Home    News Archive    Translate Traducen
News December 2004
31 December 2004

Vulnerabilities & Exploits
securitytracker.com:
Eventum Input Validation Holes Let Remote Users Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
Eventum Has Undocumented System Account. Read more

securitytracker.com:
Mozilla Buffer Overflow in Processing NNTP URLs Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
PHP-Calendar Include File Flaw Lets Remote Users Execute Arbitrary Commands. Read more

www.debian.org:
DSA-620-1 perl -- insecure temporary files / directories. Read more

www.debian.org:
DSA-619-1 xpdf -- buffer overflow. Read more

 

News:
news.com.com:
Cabir worm code wriggles onto Web. Read more

lists.netsys.com:
eEye Digital Security answers about "Multiple Backdoors found in eEye Products". Read more

www.securityfocus.com:
Phishing, spyware and other pests plagued 2004. Read more

www.theregister.co.uk:
Windows XP users Phelled by new Trojan. Read more

nwc.serverpipeline.com:
Fast-Acting Hackers Put Out Trojan Attacking IE. Read more

www.ctv.ca:
Computer viruses morphing, with no end in sight. Read more

30 December 2004

Guides, Papers, etc
msdn.microsoft.com:
Privacy for Browser Users. Read more

www.astalavista.com:
Video Tutorial - Creating a Php Command Shell. Read more

www.knom.or.kr:
Measurement of Campus Network with Network Telescope. Read more

www.cymru.com:
Tracking compromised machines can be difficult. Security solutions often don't scale to the size of larger networks. Technologies such as IDS are flawed, producing copious false positives. When solutions are scaled to fit the larger providers, they often require considerable care and feeding, thus taking time away from problem mitigation. There must be a better way! Enter the Darknet! A Darknet is a portion of routed, allocated IP space in which no active services or servers reside. These are "dark" because there is, seemingly, nothing within these networks. Read more

www.microsoft.com:
TechNet Radio:Open Discussion on Windows and Linux. Read more

 

Vulnerabilities & Exploits
full-disclosure:
Multiple Backdoors found in eEye Products (IRIS and SecureIIS). Read more

isec.pl:
Heap overflow in Mozilla Browser <= 1.7.3 NNTP code. Read more

www.securiteam.com:
Browsers' FTP Client can be Used to Send Mail. Read more

securitytracker.com:
QNX crttrap '-c' Lets Local Users Read or Write Arbitrary Files. Read more

securitytracker.com:
Moodle 'file.php' Discloses Session ID Files and 'view.php' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Owl Intranet Engine Has Unspecified Input Validation Holes That Permit SQL Injection and Cross-Site Scripting Attacks. Read more

 

News:
Multiple Backdoors found in eEye Products (IRIS and SecureIIS)
During meticulous testing of both eEye's IRIS and SecureIIS products, we have discovered multiple backdoors in the latest of both mentioned products and some older versions we could acquire. These backdoors are very cleverly hidden (kudos to the authors), I personally don't condone illegally backdooring commercial products, and personally I don't think much of eEye but I must give credit to where credit is due. (Lance Gusto). Read more

www.crn.com:
Phone Worm Source Code Out, More Threats Expected. Read more

www.theregister.co.uk:
Symbian worm source code slips out. Read more

www.stltoday.com:
Virus targets 'smart' cell phones. Read more

news.bbc.co.uk:
Cyber crime booms in 2004. Read more

news.xinhuanet.com:
New Trojan horse threatens latest Windows XP. Read more

www.theregister.co.uk:
Worldwide Warez hunt nets first conviction. Read more

news.zdnet.co.uk:
Dutch watchdog savages spammers. Read more

www.theregister.co.uk:
How Microsoft played the patent card, and failed. Read more

29 December 2004

Tools
www.velasco.com.br:
The first Cellphone worm with source code available in the world. Read more

 

Guides, Papers, etc
www.net-security.org:
Video interview with George P. Japak, Vice President of ICSA Labs.
In this video Mr. Japak talks about the importance of product certification, the full disclosure of vulnerabilities, how ICSA Labs approaches product testing, how they determine the severity of a vulnerability, and much more. Download

www.rootkit.com:
Windows File Protection: How To Disable It On The Fly. Read more

 

Vulnerabilities & Exploits
securitytracker.com:
PHProjekt 'authform.inc.php' Include File Flaw Lets Remote Users Execute Arbitrary Command. Read more

securitytracker.com:
WHM AutoPilot 'server_inc' Include File Flaw Lets Remote Users Execute Arbitrary Commands. Read more

www.astalavista.com:
Internet Explorer crashes with a simple modified script. Crash

 

News:
www.nwfusion.com:
New, virulent Cabir mobile phone worms spotted. Read more

www.technewsworld.com:
Three Serious New Security Flaws Found in Windows. Read more

www.benningtonbanner.com:
Crime fighters nationwide unite to net 'phishers'. Read more

www.theregister.co.uk:
Worldwide Warez hunt nets first conviction. Read more

www.xbitlabs.com:
AMD’s “Enhanced Virus Protection” Radio Ads Banned in Holland. Read more

28 December 2004

Tools
toolbar.netcraft.com:
Netcraft Anti-Phishing Toolbar Available for Download. Read more

 

Vulnerabilities & Exploits
www.k-otik.com:
Internet Explorer Remote Command Execution Exploit (CMDExe). Read more

www.geocities.com:
IE sp2 and Moxilla Firefox DoS. Read more

www.securiteam.com:
Lycos Free Email Cross-Site Scripting Vulnerability. Read more

www.securiteam.com:
Scripting Vulnerabilities in Indian Email Providers. Read more

www.securiteam.com:
Microsoft Windows Kernel ANI File Parsing Crash and DOS Vulnerability. Read more

www.securiteam.com:
Microsoft Windows LoadImage API Integer Buffer Overflow. Read more

www.securiteam.com:
Microsoft Windows winhlp32.exe Heap Overflow Vulnerability. Read more

securitytracker.com:
netcat for Windows Buffer Overflow in doexec Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Crystal Enterprise Filtering Flaw in RPT File URLs Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
PHProxy Input Validation Hole in 'error' Parameter Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.hat-squad.com:
Remote buffer overflow in Netcat TCP/IP Swiss Army Knife. Read more

 

News:
news.zdnet.co.uk:
Google worm turns to AOL and Yahoo. Read more

www.billingsgazette.com:
Threat to cell phones from viruses so far only theoretical. Read more

www.itp.net:
New Trojan horse gallops onto Symbian OS. Read more

www.theregister.co.uk:
Spam punishment doesn't fit the crime. Read more

news.zdnet.co.uk:
Hacker hits McDonald's China web site. Read more

www.pcworld.com:
2004: Good and Bad for Security. Read more

27 December 2004

Guides, Papers, etc
www-2.cs.cmu.edu:
Worm Origin Identification Using Random Walks. Read more

 

Vulnerabilities & Exploits
www.milw0rm.com:
Netcat v1.1, "-e" Switch, Remote Buffer Overflow Exploit v0.1. Read more

secunia.com:
CUPS xpdf "doImage()" Buffer Overflow Vulnerability. Read more

secunia.com:
SHOUTcast Filename Format String Vulnerability. Read more

secunia.com:
e107 Image Manager File Upload Vulnerability. Read more

secunia.com:
Help Center Live Multiple Vulnerabilities. Read more

secunia.com:
Perl "File::Path::rmtree" Race Condition. Read more

securitytracker.com:
CleanCache Fails to Wipe Files. Read more

 

News:
www.chron.com:
Complex cell phones face threat from viruses. Read more

www.jacksonvilledailynews.com:
New phishing ID-theft scam a real doozy. Read more

26 December 2004

Guides, Papers, etc
people.ists.dartmouth.edu:
Designing a Framework for ActiveWorm Detection on Global Networks. Read more

people.ists.dartmouth.edu:
Early Detection of Internet Worm Activity by Metering ICMP Destination Unreachable Messages. Read more

 

Vulnerabilities & Exploits
www.k-otik.com:
Santy.c - PHP Scripts Automated Arbitrary File Inclusion. Read more

www.k-otik.com:
Santy.b - phpBB <= 2.0.10 Bot Install (Using AOL/Yahoo Search). Read more

freehost07.websamba.com:
Microsoft Internet Explorer XP SP2 Fully Automated Remote Compromise. Read more

securitytracker.com:
TikiWiki Pictures Feature Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
FreezeX File Permissions Let Local Administrators Disable the Service. Read more

securitytracker.com:
YACY Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
Help Center Live Include File Flaw Lets Remote Users Execute Arbitrary Commands. Read more

 

News:
www.zone-h.org:
New worms use search engines to find victims. Read more

www.detnews.com:
Greedy hackers to grow in 2005. Read more

www.yonhapnews.co.kr:
S. Korean Soap Opera Star's Japanese Internet Site Hacked. Read more

wordpress.org:
worm attack on wordpress!! Read more

25 December 2004

Guides, Papers, etc
www.crackingislife.com:
Video Tutorial, Packing Backdoors to beat AV Detection. Download

scholar.lib.vt.edu:
Using Plant Epidemiological Methods To Track Computer Network Worms. Read more

www.bellua.com:
Bellua Cyber Security Conferences & Workshops. Read more

www.sans.org:
Incident Handling Step by Step: Unix Trojan Programs. Read more

 

