Home    News Archive    Translate Traducen
News October 2007
31 October 2007

Guides, Papers, etc
www.wired.com:
The Great Firewall: China's Misguided — and Futile — Attempt to Control What Happens Online. Read more

sparrow.ece.cmu.edu:
An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants. Read more.

www.heise-security.co.uk:
Leopard with chinks in its armour. A second look at the Mac OS X Leopard firewall. Read more

sunbeltblog.blogspot.com:
Seen on MySpace -- very realistic fake update popup. Read more

sunbeltblog.blogspot.com:
Beware targeted fake "complaint" emails. Read more

blog.didierstevens.com:
A000n0000 0000O000l00d00 0I000E000 00T0r0000i0000c000k. Read more

www.theregister.co.uk:
When antivirus products (and Internet Explorer) fail you. Read more

www.f-secure.com:
Unrest in Ukraine. Read more

www.f-secure.com:
Trick or Treat with Stormy Helloween. Read more

isc.sans.org:
Cyber Security Awareness Tip #31: Legal Awareness (Regulatory, Statutory, etc.). Read more

isc.sans.org:
Cyber Security Awareness Tip #30 - Blogging and Social Networking. Read more

isc.sans.org:
Soon to come: IRS Spam. Read more

isc.sans.org:
VoIP Spam (Vonage?) Read more

isc.sans.org:
Cyber Security Awareness Tip #29: Insider Threats. Read more

www.darkreading.com:
Website Security Seals Get a Boost. Read more

www.darkreading.com:
Industry Hears First 'Singing Spam'. Read more

ddanchev.blogspot.com:
Botnet on Demand Service. Read more

ddanchev.blogspot.com:
Possibility Media's Malware Fiasco. Read more

ddanchev.blogspot.com:
Wisdom of the Anti Cyber Jihadist Crowd. Read more

www.eweek.com:
The Death Penalty and Retailers. Read more

www.news.com:
The new urgency to fix online privacy. Read more

www.techworld.com:
Hacking tools disguised as activation crackers. Read more

www.comnetslash.com:
The best way to Hack a Windows XP Password! Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Solaris IP Stack Bug Lets Local Users Deny Service. Read more

securitytracker.com:
Sun Fire Server Embedded Lights Out Manager Software Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
IBM Tivoli Storage Manager Input Validation Hole in CAD Service Permits Script Injection Attacks. Read more

securitytracker.com:
Solaris SCTP INIT Processing Bug Lets Remote Authenticated Users Deny Service. Read more

 

News
www.sourceuk.net:
Escalating Hacking War between Turkey and Sweden. Read more

www.wired.com:
'Criminal' Botnet Stumps for Ron Paul, Researchers Allege. Read more

news.zdnet.co.uk:
MessageLabs: Watch out for audio and video spam. Read more

www.theregister.co.uk:
Whois database targeted for destruction. Read more

www.techworld.com:
Microsoft's OneCare engulfed by install controversy. Read more

www.techworld.com:
Windows photo bug under attack. Read more

www.pcadvisor.co.uk:
Windows users warned of Kodak exploit. Read more

www.informationweek.com:
Cybercriminal Bets Users Will Trade Security For Sex. Read more

www.computerworld.com.sg:
Storm Worm sent 15 million pump-and-dump e-mails. Read more

www.pcadvisor.co.uk:
Storm Worm's pump-and-dump assault continues. Read more

www.computerworld.com:
Fake FTC e-mails contain malware payload. Read more

29 October 2007

Guides, Papers, etc
blogs.securiteam.com:
Gmail as an email honeypot. Read more

isc.sans.org:
Cyber Security Awareness Tip #28: Cookies. Read more

isc.sans.org:
Cyber Security Awareness Tip #27: Online Games and Virtual Worlds. Read more

www.cisrt.org:
Two Variants of MSN Worm. Read more

www.routerpasswords.com:
Default Router Password Database. Read more

ha.ckers.org:
The Danger of Pre-canned RFI Exploits. Read more

mcwresearch.com:
Bloatware = h@x0rdware. Read more

www.newsweek.com:
Searching For The Best Engine. Read more

 

News
www.washingtonpost.com:
Kremlin Seeks To Extend Its Reach in Cyberspace. Read more

www.timesonline.co.uk:
Online raiders fool banks into handing over customers’ details. Read more

www.allheadlinenews.com:
Art.com's Website Hacked; Customers Alerted Of Possible Identity Theft. Read more

news.zdnet.co.uk:
F-Secure warning over PDF malware threat. Read more

www.vnunet.com:
Cyber-crime 'worse than burglary'. Read more

www.wired.com:
Terabyte Thumb Drives Made Possible by Nanotech Memory. Read more

www.custompc.co.uk:
512GB Solid State Disks on the way. Read more

28 October 2007

Guides, Papers, etc
www.f-secure.com:
Malicious PDF files being spammed out in volume. Read more

pandalabs.pandasecurity.com:
A new way of social engineering. Read more

isc.sans.org:
Request for info, IPs, exploit examples on PDF mailto documents. Read more

isc.sans.org:
URL Update to Internet Explorer URL Handling Vulnerability. Read more

www.infoworld.com:
Stopping malware that mutates on demand. Read more

sunbeltblog.blogspot.com:
Italian malware arrests. Read more

sunbeltblog.blogspot.com:
Scammy marketing tactic: interactive chat bot. Read more

www.cisrt.org:
Kitty Card Spams Began Active Again. Read more

www.vitalsecurity.org:
MoneySavingExpert.com - Nigerian DDoS? Read more

blog.spywareguide.com:
IKatzu - EULA Fun and Tangled Trails. Read more

dvlabs.tippingpoint.com:
Stopgap Detection for the Gozi PDF Dropper. Read more

www.darkreading.com:
Researcher: Vonage Vulnerable. Read more

www.darkreading.com:
What Not to Do After a Security Breach. Read more

www.darkreading.com:
Logs: App Security's Chief Building Block. Read more

www.darkreading.com:
Upstart Vendors Question Everything. Read more

anti-virus-rants.blogspot.com:
I-know-theres-no-panacea-but-i-still.html'>i know there's no panacea but i still want one, darnit! Read more

msmvps.com:
Danger - Possibility Media web sites compromised. Read more

www.forbes.com:
Worst Cybersecurity Meltdowns. Read more

blogs.zdnet.com:
Why spam can only be managed, not ended. Read more

www.technewsworld.com:
The University's Role in Advancing Data Encryption, Part 1. Read more

www.avertlabs.com:
Day in the life of a researcher. Read more

www.pcadvisor.co.uk:
Interview: fraudster Frank Abagnale talks IT security. Read more

arstechnica.com:
US tops "dirty dozen" of spam-relaying countries by a landslide. Read more

tech.blorge.com:
Expert: If you want secure Internet, go back to DOS. Read more

www.secniche.org:
Take Down Zombies : DNS Sanitization and BOTNETS. Read more

www.computerworld.com:
What's wrong with mobile browsers. Read more

www.podtrac.com:
Audio. Security Now 115: Perfect Paper Passwords - sponsored by Astaro Corp. Listen

msmvps.com:
Video. Follow the money....Watch

 

