Home    News Archive    Translate Traducen
News September 2006
30 September 2006

Guides, Papers, etc
isotf.org:
ZERT Releases Unsupported Systems VML 0day Patch. Read more

www.f-secure.com:
Reselling stolen information. Read more

www.avertlabs.com:
Autopilot IRCBots - smart and funny. Read more

sunbeltblog.blogspot.com:
Email spyware. Read more

blogs.technet.com:
Two new and one updated advisory discussing PoC and exploits. Read more

blogs.securiteam.com:
Flaw in Vista’s ASLR. Read more

www.darkreading.com:
Deconstructing Vista. Read more

blogs.securiteam.com:
Vulnerability Disclousure Pratices in Open-Source Systems. Read more

www.securityfocus.com:
More zero-day attacks plague Microsoft users. Read more

www.scs.carleton.ca:
Optimising Malware. Read more

www.computerworld.com:
Sorry Security. Read more

www.darkreading.com:
Crossing the Line for XSS. Read more

eof-project.net:
XSS VULNERABILITIES STILL IN MANY INTERNATIONAL AND IMPORTANT SITES. Read more

www.windowsecurity.com:
WiFi security or lack thereof (Part 2). Read more

www.zdnetasia.com:
Do former black hats make good hires? Read more

www.windowsitpro.com:
WinInfo Short Takes. Read more

www.2-spyware.com:
Is it always spyware that slows your computer down? Read more

www.cigital.com:
Audio: Show 006 - An Interview with Michael Howard, the Senior Security Program Manager of Microsoft. Listen

www.podtrac.com:
Audio: Security Now! 59: Parallels - sponsored by Astaro Corp. Listen

today.reuters.co.uk:
In Amsterdam, Internet freedom reigns. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
OpenSSL ASN.1 Bugs, SSL_get_shared_ciphers() Buffer Overflow, and SSLv2 Client Error Lets Remote Users Denial of Service or Execute Arbitrary Code. Read more

 

News
www.infoworld.com:
Microsoft still scrambling to patch July bugs. Read more

news.zdnet.co.uk:
Microsoft besieged by zero-day attacks. Read more

www.theregister.co.uk:
HP 'routinely' uses email tracking. Read more

www.techworld.com:
Security professionals at risk from hacking laws. Read more

www.theregister.co.uk:
Warcraft gamers locked out after Trojan attack. Read more

blog.washingtonpost.com:
SecureWorks Backs Out of Macbook Demo. Read more

security.ithub.com:
Apple Wi-Fi Flaw Disclosure Takes Bizarre Turn. Read more

www.computerworld.com:
VA Adds Encryption Software to 15,000 Laptops. Read more

www.vnunet.com:
Cross site attacks on rise. Read more

www.smh.com.au:
Microsoft accused of abuse of power. Read more

. 29 September 2006

Guides, Papers, etc
www.infoworld.com:
Should Microsoft be in the anti-malware business? Read more

isotf.org:
Analysis of CVE-2006-4668 and Patch Description. Read more

www.3sharp.com:
Gone Phishing: Evaluating Anti-Phishing Tools for Windows. Read more

www.mathaware.org:
Intelligent Worms: Searching for Preys. Read more

www.darkreading.com:
HD Moore Unplugged. Read more

www.lifehacker.com:
How to Search the Invisible Web. Read more

blogs.securiteam.com:
Flaw in Vista’s ASLR. Read more

blogs.securiteam.com:
Vulnerability Disclosure Practices in Open-Source Systems. Read more

blogs.securiteam.com:
Acutenix denying web site flaws. Read more

www.rsasecurity.com:
Audio: Speaking of Security Podcast #32. Listen

www.smh.com.au:
Digital rights and wrongs. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
HP Ignite-UX Server Bug Lets Remote Users Obtain Root Access. Read more

securitytracker.com:
Microsoft Internet Explorer Integer Overflow in WebViewFolderIcon ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution. Read more

securitytracker.com:
OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames. Read more

securitytracker.com:
WEB//NEWS Include File Flaw in 'parse/parser.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft PowerPoint Unspecified Memory Corruption Bug Lets Remote Users Execute Arbitrary Code. Read more

 

Tools:
toolbar.netcraft.com:
Netcraft Toolbar. Read more

 

News
www.theregister.co.uk:
Another day, another zero-day MS exploit. Read more

news.com.com:
Symantec: Microsoft won't give us key Vista tech. Read more

www.itnews.com.au:
Stration worm masquerades as security patch. Read more

www.theregister.co.uk:
HP's top lawyer leaves job, holds tongue. Read more

www.theregister.co.uk:
UK's worst spammer loses appeal. Read more

www.expresscomputeronline.com:
F-Secure has big plans for Asia. Read more

www.vnunet.com:
Trend Micro turns tables on botnets. Read more

www.eweek.com:
Exploit Code Published for Unpatched IE Vulnerability. Read more

www.itnews.com.au:
Cyber-crooks switch to 'soft target' home users. Read more

www.businessweek.com:
Do Ex-Hackers Make Good IT Security Hires? Read more

www.stuff.co.nz:
Man hacks into Reserve Bank then bills for service. Read more

www.engadget.com:
Viodentia responds to Microsoft, releases FairUse4WM 1.3. Read more

. 28 September 2006

Guides, Papers, etc
blogs.securiteam.com:
New 0-day in the Old bug. Read more

www.viruslist.com:
MSN filter bypassing - part 2. Read more

isc.sans.org:
Powerpoint, yet another new vulnerability (NEW). Read more

www.avertlabs.com:
Evolution of PWS-Bankers. Read more

www.us-cert.gov:
Securing Your Web Browser. Read more

blogs.securiteam.com:
Office Trojans are here to say. Read more

sunbeltblog.blogspot.com:
Seen in the wild: Example greeting card scam. Read more

honeyblog.org:
CWSandbox vs. MSN Worms. Read more

knowledge.wharton.upenn.edu:
Does Your Web Browsing Create a Unique 'Clickprint'? Read more

msinfluentials.com:
So, you want to BitLocker an existing computer? Read more

cquirke.blogspot.com:
Banking on Java. Read more

www.lifehacker.com:
Geek to Live: How to control your home computer from anywhere. Read more

www.podtrac.com:
Inside the Net 35: Digication. Read more

 

Vulnerabilities & Exploits
www.us-cert.gov:
Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability. Read more

securitytracker.com:
WS_FTP Buffer Overflow in XCRC, XSHA1, and XMD5 Commands Lets Remote Authenticated Users Execute Arbitrary Code. Read more

securitytracker.com:
QuickBlogger Include File Flaw in 'acc.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Solaris SSL Kernel Feature Lets Remote Users Deny Service. Read more

 