Vulnerabilities & Exploits
www.velasco.com.br:
VELASCO Worm for Symbian phones. Read more

www.milw0rm.com:
Web Worm Source Code (Proof of Concept). Read more

www.mikx.de:
Cross-Site Scripting (XSS) vulnerabilities. Download

freehost07.websamba.com:
Microsoft Internet Explorer XP SP2 Fully Automated Remote Compromise. Read more

securitytracker.com:
Microsoft Windows LoadImage API Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Windows ANI File Parsing Errors Let Remote Users Deny Service. Read more

securitytracker.com:
Microsoft Windows Help System Buffer Overflows in Processing Phrase Compressed Help Files Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
wpkontakt E-mail Validation Error Lets Remote Users Execute Arbitrary Scripting Code. Read more

securitytracker.com:
Debian debmake Unsafe Temporary Directories May Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Zeroboard Input Validation Holes in out_login.php and write.php Let Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Picosearch Input Validation Flaw Lets Remote Users Spoof Web Site Contents. Read more

securitytracker.com:
SHOUTcast Format String Flaw Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
IBM DB2 Buffer Overflow in generate_distfile Lets Local Users Execute Arbitrary Code. Read more

securitytracker.com:
IBM DB2 Buffer Overflow in rec2xml Lets Local Users Execute Arbitrary Code. Read more

securitytracker.com:
telnetd-ssl SSL_accept error Format String Flaw Lets Remote Users Execute Arbitrary Code. Read more

www.debian.org:
DSA-618-1 imlib -- buffer overflows, integer overflows. Read more

www.debian.org:
DSA-617-1 tiff -- insufficient input validation. Read more

 

News:
freehost07.websamba.com:
Although hundreds of millions of dollars have been spent on securing SP2,perfection is impossible. Through the joint effort of Michael Evanchik (http://www.michaelevanchik.com) and Paul from Greyhats Security (http://greyhats.cjb.net), a very critical vulnerability has been developed that can compromise a user's system without the need for user interaction besides visiting the malicious page. The vulnerability is not actually a vulnerability in itself, but rather it is uses multiple known holes in SP2 including Help ActiveX Control Related Topics Zone Security Bypass Vulnerability and Help ActiveX Control Related Topics Cross Site Scripting Vulnerability. Read more

www.cbronline.com:
Santy peters out, but variants likely. Read more

www.pdabuzz.com:
New Trojan Horse 'Virus' Hits Symbian Phones. Read more

www.pcworld.com:
New Trojan Threatens Smart Phones. Read more

www.sophos.com:
The "Dirty Dozen" 2004: Sophos reveals the top spamming countries. Read more

www.linuxsecurity.com:
State of Linux Security 2004. Read more

wifi.weblogsinc.com:
Wireless in Paradise: Wardriving Maui. Read more

www.usatoday.com:
Three new Windows security holes come at a bad time. Read more

www.startribune.com:
Hackers want to invade holiday computers. Read more

24 December 2004

Guides, Papers, etc
www.dataloss.net:
How we defaced www.apache.org. Read more

 

Vulnerabilities & Exploits
www.velasco.com.br:
Proof-of-concept, the first Brazilian Cell Phone worm for Symbian systems, spread by Bluetooth: Download

www.xfocus.net:
[AD_LAB-04004]Microsoft Windows LoadImage API Integer Buffer overflow. Read more

www.securityfocus.com:
Microsoft Windows winhlp32.exe Heap Overflow Vulnerability. Read more

www.k-otik.com:
Santy.A - phpBB <= 2.0.10 Web Worm Source Code (PoC). Read more

www.securityfocus.com:
Crystal FTP Pro v2.8 Remote Buffer Overflow PoC Exploit. Read more

www.wheresthebeef.co.uk:
Cross-Site Scripting Vulnerability in Plesk 7. Read more

securitytracker.com:
Netscape Directory Server on HP-UX with LDAP Has Remote Buffer Overflow That Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Sybase Adaptive Server Enterprise Has Three Unspecified High Risk Flaws. Read more

securitytracker.com:
2BGal 'id_album' Input Validation Hole Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
PsychoStats Input Validation Error Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
Perl File::Path::rmtree() Permission Modification May Disclose Information to Local Users. Read more

securitytracker.com:
phpMyChat 'setup.php3' Access Permissions Lets Remote Users Execute Arbitrary SQL Commands. Read more

securitytracker.com:
e107 website system Include File Flaw in ImageManager Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Snort TCP/IP Options Bug Lets Remote Users Deny Service. Read more

securitytracker.com:
PHP-Blogger Discloses User E-mail Addresses and Passwords to Remote Users. Read more

securitytracker.com:
Megabook Guestbook Discloses Database to Remote Users. Read more

 

News:
news.zdnet.com:
Exploits released for new Windows flaws. Read more

www.pcworld.com:
Google Smacks Down Santy Worm. Read more

www.pcworld.com:
New Trojan Threatens Smart Phones. Read more

news.xinhuanet.com:
"Sexxxy" Trojan invades smart phone. Read more

software.silicon.com:
10 points on Microsoft's 2005 'to do' list. Read more

informationweek.com:
Phishers Have Joined The Holiday Shopping Spree. Read more

23 December 2004

Guides, Papers, etc
www.honeynet.org:
Trend: Life expectancy increasing for unpatched or vulnerable Linux deployments. Read more

www.finjan.com:
Spyware and Adware – Threats and Countermeasures. Read more

www.securityfocus.com:
How ITIL Can Improve Information Security. Read more

 

Vulnerabilities & Exploits
www.securiteam.com:
phpBB highlight Arbitrary File Upload (Santy.A). Read more

www.securiteam.com:
Winmail Server Information Disclosure. Read more

www.securiteam.com:
Multiple Vulnerabilities in Gadu-Gadu. Read more

secunia.com:
WinRAR Delete File Buffer Overflow Vulnerability. Read more

securitytracker.com:
Spy Sweeper Enterprise Windows Tray Icon Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Squid ACLs May Be Confusing When Empty Lists are Declared. Read more

securitytracker.com:
xine Buffer Overflow in pnm_get_chunk() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
phpBB viewtopic.php 'highlight' Input Validation Flaw Lets Remote Users Execute Arbitrary Commands. Read more

www.idefense.com:
ibtiff STRIPOFFSETS Integer Overflow Vulnerability. Read more

www.idefense.com:
Multiple Vendor xpdf PDF Viewer Buffer Overflow Vulnerability. Read more

www.idefense.com:
Multiple Vendor Xine 0.99.2 PNM Handler Negative Read Length Overflow Vulnerability. Read more

www.idefense.com:
Hewlett Packard HP-UX ftpd Remote Buffer Overflow Vulnerability. Read more

www.idefense.com:
libtiff Directory Entry Count Integer Overflow Vulnerability. Read more

www.idefense.com:
libtiff STRIPOFFSETS Integer Overflow Vulnerability. Read more

www.securiteam.com:
FTP Client Command Injection. Read more

www.securiteam.com:
Cleartext SMB Passwords in Novell Desktop Linux using KDE. Read more

www.securiteam.com:
Kfax LibTIFF Vulnerabilities. Read more

www.securiteam.com:
ChangePassword Unsafe Command Execution (make). Read more

www.securiteam.com:
Multiple Vulnerabilities in phpMyAdmin (External Transformations). Read more

www.securiteam.com:
phpMyChat Improper File Permissions. Read more

www.securiteam.com:
vBulletin Unofficial lastten SQL Injection (ftitle). Read more

www.securiteam.com:
Opera Remote Command Execution with Kfmclient. Read more

www.securiteam.com:
Multiple Vendor Xine PNM Handler Heap Overflows. Read more

www.debian.org:
DSA-615-1 debmake -- insecure temporary files. Read more

www.debian.org:
DSA-614-1 xzgv -- integer overflows. Read more

 

News:
www.securityfocus.com:
Groups fight Internet wiretap push. Read more

www.startribune.com:
Password crackers volunteer to help family access dead Marine's e-mail account. Read more

www.vnunet.com:
2004: the year of the phish. Read more

www.vnunet.com:
Security: What to watch in 2005. Read more

www.theregister.co.uk:
Botnet used to boost online gaming scores. Read more

www.globetechnology.com:
Virus infections hit record: Report. Read more

news.zdnet.com:
Linux lasting longer against Net attacks. Read more

my.bend.com:
Beware scam 'last-minute gift' Websites, AG warns. Read more

www.theregister.co.uk:
'Metal Gear' Trojan targets Symbian phones. Read more

www.theregister.co.uk:
Botnets, phishing and spyware. Read more

news.com.com:
Security in a Google world. Read more

22 December 2004

Guides, Papers, etc
www.cs.tcd.ie:
Internet Worm Detection as part of a Distributed Network Inspection System. Read more

www.acmqueue.com:
Self-Healing in Modern Operating Systems. Read more

 