Vulnerabilities & Exploits
www.piotrbania.com:
RealNetworks RealPlayer/RealOne Player/Helix Player Remote Memory Corruption. Read more

securitytracker.com:
RealPlayer Buffer Overflows in Processing MP3, RM, SWF, RAM, and PLS Files Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Tomcat WebDAV Servlet Lets Remote Users View Arbitrary Files. Read more

 

News
www.theregister.com:
Microsoft sics worldwide braintrust on XP vuln. Read more

www.securityfocus.com:
Court filings double estimate of TJX breach. Read more

www.reuters.com:
PDF files used to attack computers: security firm. Read more

www.computerworld.com:
'We're not scared' of Storm, say researchers. Read more

www.internetnews.com:
Hacker Criminals Find An Exploit In a Fix. Read more

www.heise-security.co.uk:
Microsoft: Number of attacks on personal data skyrockets. Read more

www.theglobeandmail.com:
U.S. Senate wants probe on content blocking. Read more

media.www.michigandaily.com:
Arrests coming in MSA scandal. Read more

www.informationweek.com:
'Bot Master' Gets 12 Months In Federal Prison. Read more

www.technologynewsdaily.com:
Bank, Computer Fraud and Aggravated ID Theft Charges. Read more

www.theregister.co.uk:
Police tackle crime hotspots with scary warning poster. Read more

www.pcw.co.uk:
Geforce cracks Windows passwords. Read more

26 October 2007

Guides, Papers, etc
www.f-secure.com:
This Bud's for You? Read more

isc.sans.org:
Cyber Security Awareness Tip #26 – Safe File Transfer. Read more

blogs.securiteam.com:
Prevent paper-waste. Read more

sunbeltblog.blogspot.com:
Pimp my PE presentations now available. Read more

www.networkworld.com:
Storm worm can befuddle NAC. Read more

www.darkreading.com:
Phoenix Partners With Rutkowska in Securing Hypervisor. Read more

www.darkreading.com:
Sprint Adds Laptop Security to Mobile Broadband. Read more

www.bbc.co.uk:
The internet provider used by criminals. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
Trend Micro Scan Engine Buffer Overflow in 'Tmxpflt.sys' Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Xen Insecure Temporary File Lets Local Users Truncate Files. Read more

 

News
www.securityfocus.com:
Spyware purveyor DirectRevenue closes down. Read more

www.theregister.co.uk:
New strain of Gozi Trojan prowls the net. Read more

www.eweek.com:
Russian Crooks Spreading Gozi Trojan with PDFs. Read more

www.computerworld.com:
Microsoft now takes blame for WSUS update error. Read more

www.theregister.co.uk:
Online trading site was left wide open. Read more

www.theregister.co.uk:
Record industry pushes ISPs to cut off file sharers. Read more

25 October 2007

Guides, Papers, etc
www.news.com:
Schneier: Beware security products. Read more

www.f-secure.com:
Mudslinging Malware. Read more

isc.sans.org:
Cyber Security Awareness Tip #25: E-mail (PGP, Attachments, etc), IM, IRC. Read more

isc.sans.org:
Cyber Security Awareness Tip #24: Not all patches are released on a Tuesday. Read more

isc.sans.org:
PDF mailto exploit documents in the wild. Read more

ddanchev.blogspot.com:
A Portfolio of Malware Embedded Magazines. Read more

www.darkreading.com:
Weaponizing All Browsers. Read more

www.darkreading.com:
Researchers Create New 'Fingerprinting' Method. Read more

www.darkreading.com:
ExploitMe: Free Firefox Plug-Ins Test Web Apps. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
HP OpenView Configuration Management (CM) Infrastructure (Radia) and Client Configuration Manager Lets Remote Users Access Data. Read more

securitytracker.com:
IBM Lotus Notes Buffer Overflow in TagAttributeListCopy Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
RSA Keon Registration Authority Input Validation Holes Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
SocketMail Input Validation Hole in 'lost_id' Parameter Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
IBM Lotus Domino Server Buffer Overflow in IMAP Service Lets Remote Authenticated Users Execute Arbitrary Code. Read more

securitytracker.com:
IBM Lotus Notes Buffer Overflows in File Attachment Viewer Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.theregister.co.uk:
Storm Worm retaliates against security researchers. Read more

www.networkworld.com:
Storm worm strikes back at security pros. Read more

ww.eweek.com:
Storm Worm Botnet Lobotomizing Anti-Virus Programs. Read more

www.securityfocus.com:
Vulnerabilities rise, increasingly severe. Read more

www.theregister.co.uk:
More gnashing of teeth after Microsoft update brings PCs to a standstill. Read more

www.neowin.net:
Password-cracking chip causes security concerns. Read more

24 October 2007

Guides, Papers, etc
isc.sans.org:
PDF mailto exploit documents in the wild. Read more

sunbeltblog.blogspot.com:
So what's the motivation behind Zango's acquistion... Read more

sunbeltblog.blogspot.com:
Zango buys SmartShopper, price reported to be $9 m... Read more

www.cisrt.org:
PDF Spam Attack. Read more

ddanchev.blogspot.com:
Over 100 Malwares Hosted on a Single RBN IP. Read more

ddanchev.blogspot.com:
RBN's Fake Security Software. Read more

www.net-security.org:
High-level reverse engineering. Read more

rbnexploit.blogspot.com:
RBN The Top 20, fake anti-spyware and anti-malware Tools. Read more

www.darkreading.com:
Winning Web Scanning Firm Gets DDOSed. Read more

www.darkreading.com:
Forensics Tools: A Closer Look. Read more

www.technewsworld.com:
Virtual Browsers: Disposable Security. Read more

www.earthtimes.org:
Antivirus: Malware Detection Is Key to Success. Read more

www.infoworld.com:
Smart security testing on the cheap. Read more

www.thisisby.us:
Bibles For Nigeria? Beware this scam! Read more

www.alistercameron.com:
Did I uncover your credit card details on the web today!? Read more

www.openjs.com:
Make Firefox Twice as Fast and Much More Stable Easily. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
libpng Chunk Handling Bugs Let Remote Users Deny Service. Read more

securitytracker.com:
Java Runtime Environment Lets Remote Applets Gain Elevated Privileges. Read more

securitytracker.com:
Red Hat Kernel Lets Local Users Deny Service on AMD64/Intel 64 Platforms. Read more

 

News
news.zdnet.co.uk:
Symantec and Microsoft co-operate on security. Read more

www.theregister.co.uk:
Austria OKs terror snooping Trojan plan. Read more

www.heise.de:
Austria plans to start conducting secret online searches in 2008. Read more

www.domainnamenews.com:
Verisign to Profit from Rootserver Data? Read more

www.theregister.co.uk:
Nasty PDF exploit runs wild. Read more

www.theregister.co.uk:
Fight malware by upgrading to Vista, urges MS. Read more

www.theregister.co.uk:
Jailed terror student 'hid' files in the wrong Windows folder. Read more

www.computerworlduk.com:
Microsoft is complying with antitrust ruling, says Commission. Read more

