Home    News Archive    Translate Traducen
News November 2006
30 November 2006

Guides, Papers, etc
isc.sans.org:
New and Improved Honeynet Tools availability. Read more

www.cylab.cmu.edu:
Phinding Phish: An Evaluation of Anti-Phishing Toolbars. Read more

www.sans.org:
Mac OS X 10.4 Security Checklist. Read more

www.avertlabs.com:
On defensive technologies turning offensive and vice-versa..Read more

www.newscientisttech.com:
Hard-working chips may reveal encryption keys. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Horde Kronolith 'lib/FBView.php' Local Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
NetWare Client Print Provider Buffer Overflows in EnumPrinters() and OpenPrinter() Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mac OS X shared_region_make_private_np() Memory Error Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Apple Mac OS X ppp Buffer Overflow Lets Remote Users on the Local Network Execute Arbitrary Code. Read more

securitytracker.com:
Mac OS X Components Let Local Users Gain Elevated Privileges and Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mac OS X ftpd Discloses Valid User Account Names to Remote Users. Read more

securitytracker.com:
Apple CFNetwork Lets Remote Users Inject FTP Commands. Read more

securitytracker.com:
Mac OS X Apple Type Services Lets Local Users Gain System Privileges and Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mac OS X Security Framework May Use Weaker or No Encryption, Fail to Check CRLs, and Let Remote Users Deny Service. Read more

securitytracker.com:
Adobe Acrobat Buffer Overflow in 'AcroPDF.dll' ActiveX May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Symantec NetBackup PureDisk PHP Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more

www.securitycadets.com:
Guess who goofed up their new fake BrainCodec-homesite. Read more

 

News
software.silicon.com:
Alert over Spybot worm. Read more

www.itweek.co.uk:
Security experts warn of Vista-specific malware. Read more

www.computerworld.com:
Patient data exposed in two separate security breaches. Read more

www.it-observer.com:
2007 to bring video viruses and mobile attacks. Read more

www.internetnews.com:
Microsoft Revises Controversial WGA. Read more

arstechnica.com:
Cheap PCs could herald a spam epidemic. Read more

. 29 November 2006

Guides, Papers, etc
isc.sans.org:
Phishing by proxy (NEW). Read more

www.avertlabs.com:
BuddyProfile used to spread exploits. Read more

www.darkreading.com:
Where the Bugs Are. Read more

www.linklogger.com:
Outlook Filters are your Friend. Read more

www.dailycupoftech.com:
Recovering Your Lost Passwords. Read more

www.securityabsurdity.com:
Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security. Read more

 

Vulnerabilities & Exploits
www.frsirt.com:
Adobe Reader and Acrobat ActiveX Control Remote Code Execution Vulnerabilities. Read more

isc.sans.org:
New Vulnerability Announcement and patches from Apple (NEW). Read more

securitytracker.com:
NetBSD Kernel Bugs Let Local Users Consume Sockets or Cause a Kernel Panic. Read more

securitytracker.com:
NetBSD ptrace() and if_clone_list() Bugs Disclose Kernel Memory to Local Users. Read more

securitytracker.com:
GnuPG Interactive Mode Buffer Overflow in make_printable_string() May Let Users Execute Arbitrary Code. Read more

 

Tools:
www.networkworld.com:
Need a valid e-mail address to register but don't want the spam? Try this Seam-based Web app. Read more

ophcrack.sourceforge.net:
Ophcrack is a Windows password cracker based on rainbow tables. Read more

didierstevens.wordpress.com:
USBVirusScan. Read more

 

News
www.securityfocus.com:
Bot spreads through antivirus, Windows flaws. Read more

asert.arbornetworks.com:
That New Bot: IRC Bot attacking Symantec Overflow. Read more

news.zdnet.com:
Microsoft set to push out updated antipiracy tool. Read more

news.zdnet.co.uk:
Criminal gangs causing UK spam surge. Read more

www.securityfocus.com:
Obsessed fan hacks Linkin Park singer. Read more

www.securityfocus.com:
A Hard Lesson in Privacy. Read more

www.theregister.co.uk:
Fake boarding pass brouhaha settled amicably. Read more

www.stuff.co.nz:
Broadband PCs attacked over 100 times a day. Read more

www.techworld.com:
New version of Skype now harder to detect. Read more

resources.zdnet.co.uk:
Don't fall prey to these methods of VoIP abuse. Read more

www.theregister.co.uk:
Web browsing behind closed doors. Read more

www.pcw.co.uk:
Most surfers still ignoring IT security. Read more

news.com.com:
Apple Mac OS X patch plugs 31 vulnerabilities. Read more

www.darkreading.com:
Spam Victims Get the Picture. Read more

news.com.com:
Google flaw adds phishing hole to Web sites. Read more

arstechnica.com:
New Opera makes music on cell phones. Read more

. 28 November 2006

Guides, Papers, etc
blogs.technet.com:
The Case of the Delayed Windows Vista File Open Dialogs. Read more

sunbeltblog.blogspot.com:
Silver, Gold... but you're not getting platinum, scumbags. Read more

indystar.gns.gannett.com:
Securing your PC takes work. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
JBoss Application Server Error in DeploymentFileRepository Class Lets Remote Users Read and Write Files. Read more

securitytracker.com:
Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
MailEnable Grants Administrative Access to .NET WebAdmin Service to Remote Users. Read more

securitytracker.com:
GNotebook Discloses Passwords to Local Users. Read more

securitytracker.com:
GNU RADIUS 'sqllog' Format String Flaw Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
WinGate DNS Request Processing Bug Lets Remote Users Deny Service. Read more

 

News
www.theregister.co.uk:
Brussels declares war on spyware and spam. Read more

www.securityfocus.com:
Vista protects MS Office from attack. Read more

www.securityfocus.com:
Report: Mining of bank data broke European law. Read more

www.crn.com:
Chip Can Stop PC Viruses, But Cost A Hurdle. Read more

www.itpro.co.uk:
University of Toronto launches web censorship workaround tool. Read more

news.com.com:
For iTunes hacker, the freedom of the open code. Read more

news.zdnet.co.uk:
Google flaw provides phishing hook. Read more

news.sympatico.msn.ctv.ca:
Up to 80 per cent of emails are spam: EU study. Read more

www.technewsworld.com:
Spam Volumes Continue to Soar. Read more

www.economist.com:
Think before you sync. Read more

www.thestar.com:
Project aims to block child porn sites. Read more

. 27 November 2006

Guides, Papers, etc
blogs.securiteam.com:
Defeating Image-Based Virtual Keyboards and Phishing Banks. Read more

www.f-secure.com:
Zero day Warezov. Read more

www.viruslist.com:
Saturday morning specials. Read more

isc.sans.org:
Mailbag and DShield items generate a post VNC exploitation fun question (NEW). Read more

neosmart.net:
Firefox 2.0 Recap. Read more

sfgate.com:
How sensor-ship could help security. Read more

www.networkworld.com:
Face-off: Mobile VPN is a better choice than an SSL VPN - Network Worl. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
mmgallery Input Validation Hole in 'thumbs.php' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
PHP-Nuke Input Validation Flaw in News Module in 'sid' Parameter Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Fixit iDMS Pro Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
JiRo's Link Manager Missing Input Validation Permits SQL Injection and Cross-Site Scripting Attacks. Read more

 