Tools:
browser.netscape.com:
Netscape Browser 8.1.2. Read more

www.darkreading.com:
Six Hot Security Products. Read more

www.newsfactor.com:
Software That Can Search Podcasts. Read more

 

News
www.nzherald.co.nz:
Man escapes conviction over unsought bank probe. Read more

www.esecurityplanet.com:
VML Exploit Subsiding, Questions Remain. Read more

www.eweek.com:
Microsoft's Out-of-Band IE Patch: A Little Too Late? Read more

www.computerworld.com:
Heartworm infects Microsoft's IM network. Read more

www.terra.net.lb:
Microsoft's Vista 'will reduce security choices': Symantec. Read more

www.darkreading.com:
IT Pros Wrestle With Ethics. Read more

www.darkreading.com:
Two Vendors Deny XSS Flaws. Read more

www.darkreading.com:
Spammers Attack IT. Read more

www.newsfactor.com:
Social Networking Sites: New Hacker Target. Read more

www.businessweek.com:
Doing Business With A Controversial Partner. Read more

www.computerworld.com:
GE: Laptop with data on 50,000 staffers stolen. Read more

. 27 September 2006

Guides, Papers, etc
blogs.securiteam.com:
The anti botnet market for ISPs and corporate networks. Read more

www.avertlabs.com:
Small SMiSh, Big Pond. Read more

blogs.zdnet.com:
Microsoft admits WGA failures "coming up more commonly now". Read more

didierstevens.wordpress.com:
PiXiE dust. Read more

www.it-analysis.com:
See the Bigger Picture on Data Security. Read more

minos.cs.ucdavis.edu:
Experiences Using Minos as A Tool for Capturing and Analyzing Novel Worms for Unknown Vulnerabilities. Read more

ddanchev.blogspot.com:
Media Censorship in China - FAQ. Read more

www.networkworld.com:
DEMO: VaporStream to raise eyebrows. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service. Read more

securitytracker.com:
Solaris IPv6 Processing Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
Solaris syslog(3c) Lets Local Users Disable Syslog. Read more

securitytracker.com:
FreeBSD i386_set_ldt() Integer Overflow May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
FreeBSD Kernel i386_set_ldt() Signed nteger Error Lets Local Users Deny Service. Read more

securitytracker.com:
FreeBSD Kernel i386_set_ldt() Integer Overflow Lets Local Users Deny Service. Read more

securitytracker.com:
IBM AIX named8 Lets Local Users Gain Root Privileges. Read more

 

News
www.securityfocus.com:
Microsoft releases fast patch for IE flaw. Read more

www.f-secure.com:
Real VML Patch is Out. Read more

www.securityfocus.com:
Researcher takes TRUSTe to task. Read more

www.downloadsquad.com:
Windows Genuine Advantage worse than we all feared. Read more

www.technewsworld.com:
AOL Customers Strike Back With Lawsuit. Read more

news.zdnet.com:
Microsoft sues over source code theft. Read more

techdirt.com:
Microsoft's Best Response To Cracked Copy Protection? Sue For Stolen Source Code. Read more

australianit.news.com.au:
Yahoo to rebrand hackers. Read more

www.terra.net.lb:
Microsoft, Yahoo link their instant messaging systems. Read more

www.nytimes.com:
Google to Push for More Electrical Efficiency in PC’s. Read more

. 26 September 2006

Guides, Papers, etc
sunbeltblog.blogspot.com:
Another zero day on the loose? keyframe (daxctle.ocx) exploit seen in the wild. Read more

msinfluentials.com:
More options on protecting against recent IE. Read more

blogs.zdnet.com:
Hardware DEP saves day again on VML IE exploit. Read more

www.websense.com:
VML Candid Camera. Read more

www.eweek.com:
Security: The Final ISP Frontier. Read more

www.harvardlawreview.org:
IMMUNIZING THE INTERNET, OR: HOW I LEARNED TO STOP WORRYING AND LOVE THE WORM. Read more

www.passivemode.net:
Weird Al Yankovic and JavaScript. Read more

www.informationweek.com:
Encryption Works Wonders, But Causes Its Own IT Headaches. Read more

www.thepcspy.com:
What Really Slows Windows Down. Read more

www.networkworld.com:
Learning spammers' tricks doesn't mean less junk. Read more

www.computerworld.com:
Bots Bedevil Data Security Barriers ...Read more

 

Vulnerabilities & Exploits
securitytracker.com:
ContentKeeper Discloses Passwords to Remote Authenticated Administrators. Read more

securitytracker.com:
SyntaxCMS Include File Bug in '0004_init_urls.php' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
cPanel Bug Lets Remote Authenticated Users Gain Root Access. Read more

securitytracker.com:
PNphpBB Include File Bug in 'includes/functions_admin.php' Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.securityfocus.com:
Tag-team attack exploits IE flaw. Read more

www.theregister.co.uk:
Unofficial IE patch saves humanity. Read more

www.chron.com:
Virus-writers now aim for slow but extensive computer takeovers. Read more

www.betanews.com:
Symantec Says There's No Safe Browser. Read more

www2.csoonline.com:
Symantec Dismisses Vista Security Debate. Read more

www.microsoft.com:
Federal Bureau of Investigation Honors Microsoft for Rapid Response to Mytob/Zotob Worm. Read more

www.theregister.co.uk:
Trend Micro to kick butt on botnets. Read more

today.reuters.co.uk:
Criminals flock to the Internet. Read more

www.theregister.co.uk:
Hackers target home users for cash. Read more

blogs.zdnet.com:
Proof that Antivirus software makes your PC crawl. Read more

www.vnunet.com:
Malware hiding behind online safety certificates. Read more

www.viruslist.com:
Two-factor authentication placed under spotlight. Read more

www.internetnews.com:
Report: Home Users Blind To Hackers. Read more

arstechnica.com:
Number of browser vulnerabilities rising. Read more

news.bbc.co.uk:
Spam trail uncovers junk empire. Read more

www.itnews.com.au:
Golf sites fall into malware sand trap. Read more

. 25 September 2006

Guides, Papers, etc
blogs.securiteam.com:
Windows VML Vulnerability FAQ (CVE-2006-4868). Read more

www.benedelman.org:
Certifications and Site Trustworthiness. Read more

blogs.securiteam.com:
Heap Spraying: Exploiting Internet Explorer VML 0-day XP SP2. Read more

www.benedelman.org:
Adverse Selection in Online “Trust” Certifications. Read more

staff.science.uva.nl:
The Domain Name Service as an IDS. Read more

www.washingtonpost.com:
If Only We Knew Then What We Know Now About Windows XP. Read more

podcast.dslextreme.com:
Audio: KFI Tech Guy 285. Listen

podcast.dslextreme.com:
Audio: TLR 4: Leo on CFRB with John Donabie. Listen

 