23 October 2007

Guides, Papers, etc
www.viruslist.com:
Malware evolution: January – July 2007. Read more

apcmag.com:
WARNING: device driver updates causing Vista to deactivate. Read more

isc.sans.org:
Cyber Security Awareness tip #23 Using Browsers, SSL, Domain Names. Read more

isc.sans.org:
Adobe Reader 8.1 update available. Read more

www.f-secure.com:
Security Advisories. Read more

swatrant.blogspot.com:
Nuwar/Storm Worm update! Read more

ddanchev.blogspot.com:
Ain't That Ugly? Read more

ddanchev.blogspot.com:
Empowering the Script Kiddies. Read more

www.securityfocus.com:
Identity thieves likely to be first-timers, strangers. Read more

blogs.securiteam.com:
Does Technology Breed Crime? Read more

www.forbes.com:
Made For Hacking. Read more

www.technewsworld.com:
The Increasing Complexity of the New Spyware Landscape. Read more

sunbeltblog.blogspot.com:
Trojan.Netview: A dangerous trojan. Read more

sunbeltblog.blogspot.com:
Jane is contrite... Now we're trying to help Gary. Read more

www.darkreading.com:
Upstart Takes New Tack on Digital Signatures. Read more

www.darkreading.com:
Study: ID Thieves Get Their Hands Dirty. Read more

www.utica.edu:
Identity Fraud Trends and Patterns: Building a Data-Based Foundation for Proactive Enforcement. Read more

www.pentest.es:
Check Point Secure Platform Hack.
An uncensored real-time how I exploited a vulnerability in a kernel hardened EAL4+ certified firewall. Read more

blogs.msdn.com:
First Line of Defense for Web Applications – Part 2. Read more

 

News
news.zdnet.co.uk:
Germany accuses China of digital espionage. Read more

www.theregister.co.uk:
Real Media attacks real people via RealPlayer. Read more

www.net-security.org:
Patent filed for revolutionary technique to quickly recover lost passwords. Read more

www.thebusiness.co.uk:
Online credit card fraud soars. Read more

space.newscientist.com:
British hacker can challenge US extradition. Read more

blog.wired.com:
Controversial Russian Web Hoster Says Critics Are Rogue, Greedy Xenophobes. Read more

www.computerworld.com:
Phishers (almost) scam grocery giant out of $10 million. Read more

22 October 2007

Guides, Papers, etc
blogs.securiteam.com:
Statistics vs. Probability - Did POTRIPPER Cheat? Read more

isc.sans.org:
Cyber Security Awareness tip #22 Detecting and Avoiding Bots and Zombies. Read more

isc.sans.org:
Cyber Security Awareness Tip #20: Software Authenticity. Read more

www.symantec.com:
A day in the life of Peacomm? Read more

sunbeltblog.blogspot.com:
Security conference attendees fall victim to man-in-the-middle hack. Read more

log.does-not-exist.org:
hack.lu: MITMing a room full of security people. Read more

www.eweek.com:
Windows XP SP3: We Ought to Have More of These. Read more

blog.wired.com:
Why Hackers Love Dan Kaminsky and How the Browser is the Bug. Read more

www.iht.com:
Russian hackers: On the right side of soft laws. Read more

swatrant.blogspot.com:
www.pravingodkhindi.com hacked?! Read more

www.wired.com:
Exclusive: I Was a Hacker for the MPAA. Read more

hydrogen.oshean.org:
PaulDotCom Security Weekly - Special Edition - Interview with Sensepost - Part I. Listen

video.google.com:
Video: Cyber War. Watch

 

Vulnerabilities & Exploits
securitytracker.com:
RealPlayer Input Validation Flaw in 'ierpplug.dll' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Cisco IOS Extensible Authentication Protocol (EAP) Bug Lets Remote Users Deny Service. Read more

 

News
www.computerweekly.com:
Hacker uses public APIs to breach eBay. Read more

20 October 2007

Guides, Papers, etc
blogs.technet.com:
The Case of the Frozen Clock Gadget. Read more

www.f-secure.com:
555 8th Ave. Read more

www.f-secure.com:
Audio - Silver Bullet Security. Read more

www.avertlabs.com:
RealPlayer Zero Day Exploit Hits the Web. Read more

www.avertlabs.com:
RealPlayer ‘Zero Day FIX’ Hits the Web. Read more

sunbeltblog.blogspot.com:
Vive la France: AOL France does its layoffs in style. Read more

www.symantec.com:
More than I bargained for. Read more

www.websense.com:
Malicious Website / Malicious Code: Trojan Horse / DNS Redirection : Fake Samsung Email (Spanish). Read more

ddanchev.blogspot.com:
eCrime Researchers Summit 2007 - Papers Available. Read more

www.darkreading.com
Research Shows Image-Based Threat on the Rise. Read more

www.infoworld.com:
Vulnerabilities inside and out. Read more

aolradio.podcast.aol.com:
Security Now 114: Listener Feedback 26 - sponsored by Astaro Corp. Listen

 

Vulnerabilities & Exploits
service.real.com:
RealPlayer Security Vulnerability. Read more

securitytracker.com:
CA Host-Based Intrusion Prevention System Input Validation Hole Permits Script Injection Attacks. Read more

securitytracker.com:
Solaris Bug in Retrieving Kernel Statistics Lets Local Users Deny Service. Read more

securitytracker.com:
Mozilla Firefox May Disclose Files or Information to Remote Users. Read more

securitytracker.com:
Mozilla Firefox XPCNativeWraper Modification Via Script Object Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mozilla Firefox Memory Corruption Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mozilla Thunderbird Memory Corruption Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Windows Macromedia Security Driver Buffer Overflow Lets Local Users Gain Elevated Privileges. Read more

 

Tools:
www.terra.net.lb:
Special vest lets players feel video game blows. Read more

 

News
www.theregister.co.uk:
IE + RealPlayer = Security hole. Read more

blogs.zdnet.com:
IE users beware: RealPlayer zero-day flaw under attack. Read more

blogs.zdnet.com:
Mozilla plugs 10 more Firefox holes. Read more

www.theregister.co.uk:
'Fiendish' Trojan pickpockets eBay users. Read more

www.net-security.org:
New technology removes 40-bit Adobe PDF encryption in minutes. Read more

www.msnbc.msn.com:
Online poker cheating blamed on employee. Read more

www.news.com:
Windows gets a 'Mini-Me'. Read more

www.technewsworld.com:
Congressman Grills Yahoo on Chinese Dissident Case. Read more

edition.cnn.com:
Official: International hackers going after U.S. networks. Read more

www.darkreading.com:
Spammers Convicted in $2M Loan Fraud Scheme. Read more

19 October 2007

Guides, Papers, etc
www.gnucitizen.org:
Browser Rootkits. Read more

theinvisiblethings.blogspot.com:
Thoughts On Browser Rootkits. Read more

ddanchev.blogspot.com:
Everyone's Guide to By-Passing Internet Censorship. Read more

ddanchev.blogspot.com:
The Russian Business Network. Read more

toorcon.org:
Cafe Latte with a Free Topping of Cracked WEP: Retrieving WEP Keys From Road-Warriors. Read more

isc.sans.org:
Cyber Security Awareness Tip #19: Linux tips. Read more

isc.sans.org:
Cyber Security Awareness Tip #18: Mac Tips. Read more

www.cisrt.org:
krackin.exe, Storm Worm New Variant. Read more

blog.spywareguide.com:
DSData - There's A Storm Brewing. Read more

www.informationweek.com:
Simple Tactics Can Disrupt Internet Underground, Undermine Cybercriminals. Read more

sunbeltblog.blogspot.com:
Flame mail of the year. Read more

sunbeltblog.blogspot.com:
Some new fake codec sites for blocking. Read more

www.darkreading.com:
Research Shows Image-Based Threat on the Rise. Read more

www.darkreading.com:
Study: ID Fraud Varies With Victims' Income Level. Read more

