Home    News Archive    Translate Traducen
News October 2006
31 October 2006

Guides, Papers, etc
download.microsoft.com:
The Risks of Obtaining and Using Pirated Software. Read more

www.mcafee.com:
AIM FOR BOT COORDINATION. Read more

www.eweek.com:
When in Rome ... Read more

www.eweek.com:
Smart Solutions to ID and Privacy. Read more

taosecurity.blogspot.com:
Response to Daily Dave Thread. Read more

isc.sans.org:
ToD - Configuration Management - maintaining security awareness. Read more

techdirt.com:
One Way To Get Around Iranian Broadband Ban: Ask Your ISP For Higher Speeds. Read more

arstechnica.com:
Vista's hardware tolerance: one significant change before support remediation. Read more

www.darkreading.com:
The Vista-Forefront Security Two-Step. Read more

blogs.ittoolbox.com:
Audio: SecurityMonkey Podcast #15. Listen

 

Vulnerabilities & Exploits
secunia.com:
Multiple Browsers Window Injection Vulnerability Test. Read more

securitytracker.com:
foresite CMS Input Validation Hole in 'query' Parameter Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Microsoft NAT Helper 'ipnathlp.dll' Lets Remote Users Deny Service. Read more

securitytracker.com:
Sophos Anti-Virus Bugs in Processing Petite Archives, RAR Archives, and CHM Files Let Remote Users Deny Service. Read more

securitytracker.com:
PunBB Input Validation Flaws Let Remote Users Inject SQL Commands and Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
iG Shop Input Validation Hole in 'change_pass.php' Permits Cross-Site Scripting Attacks. Read more

 

Tools:
metasploit.com:
Metasploit Framework 2.7 Released. Read more

 

News
www.wsbtv.com:
Social Security Numbers Posted Online. Read more

blogs.abcnews.com:
Hackers Penetrate Water System Computers. Read more

www.theregister.co.uk:
Ohio child hospital hack exposes 230,000 files. Read more

arstechnica.com:
Google actively aiding intelligence agencies? Read more

www.pcadvisor.co.uk:
Tricky malware sidesteps Windows security. Read more

www.pcadvisor.co.uk:
Attack disables Windows XP Firewall. Read more

www.infoworld.com:
Windows XP SP3 suffers uncertain future. Read more

www.securityfocus.com:
FBI raids home of boarding-pass creator. Read more

www.terra.net.lb:
China's lawmakers consider banning children from Internet cafes. Read more

www.darkreading.com:
Criminals in the Call Center? Read more

www.darkreading.com:
MySpace Under Siege. Read more

news.com.com:
Seagate bakes security into hard-disk drive. Read more

. 30 October 2006

Guides, Papers, etc
www.sans.org:
SANS Amsterdam 2006. Read more

isc.sans.org:
Remote DoS released targets Windows Firewall/Internet Connection Sharing (ICS) service component (NEW). Read more

blogs.securiteam.com:
RFIDIOt released RFID E-passport skimming PoC. Read more

blogs.securiteam.com:
e360 vs. Spamhaus via Tucows (round #3). Read more

blogs.securiteam.com:
Anecdotal story about myself, worm writing and Emergent behavior in Worms. Read more

www.pcworld.idg.com.au:
Visiting Vista RC2, part two. Read more

www.microsoft.com:
The risks of obtaining and using pirated software. Read more

www.suntimes.co.za:
Stay one step ahead of online banking skelms. Read more

www.informationweek.com:
Anatomy Of A Phishing Scam. Read more

www.newsfactor.com:
Internet Explorer 7: A Strong Contender. Read more

www.videosift.com:
Video: The Real Hustle - Keylogging. Watch

listvine.com:
9 Reasons Not to Upgrade to Firefox 2.0. Read more

blogs.ittoolbox.com:
Get Hired In Security: Today! Read more

blogs.authentium.com:
What is antivirus software? Read more

www.informit.com:
The Future of CPUs: What's After Multi-Core? Read more

 

Tools:
hexblog.com:
Loop colorizer. Read more

fileforum.betanews.com:
WinPcap 4.0 Beta 2. Read more

 

News
www.itweek.co.uk:
Million-PC botnet threatens consumers. Read more

www.denverpost.com:
Scammers find new ways to reach inbox. Read more

www.registerguard.com:
Online stock accounts being hit by hackers. Read more

www.abs-cbnnews.com:
China considers banning children from Internet cafes. Read more

www.floridatoday.com:
Fraud a click away on Web. Read more

thestar.com.my:
2010 World Cup jackpot spin to Nigerian Internet scam. Read more

www.internetnews.com:
Convicted Pedophile Looking at 15 Years. Read more

www.zdnet.com.au:
Aussie anti-porn Net filter gets closer. Read more

techdirt.com:
Yet Another Company Suing Google Because Its Ranking Sucks. Read more

www.latimes.com:
Why pick on Internet gambling? Read more

. 28 October 2006

Guides, Papers, etc
www.securityfocus.com:
Surprises Inside Microsoft Vista's EULA. Read more

www.f-secure.com:
Reselling domain names...for phishing gangs. Read more

isc.sans.org:
ADODB.connection Vuln. Read more

www.theregister.co.uk:
Acer: Vista Home Basic is a lemon. Read more

blogs.authentium.com:
Some More Perspective on Patchguard. Read more

blogs.securiteam.com:
RFIDIOt released RFID E-passport skimming PoC. Read more

www.vnunet.com:
Norman conquest of malware rolls out sandboxes. Read more

www.dfrws.org:
Searching for processes and threads in Microsoft Windows memory dumps. Read more

www.cs.nps.navy.mil:
Software Decoys: Intrusion Detection and Countermeasures. Read more

www.passivemode.net:
RFID Credit Card Vulnerabilities. Read more

www.darkreading.com:
Don't Blame the Browser. Read more

www.esecurityplanet.com:
The Jealous Trojan. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Wireshark (Ethereal) Bugs in HTTP, LDAP, XOT, WBXML, and MIME Multipart Dissectors Let Remote Users Deny Service. Read more

securitytracker.com:
3Com SuperStack 3 Switch Discloses SNMP Community String to Remote Users. Read more

securitytracker.com:
Microsoft Internet Explorer 'ADODB.Connection' Execute Function Lets Remote Users Execute Arbitrary Code. Read more

 

Tools:
computer.forensikblog.de:
PoolFinder conducts a brute-force scan of a Windows memory dump or page file (pagefile.sys) and attempts to identify pool allocations. Read more

 

News
www.securityfocus.com:
Bot nets likely behind jump in spam. Read more

www.theregister.co.uk:
Anti-scam website hit by DDOS attacks. Read more

www.theregister.co.uk:
Is Google legal? Read more

www.theregister.co.uk:
Bug causes another delay to Vista. Read more

mashable.com:
MySpace Phishing Attack Appears on 3000 Pages. Read more

www.theregister.co.uk:
Australian spammer fined A$5.5m. Read more

www.theregister.co.uk:
Hacker hijinks impinge on US mid-term elections. Read more

www.marketwatch.com:
Caution urged as online stock scams multiply. Read more

arstechnica.com:
Security company claims Vista's PatchGuard cracked. Read more

www.technewsworld.com:
Web Mail in the Workplace: Another Security Threat. Read more

blog.wired.com:
Congressman Ed Markey Wants Security Researcher Arrested. Read more

abcnews.go.com:
Web Site Lets Anyone Create Fake Boarding Passes. Read more

. 27 October 2006

Guides, Papers, etc
www.eweek.com:
Rutkowska: Anti-Virus Software Is Ineffective. Read more

blogs.securiteam.com:
e360 vs. Spamhaus via Tucows (round #3). Read more

blogs.securiteam.com:
Anecdotal story about myself, worm writing and Emergent behavior in Worms. Read more

blogs.securiteam.com:
The real story behind BT buying Counterpane! Read more

www.siliconvalleysleuth.com:
Adware purveyors wage mob war. Read more

isc.sans.org:
Are you sure you're as prepared as you think you are? Read more

www.freedom-to-tinker.com:
Why So Little Attention to Botnets? Read more

www.windowsitpro.com:
The Onion Router Downside. Read more

www.darkreading.com:
A Public Snort. Read more

www.computerworld.com:
'Less than zero-day' threats too often overlooked, analysts warn. Read more

www.technewsworld.com:
Going Wireless on Campus. Read more

www.hesterpc.com:
10 Steps to More Secure Wireless. Read more

www.mcs.vuw.ac.nz:
Testing client honeypots with Metasploit Framework 3. Read more

www.itnews.com.au:
Human factor essential for IT security. Read more

www.infoworld.com:
How not to stop a virus attack. Read more

www.podtrac.com:
Audio: Security Now 63: MojoPac - sponsored by Astaro Corp. Listen

www.tllts.org:
Audio: The Linux Link Tech Show Episode 164. Special Guest: Patrick Volkerding - Slackware. Linc's Laptop woes and the Nokia 770, Tuxpaint 0.9.16, Firefox 2.0, Linc's Book Reviews. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
Microsoft Internet Explorer Lets Remote Users Partially Spoof Address Bar URLs. Read more

securitytracker.com:
AOL Buffer Overflows in AddPictureNoAlbum and downloadFileDirectory ActiveX Controls Let Remote Users Execute Arbitrary Code. Read more