News
www.terra.net.lb:
China rolls out next generation Internet. Read more

www.itwire.com.au:
Microsoft petulance over third party zero day security strange. Read more

www.itweek.co.uk:
Faster-changing viruses and Web 2.0 threaten security. Read more

www.computerworld.com.au:
Symantec dismisses Vista security debate. Read more

www.terra.net.lb:
Internet "refuseniks" may be planning terror acts in coming years. Read more

www.eweek.com:
Web Application Attacks Dominate IT Landscape. Read more

www.theage.com.au:
Security maven Schneier wants to teach you something. Read more

www.mytelus.com:
Home computers under increased hacker threat, says security expert. Read more

. 23 September 2006

Guides, Papers, etc
www.bleepingcomputer.com:
How To Protect Yourself From The Vector Markup Language (vml) Exploit. Read more

isc.sans.org:
Yellow: MSIE VML exploit spreading (NEW). Read more

www.websense.com:
VML Candid Camera. Read more

blogs.securiteam.com:
Heap Spraying: Exploiting Internet Explorer VML 0-day. Read more

blogs.securiteam.com:
VML case: Affected Outlook versions listed. Read more

www.philippinehoneynet.org:
Honeynet Activity Monitor Report Archive 2006-07-24. Read more

www.darkreading.com:
Endeavor Sweetens the Honeynet. Read more

honeyblog.org:
HoneyPoint Security Server. Read more

ddanchev.blogspot.com:
Hezbollah's DNS Service Providers from 1998 to 2006. Read more

www.gnucitizen.org:
Self-contained XSS Attacks. Read more

www.businessweek.com:
Click Fraud. The dark side of online advertising. Read more

www.rsasecurity.com:
Audio: Speaking of Security Podcast #27. Listen

 

Tools:
www.infoworld.com:
Free security tools that really work. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
CA eTrust Security Command Center Lets Remote Authenticated Users Read/Delete Files and Lets Remote Users Conduct Replay Attacks. Read more

securitytracker.com:
CA eTrust Audit May Let Remote Users Conduct Replay Attacks. Read more

securitytracker.com:
Apple AirPort Wireless Driver Has Buffer Overflows That Let Remote Users on the Wireless Network Execute Arbitrary Code. Read more

 

News
www.eweek.com:
Zero-Day Response Team Launches with Emergency IE Patch. Read more

www.securityfocus.com:
Unofficial IE 0-day patch appears. Read more

www.betanews.com:
Microsoft Rushes Patch for VML Exploit. Read more

news.netcraft.com:
Hacked HostGator Sites Distribute IE Exploit. Read more

www.securityfocus.com:
HP chief apologizes, denies he knew of hacking. Read more

www.computerworld.com:
Bots Bedevil Data Security Barriers ...Read more

ipcommunications.tmcnet.com:
Now that hackers understand it, a mass-mailing could hit next week. Read more

news.zdnet.co.uk:
OpenSSL hit by forgery bug. Read more

news.com.com:
Taking passwords to the grave. Read more

www.theregister.co.uk:
Germany proposes hacker law update. Read more

techdirt.com:
Not Just Third World Nations Banning Skype; Universities Get On Board Too. Read more

arstechnica.com:
Some VoIP services surpass traditional phones. Read more

. 22 September 2006

Guides, Papers, etc
www.darkreading.com:
Most Popular Trojans. Read more

media.grc.com:
Audio: Two New Critical Windows Problems. Listen

blogs.securiteam.com:
IE VML (vgx.dll) Massively Exploited ItW. Read more

blogs.securiteam.com:
XSSing with the expect header. Read more

isc.sans.org:
Apple updates Airport Drivers (NEW). Read more

www.dimva2007.org:
DIMVA 2007. Fourth GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment. Call for Papers. Read more

ddanchev.blogspot.com:
Interesting Anti-Phishing Projects. Read more

www.eweek.com:
This Column Is a Fraud! Read more

www.windowsecurity.com:
WiFi security or lack thereof (Part 1). Read more

hezroncomputerzone.awardspace.com:
Increase Internet Bandwidth (Broadband). Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Sun Secure Global Desktop Input Validation Holes Permit Cross-Site Scripting Attacks and Disclose System Information to Remote Users. Read more

securitytracker.com:
Cisco IOS Default DOCSIS Community String May Grant Remote Users Access via SNMP. Read more

securitytracker.com:
Norton System Works SymEvent Driver Lets Local Users Deny Service. Read more

securitytracker.com:
Symantec Host IDS SymEvent Driver Lets Local Users Deny Service. Read more

securitytracker.com:
Symantec Anti Virus SymEvent Driver Lets Local Users Deny Service. Read more

securitytracker.com:
pcAnywhere SymEvent Driver Lets Local Users Deny Service. Read more

securitytracker.com:
Norton Internet Security SymEvent Driver Lets Local Users Deny Service. Read more

securitytracker.com:
Symantec Client Security SymEvent Driver Lets Local Users Deny Service. Read more

securitytracker.com:
Norton Personal Firewall SymEvent Driver Lets Local Users Deny Service. Read more

 

News
www.securityfocus.com:
Apple wireless vulnerable after all. Read more

www.theregister.co.uk:
29% of departing directors admit stealing data - survey. Read more

www.computerworld.com:
Malware researcher developing stronger Blue Pill. Read more

www.cio.com:
Bruce Schneier: We Are Losing IT Security War. Read more

www.theregister.co.uk:
Smut sites use IE exploit to spread spyware. Read more

news.zdnet.co.uk:
Shady sites exploit another IE flaw. Read more

www.esecurityplanet.com:
IE Vulnerability Spreads To Email. Read more

www.theregister.co.uk:
Botnet creators AIM high. Read more

www.cio.com:
China Builds a Better Internet. Read more

www.betanews.com:
Symantec, Adobe Complain Over Vista. Read more

news.com.com:
E-cards used in data-thieving scam. Read more

www.eweek.com:
Googling for ATM Master Passwords. Read more

www.darkreading.com:
Hackers Reveal Vulnerable Websites. Read more

www.redorbit.com:
Hacker Enters UT Data System ; Information on 36,000 People Vulnerable but Apparently Unused. Read more

www.heise.de:
German government wants to close remaining loopholes in IT laws. Read more

www.mercurynews.com:
SJ State weighs Skype ban. Read more

www.computerworld.com:
Antispyware groups: Legislation still needed. Read more

www.chrisbrunner.com:
Script Kiddie Leaves Photo ID Behind After Wreaking Havoc. Read more

www.newscientisttech.co:
Virtual cityscapes show town planners the future. Read more

