Home    News Archive    Translate Traducen
News September 2007
29 September 2007

Guides, Papers, etc
www.f-secure.com:
Hacker Tools vs iPhones. Read more

www.f-secure.com:
Audio: Riem Higazi of FM4's Reality Check interviewed Mikko. Part 1.Listen

www.f-secure.com:
Audio: Riem Higazi of FM4's Reality Check interviewed Mikko. Part 2.Listen

isc.sans.org:
Grey Friday? Read more

www.avertlabs.com:
Hacking vital infrastructure. Read more

www.cisrt.org:
imageXX.zip, MSN worm variant. Read more

ddanchev.blogspot.com:
Syrian Embassy in London Serving Malware. Read more

www.darkreading.com:
Attackers Kill Anti-Fraud Site. Read more

www.darkreading.com:
Microsofties Check Out Vulnerability Auction Site at Blue Hat. Read more

www.darkreading.com:
Retail Security: No Sale. Read more

erratasec.blogspot.com:
Google Protection. Read more

www.virtualhosting.com:
WorldWideWeb WarGames: 8 Ways a Competitor Can Sabotage Your Site. Read more

www.eweek.com:
Stopping Spam: We Can Do Better. Read more

www.networkworld.com:
Fun with Microsoft’s Genuine Office Validation. Read more

taosecurity.blogspot.com:
Cyberinsurance in IT Security Management. Read more

www.microsoft-watch.com:
XP's Success Isn't Vista's Failure. Read more

www.sophos.com:
Modern web attacks. Read more

aolradio.podcast.aol.com:
Audio: Security Now 111: OpenID Precautions. Listen

www.youtube.com:
VIDEO: The Exploit Development Process. Watch

www.youtube.com:
Video: The Story of DEFCON. Watch

 

Vulnerabilities & Exploits
www.0x000000.com:
Internet Explorer File Focus Stealing. Read more

securitytracker.com:
Promise SmartStor NS4300N Lets Remote Authenticated Users Gain Administrative Access. Read more

securitytracker.com:
Sun Java System Access Manager Bugs Let Remote Users Access Applications Without Authenticating and Execute Arbitrary Code. Read more

securitytracker.com:
Apple iPhone Bugs Let Remote Users Dial Phone Numbers, Execute Arbitrary Code, and Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
Linux Kernel IA32 System Call Lets Local Users Gain Elevated Privileges. Read more

 

News
www.theregister.co.uk:
VXers exploit Burma protest to punt Trojan. Read more

www.webpronews.com:
Skype Accused Of Helping Chinese Censors. Read more

www.wired.com:
Dot-Name Becomes Cybercrime Haven. Read more

www.theregister.co.uk:
SkypeIn goes out. Read more

28 September 2007

Guides, Papers, etc
windowssecrets.com:
Stealth Windows update prevents XP repair. Read more

isc.sans.org:
Python script for packer identification. Read more

isc.sans.org:
Cyber Security Awareness Month - Daily Topics. Read more

isc.sans.org:
Apple iPhone update 1.1.1. Read more

www.cisrt.org:
image.zip, she.zip spams. Read more

www.darkreading.com:
Startup Wins License for Secure Biometrics Token. Read more

www.darkreading.com:
Cybercriminals on Your Doorstep. Read more

www.darkreading.com:
Malware Plays Defense. Read more

www.networkworld.com:
'Radical rethinking' of Internet routing under way. Read more

www.infoworld.com:
Cool tools for hacker trackers. Read more

 

Vulnerabilities & Exploits
Microsoft Security Bulletin MS07-042 - Critical
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227). Read more

securitytracker.com:
CA BrightStor Hierarchical Storage Manager Bugs Let Remote Users Inject SQL Commands or Execute Arbitrary Code. Read more

securitytracker.com:
F-Secure Anti-Virus May Fail to Scan Certain Archives in the System32 Directory. Read more

securitytracker.com:
Solaris Thread Context Race Condition Lets Local Users Deny Service. Read more

 

News
www.news.com:
Australia pushes further Web censorship. Read more

blogs.zdnet.com:
Despite AOL’s claim, AIM worm hole still wide open. Read more

www.securityfocus.com:
DHS video shows potential impact of cyberattack. Read more

www.net-security.org:
German company puts the infamous "anti-hacker" law to test. Read more

www.computerworld.com:
Phishing likely to blame for eBay members' data theft. Read more

27 September 2007

Guides, Papers, etc
blogs.securiteam.com:
These bad days of Google’s security team. Read more

www.f-secure.com:
The Trojan Money Spinner. Read more

isc.sans.org:
SDLC and Change Management. Read more

www.avertlabs.com:
W32/Fujacks author faces prison: Justice served or a slap on the wrist? Read more

www.computerworld.com:
Microsoft's stealth updates stymie XP repairs. Read more

www.theregister.co.uk:
If users are a security threat, how do you manage them? Read more

www.eweek.com:
How Many Monocultures Make Up a Polyculture? Read more

taosecurity.blogspot.com:
DHS Debacle. Read more

ha.ckers.org:
De-anonymizing Tor and Detecting Proxies. Read more

www.computerworld.com:
Top 10 Firefox extensions to avoid. Read more

www.informationweek.com:
Interview With A Convicted Hacker: Robert Moore Tells How He Broke Into Routers And Stole VoIP Services. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Cisco 7600 May Let Remote Users Bypass ACLs Using Loopback Addresses. Read more

securitytracker.com:
Cisco Catalyst 6500 May Let Remote Users Bypass ACLs Using Loopback Addresses. Read more

securitytracker.com:
Solaris Human Interface Device Driver Bug Lets Local Users Deny Service. Read more

securitytracker.com:
IBM Rational ClearQuest Unspecified Bug Lets Users Corrupt Data. Read more

securitytracker.com:
Linux Kernel ALSA Driver snd_mem_proc_read() Function Discloses Kernel Memory to Local Users. Read more

securitytracker.com:
Barracuda Spam Firewall Input Validation Hole in 'Monitor Web Syslog' Page Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
NetSupport Manager Client Lets Remote Users Execute Commands. Read more

securitytracker.com:
Webmin URL Parameter Validation Flaw Lets Remote Users Execute Arbitrary Commands. Read more

 

News
www.regdeveloper.co.uk:
Sun patches Java patching. Read more

www.vnunet.com:
Cyber-criminals turn to smaller botnets. Read more

www.dailytech.com:
Unisys Blamed for China-Connected Homeland Security Hacks. Read more

www.washingtonpost.com:
Cyber-Attacks by Al Qaeda Feared. Read more

blogs.abcnews.com:
From China, With Love: Cyberwar the Next Big Threat to the U.S.? Read more

mathaba.net:
Video shows hackers shutting down U.S. electric grid. Read more

www.theregister.co.uk:
Jailed worm author offered job by victim. Read more

www.computerworld.com:
New tools from HD Moore help hack into iPhone. Read more

www.computerworld.com:
Questions remain about eBay members' info theft. Read more

