Home    News Archive    Translate Traducen
News November 2007
29 November 2007

Guides, Papers, etc
blogs.securiteam.com:
Google handing over a blogger’s IP. Read more

www.wired.com:
How Does Bruce Schneier Protect His Laptop Data? With His Fists — and PGP. Read more

www.zdnet.com.au:
'Friendly rootkits' a must for secure Web shopping? Read more

www.mcafee.com:
Cyber Crime: A 24/7 Global Battle. Read more

www.prnewswire.com:
New Research From McAfee, Inc. Reveals Cyber Espionage is a Growing Threat to National Security. Read more

canadianpress.google.com:
Bots and worms among computer security threats for 2008. Read more

blogs.authentium.com:
Wow, what a scam! Read more

sunbeltblog.blogspot.com:
New fake codec -- Windows and Mac -- codechq. Read more

sunbeltblog.blogspot.com:
More on the massive SEO poisoning -- it was targeted at Google. And it was more crafty than we thought. Read more

sunbeltblog.blogspot.com:
New trend? Gromozon being installed as a rogue security app. Read more

sunbeltblog.blogspot.com:
Malware redirects: The aftermath. Read more

rbnexploit.blogspot.com:
RBN – Google Search Exploits. Read more

blog.trendmicro.com:
On Malicious Web Sites from Google Searches. Read more

erratasec.blogspot.com:
The thing that makes candy sweet... Read more

www.avertlabs.com:
Fun With Symbian Platform Security. Read more

www.channelregister.co.uk:
America's 8m victims of identity theft. Read more

ddanchev.blogspot.com:
66.1 Host Locked. Read more

ddanchev.blogspot.com:
Which CAPTCHA Do You Want to Decode Today? Read more

ddanchev.blogspot.com:
A TrustedSource for Threats Intell Data. Read more

ddanchev.blogspot.com:
Are You Botnet-ing With Me? Read more

ddanchev.blogspot.com:
I See Alive IFRAMEs Everywhere - Part Two. Read more

blogs.ittoolbox.com:
Innocent searches for Nov 26 2007. Read more

www.eweek.com:
Site Hacking for Malice and Profit. Read more

www.wired.com:
Spammers Giving Up? Google Thinks So. Read more

blogs.securiteam.com:
SCADA DNP3 Fuzzer. Read more

blogs.zdnet.com:
Who should bear the burden of de-fanging botnets? Read more

isc.sans.org:
Treacherous malware: the story of Advatrix. Read more

isc.sans.org:
Google Search Campaign. Read more

isc.sans.org:
Reader submitted question on Social-Engineering. Read more

www.darkreading.com:
Firewalls Ready for Evolutionary Shift. Read more

www.darkreading.com:
Putting an Attack Into Context. Read more

www.darkreading.com:
Buffer Overflows Are Top Threat, Report Says. Read more

www.darkreading.com:
Client, Application Flaws Top SANS Vulnerability List. Read more

news.softpedia.com:
God, These Google Hackers Are Smart! Read more

tv3.co.nz:
Claims that Playstation 3 can be used to hack passwords. Read more

www.cacr.math.uwaterloo.ca:
Handbook of Applied Cryptography. Read more

blogoscoped.com:
What the Google Intranet Looks Like. Read more

www.enisa.europa.eu:
Botnets – The Silent Threat. Read more

 

Vulnerabilities & Exploits
www.xdisclose.com:
Microsoft FTP Client Multiple Bufferoverflow Vulnerability. Read more

ha.ckers.org:
ANI Exploit + SQL injection. Read more

securitytracker.com
Cisco Unified IP Phone Extension Mobility Feature Lets Remote Authenticated Users Eavesdrop. Read more

securitytracker.com
BEA Plumtree Portal Discloses Internal Hostname and Product Version Number to Remote Users. Read more

securitytracker.com
BEA Plumtree Portal Search Function Discloses Usernames to Remote Users. Read more

securitytracker.com
Liferay Enterprise Portal Input Validation Hole in the Forgot Password 'emailAddress' Parameter Permits Cross-Site Scripting Attacks. Read more

securitytracker.com
Mozilla Firefox Memory Corruption Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com
IBM Lotus Notes Buffer Overflows in Processing Lotus 1-2-3 Attachments Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Symantec Backup Exec for Windows Servers Lets Remote Users Deny Service. Read more

securitytracker.com
Mozilla Firefox Referer Header Spoofing Bug Permits Cross-Site Request Forgery Attacks. Read more

 

News
www.computerworld.com:
Update: Subverted search sites lead to massive malware attack in progress. Read more

www.fbi.gov:
'Bot Roast II' Nets 8 Individuals. Read more

www.theregister.co.uk:
Inside job suspected in email database hack. Read more

www.theregister.co.uk:
Microsoft on the hunt for 'serious' Windows flaw. Read more

www.channelregister.co.uk:
Reported malfunction in PayPal Security Key. Read more

www.theregister.co.uk:
Hacker defaces temples to OS X. Read more

www.informationweek.com:
Seagate's MacBook Hard Drive Destroying Data. Read more

www.vnunet.com:
Experts warn of hacking 'cold war'. Read more

www.pcadvisor.co.uk:
Hacker says PS3 is a password-cracking genius. Read more

27 November 2007

Guides, Papers, etc
sunbeltblog.blogspot.com:
BREAKING: Massive amounts of malware redirects in searches. Read more

www.f-secure.com:
New Vulnerability in QuickTime. Read more

isc.sans.org:
Apple QuickTime 7.3 RTSP Response 0day. Read more

ddanchev.blogspot.com:
But Malware is Prone to be Profitable. Read more

ddanchev.blogspot.com:
Exposing the Russian Business Network. Read more

ddanchev.blogspot.com:
The State of Typosquatting - 2007. Read more

arstechnica.com:
Making malware unprofitable: economics key to slowing hackers down. Read more