. 21 September 2006

Guides, Papers, etc
blogs.securiteam.com:
Internet Explorer VML Zero-Day Mitigation. Read more

www.f-secure.com:
VML Exploit - Internet Explorer. Read more

sunbeltblog.blogspot.com:
More on zero day -- Epic loads of adware and a patch date from Microsoft. Read more

www.gnucitizen.org:
Backdooring MP3 Files. Read more

sunbeltblog.blogspot.com:
Snort signature for VML exploit -- works with Kerio or other IDS. Read more

sunbeltblog.blogspot.com:
No, I don't think the secret police are involved. Read more

sunbeltblog.blogspot.com:
Another fake codec site. Read more

sunbeltblog.blogspot.com:
Minor change to VML exploit mitigation. Read more

sunbeltblog.blogspot.com:
Disabling Javascript no longer a valid mitigation for VML exploit. Read more

www.myantispyware.com:
How to block VML exploit. Read more

isc.sans.org:
2222/tcp Probe Increase (NEW). Read more

www.cs.uoregon.edu:
Simulation and Analysis on the Resiliency and E.ciency of Malnets. Read more

blogs.msdn.com:
The IE7 User-Agent String. Read more

www.hung-truong.com:
How To Stop RSS Scrapers From Stealing Your Content. Plus Revenge! Read more

honeyblog.org:
The Nepenthes Platform: An Efficient Approach to Collect Malware. Read more

 

Tools:
torpark.nfshost.com:
Torpark. Free anonymous browsing. Read more

 

Vulnerabilities & Exploits
sunbeltblog.blogspot.com:
Seen in the wild: Zero Day exploit being used to infect PCs. Read more

securitytracker.com:
Cisco Intrusion Prevention System Lets Remote Users Deny Service or Evade Detection. Read more

securitytracker.com:
Cisco Guard Input Validation Flaw in Anti-Spoofing Feature Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Norton Anti-Virus SymEvent Driver Lets Local Users Deny Service. Read more

securitytracker.com:
NextAge Cart Input Validation Holes in 'CatId' and 'SearchWd' Parameters Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
Site@School Input Validation Flaws Let Remote Users View Files and Execute Arbitrary Code. Read more

securitytracker.com:
[Duplicate] Microsoft PowerPoint Bug Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.theregister.co.uk:
Gonzales calls for ISP data retention laws. Read more

www.itnews.com.au:
Porn scammers hit new IE vulnerability. Read more

www.baltimoresun.com:
AOL's security center leaves 'nasty stuff' in scanning for spyware. Read more

www.techworld.com:
Security war is being lost, says Schneier. Read more

www.vnunet.com:
Rootkits getting more devious. Read more

www.avertlabs.com:
Internet browsers and cyber-crime. Read more

www.betanews.com/:
Dell Laptop Explodes at Yahoo. Read more

www.computerworld.com/:
Firefox variant lets users surf without a trace. Read more

www.microsoft-watch.com:
Will Europe Delay Vista? Read more

. 20 September 2006

Guides, Papers, etc
www.securityfocus.com:
Liar, Liar, and pretexting. Read more

isc.sans.org:
Yet another MSIE 0-day: VML (NEW). Read more

blogs.securiteam.com:
New IE 0day as Part of Webattacker? Read more

blogs.securiteam.com:
Microsoft PowerPoint Vulnerability FAQ - September 2006, CVE-2006-4854 [UPDATED]. Read more

www.cs.uoregon.edu:
Midgard Worms: Sudden Nasty Surprises from a Large Resilient Zombie Army. Read more

blog.spywareguide.com:
Pipeline Worm Floods AIM with Botnet Drones. Read more

ddanchev.blogspot.com:
Banking Trojan Defeating Virtual Keyboards. Read more

www.itjungle.com:
Is Antivirus Ready for Open Source? Read more

www.windowsitpro.com:
Windows Vista's Take on Least Privilege. Read more

news.zdnet.co.uk:
Cisco: Windows Vista is scary. Read more

www.windowsitpro.com:
Allchin: 200 Million Windows Vista Users in 24 Months. Read more

blogs.msdn.com:
Ready... set... Don't Reboot! Read more

www.podtrac.co:
Audio: Inside the Net 34: Cali Lewis of Geekbrief. Listen

www.smh.com.au:
Code cracking is the new pot of gold. Read more

www.securityfocus.com:
Beginner's guide to wireless auditing. Read more

 

Tools:
www.cwsandbox.org:
CWSandbox: Automatic Behaviour Analysis of Malware. Read more

www.pcworld.com:
Makers of rootkits--malware that can be particularly well hidden--consider IceSword the toughest rootkit scanner. Read more

 

Vulnerabilities & Exploits
Microsoft Security Advisory (925568)
Vulnerability in Vector Markup Language Could Allow Remote Code Execution. Read more

securitytracker.com:
Microsoft Internet Explorer VML Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Gzip Bugs in Expanding Archives Let Remote Users Cause Denial of Service Conditions or Arbitrary Code Execution. Read more

securitytracker.com:
ECardPro Input Validation Flaw in 'search.asp' Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Charon Cart Input Validation Flaw in 'review.asp' Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
artmedic links Include File Bug in 'id' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
EShoppingPro Input Validation Bug in 'search_run.asp' Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Moodle Input Validation Flaw in '/blog/edit.php' Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
BizDirectory Input Validation Holes Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
BusyBox Lets Remote Users Traverse the Directory With URL Encoded Requests. Read more

 

News
www.eweek.com:
Spyware, Bots, Rootkits Flooding Through Unpatched IE Hole. Read more

www.betanews.com:
New Exploit Could Affect Both Office 2007 and IE. Read more

www.informationweek.com:
Researchers Spot AIM Bot Being Built. Read more

www.newsday.com:
Hezbollah cracked the code. Read more

www.cbsnews.com:
Gonzales Wants New Web Rules. Read more

www.darkreading.com:
Cymphonix Undoes Anonymous Activity. Read more

www.eweek.com:
International Alliance to Study RFID, Wireless Security. Read more

www.channelregister.co.uk:
79 Microsoft sets attack dogs on 20 'illegal' dealers. Read more

news.zdnet.co.uk:
Microsoft feuds with rivals over Vista security. Read more

news.com.com:
Rivals skirmish with Microsoft over Vista security. Read more

news.zdnet.co.uk:
Google blocks phishing hole. Read more

www.smh.com.au:
Security conference to debut Windows firewire crack. Read more

www.boston.com:
Life is good suffers security breach. Read more

news.zdnet.com:
FTC shuts down four spam rings. Read more

today.reuters.co.u:
Broadband supplier slammed for "up to 8 meg" ads. Read more

web.mit.edu:
Engine on a chip promises to best the battery. Read more

. 19 September 2006

Guides, Papers, etc
www.avertlabs.com:
Google Analytics and Bots. Read more

isc.sans.org:
Log analysis follow up. Read more

www-static.cc.gatech.edu:
Understanding the Network­Level Behavior of Spammers. Read more

www.darkreading.com:
What's Wrong With Google? Read more

www.eweek.com:
ePassports—Why? Read more

www.passivemode.net:
Metasploit 3.0 Automated Exploitation. Read more

www.opendns.com:
Frequently Asked Questions at OpenDNS. Read more

www.youtube.com:
Video: Mythbusters: When biometrics fail. Watch

www.shivaranjan.com:
How to Find and Change Windows Product Key and Registration Information. Read more