26 September 2007

Guides, Papers, etc
isc.sans.org:
XSS Incident Handling. Read more

isc.sans.org:
Firefox as the weapon of choice? Read more

www.cisrt.org:
MSN Worm Variant, IRCBot.afm. Read more

blog.spywareguide.com:
Security Monitor Spam Continues. Read more

erratasec.blogspot.com:
iPhone Shellcode by Metasploit. Read more

ddanchev.blogspot.com:
China's Cyber Espionage Ambitions. Read more

ddanchev.blogspot.com:
Localizing Open Source Malware. Read more

www.darkreading.com:
Canadian Government Sheds Light On TJX Breach. Read more

www.darkreading.com:
VeriSign Flexes DNS Security Muscle. Read more

www.darkreading.com:
Virtual Civil Disobedience. Read more

www.technewsworld.com:
FireEye CEO Ashar Aziz: Battling the Zombie Hordes. Read more

conference.hackinthebox.org:
Slipping Past the Firewall. DNS Rebinding with Pure Java Applets. Read more

 

Vulnerabilities & Exploits
www.liquidmatrix.org:
Ask Toolbar ActiveX Control Buffer Overflow. Read more

blog.trendmicro.com:
Two Updates + Two Unpatched Vulnerabilities, Read more

www.liquidmatrix.org:
OpenOffice Bug Hits Multiple Operating Systems. Read more

 

News
www.securityfocus.com:
DHS, Unisys scrutinized after data breach. Read more

www.securityfocus.com:
Jailed virus author gets prison, job offers. Read more

www.theregister.co.uk:
New cracks in Google mail. Read more

community.zdnet.co.uk:
Kaspersky to concentrate on whitelisting. Read more

management.silicon.com:
Trojan targets companies' top brass. Read more

www.techworld.com:
AIM worm attack feared. Read more

www.websense.com:
Syrian Embassy Of London Compromised. Read more

www.computerworld.com:
'Fraudster' posts confidential eBay member info on forum. Read more

news.zdnet.co.uk:
VeriSign: DoS attack could shut down internet. Read more

www.techworld.com:
Java security gets the Microsoft treatment. Read more

www.theregister.co.uk:
Symantec accidentally warns of intent meltdown. Read more

www.baltimoresun.com:
NSA to defend against hackers. Read more

25 September 2007

Guides, Papers, etc
www.iss.net:
Cyber Attacks On The Rise: IBM 2007 Midyear Report. Read more

ddanchev.blogspot.com:
The Dark Web and Cyber Jihad. Read more

www.f-secure.com:
Cards, Cards, Cards, Baked Beans, Cards, Cards...Read more

isc.sans.org:
Web Application Security Followup: Password Strength. Read more

isc.sans.org:
Financial Website Security. Read more

www.avertlabs.com:
$109.30 in 2 minutes … IRS refunds attack. Read more

www.cisrt.org:
Card.zip, Banload.drs began spreading. Read more

www.schneier.com:
Idiotic Cryptography Reporting. Read more

blogs.authentium.com:
Virus Bulletin 2007. Read more

www.computerdefense.org:
Educational Hacking? Read more

sunbeltblog.blogspot.com:
Formula One gaffe reveals Ferrari and McLaren secrets. Read more

blogs.technet.com:
Antivirus software -- who needs it? Read more

www.eweek.com:
The Cutting, Biting Edge of Security News. Read more

www.eweek.com:
TJX's Settlement: Marketing Chutzpah at Its Best. Read more

www.eweek.com:
What Was Behind the TJX Settlement? Read more

www.2-viruses.com:
Who attacked New Zealand\'s government? Read more

 

Vulnerabilities & Exploits
blog.trendmicro.com:
POC Exploit Yahoo!s. Read more

 

News
www.theregister.co.uk:
China jails four over Panda worm. Read mor

www.securityfocus.com:
TJX agrees to class-action settlement. Read more

www.theregister.co.uk:
VMware updates take aim at bug swarm. Read more

www.darkreading.com:
German Researchers to Test New Anti-Hacker Law. Read more

www.washingtonpost.com:
Contractor Blamed in DHS Data Breaches. Read more

www.technewsworld.com:
EU to Review Google-DoubleClick Merger as Microsoft Meddles. Read more

www.technewsworld.com:
Big Brother Eyes VoIP? The Proof Is in the Pudding. Read more

www.computerweekly.com:
Spam on the rise again. Read more

24 September 2007

Guides, Papers, etc
www.guardian.co.uk:
Does antivirus have a future? Read more

isc.sans.org:
Anonymous domainnames. Read more

isc.sans.org:
virtualization and security. Read more

computerworld.co.nz:
Experts cast doubts on Chinese hacking scare. Read more

blogs.technet.com:
Autorun: good for you? Read more

taosecurity.blogspot.com:
Review of Snort IDS and IPS Toolkit and One Prereview. Read more

www.computerworld.com:
Symantec issues bogus warning of full-scale Internet meltdown. Read more

www.infoworld.com:
Beware the browser within. Read more

anti-virus-rants.blogspot.com:
look who's talking about whitelists now. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
ImageMagick Off-by-one and Integer Overflows Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
CA ARCserve Bugs Let Remote Users Execute Arbitrary Code, Bypass Authentication, and Deny Service. Read more

securitytracker.com:
Microsoft Internet Security and Acceleration Server SOCKS4 Proxy Discloses IP Address Information to Remote Users. Read more

ha.ckers.org:
TJMaxx XSS Vulnerability. Read more

 

News
www.kansascity.com:
U.S. seeks to counter terrorists’ use of the Internet. Read more

news.zdnet.co.uk:
China says it's a hacking victim, not villain. Read more

www.computeractive.co.uk:
Microsoft 'error' shuts out .Mac. Read more

22 September 2007

Guides, Papers, etc
www.securityfocus.com:
IBM: Flaws underscore virtualization risks. Read more

www.washingtonpost.com:
Hackers control PCs while users unaware. Read more

blogs.zdnet.com:
Microsoft hacker summit tackles security veil of virtualization. Read more

blogs.iss.net:
Virtualization and Security. Read more

blogs.technet.com:
Storm Drain. Read more

www.eweek.com:
Going Undercover in the Slimy World of Phishing. Read more

www.darkreading.com:
Researcher Raises Alarm Over PDFs. Read more

www.darkreading.com:
Running the IR Gauntlet. Read more

www.darkreading.com:
TD Ameritrade Gambles & Loses. Read more

www.sans.edu:
Dispelling Common Bluetooth Misconceptions. Read more

www.cisrt.org:
Three Variants of MSN Worm. Read more

www.avertlabs.com:
Live from VB2007 - part 2. Read more

ddanchev.blogspot.com:
The Truth Serum - Have a Drink! Read more

www.technewsworld.com:
Has the E-Card Scam Storm Blown Over? Read more

taosecurity.blogspot.com:
Pescatore: Savant, Idiot Savant, or Idiot? Read more

aolradio.podcast.aol.com:
Security Now 110: Listener Feedback 24. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
IBM Tivoli Storage Manager Bugs Let Remote Users Execute Arbitrary Code and Access Client Data. Read more

securitytracker.com:
KDE Autologin Authentication Bug May Let Remote Users Login Without a Password. Read more