 

Tools:
siteadminstuff.com:
Site Admin Stuff. Read more

www.dubfire.net:
The Northwest Airlines Boarding Pass Generator. Read more

 

News
www.securityfocus.com:
Brokerages lose $22M to hackers in three months. Read more

www.theregister.co.uk:
IE7 spoofing bug pops up. Read more

www.pcworld.com:
If You Dislike Microsoft's Windows Antipiracy Checks, Look Out. Read more

www.eweek.com:
Microsoft Decries Vista PatchGuard Hack. Read more

www.eweek.com:
Wi-Fi Exploits Coming to Metasploit. Read more

torrentfreak.com:
BitTorrent Site Admin Sent to Prison. Read more

www.zdnet.com.au:
Linux guru warns on security of open-source. Read more

news.com.com:
Did worm infect Alaska candidates' site? Read more

www.smh.com.au:
Google 'harbouring racists'. Read more

. 26 October 2006

Guides, Papers, etc
sla.ckers.org:
XSS Fragmentation Attacks + MySpace 0day. Read more

www.securityfocus.com:
Viruses, Phishing, and Trojans For Profit. Read more

www.viruslist.com:
Spam, viruses, and Putin's death. Read more

fergdawg.blogspot.com:
Trick or Treat: Hallowe'en Malware Websites Abound. Read more

www.avertlabs.com:
W32/Stration - Not This Kid Again!? Read more

www.eweek.com:
Is It Really Too Late to Beat Bots? Read more

www.viruslist.com:
Computers, Networks and Theft. Read more

blog.ncircle.com:
CWSandbox Review. Read more

blog.washingtonpost.com:
ZoneAlarm's New Auto-Updater Prompts Confusion. Read more

blogs.securiteam.com:
5 minutes of glory. Read more

maxpatrol.com:
Web-style Wireless IDS attacks. Read more

www.mcs.vuw.ac.nz:
Testing client honeypots with Metasploit Framework 3. Read more

www.darkreading.com:
Month of Kernel Bugs to Come. Read more

www.antiphishing.org:
The Crimeware Landscape: Malware, Phishing, Identity Theft and Beyond. Read more

news10now.com:
One of history's most notorious thieves has tips on preventing ID theft. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Winamp Buffer Overflow in Parsing Ultravox Lyrics3 Tags Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Winamp Buffer Overflow in Processing the 'ultravox-max-msg' Header Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Cisco Security Agent for Linux Lets Remote Users Deny Service By Conducting Port Scans. Read more

securitytracker.com:
InteliEditor Include File Flaw in 'lib.editor.inc.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
WikiNi Input Validation Holes in 'name' and 'email' Parameters Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
PostgreSQL Processing Bugs Let Remote Authenticated Users Deny Service. Read more

securitytracker.com:
QK SMTP Server 'RCPT TO' Command Lets Remote Users Deny Service. Read more

securitytracker.com:
Sun Java System/iPlanet Messaging Server Webmail Interface Lets Remote Users Execute Javascript on the Target User's System. Read more

securitytracker.com:
RMSOFT Gallery System Input Validation Hole in 'rmgs/images.php' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Trawler Web CMS Include File Bug in 'path_red2' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
CruiseWorks 'cws.exe' Input Validation Errors Let Remote Users Traverse the Directory or Execute Arbitrary Code. Read more

 

Tools:
www.net-security.org:
Permission Analyzer for Microsft Windows released. Read more

 

News
www.securityfocus.com:
Man arrested for bot net, Akamai attack. Read more

www.theregister.co.uk:
Verisign backs Vista security green streak. Read more

news.zdnet.com:
Spoofing bug found in IE 7. Read more

www.techworld.com:
The world's most sophisticated Trojan uncovered. Read more

. 25 October 2006

Guides, Papers, etc
blogs.securiteam.com:
Real life uses for vulnerabilities: [funsec] Haxdoor: UK Police Count 8, 500 Victims in Data Theft (So Far). Read more

blogs.securiteam.com:
Vulnerability automation and Botnet “solutions” I expect to see this year. Read more

blogs.securiteam.com:
Re-branding IPS as an anti botnet tool. Read more

blogs.securiteam.com:
Firefox 2.0 with phishing detection arrived. Read more

www.viruslist.com:
The IM worms armada. Read more

blogs.msdn.com:
How hard is it to get a hot fix from Microsoft? It's not easy online. Read more

ddanchev.blogspot.com:
Detecting Malware Time Bombs with Virtual Machines. Read more

www.darkreading.com:
Mutating Email Bugs Swarm. Read more

www.microsoft.com:
Microsoft Security Intelligence Report. An in-depth perspective of trends in the malicious and potentially unwanted software landscape in the first half of 2006. Read more

www.mcafee.com:
Killing Botnets. A view from the trenches. Read more

www.browserden.co.uk:
A Week With IE7. Read more

www.haklabs.com:
Bypass WGA in Style. Read more

www.newscientisttech.com:
Attack of the quantum worms. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Symantec Client Security SAVRT.SYS Device Driver Buffer Overflow Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Symantec Anti Virus Corporate Edition SAVRT.SYS Device Driver Buffer Overflow Lets Local Users Gain Elevated Privileges. Read more

 

Tools:
sistk.sourceforge.net:
The SIS analysis toolkit. Read more

 

News
www.infoworld.com:
UK police count 8,500 victims in data theft. Read more

www.itnews.com.au:
Organised crime steals millions from online brokers. Read more

abcnews.go.com:
Chicago Voter Database Hacked. Read more

www.securityfocus.com:
Researchers warn over RFID credit cards. Read more

www.theregister.co.uk:
Vista kernel fix 'worse than useless'. Read more

www.regdeveloper.co.uk:
Microsoft in 64-bit Vista lockdown. Read more

security.ithub.com:
Security Vendor Bypasses Microsoft's Vista PatchGuard. Read more

sunbeltblog.blogspot.com:
Will PatchGuard be Vista's Maginot Line? Read more

www.theregister.co.uk:
Florida 'botmaster' charged with Akamai DDOS attack. Read more

www.btplc.com:
BT acquires Counterpane Internet Security. Read more

nationaljournal.com:
Terrorist Profiling, Version 2.0. Read more

www.nytimes.com:
At U.S. Borders, Laptops Have No Right to Privacy. Read more

www.theregister.co.uk:
Playboy gambler says Feds can't stop his online empire. Read more

today.reuters.com:
Hacker unlocks Apple music download protection. Read more

www.theregister.co.uk:
US publishers say Child Online Protection Act should be struck down. Read more

www.theage.com.au:
Improved security for new Firefox browser. Read more

www.eweek.com:
FBI: Companies Need to Report Cyber Attacks. Read more

www.pcworld.idg.com.au:
Excuses on iPod virus not credible. Read more

blogs.pcworld.com:
Hidden Costs of Vista Upgrade Coupon. Read more

www.avertlabs.com:
Image Spam still increasing. Read more

. 24 October 2006

Guides, Papers, etc
www.usatoday.com:
Cybercrime flourishes in online hacker forums. Read more

blog.wired.com:
GOING ONLINE IN CUBA : Internet under surveillance. Read more

blogs.securiteam.com:
More on Joanna Rutkowska Blue Pill and the New Vista. Read more

blogs.zdnet.com:
Controlling the kernel - It’s all about DRM. Read more

isc.sans.org:
Update: Malware Analysis: Tools of the Trade (NEW). Read more

www.avertlabs.com:
Bots and botting…. A Lost Cause? Read more

www.darkreading.com:
JavaScript Malware Strikes Firewalls. Read more

blogs.securiteam.com:
Money Mule Recruitment Over IM. Read more

www.fortinet.com:
Fortinet Continues to Protect Against Stration Threat. Read more

www.heise-security.co.uk:
You can't Bank on Security. Testing of UK bank pages reveals possible vulnerabilities. Read more

s3g.i2r.a-star.edu.sg:
Robust Reactions to Potential Day-Zero Worms through Cooperation and Validation. Read more

www.oreillynet.com:
Dear McAfee, Thanks For the Spam, But....Read more

blogs.zdnet.com:
Scary malware tricks part 1. Read more

arstechnica.com:
Microsoft's antivirus battles: not Netscape part II. Read more

www.ehomeupgrade.com:
The Real Hustle: Wireless Access Point Vulnerability Video. Watch

