel libcapi Buffer Overflow Lets Local Users Deny Service and May Let Local Users Gain Elevated Privileges. Read more

 

Tools:
xerobank.com:
xB Machine is the secure virtual workstation that provides a safe computing environment for personal, professional, and corporate use. Read more

 

News
www.theregister.co.uk:
Microsoft plans six critical patches. Read more

www.theregister.co.uk:
Symantec security products less than secure. Read more

www.channelregister.co.uk:
American sent to the slammer for faking Windows certificates. Read more

www.theregister.co.uk:
Malware license agreement tells it straight. Read more

BitDefender warns of Trojan using Hotmail and Gmail accounts. Read more

www.dailytech.com:
Adult Entertainment Website Sues Microsoft over Search Results. Read more

www.vnunet.com:
ISPs suspected of massive identity theft in Korea. Read more

www.australianit.news.com.au:
Coonan backflip on ISP filters. Read more

09 August 2007

Guides, Papers, etc
blogs.securiteam.com:
Mozilla’s JavaScript fuzzer - Opera’s best friend. Read more

blogs.securiteam.com:
ZZZ of the month. Read more

www.viruslist.com:
Malware Evolution: April - June 2007. Read more

isc.sans.org:
Cisco is back, so you can go read up on their new advisories (<--- See! English). Read more

ddanchev.blogspot.com:
A Cyber Jihadist DoS Tool. Read more

ddanchev.blogspot.com:
A Commercial Click Fraud Tool. Read more

blogs.ittoolbox.com:
WebAttacker2 Read more

www.cisrt.org:
AmericanGreetings eCard spams, QuickTime vulnerability. Read more

www.darkreading.com:
New Bank Practices Make Hacking Easier. Read more

www.darkreading.com:
Exploits in the Fast Lane. Read more

www.darkreading.com:
The ROI of Attack. Read more

ha.ckers.org:
Blackhat Pics and Roundup. Read more

www.networkworld.com:
Storm Worm's virulence may change tactics. Read more

hackademix.net:
Pure Java™, Pure Evil™ Popups. Read more

www.eweek.com:
The Return of the IPv4 Shortage. Read more

www.theregister.co.uk:
Websites could be required to retain visitor info. Read more

apcmag.com:
Too much security can be overbearing: Microsoft. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Cisco Unified Communications Manager SIP Processing Flaw Lets Remote Users Deny Service or Execute Arbitrary Code. Read more

securitytracker.com:
Cisco Unified MeetingPlace Input Validation Hole in STPL and FTPL Parameters Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Asterisk chan_skinny Driver Lets Remote Authenticated Users Deny Service. Read more

securitytracker.com:
Cisco IOS Next Hop Resolution Protocol (NHRP) Bug Lets Remote Users Deny Service or Execute Arbitrary Code. Read more

securitytracker.com:
Cisco IOS Secure Copy (SCP) Lets All Remote Authenticated Users Transfer Files. Read more

securitytracker.com:
Cisco IOS Bugs in Voice Services Let Remote Users Deny Service or Potentially Execute Arbitrary Code. Read more

securitytracker.com:
LibGTop Buffer Overflow in glibtop_get_proc_map_s() May Let Local Users Execute Arbitrary Code. Read more

securitytracker.com:
HP-UX Buffer Overflow in ldconn Lets Remote Users Gain Root Privileges. Read more

securitytracker.com:
GNOME Display Manager g_strsplit() Bug Lets Local Users Deny Service. Read more

securitytracker.com:
AIX rmpvc Buffer Overflow Lets Local Users Deny Service. Read more

 

News
blog.washingtonpost.com:
Attacks Prompt Update for 'Tor' Anonymity Network. Read more

www.securityfocus.com:
Image spam continues to decline. Read more

www.sophos.com:
Man loses $1.5 million in Nigerian email scam - six people arrested. Read more

www.pcpro.co.uk:
Virus authors suffering from writer's block. Read more

www.techworld.com:
Google deletes its own blog after spam snafu. Read more

www.theregister.co.uk:
PC buyers: 'Vista Capable' machines weren't Vista capable. Read more