News
www.nytimes.com:
Web Tool Said to Offer Way Past the Government Censor. Read more

www.digitimes.com:
China market: 3Q shipments of anti-virus software valued at 285 million yuan. Read more

msmobiles.com:
Followup: security company uses fabricated research to sell security software. Read more

www.itrportal.com:
Weekly report on viruses and intruders. Read more

fraudwar.blogspot.com:
How to Protect Yourself from the Cyber Criminals on Cyber Monday. Read more

www.techworld.com:
Devastating mobile attack under spotlight. Read more

opinion.zdnet.co.uk:
Vista will force need for network forensics. Read more

www.washingtonpost.com:
Feds: Linkin Park Fan Hacks Phone Data. Read more

www.hamiltonspectator.com:
Battle against child cyberporn. Read more

www.newindpress.com:
Cyber crime against women on a rise. Read more

www.youtube.com:
Hidden Music Track In Windows XP. Watch

. 25 November 2006

Guides, Papers, etc
isc.sans.org:
Interesting Potential Attack Vector (NEW). Read more

taosecurity.blogspot.com:
Digital Security Lessons from Ice Hockey. Read more

www.podtrac.com:
Audio: Windows Weekly 6: ReadyBoost, RibbonX, and PowerShell, Oh My! Listen

 

Vulnerabilities & Exploits
securitytracker.com:
Crystal Reports Report File Stack Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
a ConMan Include File Bug in 'common.inc.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
EC-CUBE Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
MailEnable Buffer Overflow in IMAP Service May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Netgear WG311v1 Wireless Adapter SSID Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.securityfocus.com:
IAdware Trojan aims for Macs. Read more

shns.abc15.com:
Computer firm lures hackers in to snare them. Read more

www.cdrinfo.com:
Chip to Block Computer Viruses. Read more

www.redding.com:
Paying for separate anti-virus software is not always sensible. Read more

www.vnunet.com:
Phishing site offers 'job' at children's charity. Read more

theseoultimes.com:
Internet Fraud, Greedy Easy Targets? Read more

www.thisisyork.co.uk:
Children’s database ‘secure’ from hackers. Read more

news.zdnet.co.uk:
Google: mobile operators want to block our apps. Read more

arstechnica.com:
Microsoft: virtualization not mature enough for home Vista users. Read more

staysafeonline.org:
83 Percent of Adults Who Social Network Expose Themselves To Hackers and Identity Thieves. Read more

www.computerworld.com:
Antivirus software now a subscription situation. Read more

technology.guardian.co.uk:
The price of humans who'll spam blogs is falling to zero. Read more

today.reuters.com:
Microsoft brings 129 lawsuits against phishers. Read more

www.terra.net.lb:
Italian prosecutors investigate Google over bully video. Read more

www.smh.com.au:
Stranger danger program launched. Read more

. 24 November 2006

Guides, Papers, etc
blogs.securiteam.com:
Anonymizing RFI Attacks Through Google. Read more

www.f-secure.com:
iAdware. Read more

www.virtualforge.de:
Web Application Vulnerability Scanners - a Benchmark. Read more

engtech.wordpress.com:
The Great Firewall of Canada. Read more

www.vitalsecurity.org:
Beware of DoiiarRevenue.com: Mimicking an Adware vendor for fun and profit. Read more

passivemode.net:
Fiber-Optic Network Security. Read more

www.betanews.com:
Seagate: The Hard Drive, Reconsidered. Read more

digitaldebateblogs.typepad.com:
Bruce Schneier, BT Counterpane. Read more

stufffromkevin.blogspot.com:
Hacking Internet Cameras. Watch

www.howtoforge.com:
Wardriving Using An Ubuntu Notebook With Garmin Etrex, Kismet, And GPSDrive. Read more

 

Vulnerabilities & Exploits
vuln.sg:
About Acer Notebook LunchApp.APlunch ActiveX Control....Read more

securitytracker.com:
Net-SNMP Lets Remote Users Deny Service. Readn more

securitytracker.com:
SSO Plus Insecure Default Permissions Let Local Users Obtain Elevated Privileges. Read more

www.infoworld.com:
Update your wireless driver. Read more

 

News
www.securityfocus.com:
Copyright Office publishes digital exemptions. Read more

www.vnunet.com:
'Evil twin' Wi-Fi hacks target the rich. Read more

www.strategypage.com:
The Russian Cyber War Army Attacks. Read more

www.2-spyware.com:
Firefox vulnerability can be used to steal confidential information. Read more

. 23 November 2006

Guides, Papers, etc
www.symantec.com:
Assessment of Windows Vista Kernel-Mode Security. Read more

www.winsupersite.com:
Hacking Windows Vista. Read more

www.f-secure.com:
Warezov List. Read more

www.eweek.com:
Be Thankful: You Can Be Safe. Read more

isc.sans.org:
If IE Suddenly Says "Se Habla Espanol" ... (NEW). Read more

www.site-reference.com:
Malicious Code Injection: It's Not Just for SQL Anymore. Read more

www.niallkennedy.com:
The Spam Farms of the Social Web. Read more

www.sixwise.com:
11 Tips for Preventing Credit Card Fraud This Season. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Mozilla Firefox Password Manager Can Disclose Passwords and Other Form Values to Remote Websites. Read more

securitytracker.com:
VMware VirtualCenter Client Does Not Validate Server Certificates. Read more

securitytracker.com:
osCommerce Input Validation Holes in Admin Scripts Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
BrightStor ARCserve Tape Engine Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

 

News
news.com.com:
Notebook theft leaks London police payroll data. Read more

www.securityfocus.com:
Viruses go virtual. Read more

www.securityfocus.com:
Researcher announces Oracle bug week. Read more

www.theregister.co.uk:
Computer Misuse Act could ban security tools. Read more

www.itwire.com.au:
Firefox flaw enables hackers to steal passwords. Read more

www.sophos.com:
Over half of Chinese malware aims to steal passwords, reports Sophos. Read more

www.theregister.co.uk:
Vista's EULA product activation worries. Read more

www.theregister.co.uk:
Chinese web pornographer jailed for life. Read more

www.pcmag.com:
Microsoft Brings 129 Lawsuits Against Phishers. Read more

www.theregister.co.uk:
Spyware firms pay token fines to FTC. Read more

www.technewsworld.com:
Hackers Use New Tricks to Evade Detection. Read more

www.zdnet.com.au:
Antivirus firms target 'unique' malware. Read more

www.terra.net.lb:
As online shopping grows, so do dangers. Read more

www.nbc-2.com:
Identities bought and sold in online underground. Read more

. 22 November 2006

Guides, Papers, etc
blogs.securiteam.com:
P2P as a new spam medium, moving from PoC to full operations. Read more

www2.csoonline.com:
Malicious Code Packing Ups Security Arms Race Ante. Read more

news.zdnet.co.uk:
Bill Gates talks Vista and Linux. Read more

www.darkreading.com:
Video: The New Attack Frontier. Read more

www.f-secure.com:
When will you stop! Read more

www.2-spyware.com:
Dullards at Titan Shield. Or why only idiots make corrupt anti-spyware. Read more

reviews.zdnet.co.uk:
Why 802.11n is a hard act to swallow. Read more

www.databasesecurity.com:
Which database is more secure? Oracle vs. Microsoft. Read more

www.theregister.co.uk:
PGP creator: Net is like 'downtown Bagdad'. Read more

eprint.iacr.org:
On the Power of Simple Branch Prediction Analysis. Read more

 