 

Vulnerabilities & Exploits
securitytracker.com:
Virtual Law Office Include File Bug in 'phpc_root_path' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
AROUNDMe Include File Flaw in 'templatePath' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
SchoolAlumni Portal Input Validation Hole Permits Cross-Site Scripting Attacks and Include File Bug Lets Remote Users Execute Local PHP Code. Read more

securitytracker.com:
Novell eDirectory NCP Over IP and evtFilteredMonitorEventsRequest() Overflows Let Remote Users Execute Arbitrary Code. Read more

 

Tools:
www.cbronline.com:
eEye plans antivirus and free firewall. Read more

today.reuters.co.uk:
Google lets Web sites tailor search to user tastes. Read more

 

News
www.securityfocus.com:
Critics concerned over Vista security changes. Read more

news.zdnet.co.uk:
Microsoft vs McAfee turns nasty. Read more

www.sophos.com:
Symantec and McAfee should have prepared better for Microsoft Windows Vista - Sophos comment. Read more

blogs.msdn.com:
IE7 Hits the Street. Read more

www.chicagotribune.com:
Vista secures new enemies. Read more

news.zdnet.com:
China moves toward 'real name system' for blogs. Read more

www.itpro.co.uk:
Online crime more profitable than drugs. Read more

www.securitypark.co.uk:
Hackers can also infiltrate production line networks. Read more

www.sun-sentinel.com:
Online brokerages hit for millions by hackers. Read more

www.theregister.co.uk:
SpamThru Trojan bundles own virus scanner. Read more

www.theage.com.au:
The name is Google. So sue us. Read more

sunbeltblog.blogspot.com:
Microsoft targets WebRoot. Read more

. 23 October 2006

Guides, Papers, etc
theinvisiblethings.blogspot.com:
Vista RC2 vs. pagefile attack (and some thoughts about Patch Guard). Read more

cnet.com.au:
The Netscaping of Symantec and McAfee. Read more

www.avertlabs.com:
MMORPG-Gold-Farming and Password-Stealers. Read more

smartbro.blogspot.com:
How To Install IE7 without the Genuine Validation. Read more

www.it-observer.com:
Malicious Code Injection: Not Just for SQL. Read more

www.securityfocus.com:
Researcher attempts to shed light on security troll. Read more

www.passivemode.net:
n3td3v True Identity Finally Discovered? Read more

www.informationweek.com:
Q&A: Why Metasploit Publishes Hacker Tools. Read more

www.eweek.com:
Registrar Protocol Change Could Bring More Security to Domains. Read more

www.technewsworld.com:
The Changing Faces of Internet Security Threats, Part 2. Read more

www.windowsnetworking.com:
Networking Basics: Part 2 - Routers. Read more

www.windowsnetworking.com:
Networking Basics: Part 3 - DNS Servers. Read more

www.eoncall.com:
Audio: Security with Dana Epp. Listen

podcast.dslextreme.com:
Audio: KFI Tech Guy 294. Read more

 

Tools:
www.activeworx.org:
IDS Policy Manager v2.0.0.4 Beta Released. Read more

 

News
australianit.news.com.au:
MS vague on Vista security. Read more

www.computerworld.com:
Diebold source code leaked again. Read more

www.infoworld.com:
On heels of IE 7, Mozilla readies Firefox 2.0. Read more

www.twincities.com:
The browser race is speeding up. Read more

www.washingtonpost.com:
'Click Fraud' Threatens Foundation of Web Ads. Read more

edition.cnn.com:
Security analysts: Mac attacks rare but may rise. Read more

www.itnews.com.au:
IAA, Sophos launch security awareness campaigns. Read more

www.technewsworld.com:
Buyer Beware When Shopping Online. Read more

. 21 October 2006

Guides, Papers, etc
blogs.securiteam.com:
Domain hijackers found EU Presidency and Summit .com domains. Read more

blogs.securiteam.com:
Very big spam list. Read more

www.sophos.com:
Trojan horse tempts users with raunchy pictures of pop group t.A.T.u. Read more

www.secureworks.com:
SpamThru Trojan Analysis. Read more

www.avertlabs.com:
MMORPG-Gold-Farming and Password-Stealers. Read more

www.darkreading.com:
Spammers Turn the Tables Again. Read more

www.darkreading.com:
Database Threat Intensifies. Read more

www.securityfocus.com:
Researcher attempts to shed light on security troll. Read more

www.hackerfactor.com:
Who is “n3td3v”? Read more

www.technewsworld.com:
The Changing Faces of Internet Security Threats, Part 2. Read more

www.securityfocus.com:
Opera browser patches buffer overflow. Read more

www.smh.com.au:
Lock the doors and Windows. Read more

www.infoworld.com:
Keeping up with advancing malware. Read more

www.hackerfactor.com:
Anti-Phishing: Page Encoding. Read more

ip.securescience.net:
Malware and the Myths of Key-Logging Prevention. Read more

www.computerworld.com:
Password: 0bs0l3t. Read more

www.eweek.com:
It's Vulnerability Storm Season. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Hosting Controller 'EnableForum.asp' and 'DisableForum.asp' Scripts Let Remote Users Create or Delete Forums and Virtual Directories. Read more

securitytracker.com:
PHPlist Input Validation Flaw in 'index.php' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
BlackBerry Enterprise Server for Domino Lets Remote Authenticated Users Deny Service. Read more

securitytracker.com:
Serendipity Input Validation Flaws in Administration Interface Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
KnowledgeBank Input Validation Holes Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
UltraCMS Input Validation Flaw in Username and Password Fields Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
DigitalHive Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Symantec Mail Security for Domino Premium AntiSpam Lets Remote Users Relay Mail. Read more

 

News
www.theregister.co.uk:
McAfee hoping MS will live up to 'hollow' promises. Read more

www.betanews.com:
Sophos: Microsoft Doesn't Need to Open Up PatchGuard. Read more

www.theregister.co.uk:
Spamhaus-style service aims to curb click fraud. Read more

. 20 October 2006

Guides, Papers, etc
theinvisiblethings.blogspot.com:
Vista RC2 vs. pagefile attack (and some thoughts about Patch Guard). Read more

blogs.securiteam.com:
Tiny PE - Rel0ad3d. Read more

blogs.securiteam.com:
Code crunching, crazy asm tricks? - code crunchers mailing list. Read more

blogs.securiteam.com:
Spamhaus Update: Judge Denies e360’s Requested Relief. Read more

blogs.securiteam.com:
Utimaco replies to SafeGuard Easy encryption key vulnerability. Read more

www.avertlabs.com:
0-days That Weren’t (Quick or Accurate, Take Your Pick). Read more

isc.sans.org:
New Internet Explorer and an old vulnerability (NEW). Read more

www.f-secure.com:
War-E-Zov. Read more

blogs.securiteam.com:
P2P-based Spam Trojan Installs Anti-Virus. Read more

www.secureworks.com:
SpamThru Trojan Analysis. Read more

web.cecs.pdx.edu:
Anomaly-based Botnet Server Detection. Read more

web.cecs.pdx.edu:
An Algorithm for Anomaly-based Botnet Detection. Read more

www.nucleusresearch.com:
BENCHMARKING: PASSWORDS — THE SAD TRUTH ABOUT SECURITY. Read more

searchwindowssecurity.techtarget.com:
Step-by-Step Guide: Finding and removing a rootkit. Read more

www.darkreading.com:
The Ten Most Dangerous Things Users Do Online. Read more

www.csoonline.com.au:
The dirt on Web bugs. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Kaspersky Anti-Virus Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Highwall Enterprise Input Validation Hole Permits Cross-Site Scripting Attacks and Input Validation Flaw Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Linux Kernel 'uaccess' S/390 Code Discloses Kernel Memory to Local Users. Read more

securitytracker.com:
Asterisk Integer Overflow in Skinny Channel Driver Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
SHTTPD Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Simplog Input Validation Flaw in 'comments.php' Script 'cid' Parameter Lets Remote Users Inject SQL Commands. Read more

 