www.theregister.co.uk:
419-lite scammers target pet lovers. Read more

www.technewsworld.com:
Sophos Smells Super-Sized Spam Stock Scam. Read more

www.computerworld.com:
Mozilla pushes security in Firefox 3.0. Read more

pressesc.com:
Privacy winning search engine war. Read more

08 August 2007

Guides, Papers, etc
blogs.technet.com:
The Case of the Failed File Compression. Read more

blog.washingtonpost.com:
Internet Explorer and Your Web Site's Privacy. Read more

www.smh.com.au:
Behind the mask.
Well-organised and hierarchical criminal syndicates have realised that there is substantial money to be made by perpetrating a variety of e-commerce-targeted criminal activity. Read more

isc.sans.org:
The physical layer. Read more

www.avertlabs.com:
New wave of nuwars storming in. Read more

sunbeltblog.blogspot.com:
How Reliable Should Your Internet Connection Be? Read more

www.sophos.com:
Spam rockets as pump-and-dumpers manipulate share prices. Read more

news.com.com:
FAQ: How far does the new wiretap law go? Read more

www.darkreading.com:
Assume Your Laptop Will Be Stolen. Read more

www.darkreading.com:
Study Finds Spammers' Weak Spot. Read more

www.securityfocus.com:
Delete This! Read more

www.computerworld.com:
VPNs still show basic flaws, says study. Read more

www.forbes.com:
Hacking Capitalism. Read more

searchsecuritychannel.techtarget.com:
How to test Snort. Read more

www.forbes.com:
Middle America, Meet The Hackers. Read more

www.technewsworld.com:
Sharing Insecurities at Black Hat. Read more

events.ccc.de:
The Chaos Communication Camp is an international, five-day open-air event for hackers. Read more

 

News
www.theregister.co.uk:
Fake e-cards signal massive DDoS attack. Read more

news.zdnet.co.uk:
White hats expose VoIP security threat. Read more

www.infoworld.com:
Researchers: Take anti-spam fight to the Web. Read more

www.theregister.co.uk:
Free download empowers black hat hackers. Read more

new.wset.co:
eBay Scam Nets Woman Prison Time. Read more

07 August 2007

Guides, Papers, etc
crypto.stanford.edu.nyud.net:
Protecting Browsers from DNS Rebinding Attacks. Read more

www.sciencedaily.com:
Computer Scientists Shed Light On Internet Scams. Read more

www.technewsworld.com:
Sharing Insecurities at Black Hat. Read more

isc.sans.org:
European wake-up call. Read more

www.avertlabs.com:
New wave of nuwars storming in. Read more

www.darkreading.com:
Malware: Serious Business. Read more

www.darkreading.com:
DefCon Recap. Read more

www.securityfocus.com:
Retro attack gets new life, worries browser makers. Read more

www.eweek.com:
2 Screws, 1 Plastic Cover, How Many Airports Infiltrated? Read more

 

Vulnerabilities & Exploits
securitytracker.com:
VMware 'vielib.dll' ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
BlueCat Networks Proteus Input Validation Flaw Lets Remote Authenticated Administrators Gain Root Access on Adonis Devices. Read more

securitytracker.com:
Microsoft Visual Database Tools Buffer Overflow in ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Sun Java System Portal Server May Execute Arbitrary Code in XML Signatures. Read more

securitytracker.com:
TIBCO Rendezvous Bugs Disclose Potentially Sensitive Information and Let Remote Users Deny Service. Read more

securitytracker.com:
Tor ControlPort Authentication Bug Lets Remote Users Modify the 'torrc' Configuration File. Read more

 

News
www.chinatechnews.com:
CNNIC Exposes Illegal Domain Name Registrars. Read more

www.theregister.co.uk:
Yahoo! denies! China! claims! Read more

www.dawn.com:
Hackers sought as allies to fight terrorism, cyber crime. Read more

voipforsmb.tmcnet.com:
Viruses, Spyware, Phishing Cost U.S. Consumers $7 Billion Over Two Years. Read more

www.vnunet.com:
Spam levels creep up again. Read more

www.msnbc.msn.com:
Computer security problems found at IRS. Read more

www.smh.com.au:
MySpace evicts hacker after revelation. Read more

www.sheboygan-press.com:
Sheboygan man charged with selling employer’s domain name for $200K. Read more