www.darkreading.com:
Microsoft Developers' School of Hard Knocks. Read more

www.computerdefense.org:
Sulley Fuzzing Framework. Read more

www.computerworld.com.au:
Windows update glitch stumps Microsoft sleuths. Read more

www.computerworld.com.au:
The Storm that never ends. Read more

www.eweek.com:
Browsers and SSL Support. Read more

ha.ckers.org:
Web Application Scanning Depth Statistics. Read more

www.zdnet.com.au:
Web 2.woe: Simple security flaws going unfixed. Read more

www.wired.com:
Inside The Matrix for Mobiles. Read more

www.internetevolution.com:
iPhone's Firmware Fracas Bears Watching. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Windows Mobile SMS Handler Bug Lets Remote Users Obfuscate SMS Message Source Addresses. Read more

securitytracker.com:
[Vendor Plans to Fix] Microsoft Windows URI Handler Bug Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Opera Mac OS X Unspecified Bug in Adobe Flash Player Has Unspecified Impact. Read more

 

News
www.theregister.co.uk:
Bad hair day for alternative browser users. Read more

www.breitbart.com:
Chinese search engines "hijacked" : US analysts. Read more

www.itnews.com.au:
Is China messing with Google, Microsoft, and Yahoo? Read more

msmvps.com:
Castlecops attacker arrested. Read more

www.theregister.co.uk:
Cafe Latte attack steals credentials from Wi-Fi clients. Read more

www.securityfocus.com:
Teenager charged with dangerous 911 prank. Read more

www.theregister.co.uk:
Thai police nab manhunt suspect. Read more

www.vnunet.com:
SuSE patches 'highly critical' Java flaw. Read more

www.theregister.co.uk:
Pump-and-dump scammers debut MP3 spam. Read more

18 October 2007

Guides, Papers, etc
www.rsf.org:
CHINA. Journey to the heart of Internet censorship. Read more

www.cio.com:
Who's Stealing Your Passwords? Global Hackers Create a New Online Crime Economy. Read more

www.cio.com:
Hacker Economics 2: The Conspiracy of Apathy. Read more

www.cio.com:
Hacker Economics 3: MPACK and the Next Wave of Malware. Read more

www.wired.com:
Viruses, Trojans and Remote Snooping: Hackers Release Their Own iPhone SDK. Read more

www.f-secure.com:
The New Global Storming Network. Read more

ddanchev.blogspot.com:
Thousands of IM Screen Names in the Wild. Read more

www.securityfocus.com:
Rebinding attacks unbound. Read more

www.darkreading.com:
Small Business: Hackers' Low-Hanging Fruit. Read more

www.darkreading.com:
No Breach, No Foul. Read more

www.darkreading.com:
Encryption's Tough Rewards. Read more

www.darkreading.com:
Phishing's Future Scapegoats. Read more

www.darkreading.com:
'Secret' Workshop Explores Future of Malware. Read more

www.eweek.com:
Skype-MySpace Combo to Make Convenient, All-in-One Malware Target. Read more

www.eweek.com:
Browsers and SSL Support. Read more

www.internetevolution.com:
The Disillusionment of Network Security. Read more

blog.metasploit.com:
Cracking the iPhone (part 1). Read more

blog.metasploit.com:
Cracking the iPhone (part 2). Read more

blog.metasploit.com:
Cracking the iPhone (part 2.1). Read more

hydrogen.oshean.org:
Audio: PaulDotCom Security Weekly - ICE Games Coverage - SANS NS2007. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
Cisco Unified Contact Center Grants Access to Certain Users to Read Web View Report Information. Read more

securitytracker.com:
Cisco Unified Communications Manager SIP INVITE Processing Lets Remote Users Deny Service and TFTP Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Cisco ASA TLS and MGCP Processing Bugs Let Remote Users Deny Service. Read more

securitytracker.com:
Cisco PIX Firewall TLS and MGCP Processing Bugs Let Remote Users Deny Service. Read more

securitytracker.com:
Cisco Firewall Service Module HTTPS and MGCP Processing Bugs Let Remote Users Deny Service. Read more

securitytracker.com:
Asterisk-Addons Input Validation Flaw in cdr_addon_mysql Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Oracle Database and Other Products Have Unspecified Vulnerabilities With Unspecified Impact. Read more

securitytracker.com:
Adobe Acrobat URI Handling Bug Lets Remote Users Execute Arbitrary Code. Read more

 

News
blog.wired.com:
Metasploit Creator Distributes Exploits for iPhone. Read more

www.securityfocus.com:
Jobs: Security concerns delaying iPhone SDK. Read more

www.securityfocus.com:
More light shines on RBN. Read more

www.eweek.com:
Made in China: Dodging the Internet Censor. Read more

www.theregister.co.uk:
Skype Trojan steals login credentials. Read more

www.theregister.co.uk:
Teen accused of hacking emergency 911 system. Read more

www.theregister.co.uk:
US phishermen trawl UK waters. Read more

www.informationweek.com:
Two Men Get Five Years For Sending Pornographic Spam. Read more

17 October 2007

Guides, Papers, etc
www.f-secure.com:
Skype Stealer. Read more

isc.sans.org:
Cyber Security Awareness Day #17 - Windows XP & Vista Security. Read more

sunbeltblog.blogspot.com:
Some new fake codec sites for blocking. Read more

sunbeltblog.blogspot.com:
Heroin, RPGs and gay slaves: Strangest spam ever. Read more

swatrant.blogspot.com:
The netadv - fake toolbar from Zlob. Read more

ddanchev.blogspot.com:
MPack and IcePack Localized to Chinese. Read more

ddanchev.blogspot.com:
Fast Fluxing Yet Another Pharmacy Scam. Read more

ddanchev.blogspot.com:
DIY German Malware Dropper. Read more

www.cisrt.org:
Rpmsvc.exe, New MSN Worm Variant. Read more

blog.washingtonpost.com:
Taking on the Russian Business Network. Read more

blog.washingtonpost.com:
Mapping the Russian Business Network. Read more

blogs.securiteam.com:
New Netscape Navigator 9 ships security fixes and is multi-platform. Read more

blogs.securiteam.com:
XSS at Cnn.com - again. Read more

www.cmu.edu:
Carnegie Mellon's Adrian Perrig Leads Research Team Dedicated To Analyzing and Disrupting Internet Attackers' Black Markets. Read more

www.prnewswire.com:
Online Banking Fraud and Internet Security. Read more

www.symantec.com:
Rogue Access Points: Back doors into your Network. Read more

www.computerworld.com.sg:
Beware of hackers targeting storage systems. Read more

www.darkreading.com:
Wolves in IT Administrators' Clothing? Read more

www.darkreading.com:
TSA Laptops With Hazmat Driver Info Stolen. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
IBM WebSphere Unspecified Flaw in 'wsadmin' Has Unspecified Impact. Read more

securitytracker.com:
Sun StorEdge Array Bug in FTP Service Lets Remote Users Deny Service. Read more

securitytracker.com:
Solaris librpcsvc RPC Bug Lets Remote and Local Users Deny Service. Read more

securitytracker.com:
NETGEAR ProSafe SSL VPN Concentrator Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

 