Tools:
www.itweb.co.za:
Kaspersky Anti-Virus 6.0 tested best anti-virus product of the year. Read more

jon.oberheide.org:
Aimject facilitates man-in-the-middle attacks against AOL Instant Messenger's OSCAR protocol via a simple GTK interface. Read more

jon.oberheide.org:
winnie is a network scanner capable of detecting honeypot deployments using Honeyd <= 1.0. Read more

 

News
www.theregister.co.uk:
MS and researchers split hairs over first IE7 flaw. Read more

www.informationweek.com:
Gartner: Vista PatchGuard Changes Will Take Years. Read more

www.cbc.ca:
Digital 'ID cards' key to future internet privacy: Microsoft. Read more

www.eweek.com:
Microsoft Blocks Vista Rootkit Exploit. Read more

news.com.com:
Zombies try to blend in with the crowd. Read more

www.theregister.co.uk:
Organised crime fails to stop skiddies. Read more

www.varbusiness.com:
Microsoft's Live Meeting For Security Firms Crashes. Read more

www.varbusiness.com:
Microsoft: McAfee Security Claims 'Inaccurate, Inflammatory'. Read more

www.vnunet.com:
Internet viruses drop 47 per cent. Read more

www.zdnet.com.au:
National Australia Bank hit by DDoS attack. Read more

www.esecurityplanet.com:
Hacking for Profit. Read more

searchsecurity.techtarget.com:
Malware authors producing stealthier creations. Read more

. 19 October 2006

Guides, Papers, etc
www.f-secure.com:
The Warezov worm saga continues. Read more

www.usenix.org:
HotBots '07 Call for Papers. Read more

www.apple.com:
Small Number of Video iPods Shipped With Windows Virus. Read more

isc.sans.or:
Oracle Quarterly Critical Patch Update (Oct 2006). Read more

honeyblog.org:
A Multifaceted Approach to Understanding the Botnet Phenomenon. Read more

www.eweek.com:
Readers Respond: Peter Coffee's Dirty Dozen IT Embarrassments. Read more

jonpoon.blogspot.com:
Where's your class? Your integrity? Read more

ip.securescience.net:
Virtual KeyboardVirtual Keyboards.Malware and the Myths of Key-Logging Prevention. Read more

blogs.msdn.com:
IE7 for the World. Read more

didierstevens.wordpress.com:
USBVirusScan. Read more

www.darkreading.com:
CSRF Vulnerability: A 'Sleeping Giant'. Read more

ddanchev.blogspot.com:
A Cost-Benefit Analysis of Cyber Terrorism. Read more

msdn.microsoft.com:
8 Simple Rules For Developing More Secure Code. Read more

zdpub.vo.llnwd.net:
Audio: Our View: ZERT Works. Listen

www.darkreading.com:
Tossing My Cookies. Read more

 

Vulnerabilities & Exploits
labs.idefense.com:
Opera Software Opera Web Browser URL Parsing Heap Overflow Vulnerability. Read more

securitytracker.com:
IBM Lotus Notes Lets Local Users Modify Critical Files. Read more

securitytracker.com:
KDE Konqueror Integer Overflow in Processing Pixmap Images May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
HP Tru64 UNIX Dtmail Buffer Overflow Lets Local Users Gain Root Privileges. Read more

securitytracker.com:
Solaris tcp_fuse_rcv_drain() Bug Lets Local Users Deny Service. Read more

securitytracker.com:
GOOP Gallery Input Validation Flaw in 'image' Parameter Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Opera Large Link Address Heap Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
XORP OSPF Link State Advertisement Validation Error Lets Remote Users Deny Service. Read more

securitytracker.com:
Adobe Flash Player Plugin Lets Remote Users Injection Arbitrary HTTP Header Data. Read more

securitytracker.com:
Oracle Database and Other Products Have Multiple Unspecified Vulnerabilities With Unspecified Impact. Read more

 

News
www.securityfocus.com:
Apple ships virus on some video iPods. Read more

www.theregister.co.uk:
Trojan download site spoofs IE7 release outlet. Read more

www.theregister.co.uk:
Web viruses drop off despite IE exploit flap. Read more

www.itnews.com.au:
Trojan variants hide behind rootkits. Read more

sunbeltblog.blogspot.com:
Seen in the wild: Affinity spam. Read more

www.theglobeandmail.com:
Great Firewall of China lowers its barrier. Read more

www.chinadaily.com.cn:
China to blacklist those making, distributing 'spyware'. Read more

www.theregister.co.uk:
Spamhaus fights US court 'pro-spammer' ruling. Read more

today.reuters.com:
Microsoft releases long-awaited Explorer 7. Read more

www.microsoft-watch.com:
One Step Forward and One Step Back. Read more

www.it-observer.com:
The threat posed by portable storage devices. Read more

www.theregister.co.uk:
Adware rumpus over Battlefield 2142. Read more

www.computerworld.com.au:
Security firms wait for Microsoft's PatchGuard response. Read more

www.technewsworld.com:
McAfee Fires Allegations at Microsoft Over Vista Security. Read more

www.theregister.co.uk:
Ballmer: Microsoft helped security partners on Windows Vista. Read more

www.channelnewsasia.com:
Email may not be as secure as you think. Read more

money.cnn.com:
Passwords jotted down by 1 in 3 workers. Read more

www.smh.com.au:
Online sleuth tracks MySpace pedophiles. Read more

. 18 October 2006

Guides, Papers, etc
www.packetstormsecurity.org:
Practical Onion Hacking: Finding the real address of Tor clients. Read more

isc.sans.org:
Hacking Tor, the anonymity onion routing network (NEW). Read more

www.itnews.com.au:
New hacker toolkit cloaks browser exploits. Read more

www.microsoft.com:
Internet Explorer 7 will be delivered through Automatic Updates - customers should complete preparations by November 1. Read more

www.avertlabs.com:
Zero-Day Vulnerability Follows October ‘06 Patch Tuesday. Read more

security.ithub.com:
'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit. Read more

www.f-secure.com:
Fake TV Ads. Read more

www.darkreading.com:
Malware: The Undead. Read more

ddanchev.blogspot.com:
Observing and Analyzing Botnets. Read more

www.darkreading.com:
CSRF Vulnerability: A 'Sleeping Giant'. Read more

www.technewsworld.com:
No Immunity for Macs. Read more

msmvps.com:
Yes we have more spam today.... Read more

 

Vulnerabilities & Exploits
blogs.securiteam.com:
NVIDIA driver flaw allows remote compromise. Read more

securitytracker.com:
F5 FirePass 1000 Input Validation Flaw in 'my.acctab.php3' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Toshiba Bluetooth Stack Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
4images Input Validation Flaw in 'search.php' Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Comdev One Admin Include File Bug in 'oneadmin/adminfoot.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
NVIDIA Binary Graphics Driver for Linux Buffer Overflow Lets Local Users Gain Root Privileges. Read more

securitytracker.com:
Open Conference Systems Include File Bug in 'fullpath' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
phpCards Input Validation Hole Permits Cross-Site Scripting Attacks and Include File Bug Lets Remote Users Execute Local PHP Code. Read more

securitytracker.com:
IronWebMail IM_FILE Request Lets Remote Users Traverse the Directory. Read more

securitytracker.com:
Clam AntiVirus PE File Heap Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Kerio WinRoute Firewall Can Be Crashed With a Specially Crafted DNS Response. Read more

 

News
today.reuters.com:
Web could be terror training camp: Chertoff. Read more

news.com.com:
FBI director wants ISPs to track users. Read more

www.securityfocus.com:
NVidia bug puts Linux systems at risk. Read more

www.theregister.co.uk:
Nvidia rooted by Linux graphics bug. Read more

news.com.com:
Quality, quantity of phishing kits on the rise. Read more

www.theregister.co.uk:
Free virus with some iPods. Read more

www.theregister.co.uk:
Oracle's mega-patch shuts 101 doors. Read more

www.gulfnews.com:
Hackers link consulate website to porn pages. Read more

www.theregister.co.uk:
Microsoft promises to give away key virtualization spec. Read more

www.internetnews.com:
New Microsoft License Ties Vista To Hardware. Read more

www.techweb.com:
Microsoft Clarifies: Only Cheapest Vistas Can't Power VMs. Read more

today.reuters.co.uk:
China Internet rumour-mongers face fines - report. Read more

today.reuters.co.uk:
Some Internet addicts cover up habit -study. Read more

www.zdnet.com.au:
Telephone hack costs NSW firm AU$9,000. Read more

news.com.com:
Securing consumer-friendly smart phones. Read more

. 17 October 2006

Guides, Papers, etc
www.securityfocus.com:
ModSecurity 2.0 with Ivan Ristic. Read more

blogs.securiteam.com:
QoS and bot traffic. Read more

blogs.securiteam.com:
Code Crunching - Tiny PE (challenge). Read more

isc.sans.org:
Active exploit of Open Conference Systems web application (NEW). Read more

www.eweek.com:
Is the Botnet Battle Already Lost? Read more

www.eweek.com:
'Money Mules': The Hidden Side of Phishing. Read more

www.eweek.com:
Microsoft Caves on Vista Security. Read more

www.wired.com:
Install Vista, Buy Graphics Card. Read more

sunbeltblog.blogspot.com:
Symantec VP Rowan Trollope on PatchGuard: It ain't over. Read more

aolradio.podcast.aol.com:
Audio: Security Now 61: ISP Privacy. What your ISP knows about you and how to protect your privacy... Listen

podcast.dslextreme.com:
Audio: TLR 7: Leo on CFRB with John Donabie. Google You Tube merger, Windows Vista license limitations, and Oprah's red Nano... Listen

media.libsyn.com:
Audio: Interview with Johnny Long. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
phpMyConferences Include File Bug in 'lvc_include_dir' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Bugzilla Discloses Attachment Description and 'Deadline' Field to Remote Users. Read more

securitytracker.com:
Bugzilla Input Validation Holes Permit Cross-Site Scripting Attacks. Read more