Vulnerabilities & Exploits
secunia.com:
Spy Sweeper Enterprise Client Privilege Escalation Vulnerability. Read more

secunia.com:
My Firewall Plus Privilege Escalation Vulnerabilities. Read more

securitytracker.com:
IBM AIX diag Path Validation Flaw Lets Local Users Execute Arbitrary Code With Privileges. Read more

securitytracker.com:
IBM AIX chcod Lets Certain Local Users Execute Arbitrary Code With Privileges. Read more

securitytracker.com:
IBM AIX invscout Lets Local Users Execute Arbitrary Code With Privileges. Read more

securitytracker.com:
Kerberos libkadm5srv Heap Overflow in Processing Password History May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Crystal FTP Pro Buffer Overflow in Processing LIST Responses Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
HP-UX newgrp(1) Bug Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
KDE Konqueror Java Bugs Let Remote Users Access Restricted Java Classes. Read more

www.securiteam.com:
Unreachable Socket in Lithtech Engine (New Protocol). Read more

www.securiteam.com:
PHP Input Validation Vulnerabilities (addslashes, Windows Only). Read more

www.securiteam.com:
Ultrix dxterm -setup Buffer Overflow. Read more

www.securiteam.com:
AIX paginit, lsmcode and invscout Local Exploits. Read more

www.securiteam.com:
Multiple phpGroupWare Vulnerabilities (Path Disclosure, XSS, SQL Injection). Read more

www.securiteam.com:
Multiple Vendor xpdf PDF Viewer Buffer Overflow Vulnerability. Read more

www.securiteam.com:
Crypt::ECB Block Zero Truncation. Read more

www.securiteam.com:
IBM AIX invscout Local Command Execution Vulnerability. Read more

www.securiteam.com:
IBM AIX chcod Local Privilege Escalation Vulnerability. Read more

www.debian.org:
DSA-614-1 xzgv -- integer overflows. Read more

www.debian.org:
DSA-613-1 ethereal -- infinite loop. Read more

 

News:
www.theregister.co.uk:
Santy worm defaces thousands of sites.
The Santy worm searches for vulnerable forum sites using Google.
When a suitable target is found, Santy uses a remote exploit to gain access and deface it before resuming its scanning activity. Read more

news.zdnet.com:
Net worm using Google to spread. Read more

news.xinhuanet.com:
Google squishes Santy worm. Read more

news.zdnet.com:
Worst spyware queues up. Read more

www.theregister.co.uk:
Botnets, phishing and spyware. Read more

seclab.cs.rice.edu:
Google Desktop Security Issue. Read more

comment.silicon.com:
Simon Moores: A bad case of worms. Read more

www.infosync.no:
'Metal Gear' Symbian OS trojan disables anti-virus software. Read more

www.theregister.co.uk:
Security holes that run deep. Read more

www.theregister.co.uk:
Botnet used to boost online gaming scores. Read more

news.zdnet.com:
Next-gen VMware software to get memory boost. Read more

www.cnn.com:
Dead Marine's kin plead for e-mail. Read more

21 December 2004

Tools
uk.news.yahoo.com:
Knoppix slims down Linux Live CD. Read more

www.cirt.dk:
WeBrute is a Brute Forcing tool to discover hidden directories, files or parameters in the URL of a webserver. Read more

 

Guides, Papers, etc
blogs.msdn.com:
How can I trust Firefox? Read more

www1.cs.columbia.edu:
Countering Network Worms Through Automatic Patch Generation. Read more

 

Vulnerabilities & Exploits
www.securiteam.com:
Hotmail Cross Site Scripting Vulnerability (Malformed Tags). Read more

www.securiteam.com:
Hotmail Cross-Site Scripting Vulnerability (IE gte). Read more

www.securiteam.com:
Yahoo! Mail Cross-Site Scripting Vulnerability. Read more

www.securiteam.com:
Multiple Vulnerabilities in WinAMP (MP4 and NSV files). Read more

www.debian.org:
DSA-613-1 ethereal -- infinite loop. Read more

www.debian.org:
DSA-612-1 a2ps -- unsanitised input. Read more

www.debian.org:
DSA-611-1 htget -- buffer overflow. Read more

securitytracker.com:
PHPFormMail Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
HTGET Buffer Overflow in Processing URLs Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Windows Media Player setItemInfo Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Google Desktop Search Discloses Local Search Integration Results to Remote Users. Read more

securitytracker.com:
eSupport Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more

securitytracker.com:
IMG2ASCII 'ascii.php' Lets Remote Users Upload and Execute Scripting Code. Read more

www.securiteam.com:
Multiple Vulnerabilities in GamePort. Read more

www.securiteam.com:
Microsoft PowerPoint "Action Settings" Allows Invocation of Default Browser. Read more

www.securiteam.com:
Konqueror Java Vulnerability. Read more

www.securiteam.com:
PHP Shmop Write of Arbitrary Memory (Exploit). Read more

www.securiteam.com:
SQL Injections in Ikonboard (st, keywords). Read more

www.securiteam.com:
singapore Image Gallery Web Application Multiple Vulnerabilities. Read more

www.securiteam.com:
Multiple Vulnerabilities in Kayako eSupport. Read more

 

News:
www.theregister.co.uk:
Teenage British Trojan distributor escapes jail. Read more

www.theregister.co.uk:
UK's biggest spammer charged with more offences. Read more

www.news24.com:
Microsoft dumps McAfee. Read more

www.theregister.co.uk:
Hotmail ditches McAfee for Trend. Read more

www.billingsgazette.com:
Alternatives more secure than Internet Explorer, Outlook. Read more

www.theregister.co.uk:
Punters warned over 'matrix' web scam. Read more

www.theregister.co.uk:
NASA hacker jailed for six months. Read more

www.heise.de:
Uncovered: Trojans as Spam Robots. Read more

www.theregister.co.uk:
Web inaccessibility 'creates net underclass'. Read more

www.sbsun.com:
Internet surfers fight lengthy war against phishing. Read more

www.gripe2ed.com:
A Fatal Blow to Shrinkwrap Licensing? Read more

20 December 2004

Guides, Papers, etc
www.usenix.org:
Call for Papers, 14th USENIX Security Symposium August 1–5, 2005, Baltimore, MD. Read more

www.microsoft.com:
Top 10 Reasons to Deploy Windows XP Service Pack 2. Read more

 

Vulnerabilities & Exploits
www.securityfocus.com:
Microsoft Windows Media Player 9 Vulns. Read more

www.securiteam.com:
MPlayer Multiple Remote Overflows (RTSP, MMST, BMP). Read more

www.securiteam.com:
phpBB2 Information Leak due to Unserializer. Read more

www.securiteam.com:
Crystal FTP Pro Client LIST Buffer Overflow. Read more

www.securiteam.com:
Veritas Backup Exec Agent Browser Registration Request Buffer Overflow. Read more

www.winnetmag.com:
Multiple Vulnerabilities in Microsoft Windows NT 4.0 DHCP. Read more

 

News:
news.zdnet.com:
Hotmail dumps McAfee's antivirus for Trend Micro. Read more

news.zdnet.com:
John Thompson places his wager. Read more

www.cnn.com:
Spammers ordered to pay $1 billion. Read more

news.zdnet.com:
ISP wins $1 billion in spam suit. Read more

www.crime-research.org:
Hacker raised the wages for himself and for colleagues. Read more

blogs.zdnet.com:
New generation of hacking tools puts many more Wireless LANs at risk. Read more

19 December 2004

Guides, Papers, etc
www.informit.com:
Fighting Fire with Fire: Designing a "Good" Computer Virus. Read more

www.sans.org:
Beating the Superbug: Recent Developments in Worms and Viruses (pdf). Read more

Internet Humor. Do you use TinyURL? How about HugeURL instead? (thanks to Larry Zeltzer)

 

Vulnerabilities & Exploits
securitytracker.com:
Symantec Brightmail Can Be Crashed By Remote Users Sending Mail with Nested MIME Attachments. Read more

securitytracker.com:
NetBSD compat Validation Flaws Let Local Users Crash the Kernel or Gain Elevated Privileges. Read more

 

News:
itvibe.com:
afi virus threat finally begins to subside. Read more

www.620ktar.com:
Man Gets 6 Months in NASA Hacking Case. Read more

www.detnews.com:
Second hacker who entered Lowe's computers gets 26 months. Read more

www.theregister.co.uk:
German Postbank phishers arrested. Read more

www.theregister.co.uk:
DHS network vulnerable to attack. Read more

business.bostonherald.com:
`Phishing' hooks wi-fi networks. Read more

www.thepost.ie:
AIB improves security of online banking after fraud attempt. Read more

18 December 2004

Tools
www.computec.ch:
The acronym ATK stands for Attack Tool Kit. It was first developed to provide a very small and handy tool for Windows to realize fast checks for dedicated vulnerabilities. Read more

 

Guides, Papers, etc
www.eecs.harvard.edu:
Fast Detection of Scanning Worm Infectio (pdf). Read more

 

Vulnerabilities & Exploits
freehost07.websamba.com:
MSIE DHTML Edit Control Cross Site Scripting Vulnerability. Read more

www.zone-h.org:
Vulnerability in Google Groups. Read more

www.hardened-php.net:
Multiple vulnerabilities within PHP 4/5. Read more

www.securityfocus.com:
Microsoft(R) PowerPoint ?Action Settings? feature allows invocation of default browser pointed at arbitrary URL. Read more

securitytracker.com:
uml_utilities umt_net slip_down() Lets Local Users Disable the Ethernet Interfaces. Read more

securitytracker.com:
CUPS lppasswd Lets Local Users Truncate Files and Deny Service. Read more

securitytracker.com:
ChangePassword Lets Local Users Obtain Root Privileges. Read more

securitytracker.com:
Ikonboard Input Validation Holes in 'st' and 'keywords' Parameters Permit SQL Injection. Read more

securitytracker.com:
VERITAS Backup Exec Buffer Overflow in Processing Registration Requests Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
abc2mtex Buffer Overflow in process_abc() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
pcal Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
abcpp Buffer Overflow in handle_directive() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
unrtf Buffer Overflow in process_font_table() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
abc2mtex Buffer Overflow in process_abc() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
jcabc2ps Buffer Overflow in switch_voice() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
o3read Buffer Overflow in parse_html() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
html2hdml Buffer Overflow in remove_quote() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
tnftp Input Validation Hole in mget() Lets Remote Servers Write Arbitrary Files on the Client. Read more

securitytracker.com:
IglooFTP Input Validation Hole in download_selection_recursive() Lets Remote Servers Write Arbitrary Files on the Client. Read more

securitytracker.com:
Samba smbd Integer Overflow in Allocating Security Descriptors May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
MPlayer Has Multiple Stack/Heap/Buffer Overflows That May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Sun ONE Messaging Server Bug in Webmail Lets Remote Users Access E-mail Accounts. Read more