News
www.theregister.co.uk:
Researcher releases unofficial IE fix for URI bug. Read more

www.infoworld.com:
Trojan imitates Skype, steals login credentials. Read more

www.theregister.co.uk:
Be customers still exposed by router snafu. Read more

www.net-security.org:
Spam reaches all-time high of 95% of all email. Read more

16 October 2007

Guides, Papers, etc
www.eweek.com:
In-House Honeypots. Read more

www.mcafee.com:
THE NEED FOR AN IN-HOUSE SMTP HONEYPOT. Read more

isc.sans.org:
Cyber Security Awareness Tip #16: Protecting Portable Media. Read more

sunbeltblog.blogspot.com:
Preview of the new book, Zero Day Threat. Read more

www.builderau.com.au:
Howard 'hacker' pleads innocence. Read more

ddanchev.blogspot.com:
The Global Security Challenge - 2007. Read more

www.sophos.com:
PayPal and eBay email phishing plummets, Sophos study reveals. Read more

www.hindu.com:
Hackers are always just one step behind. Read more

www.darkreading.com:
Grossman: White Hat, Blue Belt. Read more

www.aeroxp.org:
Automatic Updates feature forces machines across the globe to reboot. Read more

 

Vulnerabilities & Exploits
pulse.vulnerableminds.com:
0-day PDF exploit. Read more

 

News
www.theregister.co.uk:
The balkanization of Storm Worm botnets. Read more

blogs.zdnet.com:
Storm Worm botnet partitions for sale. Read more

government.zdnet.com:
Russian company is hub for all manner of cybercrime. Read more

news.zdnet.co.uk:
Nasa hacker granted Lords appeal. Read more

www.theregister.co.uk:
Security flap as Finnish password hashes posted online. Read more

www.theregister.co.uk:
Anti-fraud site turfed offline after Joe Job attack. Read more

www.theregister.co.uk:
International manhunt tracks pedophile suspect to Thailand. Read more

www.newscientist.com:
Microsoft mind reading. Read more

www.wired.com:
Russian Hosting Firm Denies Criminal Ties, Says It May Sue Blacklister. Read more

blogs.pcworld.com:
Porn Spammers Get Five Years. Read more

15 October 2007

Guides, Papers, etc
www.f-secure.com:
Passwords on the Loose. Read more

isc.sans.org:
Cyber Security Awareness Tip #15: Protecting Laptops. Read more

isc.sans.org:
Cyber Security Awareness Tip #14: Data Encryption. Read more

ddanchev.blogspot.com:
Managed Spamming Appliances - The Future of Spam. Read more

sunbeltblog.blogspot.com:
User friendly: Unbricking the iPhone. Read more

sunbeltblog.blogspot.com:
Must read: The Russian Business Network. Read more

www.cisrt.org:
Warezov.si Began Spreading via MSN. Read more

software.silicon.com:
'Security not just about user education'. Read more

www.computerweekly.com:
The best Microsoft security content online. Read more

software.silicon.com:
Windows users getting unwanted auto-updates? Read more

torrentfreak.com:
BitTorrent: Bypass any Firewall or Throttling ISP with SSH. Read more

 

Vulnerabilities & Exploits
blogs.securiteam.com:
PCM 0day (Divide by Zero). Read more

www.oracle.com:
Oracle Critical Patch Update Pre-Release Announcement - October 2007. Read more

 

News
www.betanews.com:
Confirmed: Adobe 'PDF Flaw' Actually XP Bug, Says Microsoft. Read more

security.blogs.techtarget.com:
Flaw finder joins Microsoft. Read more

13 October 2007

Guides, Papers, etc
www.f-secure.com:
Video - Next Level Money Mule Recruitment. Read more

isc.sans.org:
Cyber Security Awareness Tip #13: Patches and Updates. Read more

www.avertlabs.com:
Nod to more ARP mayhem ? Read more

www.cisrt.org:
Warezov.si Began Spreading via MSN. Read more

swatrant.blogspot.com:
SystemErrorFixer and fake system shutdown warning. Read more

swatrant.blogspot.com:
Spot The Not! Read more

asert.arbornetworks.com:
BlackEnergy DDoS Bot - Analysis Available. Read more

taosecurity.blogspot.com:
Air Force Cyberspace Report. Read more

catless.ncl.ac.uk:
Microsoft HealthVault and Porn. Read more

www.eweek.com:
Should We Be Legally Obligated to Fix Vulnerabilities? Read more

www.darkreading.com:
Obstacles Nick NAC, But Growth Continues. Read more

www.computerworld.com:
Microsoft explains Windows URI patch strategy. Read more

aolradio.podcast.aol.com:
Security Now 113: Roaming Authentication. Listen

 

Vulnerabilities & Exploits
www.openssl.org:
OpenSSL Vulnerabilities. Read more

securitytracker.com:
FLAC Integer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
HP Select Identity Lets Remote Users Gain Access. Read more

securitytracker.com:
OpenSSL DTLS Bug May Let Remote Users Execute Arbitrary Code. Read more

 

News
www.itnews.com.au:
Chinese internet censorship machine revealed. Read more

www.securityfocus.com:
Experts: Beware hoax citing spammer's death. Read more

www.terra.net.lb:
Scientists use brain waves to stroll through virtual world. Read more

12 October 2007

Guides, Papers, etc
www.f-secure.com:
Storm Gets Cute. Read more

isc.sans.org:
Cyber Security Awareness Tip #12: Managing and Understanding Logs on the Desktop or Laptop (AV, Firewall, or System Logs). Read more

isc.sans.org:
Cyber Security Awareness Tip #11: File System Backups. Read more

sunbeltblog.blogspot.com:
Hoax? Is Alexey Tolstokozhev, spammer, dead? Read more

sunbeltblog.blogspot.com:
New Scam: Web Spy Shield. Read more

ddanchev.blogspot.com:
A Journey to the Heart of Internet Censorship. Read more

ddanchev.blogspot.com:
Fast-Flux Spam and Scams Increasing. Read more

www.securityfocus.com:
Latest U.S. Strategy adds cybersecurity focus. Read more

www.darkreading.com:
Hackers Attack Apps While Still in Development. Read more

www.darkreading.com:
Another 'Cross' to Bear. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
HP Linux Imaging and Printing Project (hplip) Lets Remote Users Inject Arbitrary Commands. Read more

securitytracker.com:
CA BrightStor ARCserve Backup Buffer Overflows and Memory Corruption Errors Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Asterisk IMAP Voicemail Buffer Overflows Let Remote and Local Users Execute Arbitrary Code. Read more

securitytracker.com:
Solaris Auditing au_getsonode() Bug Lets Local Users Deny Service. Read more

securitytracker.com:
Firebird Buffer Overflow in process_packet() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
IBM DB2 Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Kaspersky Online Scanner Format String Flaw in ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
EMC RepliStor Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Cisco IOS LPD Protocol Stack Overflow May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Cisco Wireless Control System Conversion Utility Sets Default Administrative Accounts and Passwords. Read more

video.google.com:
Video: Schneier at Defcon 15. Watch

 

Tools:
www.brownbaron.com:
150 Free Security And Network Monitoring Tools. Read more

 