 

Tools:
www.freewarefiles.com:
EasyBCD 1.5 adds experimental support for dual-booting any of these along with Linux, Mac OS X, or BSD — straight from the Windows Vista bootloader without any additional configuration needed! Read more

news.softpedia.com:
Stop Viruses for Free! Read more

 

News
today.reuters.com:
UPDATE 3-Microsoft gives Vista data to security firms. Read more

msnbc.msn.com:
China's Internet Mess. Read more

www.vnunet.com:
EEye to build world's largest honeypot. Read more

news.zdnet.co.uk:
Cut-price phishing toolkits pose growing threat. Read more

blogs.pcworld.com:
Worm Eats into McDonald's Promotion. Read more

www.theregister.co.uk:
419 scammers launch shipping sites. Read more

www.computerworld.com:
Spamhaus appeals possible shutdown ruling. Read more

www.darkreading.com:
Cybercrime: Better Than Drugs. Read more

www.securityfocus.com:
Poulsen helps nab MySpace predator. Read more

www.darkreading.com:
Attacks on Consumers Intensify. Read more

edition.cnn.com:
Digital age may bring total recall in future. Read more

. 16 October 2006

Guides, Papers, etc
www.benedelman.org:
Current Ask Toolbar Practices. Read more

www.eweek.com:
Is the Botnet Battle Already Lost? Read more

blogs.securiteam.com:
DLP on the rise: McAfee buys Israeli startup Onigma for $15-25 million. Read more

www.f-secure.com:
McDonalds ships MP3 players with a trojan. Read more

www.mcs.vuw.ac.nz:
Effectiveness of security by admonition: a case study of security warnings in a web browser setting. Read more

www.hpl.hp.com:
An epidemiological model of virus spread and cleanup. Read more

www.siliconvalley.com:
Today's computer viruses have more staying power. Read more

www.techworld.com:
Stop VPNs turning into open doors. Read more

www.zdnet.com.au:
Seven steps to increase Linux security. Read more

www.thetechtray.ne:
How to hide files in JPEG's. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code. Read more

 

Tools:
www.gnucitizen.org:
AttackAPI provides simple and intuitive web programmable interface for composing attack vectors with JavaScript and other client (and server) related technologies. Read more

 

News
www.techworld.com:
Microsoft warns of PowerPoint attack. Read more

www.activewin.com:
Hackers will crack Windows security tech soon. Read more

news.softpedia.com:
Vista PatchGuard Hacked. Read more

news.softpedia.com:
Vista's Patch Guard is Killing Next Generation Behavior-Blocking Technologies and Future Security Models. Read more

www.zdnet.com.au:
Security firms skeptical about Vista shift. Read more

www.gizmodo.com:
McDonalds: "I'm Lovin' Malware". Read more

www.wired.com:
MySpace Predator Caught by Code. Read more

computerworld.co.nz:
Email servers will choke, says Spamhaus. Read more

blogs.zdnet.com:
Wireless security to becom a $4.4 bln industry by 2010. Read more

www.computerworld.com:
British ISP fires back at spammers. Read more

www.passivemode.net:
The BBC Honeypot. Read more

www.terra.net.lb:
Software piracy costing Africa billions. Read more

. 14 October 2006

Guides, Papers, etc
blogs.securiteam.com:
There is no month without MS Office 0-day. Read more

blogs.securiteam.com:
ISOI II - a DA Workshop (announcement and CFP). Read more

www.f-secure.com:
Video - Your Marriage is in Danger! Read more

isc.sans.org:
New UrSnif/Haxdoor Variant (NEW). Read more

www.avertlabs.com:
From the floor of VB 2006, pt 2. Read more

www.websense.com:
Phishing Alert: BB & T Branch Banking & Trust. Read more

www.websense.com:
Phishing Alert: Teachers Credit Union. Read more

honeyblog.org:
Honeypot Compromise. Read more

www.daniweb.com:
small scale Trojan attacks big concern. Read more

www.viruslist.com:
Mobile Malware Evolution: An Overview, Part 2. Read more

news.com.com:
The future of malware: Trojan horses. Read more

www.atomicmpc.com.au:
The Making of Malware. Read more

www.securityfocus.com:
Hacking Web 2.0 Applications with Firefox. Read more

www.networkworld.com:
Vista's DRM features could bedevil antivirus. Read more

www.opticsexpress.org:
A method for secure communications over a public fiber-optical network. Read more

www-users.cs.umn.edu:
Worms: Taxonomy and Detection. Read more

www.windowsitpro.com:
WinInfo Short Takes. Read more

www.smh.com.au:
How to escape from junk mail hell. Read more

www.computerweekly.com:
The hacker handbook: 11 tips in 11 minutes. Read more

www.miguelcarrasco.net:
Blue Screen of Death Top 10. Read more

blog.wired.com:
Why Internet Explorer 7 Will Break the Web. Read more

www.podtrac.com:
Audio: Windows Weekly with Paul Thurrott 2: The Windows Shiv. Listen

podcast.dslextreme.co:
Audio: TLR 7: Leo on CFRB with John Donabie. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
Microsoft PowerPoint Unspecified Bug May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Journals System 'phpbb_root_path' Parameter Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

 

Tools:
www.pfsense.com:
pfSense 1.0 Firewall Released.Read more

 

News
www.securityfocus.com:
Targeted Trojan attacks on the rise. Read more

www.theregister.co.uk:
MySpace phishing scam targets music fans. Read more

chinadigitaltimes.net:
Who are China's Top Internet Cops? Read more

www.techweb.com:
Microsoft Opening Up Vista Kernel To Security Vendors. Read more

www.washingtonpost.com:
Microsoft Now Decides to Accept Outside Security for Vista. Read more

www.theregister.co.uk:
MS to pull security teams under Windows umbrella. Read more

www.betanews.com:
Microsoft to Alter Vista for EU, Korea. Read more

www.darkreading.com:
Anti-Malware Tools Trip Up IE7 Install. Read more

www.darkreading.com:
AV Vendors Need Not Fear Microsoft. Read more

www.theregister.co.uk:
ICANN refuses to pull Spamhaus domain. Read more

www.vnunet.com:
Cyber-criminals clone Google Italy site. Read more

computerworld.com:
British ISP fires back at spammers. Read more

news.zdnet.co.uk:
Researchers claim stealth encryption breakthrough. Read more

www.pcworld.com:
Google's Blogger Suffers Outage. Read more

www.networkworld.com:
Super stealthy Internet messaging method revealed. Read more

www.washingtonpost.com:
Hackers Stepping Up Pace of Microsoft Exploits. Read more

arstechnica.com:
Firefox accepting feature suggestions for version 3. Read more

www.technewsworld.com:
The Changing Faces of Internet Security Threats. Read more

www.darkreading.com:
Power Pay. Read more

www.betanews.com:
Bush Signs into Law Online Gambling Transaction Ban. Read more

. 13 October 2006

Guides, Papers, etc
www.finjan.com:
Malicious Code on Storage and Caching Servers. Read more

www.hypponen.com:
Virus Bulletin 2006 keynote. Read more

www.viruslist.com:
Back from BlackHat Tokyo 2006. Read more

www.sophos.com:
Spam campaign attempts to phish MySpace music fans, warns Sophos. Read more

www.avertlabs.com:
Live from VB2006. Read more

www.passivemode.net:
Online Banking Transactions. Read more

www.eweek.com:
Common Sense on Vista Adoption. Read more

www.darkreading.com:
HP-McAfee: Dangerous Liaison? Read more

sunbeltblog.blogspot.com:
Ruminations on the antispyware business. Read more

stampf.lutin.free.fr:
Worms of the future. Trying to exorcise the worst. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Mcafee Network Agent Lets Remote Users Deny Service. Read more

securitytracker.com:
Cisco Wireless Location Appliance Default Password Lets Remote Users Gain Root Access. Read more

securitytracker.com:
XeoPort Input Validation Flaw Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Netscape Portable Runtime API Environment Variable Lets Local Users Create Arbitrary Files. Read more

securitytracker.com:
communityPortals Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Softerra PHP Developer Library Include File Bug in 'grid3.lib.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
TagIt! Include File Flaw in 'delTagUser.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Claroline Include File Bug in 'inc/lib/import.lib.php' Lets Remote Users Execute Arbitrary Code. Read more