www.avertlabs.com:
Pay Up, Or The Computer Gets It! Read more

explabs.blogspot.com:
Innocent searches for Nov 26 2007. Read more

blogs.securiteam.com:
Fact of the week: iPhone widgets doesn’t send IMEI. Read more

isc.sans.org:
Gadget Security. Read more

isc.sans.org:
Policies - Need them, sure, how do we get them approved? Read more

blog.trendmicro.com:
A Tell-all Virus. Read more

www.vitalsecurity.org:
A Portrait of the Artist as a Young Man. Read more

www.darkreading.com:
Buffer Overflows Are Top Threat, Report Says. Read more

www.darkreading.com:
UK Government Breach Exceeds Original Estimates. Read more

www.f-secure.com:
My Egyptian Vacation. Read more

www.computerdefense.org:
CSRF Hacking Database. Read more

blogs.techrepublic.com.com:
Teach a man to fish. Read more

resources.zdnet.co.uk:
The top 10 IT disasters of all time. Read more

www.turnergreen.com:
INFRINGEMENT NATION: COPYRIGHT REFORM AND THE LAW/NORM GAP. Read more

www.podtrac.com:
Audio. Security Now 119: Third Party Cookies. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
SafeNet Sentinel Products Let Remote Users Traverse the Directory. Read more

securitytracker.com:
Citrix NetScaler Cookie Weakness May Let Users Access Arbitrary Accounts. Read more

securitytracker.com:
QuickTime Buffer Overflow in Processing RTSP Content-Type Header Values Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Wireshark Wireshark MP3, DNP, SSL, ANSI MAP, Firebird/Interbase, NCP, HTTP, MEGACO, DCP ETSI, OS/400, PPP, Bluetooth SDP, and RPC Portmap Bugs Let Remote Users Deny Service. Read more

securitytracker.com:
BitDefender Heap Overflow in 'Oscan' ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

 

News
www.securityfocus.com:
Researchers warn of AV software risks. Read more

www.theregister.co.uk:
QuickTime streaming media exploit targets unpatched bug. Read more

www.securityfocus.com:
QuickTime exploited by media-handling flaw. Read more

www.miamiherald.com:
Cyber-age prompts a new war. Read more

www.stuff.co.nz:
'Ethical' Kiwi hacker keeps Microsoft busy. Read more

www.infoworld.com:
Another inconvenient truth: Al Gore's Web site hacked. Read more

www.theage.com.au:
Flaw leaves Microsoft looking like a turkey. Read more

www.reuters.com:
Skype encryption stumps German police. Read more

www.neowin.net:
Man in the browser is new security threat to online banking. Read more

www.techworld.com:
Criminals burrow into browsers to hack banks. Read more

www.computerweekly.com:
Social engineering attacks on the rise. Read more

www.pcadvisor.co.uk:
McAfee: Windows Vista hacks to surge in 2008. Read more

computerworld.com:
Alleged Cisco hacker convicted in Sweden, bewails fate. Read more

www.zdnet.co.uk:
What's Going on at Skype? Read more

www.computerworld.com:
UK youth warned MySpace isn't private (OMG!!!!1). Read more

22 November 2007

Guides, Papers, etc
www.f-secure.com:
Converting an iPhone into Full-Featured Spy Tool. Read more

www.fastcompany.com:
Hacking the iPhone. Read more

www.fastcompany.com:
Video. Hacking the iPhone. Watch

ddanchev.blogspot.com:
A Botnet of Infected Terrorists? Read more

ddanchev.blogspot.com:
Mass Defacement by Turkish Hacktivists. Read more

sunbeltblog.blogspot.com:
Irony: Truly, they have no shame. Read more

sunbeltblog.blogspot.com:
Example of a money transfer scam site: usps-mailcorp. Read more

blog.trendmicro.com:
Bad Image for Gameige. Read more

blog.dkbza.org:
Packers, Time and Google Groups. Read more

blogs.ittoolbox.com:
Innocent searches for Nov 21 2007. Read more

www.heise-security.co.uk:
TOR anonymisation network phished, part 2. Read more

www.infoworld.com:
Is security software becoming a security risk? Read more

www.nruns.com:
The Death of Defense in Depth ? - revisiting AV Software. Read more

www.darkreading.com:
Cybercriminals Ready for Banner Holiday Shopping Season. Read more

www.darkreading.com:
Rethinking Desktop Security. Read more

www.infoblox.com:
THIRD ANNUAL DNS SURVEY. Read more

dns.measurement-factory.com:
DNS SURVEY: OCTOBER 2007. Read more

isc.sans.org:
Social Engineering, just by asking! Read more

www.eweek.com:
Is the Internet Governable? Read more

www.news.com:
What are the odds you'll land on a typo-squatting site? Read more

www.msnbc.msn.com:
WPBF Explains How PC Repair Shops Can Steal Personal Info. Read more

blogs.zdnet.com:
Is it ethical to turn on wireless security for an open access point? Read more

blogs.zdnet.com:
Memory test - Firefox 2.0.0.9 vs Firefox 3.0 b 1. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
IBM Director Lets Remote Users Deny Service. Read more

 