 

Tools:
www.computerworld.com:
New Firefox 3.0 alpha blocks malware, secures plug-in updates. Read more

 

News
www.theregister.co.uk:
Malware spectre haunts Adobe Reader. Read more

www.theregister.co.uk:
Sysadmin admits planting 'logic bomb' in drug firm database. Read more

www.theregister.co.uk:
ABN Amro customer deets tip up on BearShare. Read more

www.hollywoodreporter.com:
Major Euro raid targets pirate 'release groups'. Read more

techdirt.com:
Australian Web Censorship Continues Down The Slippery Slope. Read more

www.dailytech.com:
War: Hackers Strike Hard Against RIAA Ally. Read more

21 September 2007

Guides, Papers, etc
www.computerworld.com.sg:
VMware bugs highlight virtualization security risks. Read more

www.matousec.com:
Windows Personal Firewall Analysis. Read more

www.theregister.co.uk:
Google malware watchdogs bite mom-and-pop shops. Read more

isc.sans.org:
Spammers feeling lucky with Google. Read more

isc.sans.org:
Pen Testing - Dangerous side effects? Read more

isc.sans.org:
Alleged Acrobat Vulnerability. Read more

www.cisrt.org:
IMG-XXXX.zip, IRCBot.ahm spreading. Read more

blog.spywareguide.com:
JT.Moonwalk Dances Onto An MSN Client Near You. Read more

ddanchev.blogspot.com:
DIY Phishing Kit Goes 2.0. Read more

security4all.blogspot.com:
How good can AV scanners detect old viruses? Read more

www.darkreading.com:
5 Signs That You're Under a Targeted Attack. Read more

www.darkreading.com:
Cyber Law Cuts Two Ways. Read more

www.securityfocus.com:
Hacking group alleges attack via PDF. Read more

www.computerworld.com:
Could U.S. be at risk for cyberwarfare? Read more

www.cpni.gov.uk:
Commercially Available Penetration Testing. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Yahoo Messenger GetFile() Method Lets Remote Users Download Arbitrary Files to the Target User's System. Read more

securitytracker.com:
Adobe Reader Unspecified Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Panda Antivirus Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Bugzilla WebService Lets Remote Users Create Accounts. Read more

securitytracker.com:
VMware Lets Local Users Gain Privileges or Cause Denial of Service Conditions on the Host System. Read more

securitytracker.com:
VMware DHCP Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
jetAudio ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mercury Mail Transport System Buffer Overflow in SEARCH Command Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.techworld.com:
PDF added to list of invisible attacks. Read more

www.vnunet.com:
Mozilla takes second shot at Firefox flaw. Read more

www.vnunet.com:
Americans give up sex for the internet. Read more

20 September 2007

blogs.securiteam.com:
Worm city: security is in the eye of the beholder. Read more

www.smh.com.au:
Digital peeping Toms. Read more

blogs.securiteam.com:
Flayer is Google’s step to Web application security testing. Read more

www.symantec.com:
Botnets: not just for spamming anymore. Read more

www.cisrt.org:
IMG-XXXX.zip, IRCBot.ahm spreading. Read more

ddanchev.blogspot.com:
Custom DDoS Capabilities Within a Malware. Read more

ddanchev.blogspot.com:
Two Cyber Jihadist Blogs Now Offline. Read more

www.gnucitizen.org:
Backdooring Windows Media Files. Read more

ha.ckers.org:
Another Fun SEO Blackhat Spam Tactic. Read more

www.nevadaappeal.com:
From Nigeria to Carson: The anatomy of an Internet scam. Read more

www.computerweekly.com:
Secure software may take 50 years, says Rutkowska. Read more

www.zdnet.com.au:
Admins stuck between a hack and a zero-day. Read more

www.computerworld.com.sg:
Security gurus look for better ways to classify malware. Read more

www.darkreading.com:
Reports: Threats More Sophisticated, More Costly Than Ever. Read more

blogs.zdnet.com:
Cyber crime is *not* bigger than illegal drug trade. Read more

www.technewsworld.com:
Security in Virtual Worlds: Blurring the Borders. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
libvorbis Bugs Let Remote Users Deny Service or Execute Arbitrary Code. Read more

securitytracker.com:
HP-UX Incorrect Password Status Bug in logins Command Lets Remote User Gain Access. Read more

securitytracker.com:
Modbus 'MiniHMI.exe' ActiveX Control Heap Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Avahi Can Be Crashed By Local Users Sending Empty TXT Data. Read more

 

Tools:
community.corest.com:
WifiZoo - a Passive WiFi Information Gather. Read more

 

News
www.computerworld.com.au:
Yahoo Messenger hit with ninth zero-day exploit. Read more

www.theregister.co.uk:
Web host breach may have exposed passwords for 6,000 clients. Read more

www.australianit.news.com.au:
Coonan seeks to censor the Web. Read more

www.computerworld.com:
Would-be hacker vandalizes Vietnam Memorial site. Read more

www.theregister.co.uk:
Kaspersky: Maxtor markets password-pilfering Dutch disk drives. Read more

www.washingtonpost.com:
Hacker Decries U.S., Israel On Vietnam Memorial Site. Read more

news.zdnet.co.uk:
China leads Asia in malicious online activity. Read more

19 September 2007

Guides, Papers, etc
blog.washingtonpost.com:
The Threat of Reputation-Based Attacks. Read more

www.sciam.com:
China's Cyber Attacks Signal New Battlefield Online. Read more

www.sophos.com:
Firefox/QuickTime security hole? Patch and implement NAC advises Sophos. Read more

isc.sans.org:
JavaScript/HTML droppers as a targeted attack vector. Read more

isc.sans.org:
MOICE - Microsoft Office Isolated Conversion Environment. Read more