Vulnerabilities & Exploits
www.securityfocus.com:
Disk image flaw found on Mac OS X. Read more

www.info-svc.com:
CIS Finds Flaws in Firefox v2 Password Manager. Read more

bugzilla.mozilla.org:
Cross-Site Forms + Password Manager = Security Failure. Read more

securitytracker.com:
My Firewall Plus Lets Local Users Gain System Privileges. Read more

securitytracker.com:
aBitWhizzy 'f' Parameter Include File Bug Lets Remote Users Execute Local Files. Read more

securitytracker.com:
contentNow Input Validation Flaw in 'page' Parameter Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
phpJobScheduler Include File Error in 'installed_config_file' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Novell Client Buffer Overflow in NWSPOOL.DLL Has Unspecified Impact. Read more

securitytracker.com:
Turbo Searcher Buffer Overflow in 'arj.dll' Component Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mac OS X DMG Image Validation Error May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Classified System Input Validation Holes Permit Cross-Site Scripting Attacks and SQL Command Injection. Read more

securitytracker.com:
BirdBlog Missing Input Validation in 'comment.php', 'index.php', and 'user.php' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Avahi Lets Remote Users Manipulate the Service By Spoofing Netlink Messages. Read more

securitytracker.com:
PHPQuickGallery Include File Flaw in 'textFile' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
ASP Nuke Input Validation Flaw in 'register.asp' Lets Remote Users Inject SQL Commands. Read more

 

Tools:
www.it-observer.com:
Spam free inbox with SPAMfighter. Read more

webmessenger.msn.com:
MSN Web Messenger lets you talk online and in real-time with friends and family using just a web browser! Read more

 

News
www.theregister.co.uk:
Record labels lose against Chinese search engine. Read more

www.itnews.com.au:
Image-based spam defeating filters. Read more

www.theregister.co.uk:
VXers suffering from 'writer's block'. Read more

www.infoworld.com:
Annual charges now the rule with AV software. Read more

www.news-journalonline.com:
Ponce Inlet man charged in Internet fraud scam. Read more

www.techworld.com:
McAfee faces phoney phishing claims. Read more

. 21 November 2006

Guides, Papers, etc
www.viruslist.com:
Malware Evolution: July - September 2006. Read more

www.niscc.gov.uk:
Targeted Trojan Email Attacks. Read more

www.youtube.com:
Video about the "Grey Goo" Attack on Second Life. Watch

isc.sans.org:
MS06-070 Remote Exploit. Read more

www.onrec.com:
Non-OS dependant malware. Read more

www.cylab.cmu.edu:
Phinding Phish: An Evaluation of Anti-Phishing Toolbars. Read more

www.youtube.com:
Video: Detencion hackers chilenos. Watch

www.eweek.com:
Guess Whois Going to Lose the Privacy Debate. Read more

www.itsecurity.com:
Hacking Email: 99 Email Security and Productivity Tips. Read more

www.itp.net:
Who’s killed the virus? Read more

www.securitypark.co.uk:
Is the hacking community running out of fresh ideas? Read more

www.podtrac.com:
Audio: Security Now 66: Vista Security. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
Netgear MA521 Wireless Adapter Invalid 'Supported Rates' Value Lets Remote Users Execute Arbitrary Code Read more

securitytracker.com:
OpenBSD 'ld.so(1)' May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
StoryStream Include File Bug in 'baseDir' Parameter Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.securityfocus.com:
Report: Concerns focus on flaws, not viruses. Read more

www.securityfocus.com:
Virtual virus hits Second Life. Read more

www.theregister.co.uk:
Worm creates havoc on Second Life. Read more

www.virusbtn.com:
Trojan planted on Chinese banking site. Read more

www.theregister.co.uk:
Bank-card PINs 'wide open' to insider attack. Read more

www.computerweekly.com:
Foreign intelligence agents hacking UK businesses, government warns. Read more

www.guardian.co.uk:
Illegal investigators, a detective agency, and a leading law firm. Read more

www.darkreading.com:
Hackers Train Sights on Vista, Forefront. Read more

. 20 November 2006

Guides, Papers, etc
www.benedelman.org:
Bad Practices Continue at Zango, Notwithstanding Proposed FTC Settlement and Zango's Claims. Read more

isc.sans.org:
Taking a Look at the FreeVideo Player Trojan (NEW). Read more

isc.sans.org:
Virtual Machine Detection in Malware via Commercial Tools. Read more

blogs.securiteam.com:
419 French (Polite) Spam. Read more

blogs.securiteam.com:
Revenge of the Captcha! (Reverse Captcha, Ransom Notes and Image Spam). Read more

www.redorbit.com:
Ethics in Info Security. Read more

video.google.com:
Video: How To Break Web Software - A look at security vulnerabilities in web software. Watch

www.informationweek.com:
Rootkits, Polymorphics Turn Threats Tougher In 2006. Read more

www.avertlabs.com:
Hmm… Another Patch Tuesday Vulnerability Release. Read more

bc.tech.coop:
Black Hat and White Hat Hacking with Lisp. Read more

blog.assarbad.net:
Marketing for security companies now via Secunia! Read more

www.jgc.org:
The Spammers' Compendium. Read more

handlers.sans.org:
On the Cutting Edge: Thwarting Virtual Machine Detection. Read more

www.computerworld.com:
Windows Vista A to Z. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Travelsized CMS Input Validation Flaws in 'page', 'page_id', and 'language' Parameters Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
BLOG:CMS Input Validation Hole in 'list.php' Permits Cross-Site Scripting Attacks. Read more

 

News
today.reuters.co.uk:
Nigerian scams cost Britons millions. Read more

www.macworld.co.uk:
PayPal phishers abuse Malaysian machine. Read more

news.zdnet.co.uk:
Cybercrime laws 'will harm security research'. Read more

www.iht.com:
Police detain another blogger despite international criticism. Read more

www.stepto.com:
Scaring the crap out of people is not the...Read more

lauren.vortex.com:
New Google Service Will Manipulate Caller-ID. Read more

www.khnl.com:
Zabasearch: An Invasion of Privacy? Read more

www.theage.com.au:
Researchers discover security flaw in microchips. Read more

www.mb.com.ph:
10 Tips for Safe Holiday Shopping Online. Read more

. 18 November 2006

Guides, Papers, etc
www.ngssoftware.com:
Implementing and Detecting a PCI Rootkit. Read more

privacyrights.org:
A Chronology of Data Breaches. Read more

www.avertlabs.com:
Stock spammers, methodical yet mysterious. Read more

www.darkreading.com:
Wave of WiFi Bugs Won't Bite. Read more

www.infoworld.com:
MySpace password exploit: Crunching the numbers (and letters). Read more

uscpublicdiplomacy.com:
Audio: Fulbright Chair Speaker Series: John Perry Barlow and John Gilmore. Read more

www.arx.com:
The unbearable lightness of PIN cracking. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
WORK system e-commerce Include File Bug in 'g_include' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
CA Host-Based Intrusion Prevention System Lets Local Users Gain Kernel Privileges. Read more

securitytracker.com:
Comdev One Admin Include File Bug in 'path[skin]' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
eggblog Input Validation Holes in 'edit' and 'add' Parameters Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
NetGear WG111v2 Wireless Driver Stack Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
libpng Read Error in png_set_sPLT() Lets Remote Users Deny Service. Read more

securitytracker.com:
Inktomi Search Discloses System Information to Remote Users. Read more

securitytracker.com:
Apple Remote Desktop Insecure File Permissions Let Local Users Gain Root Privileges. Read more