06 August 2007

Guides, Papers, etc
isc.sans.org:
Debuggers and Analyzing Malicious Software. Read more

isc.sans.org:
Arguments.callee.toString() demystified. Read more

isc.sans.org:
Updated Version of iTunes with Quicktime. Read more

www.symantec.com:
Brazilian MSN Worm Looks Familiar Read more

www.theregister.co.uk:
Hacking for hijinks. Read more

blogs.securiteam.com:
Intel’s vPro ad is here, safe at last. Read more

www.eweek.com:
ICANN Takes a Lick at Domain Tasting. Read more

www.eweek.com:
Ingrian 60-Day PCI Service a Frightening Sign. Read more

www.marvquin.com:
Top Five (5) Best Criminal Computer Hackers of All Time. Read more

www.flickr.com:
Kevin Mitnick's Business Card. Read more

www.youtube.com:
Video: NBC Dateline Reporter flees Defcon 15. Watch

 

News
www.securityfocus.com:
Teaching hacking helps students, professors say. Read more

www.securityfocus.com:
Limited zero-day disclosure gets thumbs up. Read more

techdirt.com:
Even More Trouble For E-Voting Firms: Source Code Review Finds All Sorts Of Scary Vulnerabilities. Read more

www.crypto.com:
California voting systems code review now released. Read more

www.physorg.com:
Hackers sought as allies in war on terrorism and cyber crime. Read more

www.msnbc.msn.com:
Researcher worries about cyber-hijackers. Read more

www.theregister.com:
The romance and mystery of a good hack. Read more

www.theregister.com:
Black market for malware a thriving place. Read more

www.smh.com.au:
Hackers could give you a bum steer. Read more

blog.wired.com:
White House High-Security Locks Broken: Bumped and Picked at DefCon. Read more

www.physorg.com:
Hackers click locks open at conference in US. Read more

www.canada.com:
E-mail virus pumping stocks. Read more

www.techworld.com:
Websense offers honey to Web 2.0 hackers. Read more

04 August 2007

Guides, Papers, etc
www.f-secure.com:
Black Hat briefs. Read more

taosecurity.blogspot.com:
Black Hat USA 2007 Round-Up Part 1. Read more

blog.wired.com:
Badge Hack at DefCon. Read more

www.darkreading.com:
Feds Turn to Black Hats. Read more

www.darkreading.com:
Bugfinders, Vendors Talk Ethics. Read more

www.darkreading.com:
The MacGyvers of Hacking. Read more

blog.assarbad.net:
Joanna Rutkowska gets serious ;) Read more

isc.sans.org:
Vonage account hacking? Read more

isc.sans.org:
FTC wants your comments on SSN usage of SSN by the private sector. Read more

isc.sans.org:
Targeted at Executives - More Better Business Bureau phish malware. Read more

isc.sans.org:
New Tool - BotHunter. Read more

www.avertlabs.com:
Money for Nothing, Sex for Free!! Read more

sunbeltblog.blogspot.com:
Seen in the wild: Bizarre scam site. Read more

ddanchev.blogspot.com:
Delicious Information Warfare, Friday, 3rd. Read more

ddanchev.blogspot.com:
GIMF Now Permanently Shut Down. Read more

www.computerworld.com:
Q&A: Symantec CEO John Thompson on poor customer service, storage standards. Read more

www.infoworld.com:
File encryption dos and don'ts. Read more

www.technewsworld.com:
Understanding and Combating Rock Phishing. Read more

ha.ckers.org:
Mozilla Says “Ten Fucking Days”. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
BlueCat Networks Adonis Linux-HA Heartbeat Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
Sun Java System Web Server Redirect URL Encoding Bug Lets Remote Users Conduct HTTP Response Splitting Attacks. Read more

 

Tools:
www.bluepillproject.org:
New Blue Pill Source. Download

hihat.sourceforge.net:
HIHAT (High Interaction Honeypot Analysis Toolkit) - Update. Read more

 