isc.sans.org:
Flaw in MFC42 and MFC71 findfile() function. Read more

www.avertlabs.com/:
Web Page Code Injection via ARP Spoofing. Read more

blogs.ittoolbox.com:
Ad vendor serving exploits thru Facebook. Read more

www.darkreading.com:
New Attacks Target Top Executives. Read more

www.darkreading.com:
Maynor Releases Apple Wireless Bug Code. Read more

www.cbc.ca:
Internet security moving toward "white list". Read more

www.itnews.com.au:
Cybercriminals lurk in dark corners of trusted Web sites. Read more

www.itnews.com.au:
Cyber-threats outpace security measures, says McAfee CEO. Read more

www.infoworld.com:
E-card industry gets the message from fraudsters. Read more

www.govexec.com:
Attack of the Chinese Zombies. Read more

www.vitalsecurity.org:
"Anything at all can happen to my XP and I DON'T CARE". Read more

technology.timesonline.co.uk:
Will computers reach top speed by 2020? Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Coppermine Photo Gallery Input Validation Holes in 'viewlog.php' and 'mode.php' Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
R-Viewer Lets Remote Users Execute Arbitrary Code and Local Users View Potentially Sensitive File Contents. Read more

securitytracker.com:
OpenOffice Buffer Overflow in Processing TIFF Images Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.securityfocus.com:
Customers: TD Ameritrade failed to warn of breach. Read more

18 September 2007

Guides, Papers, etc
www.theregister.co.uk:
Build malware protection into operating systems. Read more

isc.sans.org:
Is Pump-and-Dump more lucrative than Identity Theft? Read more

www.avertlabs.com:
China strikes back. Read more

www.sophos.com:
Torrent of spam likely to hit 6.3 million TD Ameritrade hack victims. Read more

www.symantec.com:
Enduring attack trends : ISTR XII. Read more

ddanchev.blogspot.com:
A Chinese Malware Downloader in the Wild. Read more

www.darkreading.com:
Report: Attacks on ISP Nets Intensifying. Read more

www.darkreading.com:
Lawsuit Raises Questions on TD Ameritrade Breach. Read more

ha.ckers.org:
ThreatSTOP Anti-Botnet DNS. Read more

blogs.securiteam.com:
JFFS2 ACL security issue in OLPC project - the first one? Read more

blogs.securiteam.com:
Apology from Ameritrade. Read more

www.theregister.co.uk:
Uber-hacker Max Vision misses the killswitch. Read more

www.technewsworld.com:
Why Application Security Is Often Overlooked. Read more

www.irmplc.com:
Biologger - A Biometric Keylogger. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
PhotoChannel Networks Buffer Overflow in Photo Upload Plugin ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Eggdrop Stack Overflow in 'servrmsg.c' Lets Remote Servers Execute Arbitrary Code. Read more

securitytracker.com:
Axis Network Camera Bugs Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks. Read more

securitytracker.com:
HP Photo & Imaging Buffer Overflow in 'hpqutil.dll' ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
WinSCP URL Protocol Handlers Let Remote Users Upload/Download Arbitrary Files. Read more

 

News
www.securityfocus.com:
German authorities nab Trojan gang. Read more

www.technewsworld.com:
Repercussions of Ohio Data Theft Felt in Conn. Read more

blog.wired.com:
Caught Snooping, Husband Sues Spy Software Vendor - UPDATED. Read more

www.wired.com:
Hackers Smack Anti-Piracy Firm Again and Again. Read more

www.computerworld.com:
Hackers milk massive increase in browser plug-in bugs. Read more

www.technewsworld.com:
Cyber-Crooks Ape Business Best Practices. Read more

www.computerworld.com:
Chinese student sues Microsoft over WGA. Read more

www.computerworld.com:
Analysis: EC wins antitrust battle, but did Microsoft win the war? Read more

www.dailytech.com:
Symantec: Hacking for Fun and Profit. Read more

www.computeractive.co.uk:
Police bust online Viagra gang. Read more

17 September 2007

Guides, Papers, etc
www.securityfocus.com:
Much ado about Windows Update. Read more

blogs.securiteam.com:
13-year old MBR virus - and shipped with Medion laptops. Read more

blogs.securiteam.com:
Tor - a onion which discloses your military and embassy secrets. Read more

sunbeltblog.blogspot.com:
Update on Stoned virus infection of German notebooks. Read more

www.cisrt.org:
Arcade World 1000+ Free Games, Zhelatin.jq. Read more

www.f-secure.com:
How to Find Phishing Sites. Read more

www.f-secure.com:
Storm Games. Read more

isc.sans.org:
Cyber Security Awareness Month - We Need Your Ideas. Read more

isc.sans.org:
Learning about Bots. Read more

isc.sans.org:
Malicious File names of the day. Read more

www.avertlabs.com:
Unsafe Advertisments? Watchout for the fake yellows!!! Read more

ddanchev.blogspot.com:
PayPal and Ebay Phishing Domains. Read more

ddanchev.blogspot.com:
Storm Worm's DDoS Attitude - Part Two. Read more

ddanchev.blogspot.com:
U.S Consulate St. Petersburg Serving Malware. Read more

ddanchev.blogspot.com:
209 Host Locked. Read more

www.darkreading.com:
How to Bypass the IDS/IPS. Read more

www.darkreading.com:
Quantum Research Could Threaten Encryption Schemes. Read more

www.darkreading.com:
Email Encryption Gets Easier. Read more

www.darkreading.com:
Mobile Insecurity. Read more

www.darkreading.com:
Security Spending: In the Red? Read more

blogs.technet.com:
How Windows Update Keeps Itself Up-to-Date. Read more

www.linux.com:
The dangers of automatic updates. Read more

www.theregister.co.uk:
Attacking multicore CPUs. Read more

www.theregister.co.uk:
The importance of 'whole journey' email encryption. Read more

www.philly.com:
Report: Hackers Make Contracts for Spam. Read more

www.theregister.co.uk:
Unsung software developers behind rise in online fraud. Read more

news.xinhuanet.com:
Criminal hackers sell, service malicious software. Read more

www.cbsnews.com:
Hackers Getting More Professional. Read more

news.softpedia.com:
How Hackers Are Born. Read more

aolradio.podcast.aol.com:
Audio: Security Now 109: Steve’s E-Commerce System. Listen

twit.cachefly.net:
Audio: Windows Weekly 35: Secret Update. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
HP System Management Homepage May Not Properly Complete Security Updates. Read more

securitytracker.com:
NetBSD Display Driver Bug Lets Local Users Deny Service. Read more

securitytracker.com:
Qt Buffer Overflow in QUtf8Decoder May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
QuickTime 'qtnext' Parameter Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Autodesk Backburner cmdjob Utility Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Cisco IOS Stack Overflow in Processing IP BGP Regex Commands Lets Remote Authenticated Users Deny Service. Read more

securitytracker.com:
Ekiga SIPURL::GetHostAddress() Memory Corruption Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
Adobe Connect Enterprise Server Discloses Administrative Pages to Remote Users. Read more

securitytracker.com:
Samba Winbind SFU/RFC2307 GID Error Lets Local Users Gain Elevated Privileges. Read more