 

Tools:
honeyblog.org:
Nepenthes 0.2. Read more

 

News
www.iht.com:
Chinese Net users say China likely banned Wikipedia again. Read more

www.securityfocus.com:
PCI cards the next haven for rootkits? Read more

www.guardian.co.uk:
Cracked it! Read more

news.bbc.co.uk:
Web-rage' man gets prison term. Read more

www.internetnews.com:
Our Phishing Filter is Better Than Yours! Read more

www.sophos.com:
Spanish webcam spies apprehended by authorities, reports Sophos. Read more

english.peopledaily.com.cn:
Hackers plant virus on Website of China's largest bankcard operator. Read more

www.realtechnews.com:
Botnets Responsible for Penny Stock Spams and Penis Pills. Read more

www.wired.com:
Polite Hackers Kick It in Korea. Read more

www.internetnews.com:
Pirated Vista, Office 2007 Already on The 'Net. Read more

www.aclu-wa.org:
ACLU Suit Seeks Access to Lawful Information on Internet. Read more

. 17 November 2006

Guides, Papers, etc
www.f-secure.com:
REALLY want to know what's happening in your system? Read more

isc.sans.org:
Honeypot Mirroring .edu domains under .eu / Active Threat. Read more

www.avertlabs.com:
Thats what I call redundancy! Read more

www.eweek.com:
The Mac Landscape: Full of Empty Threats? Read more

www.windowsecurity.com:
Tools of the Trade revisited (Part 3). Read more

ip.securescience.net:
Malware Case Study. Read more

securitywatch.eweek.com:
Interview: Inside the Mind of a Kernel Hacker. Read more

www.2-spyware.com:
Real examples of image spam. Read more

 

Vulnerabilities & Exploits
www.itnews.com.au:
WinZip 11 launches; bug found in version 10. Read more

securitytracker.com:
HELM Input Validation Holes Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
Kerio WebSTAR Lets Certain Local Users Gain Root Privileges. Read more

securitytracker.com:
MDaemon Insecure Directory Permissions Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Plesk Input Validation Flaws in 'get_password.php' and 'login_up.php3' Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
Ultraseek '/highlight/index.html' Script Lets Remote Users Connect to Other Systems. Read more

 

Tools:
ferruh.mavituna.com:
XSS Shell, backdooring the web... ; Read more

 

News
www.theregister.co.uk:
VoIP and IE risks star in SANS' threat list. Read more

news.com.com:
Experts raise Windows security alarm. Read more

www.internetnews.com:
New Worm Counts On Admins Being Slow To Patch. Read more

www.scmagazine.com:
Worm uses Real Media files to infect. Read more

www.theregister.co.uk:
Former IT boss faces hacking charges. Read more

www.darkreading.com:
Ex-IT Chief Busted for Hacking. Read more

searchsecurity.techtarget.com.au:
Gartner: Crims will use PS3 to crack crypto. Read more

www.theregister.co.uk:
Four cuffed over webcam Trojan scam. Read more

www.eweek.com:
'Pump-and-Dump' Spam Surge Linked to Russian Bot Herders. Read more

www.dailytexanonline.com:
Viewpoint: Making crime, and it pays. Read more

www.dmnews.com:
Click fraud highlights bigger issue for industry: lousy leads. Read more

www.kuwaittimes.net:
Online hackers' verdict. Read more

thescotsman.scotsman.com:
Website will name missing child sex offenders. Read more

. 16 November 2006

Guides, Papers, etc
blogs.securiteam.com:
Site of Polish police defaced. Read more

ipcommunications.tmcnet.com:
Beware of `evil twins,' and other tips to keep your online life secure. Read more

isc.sans.org:
Microsoft Black Tuesday Overview (NEW). Read more

www.avertlabs.com:
The 2007 Botnet Package - 0-day + Parasite + Google ? Read more

blogs.ittoolbox.com:
The Cure Can Worse Than The Disease. Read more

www.webdepot.umontreal.ca:
Bangs for the Buck: A Cost-Benefit Analysis of Cyberterrorism. Read more

www.securitypark.co.uk:
Firewall, encryption and password protection are failing to protect PCs from attacks. Read more

www.internetnews.com:
Automated Patching Helping Zero-Day Exploits. Read more

www.darkreading.com:
From Script Kiddie to CTO. Read more

 

Vulnerabilities & Exploits
blogs.securiteam.com:
ZDI: Symantec, Kaspersky, CA, MS have unpatched flaws. Read more

blogs.securiteam.com:
Copy and Paste Security Bugs?? The *BSD case…. Read more

passivemode.net:
Broadcom Wireless Driver Vulnerability. Read more

securitytracker.com:
Links SMB URL Parsing Bug Lets Remote Users Upload/Download Files. Read more

securitytracker.com:
ELinks SMB URL Parsing Bug Lets Remote Users Upload/Download Files. Read more

securitytracker.com:
Sun Java Runtime Environment Bug in Swing Library Lets Remote Applets Access Data from Other Applets. Read more

securitytracker.com:
Citrix Access Gateway Discloses Information That May Let Remote Users Compromise the Appliance. Read more

securitytracker.com:
Citrix Advanced Access Control Lets Remote Authenticated Users Bypass Security Policy. Read more

securitytracker.com:
WinZip FileView ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

 

Tools:
www.microsoft.com:
Windows PowerShell. Read more

www.txdns.net:
TXDNS is a Win32 aggressive multithreaded DNS digger. Capable of placing, on the wire, thousands of DNS queries per minute. Read more

 

News
www.terra.net.lb:
Chinese-language Wikipedia reopened: activists. Read more

www.securityfocus.com:
Malware goes to the movies. Read more

www.theregister.co.uk:
The spy - or thief - in your pocket. Read more

www.sophos.com:
Spanish webcam spies apprehended by authorities, reports Sophos. Read more

www.vnunet.com:
'Spyware' trumps 'poker' to top search charts. Read more

www.vnunet.com:
Internet is 99 per cent porn free. Read more

www.windowsitpro.com:
The EU Strikes Back: Microsoft Has Still Not Complied. Read more

www.theregister.co.uk:
ESA adds stunning satellite images to Google Earth. Read more

. 15 November 2006

Guides, Papers, etc
isc.sans.org:
Malware with new features (NEW). Read more

isc.sans.org:
SANS Top 20 Update (NEW). Read more

www.securityfocus.com:
Symantec delivers Mac OS X security report. Read more

blogs.securiteam.com:
6 new advisories, only one affects Vista. Read more

blogs.securiteam.com:
Notes/Domino flaw enables to steal ID files - via NRPC protocol. Read more

blogs.securiteam.com:
Malware utilizes AJAX to install itself. Read more

www.darkreading.com:
800-Pound Gorilla Sits on AV. Read more

blogs.msdn.com:
How I'll Judge IE7 Security. Read more

www.avertlabs.com:
W32/Realor.worm - Infecting Movies for Fun and Profit. Read more

 