News
www.theregister.co.uk:
Germany seeks malware 'specialists' to bug terrorists. Read more

www.smh.com.au:
Germany to bug terrorists' computers. Read more

www.1888pressrelease.com:
Siberian Hacker Shut Down. Read more

www.theinquirer.net:
16 year-old 'hacker' designs Internet policy. Read more

news.zdnet.co.uk:
McAfee: Businesses 'leery' of Vista. Read more

21 November 2007

Guides, Papers, etc
www.f-secure.com:
Testing TOR Nodes for Man-in-the-Middle Attacks. Read more

www.teamfurry.com:
TOR exit-node doing MITM attacks. Read more

www.teamfurry.com:
On TOR. Read more

sunbeltblog.blogspot.com:
Example of a money transfer scam site: usps-mailcorp. Read more

sunbeltblog.blogspot.com:
OOF spam suppression. Read more

sunbeltblog.blogspot.com:
The Kindle. Read more

blog.trendmicro.com:
Bad Image for Gameige. Read more

rbnexploit.blogspot.com:
RBN – Fake Codecs. Read more

www.securityfocus.com:
Don't blame the IDS. Read more

www.pcadvisor.co.uk:
XP & Vista users wary of Windows 2000 exploit. Read more

isc.sans.org:
Security 2.0. Read more

isc.sans.org:
Holiday/Family Incident Response Why and How. Read more

www.2-viruses.com:
IT managers should think as hackers do. Read more

www.teamfurry.com:
Illusion - Now you see me, now you don’t. Read more

www.abc.net.au:
Sudoku may save us from spam. Read more

aps.arxiv.org:
Escalating The War On SPAM Through Practical POW Exchange. Read more

blogs.zdnet.com:
In zombies we trust. Read more

12angrymen.wordpress.com:
Caveat Emptor - Use of Credit Cards On-Line. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Alcatel OmniPCX Enterprise Lets Remote Users Deny Service and Potentially Intercept Audio. Read more

securitytracker.com:
Cacti Unspecified Input Validation Flaw Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Citrix NetScaler Input Validation Hole in 'generic_api_call' Permits Cross-Site Scripting Attacks. Read more

 

 

News
www.itweb.co.za:
100 000 new viruses in 2007. Read more

www.tech.co.uk:
McAfee: More web-based threats in 2008. Read more

www.vnunet.com
Security experts forecast stormy 2008. Read more

www.wired.com:
Firefox 3 Beta 1 Arrives in Fighting Shape. Read more

www.computerworlduk.com:
Trojan horse gallops through Windows Live Messenger. Read more

www.webuser.co.uk:
Phone-tapping email hides Trojan. Read more

blog.wired.com:
Hushmail To Warn Users of Law Enforcement Backdoor. Read more

www.usatoday.com:
Spam-spitting Storm virus, a year old, is as tricky as ever. Read more

government.zdnet.com:
Judge: ‘Personal’ spam is not illegal. Read more

www.zdnet.co.uk:
Yes, Microsoft will support XP until 2014. Read more

20 November 2007

Guides, Papers, etc
blog.wired.com:
PGP Creator Defends Hushmail. Read more

www.eweek.com:
Microsoft Could Do More: Windows Update as a Hosting Service. Read more

www.viruslist.com:
The evolution of technologies used to detect malicious code. Read more

www.nsc.liu.se:
The Stakkato Attacks. Read more

ddanchev.blogspot.com:
Large Scale MySpace Phishing Attack. Read more

ddanchev.blogspot.com:
Another Massive Embedded Malware Attack. Read more

isc.sans.org:
Guest Editorial: Internet Governance Forum (Gadi Evron). Read more

isc.sans.org:
The Holidays Cometh. Read more

www.darkreading.com:
DNS Servers in Harm's Way. Read more

www.theregister.co.uk:
Email security: Where are we @? Read more

resources.zdnet.co.uk:
Securing the wireless frontier. Read more

explabs.blogspot.com:
Big hack today. Read more

www.technewsworld.com:
Report: E-Commerce Fraudsters' Haul May Reach $3.6B in 2007. Read more

www.betanews.com:
Surveys: Identity theft more critical than incursion, data loss. Read more

www.internetevolution.com:
The Future of Internet Immune Systems. Read more

www.macworld.com:
Study: Internet could run out of capacity in two years. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
WordPress Cookie Authentication Flaw Lets Remote Users Access Accounts in Certain Cases. Read more

securitytracker.com:
Mozilla Firefox subjectAltName:dNSName Attribute Validation Flaw Lets Remote Users Spoof Certificates. Read more

securitytracker.com:
MySQL convert_search_mode_to_innobase() Bug Lets Remote Authenticated Users Deny Service. Read more

 

Tools:
www.techworld.com:
Zimmermann's Zfone now supports Google Talk. Read more

 

News
www.computerworld.com:
Hackers jack Monster.com, infect job hunters. Read more

blog.wired.com:
Hushmail To Warn Users of Law Enforcement Backdoor. Read more

www.thelocal.se:
FBI investigates Swedish hacker. Read more

www.theregister.co.uk:
Mozilla hits back at Firefox 3 quality slur. Read more

19 November 2007

Guides, Papers, etc
ddanchev.blogspot.com:
The "New Media" Malware Gang. Read more

ddanchev.blogspot.com:
But of Course I'm Infected With Spyware. Read more

sunbeltblog.blogspot.com:
Adult Friend Finder. Read more

isc.sans.org:
Overzlobbed. Read more

www.cisrt.org:
Call1105-??.rar Spams Spread. Read more

blog.spywareguide.com:
The Myspace Band Hacks: A Victim Speaks. Read more

isc.sans.org:
Architecture, security and assurance. Read more

co4k.warazd.com:
MPack Developer: “Just Creating Ammunition”. Read more

rbnexploit.blogspot.com:
RBN – PC Hijacking via Banner-Ads on Major Web Por... Read more

www.symantec.com:
Danger - The subject says it all. Read more

www.disog.org:
Walking through a phish site. Read more

hydrogen.oshean.org:
Audio. PaulDotCom Security Weekly - Episode 88. Listen

blogs.securiteam.com:
Mozilla still working on JAR: protocol flaw. Read more

www.networkworld.com:
One tiny math mistake and the terrorists win? Read more

www.infoworld.com:
Protect against external threats. Read more

www.dailytech.com:
When Online Advertising Goes Too Far. Read more

www.disog.org:
Researching Botnets. Read more

 