 

Tools:
sourceforge.net:
Taof - The art of fuzzing. Read more

www.betanews.com:
Virtual PC 2007 Beta Now Available. Read more

www.simplehelp.net:
10 Windows Explorer alternatives compared and reviewed. Read more

 

News
www.securityfocus.com:
Spying on bot nets becoming harder. Read more

www.securityfocus.com:
One laptop per child seeks top hackers. Read more

www.theregister.co.uk:
Infection-by-cache risk unearthed. Read more

www.techweb.com:
Vista Licenses Limit OS Transfers, Ban VM Use. Read more

www.darkreading.com:
Google Searchers Find Malware. Read more

news.com.com:
Security expert: User education is pointless. Read more

www.computerweekly.com:
VoIP tightens security against fuzzing, zombies, malicious intruders. Read more

software.silicon.com:
Hackers 'will crack Windows security tech soon'. Read more

www.theage.com.au:
Hackers steal US$500,000 (euro399,010) out of U.S. Virgin Islands government bank accounts. Read more

news.zdnet.co.uk:
Microsoft: Patching problems are over. Read more

www.computerworld.com:
Brief: Congressional Budget Office mailing list hacked. Read more

. 12 October 2006

Guides, Papers, etc
blogs.securiteam.com:
ICANN Issues a Statement on the Spamhaus Case. Read more

blogs.securiteam.com:
New Haxdoor variant spreading - do we have protection? Read more

www.f-secure.com:
Update Considerations. Read more

www.viruslist.com:
Legal spyware. Read more

blogs.msdn.com:
IE7 Installation and Anti-Malware Applications. Read more

www.avertlabs.com:
Microsoft near to patching 100 critical vulnerabilities this year! Read more

www.cio-today.com:
The Best Spyware Stopper. Read more

www.cio-today.com:
Technology The Boss Uses To Spy on You. Read more

www.viruslist.com:
Mobile Malware Evolution: An Overview, Part 1. Read more

www.viruslist.com:
Mobile Malware Evolution: An Overview, Part 2. Read more

honeyblog.org:
Catching Malware Detecting, Tracking, and Mitigating Botnets. Read more

blogs.msdn.com:
IE7 Installation and Anti-Malware Applications. Read more

www.scmagazine.com:
Caching servers store malicious code. Read more

www.computerworld.com:
Fighting security threats from IM and rogue Web access. Read more

 

Vulnerabilities & Exploits
secunia.com:
Microsoft Windows Object Packager Dialog Spoofing. Read more

securitytracker.com:
HP Version Control Agent Lets Remote Authenticated Users Access the System With Elevated Privileges. Read more

securitytracker.com:
Eazy Cart Bugs Let Remote Users Gain Administrative Access, Modify Prices, and Conduct Cross-Site Scripting Attacks. Read more

 

News
www.computerworld.com.au:
Hackers commercialize toolkits for profit. Read more

news.com.com:
ICANN: Sorry, we can't delete Spamhaus.org's domain. Read more

business.bostonherald.com:
Group warns of more junk e-mail. Read more

www.theregister.co.uk:
It's the information, stupid. Read more

today.reuters.com:
Microsoft rolls out online safety initiative. Read more

www.editorandpublisher.com:
China Unblocks Wikipedia. Read more

blogs.zdnet.com:
A sneaky change in Windows licensing terms. Read more

blogs.zdnet.com:
Protect DVD-Video - A slap in the face for PC and Media Center owners. Read more

www.osweekly.com:
Evil Microsoft vs. Poor Security Firms. Read more

. 11 October 2006

Guides, Papers, etc
blogs.securiteam.com:
isc.sans.org:
Chalk one up for Spamhaus. Read more

isc.sans.org:
Delays on Windows Update & the Death of SUS. Read more

searchwindowssecurity.techtarget.com:
Debunking the "Blue Pill" Vulnerability Theory. Read more

www.avertlabs.com:
Another backdoor with password stealer capabilities in the wild. Read more

www.avertlabs.com:
Microsoft near to patching a 100 critical vulnerabilities this year! Read more

www.technewsworld.com:
The False Promise of Browser Security. Read more

www.cs.unc.edu:
Early DoS and Worms. Read more

www.kottke.org:
Google code search. Read more

didierstevens.wordpress.com:
Update: Google and the Drive-by Download. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Macromedia ColdFusion 3rd Party Bug Lets Local Users Gain Local System Privileges. Read more

securitytracker.com:
Adobe Breeze Licensed Server URL Parsing Bug Lets Remote Users Traverse the Directory. Read more

securitytracker.com:
Adobe Contribute Publishing Server Discloses Administrative Password to Local Users. Read more

securitytracker.com:
Windows Object Packager RTF File Object Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Windows Server Service SMB Rename Null Pointer Dereference Lets Remote Users Deny Service. Read more

securitytracker.com:
Microsoft Office String, Chart Record, and SmartTag Validation Errors Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft XML Core Services Lets Remote Users Execute Arbitrary Code or Obtain Information. Read more

securitytracker.com:
Microsoft Word String and Mail Merge Record Validation Flaws Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Excel DATETIME/COLINFO Record Errors and Lotus 1-2-3 Errors Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft PowerPoint Errors in Parsing Object Pointers and Data Records Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
ASP.NET Input Validation Hole in AutoPostBack Feature Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
eXpBlog Input Validation Holes in 'kalender.php' and 'pre_details.php' Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
OpenDock Easy BLOG Include File Bug in 'doc_directory' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Docmint Include File Flaw in 'MY_ENV[BASE_ENGINE_LOC]' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
BorderManager IPSec/IKE Settings May Cause the Server to Crash. Read more

securitytracker.com:
AOL Buffer Overflows in You've Got Pictures ActiveX Controls Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
WebYep Include File Flaw in 'webyep_sIncludePath' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
OpenDock Easy Doc 'doc_directory' Parameter Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
OpenDock Easy Gallery 'doc_directory' Parameter Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Python repr() Processing of UTF-32/UCS-4 Strings May Let Remote Users Deny Service or Execute Arbitrary Code. Read more

 

Tools:
cigars.bravepages.com:
Terrorism Toolbar. Read more

www.eggheadcafe.com:
Convert HTML / script to Javascript Include Source. Read more

 

News
www.securityfocus.com:
Microsoft's big patch day fixes 26 flaws. Read more

www.symantec.com:
Trojan.Radropper Exploits WinRAR Vulnerability. Read more

www.theregister.co.uk:
Spamhaus fights US court domain threat. Read more

www.theregister.co.uk:
Swiss gov 'mulls' spyware to tap VoIP calls. Read more

www.smh.com.au:
Anti-spam group warns it may lose domain name, potentially unleashing more junk mail. Read more

www.redorbit.com:
Hackers Hit Atascadero's Web Site. Read more

www.it-observer.com:
Spam used to boost stock prices. Read more

news.com.com:
Flaw count hits a high. Read more

news.bbc.co.uk:
Trapping hackers in the honeypot. Read more

computerworld.com:
Microsoft: Vista antipiracy policy won't mean more spyware. Read more

www.theherald.co.uk:
Forget the nerd hacker, this is organised crime. Read more

. 10 October 2006

Guides, Papers, etc
blog.spywareguide.com:
IE Used to Launch Instant Messaging and Questionable Clicks. Read more

www.eweek.com:
Dive into the PhishTank. Read more

www.kbcafe.com:
Video: Spyware Rubbernecking. Watch

sunbeltblog.blogspot.com:
The Problem of Adware in Free Software Downloads. Read more

news.zdnet.com:
Why Microsoft is wrong on Vista security. Read more

www.windowsnetworking.com:
TCP/IP Troubleshooting: A Structured Approach - Part 1: An Introduction. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Cisco Secure Desktop May Let Local Users Access Data Via Windows Operating System Files. Read more

securitytracker.com:
PHP Live! Include File Bug in 'help.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Xdm May Let Local Users View the Error Log Files of a Target User. Read more

securitytracker.com:
Solaris Link Aggregation Access Restrictions Let Local Users Monitor Network Packets. Read more