Vulnerabilities & Exploits
isc.sans.org:
Critical security vulnerability in WinZip 10 (NEW). Read more

lists.grok.org.uk:
AVG Anti-Virus - Arbitrary Code Execution (remote). Read more

securitytracker.com:
Microsoft Client Service for Netware Buffer Overflows Let Remote Users Execute Arbitrary Code and Crash the System. Read more

securitytracker.com:
Microsoft Internet Explorer Bug in Rending HTML Layout Combinations May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Agent '.ACF' File Memory Corruption Error Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Windows Workstation Service Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Nucleus Input Validation Holes in 'lib/ADMIN.php' and 'lib/SKIN.php' Permit Cross-Site Scripting Attacks. Read more

securitytracker.com:
PHP_Debug Include File Bug in 'test/debug_test.php' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
PHPRunner Discloses Passwords to Local Users. Read more

securitytracker.com:
NuSchool Input Validation Flaw in 'CampusNewsDetails.asp' Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
NuStore Input Validation Flaw in 'Products.asp' Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
D-Link DWL-G132 Wireless USB Adapter Stack Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
NuCommunity Portal System Input Validation Flaw in 'cl_CatListing.asp' Lets Remote Users Inject SQL Commands. Read more

 

Tools:
www-128.ibm.com:
Build a Web spider on Linux. Read more

 

News
www.securityfocus.com:
Microsoft patch Tuesday fixes six major flaws. Read more

www.securityfocus.com:
Microsoft, Mozilla compete on anti-phishing data. Read more

www.theregister.co.uk:
Meet the world's most prolific spammers. Read more

www.theregister.co.uk:
OneCare slaps viral warning on Gmail. Read more

www.wired.com:
Kevin Mitnick's Security Advice. Read more

www.pcadvisor.co.uk:
Human error ranks as top security worry. Read more

www.theregister.co.uk:
Korean police break phone sex scam. Read more

news.com.com:
Microsoft sues alleged spyware pushers. Read more

www.microsoft-watch.com:
My Mother is a Software Pirate. Read more

. 14 November 2006

Guides, Papers, etc
blogs.securiteam.com:
Budapest Declaration on machine readable travel documents. Read more

blogs.securiteam.com:
Team Evil - Incident #2. Read more

isc.sans.org:
A loan offer or two. Read more

www.eweek.com:
The Rising Tide of Vista. Read more

www.time.com:
Linus Torvalds. Read more

www.eweek.com:
Report: Spyware Threat Marches On. Read more

blogs.ittoolbox.com:
My Virus Surfs Child Porn. Read more

www.mercurynews.com:
Study: About 1 percent of Web pages have sexually explicit material. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Novell BorderManager Predictable ISAKMP Cookies May Let Remote Users Conduct Denial of Service and Replay Attacks. Read more

securitytracker.com:
Broadcom Wireless Device Driver SSID Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
HP Tru64 UNIX libpthread Lets Local Users Gain Root Privileges. Read more

securitytracker.com:
myStats Permits Cross-Site Scripting and SQL Injection Attacks and Discloses the Installation Path to Remote Users. Read more

 

News
www.securityfocus.com:
Researchers flag critical wireless bug. Read more

www.theregister.co.uk:
Allchin backs away from Vista anti-virus claims. Read more

www.betanews.com:
Vista, Antivirus: What If Allchin's Right? Read more

www.theregister.co.uk:
UK bans denial of service attacks. Read more

news.com.com:
With IE 7, green means go for legit sites. Read more

blogs.msdn.com:
IE7 Worldwide Distribution by Automatic Updates. Read more

www.newsnow.co.uk:
Microsoft tags Gmail as a virus. Read more

www.out-law.com:
Phishing kits banned by new Fraud Act. Read more

www.computerworld.com.au:
Mutate, fragment, hide: The new hacker mantra. Read more

www.washingtonpost.com:
Sleepless Over Security Breaches. Read more

www.mybroadband.co.za:
PornPass Manager infects computers with spyware. Read more

www.webuser.co.uk:
Online Christmas shoppers at risk. Read more

www.terra.net.lb:
State can't stop illegal ISPs - but DSL might in Lebanon. Read more

. 13 November 2006

Guides, Papers, etc
blogs.securiteam.com:
MoKB Wireless Driver Bug - Critical to Windows Systems. Read more

isc.sans.org:
Quiet day for incidents, IRC channel for discussion (NEW). Read more

isc.sans.org:
Form Spam: Increasing the Attacker's work function. Read more

www.myfoxorlando.com:
Video: Cell Phone Viruses. Watch

 

Vulnerabilities & Exploits
isotf.org:
The Month of Kernel Bugs (MoKB) released an advisory (MOKB-11-11-2006) today on a wireless vulnerability in Broadcom's wireless driver. Read more

securitytracker.com:
MailMarshal Directory Traversal Bug on Processing ARJ Archives Lets Remote Users Create Arbitrary Files on the Target System. Read more

 

News
news.softpedia.com:
Six Security Bulletins from Microsoft. Read more

www.businessweek.com:
Nations that Censor the Net. Read more

www.theregister.com:
IE7 'critical update' causes headaches for managed desktop environments. Read more

www.techworld.com:
Hacker given 10 years for targeting teenage girls. Read more

www.iht.com:
Report: Singapore teen faces 3 years' jail for tapping into another's wireless Internet. Read more

www.nytimes.com:
Cyberthieves Silently Copy Your Passwords as You Type. Read more

apcmag.com:
Vista RTM cracked by pirates before release. Read more

www.theregister.com:
Security rivals tried to 'castrate' Vista - Gates. Read more

www.ecommercetimes.com:
Catching Up With Cybercriminals. Read more

www.theregister.com:
Pennsylvania court says viewing child porn 'not illegal'. Read more

www.dailymail.co.uk:
Doctors using Google to diagnose illnesses. Read more

. 11 November 2006

Guides, Papers, etc
blogs.securiteam.com:
SecuriTeam Interview: LMH. Read more

windowsvistablog.com:
Windows Vista: Defense in depth. Read more

www.microsoft.com:
Microsoft Security Bulletin Advance Notification. Read more

www.websense.com:
Web-Attacker Exposed. Read more

ddanchev.blogspot.com:
The Nuclear Grabber Toolkit. Read more

www.2-spyware.com:
Another critical vulnerability being exploited. Read more

blogs.securiteam.com:
Me All - For your wifi pentesting pleasure. Read more

isc.sans.org:
New Monster Phish Bait. Read more

www.ruxcon.org.au:
Hit by a Bus: Physical Access Attacks with Firewire. Read more

www.websense.com:
Security Trends Report, First Half 2006. Read more

www.acmqueue.com:
Cybercrime - An Epidemic. Read more

honeyblog.org:
Fun With Botnets. Read more

honeyblog.org:
Low-Interaction Honeyclient. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Omnistar Article Input Validation Flaws in 'article_id' and 'page_id' Parameters Let Remote Users Inject SQL Commands. Read more

securitytracker.com:
Citrix Presentation Server IMA Service Bugs Let Remote Users Execute Arbitrary Code and Deny Service. Read more

securitytracker.com:
Vortex Blog AKA vBlog Include File Flaw in 'cfgProgDir' Parameter Lets Remote Users Execute Arbitrary Code. Read more

 

Tools:
www.linuxdevices.com:
Security company prescribes Linux for sick Windows PCs. Read more

fileforum.betanews.com:
RootkitRevealer 1.71. Read more

www.techworld.com:
VMware reveals new product features. Read more

 