News
www.theregister.co.uk:
Exploit Wednesday follows Patch Tuesday Word update. Read more

www.theregister.co.uk:
US regional bank hacked. Read more

www.informationweek.com:
Fake Microsoft AntiSpyware Site Aims For Credit Card Numbers. Read more

www.theregister.co.uk:
Crudware pusher to pay $25,000 to settle charges. Read more

www.darkreading.com:
Former IT Admin Convicted of Sabotage. Read more

blog.oregonlive.com:
Virus cripples computers at two Lake Oswego schools. Read more

www.computerweekly.com:
Web users underestimate malware threat, survey says. Read more

www.theregister.co.uk:
Suicide website creator arrested for murder. Read more

www.theregister.co.uk:
Windows update brings down TV newscast. Read more

www.theregister.co.uk:
Russian spammer murder hoax exposed. Read more

11 October 2007

Guides, Papers, etc
news.softpedia.com:
Vulnerabilities, Patches and Exploits – a Natural Security Evolution. Read more

www.securityfocus.com:
Of hackers and ego. Read more

isc.sans.org:
How to authenticate customers on the phone? Read more

isc.sans.org:
Adobe mailto vulnerability. Read more

www.avertlabs.com:
Spread the word, not the virus! Read more

ddanchev.blogspot.com:
Compromised Sites Serving Malware and Spam. Read more

ddanchev.blogspot.com:
Incentives Model for Pharmaceutical Scams. Read more

www.eweek.com:
Where the Phish Are. Read more

www.darkreading.com:
Experts: Security Flaws Vary on Social Networking Sites. Read more

www.darkreading.com:
How to Turn Your Browser Into a Weapon. Read more

www.iambetterthanu.com:
Create an Invisible Folder. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Solaris Virtual File System Bug Lets Local Users Consume Kernel Memory. Read more

securitytracker.com:
Solaris Trusted Extensions Label Daemon Lets Local Users Deny of Service. Read more

securitytracker.com:
OpenBSD dhcpcd Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.theregister.co.uk:
Security researchers plot revamped anti-virus tests. Read more

www.computerworld.com:
Microsoft changes tune, may patch IE7 bug. Read more

www.technewsworld.com:
MS Squashes Outlook, SharePoint Bugs in Patch Tuesday Fixfest. Read more

www.pcpro.co.uk:
Adobe software vulnerable to hacks. Read more

news.digitaltrends.com:
Viruses Blast 1 Million Chinese Computers. Read more

community.zdnet.co.uk:
Vista receives more security updates. Read more

blog.wired.com:
Student Journalist Punished by University After Reporting On Its Data Spill. Read more

10 October 2007

Guides, Papers, etc
www.f-secure.com:
Patch Tuesday Again, Folks... Read more

www.f-secure.com:
Police Academy in India Hosting a Phishing Site. Read more

www.avertlabs.com:
W32/Virut: Evolution gone wrong. Read more

isc.sans.org:
Vishing, Skype, and VoIP-Based Fraud. Read more

isc.sans.org:
Cyber Security Awareness Tip #8: Anti-Virus, Anti-Spyware, and Other Protective Software. Read more

ddanchev.blogspot.com:
Incentives Model for Pharmaceutical Scams. Read more

news.softpedia.com:
Understanding the Virus: Storm. Read more

www.esecurityplanet.com:
Storm Worm Rewrote the Botnet and Spam Game. Read more

www.beskerming.com:
A Lesson on why Reporting Security Problems can be Dangerous. Read more

www.blackhat.com:
Black Hat Japan 2007. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Adobe Illustrator Input Validation Flaws in Processing BMP, DIB, RLE, or PNG Files Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Adobe PageMaker Buffer Overflow in 'MAIPM6.dll' Lets Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Word Bug in Processing Office Files Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft SharePoint Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Microsoft Internet Explorer Bugs Let Remote Users Spoof the Address Bar and Execute Arbitrary Code. Read more

securitytracker.com:
Windows RPC NTLMSSP Authentication Flaw Lets Remote Users Deny Service. Read more

securitytracker.com:
Microsoft Outlook Express Bug in Processing NNTP Responses Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Windows Mail Bug in Parsing NNTP Responses Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Kodak Image Viewer Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
MailBee WebMail Pro Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Util-linux mount/umount Privilege Bug Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Solaris vuidmice STREAMS Modules Bug Lets Local Users Deny Service. Read more

securitytracker.com:
Opal Library Input Validation Flaw in Processing SIP Header Content-Length Values Lets Remote Users Deny Service. Read more

securitytracker.com:
HP System Management Homepage Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

 

Tools:
vmcreator.com:
Virtual Machine Creator. Read more

 

News
www.theregister.co.uk:
Word vuln stars in Patch Tuesday litter. Read more

www.securityfocus.com:
Retailers look to exorcise credit-card data. Read more

www.theregister.co.uk:
Indian police academy hosts phishing site. Read more

www.computerworld.com:
Windows XP SP3 to include some Vista features. Read more

09 October 2007

Guides, Papers, etc
isc.sans.org:
Cyber Security Awareness Tip #9: Access Controls, Including Wireless, Modems, VPNs, and Physical Access. Read more

isc.sans.org:
Cyber Security Awareness Tip #8: Anti-Virus, Anti-Spyware, and Other Protective Software. Read more

isc.sans.org:
Follow the Bouncing Malware: Columbus Day. Read more

isc.sans.org:
Dirty O.W.! Read more

ddanchev.blogspot.com:
Assessing a Rock Phish Campaign. Read more

www.australianit.news.com.au:
Hunters kill off zombie threat. Read more

www.marshal.com:
General Spam Trends. Read more

www.eweek.com:
The Retail Credit Card Addiction. Read more

www.pcadvisor.co.uk:
Get a degree and become a master hacker. Read more

 

Vulnerabilities & Exploits
www.theregister.co.uk:
BT home router wide open to hijackers. Read more

 

Tools:
www.javacoolsoftware.com:
PDF MailTo Vulnerability Fix Tool. Read more

 

News
www.securityfocus.com:
Apple sued for iPhone's anti-hack update. Read more

computerworld.co.nz:
Hacker breaks into eBay server, locks users out. Read more

www.news.com:
Hundreds respond to Interpol appeal to identify pedophile. Read more

www.dnaindia.com:
Chinese hit 3-4 times a day. Read more

www.theregister.co.uk:
Online casinos hit by bot armies. Read more

www.vnunet.com:
Windows XP SP3 leaks onto the web. Read more

techdirt.com:
France Making It Super Easy To Report Spammers. Read more

www.theage.com.au:
Cyber crooks target mahogany row. Read more

08 October 2007

Guides, Papers, etc
isc.sans.org:
Cyber Security Awareness Tip #7: Host-Based Firewalls and Filtering. Read more

isc.sans.org:
Cyber Security Awareness Tip #6: Developing policies and Distribution. Read more

swatrant.blogspot.com:
Rogue application pretends as Microsoft Antispyware. Read more

www.darkreading.com:
An Extra Layer of Phishing Protection. Read more

itmanagement.earthweb.com:
Mozilla Thunderbird vs. Microsoft Outlook. Read more

www.f-secure.com:
How gullible can you get? Read more

sunbeltblog.blogspot.com:
Old school: CounterSpy Radio Show. Read more

sunbeltblog.blogspot.com:
Well, this is interesting. Read more

 

Vulnerabilities & Exploits
www.adobe.com:
Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat. Read more

securitytracker.com:
NetSupport Manager Client Buffer Overflow Lets Remote Users Deny Service. Read more