 

News
news.bbc.co.uk:
Microsoft loses anti-trust appeal. Read more

www.theregister.co.uk:
Hackers infiltrate TD Ameritrade client database. Read more

www.informationweek.com:
Microsoft Updates Windows Without User Permission, Apologizes. Read more www.news.com.au:
Iran blocks and then unblocks Google. Read more

www.theregister.co.uk:
German police raid home of man who operated Tor server. Read more

www.washingtonpost.com:
Google calls for global online privacy standard. Read more

www.pcadvisor.co.uk:
Microsoft forces MSN Messenger upgrade for 'security' reasons. Read more

www.itnews.com.au:
Obfuscated malware tops list in August. Read more

www.theregister.co.uk:
Vista attacked by 13-year-old virus. Read more

www.smh.com.au:
The Iceman stealeth. Read more

www.pcpro.co.uk:
Dell adds hardware encryption to Latitude laptops. Read more

news.softpedia.com:
One of the Greatest Hackers in the World - Sentenced. Read more

12 September 2007

Next update on Monday 17 September.

Guides, Papers, etc
heartbeat.skype.com:
On the worm that affects Skype for Windows users. Read more

www.f-secure.com:
Patch Tuesday, September Edition. Read more

isc.sans.org:
XSIO: Cross Site Image Overlaying. Read more

isc.sans.org:
September microsoft patch overview. Read more

www.cisrt.org:
New MSN virus: IMG-0012.zip. Read more

www.vitalsecurity.org:
Look what I just got in the mail. Read more

ddanchev.blogspot.com:
Storm Worm's DDoS Attitude. Read more

www.darkreading.com:
Annual CSI Study: Cost of Cybercrime Is Skyrocketing. Read more

www.darkreading.com:
'Virtual' Vulnerabilities About to Become Reality. Read more

www.darkreading.com:
Tor's Privacy Problems. Read more

ha.ckers.org:
Why I Never Posted RSPolicy. Read more

www.cnet.com:
Who blocks the (ad) blockers? Read more

www.scienceblog.com:
China's 'Eye on the Internet' a Fraud. Read more

www.nytimes.com:
Who Needs Hackers? Read more

www.computerworld.com:
Ready to blow the whistle on a cybercrime? Who ya gonna call? Read more

blogs.securiteam.com:
Things to do on the Jewish new year. Read more

mashable.com:
40+ Ways To Access Your Computer Remotely. Read more

www.freeiphoneunlock.com:
Iphone Software Unlock Guide! Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Windows Services for UNIX Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Microsoft Agent ActiveX Control Memory Corruption Error Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Visual Basic VBP File Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Ultra Crypto Component ActiveX Control Lets Remote Users Write to Arbitrary Files. Read more

securitytracker.com:
Ultra Crypto Component Buffer Overflow in ActiveX Control AcquireContext() Function Lets Remote Users Execute Arbitrary Code. Read more

 

Tools:
www.smoothwall.org:
Express 3.0 is the latest version of SmoothWall's Free, open source, GPL network firewall. Read more

 

News
www.zdnet.com.au:
Chinese government accused of hacking again. Read more

www.australianit.news.com.au:
China's cyber raid on agencies. Read more

au.news.yahoo.com:
NZ's Clark won't identify hackers. Read more

www.govtech.com:
University Researchers Analyze China's Internet Censorship System. Read more

www.forbes.com:
Cyberspies Target Silent Victims. Read more

www.computerworld.com:
Black screen of darkness to haunt Vista pirates. Read more

www.pcworld.com:
Online Thugs Assault Sites That Specialize in Security Help. Read more

www.securityfocus.com:
Windows worm targets Skype users. Read more

www.theregister.co.uk:
Trojans besiege online gamers. Read more

www.theregister.co.uk:
Microsoft serves light fare on Patch Tuesday. Read more

www.esecurityplanet.com:
Microsoft Agent: A Patch Tuesday Unto Itself. Read more

www.computeractive.co.uk:
Men more likely to be cyber-stalking victims. Read more

11 September 2007

Guides, Papers, etc
www.f-secure.com:
Seeing bubbles? Might be the Skype worm...Read more

isc.sans.org:
Skype worm. Read more

www.vitalsecurity.org:
New Skype Worm hits - want to see it in action? Read more

www.vitalsecurity.org:
More on the Peer To Peer Theft Case. Read more

ddanchev.blogspot.com:
Google Hacking for MPacks, Zunkers and WebAttackers. Read more

ddanchev.blogspot.com:
Popular Web Malware Exploitation Techniques. Read more

blogs.authentium.com:
ISP’s turn a blind eye to malware. Read more

sunbeltblog.blogspot.com:
Sunbelt Weekly TechTips #61. Read more

sunbeltblog.blogspot.com:
When Lowering Your Price Makes Customers Mad. Read more

sunbeltblog.blogspot.com:
Podcast with SC Mag on Bank of India. Read more

blog.trendmicro.com:
Storming for a touchdown! Read more

www.darkreading.com:
Hacking the White House. Read more

www.darkreading.com:
Startup Led by Ex-DHS Cyberchief Rolls Out Forensics Tool. Read more

www.darkreading.com:
PatchLink Retrenches for IPO With New Name, Products. Read more

www.eweek.com:
Why We Haven't Stopped Spam. Read more

www.eweek.com:
Malware Mashup is Monstrous. Read more

www.codinghorror.com:
Rainbow Hash Cracking. Read more

 

Vulnerabilities & Exploits
www.securiteam.com:
Sophos Anti-Virus XSS Vulnerability. Read more

www.securiteam.com:
id3lib Symlink Bug May Let Local Users Gain Elevated Privileges. Read more

www.securiteam.com:
IBM WebSphere Unspecified Flaw in Edge Component Has Unspecified Impact. Read more

www.securiteam.com:
X Server Bug in compNewPixmap() Lets Local Users Gain Elevated Privileges. Read more

 