 

News:
news.zdnet.co.uk:
Massive IE phishing exploit discovered. Read more

news.zdnet.co.uk:
Microsoft dodges anti-spyware charge accusations. Read more

www.betanews.com:
Microsoft Fixes XP SP2 Firewall Flaw. Read more

www.computerweekly.com:
SP2 firewall could share settings with the whole internet. Read more

www.securityfocus.com:
Zero Viruses In 2005? Read more

www.computerworld.com:
PayPal provides antifraud, antispam tool to users. Read more

17 December 2004

Guides, Papers, etc
www.cybercrime.gov:
Computer Intrusion Cases. Read more

www.cs.berkeley.edu:
Implications of Peer-to-Peer Networks on Worm Attacks and Defenses. Read more

www.microsoft.com:
Definition of a Security Vulnerability. Read more

 

Vulnerabilities & Exploits
secunia.com:
Internet Explorer DHTML Edit ActiveX Control Cross-Site Scripting. Read more

www.securiteam.com:
WinRAR Corrupt ZIP File Vulnerability. Read more

www.securiteam.com:
Microsoft Windows XP Firewall Default Configuration Vulnerability (SP2, Local Subnet). Read more

www.securiteam.com:
Content-Type Spoofing in Mozilla Firefox and Opera Allows Users to Bypass Security Restrictions. Read more

tigger.uic.edu:
Index of /~jlongs2/holes. Read more

www.securiteam.com:
Security Deficiencies of Automated Windows Installations. Read more

www.debian.org:
DSA-610-1 cscope -- insecure temporary file. Read more

securitytracker.com:
Mesh Viewer Buffer Overflow in dxfin() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Yet Another MP3 Tool (YAMT) Input Validation Hole in id3tag_sort() Lets Remote Users Execute Arbitrary Command. Read more

securitytracker.com:
csv2xml Buffer Overflow in get_csv_token() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
ChBg Buffer Overflow in simplify_path() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
pgn2web Buffer Overflow in process_moves() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
abctab2ps Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
NapShare Buffer Overflow in auto_filter_extern() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
abcMIDI Buffer Overflow in dxfin() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Visual Basic to C/GTK (vb2c) Buffer Overflow in gettoken() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
abcm2ps Buffer Overflow in put_words() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Ringtone Tools Buffer Overflow in parse_emelody() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
asp2php Buffer Overflow in gettoken() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Junkie Input Validation Holes Let Remote Servers Execute Arbitrary Commands. Read more

securitytracker.com:
PHP Bugs in addslashes() and exif_read_data() May Let Users Bypass Input Validation Functions. Read more

securitytracker.com:
PHP Integer Overflows in pack() and unpack() and Bugs in realpath() and unserialize() May Allow Users to Bypass safe_mode and Execute Arbitrary Code. Read more

securitytracker.com:
PHP serialize() May Let Users Execute Arbitrary Code or View Memory Contents. Read more

securitytracker.com:
Singapore Input Validation Holes Let Remote Authenticated Users Download and Upload Files, Delete Direcctories, and Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
CUPS HPGL Buffer Overflow in ParseCommand() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
NASM Buffer Overflow in error() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
2fax Buffer Overflow in expandtabs() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Xine Buffer Overflow in open_aiff_file() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
MPlayer Buffer Overflow in Processing ASF Streams Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
QwikMail Buffer Overflow Lets Remote Users Relay Mail. Read more

securitytracker.com:
Filter Buffer Overflow in save_embedded_address() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
jpegtoavi Buffer Overflow in get_file_list_stdin() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Vilistextum Buffer Overflow in get_attr() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Yanf Buffer Overflow in get() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
mpg123 Buffer Overflow in find_next_file() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Convex 3D Buffer Overflow in readObjectChunk() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Slashcode Slash Forum Has Unspecified Vulnerability. Read more

securitytracker.com:
68 Designs Froogle Uploader 'setup.php' Lets Remote Users Gain Administrative Access. Read more

securitytracker.com:
Linux Kernel Integer Overflows in ip_options_get() and vc_resize() Let Local Users Crash the System. Read more

securitytracker.com:
zgv Buffer Overflow in 'readgif.c' in Processing Animated GIFs May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
rtf2latex2e Buffer Overflow in ReadFontTbl() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
libbsb bsb2ppm Buffer Overflow in bsb_open_header() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
LinPopUp Buffer Overflow in strexpand() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
DXFscope Buffer Overflow in dxfin() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
xlreader book_format_sql() Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Attachment Mod Lets Remote Users Upload and Execute Scripting Code. Read more

securitytracker.com:
JSBoard 'parse.php' Lets Remote Users Upload and Execute Scripting Code. Read more

securitytracker.com:
iWebNegar Input Validation Bug Lets Remote Users Inject SQL Commands. Read more

securitytracker.com:
Cisco Traffic Anomaly Detector Has Common Default Root Password. Read more

securitytracker.com:
Cisco Guard Has Common Default Root Password. Read more

www.securiteam.com:
Ability FTP APPE Buffer Overflow. Read more

www.securiteam.com:
Linux Kernel Multiple Local DoS (vc_resize, ip_options_get). Read more

www.securiteam.com:
Insecure Default File System Permissions n Microsoft Versions of Kerio Software. Read more

www.securiteam.com:
Insecure Credential Storage on Kerio Software. Read more

www.securiteam.com:
Local Privileges Elevation via Symantec LiveUpdate. Read more

www.securiteam.com:
Roxio Toast Format String Vulnerability. Read more

 

News:
Internet Explorer DHTML Edit ActiveX Control Cross-Site Scripting
Paul has reported a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct sophisticated cross-site scripting attacks against any web site.
Please see the test below for an example of how this vulnerability can be exploited.
Test Case / Demonstration
The test will open a new window, where the address bar writes "https://www.paypal.com/", but the page is actually displaying content from Secunia. Read more

news.zdnet.co.uk:
Second Christmas card virus Ataks users. Read more

news.zdnet.co.uk:
Zafi worm dominates email systems. Read more

www.theregister.co.uk:
Students find 44 Unix flaws as homework. Read more

www.securityfocus.com:
Microsoft may charge extra for new security software. Read more

www.microsoft.com:
Microsoft Acquires Anti-Spyware Leader GIANT Company. Read more

www.theregister.co.uk:
Microsoft buys anti-spyware firm Giant. Read more

www.securityfocus.com:
Report: DHS cyber security lagging. Read more

news.zdnet.co.uk:
Phishing still on the up. Read more

www.theregister.co.uk:
Symantec buys Veritas for $13.5bn stock. Read more

16 December 2004

Vulnerabilities & Exploits
www.guninski.com:
Fun with the linux kernel (2.6,2.4). windoze is a joke. Read more

cr.yp.to:
MCS 494, UNIX Security Holes, Fall 2004. Read more

securitytracker.com:
Computer Associates eTrust EZ Antivirus Unsafe Permissions Let Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Cisco Unity Default Account Passwords Let Remote Users Gain Administrative Access. Read more

securitytracker.com:
MoniWiki 'UploadFile.php' Lets Remote Users Upload and Execute Scripting Code. Read more

securitytracker.com:
GNUBoard Include File Error Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
Adobe Acrobat Reader Format String Flaw in Processing '.etd' Files Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
phpGroupWare Multiple Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more

securitytracker.com:
Ethereal DICOM, HTTP, and SMB Dissector Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Linux Kernel Auxiliary Message Layer State Error Lets Local Users Deny Service. Read more

securitytracker.com:
Linux Kernel IGMP Integer Underflow Lets Local Users Gain Root Privileges. Read more

securitytracker.com:
Winamp Can Be Crashed With a Malformed MP4 File. Read more

securitytracker.com:
Kerio MailServer Default Configuration Lets Certain Local Users Modify the Application and the Settings. Read more

securitytracker.com:
Kerio ServerFirewall Default Configuration Lets Certain Local Users Modify the Application and the Settings. Read more

securitytracker.com:
Kerio WinRoute Firewall Default Configuration Lets Certain Local Users Modify the Application and the Settings. Read more

securitytracker.com:
Kerio MailServer Discloses Passwords to Local Users. Read more

securitytracker.com:
Kerio ServerFirewall Discloses Passwords to Local Users. Read more

securitytracker.com:
Kerio WinRoute Firewall Discloses Passwords to Local Users. Read more

www.securiteam.com:
Microsoft Word 6.0/95 Document Converter Buffer Overflow (MS04-041). Read more

www.securiteam.com:
Buffer Overflow in HyperTerminal's .ht Files (MS04-043). Read more

www.securiteam.com:
ASP-rider SQL Injection Vulnerability. Read more

www.securiteam.com:
Vulnerability in WINS Allows Remote Code Execution (MS04-045, Name Validation, Association Context). Read more

www.securiteam.com:
Multiple Vendor xzgv PRF Parsing Integer Overflow Vulnerability. Read more

www.securiteam.com:
Multiple Remote Vulnerabilities in NFS-Utils (64bit, SIGPIPE). Read more

www.securiteam.com:
wget Directory Traversal (Exploit). Read more

 