 

News
www.theregister.co.uk:
Chinese crackers attack US.gov. Read more

www.securityfocus.com:
Online attackers hit Commerce Dept. Read more

www.heise-security.co.uk:
Superintendent Trojan. Read more

www.pcauthority.com.au:
Hacker cracks Google Blogger security. Read more

www.vnunet.com:
Security pros should target the enemy within. Read more

www.vnunet.com:
UK survey reveals widespread online fears. Read more

www.darkreading.com:
Monkeyspaw Grabs Phishers. Read more

www.technewsworld.com:
Microsoft's Refusal to Share Vista Kernel Still Drawing Fire. Read more

www.newsfactor.com:
Final Test Version of Windows Vista Released. Read more

ww.internetnews.com:
How Insecure Do You Think You Are? Read more

. 09 October 2006

Guides, Papers, etc
www.benedelman.org:
False and Deceptive Pay-Per-Click Ads. Read more

www.benedelman.org:
PPC Ads, Misleading and Worse. Read more

www.f-secure.com:
Denmark targeted. Read more

blogs.securiteam.com:
Mooooooooooore fun with Google Code Search [updated]. Read more

blogs.securiteam.com:
More fun with Google Code Search! [updated #5]. Read more

monkey.org:
insecurity stats via google codesearch. Read more

asert.arbornetworks.com:
Static Code Analysis Using Google Code Search. Read more

isc.sans.org:
Spam Backscatter (NEW). Read more

blogs.securiteam.com:
The Spamhaus case, a spam-savvy Illinois lawyer perspective. Read more

blogs.securiteam.com:
LiveView - Work with imaged drives on VMware. Read more

blog.assarbad.net:
So IE7 is coming. Who cares anyway? Read more

weblog.infoworld.com:
5 spam blockers by the numbers. Read more

security.ithub.com:
OpenDNS Fills the PhishTank. Read more

www.zdnet.co.uk:
The internet has changed the dynamics of the game. Read more

www.youtube.com:
How to Hack a Windows XP Password Without any Programs. Watch

news.bbc.co.uk:
Tips to help you stay safe online. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
FastFind Input Validation Hole in 'query' Parameter Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
BSD UNIX systrace STRIOCREPLACE Integer Overflow Lets Local Users Obtain Elevated Privileges. Read more

securitytracker.com:
ackerTodo Missing Input Validation in 'gadget/login.php' Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
TorrentFlux Missing Input Validation in HTTP User-Agent Permits Cross-Site Scripting Attacks. Read more

 

Tools:
liveview.sourceforge.net:
Live View is a tool that allows disk images or physical drives to be booted up in a virtual machine and examined in a forensically sound manner. Read more

 

News
www.vnunet.com:
Microsoft courts controversy by endorsing adware purveyor. Read more

www.builderau.com.au:
Google destroys Security Through Obscurity. Read more

news.bbc.co.uk:
Tracking down hi-tech crime. Read more

www.ioltechnology.co.za:
Chinese hackers hit US state computers. Read more

www.activewin.com:
MS Security patches for October. Read more

news.com.com:
D'oh! E-mails that embarrass. Read more

www.itwire.com.au:
Vista spyware may give filip to Linux and OS X. Read more

www.theinquirer.net:
Symantec's Thompson said Microsoft should compete, not control. Read more

. 07 October 2006

Guides, Papers, etc
blogs.securiteam.com:
More fun with Google Code Search! Read more

www.gfi.com:
Why one virus engine is not enough. Read more

blogs.msdn.com:
IE7 Is Coming This Month...Are you Ready? Read more

www.computerworld.com:
Your next wireless security problem. Read more

www.informit.com:
The Windows Vista Interface. Read more

aolradio.podcast.aol.com:
Audio: Security Now! 60: Q&A #11. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
CA Business Protection Suite Buffer Overflows in Backup Agent, Job Engine and Discovery Services Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
BrightStor Enterprise Backup Buffer Overflows in Backup Agent, Job Engine and Discovery Services Let Remote Users Execute Arbitrary Code. Read more

 

News
blogs.securiteam.com:
ICANN ordered by Illinois court to suspend spamhaus.org. Read more

www.securityfocus.com:
Google Code Search peers into programs' flaws. Read more

www.infoworld.com:
Hackers find use for Google Code Search. Read more

today.reuters.com:
Microsoft is not trying to block access says Kaspersky. Read more

www.securityfocus.com:
Microsoft to release 11 patches. Read more

www.theregister.co.uk:
Worm automates Google AdSense fraud. Read more

www.securityfocus.com:
Windows Vista Security debate rages on. Read more

news.bbc.co.uk:
Microsoft engaging with hackers. Read more

. 06 October 2006

Guides, Papers, etc
www.f-secure.com:
WOW. Read more

www.f-secure.com:
If you buy this lousy fake antispyware today within the next 15 minutes... Read more

blogs.msdn.com:
An Introduction to Kernel Patch Protection. Read more

msdn.microsoft.com:
Understanding and Working in Protected Mode Internet Explorer. Read more

www.eweek.com:
Security, Hypocrisy and the Kernel Patching Spat. Read more

blogs.securiteam.com:
Code auditing with Google. Read more

sunbeltblog.blogspot.com:
Is this freshly minted Microsoft MVP actually an adware pusher? Read more

www.viruslist.com:
More crime, fewer arrests? Read more

blogs.msdn.com:
USB Blocking in Release Candidate 1. Read more

blogs.securiteam.com:
Wikipedia Abused in a Nigerian Scam [updated]. Read more

www.gfi.com:
Pod Slurping – an easy technique for stealing data. Read more

www.wired.com:
Beguiling but Beware: Ajax, VOIP. Read more

Audio: Security Now! 60: Q&A #11. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
Symantec Mail Security NAVEX15/NAVENG Device Drivers Let Local Users Gain Kernel Level Privileges. Read more

securitytracker.com:
Norton System Works NAVEX15/NAVENG Device Drivers Let Local Users Gain Kernel Level Privileges. Read more

securitytracker.com:
Symantec Norton Anti-Virus Active X Control Stack Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Symantec Norton Internet Security Active X Control Stack Overflow Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.washingtonpost.com:
Computer System Under Attack. Read more

www.informationweek.com:
Trend Micro: Thousands Of Government Computers Infected By Bots. Read more

www.networkworld.com:
Sex, gambling and computer game sites being abused by Department of Interior. Read more

www.pcw.co.uk:
FTP worm tops threat list for September. Read more

www.vnunet.com:
Microsoft readies October security patches. Read more

www.itbusiness.ca:
Vista: Locked down. Read more

www.vnunet.com:
Browser history hack compromises user privacy. Read more

www.net-security.org:
Russian internet blackmailers jailed for extorting gambling websites. Read more

www.net-security.org:
67 new variants of the Spamta worm appear in just 7 days, reports Panda Software. Read more

www.informationweek.com:
Hacker Kit Use Surges, Means More Malicious Sites. Read more

www.infoworld.com:
The sad state of computer security. Read more

www.itbsecurity.com:
GFI Warns One Anti-virus Engine Is Not Enough To Protect Your Business. Read more

www.itwire.com.au:
Social networking sites an open door to hackers. Read more

mathaba.net:
Skype Careless on Security, Privacy Issues. Read more

news.zdnet.co.uk:
William Hill ups its game against hackers. Read more

. 05 October 2006

Guides, Papers, etc
isc.sans.org:
Old Webmin bug still be exploited (NEW). Read more

isc.sans.org:
Sniffers in Perl?!? (NEW). Read more

www.darkreading.com:
The Perils of Third-Party Patches. Read more

www.darkreading.com:
Security's Rotten Apples. Read more

www.darkreading.com:
Instant Message, Instant Infection. Read more

ipcommunications.tmcnet.com:
How do you secure an insecure OS? Read more

www.ists.dartmouth.edu:
A THEORETICAL SUPERWORM. Read more

portal.spidynamics.com:
How Prevalent Are SQL Injection Vulnerabilities? Read more

haskell.org:
Roll your own IRC bot. Read more

media.libsyn.com:
Audio: CyberSpeak October 1, 2006. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
Taskjitsu Input Validation Flaw Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
PHP Race Condition Lets Users Bypass open_basedir Restrictions. Read more

securitytracker.com:
Cerberus Helpdesk 'ticket_id' Parameter Reuse Lets Remote Users Obtain Potentially Sensitive Information. Read more