 

Tools:
betterfonts.com:
10,000 free fonts and counting! Read more

 

News
www.informationweek.com:
Researchers Spot AIM Bot Being Built. Read more

www.securityfocus.com:
AIM bot creates "fight combos" to spread. Read more

www.theregister.co.uk:
Spamhaus repels DDoS attack. Read more

www.pcadvisor.co.uk:
Gartner predicts rootkit trouble ahead. Read more

www.eweek.com:
Microsoft Lures Another McAfee Security Guru. Read more

www.eweek.com:
Malware Money Tough to Trace. Read more

www.itnews.com.au:
Spammers use ‘video tributes’ to trick users. Read more

www.theregister.co.uk:
Hacking probe clouds Swedish election result. Read more

www.itnews.com.au:
Hackers up the ante with targeted attacks. Read more

www.theregister.co.uk:
Web vulns top security threat index. Read more

www.virusbtn.com:
Google embarrassed by phishing demo. Read more

www.idc.com:
Private Internet Use by Staff Threatens IT Security in Danish Companies, Says IDC. Read more

blogs.ittoolbox.com:
Laptop Thief: Owned! Read more

. 18 September 2006

Guides, Papers, etc
blogs.securiteam.com:
.MS: Alternate Root and Monoculture as Good Things. Read more

blogs.securiteam.com:
Spammy redirects. Read more

www.f-secure.com:
AutoIt.D and Agent.AXN Spreading via Yahoo! Messenger. Read more

msmvps.com:
The risk evaluation of patching. Read more

www.it-observer.com:
Managing Windows Security Patches. Read more

www.podtrac.com:
Audio: TWiT 69: You're On My List. Listen

www.hexblog.com:
Automated binary analysis woes. Read more

www.darkreading.com:
Cross-Site Scripting: Attackers' New Favorite Flaw. Read more

www.research.att.com:
Analyzing Large DDoS Attacks Using Multiple Data Sources. Read more

cyber-knowledge.net:
Analyzing 20,000 MySpace Passwords. Read more

duggmirror.com:
Windows Genuine Advantage Notifications Nag Screen. Read more

www.youareadopted.com:
Easy Way to Bypass Windows Genuine Advantage. Read more

reviews.cnet.com:
Behavior. Read more

 

Tools:
michaeldaw.org:
ASP Auditor v1.0 BETA, Identify Vulnerable ASP.NET Servers. Read more

www.ex-parrot.com:
Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Citrix Access Gateway LDAP Authentication Flaw Grants Access to Remote Users. Read more

securitytracker.com:
Mozilla Thunderbird Lets Remote Users Execute JavaScript Via Remote XBL Files. Read more

securitytracker.com:
Mozilla Seamonkey Lets Remote Users Execute JavaScript Via Remote XBL Files. Read more

 

News
software.silicon.co:
Microsoft sued over security software brand. Read more

www.zdnet.com.au:
Worm warning: Beware staff surfing, says IDC. Read more

www.zdnet.com.au:
Browser flaws biggest software security risk. Read more

news.com.com:
HP spying more elaborate than reported. Read more

googlewatch.eweek.com:
Hacker Helps Google Add Orkut to Gmail. Read more

edition.cnn.com:
No guarantees when it comes to Web privacy. Read more

www.itnews.com.au:
Spammers use ‘video tributes’ to trick users. Read more

biz.yahoo.com:
Security Products Sold Despite Freeware. Read more

. 16 September 2006

Guides, Papers, etc
www.securityfocus.com:
A question of ethics. Read more

security.itworld.com:
How spammers identify their targets. Read more

www.eecs.umich.edu:
Is BGP Update Storm a Sign of Trouble: Observing the Internet Control and Data Planes During InternetWorms. Read more

www.securityfocus.com:
Web flaws race ahead in 2006. Read more

www.eweek.com:
RSS' Security Deadline. Read more

www.f-secure.com:
Yuha de Fun Jinsa? Read more

www.gnucitizen.org:
Google Search API Worms. Read more

www.techweb.com:
Browser Wars: The Saga Continues. Read more

www.phenoelit.de:
Default Password List. Read more

 

Vulnerabilities & Exploits
isc.sans.org:
Multiple vulnerabilities fixed in Firefox, Thunderbird and Seamonkey (NEW). Read more

securitytracker.com:
Mozilla Thunderbird Certificate Signatures Can Be Forged. Read more

securitytracker.com:
Mozilla Seamonkey Certificate Signatures Can Be Forged. Read more

securitytracker.com:
Mozilla Firefox Certificate Signatures Can Be Forged. Read more

securitytracker.com:
HP-UX X.25 Lets Local Users Deny Service. Read more

securitytracker.com:
Mozilla Firefox document.open() Function Lets Remote Users Inject HTML into Frames. Read more

securitytracker.com:
Mozilla Seamonkey document.open() Function Lets Remote Users Inject HTML into Frames. Read more

securitytracker.com:
Microsoft Internet Explorer Buffer Overflow in 'daxctle.ocx' ActiveX in KeyFrame Method Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Novell Identity Manager Environment Variable Validation Bug Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
PDshopPro Shopping Cart Discloses Database to Remote Users. Read more

securitytracker.com:
Mozilla Firefox Auto-Update Can Be Spoofed in Certain Cases. Read more

securitytracker.com:
Mozilla Thunderbird Auto-Update Can Be Spoofed in Certain Cases. Read more

securitytracker.com:
Mozilla Firefox Input Validation Flaw in Popup Blocking Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Mozilla Thunderbird Javascript Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mozilla Seamonkey Javascript Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
GnuTLS May Allow Digital Signatures to Be Forged. Read more

 