 

News
hosted.ap.org:
Turkish Hackers Target Swedish Web Sites. Read more

in.reuters.com:
Chinese computers get hit by holiday viruses. Read more

www.vnunet.com:
Hackers step up attacks on US utilities. Read more

www.interpol.int:
INTERPOL seeks public’s help to identify man photographed sexually abusing children. Read more

06 October 2007

Guides, Papers, etc
blogs.technet.com:
The Case of the Failed File Copy. Read more

www.f-secure.com:
"Hentai" trojan spammed. Read more

www.symantec.com:
Something smells fishy. Read more

www.avertlabs.com:
At least we don’t have caterpillars! Read more

www.avertlabs.com:
ARP Spoofing: Is Your Web Hosting Service Protected ? Read more

www.sophos.com:
Blonde with pigtails infects the curious with a virus. Read more

www.sophos.com:
YouTube's "invite-a-friend" feature exploited to send spam. Read more

www.cisrt.org:
Hent.zip spams spreading. Read more

www.darkreading.com:
Playing With Malware. Read more

blogs.securiteam.com:
Left your Citrix .ICA files to public server and let the hacker in. Read more

www.theregister.co.uk:
Portrait of an (alleged) cyber bully as a young man. Read more

www.gnucitizen.org:
CITRIX: Owning the Legitimate Backdoor. Read more

isc.sans.org:
Cyber Security Awareness Tip #6: Developing policies and Distribution. Read more

www.enterpriseitplanet.com:
Storm Worm Rewrote the Botnet and Spam Game. Read more

www.enterpriseitplanet.com:
Rise of the Weaponized Rootkit. Read more

www.microsoft-watch.com:
Why Did Microsoft Set IE 7 Free? Read more

www.news.com:
Why the RIAA should have won (though the fine was too high). Read more

reviews.cnet.com:
Hacking Big Brother. Read more

www.procheckup.com:
Owning Big Brother. (Or how to crack into Axis IP cameras). Read more

www.computerworld.com:
Bad things lurking on government sites. Read more

www.cl.cam.ac.uk:
Examining the Impact of Website Take-down on Phishing. Read more

erratasec.blogspot.com:
The Cost of Security. Read more

blogs.msdn.com:
Bluehat Audio Available. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Firebird Attach, Create, and Service Attach Request Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Borland InterBase Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more

 

News
www.securityfocus.com:
File sharer fined $222k in music industry win. Read more

www.theregister.co.uk:
Spammers target hamsters after Ig Nobel winning research. Read more

www.theregister.co.uk:
Spammers turn YouTube into spam relay channel. Read more

www.computerworld.com.au:
Microsoft plays 'Detective' to determine phishing frequency. Read more

www.vnunet.com:
Hacker spam poses as old school friend. Read more

www.theregister.co.uk:
MS drops nagware validation for IE7 installs. Read more

www.theregister.co.uk:
Facebook faces more legal trouble. Read more

www.cfnews13.com:
Designated Drivers, CyberCrime Laws Effective Monday. Read more

www.technewsworld.com:
Feds Shut Down State of Calif. Internet on Whiff of Smut. Read more

05 October 2007

Guides, Papers, etc
isc.sans.org:
Cyber Security Awareness tips #5 - Social Engineering and Dumpster Diving Awareness. Read more

sunbeltblog.blogspot.com:
Bank of Ghana, others, compromised. Read more

sunbeltblog.blogspot.com:
Brookhaven National Labs hacked, serving porn. Read more

sunbeltblog.blogspot.com:
Marin County safe, but still not clean...and we found another hackedca.gov website. Read more

sunbeltblog.blogspot.com:
More on the California government shutdown. Read more

www.indystar.com:
Crime wave: Hijackers swipe Internet domains. Read more

www.darkreading.com:
Phishing in Fast Flux. Read more

www.betanews.com:
Internet Explorer 7 Now Available to Pirates. Read more

aolradio.podcast.aol.com:
Security Now 112: Listener Feedback 25. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
Java Runtime Environment (JRE) Bugs Let Remote Users Bypass Network Access Restrictions. Read more

securitytracker.com:
Java Web Start Bugs Let Remote Users Read/Write Files on the Target User's System. Read more

securitytracker.com:
Java Runtime Environment (JRE) Lets Remote Applets Obscure the Untrusted Applet Warning Banner Display. Read more

securitytracker.com:
Java Runtime Environment Applet Caching Bug May Let Remote Users Bypass Network Access Controls. Read more

 

News
www.theregister.co.uk:
Sun patches multiple flaws in Java. Read more

www.theregister.co.uk:
Apple patches Windows QuickTime bug. Read more

www.vnunet.com:
Seven Microsoft security bulletins on the way. Read more

arstechnica.com:
China's Great Firewall turns its attention to RSS feeds. Read more

www.technewsworld.com:
Web Heavies Form Blockade Against Phishers. Read more

www.eweek.com:
Spam-Scam Crackdown Nets $2B in Fake Checks. Read more

www.theregister.co.uk:
And now for something completely different: Good news on spam. Read more

www.vnunet.com:
Brits 'too lazy' to prevent ID theft. Read more

www.msnbc.msn.com:
Miss America launches own browser. Read more

04 October 2007

Guides, Papers, etc
isc.sans.org:
Cyber Security Awareness Tip #4: Enabling the Road Warrior. Read more

isc.sans.org:
Solaris Kernel memory leak in named pipes. Read more

isc.sans.org:
DHS 'Spam' List. Read more

isc.sans.org:
Cyber Security Awareness Tip #3: Getting the Boss Involved. Read more

sunbeltblog.blogspot.com:
Sunbelt's Greg Kras featured as a "guru" in Redmon... Read more

sunbeltblog.blogspot.com:
California cleans up hacked websites. Read more

ddanchev.blogspot.com:
DIY CAPTCHA Breaking Service. Read more

ddanchev.blogspot.com:
CISRT Serving Malware. Read more

www.schneier.com:
The Storm Worm. Read more

www.darkreading.com:
Insider Attacks Put IT Security on the Offensive. Read more

www.darkreading.com:
How to Trace a DDOS Attack. Read more

www.smh.com.au:
Cyber crooks target mahogany row. Read more

www.infoworld.com:
Malware boom puts pressure on second-tier AV labs. Read more

blogs.zdnet.com:
Accounted for: The five mystery Vista updates to be added to SP1. Read more

dvlabs.tippingpoint.com:
Phishy Business. Read more

www.eweek.com:
The Mainstreaming of Mobile Phone Hacking. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Solaris Named Pipes Bug Discloses Kernel Memory to Local Users. Read more

securitytracker.com:
ELinks May Disclose POST Request Data in Clear Text to Remote Users. Read more

securitytracker.com:
X Font Server Overflows in QueryXBitmaps and QueryXExtents Requests Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Xen NE2000 Driver Heap Overflow May Let Local Users Gain Elevated Privileges. Read more

 