News:
www.smh.com.au:
'Unnecessary' software updates cost millions. Read more

www.theregister.co.uk:
Polyglot virus is Xmas party pooper. Read more

news.zdnet.co.uk:
Christmas card worm rips back door in PCs. Read more

www.securityfocus.com:
Long prison term for Lowe's wi-fi hacker. Read more

abcnews.go.com:
Lowe's Hardware Hacker Gets Nine Years. Read more

www.theinquirer.net:
Microsoft bundling CA Antivirus with OEM Windows? Read more

www.techweb.com:
Phishers Take Cues From Hackers. Read more

www.theregister.co.uk:
Five important fixes in MS December patch batch. Read more

www.theregister.co.uk:
Microsoft halted in phonetic domain crusade. Read more

www.theregister.co.uk:
Business PCs riddled with porn. Read more

15 December 2004

Guides, Papers, etc
www.securityfocus.com:
WEP: Dead Again, Part 1. Read more

www-unix.ecs:
An E®ective Architecture and Algorithm for Detecting Worms with Various Scan Techniques (pdf). Read more

www.finjan.com:
Combating the New Generation of Malware: Spyware, Phishing and Active Content. Read more

 

Vulnerabilities & Exploits
www.idefense.com:
Adobe Acrobat Reader 5.0.9 mailListIsPdf() Buffer Overflow Vulnerability. Read more

securitytracker.com:
Microsoft HyperTerminal Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft WINS Buffer Overflow in Name Value Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Windows NT 4.0 Buffer Overflows in the Logging and Processing of DHCP Packets May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft WordPad Error in Converting Tables/Fonts Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Microsoft Windows Kernel Buffer Overflow in Processing Local Procedure Call Messages Lets Local Users Gain System Privileges. Read more

securitytracker.com:
Microsoft LSASS Bug in Validating Identity Tokens Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
OpenBSD isakmpd Error in pfkeyv2_acquire() Lets Local Users Deny Service. Read more

securitytracker.com:
phpBB Attachment Mod Filename Input Validation Error Lets Remote Users View Files on the System. Read more

securitytracker.com:
Sun Java System Application Server Lets Remote Users Access Active Sessions. Read more

securitytracker.com:
Sun Java System Web Server Lets Remote Users Access Active Sessions. Read more

securitytracker.com:
Novell NetWare Console Screen Saver Authentication Can Be Bypassed By Physically Local Users. Read more

securitytracker.com:
UBBThreads Input Validation Hole in 'Cat' Parameter Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
mysql_auth Memory Leak Has Unspecified Impact. Read more

securitytracker.com:
MediaWiki Uploaded File Extension Error Lets Remote Users Execute Arbitrary Scripting Code. Read more

securitytracker.com:
nfs-utils rquota Buffer Overflow on 64-bit Systems May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
UseModWiki Input Validation Hole Permits Cross-Site Scripting Attacks. Read more

securitytracker.com:
Symantec LiveUpdate NetDetect Scheduled Task Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com:
Opera Default 'kfmclient exec' Configuration May Let Remote Users Execute Arbitrary Commands. Read more

securitytracker.com:
SugarSales Input Validation Bugs Let Remote Users View Files, Inject SQL Commands, and Determine the Installation Path. Read more

securitytracker.com:
xzgv Integer Overflow in Processing PRF Files May Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
ProFTPD SITE CHGRP Command Lets Remote Authenticated Users Modify File/Directory Group Ownership. Read more

isec.pl:
Linux kernel IGMP vulnerabilities. Read more

www.debian.org:
DSA-609-1 atari800 -- buffer overflows. Read more

www.debian.org:
DSA-608-1 zgv -- integer overflows, unsanitised input. Read more

zone-h.org:
[ZH2004-19SA] Possible execution of remote shell commands in Opera with kfmclient. Read more

 

News:
www.microsoft.com:
Microsoft Security Bulletin Summary for December, 2004. Read more

Microsoft Security Bulletin MS04-028
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987). Read more

Microsoft Security Bulletin MS04-041
Vulnerability in WordPad Could Allow Code Execution (885836). Read more

www.zdnet.com.au:
Desktop search tools a virus writers' best friend. Read more

www.computerworld.com:
Zafi worm variant hides behind Christmas cheer. Read more

www.thecouriermail.news.com.au:
Email virus posing as Christmas card. Read more

star-techcentral.com:
Fa-la-la: Decking your PC with an Xmas virus. Read more

14 December 2004

Guides, Papers, etc
www.virusthreatcenter.com:
How worms work: Why are they considered viruses? (pdf) Download

www.virusbtn.com:
VB2005 call for papers Virus Bulletin is seeking submissions from those wishing to present at VB2005, the Fifteenth Virus Bulletin International Conference, which will take place 5-7 October 2005 at the Burlington hotel, Dublin, Ireland. Read more

 

Vulnerabilities & Exploits
www.gentoo.org:
nfs-utils: Multiple remote vulnerabilities. Read more

www.securityfocus.com:
Secure Network Operations SNOsoft Research Team [SRT2004-12-14-0322] Symantec LiveUpdate Advisory. Read more

www.infiltrated.net:
Conceptual, theoretical, proof of concept thought on breaking Stateful Inspection based fail over firewall sessions. Read more

www.exaprobe.com:
Multiple vulnerabilities in phpMyAdmin. Read more

www.zone-h.org:
[ZH2004-19SA] Possible execution of remote shell commands in Opera with kfmclient. Read more

www.securitytracker.com:
Opera Default 'kfmclient exec' Configuration May Let Remote Users Execute Arbitrary Commands. Read more

www.securitytracker.com:
SugarSales Input Validation Bugs Let Remote Users View Files, Inject SQL Commands, and Determine the Installation Path. Read more

www.securitytracker.com:
xzgv Integer Overflow in Processing PRF Files May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
ProFTPD SITE CHGRP Command Lets Remote Authenticated Users Modify File/Directory Group Ownership. Read more

securitytracker.com:
Citadel/UX Format String Error in lprintf() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com:
Winmail Server Bugs in 'chgpwd.php', 'domain.php', and 'user.php' Disclose Installation Path to Remote Users. Read more

securitytracker.com:
Codename Eagle UDP Packet Processing Error Lets Remote Users Deny Service. Read more

securitytracker.com:
GameSpy SDK Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more

www.securiteam.com:
Tom's IPX Tunneling Daemon Config File Format String Vulnerability. Read more

www.turbolinux.com:
Turbolinux Security Advisory TLSA-2004-34. Read more

www.man.poznan.pl:
Gadu-Gadu, Several vulnerabilities within application allow for remote execution of arbitrary code and information stealing. Read more

 

News:
www.smh.com.au:
Police given computer spy powers. Read more

www.securityfocus.com:
Online Extortion Works. Read more

itvibe.com:
Three new variants of Smartphone virus found. Read more

www.computerweekly.com:
Microsoft has released Windows Server 2003 Service Pack 1 (SP1), the next milestone in its Trustworthy Computing initiative. Read more

www.websidestory.com:
Firefox's Share of Browser Market Grows 34 Percent in One Month, According to WebSideStory. Read more

www.theregister.co.uk:
German police to take 16,000 warez buyers to court. Read more

nwc.storagepipeline.com:
Secure Storage Starts To Become Higher Priority. Read more

www.stuff.co.nz:
A false sense of security? Read more

13 December 2004

Password stealing trojan AR34

 

Guides, Papers, etc
Bellua Cyber Security Asia 2005
From 21st - 24th March the largest information security conference in Asia will take place in Jakarta, Indonesia at the Hotel Borobudur. Read more

news.com.com:
By Bruce Schneier: Who says safe computing must remain a pipe dream? Read more

 

Vulnerabilities & Exploits
secunia.com:
Opera Download Dialog Spoofing Vulnerability. Read more

www.securiteam.com:
F-Secure Policy Manager Path Disclosure Vulnerability. Read more

www.securiteam.com:
Local Off-By-One in Mtr. Read more

www.securiteam.com:
Remote Execute DoS Attack Leads to Client Crash. Read more

www.securiteam.com:
Battlefield 1942 and Vietnam Broadcast Client Crash. Read more

packetstormsecurity.nl:
A flaw in phpBB 2.x allows a malicious user the ability to alter how posts are aligned due to mishandling of quotes in posts. Read more

 

News:
On December 14, 2004 the Microsoft Security Response Center is planning to release:
• 5 Microsoft Security Bulletins affecting Microsoft Windows
• The greatest maximum severity rating for these security updates is Important
• Some of these security updates may require a restart
Read more

news.netcraft.com:
As Phishers Analyze Sites, Regulators Focused on Bank Site Security. Read more

12 December 2004

Guides, Papers, etc
SRUTI 2005 Workshop
SRUTI: Steps to Reducing Unwanted Traffic on the Internet.
The Internet is under increasing attacks with unwanted traffic in the form of spam, distributed denial of service, virus, worms, etc.
Unwanted traffic on the Internet has manifested itself as attacks on many protocols (IP, TCP, DNS, BGP, and HTTP) and popular applications (e.g., Email, Web).
Recently, attacks combining multiple exploits have become common. Many solutions have been proposed for specific attacks, some of which have had limited success. SRUTI seeks research on the unwanted traffic problem that looks across the protocol stack, examines attack commonalities, and investigates how various solutions interact and whether they can be combined to increase security. Read more

www.scs.carleton.ca:
Overview of Worms and Defence Strategies (October 21 2003). Read more