Vulnerabilities & Exploits
blog.mozilla.com:
jar: Protocol XSS Security Issues. Read more

securitytracker.com:
AhnLab V3 Internet Security ZIP File Memory Error May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Jet Engine Stack Overflow May Let Remote Users Execute Arbitrary Code. Read more

 

 

News
blog.wired.com:
Hacked iPhone No Longer Just a Theory: Demo Turns iPhone into Spy Device. Read more

www.nytimes.com:
Mozilla Won’t Fix 80% of Firefox 3.0’s Bugs. Read more

www.news.com:
Firefox 3.0 may ship with a slew of serious bugs intact. Read more

news.softpedia.com:
Norton, McAfee and Kaspersky Fighting for Seagate’s HDD Security. Read more

www.reuters.com:
PayPal offers secure way to shop non-PayPal sites.Read more

www.airdefense.net:
AirDefense's Comprehensive Survey of 3,000 Retail Stores Finds Many Wireless Data Security Vulnerabilities as Holiday Shopping Season Nears. Read more

today.reuters.co.uk:
"Lust, Caution" prompts virus and medical warnings. Read more

www.nytimes.com:
In Korea, a Boot Camp Cure for Web Obsession. Read more

www.computerworld.com:
Microsoft Fixes Gaffe in Time for Patch Tuesday. Read more

17 November 2007

Guides, Papers, etc
www.f-secure.com:
Video - Live at USENIX '07. Read more

www.mckeay.net:
Ever heard of a code of ethics? Read more

communities.intel.com:
Ethics within Information Security. Read more

isc.sans.org:
Architecture, security and assurance. Read more

isc.sans.org:
Tiger and Leopard upgrades. Read more

ddanchev.blogspot.com:
Lonely Polina's Secret. Read more

sunbeltblog.blogspot.com:
New fake codec: playcodec. Read more

sunbeltblog.blogspot.com:
Some new twists in the Storm worm. Read more

www.thespanner.co.uk:
Safari security. Read more

www.darkreading.com:
Botnets: Whose Fault Are They? Read more

www.darkreading.com:
Blacklisting Meets Whitelisting. Read more

www.infoworld.com:
Protect against external threats. Read more

blogs.technet.com:
More than 490’000 Database Server unprotected on the Web. Read more

www.securityfocus.com:
Aye, Robot, or Can Computers Contract? Read more

www.informationweek.com:
Defense In Depth: A Blueprint For Security. Read more

resources.zdnet.co.uk:
Top five worst IT security mishaps of 2007. Read more

www.darkreading.com:
Financial Consulting Firm Fixes Security Flaws. Read more

www.usatoday.com:
Study: Many retailers' wireless data systems easy to hack. Read more

www.cl.cam.ac.u
A pact with the Devil.
Malware propagation strategies which exploit not the incompetence or naivety of users, but instead their own greed, malice and short-sightednes. Read more

cr.yp.to:
Some thoughts on security after ten years of qmail 1.0. Read more

www.lightbluetouchpaper.org:
Google as a password cracker. Read more

www.disog.org:
Audio. Analysis Of Malware Audiocast. Listen

podcasts.mcafee.com:
Audio. The W32/Virut family of parasitic infectors is discussed, along with the general resurgence in parasitic malware. Listen

www.youtube.com:
Video. government hacks. Watch

 

Vulnerabilities & Exploits
securitytracker.com:
FLAC Buffer Overflows, Double Free Errors, and Other Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
IBM WebSphere Input Validation Hole in 'Expect' Header Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Citrix Presentation Server Published Application Information May Let Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Mac OS X Application Firewall Bugs May Let Remote Users Access the Services on the Target System. Read more

 

 

News
www.theregister.co.uk:
Chinese cyber strikes will be 'like WMD'. Read more

www.computerworld.com:
Storm botnet spreading malware through GeoCities. Read more

www.smh.com.au:
Police swoop on 'hacker of the year'. Read more

www.computeractive.co.uk:
Security firm urges caution when donating online. Read more

16 November 2007

Guides, Papers, etc
ddanchev.blogspot.com:
First Person Shooter Anti-Malware Game. Read more

ddanchev.blogspot.com:
Cyber Jihadist Blogs Switching Locations Again. Read more

blogs.zdnet.com:
Rogue anti-malware lures squirming though Skype. Read more

www.symantec.com:
Discussion of ActiveX Vulnerabilities. Read more

pandalabs.pandasecurity.com:
Fake Microsoft Update. Read more

wabisabilabi.blogspot.com:
Focus on: ClamAV remote code execution. Read more

blog.trendmicro.com:
YouTube Spoof Site Serving Malware. Read more

www.net-security.org:
Wi-Fi piggybacking widespread. Read more

www.betanews.com:
Microsoft wants to play doctor with your home network. Read more

www.foxnews.com:
Don't Forget to Back Up Your Brain. Read more

blogs.authentium.com:
You are infected/hacked and it is your fault. Read more

www.computerworld.com:
What retail wireless security? Read more

www.news.com:
Microsoft exec calls XP hack 'frightening'. Read more

www.podtrac.com:
Audio. Security Now 118: Your Questions, Steve's Answers 28. Listen

 

Vulnerabilities & Exploits
securitytracker.com:
Samba nmbd Buffer Overflow in Processing GETDC mailslot Requests Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Samba nmbd Buffer Overflow in reply_netbios_packet() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mac OS X SecurityAgent Lets Physically Local Users Bypass the Screen Saver Password Mechanism. Read more

securitytracker.com:
Mac OS X Kernel and Networking Bugs Let Remote and Local Users Deny Service or Execute Arbitrary Code. Read more

securitytracker.com:
NFS AUTH_UNIX RPC Double Free Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mac OS X WebCore/WebKit Bugs Let Remote Users Execute Arbitrary Code. Read more