News
www.theregister.co.uk:
Spies, Big Brother and sweaty cops' fingerprints. Read more

today.reuters.co.uk:
Cyber crime becoming more organised. Read more

www.theregister.co.uk:
Spammers feel the pinch from Feds. Read more

www.techweb.com:
Mozilla's New Security Chief: Dump Old Code. Read more

www.betanews.com:
Spamhaus Won't Pay Alleged Spammer. Read more

www.darkreading.com:
A New Way to Beat Spam? Read more

www.vnunet.com:
Windows Vista RC1 released for public download. Read more

www.darkreading.com:
Free Tool Will Help Analyze Attacks. Read more

www.smh.com.au:
Trojan lurks in fake news.com.au site. Read more

. 15 September 2006

Guides, Papers, etc
honeyblog.org:
On the Economics of Botnets - Part 2. Read more

www.csoonline.com.au:
Five Ways Google Is Shaking the Security World. Read more

www.gfi.com:
Pod Slurping - An easy technique for stealing data. Read more

Audio: Security Now! 57: Virtual PC - sponsored by Astaro Corp. Listen

blogs.securiteam.com:
Nifty social engineering. Read more

blogs.securiteam.com:
Phishers can include address of victim too. Read more

blogs.securiteam.com:
APWG: More new phishing Web sites than ever. Read more

www.avertlabs.com:
Grassing up spammers still works. Read more

www.michaelgeist.ca:
The Missing Sony Exhibit. Read more

www.infectionvectors.com:
Weaponized: Virulence and Malware. Read more

isc.sans.org:
Adaware corrects their false positives (NEW). Read more

ddanchev.blogspot.com:
Internet PSYOPS - Psychological Operations. Read more

www.esecurityplanet.com:
Don't Ignore Device-Driver Dangers. Read more

 

Vulnerabilities & Exploits
www.xsec.org:
Internet Explorer COM Object Heap Overflow Download Exec Exploit. Read more

securitytracker.com:
Cisco IOS VLAN Trunking Protocol Bugs Let Remote Users Deny Service and Execute Arbitrary Code. Read more

securitytracker.com:
Symantec Anti Virus Corporate Edition Custom Notification Format String Bug Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
HP-UX Running ARPA Transport Software Lets Local Users Deny Service. Read more

securitytracker.com:
QuickTime Overflows in Processing H.264, QuickTime, FLC, FlashPix and SGI Files Let Remote Users Execute Arbitrary Code. Read more

 

News
ActiveX Controls Still Vulnerable After Four Years. Read more

www.techweb.com:
Spammers Speed Up Domain Cycling To Stay Off Blacklists. Read more

news.com.com:
FTC shuts down four spam rings. Read more

www.securityfocus.com:
Princeton researchers demonstrate Diebold virus. Read more

www.securityfocus.com:
DHS releases report on Cyber Storm exercise. Read more

www.pcadvisor.co.uk:
Criminals 'teaming up with hackers'. Read more

news.com.com:
Is open source getting to Microsoft? Read more

news.com.com:
HP scandal reviving pretexting legislation. Read more

www.theregister.co.uk:
Mistakes in identity. Read more

www.regdeveloper.co.uk:
Commission concerned about Vista security. Read more

www.cbronline.com:
Security in DNS spotlight again. Read more

searchsecurity.techtarget.com:
Microsoft: We're not out to crush security vendors. Read more

www.symantec.com:
Spyware as a service. Read more

today.reuters.com:
Microsoft touts wireless connection as iPod killer. Read more

. 14 September 2006

Guides, Papers, etc
www.vinnylingham.com:
Cookies Detected by Anti-Spyware Programs: The Current Status. Read more

www.beyondsecurity.com:
THE WORLD OF BOTNETS. Read more

isc.sans.org:
Microsoft security patches for September 2006 (NEW). Read more

www.darkreading.com:
Study: Browsers Are Chief Virus Carrier. Read more

itpolicy.princeton.edu:
Security Analysis of the Diebold AccuVote-TS Voting Machine. Read more

blogs.technet.com:
The Case of the Process Startup Delays. Read more

www.betanews.com:
Study: Adware Increasing Exponentially. Read more

www.nwfdailynews.com:
Surfing anonymously has its drawbacks. Read more

michaeldaw.org:
Backdooring PDF Files. Read more

www.microsoft.com:
How to disable an unwanted program with Windows Vista or Windows XP Service Pack 2. Read more

www.eff.org:
Six Tips to Protect Your Online Search Privacy. Read more

www.passivemode.net:
Protecting Your Online Search Privacy. Read more

www.eweek.com:
How Big Is the Click Fraud Problem? Read more

www.eweek.com:
The Problem of Ad-Hoc Storage and Connections. Read more

www.icir.org:
A Study of Massmailing Worms. Read more

www.wormblog.com:
Worms, Bots and Holy Grails. Read more

www.securitypronews.com:
Evolution Of The Hacker Threat. Read more

blogs.msdn.com:
CreateURLMoniker Considered Harmful. Read more

didierstevens.wordpress.com:
UserAssist on Windows Vista. Read more

didierstevens.wordpress.com:
Malicious Cryptography. Read more

ddanchev.blogspot.com:
Malware on Diebold Voting Machines. Read more

www.windowsecurity.com:
Implementing Active Directory Delegation of Administration. Read more

www.bleepingcomputer.com:
The art of social engineering. Read more

www.infoworld.com:
Is the end of anti-virus finally here? Read more

twit.cachefly.net:
MacBreak Weekly 6: It's Showtime. Read more

 

Tools:
oss.coresecurity.com:
The Universal Hooker is a tool to intercept execution of programs. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Microsoft Internet Explorer URLMON.DLL Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

research.eeye.com:
Internet Explorer Compressed Content URL Heap Overflow Vulnerability. Read more

www.frsirt.com:
Microsoft Internet Explorer "daxctle.ocx" KeyFrame Buffer Overflow Vulnerability. Read more

securitytracker.com:
ncompress Buffer Overflow in decompress() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Adobe ColdFusion Infinite Loop Permits Denial of Service Attacks and Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Adobe Flash Player Input Validation Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
X Buffer Overflow in Processing CID-encoded Type1 Fonts Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft PGM Implementation Buffer Overflow in MSMQ Service Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Publisher Buffer Overflow in Parsing '.pub' Files Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Simpleboard Include File Bug in 'file_upload.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
TWiki Input Validation Flaw in 'viewfile' Script Lets Remote Users Traverse the Directory. Read more

securitytracker.com:
Ipswitch IMail Server SMTP Service Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Ipswitch Collaboration Suite SMTP Service Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.microsoft.com:
Microsoft Security Bulletin MS06-042 Re-Releases. Read more

www.microsoft.com:
Microsoft Security Bulletin Summary for September, 2006. Read more

www.technewsworld.com:
Microsoft Fixes One Critical Flaw, Zero-Day Patch Still Missing. Read more

www.securityfocus.com:
Zotob author sentenced to 2 years in prison. Read more

itnomad.wordpress.com:
Germany: Crackdown on TOR-node operators. Read more

www.itnews.com.au:
Massive DoS attacks against ISPs on the rise. Read more

www.securityfocus.com:
HP's Dunn to step down amidst hacking scandal. Read more

www.siliconvalley.com:
Sony's ill-fated CD copy protection still causing problems. Read more

ftc.gov:
FTC Closes Door on Spyware Operation. Read more

www.securityfocus.com:
Malware scrambles to evade defenses. Read more

www.usatoday.com:
Princeton professor raises alarm over electronic voting, hacks test machine. Read more

www.theregister.co.uk:
Microsoft sues British spammer for Hotmail breach. Read more

www.washingtonpost.com:
Police Investigating Schwarzenegger Tape. Read more

www.sophos.com:
New trick adopted by spammers to harvest email addresses. Read more

www.infoworld.com:
Microsoft, EC tangle over Vista security. Read more

www.vnunet.com:
Two-thirds of phishing scams target single US bank. Read more

www.sophos.com:
When is a phish not a phish? Warning over "anti-phishing" scam. Read more

. 07 September 2006

This site will not be updated daily until 16 september.