News
www.securityfocus.com:
Embassy leaks highlight pitfalls of Tor. Read more

www.techcentral.ie:
Chinese hacking row escalates. Read more

www.theregister.co.uk:
Yahoo feeds Trojan-laced ads to MySpace and PhotoBucket users. Read more

www.theregister.co.uk:
Trojan-fuelled botnet menaces UK eBay users. Read more

www.theregister.co.uk:
Man charged over P2P ID theft scam. Read more

news.softpedia.com:
Skype Can Cause Virus Infections! Read more

www.vnunet.com:
Mumbai cyber-cafés told to use key-loggers. Read more

10 September 2007

Guides, Papers, etc
www.secniche.org:
Black Vectors of Web Exploitation. Read more

www.f-secure.com:
Storm and NFL. Read more

www.hermetix.org:
Storm Worm: New wave uses Tor network. Read more

blogs.law.harvard.edu:
A Response from Tor authors to the blogstorm about tor potential attacks. Read more

www.lightbluetouchpaper.org:
Analysis of the Storm Javascript exploits. Read more

sunbeltblog.blogspot.com:
Searching for evil: Recommended video. Read more

msmvps.com:
Today's spam slam. Read more

anti-virus-rants.blogspot.com:
spyware terminator forum compromised. Read more

blogs.technet.com:
Is this the Cyberwar? Read more

blogs.securiteam.com:
Vulnerable test application: Simple Web Server (SWS). Read more

blogs.securiteam.com:
IMF going to be boring this year. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
MySQL Table View Access Bug Lets Remote Authenticated Users Gain Elevated Privileges. Read more

securitytracker.com:
Total Commander Directory Traversal Bug in FTP Filenames Lets Remote Users Write Files to Arbitrary Locations. Read more

securitytracker.com:
Enriva Magellan Explorer Directory Traversal Bug in FTP Filenames Lets Remote Users Write Files to Arbitrary Locations. Read more

 

News
www.wired.com:
Rogue Nodes Turn Tor Anonymizer Into Eavesdropper's Paradise. Read more

www.theregister.co.uk:
Tor at heart of embassy passwords leak. Read more

www.australianit.news.com.au:
French reveal China hacks. Read more

www.seriousblogging.com:
Targeted attacks in France; and a Winword exploit September 8, 2007. Read more

www.theregister.co.uk:
ISPs turn blind eye to million-machine malware monster. Read more

arstechnica.com:
Germany, UK also investigating government PC espionage by China. Read more

www.informationweek.com:
Microsoft's Virtualization Software Release Will 'Migrate' VMware. Read more

08 September 2007

Guides, Papers, etc
www.boingboing.net:
Economics of Malware. Read more

www.eweek.com:
Easy 2-Factor Authentication You Can Afford. Read more

isc.sans.org:
AOL changes the free anti-virus they distribute. Read more

www.avertlabs.com:
The corridors of the Rugby World Cup. Read more

www.symantec.com:
Windows Update used to distribute fixed ATI driver – but it's optional! Read more

sunbeltblog.blogspot.com:
The Suntasia Debacle Revisited. Read more

sunbeltblog.blogspot.com:
Vaporware Trojan: As an additional note. Read more

sunbeltblog.blogspot.com:
OT: It's kind of like F*cked company, only gentler. Read more

blog.spywareguide.com:
New MSN Virus In The Wild. Read more

blog.spywareguide.com:
Weirdness on Myspace - Watch Out For System Doctor Adverts. Read more

www.lightbluetouchpaper.org:
Analysis of the Storm Javascript exploits. Read more

www.vitalsecurity.org:
Beware TanyaBabe! Read more

blogs.ittoolbox.com:
Hacked .gov websites. Read more

www.eweek.com:
Know Your Enemy. Read more

securitywatch.eweek.com:
More .Gov Sites Boobytrapped. Read more

blogs.technet.com:
September 2007 Bulletin Release Advance Notification. Read more

www.theregister.com:
A US CERT reminder: The net is an insecure place. Read more

www.technewsworld.com:
E-mail Attachments: Losing Luster Among Black Hats? Read more

www.darkreading.com:
ID Theft Research Group to Come Out of the Shadows. Read more

www.darkreading.com:
Group Sues White House to Restore Missing Emails. Read more

www.smh.com.au:
Cyber crime will spread: study. Read more

www.youtube.com:
Video: government hacks. Watch

www.podtrac.com:
Audio: Security Now 108: Listener Feedback #23. Listen

podcasts.mcafee.com:
Audio: AudioParasitics Episode 11 (Part 1 of 2). We are joined by Ahmed Sallam, the driving force behind McAfee's new Rootkit Detective tool. Listen

podcasts.mcafee.com:
Audio: AudioParasitics Episode 12 (Part 2 of 2). We are joined by Ahmed Sallam, the driving force behind McAfee's new Rootkit Detective tool. Listen

podcasts.mcafee.com:
Audio: AudioParasitics Episode 13. Dave and Jim discuss the ins and outs of the Immunity Debugger. Listen

podcasts.mcafee.com:
Audio: AudioParasitics Episode 14. Hide me Sony one more time! Listen

 

News
www.securityfocus.com:
Judge overturns portion of PATRIOT Act. Read more

www.theregister.co.uk:
Coming Tuesday: 5 Microsoft patches. Read more

www.adn.com/:
China not investigating cyber attacks. Read more

www.theaustralian.news.com.au:
China readies for cyber assault on US. Read more

tech.monstersandcritics.com:
Toolkits blamed for the rise of “Script Kiddies”. Read more

wbztv.com:
Former student charged with hacking into Texas A&M computer system. Read more

www.wlns.com:
Online Football Ticket Scam Warning. Read more

news.softpedia.com:
Hacker Busted Because He Was Driving in a Stolen Vehicle. Read more

www.wtopnews.com:
Accusation of ID Theft by File-Sharing. Read more

seattlepi.nwsource.com:
ID theft updated for the 21st century. Read more

07 September 2007

Guides, Papers, etc
www.mcafee.com:
Mobile Malware: Threats and Prevention. Read more

www.symantec.com:
The State of Spam. A Monthly Report – September 2007. Read more

www.f-secure.com:
sTORm worm. Read more

blog.spywareguide.com:
Weirdness on Myspace - Watch Out For System Doctor Adverts. Read more

www.vitalsecurity.org:
Don't Skin The Messenger! Read more

blog.spywareguide.com:
The Twisting Tale of Messenger Skinner. Read more

www.cisrt.org:
Another 2 MSN virus. Read more

www.microsoft.com/:
Microsoft Security Bulletin Advance Notification for September 2007. Read more

blogs.ittoolbox.com:
Bank of India hack update. Read more

news.zdnet.co.uk:
Researchers: Cyberattacks outstripping defences. Read more

ddanchev.blogspot.com:
Infecting Terrorist Suspects with Malware. Read more

blog.trendmicro.com:
Trojan Gains Access Through MS Access. Read more

www.latimes.com:
China seen as honing cyber-attack skills. Read more

www.securityfocus.com:
Apple patches critical iTunes bug. Read more

www.mobile-tech-today.com:
Wi-Fi Hotspots Continue To Pose E-Mail Security Risk. Read more

www.informationweek.com:
Finally, A Way To Measure Real Security On A Virtual Machine. Read more