 

Tools:
www.theregister.co.uk:
VMware does 64-bits in full. Read more

 

News
www.securityfocus.com:
Windows Vista piracy cripples OS. Read more

www.securityfocus.com:
HP's Dunn faces criminal charges. Read more

www.informationweek.com:
Hacker Kit Use Surges, Means More Malicious Sites. Read more

online.wsj.com:
Those IMs Aren't as Private as You Think. Read more

www.itnews.com.au:
McAfee buys Citadel Security. Read more

today.reuters.com:
Google launches search service for computer code. Read more

www.terra.net.lb:
Google to launch "Literacy Project" in Germany this month. Read more

www.betanews.com:
Google Premieres Free Web Gadgets. Read more

www.techweb.com:
Risky Online Behavior Is Back Door To Cybercrime: Study. Read more

www.theregister.co.uk:
Social networkers risk losing their identities. Read more

www.theregister.co.uk:
Admin password security 'abysmal'. Read more

www.theregister.co.uk:
Russian bookmaker hackers jailed for eight years. Read more

www.internetnews.com:
Yahoo Gets Hacked And Likes It. Read more

www.phishtank.com:
Join the fight against phishing. Read more

msinfluentials.com:
Security Vendors: Microsoft is making Vista Too Secure. Read more

news.com.com:
DVD Jon strikes again, this time for profit. Read more

. 04 October 2006

Guides, Papers, etc
blog.spywareguide.com:
IE Used to Launch Instant Messaging and Questionable Clicks. Read more

sunbeltblog.blogspot.com:
New rogue on the loose: PestCapture. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Unicenter Web Services Distributed Management Discloses Files to Remote Users. Read more

securitytracker.com:
Novell GroupWise Messenger Agents Blowfish Error Lets Remote Users Deny Service. Read more

securitytracker.com:
McAfee ePolicy Orchestrator Buffer Overflow in Processing HTTP Source Headers Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
McAfee ProtectionPilot Buffer Overflow in Processing HTTP Source Headers Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Solaris IPv6 Fragment Reassembly Bug Lets Remote Users Cause a Kernel Panic. Read more

www.skype.com:
SKYPE-SB/2006-002: Improper handling of URI arguments. Read more

 

News
www.securityfocus.com:
Mozilla flaws more joke than jeopardy. Read more

news.com.com:
Hacker backpedals on Firefox zero-day. Read more

www.theregister.co.uk:
Unofficial patches defend against further IE flaw. Read more

www.theregister.co.uk:
Stealth techniques push malware under the radar. Read more

internetweek.cmp.com:
Beware Malicious Sites As Hacker Kit Use Explodes. Read more

en.rian.ru:
Russian hackers given stiff prison sentences. Read more

www.windowsitpro.com:
Microsoft Appeals EU Fine. Read more

news.zdnet.co.uk:
Spammers face jail. Read more

www.theregister.co.uk:
Flight disaster phishing scam lands in Brazil. Read more

www.pcworld.com:
Hackers Crash the Social Networking Party. Read more

www.technewsworld.com:
Report: Cell Phone Worms, VoIP Fraud to Grow in '07. Read more

www.microsoft-watch.com:
The Lion and the Mice. Read more

. 03 October 2006

Guides, Papers, etc
www.mcafee.com:
Microsoft Increasing Security Risk with Vista. Read more

isc.sans.org:
Detecting attacks against servers (NEW). Read more

knowledge.wharton.upenn.edu:
Clickprints on the Web: Are there signatures in Web browsing data? Read more

www.enterprisenetworksandservers.com:
The Rise of Rootkit-Based Malware: Why anti-spyware and anti-virus software is no longer enough. Read more

www.eweek.com:
The Limits of Scanning. Read more

www.av-test.org:
2006-10-01 Cross Reference List of Virus Names. Download

www.youtube.com:
Video: Spyware Rubbernecking. Watch

www.computerworld.com:
10 tips to secure client VPNs. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Sunbelt Kerio Personal Firewall Input Validation Flaws in Hooked System Calls Let Local Users Deny Service. Read more

securitytracker.com:
Skype Unspecified Format String Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
IBM AIX acctctl Command Lets Local Users Gain Root Privileges. Read more

securitytracker.com:
Trend Micro OfficeScan Corporate Edition Format String Flaw in 'ATXCONSOLE.OCX' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mozilla Firefox Unspecified Stack Overflow in Processing JavaScript Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Cyrus SASL DIGEST-MD5 Negotiation Flaw Lets Remote Users Deny Service. Read more

securitytracker.com:
Apple LoginWindow Lets Local Users Access Another User's Kerberos Tickets or Bypass Access Controls. Read more

securitytracker.com:
Mac OS X Workgroup Manager May Display the Incorrect Password Authentication Method. Read more

securitytracker.com:
Mac OS X WebCore WebKit Memory Management Error Lets Remote Users Execute Arbitrary Code. Read more

 

Tools:
www.betanews.com:
VMware Releases New Converter Tool. Read more

 

News
www.securityfocus.com:
Attacks prompt third parties to fix flaw. Read more

news.com.com:
McAfee knocks Microsoft over Vista roadblocks. Read more

www.theregister.co.uk:
Virus-infected email hits rock bottom. Read more

www.zdnet.com.au:
VoIP, mobile security top SANS 2007 'hit list'. Read more

www.theregister.co.uk:
US government steps back from internet control. Read more

www.theregister.co.uk:
Vista hit by EC fears and McAfee ire. Read more

www.theregister.co.uk:
PGP puts finger in network storage dyke. Read more

news.com.com:
Report shows HP sought expert to help find leak. Read more

software.silicon.com:
"Impossible to patch": Hackers unearth Firefox hole. Read more

news.com.com:
In Washington, a Net protector or predator? Read more

searchsecurity.techtarget.com:
Symantec Dark Vision app monitors underground IRC servers. Read more

www.windowsitpro.com:
Exclusive: Here Comes Windows Vista RC2. Read more

. 02 October 2006

Guides, Papers, etc
blogs.securiteam.com:
0day vulnerabilities in Firefox, with source. Read more

isc.sans.org:
Yellow: WebViewFolderIcon setslice exploit spreading (NEW). Read more

blogs.technet.com:
The Case of the Notepad that Wouldn't Run. Read more

www.spidynamics.com:
Stealing Search Engine Queries with JavaScript. Read more

www.microsoft.com:
Podcasts: How Microsoft IT Defends Against Spam, Viruses, and E-Mail Attacks. Listen

www.vitalsecurity.org:
Stupidest. Botnet. Ever. Read more

blog.spywareguide.com:
Pipeline Worm Floods AIM with Botnet Drones. Read more

podcast.dslextreme.com:
Audio: KFI Tech Guy 288. Security flaws galore, in Firefox, in Windows, and on the Mac... Listen

 

Vulnerabilities & Exploits
securitytracker.com:
Apple QuickDraw Manager PICT Image Processing Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mac OS X Preferences May Let Users Retain Administrative Privileges. Read more

securitytracker.com:
Mac OS X Mach Kernel Exception Error Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Apple ImageIO Buffer Overflow in Processing JPEG2000 Images Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Apple CFNetwork Error May Cause Incorrect SSL Authentication Status to Be Displayed. Read more

securitytracker.com:
OpenSSL ASN.1 Bugs, SSL_get_shared_ciphers() Buffer Overflow, and SSLv2 Client Error Lets Remote Users Denial of Service or Execute Arbitrary Code. Read more

securitytracker.com:
HP Ignite-UX Server Bug Lets Remote Users Obtain Root Access. Read more

securitytracker.com:
Microsoft Windows Shell Integer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution. Read more

securitytracker.com:
OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames. Read more

 

News
news.zdnet.co.uk:
Hackers: Firefox has JavaScript flaw. Read more

weblog.infoworld.com:
MS: Patching obsolete OSes gives 'false sense of security'. Read more

blogs.pcworld.com:
Another third-party Windows fix released. Read more

www.eweek.com:
Inside the Third-Party Patching Conundrum. Read more

news.com.com:
Cybercrooks add Windows flaw to arsenal. Read more

www.myantispyware.com:
MSN Worm Used to install Backdoor. Read more

www.zone-h.org:
New defacements' messages threatening the Pope. Read more

news.com.com:
Iranian video game targets U.S. tanker. Read more

edition.cnn.com:
The growing world of Google Earth. Read more


Copyright© MegaSecurity.org