 

Guides, Papers, etc
www.scs.carleton.ca:
Radio Frequency Fingerprinting for Intrusion Detection in Wireless Networks. Read more

www.windowsecurity.com:
SPIKE and BURP for real world computer security usage (Part 4). Read more

www.darkreading.com:
Researchers Challenge DOS Attack Data. Read more

www.castlecops.com:
August's Top 30 Phish. Rea more

blogs.securiteam.com:
Antimated GIFs in spam. Read more

isc.sans.org:
Quick plug: Netcat in the Hat. Read more

www.eweek.com:
Java's Momentum Is Running Low. Read more

searchwindowssecurity.techtarget.com:
The hacker handbook: 11 tips in 11 minutes. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Cisco IOS GRE Parsing Error May Let Remote Users Inject Packets. Read more

securitytracker.com:
DynCms Include File Flaw in 'x_admindir' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
SoftBB Input Validation Hole in 'page' Parameter Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
ZixForum Input Validation Flaw in 'RepId' Parameter Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
AuditWizard Stores Domain Administrator Password in Clear Text on Audited Systems. Read more

securitytracker.com:
BIND Query Processing Bugs Let Remote Users Deny Service. Read more

securitytracker.com:
simple Blog Input Validation Flaw in 'id' Parameter Lets Remote Users Inject SQL Commands. Read more

 

News
www.wired.com:
Quickest Patch Ever. Read more

www.securityfocus.com:
Security pro pleads guilty to USC breach. Read more

www.theregister.co.uk:
Zombies crawl over wiki exploits. Read more

www.securityfocus.com:
HP's pretext to spy. Read more

www.websense.com:
Samsung Telecom Site hosting Crimeware. Read more

. 06 September 2006

Guides, Papers, etc
daringfireball.net:
An Open Challenge to David Maynor and Jon Ellch. Read more

daringfireball.net:
Update on the MacBook Wi-Fi Exploit Challenge. Read more

blog.washingtonpost.com:
The Black Hat Wireless Exploit Interview, Verbatim. Read more

www.cio.com:
Microsoft Nets Phishing Filter Technology. Read more

www.securityfocus.com:
Disclosure survey. Read more

arstechnica.com:
Fingerprinting WiFi could secure MAC addresses. Rea more

www.f-secure.com:
Keynoting. Read more

cyber-knowledge.net:
GMail Hacks/Tips. Read more

 

Tools:
isc.sans.org:
The Sleuth Kit (TSK) for Windows released (NEW). Read more

www.turboexplorer.com:
Turbo Delphi, Turbo C#, Turbo C++ available today for FREE. Read more

www.ragestorm.net:
diStorm64 is a professional quality open source disassembler library for AMD64. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
MailEnable SMTP Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
OpenSSL RSA Signatures Can Be Forged. Read more

securitytracker.com:
MySQL Replication Error Lets Local Users Deny Service. Read more

securitytracker.com:
Web Dictate Lets Remote Users Gain Administrative Access with a Null Password. Read more

securitytracker.com:
Tr Forum Input Validation Flaw in '/admin/editer.php' Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Microsoft Word Unknown Vulnerability Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.securityfocus.com:
New MS Word 0-day found. Read more

www.theregister.co.uk:
Trojan targets 0-day Word vuln. Read more

www.securityfocus.com:
MacBook controversy continues with challenge. Read more

www.iht.com:
Man admits he hacked into California university application system. Read more

www.theregister.co.uk:
Hackers hijack UK.gov wiki. Read more

www.usatoday.com:
Former TSA workers' data exposed. Read more

www.itnews.com.au:
SMS phishing attacks hit mobile users. Read more

www.darkreading.com:
Dual Authentication Tapped in Phish Fight. Read more

www.technewsworld.com:
Google to Comply With Brazilian Court Order. Read more

www.securitypronews.com:
Spammers Move Scams Into Attachments. Read more

www.sophos.com:
Man admits blackmailing schoolgirls via webcam spyware. Read more

www.crn.com:
Partners Say Vista RC1 Close But Not Quite Ready. Read more

. 05 September 2006

Guides, Papers, etc
blogs.securiteam.com:
Open Source Viruses: Worms, Bots and Buzzwords. Read more

blogs.securiteam.com:
Microsoft Word 0-day Vulnerability FAQ - September 2006, CVE-2006-xxxx. Read more

isc.sans.org:
Reports of Bots exploiting pmwiki and tikiwiki (NEW). Read more

www.jgc.org:
Subliminal advertising in spam? Read more

isc.sans.org:
More about the host based firewall on Windows XP SP2 (NEW). Read more

www.viruslist.com:
Mobile phone trojans. Read more

tech.cybernetnews.com:
And The Best Antivirus Is...Read more

www.eweek.com:
Web Surfers Anonymous. Read more

www.newsnow.co.uk:
Laptop hacking step by step. Read more

computer.howstuffworks.com:
How BitTorrent Works. Read more

 

Tools:
searchwindowssecurity.techtarget.com:
TrueCrypt: Free encryption utility. Read more

freedos.sourceforge.net:
FreeDOS is a free DOS-compatible operating system for IBM-PC compatible systems. FreeDOS is made of up many different, separate programs that act as "packages" to the overall FreeDOS Project. Read more

web-harvest.sourceforge.net:
Web-Harvest is Open Source Web Data Extraction tool written in Java. It offers a way to collect desired Web pages and extract useful data from them. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
VeriChat Discloses Passwords to Local Users. Read more

securitytracker.com:
SoftBB Lets Remote Users Inject SQL Commands and Execute Arbitrary Code. Read more

securitytracker.com:
FlashChat Include File Bug in 'dir[inc]' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
OpenLDAP 'selfwrite' Access Control Error May Let Remote Authenticated Users Make Unauthorized Attribute Modifications. Read more

securitytracker.com:
CR64Loader ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.theregister.co.uk:
A third of dodgy emails are phishing attacks. Read more

www.eweek.com:
Microsoft Research Builds 'BrowserShield'. Read more

enterprise.linux.co:
Johnny Cache breaks silence on Apple Wi-Fi exploit. Read more

www.irishdev.com:
Virus rate increases in August. Read more

www.securitypark.co.uk:
No virus epidemic in August but strong increase in phishing emails. Read more