 

 

News
www.theregister.co.uk:
Tor embassy 'hacker' raided by Swedish Feds. Read more

www.regdeveloper.co.uk:
Databases still open to basic attack. Read more

www.vnunet.com:
Hushmail turns out to be anything but. Read more

www.wired.com:
Hackers Use Banner Ads on Major Sites to Hijack Your PC. Read more

www.computerworld.com:
Disappearing Gmail messages baffle users. Read more

15 November 2007

Guides, Papers, etc
www.f-secure.com:
Virtual Theft at the Habbo Hotel. Read more

ddanchev.blogspot.com:
Popular Spammers Strategies and Tactics. Read more

ddanchev.blogspot.com:
Electronic Jihad's Targets List. Read more

ddanchev.blogspot.com:
Scammy Ecosystem. Read more

www.wired.com:
Did NSA Put a Secret Backdoor in New Encryption Standard? Read more

sunbeltblog.blogspot.com:
Rogue ads pushing malware -- how it works. Read more

blog.trendmicro.com:
PhishIRS Cast Their Net Anew. Read more

www.itu.int:
ITU Botnet Mitigation Toolkit. Read more

www.darkreading.com:
Researchers 'Spy' on Web Attackers. Read more

www.darkreading.com:
Dissecting Malware. Read more

isc.sans.org:
Incident Handling 101. Read more

isc.sans.org:
Miscellaneous items. Read more

blogs.ittoolbox.com:
Banner ads from major sites. Read more

www.eweek.com:
Trust Is Back In Style. Read more

www.infoworld.com:
Stopping malware that mutates on demand. Read more

 

News
www.securityfocus.com:
Half-million database servers at risk, survey says. Read more

www.channelregister.co.uk:
eBay Trojan morphs to snare motor victims. Read more

www.hardwarezone.com:
PDF Malware Crashes Into October Virus Charts. Read more

www.techworld.com:
Malware adapts to Web 2.0. Read more

www.computerworld.com:
Apple patches 41 bugs in monster day of fixes. Read more

torrentfreak.com:
14 Year Old BitTorrent Hacker Threatens to Sue What.cd Users. Read more

www.latimes.com:
Yahoo to pay Chinese families. Read more

www.dbtechno.com:
Comcast Sued For Blocking BitTorrent. Read more

14 November 2007

Guides, Papers, etc
www.buslab.org:
Cryptanalysis of the Random Number Generator of the Windows Operating System, by Leo Dorrendorf and Zvi Gutterman and Benny Pinkas. Read more

www.theage.com.au:
The hack of the year. Read more

www.eweek.com:
Some Ad Networks Are Bad News. Read more

ddanchev.blogspot.com:
Teaching Cyber Jihadists How to Hack. Read more

ddanchev.blogspot.com:
p0rn.gov - The Ongoing Blackhat SEO Operation. Read more

sunbeltblog.blogspot.com:
New fake codec site: zangcodec. Read more

sunbeltblog.blogspot.com:
Love letters on the MBR.

sunbeltblog.blogspot.com:
DNS hacks the norm. Read more

www.f-secure.com:
Microsoft Updates Released. Read more

www.f-secure.com:
Raining Money Mules. Read more

isc.sans.org:
New version of cvtwin, now with HTTP upload. Read more

isc.sans.org:
november black tuesday overview. Read more

www.cisrt.org:
Mcrsvc.exe, IRCBot.apd. Read more

blogs.securiteam.com:
Project Hayneedle. Read more

observed.de:
Project HayNeedle. Read more

www.darkreading.com:
The Secret Life of a Bot. Read more

www.darkreading.com:
The World's Biggest Botnets. Read more

msmvps.com:
Do me a favour - dump Symantec. Read more

msmvps.com:
MalwareAlarm again.. this time it's www.ok-magazine.com. Read more

www.technewsworld.com:
The Evolution of Spam, Part 1: New Tricks. Read more

www.darkreading.com:
IBM Adds CSRF Scanning to Watchfire Tool. Read more

www.darkreading.com:
It Takes One to Know One. Read more

ha.ckers.org:
DoSing Via Chargebacks. Read more

support.microsoft.com:
Support WebCast: Microsoft Security Intelligence Report: Latest trends in vulnerabilities, malware, and potentially unwanted software. Read more

www.net-security.org:
(IN)SECURE Magazine, Issue 14: Now Available. Read more

csrc.nist.gov:
User’s Guide to Securing External Devices for Telework and Remote Access. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Adobe ColdFusion CFID/CFTOKEN Bug May Let Remote Users Hijack Sessions. Read more

securitytracker.com:
Novell Client Lets Local Users Gain Kernel Level Privileges. Read more

securitytracker.com:
Microsoft Windows DNS Service Insufficent Entropy Lets Remote Users Spoof the DNS Service. Read more

securitytracker.com:
Ruby SSL Certificate Attribute Verification Bugs Let Remote Users Conduct Man-in-the-Middle Attacks. Read more

securitytracker.com:
F5 FirePass Input Validation Hole in 'download_plugin.php3' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
WinPcap Bug in bpf_filter_init() Function Lets Local Users Gain Kernel Level Privileges. Read more

securitytracker.com:
PHP Buffer Overflows, Filtering Bypass, and Configuration Bypass Bugs May Let Users Gain Elevated Privileges. Read more

 