News
www.securityfocus.com:
E-voting worries focus on failures, not fraud. Read more

www.securityfocus.com:
Web site sting nets child-porn arrests. Read more

www.theregister.co.uk:
Trojan pervert jailed for child abuse. Read more

www.theregister.co.uk:
MS preps six fixes for November Patch Tuesday. Read more

www.darkreading.com:
Phishing Continues Meteoric Rise. Read more

www.darkreading.com:
'Hacker Safe:' Safe for Hackers. Read more

. 10 November 2006

Guides, Papers, etc
www.microsoft.com:
Windows Vista Security Guide. Read more

blogs.securiteam.com:
Surprise from Microsoft: Detailed patch advance info. Read more

blogs.securiteam.com:
It’s Y2K, no, it’s 32 bit unix time, no, it’s Slashdot! Read more

blogs.securiteam.com:
Is security testing more “security” or more “testing? Read more

www.f-secure.com:
Gromozon vs. Marco Giuliani. Read more

www.avertlabs.com:
MySpace in China - When Malware Worlds Collide. Read more

blog.washingtonpost.com:
Phishing Attacks Leapfrog Despite Attempts to Stop. Read more

www.crypto.com:
Keyboards and Covert Channels. Read more

www.eweek.com:
Next-Generation Notebook Security Rounding the Corner. Read more

www.infoworld.com:
Password-cracking contest results. Read more Audio: Security Now 65: Why Is Security So Difficult? Listen

 

Vulnerabilities & Exploits
securitytracker.com:
IBM Lotus Notes Lets Remote Users Determine Valid Usernames and Obtain User.ID Keyfiles. Read more

securitytracker.com:
Intego VirusBarrier X4 Lets Users Bypass Virus Detection. Read more

securitytracker.com:
SpeedyWiki Lets Remote Authenticated Users Upload Arbitrary Files and Remote Users Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
FreeWebshop Input Validation Holes Permit Cross-Site Scripting Attacks and Include File Attacks. Read more

securitytracker.com:
libarchive Lets Remote Users Deny Service Via Specially Crafted Archives. Read more

 

Tools:
www.microsoft.com:
Windows Sysinternals. Read more

 

News
www.theregister.co.uk:
Piracy losses fabricated - Aussie study. Read more

www.computerworld.com:
Microsoft releases Sony rootkit hunter's tools. Read more

www.prisonplanet.com:
Google chief vows to protect users' privacy. Read more

www.zdnet.com.au:
DDoS makes a phishing e-mail look real. Read more

www.securityfocus.com:
Virus posted to official Google group. Read more

www.sophos.com:
10 years jail for hacker who used spyware to blackmail schoolgirls. Read more

www.betanews.com:
Allchin Suggests Vista Won't Need Antivirus. Read more

www.securityfocus.com:
Red Hat and VMware make a bundle. Read more

www.securityfocus.com:
Firefox update aims to lance security bugs. Read more

www.theinquirer.net:
Anti-spyware anesthetises your OS before going to work. Read more

www.sophos.com:
Politicans add to the spam problem in run-up to US elections. Read more

www.infoworld.com:
Forrester: Consumers won't rush to Vista. Read more

. 09 November 2006

Guides, Papers, etc
blogs.securiteam.com:
The Assimilation of Sysinternals. Read more

www.securityfocus.com:
Using Nepenthes Honeypots to Detect Common Malware. Read more

blogs.securiteam.com:
Firefox 1.5.x users not supported after April 2007. Read more

www.f-secure.com:
Case Wikipedia. Read more

isc.sans.org:
fragmented packet challenge (NEW). Read more

www.zdnet.com.au:
10 things to know about IE7 Security. Read more

software.newsforge.com:
Inside the Hacker's Profiling Project. Read more

geocities.com:
Hacking the Malware– A reverse-engineer’s analysis. Read more

www.it-observer.com:
Web-style Wireless IDS attacks. Read more

technology.guardian.co.uk:
Why spam is out of control. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
IBM Lotus Domino 'tunekrnl' Buffer Overflow Lets Local Users Gain Root Privileges. Read more

securitytracker.com:
HP OpenView Client Configuration Manager Lets Remote Users Reboot the System or Execute Arbitrary Code. Read more

securitytracker.com:
Ruby cgi.rb MIME Boundary Parsing Error Lets Remote Users Deny Service. Read more

securitytracker.com:
Cisco Secure Desktop Bugs Let Local Users Gain LocalSystem Privileges, View Certain VPN Session Data, and Switch Out of the Secure Desktop. Read more

securitytracker.com:
Mozilla Firefox Executing Script Modification Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mozilla Thunderbird Executing Script Modification Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mozilla Seamonkey Executing Script Modification Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process. Read more

securitytracker.com:
Mozilla Firefox RSA Signatures Can Be Forged. Read more

securitytracker.com:
Mozilla Thunderbird RSA Signatures Can Be Forged. Read more

securitytracker.com:
Mozilla Seamonkey RSA Signatures Can Be Forged. Read more

securitytracker.com:
Mozilla Firefox Layout Engine, XML Method, and JavaScript Engine Memory Errors May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mozilla Thunderbird Layout Engine, XML Method, and JavaScript Engine Memory Errors May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mozilla Seamonkey Layout Engine, XML Method, and JavaScript Engine Memory Errors May Let Remote Users Execute Arbitrary Code. Read more

 

Tools:
www.microsoft.com:
BlueScreen Screen Saver v3.2. Read more

www.microsoft.com:
Sysinternals Suite. Read more

 

News
www.heraldsun.com:
Former government security guard convicted in identity theft ring. Read more

www.securityfocus.com:
Microsoft trains partners to improve security. Read more

www.techworld.com:
Google in difficult position over Kama Sutra mishap. Read more

www.theregister.co.uk:
Nuclear war worm fails to explode. Read more

www.theregister.co.uk:
Attackers end-run around IE security. Read more

www.fdlreporter.com:
Controversial course teaches spyware writing. Read more

www.securitypark.co.uk:
Majority of organisations suffer malware attacks. Read more

www.theregister.co.uk:
Dating site hacker avoids jail. Read more

www.techworld.com:
Online banking fraud leaps out the till. Read more

www.eweek.com:
Sophos: Simple Malware Attacks Are Still Dangerous. Read more

. 08 November 2006

Guides, Papers, etc
www.benedelman.org:
Intermix Revisited. Read more

www.eweek.com:
Study: Symantec Best at Removing Rootkits; Microsoft Worst. Read more

www.f-secure.com:
Cat-herding. Read more

isc.sans.org:
Substantial Increase in Infected System Numbers (is it real?). Read more

www.viruslist.com:
New modifications of Trojan-Downloader spammed. Read more

blogs.msdn.com:
Improving SSL: Extended Validation (EV) SSL Certificates Coming in January. Read more

blogs.securiteam.com:
When Ax1024 isn’t enough. Read more

blogs.securiteam.com:
M$ Firefox. Read more

isiom.wssrl.org:
And you though you were safe after SLAMMER, not so, Swarms not Zombies present the greatest risk to our national internet infrastructure. Read more

www.symantec.com:
Handling Today’s Tough Security Threats. Read more

www.ethicalhacker.net:
Tutorial: Rainbow Tables and RainbowCrack. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
GreenBeast CMS Lets Remote Users View Filenames and Potentially Upload Files. Read more

securitytracker.com:
Cyberfolio Include File Bug in 'av' Parameter Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
War-FTP File Command Processing Error Lets Remote Authenticated Users Deny Service. Read more

securitytracker.com:
WFTPD Pro Buffer Overflow in APPE Command Lets Remote Authenticated Users Execute Arbitrary Code. Read more

securitytracker.com:
Omni-NFS Server Stack Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Kerio MailServer Unspecified Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
IBM WebSphere Application Server Input Validation Hole in Error Page 'faultfactor' Parameter Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Novell eDirectory Unspecified Bugs Let Remote Users Deny Service and Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Windows Kernel GDI Data Structure Processing Bug Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
ProFTPD Unspecified Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
OpenLDAP BIND Request Lets Remote Users Deny Service. Read more

securitytracker.com:
Microsoft Internet Explorer 'ieframe.dll' Lets Remote Users Spoof Invalid Certificates. Read more