 

Vulnerabilities & Exploits
securitytracker.com:
OpenText FirstClass Unspecified Flaw Lets Remote Users Deny Service. Read more

securitytracker.com:
wget Lets Remote Users Create or Overwrite Files in Certain Directories. Read more

www.securiteam.com:
Mac OS X / Adobe Version Cue Local Root. Read more

 

News:
searchsecurity.techtarget.com:
The security lingo of 2004.
"As far as I'm concerned, Bot is a big word as far as malicious activity for 2004," said Josh Lackey, an ethical hacker for IBM. "Bots nowadays have all sorts of functionality -- keystroke grabbers, network sniffers and the spam-forwarding proxies they kick off. As far as trends, spam has been a big thing, one of the biggest moneymakers out there, and the bots are behind a lot of this activity." Read more

www.webroot.com:
Webroot Identifies the Top Ten Most Significant Emerging Spyware and Adware Threats. Read more

www.smh.com.au:
Govt gets more powers to examine stored data.
Government agencies will be able to examine unsent email, SMS and voice mail messages stored on a service provider's premises under new changes to the Telecommunications (Interception) Act 1979. Read more

news.zdnet.com:
Adware cannibals feast on each other.
Companies that use free software downloads to target Web surfers with annoying ads are turning on each other to keep customers--and the cash they generate--for themselves. Read more

www.msnbc.msn.com:
Is This Software On Your Hard Drive?
How one of the Internet’s largest and most secretive adware companies really operates. With new regulations coming, will it really reform? Read more

www.spacedaily.com:
Japan to step up defenses against Islamic, NKorean, computer threats. Read more

www.forbes.com:
High Court To Decide File-Sharing Case. Read more

11 December 2004

Guides, Papers, etc
www.trendmicro.com:
The Trend of Malware Today: 2004 – 1st Quarter Recap. Read more

www.trendmicro.com:
The Trend of Malware Today: Annual Virus Round-up and 2004 Forecast. Read more

JPEG Vulnerability: A day in the life of the JPEG Vulnerability. Read more

www.sans.org:
Psst…Hey Buddy, wanna create a virus? Read more

www.msnbc.msn.com:
Is This Software On Your Hard Drive?
How one of the Internet’s largest and most secretive adware companies really operates. With new regulations coming, will it really reform? Read more

 

Vulnerabilities & Exploits
HOW TO BREAK XP SP2 POPUP BLOCKER: kick it in the nut !
Internet Explorer 6 on the gadget commonly known as Windows XP SP2 enjoys a fairly robust "popup blocker".
This little 'thing' has been a major irritation to date. Nothing gets past it until now.
Chatter exists that some sites have defeated it on the causal default setting. We only deal in the high settings here !
Our Chairman and CEO, Mr. Liu Die Yu takes the sledgehammer and cracks open this bothersome little nut like so: popup test

security.tombom.co.uk:
Exploiting design flaws in the Win32 API for privilege escalation. Read more

www.securitytracker.com:
a2ps Executes Shell Commands Contained Within Filenames. Read more

www.securitytracker.com:
Cyrus IMAP Server Off-by-one Overflow in mysasl_canon_user() May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
F-Secure Policy Manager Discloses Installation Path to Remote Users. Read more

www.debian.org:
DSA-607-1 xfree86 -- several vulnerabilities. Read more

 

News:
www.eweek.com:
'Playboy' Virus Dropping Dangerous Backdoor. Read more

news.com.com:
Naked pinups revealed as virus. Read more

www.eweek.com:
Spyware: The Next Real Threat. Read more

story.news.yahoo.com:
Anti-spyware: The New Frontier in the Security Software Market. Read more

www.vnunet.com:
Net widens to reel in the phishers. Read more

www.vnunet.com:
Banking group warns of Christmas phishing spree. Read more

www.theregister.co.uk:
Probably the simplest phishing trick in the world. Read more

www.nwfusion.com:
Phishing Web sites grew by 33% in November. Read more

news.com.com:
New file system has long road to Windows. Read more

www.vnunet.com:
Malicious code top 10. Read more

10 December 2004

Tools
www.oxid.it:
sTerm is a Telnet client with a unique feature. It can establish an entire bi-directional Telnet session to a target host never sending your real IP and MAC addresses in any packet. Using "ARP Poisoning", "MAC Spoofing" and "IP Spoofing" techniques sTerm can effectively bypass ACLs, Firewall rules and IP restrictions on servers and network devices. The connection will be done impersonating a Trusted Host. Read more

www.deepnetexplorer.com:
Deepnet Explorer is one of the most secure web browser. Read more

 

Guides, Papers, etc
techrepublic.com.com:
Identify/React Chart: Bofra (pdf). Read more

www.shocking.com:
PGP Man in the Middle Attack. Read more

www.w3.org:
The World Wide Web Security FAQ. Read more

 

Vulnerabilities & Exploits
www.shocking.com:
RSnake's MSIE 6.0 SP1 OS and application tester only works for MSIE 6.0 on Microsoft. Read more

www.shocking.com:
RSnake's clipboard stealing program only works for MSIE on Microsoft. Read more

securitytracker.com:
KDE May Disclose SMB Passwords to Remote Users Via URLs. Read more

securitytracker.com:
PHP Live! Include File Flaw Has Unspecified Impact. Read more

securitytracker.com:
Squid May Disclose Random Internal Information to Remote Users. Read more

securitytracker.com:
Rootsh Xtrem Escape Sequence Error May Cause Empty Log Messages. Read more

securitytracker.com:
Ability Server Buffer Overflow in APPE Command Lets Remote Authenticated Users Execute Arbitrary Code. Read more

 

News:
www.theregister.co.uk:
The strange death of the mass mailing virus. Read more

news.zdnet.co.uk:
Chinese cybercops 'nailing virus writers'. Read more

news.zdnet.co.uk:
Organised crime's grip on the Net 'is tightening'. Read more

news.zdnet.co.uk:
Malware authors mixing a lethal cocktail. Read more

news.zdnet.co.uk:
Multi-platform phishing exploit uncovered. Read more

www.theregister.co.uk:
Playgirl virus attacks Chechen rebel sites. Read more

news.zdnet.co.uk:
Netsky tops 2004 virus charts. Read more

www.eweek.com:
AOL Locks Out IM Users. Read more

www.reuters.com:
Coming Soon to an Inbox Near You: 'Spiritual Spam'. Read more

www.net4nowt.com:
UK browser claims Phishing victory. Read more

www.pcworld.com:
Digital PhishNet Collaborative Launched to Combat Phishing. Read more

news.zdnet.co.uk:
Linux users warned over GNOME attack. Read more

www.ottawabusinessjournal.com:
Virus attacks prompt Linux switch. Read more

news.com.com:
School's out to shun IE. Read more

www.net4nowt.com:
One in five consumers buy software from Spam. Read more

www.theregister.co.uk:
Small.biz loves illegal software (true). Read more

09 December 2004

Tools
Absinthe is a GUI-based (GTK-Sharp) tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection. Read more

 

Guides, Papers, etc
blanu.net:
Curious Yellow: The First Coordinated Worm Design. Read more

www.astalavista.com:
Divide and Conquer: HTTP Response Splitting, Web Cache Poisoing Attacks, and Related Topics (PDF). Read more

 

Vulnerabilities & Exploits
secunia.com:
List of Patched/Unpatched Secunia Advisories. Read more

www.2ka.org:
MiM simultaneous CLOSE attack
A Man in the middle attacker can cause network flood and denial of the service usage by sending 2 TCP packets per connection. Read more

securitytracker.com:
Microsoft Internet Explorer Lets Remote Users Inject Content into Open Windows. Read more

securitytracker.com:
KDE Konqueror Lets Remote Users Inject Content into Open Windows. Read more

securitytracker.com:
Opera Lets Remote Users Inject Content into Open Windows. Read more

securitytracker.com:
Apple Safari Lets Remote Users Inject Content into Open Windows. Read more

securitytracker.com:
Mozilla Firefox Lets Remote Users Inject Content into Open Windows. Read more

securitytracker.com:
Solaris in.rwhod Input Validation Flaw Lets Remote Authenticated Users Execute Commands With Root Privileges. Read more

securitytracker.com:
Blog Torrent 'btdownload.php' Input Validation Error Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

securitytracker.com:
WebLibs Discloses Text Files to Remote Users. Read more

securitytracker.com:
Gentoo Mirrorselect Lets Local Users Gain Elevated Privileges. Read more

www.securiteam.com:
Multiple Vulnerabilities in w3who ISAPI DLL. Read more

 