News
www.securityfocus.com:
Microsoft closes Windows Shell hole. Read more

tech.blorge.com:
Microsoft Windows 7 ‘wishlist’ leaked! Read more

www.israeltoday.co.il:
Israeli researchers find major Microsoft Windows security hole. Read more

www.washingtonpost.com:
Russia Casts A Selective Net in Piracy Crackdown. Read more

www.smh.com.au:
Nigerian 'scammer' arrested. Read more

www.darkreading.com:
Report: Korean Execs Stole $1.8B in Trade Secrets. Read more

www.channelregister.co.uk:
Chinese Trojan on Maxtor HDDs spooks Taiwan. Read more

www.channelregister.co.uk:
Windows random number generator is so not random. Read more

www.channelregister.co.uk:
Multics source code released into the wild. Read more

www.heise-security.co.uk:
Spam links flying under Google flag. Read more

12 November 2007

Guides, Papers, etc
ddanchev.blogspot.com:
Yet Another Malware Outbreak Monitor. Read more

ddanchev.blogspot.com:
Targeted Spamming of Bankers Malware. Read more

www.sciencedaily.com:
Computer Scientist Fights Threat Of 'Botnets'. Read more

www.securityfocus.com:
Don't blame the IDS. Read more

isc.sans.org:
Cyber Jihad? Yeah, right... Read more

isc.sans.org:
WoW. Read more

www.f-secure.com:
There's Nothing to See Here, Please Move Along Now. Read more

sunbeltblog.blogspot.com:
eEye comment spam. Read more

www.cisrt.org:
Xgame.zip, Do You Receive? Read more

blog.trendmicro.com:
Blue Sky[pe] predicted today. Good weather for Phishing. Read more

www.0x000000.com:
Stealing Computer Names In Firefox And MSIE. Read more

ha.ckers.org:
MySpace Anti-Phishing Techniques Need Work. Read more

www.cisco.com:
NetFlow Performance Analysis. Read more

www.podtrac.com:
Audio. Security Now 117: Even More Perfect Paper Passwords. Listen

 

Vulnerabilities & Exploits
blogs.securiteam.com:
JAR: protocol vuln - targeting to Google now. Read more

securitytracker.com:
PCRE Regex Processing Integer Overflows May Let Users Execute Arbitrary Code. Read more

securitytracker.com:
AOL Radio Buffer Overflow in AmpX ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Mozilla Firefox Input Validation Hole in jar: Protocol Handler Permits Cross-Site Scripting Attacks. Read more

 

 

News
www.securityfocus.com:
Bot master owns up to 250,000 zombie PCs. Read more

news.zdnet.co.uk:
US 'botmaster' faces 60-year prison spell. Read more

computerworld.com:
Microsoft drops IE's 'click to activate' nag. Read more

news.zdnet.co.uk:
Infamous Russian malware gang vanishes. Read more

www.computerworld.com:
Update: Russian hacker gang vanishes day after moving to China. Read more

www.azstarnet.com:
Maliciously coded online ad caused Star's Web site problems. Read more

blogs.securiteam.com:
Another case of the infected HD. Read more

news.xinhuanet.com:
Bots, spyware top security concern of U.S. gov't IT people. Read more

www.theregister.co.uk:
IndiaTimes website 'attacks visitors'. Read more

www.securityfocus.com:
Web attack primes sites to infect visitors. Read more

www.wtoctv.com:
Computer Hacker Changes Grades at Corporate Academy. Read more

www.securityfocus.com:
Manhattan business indicted for ID theft. Read more

blogs.techrepublic.com.com:
Only two fixes from Microsoft on Patch Tuesday next week. Read more

09 November 2007

Guides, Papers, etc
www.darkreading.com:
The World's Biggest Botnets. Read more

ddanchev.blogspot.com:
Go to Sleep, Go to Sleep my Little RBN. Read more

ddanchev.blogspot.com:
Electronic Jihad v3.0 - What Cyber Jihad Isn't. Read more

ddanchev.blogspot.com:
I See Alive IFRAMEs Everywhere. Read more

sunbeltblog.blogspot.com:
Seen in the wild: Fake error message pushes, of all things, Google Pack. Read more

www.symantec.com:
Trojan Writer Lusts for Money from Affiliate. Read more

isc.sans.org:
yl18.net part II. Read more

www.cisrt.org:
Really Monitor Your Telephone Line? Read more

www.cisrt.org:
Dancer.exe, Zhelatin Began Active Again. Read more

blog.trendmicro.com:
Hidden IFRAMEs Launch Malware En Masse. Read more

www.vitalsecurity.org:
Myspace Band hacks - STILL active! Read more

www.infoworld.com:
Protecting the end-user. Read more

www.eweek.com:
Network Policies Should Be Open, Not Neutral. Read more

 

Vulnerabilities & Exploits
blogs.securiteam.com:
JAR: protocol vulnerability in Firefox, word processor applications reported. Read more

labs.idefense.com:
Oracle 10g R2 PITRIG_DROPMETADATA Buffer Overflow Vulnerability. Read more

www.gnucitizen.org:
BT Home Flub: Pwnin the BT Home Hub (4). Read more

securitytracker.com:
HP-UX Aries PA-RISC Emulator Bug Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
OpenLDAP Lets Remote Users Crash the slapd Daemon With Specially Crafted objectClasses Attributes. Read more

securitytracker.com:
Conga ricci Daemon Connection Limit Lets Remote Users Deny Service. Read more

securitytracker.com:
Net-snmp GETBULK Request Processing Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
Solaris Volume Manager IOCTL Command Validation Flaw Lets Local Users Deny Service. Read more

 

 

News
www.theregister.co.uk:
Hushmail open to Feds with court orders. Read more

www.theregister.co.uk:
Website for computer security experts hacked. Read more

www.techworld.com:
Massive ID theft gang busted. Read more

www.scmagazineus.com:
SecureWorks: Anti-spyware solution scam steals personal financial information. Read more

www.theregister.co.uk:
Pentagon: Our new robot army will be controlled by malware. Read more