www.darkreading.com:
Bloggers Held Under New Thailand Computer Crime Law. Read more

www.darkreading.com:
Security Researcher Ptacek: Thriving on Controversy. Read more

blogs.usatoday.com:
Computer 'bots' now aimed at corporate PCs. Read more

www.infoworld.com:,br> Continuing the Web Server Security Wars: Is IIS or Apache More Secure? Read more

www.avertlabs.com:
The closure of Soft Ice! Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Cisco ASA Test Function Discloses AAA Passwords. Read more

securitytracker.com:
Novell iChain HTTP Content Scanning Can Be Bypassed Using Full-Width Unicode Content. Read more

securitytracker.com:
iTunes Buffer Overflow in Processing Album Cover Artwork Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Symantec Anti Virus SYMTDI.SYS IOCTL Validation Flaw Lets Local Users Deny Service. Read more

securitytracker.com:
Cisco Video Surveillance IP Gateway Authentication Flaws Let Remote Users Gain Administrative Access. Read more

securitytracker.com:
Cisco Content Switching Module TCP Packet and Service Termination Bugs Let Remote Users Deny Service. Read more

 

News
www.terra.net.lb:
Chinese hackers cyber-attacking British government networks. Read more

www.securityfocus.com:
U.S. may press China on hacking claims. Read more

www.csmonitor.com:
Alleged Chinese hacker attack stirs fears of digital cold war. Read more

www.iht.com:
Hacking reports raise concerns about cyberthreat from China. Read more

www.computerworld.com/:
Bush doesn't confront China over alleged Pentagon hack. Read more

www.theregister.co.uk:
Microsoft readies Virtual Machine Manager 2007. Read more

blog.wired.com:
DHS Data Mining System Shut Down After Privacy Slip Ups. Read more

www.technewsworld.com:
Judge Rules Feds Cannot Silence ISPs With Patriot Act. Read more

www.out-law.com:
A crime is committed online every 10 seconds in UK, say criminologists. Read more

www.infoworld.com:
Update: Seattle man arrested for p-to-p ID theft. Read more

06 September 2007

Guides, Papers, etc
theinvisiblethings.blogspot.com:
Tricky Tricks. Read more

www.eweek.com:
Whitelisting and Elegance. Read more

taosecurity.blogspot.com:
Hardware-Assisted Virtual Machine Rootkits. Read more

isc.sans.org:
Dealing with application in-security. Read more

www.cisrt.org:
Another 2 MSN virus. Read more

ddanchev.blogspot.com:
Examples of Search Engine Spam. Read more

ddanchev.blogspot.com:
Storm Worm's Fast Flux Networks. Read more

blogs.securiteam.com:
Fake blogs and search engines. Read more

blogs.securiteam.com:
Sony about rootkits: Not many USM-F sticks were sold. Read more

blogs.securiteam.com:
Bank of India: We’re back - with pop-ups. Read more

www.vitalsecurity.org:
Ooh, controversial. Read more

www.smh.com.au:
Cyber crime will spread: study. Read more

sunbeltblog.blogspot.com:
We're confused about Trusted Download. Read more

sunbeltblog.blogspot.com:
Bizarre Vaporware Trojan. Read more

blogsecurity.net:
Social networking privacy issues - signing up. Read more

www.darkreading.com:
Bugs Without Borders. Read more

www.darkreading.com:
Microsoft Security Researcher Launches 'Insider' Blog. Read more

www.darkreading.com:
Telemarketers Nailed for Fraud. Read more

ha.ckers.org:
Appsec Conference Coming Up On Nov 12-15. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Red Hat Aide Checksum Database Error May Let Local Users Bypass Detection When Modifying Files. Read more

securitytracker.com:
Kerberos kadmind Stack Overflow and Uninitialized Pointer Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Star '//' Pathname Validation Flaw Lets Remote Users Create/Ovewrite Files. Read more

securitytracker.com:
MailMarshal Tar File Directory Traversal Bug Lets Remote Users Modify Arbitrary Files. Read more

 

News
www.informationweek.com:
Chinese Cyberattacks Cause Damage, Embarrassment. Read more

www.guardian.co.uk:
Titan Rain - how Chinese hackers targeted Whitehall. Read more

blogs.zdnet.com:
Are Chinese attacks blunders? Read more

www.computerworld.com:
Wikipedia blocked in China yet again. Read more

www.dailytech.com:
German Policeware Plan Causes Outrage. Read more

www.sda-asia.com:
New Tool Kits Designed to Train Unskilled Hackers Raises Concern. Read more

www.ofzenandcomputing.com:
Facebook Profiles to Appear in Search Engine Results. Read more

www.wired.com:
Zombie Pfizer Computers Spew Viagra Spam. Read more

www.computeractive.co.uk:
Sony caught editing Halo 3 Wikipedia entry. Read more

www.usatoday.com:
New tool measures Wikipedia entries. Read more

www.idahostatesman.com:
Scam Alert: Hackers can use your business voice mail to make collect calls. Read more

allafrica.com:
Nigeria: Auditor-General's Name Used in Internet Scam. Read more

05 September 2007

Guides, Papers, etc
security.zarco.nl:
Anti virus evasion using archives. Read more

isc.sans.org:
Websense blocking isc.sans.org. Read more

www.avertlabs.com:
Mobile reunion: Hackers and Banks. Read more

ddanchev.blogspot.com:
Login Details for Foreign Embassies in the Wild. Read more

ddanchev.blogspot.com:
DIY Exploits Embedding Tools - a Retrospective. Read more

www.darkreading.com:
Pfizer: Strike Three. Read more

www.darkreading.com:
Watch Out for That Log! Read more

anti-virus-rants.blogspot.com:
file infecting viruses vs digital signatures. Read more

www.guardian.co.uk:
How secrets are unlocked. Read more

www.out-law.com:
Mobile workers don't care about security, says Cisco. Read more

www.wired.com:
Direct Brain-to-Game Interface Worries Scientists. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Telecom Italia Alice Messenger ActiveX Control Lets Remote Users Modify Registry Settings. Read more

 

Tools:
www.microsoft.com:
Microsoft Application Verifier is a runtime verification tool for unmanaged code that assists in finding subtle programming errors. Read more

 