 

Tools:
www.microsoft.com:
Microsoft Baseline Security Analyzer v2.0.1 (for IT Professionals). Read more

sourceforge.net:
JBroFuzz is a java based stateless network protocol fuzzer for penetration tests. Read more

 

News
www.securityfocus.com:
Attackers end-run around IE security. Read more

www.theregister.co.uk:
US harbours one-in-four phishing sites. Read more

news.com.com:
Adware may be lurking in video on MySpace. Read more

www.eweek.com:
Anti-virus Leaders Look to Services for Growth. Read more

apcmag.com:
Every Vista PC to get a domain name. Read more

entmag.com:
Security Software Moves Toward Blocking Sites. Read more

www.securityfocus.com:
Wikipedia targeted by virus writer. Read more

www.theregister.co.uk:
Chile arrests Nasa hack suspects. Read more

www.techworld.com:
Security vendor hit by spite attack. Read more

www.theregister.co.uk:
Dutch spooks give MPs BlackBerry warning. Read more

. 07 November 2006

Guides, Papers, etc
blogs.securiteam.com:
XML Core Services 0-day. Read more

blogs.securiteam.com:
P2P: “work from home” mule recruitment and Citibank scam. Read more

blogs.securiteam.com:
Web (and other) code cross-pollenation. Read more

blogs.securiteam.com:
kernel bug not patched for over 2 years (but fixed in Vista and 2003). Read more

passivemode.net:
Prevent the Automatic IE 7 Update. Read more

www.f-secure.com:
New phishing statistics. Read more

www.darkreading.com:
A First Look Into the PhishTank. Read more

isc.sans.org:
Abuse handling and the misfortunes of the good Samaritan (NEW). Read more

www.eweek.com:
The Spammers Strike Back. Read more

blog.assarbad.net:
Conclusions drawn from observation of Redpill results wrong? Read more

video.google.com:
Video: HBO SPECIAL Hacking Democracy. Watch

 

Vulnerabilities & Exploits
projects.info-pull.com:
Microsoft Windows kernel GDI local privilege escalation. Read more

securitytracker.com:
AOL ICQ DownloadAgent() Function Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
xenis.creator Input Validation Holes in 'default.asp' Permit Cross-Site Scripting and SQL Injection Attacks. Read more

securitytracker.com:
If-CMS Missing Input Validation in 'rns' Parameter Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
RPM Lets Remote Users Cause Arbitrary Code to Be Executed When Queried in Certain Locales. Read more

 

Tools:
www.betanews.com:
Microsoft Launches Virtual Earth 3D. Read more

 

News
www.theregister.co.uk:
0-day bug shatters Windows. Read more

www.securityfocus.com:
U.S., Korea top list of phishing hosts. Read more

www.computerworld.com.au:
Microsoft Makes AVG Security Products Available Directly From Windows Security Center in Windows Vista. Read more

www.chron.com:
Chile arrests 4 accused of hacking NASA, other foreign Web sites. Read more

www.theregister.co.uk:
Wireless insecurity: do not use the cheerleader defence. Read more

torrentfreak.co:
Privacy Prevails: German ISP Forced To Delete IP Logs. Read more

www.freep.com:
Wi-Fi's ease lets hackers sneak in. Read more

. 06 November 2006

Guides, Papers, etc
blogs.securiteam.com:
ActiveX - reason of the newest Windows 0-day, again. Read more

www.computerworld.com:
Botnet Threat. Read more

www.mcafee.com:
STRIPPING DOWN AN AV ENGINE. Read more

isc.sans.org:
sinFP-2.04 release (NEW). Read more

geocities.com:
Hacking the Malware– A reverse-engineer’s analysis. Read more

www.it-observer.com:
802.11b Firmware-Level Attacks. Read more

www.eweek.com:
The Real Problem with Voting Security. Read more

 

Vulnerabilities & Exploits
Microsoft Security Advisory (927892)
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution. Read more

securitytracker.com:
Microsoft XML Core Services ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Informix Dynamic Server Uses Unsafe Installation Scripts and Directory Permissions That May Let Local Users Gain Elevated Privileges. Read more

 

Tools:
www.gomor.org:
Net::SinFP - a Perl module to do OS fingerprinting. Read more

www.theregister.co.uk:
VMWare plays Lab Manager. Read more

www.washingtonpost.com:
The Best Security May Still Be Free. Read more

 

News
www.securityfocus.com:
New, critical Microsoft Windows 0-day appears. Read more

www.zdnet.com.au:
Mac virus author admits coding difficulties. Read more

www.computerworld.com:
Antiphishing fighters take on malware. Read more

www.thedenverchannel.com:
Investigators: Your Computer Can Be Quickly Controlled By Others. Read more

. 04 November 2006

Guides, Papers, etc
www.smh.com.au:
My fears for the web's future: Berners-Lee. Read more

blogs.securiteam.com:
October WebAttacker? Read more

blogs.securiteam.com:
Wikipedia Blaster ‘Fix’ Points to Malware. Read more

arstechnica.com:
How to steal an election by hacking the vote. Read more

taosecurity.blogspot.com:
Real Insider Threats. Read more

www.darkreading.com:
Microsoft's Security Play. Read more

www.technewsworld.com:
Macs, Hackers and the Computer Security Game. Read more

www.youtube.com:
Video: American Election Hacker Tells How to Fix an Election. Watch

handlers.sans.org:
Pedro’s Malware Analysis Quizes. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
iodine DNS Response Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
nss_ldap Error in pam_ldap in Processing PasswordPolicyReponse Messages May Let Remote Users Bypass Authentication. Read more

 

Tools:
www.theregister.co.uk:
Veeam monitors 64-bit VMware. Read more

 

News
www.securityfocus.com:
FBI nabs suspected identity-theft ring. Read more

www.theregister.co.uk:
Wikipedia Blaster 'fix' points to malware. Read more

aviv.raffon.net:
Internet Explorer 7 - Still Spyware Writers Heaven. Read more

www.securityfocus.com:
Air Force establishing cyberspace command. Read more

www.msnbc.msn.com:
U.S. pulls Web site said to reveal nuclear guide. Read more

www.theregister.co.uk:
How to gag your enemies using the DMCA. Read more

www.theregister.co.uk:
How a virus crashed Homeland Security. Read more

www.theregister.co.uk:
Spanish judge says downloading is legal. Read more

www.usatoday.com:
Starbucks loses laptops with data on 60,000 employees. Read more

www.philly.com:
Court: Viewing, having child porn not equal. Read more

. 03 November 2006

Guides, Papers, etc
www.wired.com:
The Virus That Ate DHS. Read more

blogs.securiteam.com:
My name is Macarena and I’m PoC virus for OS X. Read more

www.f-secure.com:
Bluetooth cracking. Read more

www.eweek.com:
What PatchGuard Really Breaks. Read more

www.infoworld.com:
Seven shortcomings of virtual security. Read more

sunbeltblog.blogspot.com:
Gromozon blowback. Read more

www.darkreading.com:
Malware Pair Boosts Bots. Read more

myweb.cableone.net:
Chatter on the Wire: A look at excessive network traffic and what it can mean to network security. Read more

aaatchim.blogspot.com:
The Visual Basic surprise. Read more

www.podtrac.com:
Audio: Security Now 64: Your Questions, Steve's Answers - sponsored by Astaro Corp. Watch