08 November 2007

Guides, Papers, etc
www.honeynet.org:
Know Your Enemy: Behind the Scenes of Malicious Web Servers. Read more

www.symantec.com:
The State of Spam. A Monthly Report – November 2007. Read more

www.f-secure.com:
Security Advisories. Read more

blogs.securiteam.com:
These days of several XSS vulns on known sites. Read more

isc.sans.org:
Gone in 3600 seconds: story about TCP Keep-Alives. Read more

isc.sans.org:
yl18.net mass defacement. Read more

isc.sans.org:
Top IPv6 Implementation Issues. Read more

isc.sans.org:
Cyber Jihad Called Off. Read more

sunbeltblog.blogspot.com:
A little bit of de-fudding on the DNS changing Trojan. Read more

sunbeltblog.blogspot.com:
Another fake codec -- Windows and Mac. Read more

www.darkreading.com:
Honeynet Project: Attackers Know Where You Live. Read more

www.darkreading.com:
The Value of Security Training. Read more

www.siliconvalley.com:
Study reveals new findings about identity theft perpetrators, victims and methods. Read more

www.cisrt.org:
Dancer.exe, Zhelatin Began Active Again. Read more

www.cisrt.org:
Mdesvc.exe, IRCBot.aof. Read more

msmvps.com:
Reports of malware banner advertisements continue... Read more

www.gcn.com:
The most powerful anti-spam filter isn’t used enough. Read more

nick.brown.free.fr:
Memory stick worms. Read more

www.intergovworld.com:
Public utility's bare insecurities. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Oracle Database XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code. Read more

securitytracker.com:
Xpdf Bugs in streams and t1lib Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Cisco Unified MeetingPlace Web Conferencing Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Microsoft DebugView 'Dbgv.sys' Module Lets Local Users Gain Kernel Level Privileges. Read more

securitytracker.com:
Perl Regex Processing Bug May Let Users Execute Arbitrary Code. Read more

securitytracker.com:
PCRE Regex Processing Bugs May Let Users Execute Arbitrary Code. Read more

securitytracker.com:
QuickTime Movie/PICT/QTVR/Java Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Sun Remote Services Net Connect Format String Bug Lets Local Users Gain Root Privileges. Read more

securitytracker.com:
Mono Integer Overflow May Let Local Users Gain Elevated Privileges. Read more

 

 

News
blog.wired.com:
Encrypted E-Mail Company Hushmail Spills to Feds. Read more

www.securityfocus.com:
Microsoft warns of Macrovision attacks. Read more

www.securityfocus.com:
Symantec plans to acquire Vontu. Read more

www.theregister.co.uk:
QuickTime update fixes code-execution holes. Read more

www.2-viruses.com:
2 years in prison for AOL spam scam. Read more

www.theregister.co.uk:
Hack database, change school grades, go to jail for 20 years (maybe). Read more

www.theregister.co.uk:
Googlewhack trick used to slip junk mail past spam filters. Read more

news.softpedia.com:
Hackers with Balls Affecting the Chinese Government. Read more

www.theregister.co.uk:
Police dismantle global child porn network. Read more

news.monstersandcritics.com:
Techie jailed due to Airtel mistake: police. Read more

05 November 2007

Guides, Papers, etc
ddanchev.blogspot.com:
Overperforming Turkish Hacktivists. Read more

ddanchev.blogspot.com:
Rebranding a Security Vendor. Read more

ddanchev.blogspot.com:
Managed Fast-Flux Provider. Read more

sunbeltblog.blogspot.com:
A rather heated debate with a rogue antispyware maker. Read more

sunbeltblog.blogspot.com:
Some new fake codecs. Read more

www.cisrt.org:
Game.zip, KeyLogger.rp. Read more

www.alex-ionescu.com:
Behind Windows x64’s 44-bit Memory Addressing Limit. Read more

blogs.securiteam.com:
That Mac Trojan…Read more

news.softpedia.com:
A Not-So-Safe-Email with Symantec Mail Security. Read more

isc.sans.org:
Daylight Saving Time Reminder for North America (with some exceptions). Read more

news.zdnet.com:
Police Blotter: Is computer-generated pornography illegal? Read more

 

Tools:
community.corest.com:
WifiZoo is a tool to gather wifi information passively. Read more

 

News
software.silicon.com:
Storm Worm still evolving - Symantec. Read more

networks.silicon.com:
Scientists perfecting picture passwords. Read more

blog.wired.com:
Linux Programmer, Hans Reiser, Faces Murder Trial. Read more

www.projo.com:
Langevin to study cyber threats. Read more

03 November 2007

Guides, Papers, etc
isc.sans.org:
root nameserver migration. Read more

ddanchev.blogspot.com:
Metaphisher Malware Kit Spotted in the Wild. Read more

ddanchev.blogspot.com:
Yahoo Messenger Controlled Malware. Read more

www.avertlabs.com:
OSX/Puper: A Real Threat to Macs, or Just More Hype? Read more

www.avertlabs.com:
Password policy – Length vs. Complexity. Read more

www.avertlabs.com:
Someone get the mop, we have a data leak! Read more

www.cisrt.org:
ARP Attack Is So Easy. Read more

swatrant.blogspot.com:
DomPlayer - Rogue Multimedia Player. Read more

swatrant.blogspot.com:
Attack of the Google clones. Read more

www.vitalsecurity.org:
This Skype Worm is pretty distasteful.... Read more

blog.spywareguide.com:
Skype Worm Preys Upon Good Samaritans..Read more

blog.spywareguide.com:
BandJammer - Hacking A Myspace Music Profile Near You. Read more

blog.trendmicro.com:
ZLOB Crosses Over. Read more

www.eweek.com:
The Web's 12 Scariest Applications. Read more

www.darkreading.com:
Bots, Bots Everywhere. Read more

www.darkreading.com:
Threats That Go 'Hack' in the Night. Read more

www.technewsworld.com:
Do Real-Life Laws Stretch Into Virtual Worlds? Read more

www.infoworld.com:
Don't laugh at Estonia -- it could happen to you. Read more

www.pcworld.com:
One in Six PCs Could Be Infected With Malware. Read more

www.f-secure.com:
Audio - BNR Newsradio. Read more

aolradio.podcast.aol.com:
Audio - Security Now 116: Your Questions, Steve’s Answers 27. Listen

dbacl.sourceforge.net:
Can a SPAM filter play Chess?? Read more

 