www.viruslist.com:
Network security fraudster arrested in Spain. Read more

www.siliconrepublic.com:
Crimeware now a crimewave, security group finds. Read more

www.theregister.co.uk:
Japanese internet guru pleads not guilty. Read more

www.theregister.co.uk:
Security experts cry foul over Browzar. Read more

www.betanews.com:
ISP Hands Over File Swapper's Name. Read more

. 04 September 2006

Guides, Papers, etc
www.insecuremagazine.com:
(IN)SECURE Magazine ISSUE 1.8 (September 2006). Read more

blogs.securiteam.com:
Redmond, we have a new Word 2000 0-day again. Read more

aolradio.podcast.aol.com:
Audio: Security Now! 55 with Steve Gibson: Application Sandboxes. Listen

www.timesonline.co.uk:
Trojans: worse than a virus. Read more

www.theage.com.au:
The spy in your computer. Read more

www.passivemode.net:
Identity Theft Techniques. Read more

www.eweek.com:
The Malware Testing Standards Problem. Read more

isc.sans.org:
Browzar, the privacy that may not be (NEW). Read more

www.apcstart.com:
Vista RC1: looks good but boots s-l-o-w…Read more

blogs.technet.com:
Windows Vista Security Guide coming - download and webcast information. Read more

honeyblog.org:
Defacing Tool 2.0 by r3v3ng4ns. Read more

www.mcs.vuw.ac.nz:
Attack Detection Failures of High Interaction Client Honeypots. Read more

ddanchev.blogspot.com:
The Biggest Military Hacks of All Time. Read more

blogs.securiteam.com:
Wireless not working? go Wired. Read more

www.mobilenewscwp.co.uk:
Could you be a voicemail hacker? Read more

www.eweek.com:
Sandia's Red Teams: On the Hunt for Security Holes. Read more

www.computerworld.com.au:
Study: Device ID could stop stolen-password attacks. Read more

www.cs.purdue.edu:
CyberTrap: Detecting and Quarantining Scanning Worms in Enterprise Networks. Read more

www.dailymail.co.uk:
Sorry, you can't have the internet... you're over 70. Read more

 

Tools:
www.snapfiles.com:
Sandboxie, run programs in a sandbox. Read more

 

News
www.theregister.co.uk:
Google developing eavesdropping software. Read more

news.bbc.co.uk:
'Adware' attack on privacy tool. Read more

www.zdnet.com.au:
Two years on, Nestsky-P tops virus charts. Read more

www.betanews.com:
Vista Inches Closer to Release with RC1. Read more

www.vnunet.com:
Web giants accused of privacy violations. Read more

. 02 September 2006

The New Trojans of August. Read more

 

Guides, Papers, etc
blog.washingtonpost.com:
Study Analyzes 16 Months of Data Breaches. Read more

portal.spidynamics.com:
Why All The Hype About 0day? Read more

sfgate.com:
Phishing expedition at heart of AT&T hacking. Read more

isc.sans.org:
CA eTrust Antivirus [was] flagging lsass.e x e. Read more

www.surbl.org:
An Open Letter To Operators Of Redirection Sites. Read more

www.microsoft-watch.com:
Will Google Rain on Microsoft's Vista Parade? Read more

saikat.guha.cc:
An Experimental Study of the Skype Peer-to-Peer VoIP System. Read more

www.darkreading.com:
Hacking Home WLANs. Read more

www.viruslist.com:
Watershed in malicious code evolution. Read more

didierstevens.wordpress.com:
Hiding the password. Read more

cquirke.blogspot.com:
Repairing Safe Mode (Safeboot). Read more

www.sysinternals.com:
The Antispyware Conspiracy. Read more

www.netdemon.net:
How to use WHOIS effectively to track spammers. Read more

 

Tools:
tweakers.net:
Mozilla Firefox 2.0 beta 2. Read more

www.linux.com:
Freenigma: Encryption for webmail. Read more

www.chmaas.handshake.de:
Freeware Hex Editor XVI32. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Webmin Input Validation Hole Permits Cross-Site Scripting Attacks and Discloses Script Source Code to Remote Users. Read more

securitytracker.com:
Usermin Input Validation Hole Permits Cross-Site Scripting Attacks and Discloses Script Source Code to Remote Users. Read more

securitytracker.com:
Yet Another Community System (YACS) Include File Bug in 'context[path_to_root]' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Pheap Include File Bug in 'config.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
ExBB Include File Bug in 'exbb[home_path]' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
OpenVMS 'SESSION_CONTROL.EXE' May Disclose a Password to Administrators via the Audit Log. Read more

securitytracker.com:
Lyris ListManager Lets Remote Authenticated Administrators Add Users to Arbitrary Lists. Read more

 

News
www.infoworld.com:
Microsoft downplays latest malware warnings. Read more

www.msnbc.msn.com:
Activists hijack Lockheed Martin phones. Read more

www.theregister.co.uk:
'Video-hams' tap into insecure surveillance cams. Read more

www.reghardware.co.uk:
Dell laptop detonates in UK home. Read more

weblog.infoworld.com:
Samsung breaks 4G barrier. Read more

techdirt.com:
RIAA Still Feels Entitled To Scour Everyone's Hard Drives. Read more

. 01 September 2006

Guides, Papers, etc
www.virusbtn.com:
Virus Bulletin - September 2006. Read more

isc.sans.org:
Security Tip of the day: Handling brute-force login attempts. Read more

www.passivemode.net:
Honeypot Fun. Read more

www.mcs.vuw.ac.nz:
Attack Detection Failures of High Interaction Client Honeypots. Read more

didierstevens.wordpress.com:
Playing with utilman.exe. Read more

didierstevens.wordpress.com:
My second playdate with utilman.exe. Read more

www.f-secure.com:
Mobile Spy Tool (With Video). Read more

www.symantec.com:
Build-your-own Trojan starter kit. Read more

www.heise-security.co.uk:
Thou shalt not create new viruses. Read more

www.viruslist.com:
Good guys doing bad things, part 2. Read more

www.securityfocus.com:
Trusted computing a shield against worst attacks? Read more

www.myantispyware.com:
Worm uses MS04-007, MS05-017, MS05-039, MS06-040 bugs. Read more

www.scs.carleton.ca:
Detecting Intra-enterprise Scanning Worms based on Address Resolution. Read more

csrc.nist.gov:
Guidelines for Media Sanitization. Read more

www.darkreading.com:
How Identity Theft Works. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
ezContents Input Validation Holes Permit Cross-Site Scripting and SQL Injection Attacks and Arbitrary Code Execution. Read more

 

News
www.communications-news.com:
EXPERT VIRUS RESEARCHER ABANDONS MCAFEE FOR SOPHOS. Read more

www.viruslist.com:
Russia enacts new tough anti-piracy laws. Read more


Copyright© MegaSecurity.org