News:
www.techweb.com:
Most Browsers Buggy, Even IE In XP SP2. Read more

secunia.com:
Multiple Browsers Window Injection Vulnerability Test. Read more

www.securityfocus.com:
Sprint sued over alleged vice hacks. Read more

www.prnewswire.com:
Security Executives List Worms, Viruses and Regulatory Compliance as Top Issues for 2005. Read more

news.zdnet.com:
Browser phishing 'flaw' could hook users. Read more

www.techweb.com:
Cyber-Security Group Pushes 12-Point Plan On White House. Read more

news.zdnet.co.uk:
Companies fight IM malware with honeypots. Read more

www.sophos.com:
War of the worms: Netsky-P tops list of year's worst virus outbreaks. Read more

www.eweek.com:
Pop-up Loophole Opens Browsers to Phishing Attacks. Read more

uk.news.yahoo.com:
Ex-cyber security chief sees curb on phishing. Read more

news.zdnet.com:
Linux groups patch image flaw. Read more

nwc.linuxpipeline.com:
Linux Clues: Lost Password? No Problem! Read more

www.reuters.com:
Two China Banks Uncover Fake Web Sites. Read more

08 December 2004

Tools
GreyMagic Online Script Decoder
The online script decoder decodes scripts that were encoded with the Microsoft Script Encoder (screnc.exe). Read more

www.doxpara.com:
stripwire v1.1 - MD5 collision vulnerabilities demonstration tool. Download

www.interpactinc.com:
DeGarbling Tool. Have you ever tried to read poorly formatted e-mail? Read more

 

Guides, Papers, etc
www.doxpara.com:
MD5 To Be Considered Harmful Someday (pdf). Read more

www.astalavista.com:
Divide and Conquer: HTTP Response Splitting, Web Cache Poisoing Attacks, and Related Topics (PDF). Read more

scholar.google.com:
Design and Implementation of a Lab Worm. Read more

folder-password-expert.com:
Creating a Strong Password. Read more

 

Vulnerabilities & Exploits
www.securityfocus.com:
IE6 Vulnerability - Local File Detection. Read more

www.debian.org:
DSA-606-1 nfs-utils -- wrong signal handler. Read more

www.securitytracker.com:
MaxDB WebTools WebDav Stack Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges. Read more

www.securitytracker.com:
Battlefield Vietnam NULL Pointer Error Lets Remote Users Deny Service. Read more

www.securitytracker.com:
Battlefield 1942 NULL Pointer Error Lets Remote Users Deny Service. Read more

www.securitytracker.com:
Adobe Version Cue Start/Stop Scripts Let Local Users Execute Arbitrary Code With Root Privileges. Read more

www.securitytracker.com:
Remote Execute Can Be Crashed By Remote Users With Multiple Connections. Read more

www.securitytracker.com:
Microsoft Internet Explorer Input Validation Error in Processing FTP URLs May Let Remote Users Inject Arbitrary FTP Commands. Read more

www.securitytracker.com:
KDE Konqueror Input Validation Error in Processing FTP URLs May Let Remote Users Inject Arbitrary FTP Commands. Read more

www.securitytracker.com:
rpc.statd SIGPIPE Error Lets Remote Users Shutdown the Process. Read more

www.securitytracker.com:
Microsoft Windows Resource Kit Buffer Overflow and Input Validation Holes in 'w3who.dll' May Permit Remote Code Execution and Cross-Site Scripting Attacks. Read more

 

News:
www.benedelman.org:
DirectRevenue Deletes Competitors from Users' Disks. Read more

www.theregister.co.uk:
Fake Lycos screensaver harbours Trojan. Read more

www.theregister.co.uk:
Security bugs take a bite out of Apple. Read more

www.eweek.com:
Security 'Honey Pots' May Snare Private Details. Read more

news.zdnet.co.uk:
Kazaa's spying potential revealed. Read more

www.viruslist.com:
Passwords not enough, says consumer survey. Read more

thewhir.com:
MidPhase Deploys Authentify Security. Read more

www.nwfusion.com:
Gartner: Consumers dissatisfied with online security. Read more

07 December 2004

Guides, Papers, etc
www.securityfocus.com:
Detecting Complex Viruses. Read more

users.ece.gatech.edu:
Towards an Approach for Automatically Repairing Compromised Network Systems (pdf). Read more

www.cs.biu.ac.il:
TrustBar: Protecting (even Naïve) Web Users from Spoofing and Phishing Attacks. Read more

www.messagelabs.com:
MessageLabs Intelligence Annual Email Security Report 2004
-The year the big phish was landed (pdf). Read more

 

Vulnerabilities & Exploits
maas-online.nl:
Mozilla Products Remote Crash Vulnerability. Read more

www.debian.org:
DSA-605-1 viewcvs -- settings not honored. Read more

www.exaprobe.com:
Multiple vulnerabilities in w3who.dll. Read more

www.securitytracker.com:
Ansel Input Validation Hole in 'image' Parameter Lets Remote Users Inject SQL Commands and Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
'File' Stack Overflow in Processing ELF Headers May Permit Arbitrary Code Execution. Read more

www.securitytracker.com:
ViewCVS Ignores 'hide_cvsroot' and 'forbidden' Settings When Exporting Tar Archives. Read more

www.securitytracker.com:
GetRight Buffer Overflow in DUNZIP32.DLL Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Novell NetMail Default Authentication Credentials Lets Remote User Access the Mail Store. Read more

www.securiteam.com:
Apple Darwin Streaming Server DESCRIBE NULL Byte DoS. Read more

www.securiteam.com:
Cisco CNS Network Registrar DoS. Read more

www.securiteam.com:
Kreed In-Game Multiple DoS Vulnerabilities. Read more

www.securiteam.com:
pnTresMailer Code Browser Path Disclosure and Directory Traversal. Read more

 

News:
www.scmagazine.com:
Trojan poses as spam-hating screensaver. Read more

www.computerweekly.com:
Thought for the day: Virus writers enjoy public holiday releases. Read more

www.theregister.co.uk:
Lycos goes straight. Read more

www.theregister.co.uk:
Who would you like to attack today? Read more

www.computerweekly.com:
Keep the bad guys at bay. Read more

news.netcraft.com:
SunTrust site exploited by fraudsters. Read more

news.zdnet.co.uk:
Web users demand more protection from ISPs. Read more

06 December 2004

Tools
www.porcupine.org:
TCT is a collection of programs by Dan Farmer and Wietse Venema for a post-mortem analysis of a UNIX system after break-in. Read more

 

Guides, Papers, etc
www.thebroken.org:
Cybersecurity for the Homeland (pdf). Read more

www.arxiv.org:
Least Effort Strategies for Cybersecurity. Read more

www.icir.org:
A Worst-Case Worm (pdf). Read more .

www.icir.org:
The Top Speed of Flash Worms. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
Hosting Controller 'Statsbrowse.asp' and 'Generalbrowse.asp' Disclose Files to Remote Authenticated Users. Read more

www.gentoo.org:
PDFlib: Multiple overflows in the included TIFF library. Read more

 

News:
www.zone-h.org:
First Google web site to be defaced. Read more

www.net4nowt.com:
Spam, viruses and obscene content continue to cause problems. Read more

www.stuff.co.nz:
'Arafat fortune' scam email warning. Read more

www.bluetoothinsider.com:
New Skulls Worm Infects Via Bluetooth. Read more

www.antiphishing.org:
America Online - 'Notice : Your account will be suspended !'. Read more

05 December 2004

Tools
e3d is a 3D visualization tool for network (security) information, it currently supports nmap and languard XML log files.
It works on wintendo, linux and os x (the last two might need some changes to get this version to compile). Read more

www.morphix.org:
Morphix is a modular GNU/Linux livecd-enabled distribution (you burn the CD, you put it in your CD-Rom drive, you boot and it works... no harddisk-installation necessary, doesn't touch your data).
Also, installing Morphix on a harddisk is a breeze. Read more

www.phlak.org:
PHLAK is a modular live security Linux distribution. PHLAK comes with two light gui's (fluxbox and XFCE4), many security tools, and a spiral notebook full of security documentation.
PHLAK is a derivative of Morphix. Read more

 

Guides, Papers, etc
www.cs.berkeley.edu:
The Spread of the Sapphire/Slammer Worm. Read more

 

Vulnerabilities & Exploits
www.securityfocus.com:
Opera 7.54 vulnerabilities again (still unfixed). Read more

www.milw0rm.com:
phpBB <= 2.0.10 remote command execution exploit (cgi version). Read more

www.milw0rm.com:
Blog Torrent preview 0.8 - arbitary file download. Read more

docs.info.apple.com:
Apple Security Updates. Read more

 

News:
www.infoworld.com:
Mobile phones: An ear full of worms. Read more

www.washingtontimes.com:
Tenet calls for Internet security. Read more

www.computerworld.com:
Q&A: ISS exec on security threat prevention. Read more

www.computerworld.com:
Study: Managers misuse tech to control workers. Read more

www.infosyssec.com:
Dell Loads Spyware. Read more

www.kentucky.com:
You can beat the scammers. Read more

news.com.com:
This week in phishing. Read more

www.bradenton.com:
Banks combat 'phishing' scams information. Read more

www.computerworld.com:
Update: IBM's PC business reportedly for sale. Read more

04 December 2004

Tools
www.4os.org:
Spectrum is a proof of concept backdoor that "hops" to a different random port after every connection. It consists of a client and a server. Download

MenuetOS is an Operating System for the PC written entirely in 32bit assembly language, and released under the GPL.
It supports 32 bit x86 assembly programming since this allows for smaller, faster and less resource hungry applications to be created.
Menuet has no roots within unix or the posix standards, nor is it based on any particular operating system.
The design goal has been to remove the extra layers between different parts of an OS, which normally complicates programming and create bugs. Read more

www.4os.org:
Wbod checks a HTTP implementation for buffer overflows. HTTP version 0.9, 1.0 and 1.1 as well as WebDAV can be checked. Dos device names, extra extensions, buffer size, character, step, output and rate of verbosity can all be set. Download