News
www.theregister.co.uk:
NBC muckraker outed at Defcon. Read more

www.theage.com.au:
Hackers bite into "cookies" to plunder user data from websites. Read more

www.techworld.com:
Huge Russian malware attack imminent. Read more

www.cbc.ca:
Researcher uncovers security flaws in media players. Read more

news.com.com:
Bug hunting start-up: Pay up, or feel the pain. Read more

www.msnbc.msn.com:
U.S. to probe Yahoo in Chinese reporter arrest. Read more

www.dailytech.com:
IRS Employees Fall Victim to Social Engineering, Again. Read more

www.usatoday.com:
Storm e-mail worm evolves as it wreaks havoc on Net. Read more

www.theregister.co.uk:
False positives run amok in Vista anti-virus tests. Read more

www.startribune.com:
Web's 'drug kingpin' gets 30 years. Read more

03 August 2007

Guides, Papers, etc
www.internetnews.com:
Windows Vista Gets Another Dose of The 'Blue Pill'. Read more

sunbeltblog.blogspot.com:
Hacked .gov sites. Read more

www.eweek.com:
Another Attack on Code Signing. Read more

blogs.msdn.com:
x64 Driver Signing Update. Read more

www.cio.com:
Web Browser Attack Skirts Corporate Firewalls. Read more

resources.zdnet.co.uk:
Be alert to booby-trapped web pages. Read more

www.sophos.com:
Nude Nicole Kidman, Angelina Jolie, Natalie Portman? Sophos warns of email assault. Read more

blogs.securiteam.com:
Bluetooth 2.1+EDR - officially here. Read more

www.darkreading.com:
Analytics: Reaching Outside Security. Read more

www.darkreading.com:
'Sidejacking' Tool Unleashed. Read more

www.darkreading.com:
Worldwide Malware Study Set for Launch. Read more

www.darkreading.com:
Blue Pill Gets a Refill. Read more

www.computerworld.com:
An antidote for the Blue Pill? Read more

blogs.securiteam.com:
BlackHat 2007: Day One Recap Wednesday Aug 01 2007. Read more

blogs.ittoolbox.com:
BlackHat 2007: Day Two SEMI-LIVEBLOG Thursday Aug 02 2007. Read more

www.cyber-ta.org:
BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation. Read more

netsec.cs.uoregon.edu:
Camouflaging Honeynets. Read more

aolradio.podcast.aol.com:
Audio: Security Now 103: Paypal Security Key. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
Tomcat Input Validation Hole in CookieExample Script Permits Cross-Site Scripting Attacks. Read more

 

Tools:
www.cyber-ta.org:
BotHunterTM - Free Internet Release (now available!)Read more

 

News
www.securityfocus.com:
Session hijacking now point and click. Read more

news.zdnet.co.uk:
Microsoft blocks Vista driver 'hack' tool. Read more

www.theregister.co.uk:
Watching the watchers: high tech snooping. Read more

www.securityfocus.com:
Hybrid worms can crawl betwixt servers, clients. Read more

www.internetnews.com:
Internet's Future Debated. Read more

www.theregister.co.uk:
Spammer gets 30 years in the slammer. Read more

www.techworld.com:
Hackers hunt invisible rootkits. Read more

www.computerworlduk.com:
Hackers crack VOIP phones. Read more

www.smh.com.au:
Hacker heaven in MySpace, YouTube. Read more

www.cdrinfo.com:
Online Sharing Videos Could Attract Hackers. Read more

www.vnunet.com:
Trend Micro fails anti-malware test. Read more

www.informationweek.com:
Number Of Hackers Attacking Banks Jumps 81%. Read more

www.theregister.co.uk:
Man cuffed over 'cycling cheat' email hack. Read more

www.theregister.co.uk:
Worm threat forces Apple to disable software? Read more

www.zdnet.com.au:
ISPs to blame for new worm affecting MSN users. Read more

www.theregister.co.uk:
Use of web archive was not hacking, says US court. Read more

02 August 2007

Guides, Papers, etc
www.theregister.co.uk:
A Defcon survival guide. Read more

isc.sans.org:
Raising the bar: dynamic JavaScript obfuscation. Read more

isc.sans.org:
Advice on Violating Corporate IT Policies from the Wall Street Journal. Read more

www.avertlabs.com:
300,000 malicious items approaching fast. Read more

blogs.techrepublic.com.com:
Windows rootkits 101. Read more

www.darkreading.com:
New Threat: Network Eavesdropping. Read more

www.darkreading.com:
Tool Roots Out Virtualized Rootkits. Read more

www.darkreading.com:
eEye to Add Web Security. Read more

www.darkreading.com:
Black Hat's Ornery Firewall. Read more

www.computerworld.com:
Mozilla to give away own security testing tools. Read more