News
www.presstv.ir:
Chinese hack into British gov't computers. Read more

www.securityfocus.com:
China on hot seat over alleged hacks. Read more

www.telegraph.co.uk:
Chinese hackers 'raid Whitehall computers'. Read more

www.msnbc.msn.com:
China's cyber-spies spread their net. Read more

www.eweek.com:
Botnet Attack Sinks Its Fangs into eBay Accounts. Read more

www.theregister.co.uk:
Sony to exorcise 'rootkit' from USB drives. Read more

www.vnunet.com:
Sony plans fix for 'rootkit' USB sticks. Read more

04 September 2007

Guides, Papers, etc
isc.sans.org:
Immanentize the Eschaton. Read more

blogs.securiteam.com:
OSCP (Offensive Security Certified Professional) Training and Challenge. Read more

ddanchev.blogspot.com:
Spammers and Phishers Breaking CAPTCHAs. Read more

www.avertlabs.com: Labor Day gift from Nuwar! Read more

technology.timesonline.co.uk:
Free security software 'as good as commercial brands'. Read more

www.zdnet.co.uk:
Sony isn't the only one you need worry about! Read more

www.viruslist.com:
Virus Top Twenty for August 2007. Read more

www.av-comparatives.org:
Anti-Virus Comparative August 2007 - Survey Report. Read more

www.informit.co:
Introduction to Network-Based Intrusion Detection Systems. Read more

http://www.hackerchallenge.org/:
2007 Global Software Reverse Engineering Challenge. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Solaris Special File System Lets Local Users Deny Service. Read more

securitytracker.com:
Sun Cluster USCSICMD IOCTL Processing Bug Lets Remote Authenticated Users Deny Service. Read more

 

Tools:
www.nz-honeynet.org:
Capture BAT is a behavioral analysis tool of applications for the Win32 operating system family. Capture BAT is able to monitor the state of a system during the execution of applications and processing of documents. Read more

cybernetnews.com:
CyberNotes: Exclusive Opera 9.5 Features & Video. Read more

 

News
news.softpedia.com:
Cyberwar: Pentagon Got Hacked! Read more

www.washingtonpost.com:
China rejects U.S. charge it hacked Pentagon. Read more

news.zdnet.co.uk:
China hosts almost half of all malware sites. Read more

www.computerworld.com:
Custom-built botnet steals eBay accounts. Read more

www.theregister.co.uk:
Spammers add a new dimension to junk mail. Read more

www.theregister.co.uk:
Another investigation into Pirate Bay kiddie porn. Read more

www.theregister.co.uk:
Germany floats Trojan for terror suspects. Read more

www.theregister.co.uk:
Monster warns victims and pledges better defense. Read more

www.computerworld.com:
AutoPatcher looks to return from the dead. Read more

03 September 2007

Guides, Papers, etc
blogs.securiteam.com:
hackers @ microsoft, MS’s place for white-hat (and blue-hat) hackers. Read more

blogs.securiteam.com:
Windows screensaver lock and lecturing. Read more

www.f-secure.com:
Virenjäger. Read more

www.sophos.com:
The month of malicious spam: Fraudsters step up their attempts to infect PC users. Read more

blog.spywareguide.com:
Compromised Emails Lead To IE Exploiter Tool. Read more

isc.sans.org:
Deobfuscating VBScript. Read more

isc.sans.org:
To AV or not to AV, is that the question? Read more

isc.sans.org:
Network Solutions having the day off? (nope just a few hrs). Read more

gevron.livejournal.com:
A jew in a German camp. Read more

www.secniche.org:
The Analogy of Pop Ups. Art of Third Party POP Up Attacks | Downloading JINX. Read more

www.secniche.org:
Detecting Vmwares Remotely. Read more

www.msnbc.msn.com:
Worst computer viruses of last 25 years. Read more

www.ethicalhacker.net:
Nmap from an Ethical Hacker's View Part 1. Read more

www.webstuffscan.com:
How to access blocked websites - Top 10. Read more

ha.ckers.org:
Recursive Request DoS. Read more

resources.zdnet.co.uk:
Understanding Windows Vista Service Hardening. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Aztech Router Lets Remote Users Access the Management Interface Via TCP Spoofing. Read more

securitytracker.com:
IBM DB2 Buffer Overflow in auth_list_groups_for_authid() Lets Remote Authenticated Users Execute Arbitrary Code, Read more

 

Tools:
addons.mozilla.org:
Dr.Web anti-virus link checker 1.0.15. Read more

www.virtualbox.org:
VirtualBox for Windows 1.5.0. Read more

www.edge-security.com:
Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,etc) availables in the target/victim websites. Read more

 

News
arstechnica.com:
"Storm worm" adds millions of computers to botnet. Read more

www.mercurynews.com:
Germany defends plan to use spyware in terror investigations. Read more

www.opm.gov:
USAJOBS Slightly Affected by Malicious Software. Read more

01 September 2007

Guides, Papers, etc
derangedsecurity.com:
DEranged gives you 100 passwords to Governments & Embassies. Read more

www.theage.com.au:
A look at major computer viruses over 25 years. Read more

www.pcadvisor.co.uk:
New Sony rootkit scandal gathers momentum. Read more

www.computerdefense.org:
Sony… Another Root Kit… Not Quite! Read more

www.f-secure.com:
Sony is awake. Read more

www.f-secure.com:
3D Spam. Read more

www.avertlabs.com:
Nuwar/Zhelatin/Storm took a nap. Read more

sunbeltblog.blogspot.com:
Video of Bank of India infestation. Read more

blog.spywareguide.com:
Singworm Spreading in Singapore / Hong Kong Via MSN Messenger. Read more

www.symantec.com:
Bioshock rootkit rumor shot down. Read more

www.sophos.com:
Beyonce, Rihanna, Kelly Clarkson video emails spread ecard Trojan horse. Read more

news.zdnet.co.uk:
Amid rootkit fiasco, Sony's ray of hope. Read more

www.infoworld.com:
Malicious Web: Not just porn sites. Read more

isc.sans.org:
Packet Sniffing. Read more

isc.sans.org:
Blacklisting Bad Apples (no not the i kind). Read more

www.economist.com:
The Criminal Underground: A Walk on the Dark Side. Read more

blog.washingtonpost.com:
Storm Worm Dwarfs World's Top Supercomputers. Read more

www.darkreading.com:
Phishers Play Top 40. Read more

www.darkreading.com:
What Have You Got to Hide? Read more

www.darkreading.com:
When Web Servers Attack. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Backup Manager Discloses the Upload Site's FTP Password to Local Users. Read more

securitytracker.com:
Hexamail Server Buffer Overflow in POP3 USER Command May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Norman Virus Control nvcoaft51.sys Driver Bugs Let Local Users Gain System Privileges. Read more

securitytracker.com:
Wireshark DNP3 Dissector Bug Lets Remote Users Deny Service. Read more

 

News
www.securityfocus.com:
Monster warns victims, pledges better defense. Read more

www.theregister.co.uk:
Security SNAFU exposes email logins for 100 foreign embassies (and counting). Read more

www.theregister.co.uk:
Attackers turn Bank of India site into malware bazaar. Read more


Copyright© MegaSecurity.org