News
www.securityfocus.com:
California man arrested for DDoS attacks. Read more

www.theregister.co.uk:
Alleged CastleCops DDoS botmaster busted. Read more

www.computerworld.com.sg:
StopBadware: Trusted Web sites are being hacked and don't even know it. Read more

news.zdnet.co.uk:
Online scam crackdown nets worldwide arrests. Read more

www.ftc.gov:
FTC Permanently Halts Media Motor Spyware Scam. Read more

www.technewsworld.com:
Exploiting the Dalai Lama to Spread Malware. Read more

www.securecomputing.net.au:
Warning on web 'super worm'. Read more

www.pcpro.co.uk:
Apple patches QuickTime security flaw. Read more

www.news.com:
Police Blotter: Fired worker blames porn on malware. Read more

www.computerworld.com:
eBay: Phishers getting better organized, attacking Linux. Read more

www.theregister.co.uk:
Hackers hit back at iPhone update. Read more

www.zdnet.com.au:
Chinese security team becomes malware victim. Read more

news.softpedia.com:
Some of the World’s Finest Hackers - Attacked - It happened in China. Read more

news.zdnet.co.uk:
RIP Act gives police power to decrypt data. Read more

www.vnunet.com:
Online banking fraud plummets. Read more

www.news.com:
Yahoo Mail to block fake eBay and PayPal e-mail. Read more

03 October 2007

Guides, Papers, etc
online.wsj.com:
Its Creators Call Internet Outdated, Offer Remedies. Read more

www.f-secure.com:
Leaky Spy Tools? Read more

blogs.securiteam.com:
Hey, don’t touch to my Gmail filters with XSRF. Read more

isc.sans.org:
Cyber Security Awareness Tip #2: Multimedia Tools, Online Training, and Useful Websites. Read more

www.avertlabs.com:
User Education. Read more

sunbeltblog.blogspot.com:
Increasing use of personalized spam. Read more

sunbeltblog.blogspot.com:
The Wildlist is dead, long live the Wildlist. Read more

ddanchev.blogspot.com:
The Dynamics of the Malware Industry - Proprietary Malware Tools. Read more

www.darkreading.com:
Web Hack Exposes Personal Data of 14,000 At Nature Conservancy. Read more

www.darkreading.com:
CERT Advances Secure Coding Standards. Read more

www.eweek.com:
Sign Me Up for Whitelisting. Read more

www.eweek.com:
iPhone Security Hellhole? Read more

www.gtisc.gatech.edu:
Emerging Cyber Threats Report for 2008. Read more

www.cs.cmu.edu:
Compatibility is Not Transparency: VMM Detection Myths and Realities. Read more

www.usdoj.gov:
INDICTMENT AND ARREST FOR COMPUTER HACKING. Read more

 

Vulnerabilities & Exploits
www.theregister.co.uk:
Eircom wireless security flaw revealed. Read more

securitytracker.com:
Google Mini Search Appliance Input Validation Hole in 'ie' Parameter Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
CyberLink PowerDVD Lets Remote Users Deny Service By Overwriting Files. Read more

securitytracker.com:
Check Point FireWall-1 Buffer Overflows Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Sun Fire Server Embedded Lights Out Manager Software Lets Remote Users Send SPAM via the System. Read more

securitytracker.com:
OpenSSL Off-by-one Overflow in SL_get_shared_ciphers() Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.theregister.co.uk:
Chinese internet security response team under attack. Read more

www.technewsworld.com:
Hackers Scheming to Spread Viruses via Online Videos. Read more

www.theregister.co.uk:
UK police can now force you to reveal decryption keys. Read more

www.vnunet.com:
Cyber-criminals unleash botnet swarms. Read more

www.theregister.co.uk:
Brute force attack yields keys to Google's kingdom. Read more

news.softpedia.com:
Google Distributing Viruses and Malware Through Search Engine. Read more

www.latimes.com:
State Internet services shut down over hacker intrusion. Read more

02 October 2007

Guides, Papers, etc
www.castlecops.com:
Botmasters Take Heed – You Are Being Put On Notice. Read more

www.eweek.com:
You Wouldn't Actually Turn Off Your Firewall, Would You? Read more

ddanchev.blogspot.com:
Love is a Psychedelic Too. Read more

sunbeltblog.blogspot.com:
Sunbelt Weekly TechTips #62. Read more

www.cisrt.org:
ARP attack to CISRT.org. Read more

sunbeltblog.blogspot.com:
Breaking: Media Motor halted by FTC. Read more

www.gnucitizen.org:
Google GMail E-mail Hijack Technique. Read more

mcpmag.com:
The World Needs More Fuzzers. Read more

software.silicon.com:
Photos: Inside the malware hunters' den. Read more

www.darkreading.com:
Identity Thieves Busted in Major Cases. Read more

www.darkreading.com:
New IM Attacks, Bugs Signal Stealthier Exploits. Read more

www.darkreading.com:
Happy Cyber Security Awareness Month. Read more

www.pcworld.com:
Survey: Consumers Only Think They're Cyber Safe. Read more

www.stanford.edu:
Compatibility is Not Transparency: VMM Detection Myths and Realities. Read more

 

Tools:
3sp.com:
SSL-Explorer for Windows 1.0.0 RC2 beta. Read more

 

News
www.vnunet.com:
Angelina Jolie 'nudes' fuel malware spike. Read more

www.timesonline.co.uk:
Bloggers who risked all to reveal the junta’s brutal crackdown in Burma. Read more

www.securityfocus.com:
Cenzic, HP settle patent lawsuits. Read more

www.wired.com:
Sneaky White Hats Pull Surveillance Cam Switcheroo. Read more

www.pcadvisor.co.uk:
Hackers reverse Apple's effort to cripple iPhone. Read more

www.esecurityplanet.com:
Thanks, Russia: Antivirus Software Market Remains Healthy. Read more

www.theregister.co.uk:
NSA writes more potent malware than hacker. Read more

www.nextenergynews.com:
Scientists Invent 30 Year Continuous Power Laptop Battery. Read more

01 October 2007

Guides, Papers, etc
isc.sans.org:
Anti Virus industry and VBScript/JavaScript detection. Read more

isc.sans.org:
Cyber Security Awareness Tip #1: Penetrating the This Does Not Apply To Me Attitude. Read more

isc.sans.org:
Packet Call. Read more

ddanchev.blogspot.com:
Don't Play Poker on an Infected Table. Read more

ddanchev.blogspot.com:
Zero Day Vulnerabilities Market Model Gone Wrong. Read more

blogs.csoonline.com:
The 80/20 of Managing Software Risk. Read more

computerworld.co.n:
Phishers must be dealt with or users will go off-line. Read more

www.thespanner.co.uk:
Javascript for hackers. Read more

www.computerworld.com:
Can you spot a phish? Play Carnegie Mellon's game and see. Read more

www.uninformed.org:
A Catalog of Windows Local Kernel-mode Backdoor Techniques. Read more

 

Tools:
ha.ckers.org:
hashmaster v0.2! Read more

www.howtoforge.com:
How To Set Up VMware Tools On Various Linux Distributions. Read more

 

News
www.iht.com:
West is taking fight against terrorism online. Read more

www.cbmagazine.co.uk:
Hackers Target Back Door into Company Networks. Read more

www.terra.net.lb:
China arrests cyber-dissident. Read more

www.news.com:
London Internet whiz was vital militant link: FBI. Read more

techdirt.com:
Early Internet Bank Shut Down By The Feds Over Mortgage Defaults. Read more

www.smh.com.au:
Facebook warned on safety claims. Read more

www.redorbit.com:
Thai-Based Burmese Exile Website Attacked By Computer Virus. Read more


Copyright© MegaSecurity.org