 

Vulnerabilities & Exploits
securitytracker.com:
PHP Buffer Overflows in htmlspecialchars() and htmlentities() May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Apple AirPort Probe Response Frame Memory Error Lets Remote Users Execute Arbitrary Code. Read more

 

Tools:
www.pcworld.com:
First Look: McAfee Internet Security 2007 and Symantec Norton Internet Security 2007. Read more

 

News
windowsvistablog.com:
Revision to Windows Vista retail licensing terms. Read more

www.terra.net.lb:
Tech rivals Microsoft and Novell form software alliance. Read more

www.itnews.com.au:
Hackers aim at Microsoft Visual Studio 2005. Read more

www.technewsworld.com:
Little Used Service Opens New Vulnerability in XP. Read more

www.betanews.com:
Mixed Messages from Microsoft on China. Read more

news.com.com:
FBI nabs phishers in U.S., Eastern Europe. Read more

www.itnews.com.au:
Spammers gear up for pre-Christmas blitz. Read more

www.sophos.com:
Sophos extends application control to block distributed computing programs. Read more

www.theregister.co.uk:
Sophos defends its block on alien hunters. Read more

www.networkworld.com:
Spam that Delivers a Pink Slip. Read more

www.redherring.com:
Hacker Academy Launched. Read more

today.reuters.co.uk:
Real-time arrest made in Internet porn case. Read more

. 02 November 2006

New Trojans of October. Read more

 

Guides, Papers, etc
groups.google.com:
Genetic method to detect the presence of any virtual machine. Read more

blogs.securiteam.com:
Apple Airport 802.11 Exploit Published and the Value of HD Moore. Read more

www.itp.net:
Selling security. Read more

www.avertlabs.com:
Watch a live spam bot in action. Read more

ddanchev.blogspot.com:
Proof of Concept Symbian Malware Courtesy of the Academic World. Read more

www.darkreading.com:
Built-in Headaches. Read more

www.darkreading.com:
Not Your Grandpa's Microsoft. Read more

www.darkreading.com:
Kernel Bugs Come Marchin' In. Read more

www.macosxtips.co.uk:
Heres an unexpected file hidden in the Mac OS X system files. Read more

 

Vulnerabilities & Exploits
www.securityfocus.com:
Microsoft Internet Explorer Unspecified Code Execution Vulnerability. Read more

securitytracker.com:
Outpost Firewall PRO /Device/Sandbox Insufficent Access Control and Insufficent Input Validation Lets Local Users Deny Service. Read more

securitytracker.com:
Cisco Security Agent Management Center May Grant Administrative Access to Remote Users. Read more

securitytracker.com:
Netquery Input Validation Flaw in 'nquser.php' Script in 'User-Agent' Parameter Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Mirapoint Message Server Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
B-FOCuS Wireless Router Discloses Configuration Files to Remote Users. Read more

securitytracker.com:
Sun Java Application Server SSLv2 Buffer Overflow Lets Remote Users Deny Service. Read more

securitytracker.com:
Microsoft Visual Studio WMI Object Broker ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Novell NetMail Buffer Overflow in Username Authentication Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Novell eDirectory BerDecodeLoginDataRequeset() Pointer Error Lets Remote Users Deny Service. Read more

securitytracker.com:
Novell iManager TREE Parameter NULL Pointer Dereference Lets Remote Users Deny Service. Read more

securitytracker.com:
Apple Xcode GDB DWARF Binary Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
PHPEasyData Pro Input Validation Flaw in 'cat' Parameter Lets Remote Users Inject SQL Commands. Read more

 

Tools:
www.windowsfordevices.com:
Windows CE 6 arrives with 100% kernel source. Read more

 

News
www.theregister.co.uk:
Spammers go island hopping to bypass filter. Read more

www.theregister.co.uk:
Windows Firewall exploit overhyped. Read more

www.hbo.com:
HACKING DEMOCRACY. Read more

www.computerworld.com:
Review: Hacks, lies and videotape. Read more

news.com.com:
Intelligence czar unveils spy version of Wikipedia. Read more

www.kaspersky.com:
Malicious mass mailing sent using McAfee email address. Read more

news.zdnet.com:
Google thanks bug hunters. Read more

www.theregister.co.uk:
VXers target online video. Read more

www.pcadvisor.co.uk:
Apple hacker highlights insecure Macs. Read more

www.washingtonpost.com:
'Hacking' Doesn't Crack the Code. Read more

www.twincities.com:
Nurse's stolen laptop held patient data. Read more

www.nbc4.com:
Stolen Laptop Contains ROTC Scholarship Database. Read more

www.theregister.co.uk:
Domain resale market a 'haven' for phishers. Read more

www.technewsworld.com:
Holiday Scammers' E-Greeting Card Tactics. Read more

. 01 November 2006

Guides, Papers, etc
blogs.securiteam.com:
Is the IDS/IPS Still Relevant? Was it ever? Read more

blogs.securiteam.com:
Petite compression - not only problem of Sophos? Read more

www.securityfocus.com:
Quantum attacks worry computer scientists. Read more

www.securityfocus.com:
Employee Privacy, Employer Policy. Read more

www.f-secure.com:
www.citi.bank. Read more

isc.sans.org:
Remote DoS in Firefox 1.5.0.7 and Firefox 2 (NEW). Read more

blogs.technet.com:
Information on New Address Bar Issue. Read more

www.darkreading.com:
The Web App Security Gap. Read more

sunbeltblog.blogspot.com:
Follow-up on my earlier post on the ICS exploit. Read more

www.microsoft.com:
I Know What You Did Last Logon - Monitoring Software, Spyware, and Privacy. Read more

www.microsoft.com:
Behavioral Modeling of Social Engineering-Based Malicious Software. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Asterisk Has Various Bugs That Let Remote Users Deny Service. Read more

securitytracker.com:
HP NonStop Server Lets Local Users Access Restricted Files in Certain Cases. Read more

www.virusbtn.com:
Sophos engine faults disclosed. Read more

 

Tools:
www.windowsecurity.com:
PsTools Suite (Part 1). Read more

 

News
www.theregister.co.uk:
Russian hacking case can be heard in England, says judge. Read more

www.regdeveloper.co.uk:
Top firms' websites not ready for IE7. Read more

blog.siteadvisor.com:
A Halloween Screensaver That Will Make Your Skin Crawl. Read more

www.ballardnewstribune.com:
Ballard Hospital hit by data theft, check records. Read more

www.betanews.com:
China Slammed For Internet Blocking. Read more

news.com.com:
China: We don't censor the Internet. Really. Read more

www.virusbtn.com:
Two more IE7 bugs downplayed by Microsoft. Read more

www.darkreading.com:
IE7 Feature Goes Buggy. Read more

www.zdnet.com.au:
Mobile viruses set to explode. Read more


Copyright© MegaSecurity.org