 

Guides, Papers, etc
www.hackingspirits.com:
Anti-Virus Evasion Techniques and Countermeasures.
The objective of this article is to demonstrate different possible ways that viruses and worms coders use to evade any Anti-Virus products
while coding malicious programs and at the same time I also explained about the countermeasures techniques to prevent against such attacks. Download

www.astalavista.com:
Malicious Code in Depth. (pdf) Read more

www.4os.org:
TECHNIQUES A WORM MIGHT USE TO BE HARDER TO LOCATE. Read more

honeynet.org:
HoneyPot: New Scan Of The Month : Protected Binary.
This month's challenge is to analyze an unknown binary, in an effort to reinforce the value of reverse engineering, and improve (by learning from the security community) the methods, tools and procedures used to do it. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
hpsockd Input Validation Flaw Lets Remote Users Crash the Service. Read more

www.securitytracker.com:
paFileDB Lets Remote Users Access Hashed Passwords and Determine the Installation Path. Read more

www.securitytracker.com:
Jakarta Lucene Input Validation Hole in 'results.jsp' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
IBM AIX System Startup Script Flaws Let Local Users Modify System Data or Cause Denial of Service Conditions. Read more

www.securitytracker.com:
scponly Lets Remote Authenticated Users Execute Arbitrary Programs. Read more

www.securitytracker.com:
Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials. Read more

www.securitytracker.com:
Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files. Read more

www.securitytracker.com:
Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users. Read more

www.securitytracker.com:
AppKit Secure Input May Not Be Properly Enabled. Read more

www.securitytracker.com:
QuickTime Streaming Server Lets Remote Users Deny Service With DESCRIBE Requests. Read more

docs.info.apple.com:
Apple Security Updates. Read more

 

News:
blog.ziffdavis.com:
Microsoft's Cheesy Workaround To WINS Vulnerability. Read more

www.virusbtn.com:
FBI's virus blunder. Read more

news.zdnet.com:
Antispam screensaver downs two sites in China. Read more

www.computerworld.com:
Lycos pulls antispam screen saver from site. Read more

www.computerworld.com:
Former cybersecurity czar: Code-checking tools needed. Read more

www.informationweek.com:
Anti-Spyware Spending Set To Skyrocket. Read more

www.computerworld.com:
Apple releases December Security Update. Read more

03 December 2004

Tools
invisiblethings.org:
Patchfinder2 rootkit detector for Windows 2000. Download

invisiblethings.org:
KLISTER hidden process detector for Windows 2000. Download

 

Guides, Papers, etc
invisiblethings.org:
Concepts for the Stealth Windows Rootkit. (pdf) Read more

invisiblethings.org:
Rootkits Detection on Windows Systems. Read more

invisiblethings.org:
Linux Kernel Backdoors And Their Detection. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
Postfix CRAM-MD5 Replay Attack May Let Remote Users Send Mail. Read more

www.securitytracker.com:
Apple Terminal May Indicate Incorrect 'Secure Keyboard Entry' Status. Read more

www.securitytracker.com:
PSNormalizer Buffer Overflow in Converting Documents May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Cyrus IMAP Server May Let a Remote Authenticated User Access Another Mailbox When Using Kerberos. Read more

www.securitytracker.com:
HIToolbox Lets Local Users Quit Applications in Kiosk Mode. Read more

www.debian.org:
DSA-604-1 hpsockd -- missing input sanitising. Read more

 

News:
www.securityfocus.com:
Official IFRAME patch - make sure it installs correctly. Read more

news.zdnet.co.uk:
Lycos zombie army takes Web sites offline. Read more

news.zdnet.co.uk:
Lycos army shoots itself in foot? Read more

news.zdnet.co.uk:
Lycos denies attack on zombie army. Read more

www.vnunet.com:
IT security sheriffs to police the web. Read more

www.theregister.co.uk:
Corporate PCs 'riddled with spyware'. Read more

www.vnunet.com:
Sober virus crashes November party. Read more

news.com.com:
BitTorrent servers under attack. Read more

www.computerworld.com:
Safer Web browsing. Read more

news.zdnet.co.uk:
Microsoft fires off spam lawsuits. Read more

www.theregister.co.uk:
MS moves to can more spammers. Read more

www.bradenton.com:
Banks combat 'phishing' scams 'Phishing' involves messages purportedly from real companies, asking for private financial information. Read more

www.tmcnet.com:
'No More Phish to Fry' Says Protecteer, Announcing a New Tool to Combat Zero-Hour Phishing Attempts. Read more

news.zdnet.co.uk:
Microsoft launches free blogging. Read more

www.securityfocus.com:
Berkeley Hack Sparks Legislative Backlash. Read more

www.theregister.co.uk:
UK's biggest spammer in court. Read more

02 December 2004

Guides, Papers, etc
www.astalavista.com:
An analysis of Bofra (aka MyDoom.AG/AH). Read more

 

Vulnerabilities & Exploits
www.remote-exploit.org:
Wireless default settings and related vulnerability list. Read more

www.securiteam.com:
Payflow Link Default Config may Lead to Hidden Field Modification. Read more

www.securiteam.com:
Endless Loops in Jana's HTTP-Server and PNA-Proxy Modules. Read more

www.securiteam.com:
Aspell word-list-compress Command Line Stack Overflow. Read more

www.securiteam.com:
Mercury/32 RENAME and SELECT Exploit Codes. Read more

www.securiteam.com:
AHG EZshopper loadpage.cgi Directory Traversal (.|./ Attack). Read more

www.securiteam.com:
Konqueror SMB Share Shortcuts Password Disclosure. Read more

www.securiteam.com:
IPCop proxylog.dat Cross Site Scripting Vulnerability. Read more

www.securitytracker.com:
FreeImage Buffer Overflow in Processing ILBM Images May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
PHProjekt 'setup.php' Lets Remote Users Upload Files and Execute Commands. Read more

www.securitytracker.com:
Sun Solaris Buffer Overflow in 'ping' May Let Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
gnubiff Error in Processing Unterminated Lines or Command Responses Lets Remote Users Deny Service. Read more

www.debian.org:
DSA-603-1 openssl -- insecure temporary file. Read more

 

News:
Microsoft Security Bulletin MS04-040
Cumulative Security Update for Internet Explorer (889293). Read more

news.com.com:
Microsoft rushes out critical IE fix. Read more

news.zdnet.com:
Phishers lie in wait for Google searchers. Read more

news.com.com:
Report: Cost of phishing not so high. Read more

www.deepnetexplorer.com:
New browser sniffs out phishy sites.
Deepnet Explorer, a browser shell that uses Microsoft's Internet Explorer to render Web pages, analyzes Web addresses and combs through its own list of suspect sites to determine whether a site might be part of a phishing scam, in which fraudsters attempt to get personal and payment information from unsuspecting visitors. Read more

news.com.com:
Police question man over Slammer worm. Read more

www.usatoday.com:
Unprotected PCs can be hijacked in minutes. Read more

informationweek.com:
Security Vendor Shuts Down Phishing Attacks Against Banks. Read more

news.zdnet.co.uk:
Windows XP SP2 flaw complex but dangerous. Read more

www.theregister.co.uk:
Hackers nobble Lycos anti-spam plan. Read more

www.it-observer.com:
Microsoft Sues Software Pirates. Read more

www.theregister.co.uk:
Cabir added to payload of Symbian mobile Trojan. Read more

www.zdnet.com.au:
Hewlett Packard to launch 'virus throttling' software. Read more

www.news.com.au:
No to filtering: Coonan. Read more

www.securityfocus.com:
Closed Source Hardware. Read more

www.zdnet.com.au:
Government launches anti-cyberterrorism campaign. Read more

01 December 2004

Vulnerabilities & Exploits
www.securitytracker.com:
CuteFTP Professional FTP Reply Error Remote Denial of Service. Read more

www.securitytracker.com:
JanaServer 2 http-server and pna-proxy Flaws Let Remote Users Deny Service. Read more

www.securitytracker.com:
Payflow Link Default Configuration Lets Remote Users Modify the Price of an Item to Be Purchased. Read more

www.securitytracker.com:
Linux Kernel Datagram Serialization Error May Let Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
IPCop Input Validation Hole in 'proxylog.dat' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securiteam.com:
Orbz Buffer Overflow. Read more

 

News:
itreview.belproject.com:
Automated "Bots" Overtake PCs Without Firewalls Within 4 Minutes; Experiment Reveals How Different Platforms Protect Against Internet Attacks. Read more

news.zdnet.co.uk:
Microsoft admits WINS flaw. Read more

www.vnunet.com:
Phishers target Christmas shoppers. Read more

news.zdnet.co.uk:
Lycos anti-spam site hit by hackers. Read more

www.reuters.com:
China Blocking Access to Google News Site - Watchdog. Read more

news.zdnet.co.uk:
Satellite tool could turn surfers into spies. Read more

www.vnunet.com:
Sun stamps on Java bug. Read more

news.xinhuanet.com:
New virus attaches itself to Stef Sun MP3 files. Read more

news.zdnet.co.uk:
ISPs raise the stakes on DDoS attacks. Read more

www.theregister.co.uk:
Kazaa challenged over child porn control policy. Read more

software.silicon.com:
'Throttle' viruses with software. Read more

www.antiphishing.org:
Suntrust - 'Security Alert on Microsoft Internet Explorer'. Read more


Copyright© MegaSecurity.org