Vulnerabilities & Exploits
www.gnucitizen.org:
Bugs in the Browser: Firefox’s DATA URL Scheme Vulnerability. Read more

securitytracker.com:
SonicWALL SSL-VPN Client Buffer Overflows in WebCacheCleaner/NeLaunchCtrl ActiveX Controls Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Symantec Anti Virus for Macintosh Mount Scan Feature Lets Local Users Gain Root Privileges. Read more

securitytracker.com:
Norton Anti-Virus for Macintosh Mount Scan Feature Lets Local Users Gain Root Privileges. Read more

securitytracker.com:
Blue Coat ProxySG Management Console Input Validation Hole in Processing CRLs Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Symantec Mail Security Buffer Overflows in KeyView Module Let Remote Users Execute Arbitrary Code. Read more

 

Tools:
www.computerdefense.org:
New IDA Pro Freeware. Read more

 

News
www.theregister.co.uk:
Scepticism over cyber-jihad rumours. Read more

www.theregister.co.uk:
Hackers field malware from fake US election sites. Read more

www.theregister.co.uk:
Security experts knock spots off Mac OS X Leopard firewall. Read more

www.darkreading.com:
The Hartford Loses Tapes With Data on 237,000 People. Read more

www.darkreading.com:
Health Care Provider Adopts Next-Gen Firewall. Read more

02 November 2007

Guides, Papers, etc
blogs.securiteam.com:
Cryptome: NSA has access to Windows Mobile smartphones. Read more

www.zdnet.com.au:
More malware means good news in security fight. Read more

www.viruslist.com:
Virus Top 20 for October 2007. Read more

www.f-secure.com:
Don't Update With That Update.exe. Read more

sunbeltblog.blogspot.com:
Bundle of mayhem: mmcodecs. Read more

sunbeltblog.blogspot.com:
Sunbelt's annual Halloween madness. Read more

sunbeltblog.blogspot.com:
Mac trojan overhype? You tell me. Read more

isc.sans.org:
DNS changer Trojan for Mac (!) in the wild. Read more

www.avertlabs.com:
The Captcha Challenge. Read more

www.avertlabs.com:
Thin client insecurity (and other terrible implementation ideas). Read more

www.avertlabs.com:
Passive Host Characterization. Read more

www.avertlabs.com:
Puper (Zlob): What Are the Attackers Targeting? Read more

www.cisrt.org:
Is Really Microsoft Security Update? Read more

ha.ckers.org:
Malware Solving CAPTCHAs. Read more

www.wired.com:
New Apple Trojan Means Mac Hunting Season Is Open. Read more

blogs.securiteam.com:
Symbian S60 3rd edition hacked - and Nokia’s October response. Read more

isc.sans.org:
Digital cartographers. Read more

isc.sans.org:
Salesforce.com issue? Read more

blogs.dekoh.com:
Signed Java Applets broken on Vista. Read more

www.eweek.com:
OPOC Is Dead. Read more

www.auto.tuwien.ac.at:
The 5th ACM Workshop on Recurring Malcode (WORM 2007). Read more

 

Vulnerabilities & Exploits
securitytracker.com:
Zaptel Buffer Overflow in 'sethdlc.c' Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
IBM WebSphere Application Server Input Validation Hole in 'uddigui/navigateTree.do' Page Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Perdition Format String Bug in IMAP Proxy Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Novell BorderManager Buffer Overflow in clntrust.exe Lets Remote Users Execute. Read more

securitytracker.com:
Macrovision InstallShield Unsafe Method in Update Service ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
CUPS Buffer Overflow in ippReadIO() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
McAfee E-Business Server Heap Overflow in Processing Authentication Packets Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
IBM WebSphere Application Server API Grants Access to Remote Users. Read more

securitytracker.com:
Symantec Altiris Deployment Solution Lets Local Users Gain System Privileges. Read more

securitytracker.com:
Symantec Altiris Deployment Solution Directory Traversal Discloses File Contents to Local Users. Read more

securitytracker.com:
Apple Xcode Bugs Let Local Users Gain System Privileges. Read more

securitytracker.com:
IBM AIX Various Application Buffer Overflows Let Local Users Gain Root Privileges. Read more

 

Tools:
loudtalks.com:
Loudtalks is a little application, which allows you to talk to your friends or colleagues instantly with a single touch of a button. Read more

 

News
www.computerworld.com:
WHOIS stays as is for now. Read more

www.securityfocus.com:
Mac users face Trojan threat. Read more

www.americanbanker.com:
The New Enemy: A Trojan Worse Than Phishing. Read more

www.washingtontimes.com:
Chinese military boosts hacking. Read more

www.technewsworld.com:
Ron Paul Campaign Swept Up in Botnet Spam Scandal. Read more

www.debka.com:
Al Qaeda declares Cyber Jihad on the West. Read more

www.computerworld.com:
Experts diss rumored cyber-jihad set for Nov. 11. Read more

www.securityfocus.com:
Fraud dresses up as skeletons, FTC complaints. Read more

www.washingtonpost.com:
Hackers Unlock Violence in 'Manhunt 2'. Read more

www.computerworld.com:
Nanotech will replace disk drives in 10 years, researcher says. Read more


Copyright© MegaSecurity.org