www.theregister.co.uk:
Making open-source browsing safe for the masses. Read more

www.smh.com.au:
Gathering celebrates the dark art of hacking. Read more

blogs.zdnet.com:
Problems arise with Vista’s activation system. Read more

www.guardian.co.uk:
How do you build a new internet? Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Safari Buffer Overflow in Processing Bookmarks Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mac OS X WebCore Bugs Permit Cross-Domain Scripting Attacks and Java Settings Bypass. Read more

securitytracker.com:
Apple iChat UPnP IGD Protocol Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mac OS X CoreAudio Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mac OS X CFNetwork Bugs Let Remote Users Execute Arbitrary FTP Commands and Conduct HTTP Response Splitting Attacks. Read more

securitytracker.com:
Mac OS X Heap Overflow in PCRE Library Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.computerworlduk.com:
Anti-virus 'failure' leaves 500,000 MPack crimeware victims. Read more

news.zdnet.co.uk:
Email users warned of PDF risk. Read more

www.informationweek.com:
Richard Clarke: Computers Are Best Friend Of Progress, And Security Its Worst Enemy. Read more

blog.wired.com:Read more

01 August 2007

Guides, Papers, etc
sunbeltblog.blogspot.com:
Ben Edelman drops a bomb. Read more

isc.sans.org:
Remote Password Guessing - Concerns, Observations, Recommendations. Read more

isc.sans.org:
More EMail Spam. Read more

ddanchev.blogspot.com:
Average Online Time for Phishing Sites. Read more

ddanchev.blogspot.com:
Feeding Packed Malware Binaries. Read more

sunbeltblog.blogspot.com:
Does your Computer Drive you Crazy? Read more

www.rustylime.com:
How We Beat Comment Spam. Read more

mybeni.rootzilla.de:
This is the first Weblog XSS Worm. Read more

mybeni.rootzilla.de:
Wordpress ZeroDay Vulnerability Roundhouse Kick and why I nearly wrote the first Blog Worm (updated). Read more

www.kaspersky.com:
Virus Top 20 for July 2007. Read more

www.sophos.com:
Drive-by downloads remain cybercriminals' favorite web threats. Read more

www.darkreading.com:
Google Desktop: Too Risky? Read more

www.darkreading.com:
LSI Looks Ahead. Read more

www.darkreading.com:
File Formats: A Moving Target. Read more

www.darkreading.com:
Tool Stops XSS, SQL Injection Attacks. Read more

ha.ckers.org:
Netscape - The Future Of Security Flaws. Read more

www.wired.com:
Scan This Guy's E-Passport and Watch Your System Crash. Read more

www.computerworld.com:
Businesses having second thoughts about Vista. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Qt Error Message Format String Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Solaris dtrace Lets Local Users Deny Service. Read more

securitytracker.com:
HP-UX ARPA Transport Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
Mozilla Thunderbird 'about:blank' Privilege Escalation Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mozilla Seamonkey 'about:blank' Privilege Escalation Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mozilla Firefox 'about:blank' Privilege Escalation Bug Lets Remote Users Execute Arbitrary Code. Read more

 

Tools:
www.damnsmalllinux.org:
DSL is a very versatile 50MB mini desktop oriented Linux distribution. Read more

www.the-udc.com:
UDC is a program designed for auditing of the authorization systems, which also provides methods for secure passwords storing. Read more

 

News
www.securityfocus.com:
Mozilla patches URL handling issue. Read more

www.theregister.co.uk:
Worm eats music on infected PCs. Read more

www.securityfocus.com:
Apple's iPhone gets first patch. Read more

www.theregister.co.uk:
Linkedin spurns bug bounty hunter. Read more

www.informationweek.com:
MPack Banking Crimeware Infects 500,000 Computers. Read more

www.vnunet.com:
Zango accused of violating FTC settlement. Read more

www.informationweek.com:
Zango Denies Claim That It's Flouting FTC Agreement. Read more

www.informationweek.com:
Zero-Day Attacks Pose Most Critical Security Concern. Read more

www.itnews.com.au:
Court ruling supports claims that Microsoft's first OS was stolen. Read more


Copyright© MegaSecurity.org